Download Print this page

Cisco 350 Series Administration Manual

Managed switches
Hide thumbs

Advertisement

ADMINISTRATION
GUIDE
Cisco 350, 350X and 550X Series Managed Switches, Firm-
ware Release 2.4, ver 0.4

Advertisement

loading

  Summary of Contents for Cisco 350 Series

  • Page 1 ADMINISTRATION GUIDE Cisco 350, 350X and 550X Series Managed Switches, Firm- ware Release 2.4, ver 0.4...
  • Page 2: Table Of Contents

    Interface Naming Conventions Window Navigation Search Facility Chapter 3: Dashboard Grid Management System Health Resource Utilization Identification Port Utilization PoE Utilization Latest Logs Suspended Interfaces Traffic Errors Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 3 Switched Port Analyzer (SPAN) Diagnostics RMON View Logs Chapter 6: Administration System Settings User Accounts Idle Session Timeout Time Settings System Log File Management Plug-n-Play (PNP) Reboot Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 4 Stack Changes Unit Failure in Stack Stack Ports Software Auto Synchronization in Stack Stack Management Chapter 9: Administration: Time Settings System Time Configuration SNTP Modes System Time Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 5 Chapter 12: Smartport Overview How the Smartport Feature Works Auto Smartport Error Handling Default Configuration Relationships with Other Features Common Smartport Tasks Configuring Smartport Using The Web-based Interface Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 6 Dynamic Addresses Chapter 16: Multicast Multicast Forwarding Overview Properties MAC Group Address IP Multicast Group Address IPv4 Multicast Configuration IPv6 Multicast Configuration IGMP/MLD Snooping IP Multicast Group Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 7 Chapter 19: IP Configuration: VRRP Overview VRRP Topology Configurable Elements of VRRP Configuring VRRP Chapter 20: IP Configuration: SLA Overview Using SLA Chapter 21: Security RADIUS Password Strength Management Access Method Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 8 SSD Rules SSD Properties Configuration Files SSD Management Channels Menu CLI and Password Recovery Configuring SSD Chapter 24: Security: SSH Server Overview Common Tasks SSH User Authentication Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 9 Configuring IPv6 First Hop Security through Web GUI Chapter 27: Access Control Overview MAC-Based ACLs Creation IPv4-based ACL Creation IPv6-Based ACL Creation ACL Binding Chapter 28: Quality of Service QoS Features and Components Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 10 Chapter 30: Smart Network Application (SNA) SNA Sessions SNA Graphics Top Right-Hand Menu Topology View Right-Hand Information Panel Operations Overlays Tags Search Dashboard Notifications Device Authorization Control (DAC) DAC Workflow Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 11 Contents Services Saving SNA Settings Technical Details Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 12: Chapter 1: Quick Getting Started

    If the supplied screws are lost, use replacement screws in the following size: Diameter of the screw head: 6.9 mm Length of face of screw head to base of screw: 5.9 mm Shaft diameter: 3.94 mm Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 13: Rack Mounting Switch

    Repeat the previous step to attach the other bracket to the opposite side of the switch. STEP 2 After the brackets are securely attached, the switch is now ready to be installed into a standard STEP 3 19-inch rack. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 14: Power Over Ethernet Considerations

    SF350-48P 48- 7* PD69208 AF/AT/60W Port 10/100 PoE (0x4AC2) / Managed Switch 7*69208M (0x4B42) (as of 2.2.7) SF350-48P SF350-48P 48- 7*69208M AF/AT/60W Port 10/100 PoE (0x4B42) Managed Switch Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 15 1*PD69204 Managed Switch (0x4AC2) / 3*69208M (0x4B42) + 1*69204 SG350-28MP SG350-28MP 28- 3x PD69208+ AF/AT/60W Port Gigabit PoE 1*PD69204 Managed Switch (0x4AC2) / 3*69208M (0x4B42) + 1*69204 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 16 3*69208M AF/AT/60W 24-Port 2.5G PoE (0x4B42) + Stackable 1*69204 Managed Switch SG350X-48P SG350X-48P 48- 7* PD69208 af/at/60w Port Gigabit PoE (0x4AC2) / Stackable 7*69208M Managed Switch (0x4B42) Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 17 4* PD69208 af/at/60w 24-Port Gigabit (0x4AC2) / PoE Stackable 4*69208M Managed Switch (0x4B42) SG550X-24MPP SG550X-24MPP 4* PD69208 af/at/60w 24-Port Gigabit (0x4AC2) / PoE Stackable 4*69208M Managed Switch (0x4B42) Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 18 PoE switch. When a device is being falsely detected as a PD, you should disconnect the device from the PoE port and power recycle the device with AC power before reconnecting its PoE ports. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 19 To configure the switch using the web-based interface: Power on the computer and your switch. STEP 1 For Cisco 350-550 XG switches, connect the computer to the OOB port found on the front STEP 2 panel. For all other switches, connect the computer to any network port.
  • Page 20 When the login page appears, choose the language that you prefer to use in the web-based STEP 6 interface and enter the username and password. The default username is cisco. The default password is cisco. Usernames and passwords are both case sensitive. Click Log In.
  • Page 21: Configuring Your Switch Using The Console Port

    1 stop bit • no flow control Enter a username and password. The default username is cisco, and the default password is STEP 4 cisco. Usernames and passwords are both case sensitive. If this is the first time that you have logged on with the default username and password, the following message appears: Please change your password from the default settings.
  • Page 22 The OOB port cannot be a member of VLAN or LAG, and the bridge’s protocols (for example, STP, GVRP, etc.) cannot be enabled on the OOB port. Only untagged traffic is supported on the OOB port. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 23 QoS and ACL are not supported on the OOB port (so all TCAM-based features like DOS Attack Prevention are also not supported). Only Management ACLs are supported. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 24: Usb Port

    A stack can have up to four 350X devices or eight 550X devices in it. Any 10G port of the switch can be used for stacking. The switch can only be stacked without Mesh topology. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 25 98DX4203, 98DX4204, 98DX4210, 98DX4211, and 98DX4212Switch Features The switches in the same stack are connected together through their stack ports. Depending on the type of stack ports and the desired speed, you may need Cat6a Ethernet cables or Cisco approved modules or cables for the switches.
  • Page 26 SF350-48MP SF350-48MP 48-Port 10/100 PoE Managed Switch SG350-08PD SG350-8PD 8-Port 2.5G PoE Managed Switch SG350-10 SG350-10 10-Port Gigabit Managed Switch SG350-10P SG350-10P 10-Port Gigabit PoE Managed Switch Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 27 SG350-28SFP SG350-28SFP 28-Port Gigabit SFP Managed Switch SG350-52 SG350-52 52-Port Gigabit Managed Switch SG350-52P SG350-52P 52-Port Gigabit PoE Managed Switch SG350-52MP SG350-52MP 52-port Gigabit PoE Managed Switch Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 28 SG350X-48P 48-Port Gigabit PoE Stackable Managed Switch SG350X-48MP SG350X-48MP 48-Port Gigabit PoE Stackable Managed Switch SF550X-24 SF550X-24 24-Port 10/100 Stackable Managed Switch SF550X-24P SF550X-24P 24-Port 10/100 PoE Stackable Managed Switch Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 29 SG550X-24MPP 24-Port Gigabit PoE Stackable Managed Switch SG550X-48 SG550X-48 48-Port Gigabit Stackable Managed Switch SG550X-48P SG550X-48P 48-Port Gigabit PoE Stackable Managed Switch SG550X-48MP SG550X-48MP 48-Port Gigabit PoE Stackable Managed Switch Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 30 SX550X-24 24-Port 10GBase-T Stackable Managed Switch SX550X-24FT SX550X-24FT 24-Port 10G Stackable Managed Switch SX550X-24F SX550X-24F 24-Port 10G SFP+ Stackable Managed Switch SX550X-52 SX550X-52 52-Port 10GBase-T Stackable Managed Switch Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 31 Mbps, 1 Gbps, and 2.5 Gbps, on Cat 5e cables. Much of the cabling deployed worldwide is limited to 1 Gbps at 100 meters. Cisco Multigigabit Ethernet enables speeds up to 2.5 Gbps on the same infrastructure without replacing a cable.
  • Page 32 The SFP+ ports are compatible with the following Cisco SFP 1G optical modules MGBSX1, MGBLH1, MGBT1, as well as other brands. • The Cisco SFP+ 10G optical modules that are supported in the Cisco switches are: SFP-10G-SR, SFP-10G-LR, SFP-10G-SR-S, and SFP-10G-LR-S.
  • Page 33 Power—Connects the switch to AC power. • Console—Connects a serial cable to a computer serial port so that it can be configured by using a terminal emulation program. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 34: Chapter 2: General Information

    Navigate from one mode to another, as shown below: When the user switches from basic to advanced, the browser reloads the page. However, after reload, the user stays on the same page. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 35 When switching from one mode to another, any configuration which was made on the page (without Apply) is deleted. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 36: Quick Start Device Configuration

    Switched Port Analyzer (SPAN and RSPAN) There are two hot links on the Getting Started page that take you to Cisco web pages for more information. Clicking on the Support link takes you to the device product support page, and clicking on the Forums link takes you to the Support Community page.
  • Page 37: Interface Naming Conventions

    For example, GE1/0/4 is port number 4 on the first unit of the stack. • Slot Number—The slot number is always 0. • Interface Number: Port, LAG, Tunnel, or VLAN ID. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 38: Window Navigation

    Download Language: Add a new language to the device. To upgrade a language file, use the Upgrade/Backup NOTE Firmware/Language page. Logout Click to log out of the web-based switch configuration utility. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 39 Cancel Click to reset changes made on the page. Clear Clear information on page. Clear Filter Click to clear filter to select information displayed. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 40 Click Refresh to refresh the counter values. Test Click Test to perform the related tests. Restore Defaults Click Restore Defaults to restore factory defaults. Cancel Defaults Click Cancel Defaults to restore factory defaults. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 41: Search Facility

    CDP: If you are in Basic mode, links to pages in Advanced mode are displayed but not available. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 42: Chapter 3: Dashboard

    Stack Topology • Traffic Errors Grid Management The dashboard consists of multiple modules, but only a subset of the modules can be viewed at the same time. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 43 The module can be dropped in an unoccupied spot, or in a spot occupied by a module of the same size. If the selected spot is occupied, the modules switch places. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 44: System Health

    • Fan Status—Yellow if one fan failed and is backed up by the redundant fan; Green if the fan is operational; Red if the fan is faulty. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 45: Resource Utilization

    Each bar becomes red if the resource utilization is higher than 80 percent. Hovering over a bar displays a tooltip displaying the numeric utilization information (used resources/max available). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 46: Identification

    System Location—Enter the physical location of the device. • System Contact—Enter the name of a contact person. • Total Available Power—Amount of power available to the device. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 47: Port Utilization

    A list of ports is displayed. The port utilization is displayed in bar format: For each port, the following port utilization information is displayed: Tx—% (red) Rx—% (blue) Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 48: Poe Utilization

    Refresh Time—Select one of the displayed options. • PoE Global Properties—Link to the Port Management -> PoE -> Properties page. • PoE Port Settings—Link to the Port Management -> PoE -> Settings page. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 49: Latest Logs

    When units are connected in a stack, a drop-down selector enables the user to select the device to be viewed. All suspended ports in the device are shown as red. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 50 The following configuration options (right-hand corner) are available: • Display Mode—Select either Device View or Table View. • Refresh Time—Select one of the options displayed. • Error Recovery Settings—Click to open Error Recovery Settings. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 51 Hovering over a stack connection in the module displays a tooltip detailing the connected units and the stacking ports generating the connection. The following configuration options (right-hand corner) are available: • Stack Management—Click to open Stack Management. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 52: Traffic Errors

    Last traffic error—Traffic error that occurred on a port and the last time the error occurred. • Refresh Time—Select one of the refresh rates. • Traffic Error Information—Click to link to the Statistics page. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 53: Chapter 4: Configuration Wizards

    No other symbols, punctuation characters, or blank spaces are permitted (as specified in RFC1033, 1034, 1035). Click Next. STEP 4 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 54 Clock Source—Select one of the following: Manual Settings—Select to enter the device system time. If this is selected, enter the Date and Time. Default SNTP Servers—Select to use the default SNTP servers. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 55: Vlan Configuration Wizard

    Select the ports are that to be the access ports of the VLAN. Access ports of a VLAN is STEP 8 untagged member of the VLAN. (by clicking with mouse on the required ports in the graphical display). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 56: Acl Wizard

    User defined to enter a destination address or a range of destination addresses. • Destination MAC Value—Enter the MAC address to which the destination MAC address is to be matched and its mask (if relevant). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 57 Note that this mask is different than in other uses, such as subnet mask. Here, setting a bit as 1 indicates don't care and 0 indicates to mask that value. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 58 VLANs only—Bind the ACL to a VLAN. Enter the list of VLANs in the Enter the list of VLANs you want to bind the ACL to field. No binding—Do not bind the ACL. Click Apply. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 59: Chapter 5: Status And Statistics

    802.1X EAP • • Hardware Resource Utilization • Health and Power • Switched Port Analyzer (SPAN and RSPAN) • Diagnostics • RMON • sFlow • View Logs Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 60: System Summary

    In a stack, the Firmware Version number shown is based on the version of the NOTE master. • Firmware MD5 Checksum (Active Image)—MD5 checksum of the active image. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 61 Total PoE Power Consumption (W)—Total PoE power delivered to connected PoE devices. • PoE Power Mode—Port Limit or Class Limit. The master unit is displayed graphically, as shown below: Hovering on a port displays its name. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 62: Cpu Utilization

    Select the Refresh Rate (time period in seconds) that passes before the statistics are refreshed. STEP 3 A new sample is created for each time period. The window containing a graph displaying CPU utilization on the device is displayed. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 63: Interface

    Broadcast Packets—Good Broadcast packets transmitted. To view statistics counters in table view or graphic view: STEP 3 • Click View All Interfaces Statistics to see all ports in table view. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 64: Etherlike

    Pause Frames Received—Received flow control pause frames. This field is only supported for XG ports. When the port speed is 1G, the received pause frames counter is not operational. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 65: Port Utilization

    GVRP is a standards-based Layer 2 network protocol, for automatic configuration of VLAN information on switches. It is defined in the 802.1ak amendment to 802.1Q-2005. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 66 Invalid Attribute Length—Invalid attribute length errors. • Invalid Event—Invalid events. To clear statistics counters, click View All Interfaces Statistics to see all ports on a single STEP 3 page. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 67: 802.1X Eap

    EAPOL frame. • EAPOL EAP Supplicant Frames Transmitted—EAPOL EAP Supplicant frames transmitted on the port. • EAPOL Start Frames Transmitted—EAPOL Start frames transmitted on the port. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 68: Acl

    Trapped Packets—Port/LAG Based—The interfaces on which packets forwarded or rejected based on ACL rules. • Trapped Packets—VLAN Based—The VLANs on which packets forwarded or rejected based on ACL rules. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 69: Hardware Resource Utilization

    VLAN mapping. • IP Entries In Use—Number of TCAM entries used for IP rules. Maximum—Number of available TCAM entries that can be used for IP rules. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 70: Health And Power

    Amber (solid) – RPS is connected but providing power to two other devices. In this case, the RPS will not be able to provide power to the current device, while providing power to the two other devices. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 71 In this case, the redundant fan becomes part of the environment monitoring of the device. It is recommended to let the redundant fan work for at least 1 minute once a day. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 72 This section displays the power saved by the device due to the Green Ethernet and Led Disable features, as well as due to ports being down (physically or due to time range settings). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 73 • PoE—The Port Management > PoE > Settings page is displayed. Connect the time range to the PoE operations on one or more ports. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 74 Active—Power supply is being used. Failure—Main power has failed. Main Power Supply Budget—Amount of power that can be can be allocated for device PSE operation by the main power supply. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 75 If the device is not part of a stack, the Health and Power page displays the following fields: • Fan Status—The following values are possible: OK—Fan is operating normally. Failure—Fan is not operating correctly. N/A—Fan ID is not applicable for the specific model. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 76 The following fields are displayed: • Port Name—Number of port. • PD Status—Displays one of the following values: Connected—The PD port is connected to a PSE device that is providing power. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 77: Switched Port Analyzer (Span)

    Switched Port Analyzer (SPAN and RSPAN) The SPAN feature, which is sometimes called port mirroring or port monitoring, selects network traffic for analysis by a network analyzer. The network analyzer can be a Cisco SwitchProbe device or other Remote Monitoring (RMON) probes.
  • Page 78 If accurate monitoring is required, the TCAM-based mirror policy can be used. RSPAN Workflow The following workflow describes how to configure the start, intermediate and final switches: • Start Switch • Intermediate Switch(es) • Final Switch Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 79 STEP 1 The previously-defined RSPAN VLAN is displayed. To configure a VLAN as an RSPAN VLAN, select it from the RSPAN VLAN drop-down list STEP 2 of VLANs. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 80 Network Traffic—Select to enable that traffic other than monitored traffic is possible on the port. Click Apply. STEP 4 SPAN Session Sources One or more SPAN or RSPAN sources must be configured on the start and final devices. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 81: Diagnostics

    • Tech-Support Information Copper Ports Tests The Copper Test page displays the results of integrated cable tests performed on copper cables by the Virtual Cable Tester (VCT). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 82 Last Update—Time of the last test conducted on the port. • Test Results—Cable test results. Possible values are: OK—Cable passed the test. No Cable—Cable is not connected to the port. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 83 MGBLX1: 1000BASE-LX SFP transceiver, for single-mode fiber, 1310 nm wavelength, supports up to 10 km. • MGBSX1:1000BASE-SX SFP transceiver, for multimode fiber, 850 nm wavelength, supports up to 550 m. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 84 Transmitter Fault—Remote SFP reports signal loss. Values are True, False, and No Signal (N/S). • Loss of Signal—Local SFP reports signal loss. Values are True and False. • Data Ready—SFP is operational. Values are True and False. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 85: Rmon

    Define interesting changes in counter values, such as “reached a certain number of late collisions” (defines the alarm), and then specify what action to perform when this event occurs (log, trap, or log and trap). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 86 Undersize Packets—Undersized packets (less than 64 octets) received. • Oversize Packets—Oversized packets (over 2000 octets) received. • Fragments—Fragments (packets with less than 64 octets, excluding framing bits, but including FCS octets) received. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 87 The RMON feature enables monitoring statistics per interface. The History page defines the sampling frequency, amount of samples to store and the port from which to gather the data. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 88 History Control table described above. To view RMON history statistics: Click Status and Statistics > RMON > History. STEP 1 Click History Table. STEP 2 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 89 Sequence) with an integral number of octets (FCS Error) or a bad FCS with a non- integral octet (Alignment Error) number. • Collisions—Collisions received. • Utilization—Percentage of current interface traffic compared to maximum traffic that the interface can handle. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 90 Log and Trap—Add a log entry to the Event Log table and send a trap to the remote log server when the alarm goes off. • Owner—Enter the device or user that defined the event. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 91 One or more alarms are bound to an event, which indicates the action to be taken when the alarm occurs. Alarm counters can be monitored by either absolute values or changes (delta) in the counter values. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 92 Falling Alarm—A falling value triggers the falling threshold alarm. Rising and Falling—Both rising and falling values trigger the alarm. • Interval—Enter the alarm interval time in seconds. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 93 V5 (if supported by the interface): Generic interface counters (RFC 2233) Ethernet interface counters (RFC 2358) Workflow By default, flow and counter sampling are disabled. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 94 If a link local address exists on the interface, this entry replaces the address in the configuration. Global—The IPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 95 Sampling Interval—If x is entered, this specifies that a counter sample will be taken for each x seconds. Receiver Index—Select one of the indices that was defined in these sFlow Receiver Settings pages. Click Apply. STEP 3 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 96: View Logs

    The web GUI will poll the RAM log every 10 seconds. Notifications pop-ups for all SYSLOGs created in the last 10 seconds will appear at the bottom right of the screen. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 97 Log Time—Time when message was generated. • Severity—Event severity. • Description—Message text describing the event. To clear the log messages, click Clear Logs. The messages are cleared. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 98 • Log Time—Time when message was generated. • Severity—Event severity. • Description—Message text describing the event. To clear the messages, click Clear Logs. The messages are cleared. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 99: Chapter 6: Administration

    • Plug-n-Play (PNP) • Reboot • Hardware Resources • Discovery - Bonjour • Discovery - LLDP • Discovery - CDP • Locate Device • Ping • Traceroute Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 100: System Settings

    The banner can contain up to 1000 characters. After 510 characters, press <Enter> to continue. Click Apply to save the values in the Running Configuration file. STEP 3 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 101: User Accounts

    (read-only or read-write) or changing the passwords of existing users. After adding a level 15 user (as described below), the default user is removed from the system. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 102 Read/Write Management Access (15)—User can access the GUI, and can configure the device. Click Apply. The user is added to the Running Configuration file of the device. STEP 4 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 103: Idle Session Timeout

    The device generates the following local logs: • Log sent to the console interface. • Log written into a cyclical list of logged events in the RAM and erased when the device reboots. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 104 For example, if Warning is selected, all severity levels that are Warning and higher are stored in the log (Emergency, Alert, Critical, Error, and Warning). No events with severity level below Warning are stored (Notice, Informational, and Debug). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 105 The Remote Log Servers page enables defining remote SYSLOG servers to which log messages are sent. For each server, you can configure the severity of the messages that it receives. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 106 Facility—Select a facility value from which system logs are sent to the remote server. Only one facility value can be assigned to a server. If a second facility code is assigned, the first facility value is overridden. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 107: File Management

    Using the Cisco Plug-n-Play solution, you can perform Zero Touch Installs of the switches in various deployment scenarios and deployment locations. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 108 If a link local address exists on the interface, this entry replaces the address in the configuration. Global—The IPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 109 Click Apply. The parameters are copied to the Running Configuration file. STEP 3 Click Display Sensitive Data as Plaintext to display the password if it is encrypted. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 110 If the agent is in the Discovery Waiting state, it is set to the Discovery state. • If the agent is in the PnP Session Waiting state, it is set to the PnP Session state. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 111: Reboot

    (using a 24-hour clock). If you specify the month and day, the reload is scheduled to take place at the specified time and date. If you do not specify the month and day, Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 112 The number of router TCAM entries for a specific entry type that you allocate is less than the number currently in use. • The total number of router TCAM entries that you allocated is greater than the maximum available. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 113: Discovery - Bonjour

    Click on Hardware Resource Management to configure resources allocated to each type of resource. Discovery - Bonjour See Bonjour. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 114: Discovery - Lldp

    When the feature is activated the Start button is replaced by the Stop button, which allows you to stop the LED blinking before the defined timer expires. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 115: Ping

    • Destination IP Address/Name—Address or host name of the device to be pinged. Whether this is an IP address or host name depends on the Host Definition. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 116: Traceroute

    • IP Version—If the host is identified by its IP address, select either IPv4 or IPv6 to indicate that it will be entered in the selected format. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 117 Host—Displays a stop along the route to the destination. Round Trip Time (1-3)—Displays the round trip Time in (ms) for the first through third frame and the Status of the first through third operation. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 118: Chapter 7: Administration: File Management

    The configuration files are text files and can be edited in a text editor, such as Notepad after they are copied to an external device, such as a PC. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 119 More commonly referred to as the image. • Language File—The dictionary that enables the web-based configuration utility windows to be displayed in the selected language. • Logging File—SYSLOG messages stored in Flash memory. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 120: Firmware Operations

    Active Firmware Version—Displays the version of the current, active firmware file. Enter the following fields: STEP 2 • Operation Type—Select Update Firmware or Backup Firmware. • Copy Method—Select HTTP/HTTPS or USB. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 121 Link Local Interface—Select the link local interface (if IPv6 is used) from the list. • Server IP Address/Name—Enter the IP address or the name of the TFTP server, whichever is relevant. • (Update) Source—Enter the name of the source file. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 122 The username and password for one-time credential will not saved in NOTE configuration file. Enter the following fields: STEP 6 • Server Definition—Select whether to specify the SCP server by IP address or by domain name. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 123 Active Firmware File—Displays the current, active firmware file. • Active Firmware Version—Displays the version of the current, active firmware file. Enter the following fields are displayed: STEP 2 • Operation Type—Select Swap Image. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 124: File Operations

    Unless the Running Configuration is copied to the Startup Configuration or another CAUTION configuration file, all changes made since the last time the file was copied are lost when the device is rebooted. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 125 Destination File Type—Select one of the configuration file types to update. • Copy Method—Select TFTP. • Server Definition—Select whether to specify the TFTP server by IP address or by domain name. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 126 To enable SSH server authentication (which is disabled by default), click Edit by Remote STEP 3 SSH Server Authentication. This takes you to the SSH Server Authentication page to configure the SSH server Return to this page. STEP 4 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 127 To backup a system configuration file using HTTP/HTTPS: Click Administration > File Management > File Operations. STEP 1 Enter the following fields: STEP 2 • Operation Type—Select Backup File. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 128 The available sensitive data options are determined by the current user SSD NOTE rules. For details, refer to the SSD Rules page. Click Apply to begin the operation. STEP 3 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 129 Plaintext—Include sensitive data in the backup in its plaintext form. The available sensitive data options are determined by the current user SSD NOTE rules. For details, refer to Secure Sensitive Data Management > SSD Rules page. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 130 Server Definition—Select whether to specify the SCP server by IP address or by domain name. • IP Version—Select whether an IPv4 or an IPv6 address is used. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 131 Source File Name—Select one of the configuration file types to copy. • Destination File Name—Enter name of the destination configuration file. Click Apply to begin the operation. STEP 3 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 132: File Directory

    Auto Image Update—Automatic downloading a firmware image from a remote TFTP/SCP server. At the end of the Auto Configuration/Image Update process, the device reboots itself to the firmware image. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 133 SCP, and files with the other extensions are downloaded using TFTP. The default extension is .scp. • TFTP Only—The download is done through TFTP, regardless of the file extension of the configuration file name. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 134 If the DHCP server did not send the indirect file name of the firmware image file, the Backup Indirect Image File Name (from the DHCP Auto Configuration/Image Update page) is used. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 135 TFTP—The device sends TFTP Request messages to a limited Broadcast address (for IPv4) or ALL NODES address (for IPv6) on its IP interfaces and continues the process of Auto Configuration/Image Update with the first answering TFTP server. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 136 If Auto Configuration is enabled, the Auto Configuration process is triggered when the configuration file name is received from a DHCP server or a backup configuration file name has been configured. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 137 The form and format of the file are checked, but the validity of the configuration parameters is not checked prior to loading it to the Startup Configuration. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 138 66 (single server address) or 150 (list of server addresses) 67 (name of configuration file) • DHCPv6 Option 59 (server address) Options 60 (name of configuration file plus indirect image file name, separated by a comma) Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 139 Enter the values. STEP 2 • Auto Configuration Via DHCP—Select this field to enable DHCP Auto Configuration. This feature is disabled by default, but can be enabled here. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 140 SSH server if required. • SSH Client Authentication—Click on the System Credentials link to enter user credentials in the SSH User Authentication page. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 141 This is An example of an indirect image file name is: indirect-cisco.scp. This file contains the path and name of the firmware image. The following fields are displayed: • Last Auto Configuration/Image Server IP Address—Address of the last backup server.
  • Page 142: Chapter 8: Administration: Stack Management

    In some cases, stack ports can become members in a stack of Link Aggregation Groups (LAGs) increasing the bandwidth of the stack interfaces. See Stack Port Link Aggregation. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 143 During Fast Stack Link failover, the master/backup units remain active and functioning. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 144: Types Of Units In Stack

    Unit 6: LED 2 and 4 are lit. • Unit 7: LED 3 and 4 are lit. • Unit 8: LED 1, 3, and 4 are lit. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 145: Stack Topology

    Ring Topology—Each unit is connected to the neighboring unit. The last unit is connected to the first unit. The following shows a ring topology of an eight-unit stack: Figure 1 Stack in Rig Topology (550 Family) Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 146 During topology discovery, each unit in a stack exchanges packets, which contain topology information. After the topology discovery process is completed, each unit contains the stack mapping information of all units in the stack. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 147: Unit Id Assignment

    It did not win the master selection process between the master-enabled units (1 or 2). Duplicate Unit Shut Down Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 148 Duplication Between Two Units With Auto Number Unit ID If a new stack has more than the maximum number of units, all extra units are shut down. NOTE Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 149: Master Selection Process

    The stack changes between ring and chain formation. When units are added or removed to and from a stack, it triggers topology changes, master election process, and/or unit ID assignment. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 150 The best unit is the unit with the higher uptime in segments of 10 minutes. The other unit is made the backup. Auto-numbered Master-enabled Unit Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 151: Unit Failure In Stack

    The backup configuration file remains on the previous master. Dynamic process-state information, such as the STP state table, dynamically-learned MAC addresses, dynamically-learned Smartport types, MAC Multicast tables, LACP, and GVRP are not synchronized. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 152 STP. Packet flooding to unknown Unicast MAC addresses occurs until the MAC NOTE addresses are learned or relearned. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 153: Stack Ports

    The allowed interface combination for the same stacking LAG is either interfaces XG1 and XG2 or interfaces XG3 and XG4. Other combination of interlaces in the same stack LAG is not supported. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 154 (auto-discovery is the default setting). The system automatically identifies the stack cable type and selects the highest speed supported by the cable and the port. A SYSLOG message (informational level) is displayed when the cable type is not recognized. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 155: Software Auto Synchronization In Stack

    The unit automatically reboots itself to run the new version. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 156 In addition, the 2-4 XG ports of the Sx350X/Sx550X units must be configured as stacking ports, and connected to the SG350XG/SX350X and SG550XG/SX550X devices stacking ports. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 157 Number of Multicast groups Max. number of IPv4 routes 7168 Max. number of IPv4 host 7092 directly-connected Max. number of IPv4 1800 Multicast routes Max number of IPv6 interfaces Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 158 This usually succeeds, but there are exceptions as described below: Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 159: Stack Management

    350 devices or mixed types of 550 devices (but not a mix of 350 and 550 devices). • Stack Topology—Displays whether the topology of the stack is chain or ring. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 160 When you hover over a port, a tool tip displays the stacking port number, unit that it is connected to (if there is one), the port speed and its connection status. See an example of Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 161 Unit x Stack Connection Speed—Displays the speed of the stack connection. Click Apply and Reboot. The parameters are copied to the Running Configuration file and STEP 4 the stack is rebooted. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 162: Chapter 9: Administration: Time Settings

    Savings Time (DST). It covers the following topics: • System Time Configuration • SNTP Modes • System Time • SNTP Unicast • SNTP Multicast/Anycast • SNTP Authentication • Time Range • Recurring Time Range Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 163: System Time Configuration

    After the time has been set by any of the above sources, it is not set again by the browser. SNTP is the recommended method for time setting. NOTE Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 164: Sntp Modes

    The device supports having all of the above modes active at the same time and selects the best system time received from an SNTP server, according to an algorithm based on the closest stratum (distance from the reference clock). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 165: System Time

    SNTP server: Date—Enter the system date. Local Time—Enter the system time. • Time Zone Settings—The local time is used via the DHCP server or Time Zone offset. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 166 Day—Day of the week on which DST begins every year. Week—Week within the month from which DST begins every year. Month—Month of the year in which DST begins every year. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 167: Sntp Unicast

    This page displays the following information for each Unicast SNTP server: • SNTP Server—SNTP server IP address. The preferred server, or hostname, is chosen according to its stratum level. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 168 DNS server or configured so that a DNS server is identified by using DHCP. (See Settings) • IP Version—Select the version of the IP address: Version 6 or Version 4. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 169 Authentication Key ID—If authentication is enabled, select the value of the key ID. (Create the authentication keys using the SNTP Authentication page.) Click Apply. The STNP server is added, and you are returned to the main page. STEP 6 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 170: Sntp Multicast/Anycast

    The authentication key is created on the SNTP server in a separate process that depends on the type of SNTP server you are using. Consult with the SNTP server system administrator for more information. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 171: Time Range

    Time Range Time ranges can be defined and associated with the following types of commands, so that they are applied only during that time range: • ACLs Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 172 The existing time ranges are displayed. To add a new time range, click Add. STEP 2 Enter the following fields: STEP 3 • Time Range Name—Enter a new time range name. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 173: Recurring Time Range

    Recurring Ending Time—Enter the date and time that the Time Range ends on a recurring basis. Click Apply. STEP 5 Click Time Range to access the Absolute Time Range page. STEP 6 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 174: Chapter 10: Administration: Discovery

    If a service is changed, the device will send Bonjour packets with the new information. If the IP address of the device is changed, the device will also advertise its new IP address. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 175: Lldp And Cdp

    Apply). LLDP and CDP LLDP (Link Layer Discovery Protocol) and CDP (Cisco Discovery Protocol) are link layer protocols for directly-connected LLDP and CDP-capable neighbors to advertise themselves and their capabilities. By default, the device sends an LLDP/CDP advertisement periodically to all its interfaces and processes incoming LLDP and CDP packets as required by the protocols.
  • Page 176 VLAN. A CDP/LLDP-capable device may receive advertisements from more than one device if the CDP/LLDP-incapable devices flood the CDP/LLDP packets. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 177: Discover - Lldp

    The LLDP protocol has an extension called LLDP Media Endpoint Discovery (LLDP-MED) that provides and accepts information from media endpoint devices such as VoIP phones and video phones. For further information about LLDP-MED, see LLDP MED Network Policy. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 178 TLV Advertise Interval—Enter the rate in seconds at which LLDP advertisement updates are sent, or use the default. • Topology Change SNMP Notification Interval—Enter the minimum time interval between SNMP notifications. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 179 This page contains the port LLDP information. Select a port and click Edit. STEP 2 This page provides the following fields: • Interface—Select the port to edit (including the OOB port). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 180 LLDP PDU is transmitted) can be aggregated. It also indicates whether the link is currently aggregated, and if so, provides the aggregated port identifier. 802.3 Maximum Frame Size—Maximum frame size capability of the MAC/PHY implementation. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 181 Administration: Discovery Discover - LLDP 4-Wire Power via MDI—(relevant to PoE ports supporting 60W PoE) Proprietary Cisco TLV defined to support power over Ethernet that allow for 60 watts power (standard support is up to 30 watts). Management Address Optional TLV •...
  • Page 182 Select Auto for LLDP-MED Network Policy for Voice Application if the device is to STEP 2 automatically generate and advertise a network policy for voice application based on the voice VLAN maintained by the device. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 183 Auto and Auto Voice VLAN is in operation, then the device automatically generates an LLDP- MED Network Policy for Voice Application for all the ports that are LLDP-MED enabled and are members of the voice VLAN. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 184 LLDP MED Network Policy page. To include one or more user-defined network polices in the advertisement, you must also select Network Policy from the Available Optional TLVs. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 185 WLAN AP, or Router. • Enabled System Capabilities—Primary enabled function(s) of the device. • Port ID Subtype—Type of the port identifier that is shown. • LLDP Port Status Table Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 186 WLAN AP, or Router. • Enabled System Capabilities—Primary enabled function(s) of the device. • Port ID Subtype—Type of the port identifier that is shown. • Port ID—Identifier of port. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 187 802.3 Power via MDI • MDI Power Support Port Class—Advertised power support port class. • PSE MDI Power Support—Indicates if MDI power is supported on the port. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 188 PD Spare Pair Desired State—Indicates a pod device requesting to enable the 4-pair ability. • PD Spare Pair Operational State—Indicates whether the 4-pair ability is enabled or disabled. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 189 Coordinates—Map coordinates: latitude, longitude, and altitude. • ECS ELIN—Emergency Call Service (ECS) Emergency Location Identification Number (ELIN). Network Policy Table • Application Type—Network policy application type; for example, Voice. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 190 Port ID—Identifier of port. • System Name—Published name of the device. • Time to Live—Time interval (in seconds) after which the information for this neighbor is deleted. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 191 • Address—Managed address. • Interface Subtype—Port subtype. • Interface Number—Port number. MAC/PHY Details • Auto-Negotiation Supported—Port speed auto-negotiation support status. The possible values are True and False. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 192 PD Spare Pair Desired State—Indicates a pod device requesting to enable the 4-pair ability. • PD Spare Pair Operational State—Indicates if the 4-pair ability is enabled or disabled. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 193 Class 2 features plus location, 911, Layer 2 switch support and device information management capabilities. • PoE Device Type—Port PoE type, for example, PD/PSE. • PoE Power Source—Port’s power source. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 194 Protocol ID—Advertised protocol IDs. Location Information Enter the following data structures in hexadecimal as described in section 10.2.4 of the ANSI-TIA-1057 standard: • Civic—Civic or street address. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 195 Tx Frames (Total)—Number of transmitted frames. • Rx Frames Total—Number of received frames. Discarded—Total number of received frames that discarded. Errors—Total number of received frames with errors. • Rx TLVs Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 196 LLDP Mandatory TLVs Size (Bytes)—Total mandatory TLV byte size. Status—If the mandatory TLV group is being transmitted, or if the TLV group was overloaded. • LLDP MED Capabilities Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 197 Total (Bytes)—Total number of bytes of LLDP information in each packet Available Bytes Left—Total number of available bytes left to send for additional LLDP information in each packet. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 198: Discovery - Cdp

    • CDP Statistics CDP Properties Similar to LLDP, the Cisco Discovery Protocol (CDP) is a link layer protocol for directly- connected neighbors to advertise themselves and their capabilities to each other. Unlike LLDP, CDP is a Cisco proprietary protocol. CDP Configuration Workflow The followings is sample workflow for configuring CDP on the device.
  • Page 199 • Source Interface—IP address to be used in the TLV of the frames. The following options are possible: Use Default—Use the IP address of the outgoing interface. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 200 • No. of Neighbors—Number of neighbors detected. The bottom of the page has four buttons: • Copy Settings—Select to copy a configuration from one port to another. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 201 STEP 2 • Interface—Number of the local port. The OOB port can also be selected. • CDP State—Displays whether CDP is enabled or not. • Device ID TLV Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 202 Disabled indicates that the port is not trusted in which case, the following field is relevant. • CoS for Untrusted Ports TLV Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 203 After timeout (based on the value received from the neighbor Time To Live TLV during which no CDP PDU was received from a neighbor), the information is deleted. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 204 Bits 0 through 7 indicate Other, Repeater, Bridge, WLAN AP, Router, Telephone, DOCSIS cable device, and station respectively. Bits 8 through 15 are reserved. • Platform—Identifier of the neighbors platform. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 205 (true only for specific ports that have this HW ability). Spare Pair Detection/Classification Required—Indicates that the 4-pair wire is needed. PD Spare Pair Desired State—Indicates a pod device requesting to enable the 4-pair ability. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 206 To clear all counters on all interfaces, click Clear All Interface Counters. To clear all STEP 2 counters on an interface, select it and click Clear Interface Counters. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 207: Chapter 11: Port Management

    4. Configure the LACP parameters for the ports that are members or candidates of a dynamic LAG by using the LACP page. 5. Configure Green Ethernet and 802.3 Energy Efficient Ethernet by using the Properties page. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 208: Port Settings

    To update the port settings, select the desired port, and click Edit. STEP 4 Modify the following parameters: STEP 5 • Interface—Select the port number. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 209 Flow Control abilities to the port link partner. • Operational Auto Negotiation—Displays the current auto-negotiation status on the port. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 210 This is only supported on the 550 family. 10000 Full—The LAG advertises a 10000 Mbps speed and the mode is full duplex. This is only supported on the 550 family. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 211 Packets received from protected ports can be forwarded only to unprotected egress ports. Protected port filtering rules are also applied to packets that are forwarded by software, such as snooping applications. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 212: Error Recovery Settings

    STP BPDU guard. STP Loopback Guard— Enable automatic recovery when the port has been shut down by STP Loopback Guard. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 213: Loopback Detection Settings

    Network managers can define a Detection Interval that sets the time interval between LBD packets. The following loop cases can be detected by the Loopback Detection protocol: • Shorted wire—Port that loop backs all receiving traffic. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 214 Loopback detection is not enabled by default. Interactions with Other Features If STP is enabled on a port on which Loopback Detection is enabled, the port must be in STP forwarding state. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 215: Link Aggregation

    Click Apply to save the configuration to the Running Configuration file. STEP 8 Link Aggregation This section describes how to configure LAGs. It covers the following topics: • Link Aggregation Overview • Default Settings and Configuration Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 216 By MAC Addresses—Based on the destination and source MAC addresses of all packets. • By IP and MAC Addresses—Based on the destination and source IP addresses for IP packets, and destination and source MAC addresses for non-IP packets. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 217 Select the load balancing algorithm for the LAG. Perform these actions in the Management page. 2. Configure various aspects of the LAG, such as speed and flow control by using the Settings page. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 218 Active Member—Active ports in the LAG. • Standby Member—Candidate ports for this LAG. Enter the values for the following fields: STEP 2 • LAG—Select the LAG number. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 219 When the time range is not active, the port is in shutdown. If a time range is configured, it is effective only when the port is administratively Up. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 220 Protected LAG—Select to make the LAG a protected port for Layer 2 isolation. See the Port Configuration description in Port Settings for details regarding protected ports and LAGs. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 221 In order for LACP to create a LAG, the ports on both link ends should be configured for LACP, meaning that the ports send LACP PDUs and handle received PDUs. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 222 LACP PDUs. Select the periodic transmissions of LACP PDUs, which occur at either a Long or Short transmission speed, depending upon the expressed LACP timeout preference. Click Apply. The Running Configuration file is updated. STEP 5 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 223 Shutdown—The link is unidirectional. Traffic sent by a local device is received by its neighbor, but traffic from the neighbor is not received by the local device. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 224 (3 times message time) has passed. If a new message is received before the expiration time, the information in that message replaces the previous one. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 225 UDLD again begins running on the port. If the link is still unidirectional, UDLD shuts it down again after the UDLD expiration time expires, for instance. • Manually—You can reactivate a port in the Error Recovery Settings page Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 226 UDLD Usage Guidelines Cisco does not recommend enabling UDLD on ports that are connected to devices on which UDLD is not supported or disabled. Sending UDLD packets on a port connected to a device that does not support UDLD causes more traffic on the port without providing benefits.
  • Page 227 The UDLD feature can be configured for all fiber ports at one time (in the UDLD Global Settings page) or per port (in the UDLD Interface Settings page). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 228 Information is displayed for all ports on which UDLD is enabled, or, if you have filtered only a certain group of ports, information is displayed for that group of ports. • Port—The port identifier. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 229 Click Apply to save the settings to the Running Configuration file. STEP 4 UDLD Neighbors To view all devices connected to the local device, click Port Management > UDLD > UDLD Neighbors. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 230 Neighbor Expiration Time (Sec.)—Displays the time that must pass before the device attempts to determine the port UDLD status. This is three times the Message Time. • Neighbor Message Time (Sec.)—Displays the time between UDLD messages. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 231: Poe

    Power over Ethernet can be used in any enterprise network that deploys relatively low-pod devices connected to the Ethernet LAN, such as: • IP phones • Wireless access points • IP gateways • Audio and video remote monitoring devices Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 232 Consider the following when configuring PoE: • The amount of power that the PSE can supply • The amount of power that the PD is actually attempting to consume Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 233 Output power is disabled during power-on reboot, initialization, and system configuration to ensure that PDs are not damaged. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 234 Available Power—Nominal power minus the amount of consumed power. • PSE Chipset & Hardware Revision—PoE chipset and hardware revision number. Click Apply to save the PoE properties. STEP 3 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 235 Operational Status—Displays whether PoE is currently active on the port. • PoE Standard—Displays the type of PoE supported, such as 60W PoE and 802.3 AT PoE). Select a port and click Edit. STEP 2 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 236 PoE is enabled. When the time range is not active, PoE is disabled. To use this feature, a time range must first be defined in the Time Range page. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 237 • Force Four Pair—Enable this feature to provide enhanced power supply. • Power Consumption—Displays the amount of power in milliwatts assigned Settings (Class Limit) Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 238 A sample's average PoE consumption per port/device is as follows: Sum of all PoE consumption readings in a period / Number of minutes in the sampling period. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 239 Clear Event Counters—Clear the displayed event counters. • View Interfaces Statistics—Display the above statistics for a selected interface • View Interface History Graph—Display the counters in graph format for a selected interface Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 240: Green Ethernet

    This mode is only supported on RJ45 ports; it does not apply to Combo ports. This mode is disabled by default. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 241 LEDs that are displayed on the device board pictures are not affected by disabling the LEDs. Port LEDs can be disabled on the Properties page. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 242 When signals from both sides are received, the Keep Alive signal indicates that the ports are in LPI status (and not in Down status), and power is reduced. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 243 • If the port speed on the GE port is changed to 10Mbit, 802.3az EEE is disabled. This is supported in GE models only. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 244 Energy Detect Mode— Click the checkbox to enable this mode. This setting is not supported for some of the XG devices. • Short Reach—(For non-XG devices) Click the checkbox to enable this feature. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 245 Some fields may not be displayed on some SKUs. NOTE • Port—The port number. • Energy Detect—State of the port regarding the Energy Detect feature: Administrative—Displays whether Energy Detect is enabled. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 246 Select to enable or disable 802.3 Energy Efficient Ethernet (EEE) mode on the port. STEP 5 Select to enable or disable 802.3 Energy Efficient Ethernet (EEE) LLDP mode on the port STEP 6 (advertisement of EEE capabilities through LLDP). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 247 Port Management Green Ethernet Click Apply. The Green Ethernet port settings are written to the Running Configuration file. STEP 7 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 248: Chapter 12: Smartport

    The result is that these devices share a common configuration. The Smartport feature works in conjunction with other features such as: • Voice VLAN and Smartport, described in the Voice VLAN section. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 249 The “macro” serves to apply the desired configuration • The “anti-macro” serves to undo all configuration performed by the macro when an interface is attached to a different Smartport type. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 250 Smartport Type Supported by Auto Smartport Supported by Auto Smartport by default Unknown Default Printer Desktop Guest Server Host IP camera IP phone IP phone desktop Switch Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 251 LLDP messages are received on the interface before both TTLs of the most recent CDP and LLDP packets decrease to 0, then the anti-macro is run, and the Smartport type returns to default. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 252 Smartport macros are bound to Smartport types in the Type Settings page. Built-in Smartport Macros for a listing of the built-in Smartport macros for each device type. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 253 Smartport type (in the Interface Settings pages). See the workflow area in Common Smartport Tasks section for troubleshooting tips. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 254: How The Smartport Feature Works

    • If a device is aged out (no longer receiving advertisements from other devices), the interface configuration is changed according to its Persistent Status. If the Persistent Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 255 CDP and/or LLDP advertisements from the device for a specified time period. Using CDP/LLDP Information to Identify Smartport Types The device detects the type of device attached to the port, based on the CDP/LLDP capabilities. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 256 DOCSIS cable device IETF RFC 4639 and Ignore IETF RFC 4546 Station Only IETF RFC 4293 Host C-VLAN Component of a VLAN Bridge Switch IEEE Std. 802.1Q Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 257 (assuming the configuration was saved). The Smartport type and the configuration of the interface are not Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 258: Error Handling

    CDP and LLDP to detect attaching device's Smartport type, and detects Smartport type IP phone, IP phone + Desktop, Switch, and Wireless Access Point. Voice VLAN for a description of the voice factory defaults. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 259: Relationships With Other Features

    Select the interface, and click Edit. STEP 2 Select the Smartport type that is to be assigned to the interface in the Smartport Application STEP 3 field. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 260 Troubleshoot, then correct the problem. Consider the troubleshooting tip below. STEP 3 Click Edit. A new window appears in which you can click Reset to reset the interface. STEP 4 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 261: Configuring Smartport Using The Web-Based Interface

    Enter the parameters. STEP 2 • Administrative Auto Smartport—Select to globally enable or disable Auto Smartport. The following options are available: Disable—Select to disable Auto Smartport on the device. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 262 Editing these parameters for the Smartport types applied by Auto Smartport from the Smartport Type Settings page configures the default values for these parameters. These defaults are used by Auto Smartport. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 263 Smartport type by Auto Smartport. Auto Smartport does not apply the changes to interfaces that statically assigned a Smartport type. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 264 All Switches, Routers and Wireless Access Points—Reapplies the macros to all interfaces. • All Switches—Reapplies the macros to all interfaces defined as switches. • All Routers —Reapplies the macros to all interfaces defined as routers. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 265 Interface—Select the port or LAG. • Smartport Type—Displays the Smartport type currently assigned to the port/LAG. • Smartport Application—Select the Smartport type from the Smartport Application pull-down. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 266: Built-In Smartport Macros

    Smartport type there is a macro to configure the interface and an anti macro to remove the configuration. Macro code for the following Smartport types are provided: • desktop • printer • guest • server • host • ip_camera • ip_phone Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 267 #macro description No Desktop no smartport switchport trunk native vlan smartport switchport trunk allowed vlan remove all no port security no port security mode no port security max Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 268 #macro description No printer no switchport access vlan no switchport mode no port security no port security mode no smartport storm-control broadcast enable no smartport storm-control broadcast level Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 269 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 270 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 271 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 272 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 273 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 274 #macro key description: $voice_vlan: The voice VLAN ID #Default Values are #$voice_vlan = 1 smartport switchport trunk allowed vlan remove $voice_vlan no smartport switchport trunk native vlan Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 275 #macro keywords $voice_vlan #macro key description: $voice_vlan: The voice VLAN ID no smartport switchport trunk native vlan smartport switchport trunk allowed vlan remove all no spanning-tree link-type Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 276 [ap] #macro description ap #macro keywords $native_vlan $voice_vlan #macro key description: $native_vlan: The untag VLAN which will be configured on the port Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 277: Chapter 13: Vlan Management

    VLANs address security and scalability issues. Traffic from a VLAN stays within the VLAN, and terminates at devices in the VLAN. It also eases network configuration by logically connecting devices without physically relocating those devices. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 278 Adjacent VLAN-aware devices exchange VLAN information with each other by using Generic VLAN Registration Protocol (GVRP). As a result, VLAN information is propagated through a bridged network. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 279 The following types of ports can be members in a private VLAN: • Promiscuous—A promiscuous port can communicate with all ports of the same private VLAN. These ports connect servers and routers. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 280 VLAN’s various VLANs (primary, isolated and the communities). The switch supports 16 primary VLANs and 256 secondary VLANs. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 281 Figure 1 Traffic from Hosts to Servers/Routers Server Promiscous Promiscous Isolated vlan Community Vlan Isolated Isolated Community Community Community Isolated 1 Isolated 2 Community 1 Community 1 Community 1 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 282 The following describes server/router traffic (reply to host). Figure 2 Server/Router Traffic to Hosts Server Promiscous Promiscous Primary VLAN Isolated Isolated Community Community Community Isolated 1 Isolated 2 Community 1 Community 1 Community 1 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 283 IPv4 and IPv6. Both can be defined on a primary VLAN. Isolated and community ports do not allow for IP connectivity. IP connectivity requires traffic to pass on a primary VLAN. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 284 IP Source Guard—A TCAM rule is required to forward/drop IP traffic. • First Hop Security—A TCAM rule is required to trap IPv6 traffic (when IPv6 source guard is enabled). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 285: Regular Vlans

    VLAN Settings section. STEP 1 Set the desired VLAN-related configuration for ports and enable QinQ on an interface as STEP 2 described in the Interface Settings section. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 286 Each VLAN must be configured with a unique VID with a value from 1 to 4094. The device reserves VID 4095 as the Discard VLAN. All packets classified to the Discard VLAN are discarded at ingress, and are not forwarded to a port. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 287 For example, if you shut down a VLAN, on which an IP interface is configured, bridging into the VLAN continues, but the switch cannot transmit and receive IP traffic on the VLAN Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 288 Trunk—The interface is an untagged member of one VLAN at most, and is a tagged member of zero or more VLANs. A port configured in this mode is known as a trunk port. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 289 VLANs that are required for normal packet forwarding from the Available Secondary VLANs. Promiscuous and trunk ports can be members in multiple VLANs. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 290 The S-VLAN specified by the user must be created on the device before configuring it on an interface as an S-VLAN. If this VLAN does not exist, the command fails. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 291 VLAN tunneling. The customer port mode is a particular case of VLAN-mapping tunnel port mode, and does not require allocation of TCAM resources. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 292 Mapping Type selection. Select one of the following: Source VLAN—Configure the ID of the customer VLAN (C-VLAN) that will be translated to S-VLAN (translated VLAN). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 293 VLAN-unaware. If a destination end node is VLAN-unaware, but is to receive traffic from a VLAN, then the last VLAN-aware device (if there is one), must send frames of the destination VLAN to the end node untagged. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 294 Running STEP 3 , and Configuration file. You can continue to display and/or configure port membership of another VLAN by selecting another VLAN ID. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 295 • Interface—Select a Port or LAG. • Current VLAN Mode—Displays the port VLAN mode that was selected in the Interface Settings page. • Access Mode Membership (Active) Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 296 Select a port and click Details to view the following fields: STEP 5 • Administrative VLANs—Port is configured for these VLANs. • Operational VLANs—Port is currently a member of these VLANs. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 297: Gvrp Settings

    Generic VLAN Registration Protocol (GVRP). GVRP is based on the Generic Attribute Registration Protocol (GARP) and propagates VLAN information throughout a bridged network. To enable GVRP on an interface, it must be configured in General mode. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 298 Click Apply. GVRP settings are modified, and written to the Running Configuration file.. STEP 7 VLAN Groups This section describes how to configure VLAN groups. It describes the following features: • MAC-Based VLAN Group Overview Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 299 General mode. b. If the interface does not belong to the VLAN, manually assign it to the VLAN using the Port to VLAN page. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 300 Group ID—Select a VLAN group, defined in the MAC-Based VLAN Group Overview page. • VLAN ID—Select the VLAN to which traffic from the VLAN group is forwarded. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 301 IP Address—Enter the IP address on which the subgroup is based. • Prefix Mask—Enter the prefix mask that defines the subnet. • Group ID—Enter a group ID. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 302 Groups of protocols can be defined and then bound to a port. After the protocol group is bound to a port, every packet originating from a protocol in the group is assigned the VLAN that is configured in the Protocol-Based Groups page. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 303 Protocol Value—Enter the protocol for LLC-SNAP (rfc 1042)encapsulation. • Group ID—Enter a protocol group ID. Click Apply. The Protocol Group is added, and written to the Running Configuration file. STEP 4 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 304: Voice Vlan

    VLANs, IP (Layer 3) routers are needed to provide communication. This section covers the following topics: • Voice VLAN Overview • Voice VLAN Configuration • Telephony OUI Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 305 The following are typical voice deployment scenarios with appropriate configurations: • UC3xx/UC5xx hosted: All Cisco phones and VoIP endpoints support this deployment model. For this model, the UC3xx/UC5xx, Cisco phones and VoIP endpoints reside in the same voice VLAN. The voice VLAN of UC3xx/UC5xx defaults to VLAN 100. •...
  • Page 306 CDP and/or LLDP-MED. Voice End-Points To have a voice VLAN work properly, the voice devices, such as Cisco phones and VoIP endpoints, must be assigned to the voice VLAN where it sends and receives its voice traffic. Some of the possible scenarios are as follows: •...
  • Page 307 VLAN port memberships. Auto Voice VLAN performs the following functions when it is in operation: • It discovers voice VLAN information in CDP advertisements from directly connected neighbor devices. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 308 (UC) devices, are advertising their voice VLAN, the voice VLAN from the device with the lowest MAC address is used. If connecting the device to a Cisco UC device, you may need to configure the NOTE port on the UC device using the switchport voice vlan command to ensure the UC device advertises its voice VLAN in CDP at the port.
  • Page 309 The interface VLAN of a candidate port must be in General or Trunk mode. • The Voice VLAN QoS is applied to candidate ports that have joined the Voice VLAN, and to static ports. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 310 If the device is currently in Auto Voice VLAN mode, you must disable it before NOTE you can enable Telephony OUI. Configure Telephony OUI in the Telephony OUI Table page. STEP 2 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 311 VLAN as a static voice VLAN. If the option Auto Voice VLAN Activation triggered by external Voice VLAN is selected, then the default values need to be maintained. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 312 VLAN, which has higher priority than auto voice VLAN that was learned from external sources. Click Apply. The VLAN properties are written to the Running Configuration file. STEP 3 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 313 Click Restart Auto Voice VLAN to reset the voice VLAN to the default voice VLAN and STEP 2 restart Auto Voice VLAN discovery on all the Auto-Voice-VLAN-enabled switches in the LAN. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 314 VLAN from a higher priority source is discovered. Only one local source is the best local source. No—This is not the best local source. Click Refresh to refresh the information on the page STEP 3 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 315 Click Restore Default OUIs to delete all of the user-created OUIs, and leave only the default STEP 3 OUIs in the table. The OUI information may not be accurate until the restoration is completed. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 316 To configure an interface to be a candidate port of the telephony OUI-based voice VLAN, STEP 2 click Edit. Enter the values for the following fields: STEP 3 • Interface—Select an interface. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 317 One or more IP Multicast address groups can be associated with the same Multicast TV VLAN. Any VLAN can be configured as a Multicast-TV VLAN. A port assigned to a Multicast-TV VLAN: • Joins the Multicast-TV VLAN. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 318 VLAN Membership Source and all receiver ports Source and receiver ports cannot must be static members in the be members in the same data same data VLAN. VLAN. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 319 Multicast TV VLAN—VLAN to which the Multicast packets are assigned. • Multicast Group Start—First IPv4 address of the Multicast group. • Group End—Final IPv4 address of the Multicast group range. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 320 STEP 4 required ports to the Member Access Ports field. Click Apply. Multicast TV VLAN settings are modified, and written to the Running STEP 5 Configuration file. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 321 2. Configure the network port as a trunk or general port with subscriber and Multicast TV VLAN as tagged VLANS. (using the Interface Settings page. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 322 Click Apply. CPE VLAN Mapping is modified, and written to the Running Configuration file. STEP 4 Port Multicast VLAN Membership The ports associated with the Multicast VLANs must be configured as customer ports (see Interface Settings). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 323 STEP 4 the required ports to the Member Customer Ports field. Click Apply. The new settings are modified, and written to the Running Configuration file. STEP 5 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 324: Chapter 14: Spanning Tree

    STP provides a tree topology for any arrangement of switches and interconnecting links, by creating a unique path between end stations on a network, and thereby eliminating loops. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 325: Stp Status And Global Settings

    • Spanning Tree State—Select to enable on the device. • STP Loopback Guard—Select to enable Loopback Guard on the device. • STP Operation Mode—Select an STP mode. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 326 Topology Changes Counts—The total number of STP topology changes that have occurred. • Last Topology Change—The time interval that elapsed since the last topology change occurred. The time appears in a days/hours/minutes/seconds format. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 327: Stp Interface Settings

    0 and can be viewed on the STP Interface Settings page. Select an interface and click Edit. STEP 2 Enter the parameters STEP 3 • Interface—Select the Port or LAG on which Spanning Tree is configured. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 328 STP Status and Global Settings page. Filtering—Filters BPDU packets when Spanning Tree is disabled on an interface. Flooding—Floods BPDU packets when Spanning Tree is disabled on an interface. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 329 LAG—Displays the LAG to which the port belongs. If a port is a member of a LAG, the LAG settings override the port settings. Click Apply. The interface settings are written to the Running Configuration file. STEP 4 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 330 Auto—Automatically determines the device status by using RSTP BPDUs. • Point to Point Operational Status—Displays the Point-to-Point operational status if the Point to Point Administrative Status is set to Auto. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 331 MAC addresses. Forwarding—The port is in Forwarding mode. The port can forward traffic and learn new MAC addresses. Click Apply. The Running Configuration file is updated. STEP 8 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 332: Multiple Spanning Tree Overview

    For two or more switches to be in the same MST region, they must have the same VLANs to MST instance mapping, the same configuration revision number, and the same region name. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 333: Vlans To A Mstp Instance

    Configuration on this page (and all of the MSTP pages) applies if the system STP mode is MSTP. Up to 16 MST instances can be defined in addition to instance zero. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 334: Mstp Instance Settings

    Included VLAN—Displays the VLANs mapped to the selected instance. The default mapping is that all VLANs are mapped to the common and internal spanning tree (CIST) instance 0). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 335: Mstp Interface Settings

    Instance ID—Select the MST instance to be configured. • Interface—Select the interface for which the MSTI settings are to be defined. • Interface Priority—Set the port priority for the specified interface and MST instance. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 336 STP Interface Settings page. • Mode—Displays the current interface Spanning Tree mode. If the link partner is using MSTP or RSTP, the displayed port mode is RSTP. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 337 Forward Transitions—Displays the number of times the port has changed from the Forwarding state to the Discarding state. Click Apply. The Running Configuration file is updated. STEP 6 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 338: Chapter 15: Managing Mac Address Tables

    VLAN. Such frames are referred to as unknown Unicast frames. The device supports a maximum of 8K static and dynamic MAC addresses. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 339: Static Addresses

    Secure—The MAC address is secure when the interface is in classic locked mode (see Port Security). Click Apply. A new entry appears in the table. STEP 4 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 340: Dynamic Addresses

    Click Go. The Dynamic MAC Address Table is queried and the results are displayed. STEP 3 To delete all of the dynamic MAC addresses. click Clear Table. STEP 4 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 341 Action—Select one of the following actions to be taken upon receiving a packet that matches the selected criteria: Bridge—Forward the packet to all VLAN members. Discard—Delete the packet. Click Apply. A new MAC address is reserved. STEP 4 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 342: Chapter 16: Multicast

    (drop) the Multicast on the rest of the ports by enabling the Bridge Multicast filtering status in the Properties page. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 343 ID. The device supports a maximum of 256 static and dynamic Multicast group addresses. Only one of filtering options can be configured per VLAN. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 344 • IGMP v1/v2/ v3 • MLD v1/v2 The device supports IGMP/MLD Snooping only on static VLANs. It does not support IGMP/ NOTE MLD Snooping on dynamic VLANs. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 345 Querier delays sending general query messages after its enabling for 60 seconds. If there is no other querier, it starts to send general query messages. It stops sending general query messages if it detects another querier. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 346 Another advantage is that it makes the proxy devices independent of the Multicast routing protocol used by the core network routers. Hence, proxy devices can be easily deployed in any Multicast network. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 347 By default, IP Multicast traffic arriving on an interface of the IGMP/MLD tree is forwarded. You can disable of IP Multicast traffic forwarding arriving on downstream interfaces. It can be done globally and on a given downstream interface. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 348: Properties

    IPv4 Multicast group address. If an IPv4 address is configured on the VLAN, the operational forwarding method for IPv4 Multicast will be IP Group Address. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 349: Mac Group Address

    • MAC Group Address—Defines the MAC address of the new Multicast group. Click Apply, the MAC Multicast group is saved to the Running Configuration file. STEP 6 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 350: Ip Multicast Group Address

    The IP Multicast Group Address page is similar to the MAC Group Address page except that Multicast groups are identified by IP addresses. The IP Multicast Group Address page enables querying and adding IP Multicast groups. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 351 The VLAN ID, IP Version, IP Multicast Group Address, and Source IP Address selected are displayed as read-only in the top of the window. You can select the filter type: • Interface Type equals to—Select whether to display ports or LAGs. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 352: Ipv4 Multicast Configuration

    To support selective IPv4 Multicast forwarding, bridge Multicast filtering must be enabled (in Properties page), and IGMP Snooping must be enabled globally and for each relevant VLAN in the IGMP Snooping page. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 353 Use Query Robustness (x)—This value is set in MLD Interface Settings page. The number in parentheses is the current query robustness value. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 354 The following fields are displayed for each interface on which IGMP is enabled: • Interface Name—Interface on which IGMP snooping is defined. • Router IGMP Version—IGMP version. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 355 Query Interval (sec)—Interval between the General Queries to be used if this device is the elected querier. • Query Max Response Interval (sec)—Delay used to calculate the Maximum Response Code inserted into the periodic General Queries. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 356 User defined access list—Select the standard IPv4 access list name defining the SSM range. These access lists are defined in Access Lists. Click Apply. The Running Configuration file is updated. STEP 3 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 357 Uptime—Length of time in hours, minutes, and seconds that the entry has been in the IP Multicast routing table. • Expiry Time—Length of time in hours, minutes, and seconds until the entry is removed from the IP Multicast routing table. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 358: Ipv6 Multicast Configuration

    Enable or disable the following features: STEP 2 • MLD Snooping Status—Select to enable MLD snooping globally on all interfaces. • MLD Querier Status—Select to enable MLD querier globally on all interfaces. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 359 Select MLDv2 if there are switches and/or Multicast routers in the VLAN that perform source-specific IP Multicast forwarding. Otherwise, select MLDv1. Click Apply. The Running Configuration file is updated. STEP 4 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 360 To configure an interface, select it and click Edit. Enter the fields that are described above. STEP 2 Click Apply. The Running Configuration file is updated. STEP 3 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 361 TTL threshold value automatically become border routers. To configure a VLAN, select it and click Edit. Enter the fields described above. STEP 2 Click Apply. The Running Configuration file is updated. STEP 3 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 362 Click Apply. The Running Configuration file is updated. STEP 5 The following fields are displayed for each IP Multicast route: • Source Address—Unicast source IPv4 address. • Group Address—Multicast destination IPv4 address. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 363 Uptime—Length of time in hours, minutes, and seconds that the entry has been in the IP Multicast routing table. • Expiry Time—Length of time in hours, minutes, and seconds until the entry is removed from the IP Multicast routing table. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 364: Igmp/Mld Snooping Ip Multicast Group

    Excluded Ports—The list of ports not included in the group. • Compatibility Mode—The oldest IGMP/MLD version of registration from the hosts the device receives on the IP group address. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 365: Multicast Router Port

    When Bridge Multicast Filtering is enabled, Multicast packets to registered Multicast groups are forwarded to ports based on IGMP Snooping and MLD snooping. If Bridge Multicast Filtering is disabled, all Multicast packets are flooded to the corresponding VLAN Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 366: Unregistered Multicast

    You can select a port to receive or reject (filter) unregistered Multicast streams. The configuration is valid for any VLAN of which the port is a member (or will be a member). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 367 Filtering—Enables filtering (rejecting) of unregistered Multicast frames to the selected interface. Click Apply. The settings are saved, and the Running Configuration file is updated. STEP 5 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 368: Chapter 17: Ip Configuration

    If the device does not receive a DHCPv4 response in 60 seconds, it continues to send DHCPDISCOVER queries, and adopts the default IPv4 address: 192.168.1.254/24. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 369 This is defined in the IPv4 Static Routes IPv6 Routes pages. All the IP addresses configured or assigned to the device are referred to as Management IP addresses in this guide. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 370: Loopback Interface

    IPv4 Management and Interfaces This section covers the following topics: • IPv4 Interface • IPv4 Static Routes • IPv4 Forwarding Table • RIPv2 • VRRP • • ARP Proxy Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 371 The following fields are displayed in the IPv4 Interface Table: • Interface—Unit/Interface for which the IP address is defined. This can also be the out- of-band port. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 372 Static IP Address—Enter the IP address. If Static IP Address was selected, enter the following fields: STEP 5 • IP Address—Enter the IP address of the interface. • Mask Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 373 Click Apply. The IPv4 address settings are written to the Running Configuration file. STEP 6 When the system is in one of the stacking modes with a Backup Master present, Cisco CAUTION recommends configuring the IP address as a static address to prevent disconnecting from the network during a Stacking Master switchover.
  • Page 374 Tracking Object ID—(Only on 550 family) Enter the object ID. This field and the next one only appears when SLA exists Click Apply. The IP Static route is saved to the Running Configuration file. STEP 4 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 375 Administrative Distance—The administrative distance to the next hop (a lower value is preferred). This is not relevant for static routes. • Outgoing Interface—Outgoing interface for this route. RIPv2 IP Configuration: RIPv2. VRRP IP Configuration: VRRP Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 376 IP Address—The IP address of the IP device. • MAC Address—The MAC address of the IP device. • Status—Whether the entry was manually entered or dynamically learned. Click Add. STEP 4 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 377 Select ARP Proxy to enable the device to respond to ARP requests for remotely-located nodes STEP 2 with the device MAC address. Click Apply. The ARP proxy is enabled, and the Running Configuration file is updated. STEP 3 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 378 STEP 6 DHCP Snooping/Relay This section covers the following topics: • Overview • Properties • Interface Settings • DHCP Snooping Trusted Interfaces • DHCP Snooping Binding Database Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 379 The main goal of option 82 is to help to the DHCP server select the best IP subnet (network pool) from which to obtain an IP address. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 380 Option 82 with the original Option 82 the packet Disabled Option 82 Bridge – no Bridge – Packet Option 82 is is sent with the inserted original Option Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 381 Enabled Option 82 Bridge – no Bridge – no Bridge – Packet Option 82 is sent Option 82 is is sent with the sent original Option Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 382 DHCP Relay VLAN with IP Address VLAN without IP Address Packet arrives Packet arrives Packet arrives Packet arrives without Option with Option 82 without Option with Option 82 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 383 DHCP Relay VLAN with IP Address VLAN without IP Address Packet arrives Packet arrives Packet arrives Packet arrives with without Option with Option 82 without Option Option 82 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 384 Packets from trusted ports are used to create the Binding database and are handled as described below. If DHCP Snooping is not enabled, all ports are trusted by default. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 385 DHCP Snooping Packet Handling Packet Type Arriving from Untrusted Arriving from Trusted Ingress Ingress Interface Interface DHCPDISCOVER Forward to trusted Forwarded to trusted interfaces only. interfaces only. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 386 DHCPRELEASE Same as Same as DHCPDECLINE. DHCPDECLINE. DHCPINFORM Forward to trusted Forward to trusted interfaces only. interfaces only. DHCPLEASEQUE Filtered. Forward. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 387 Click IP Configuration > IPv4 Management and Interfaces >DHCP Snooping/Relay > STEP 1 Properties. Enter the following fields: • Option 82—Select Option 82 to insert Option 82 information into packets. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 388 DHCP Snooping Trusted Interfaces Packets from untrusted ports/LAGs are checked against the DHCP Snooping Binding database (see the DHCP Snooping Binding Database page). By default, interfaces are trusted. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 389 Add page, except for the IP Source Guard field: • Status— Active—IP Source Guard is active on the device. Inactive—IP Source Guard is not active on the device. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 390 Click Apply. The settings are defined, and the device is updated. STEP 4 DHCP Server This section covers the following topics: • Overview • Properties • Network Pool • Excluded Addresses • Static Hosts • DHCP Options Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 391 Define up to 16 network pools of IP addresses using the Network Pool page. STEP 3 Configure clients that will be assigned a permanent IP address, using the Static Hosts page. STEP 4 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 392 IP addresses of the pool belong to the IP subnet. • Remote Client—The device takes an IP address from the network pool with the IP subnet that matches the IP address of the DHCP relay agent. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 393 Minutes—The number of minutes in the lease. A days value and an hours value must be added before a minutes value can be added. • Default Router IP Address (Option 3)— Enter the default router for the DHCP client. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 394 By default, the DHCP server assumes that all pool addresses in a pool may be assigned to clients. A single IP address or a range of IP addresses can be excluded. The excluded addresses are excluded from all DHCP pools. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 395 Network Mask—Check and enter the static host’s network mask. Prefix Length—Check and enter the number of bits that comprise the address prefix. • Identifier Type—Set how to identify the specific static host. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 396 Other and enter the IP address of the time server for the DHCP client. • File Server IP Address (siaddr)—Enter the IP address of the TFTP/SCP server from which the configuration file is downloaded. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 397 A hex value can be provided in place of any other type of value. For instance, you can provide a hex value of an IP address instead of the IP address itself. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 398 MAC Address or in hexadecimal notation, e.g., 01b60819681172. • Lease Expiration—The lease expiration date and time of the host’s IP address or Infinite is such was the lease duration defined. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 399: Ipv6 Management And Interfaces

    IPv6 Global Configuration • IPv6 Interfaces • IPv6 Tunnel • IPv6 Addresses • IPv6 Router Configuration • IPv6 Default Router List • IPv6 Neighbors • IPv6 Prefix List Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 400 When static routes must be updated, this must be done explicitly by the user. It is the user's responsibility to prevent routing loops in the network. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 401 DHCP server to locate the client. It can be in one of the following formats: Link-Layer—(Default). If you select this option, the MAC address of the device is used. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 402 Click Add to add a new interface on which interface IPv6 is enabled. STEP 4 Enter the fields: STEP 5 • IPv6 Interface—Select a specific unit, port, LAG, loopback interface or VLAN for the IPv6 address. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 403 • Link local address using EUI-64 format interface ID based on a device’s MAC address • All node link local Multicast addresses (FF02::1) Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 404 Information Minimum Refresh Time— See above. • Information Refresh Time—See above. • Received Information Refresh Time—Refresh time received from DHCPv6 server. • Remaining Information Refresh Time—Remaining time until next refresh. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 405 When the ISATAP router IPv4 address is not resolved via the DNS process, the ISATAP IP interface remains active. The system does not have a default router for ISATAP traffic until the DNS process is resolved. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 406 IPv6 address, if it is link local. The following table summarizes tunnel support in the various devices: Tunnel Sx350 SG350x SG350XG/SX350X SG550X SG550XG/SX550X Type ISATAP Supported Supported Supported Supported Supported Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 407 Source IPv4 Address and ISATAP Router Name fields. See the following explanations for these fields. Enter the following fields: STEP 3 • Tunnel Name—Select a tunnel number. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 408 Use Default—This is always ISATAP. User Defined—Enter the router’s domain name. Click Apply. The tunnel is saved to the Running Configuration file. STEP 4 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 409 If a link local address exists on the interface, this entry replaces the address in the configuration. Global—An IPv6 address that is a global Unicast IPV6 type that is visible and reachable from other networks. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 410 Click Apply. The Running Configuration file is updated. STEP 5 IPv6 Router Configuration The following sections describe how to configure IPv6 routers. It covers the following topics: • Router Advertisement • IPv6 Prefixes Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 411 Neighbor Solicitation Retransmissions Interval—Set the interval to determine the time between retransmissions of neighbor solicitation messages to a neighbor when resolving the address or when probing the reachability of a neighbor. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 412 • Prefix Address—The IPv6 network. This argument must be in the form documented in RFC 4293 where the address is specified in hexadecimal—using 16-bit values between colons. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 413 (for example, because the prefix was also configured by adding an IPv6 address), it will be removed. Click Apply to save the configuration to the Running Configuration file. STEP 6 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 414 Next Hop Type—The IP address of the next destination to which the packet is sent. This is composed of the following: Global—An IPv6 address that is a global Unicast IPV6 type that is visible and reachable from other networks. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 415 Static Only—Deletes the static IPv6 address entries. • Dynamic Only—Deletes the dynamic IPv6 address entries. • All Dynamic & Static—Deletes the static and dynamic address entries IPv6 address entries. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 416 When First Hop Security is configured, it is possible to define rules for filtering based on IPv6 prefixes. These lists can be defined in the IPv6 Prefix List page. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 417 If an entry with the number exists, it is replaced by the new one. • Rule Type—Enter the rule for the prefix list: Permit—Permits networks that matches the condition. Deny—Denies networks that matches the condition. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 418 Create new list—Enter a name for the new access list. • Source IPv6 Address—Enter the source IPv6 address. The following options are available: Any—All IP addresses are included. User Defined—Enter an IP address. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 419 Global—An IPv6 address that is a global Unicast IPV6 type that is visible and reachable from other networks. Point-to-Point—A Point-to-point tunnel. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 420 The user must configure the list DHCP servers to which packets are forwarded. Two sets of DHCPv6 servers can be configured: • Global Destinations—Packets are always relayed to these DHCPv6 servers. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 421 To enable DHCPv6 on an interface and optionally add a DHCPv6 server for an interface, click STEP 2 Add. Enter the fields: • Source Interface—Select the interface (port, LAG, VLAN or tunnel) for which DHCPv6 Relay is enabled. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 422 If a route map has more than one rule (ACL) defined on it, the sequence number determines the order in which the packets will be matched against the ACLs (from lower to higher number). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 423 Bound IPv4 Route Map—Select an IPv4 route map to bind to the interface. • Bound IPv6 Route Map—Select an IPv6 route map to bind to the interface. Click Apply. The Running Configuration file is updated. STEP 3 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 424: Domain Name System

    As a DNS client, the device resolves domain names to IP addresses through the use of one or more configured DNS servers. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 425 Use Default—Select to use the default value. This value = 2*(Polling Retries + 1)* Polling Timeout User Defined—Select to enter a user-defined value. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 426 Preference—Select a value that determines the order in which the domains are used (from low to high). This effectively determines the order in which unqualified names are completed during DNS queries. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 427 Name resolution always begins by checking static entries, continues by checking the dynamic entries, and ends by sending requests to the external DNS server. Eight IP addresses are supported per DNS server per host name. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 428 Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 429 IP Address—Enter a single address or up to eight associated IP addresses (IPv4 or IPv6). Click Apply. The settings are saved to the Running Configuration file. STEP 5 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 430: Chapter 18: Ip Configuration: Ripv2

    The device supports RIP version 2, which is based on the following standards: • RFC2453 RIP Version 2, November 1998 • RFC2082 RIP-2 MD5 Authentication, January 1997 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 431: How Rip Operates On The Device

    In this way, the relative cost of the interfaces can be adjusted as desired. It is your responsibility to set the offset for each interface (1 by default). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 432 RIP information on this interface. By default, transmission of routing updates on an IP interface is enabled. RIPv2 Settings for more information. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 433 If these features are enabled, rejected routes are advertised by routes with a metric of 16. The route configurations can be propagated using one of the following options: • Default Metric Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 434 RIP. This is shown in the following, which illustrates a network where some routers support RIP and others do not. A Network with RIP and non-RIP Routers Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 435 RIP Peers Database You can monitor the RIP peers database per IP interface. See RIPv2 Peers Database for a description of these counters Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 436: Configuring Rip

    The following pages are described: • RIPv2 Properties • RIPv2 Settings • RIPv2 Statistic • RIPv2 Peers Database RIPv2 Properties This feature is only supported on 550 family of devices. NOTE Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 437 Connected Metric field. The following options are available: • Default Metric—Causes RIP to use the default metric value for the propagated static route configuration (refer to Redistribution Feature). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 438 Enable—Advertise the default route on this RIP interface. Disable—On this RIP interface, do not advertise the default route. • Default Route Advertisement Metric—Enter the metric for the default route for this interface. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 439 The following fields are displayed: • IP Interface—IP interface defined on the Layer 2 interface. • Bad Packets Received—Specifies the number of bad packets identified by RIP on the IP interface. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 440: Access Lists

    1. Create an access list with a single IP address, using the Access Lists pages. 2. Add additional IP addresses if required, using the Source IPv4 Access List page. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 441 To modify the parameters of an access list, click Add and modify any of the following fields: STEP 2 • Access List Name—Name of the access list. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 442 Permit—Permit entry of packets from the IP address(es) in the access list. Deny—Reject entry of packets from the IP address(es) in the access list. Click Apply. The settings are written to the Running Configuration file. STEP 3 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 443: Chapter 19: Ip Configuration: Vrrp

    VRRP also enables load sharing of traffic. Traffic can be shared equitably among available routers by configuring VRRP in such a way that traffic to and from LAN clients are shared by multiple routers. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 444: Vrrp Topology

    The VRRP router priority depends on the following: if the VRRP router is the owner, its priority NOTE is 255 (the highest), if it is not an owner, the priority is manually configured (always less than 255). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 445 192.168.2.1 and is the virtual router master, and rB is the virtual router backup to rA. Clients 1 and 2 are configured with the default gateway IP address of 192.168.2.1. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 446: Configurable Elements Of Vrrp

    The following cases might occur when configuring a virtual router: • All the existing VRRP routers of the virtual router operate in VRRPv3. In this case, configure your new VRRP router to operate in VRRPv3. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 447 IP subnet as the IP addresses of the virtual router. The corresponding IP subnets must be configured manually in the VRRP router, not DHCP assigned. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 448 Disabled—Even if a VRRP router with a higher priority than the current master is up, it does not replace the current master. Only the original master (when it becomes available) replaces the backup. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 449: Configuring Vrrp

    Enter the following fields: STEP 3 • Interface—Interface on which virtual router is defined. • Virtual Router Identifier—User-defined number identifying virtual router. • Description—User-defined string identifying virtual router. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 450 Advertisement Interval—Enter how frequently advertisement packets are sent. If these parameters are changed (Edit), the virtual router is modified and a new NOTE message is sent with the new parameters. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 451 Priority—Priority of this virtual router’s device, based on its ability to function as a master. Advertisement Interval—Time interval, as described in VRRP Advertisements. Source IP Address—IP address to be used in VRRP messages. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 452 STEP 2 Click Clear Interface Counter to clear the counters for that interface. STEP 3 Click Clear All Interface Counters to clear all the counters. STEP 4 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 453: Chapter 20: Ip Configuration: Sla

    This enables connectivity to the next hop via the new selected master router. IP SLA is not required when using RIP or other dynamic routing protocols Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 454 Operation—Each IP SLAs ICMP Echo operation sends a single ICMP Echo request to a target address at a configured frequency rate. It then waits for a response. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 455 Y. If the delay timer is expired, the state of the tracking object is changed to X and the X state is passed to the associated applications. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 456: Using Sla

    To define this field, select from one of the following options: Auto—The source interface is based on Forwarding Table information. By address— Specify a different source IP address. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 457 To add a new object, click Add. STEP 2 Enter the following fields: STEP 3 • Track Number—Enter an unused number. • Operation Number—Select an SLA operation from a list. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 458 • ICMP-Echo Requests—Number of request packets that were sent. • ICMP-Echo Replies—Number of reply packets that were received. • ICMP-Echo Errors—Number of error packets that were received. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 459 Using SLA To refresh these counters click: • Clear Counters—Clears counters for selected operation. • Clear All Operations Counters—Clears counters for all operations. • Refresh—Refresh the counters. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 460: Chapter 21: Security

    Storm Control • Access Control Access control of end-users to the network through the device is described in the following sections: • Management Access Method • Configuring TACACS+ Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 461 • Accounting—Enable accounting of login sessions using the TACACS+ server. This enables a system administrator to generate accounting reports from the TACACS+ server. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 462 The following defaults are relevant to this feature: • No default TACACS+ server is defined by default. • If you configure a TACACS+ server, the accounting feature is disabled by default. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 463 Encrypted or Plaintext mode. The device can be configured to use this key or to use a key entered for an specific server (entered in the Add TACACS+ Server page). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 464 Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 465: Radius

    To display sensitive data in plaintext form on this page, click Display Sensitive Data As STEP 8 Plaintext. RADIUS Remote Authorization Dial-In User Service (RADIUS) servers provide a centralized 802.1X or MAC-based network access control. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 466 Open an account for the device on the RADIUS server. STEP 1 Configure that server along with the other parameters in the RADIUS and ADD RADIUS STEP 2 Server pages. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 467 Source IPv4 Interface—Select the device IPv4 source interface to be used in messages for communication with the RADIUS server. • Source IPv6 Interface—Select the device IPv6 source interface to be used in messages for communication with the RADIUS server. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 468 RADIUS server before retrying the query, or switching to the next server if the maximum number of retries made. If Use Default is selected, the device uses the default timeout value. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 469 Click Security > RADIUS Server > RADIUS Server Global Settings. STEP 1 Enter the following parameters: STEP 2 • RADIUS Server Status—Check to enable the RADIUS server feature status. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 470 Click Apply. The RADIUS default settings for the device are updated in the Running STEP 3 Configuration file. To add a secret key, click Add and enter the following fields: STEP 4 • NAS Address—Address of switch containing RADIUS client. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 471 None—No VLAN ID is sent. VLAN ID—VLAN ID sent. VLAN Name—VLAN name sent Click Apply. The RADIUS group definition is added to the Running Configuration file of the STEP 3 device. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 472 Date/Time Change—Date/time on the device was changed. Reset—Device has reset at the specified time. • Authentication Method—Authentication method used by the user. Displays N/A if the Event Type is Date/Time Change or Reset. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 473 The rejected users are displayed along with the following fields: • Event Type—Displays one of the following options: Rejected—User was rejected. Time Change—Clock on device was changed by the administrator. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 474 The following fields are displayed: • (Log) Event Type Unknown NAS—An unknown NAS event occurred. Time Change—Clock on device was changed by the administrator. Reset—Device was reset by the administrator. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 475 Incoming Authentication Packets of Unknown Type—Number of received incoming authentication packets of unknown type. • Incoming Packets on the Accounting Port—Number of incoming packets on the accounting port. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 476: Password Strength

    To refresh the counters, click Refresh. Password Strength The default username/password is cisco/cisco. The first time that you log in with the default username and password, you are required to enter a new password. Password complexity is enabled by default. If the password that you choose is not complex enough (Password Complexity Settings are enabled in the Password Strength page), you are prompted to create another password.
  • Page 477 Minimal Number of Character Classes—Enter the number of character classes which must be present in a password. Character classes are lower case (1), upper case (2), digits (3), and symbols or special characters (4). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 478 Key Identifier—Integer identifier for the key chain. • Key String—Value of the key chain string. Enter one of the following options: User Defined (Encrypted)—Enter an encrypted version. User Defined (Plaintext)—Enter a plaintext version Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 479 Minutes—Number of minutes that the key-identifier is valid. Seconds—Number of seconds that the key-identifier is valid. Click Apply. The settings are written to the Running Configuration file. STEP 3 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 480 • Duration—Length of time that the key identifier is valid. Enter the following fields: Days—Number of days that the key-identifier is valid. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 481: Management Access Method

    Access Methods—Methods for accessing and managing the device: Telnet Secure Telnet (SSH) Hypertext Transfer Protocol (HTTP) Secure HTTP (HTTPS) Simple Network Management Protocol (SNMP) All of the above Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 482 This only applies to device types that offer a console port. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 483 Deny—Denies access to the device if the user matches the settings in the profile. • Applies to Interface—Select the interface attached to the rule. The options are: All—Applies to all ports, VLANs, and LAGs. User Defined—Applies to selected interface. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 484 To add profile rules to an access profile: Click Security > Mgmt Access Method > Profile Rules. STEP 1 Select the Filter field, and an access profile. Click Go. STEP 2 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 485 All—Applies to all ports, VLANs, and LAGs. User Defined—Applies only to the port, VLAN, or LAG selected. • Interface—Enter the interface number. The OOB port can also be entered. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 486: Management Access Authentication

    In other words, if authentication fails for an authentication method, the device stops the authentication attempt; it does not continue and does not attempt to use the next authentication method. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 487 Local or None are ignored. Click Apply. The selected authentication methods are associated with the access method. STEP 5 Secure Sensitive Data Management Security: Secure Sensitive Data Management. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 488: Ssl Server

    Table. Select one of these fields. These fields are defined in the Edit page except for the following fields: • Valid From—Specifies the date from which the certificate is valid. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 489 Certificate ID—Select the active certificate. • Certificate Source—Displays that the certificate is user-defined. • Certificate—Copy in the received certificate. • Import RSA Key-Pair—Select to enable copying in the new RSA key-pair. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 490 Duration—Enter the length of time that the certificate will be valid. Click Apply to apply the changes to the Running Configuration. STEP 4 SSH Server Security: SSH Server. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 491: Ssh Client

    The TCP Service Table displays the following fields for each service: • Service Name—Access method through which the device is offering the TCP service. • Type—IP protocol the service uses. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 492: Storm Control

    When the rate of Broadcast, Multicast, or Unknown Unicast frames is higher than the user- defined threshold, frames received beyond the threshold are discarded. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 493 • Trap on Storm—Select to send a trap when a storm occurs on a port. If this is not selected, the trap is not sent. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 494 Multicast Traffic Type—(Only for Multicast traffic) Registered or Unregistered. • Bytes Passed—Number of bytes received. • Bytes Dropped—Number of bytes dropped because of storm control. • Last Drop Time—Time that the last byte was dropped. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 495 To clear all counters on all interfaces, click Clear All Interfaces Counters. To clear all STEP 4 counters on an interface, select it and click Clear Interface Counters. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 496: Port Security

    In addition to one of these actions, you can also generate traps, and limit their frequency and number to avoid overloading the devices. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 497 Forward—Forwards packets from an unknown source without learning the MAC address. Shutdown—Discards packets from any unlearned source, and shuts down the port. The port remains shut down until reactivated, or until the device is rebooted. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 498: 802.1X Authentication

    This section describes the IP Source Guard feature. It covers the following topics: • Interactions with Other Features • Filtering • IP Source Guard Work Flow • Properties • Interface Settings • Binding Database Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 499 If source IP address filtering is enabled: IPv4 traffic: Only traffic with a source IP address that is associated with the port is permitted. Non IPv4 traffic: Permitted (Including ARP packets). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 500 • Non IPv4 traffic — All non-IPv4 traffic is permitted. Interactions with Other Features for more information about enabling IP Source Guard on interfaces. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 501 Click Apply to save the above changes to the Running Configuration and/or Retry Now to STEP 3 check TCAM resources. The entries in the Binding database are displayed: • VLAN ID—VLAN on which packet is expected. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 502 ARP request was not received. After the attack, all traffic from the device under attack flows through the attacker's computer and then to the router, switch, or host. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 503 This section describes ARP Inspection and covers the following topics: • How ARP Prevents Cache Poisoning • Interaction Between ARP Inspection and DHCP Snooping • ARP Defaults • ARP Inspection Work Flow Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 504 DHCP Snooping Binding database the packet is invalid and is dropped. A SYSLOG message is generated. • If a packet is valid, it is forwarded and the ARP cache is updated. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 505 If DHCP Snooping is enabled, ARP Inspection uses the DHCP Snooping Binding database in addition to the ARP access control rules. If DHCP Snooping is not enabled, only the ARP access control rules are used. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 506 ARP Packet Validation—Select to enable validation checks. • Log Buffer Interval—Select one of the following options: Retry Frequency—Enable sending SYSLOG messages for dropped packets. Entered the frequency with which the messages are sent. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 507 • IP Address—IP address of packet. • MAC Address—MAC address of packet. Click Apply. The settings are defined, and the Running Configuration file is updated. STEP 4 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 508 ARP Access Control Name. Click Apply. The settings are defined, and the Running Configuration file is updated. STEP 4 First Hop Security Security: IPv6 First Hop Security Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 509: Denial Of Service Prevention

    One method of resisting DoS attacks employed by the device is the use of SCT. SCT is enabled by default on the device and cannot be disabled. The Cisco device is an advanced device that handles management traffic, protocol traffic and snooping traffic, in addition to end-user (TCP) traffic.
  • Page 510 A SYN attack is identified if the number of SYN packets per second exceeds a user-configured threshold. • Block SYN-FIN packets. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 511 NOTE advanced QoS policies that are bound to a port. ACL and advanced QoS policies are not active when a port has DoS Protection enabled on it. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 512 SYN Rate Protection page. • ICMP Filtering—Click Edit to go to the ICMP Filtering page. • IP Fragmented—Click Edit to go to the IIP Fragments Filtering page. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 513 SYN Protection Period—Time in seconds before unblocking the SYN packets (the deny SYN with MAC-to-me rule is unbound from the port). Click Apply. SYN protection is defined, and the Running Configuration file is updated. STEP 3 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 514 Class E Address Space. You can also add new Martian Addresses for DoS prevention. Packets that have a Martian addresses are discarded. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 515 Click Security > Denial of Service Prevention > SYN Filtering. STEP 1 Click Add. STEP 2 Enter the parameters. STEP 3 • Interface—Select the interface on which the filter is defined. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 516 Mask—Select the subnet to which the source IP address belongs and enter the subnet mask in dotted decimal format. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 517 Click Apply. The ICMP filtering is defined, and the Running Configuration is updated. STEP 4 IIP Fragments Filtering The IP Fragmented page enables blocking fragmented IP packets. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 518 Prefix Length—Select the Prefix Length and enter the number of bits that comprise the source IP address prefix. Click Apply. The IP fragmentation is defined, and the Running Configuration file is updated. STEP 4 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 519: Chapter 22: Security: 802.1X Authentication

    802.1x authentication is a client-server model. In this model, network devices have the following specific roles. • Client or supplicant • Authenticator • Authentication server Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 520 (EAPOL packets) and passes them to the authentication server, using the RADIUS protocol. With MAC-based or web-based authentication, the authenticator itself executes the EAP client part of the software on behalf on the clients seeking network access. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 521 Port Authentication States The port authentication state determines whether the client is granted access to the network. The port administrative state can be configured in the Port Authentication page. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 522 RADIUS-assigned VLAN or the unauthenticated VLANs. Radius VLAN assignment on a port is set in the Port Authentication page. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 523 If more than one authentication method is enabled on the switch, the following hierarchy of authentication methods is applied: • 802.1x Authentication: Highest • WEB-Based Authentication • MAC-Based Authentication: Lowest Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 524 (such as printers and IP phones) that do not have the 802.1X supplicant capability. MAC-based authentication uses the MAC address of the connecting device to grant or deny network access. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 525 Quiet Time. When the session is timed-out, the username/password is discarded, and the guest must re-enter them to open a new session. Authentication Methods and Port Modes. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 526 The member ports must be manually configured as tagged members. • The member ports must be trunk and/or general ports. An access port cannot be member of an unauthenticated VLAN. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 527 You can set the RADIUS VLAN Assignment field to static in the Port Authentication page. This enables the host to be bridged according to static configuration. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 528 In single-host mode you can configure the action to be taken when an unauthorized host on authorized port attempts to access the interface. This is done in the Host and Session Authentication page. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 529 A value of 0 specifies the unlimited number of login attempts. The duration of the quiet period and the maximum number of login attempts can be set in the Port Authentication page. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 530 N/S—The authentication method does not support the port mode. You can simulate the single-host mode by setting Max Hosts parameter to 1 in the Port NOTE Authentication page. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 531 Frames are Frames dropped bridged based sessions dropped on the static bridged unless VLAN based on they configuration the static belongs VLAN to the configurat unauthent icated VLANs Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 532 An EAP Identifier Request message is received on the port and the supplicant is enabled on the port. 802.1x authenticator and supplicant cannot be configured at the same time on a single interface. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 533 Select the required port and click Edit. STEP 2 Enter the fields required for the port. STEP 3 The fields in this page are described in Port Authentication. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 534 Click Security > 802.1X > Port Authentication. STEP 2 Select the required port and click Edit. STEP 3 Enable supplicant support and specify the credentials to use. STEP 4 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 535: Properties

    The guest VLAN can be defined as a layer 3 interface (assigned an IP address) like any other VLAN. However, device management is not available via the guest VLAN IP address. • Guest VLAN ID—Select the guest VLAN from the list of VLANs. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 536 Click Apply. The 802.1X properties are written to the Running Configuration file. STEP 3 To change Enable or Disable authentication on a VLAN, select it, click Edit and select either Enable or Disable. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 537: Port Authentication

    The options are: Force Unauthorized—Denies the interface access by moving the interface into the unauthorized state. The device does not provide authentication services to the client through the interface. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 538 Reauthentication Period—Enter the number of seconds after which the selected port is reauthenticated. • Reauthenticate Now—Select to enable immediate port re-authentication. • Authenticator State—Displays the defined port authorization state. The options are: Initialize—In process of coming up. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 539 EAP Timeout—Enter the maximum time that is waited for EAP responses before timeout occurs. • Supplicant Timeout—Enter the number of seconds that lapses before EAP requests are resent to the supplicant. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 540: Host And Session Authentication

    Interface—Enter a port number for which host authentication is enabled. The OOB port is not included. • Host Authentication—Select one of the modes. These modes are described above in Port Host Modes. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 541: Authenticated Hosts

    • Authentication Method—Method by which the last session was authenticated. • Authentication Server—RADIUS server. • MAC Address—Displays the supplicant MAC address. • VLAN ID—Port’s VLAN. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 542 Click Apply and the settings are saved to the Running Configuration file. STEP 5 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 543 The selected color is shown in the Text field. Header and Footer Text Color—Enter the ASCII code of the header and footer text color. The selected color is shown in the Text field. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 544 Username Textbox—Select for a username textbox to be displayed. • Username Textbox Label—Select the label to be displayed before the username textbox. • Password Textbox—Select for a password textbox to be displayed. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 545 Enter the Success Message, which is the text that will be displayed if the end user successfully STEP 15 logs in. Click Apply and the settings are saved to the Running Configuration file. STEP 16 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 546 To configure MAC-based authentication: Click Security > 802.1X Authentication > MAC-Based Authentication Settings STEP 1 Enter the following fields: STEP 2 • MAC Authentication Type—Select one of the following options: Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 547 Plaintext—Define a password in plaintext format. • Password MD5 Digest—Displays the MD5 Digest password. Click Apply and the settings are saved to the Running Configuration file. STEP 3 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 548: Chapter 23: Security: Secure Sensitive Data Management

    Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 549: Ssd Management

    A device comes with a set of default SSD rules. An administrator can add, delete, and change SSD rules as desired. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 550 Read Permission—The read permissions associate with the rules. These can be the following: (Lowest) Exclude—Users are not permitted to access sensitive data in any form. (Middle) Encrypted Only—Users are permitted to access sensitive data as encrypted only. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 551 Each management channel allows specific read presumptions. The following summarizes these. Read Permission Default Read Mode Allowed Exclude Exclude Encrypted Only *Encrypted Plaintext Only *Plaintext Both *Plaintext, Encrypted Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 552 When doing a file transfer initiated by an XML or SNMP command, the underlying protocol NOTE used is TFTP. Therefore, the SSD rule for insecure channel will apply. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 553 Insecure Encrypted Only Encrypted The default rules can be modified, but they cannot be deleted. If the SSD default rules have been changed, they can be restored. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 554: Ssd Properties

    Length—Between 8-16 characters, inclusive. • Character Classes—The passphrase must have at least one upper case character, one lower case character, one numeric character, and one special character e.g. #,$. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 555 This mode should be used when a user does not want to expose the passphrase in a configuration file. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 556 Each session has a Read mode. This determines how sensitive data appears. The Read mode can be either Plaintext, in which case sensitive data appears as regular text, or Encrypted, in which sensitive data appears in its encrypted form. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 557: Configuration Files

    The SSD control block, which is protected from tampering, contains SSD rules and SSD properties of the device creating the file. A SSD control block starts and ends with "ssd-control-start" and "ssd-control-end" respectively. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 558 If there is an SSD control block in the source configuration file and the file contains plaintext, sensitive data excluding the SSD configurations in the SSD control block, the file is accepted. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 559 Configuration file always indicates that the file contains encrypted sensitive data. By default, auto mirror configuration service is enabled. To configure auto mirror configuration to be enabled or disabled, click Administration > File Management > Firmware Operations. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 560 Enforce the integrity of the file content • Include the secure, authentication configuration commands and SSD rules that properly control and secure the access to devices and the sensitive data Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 561: Ssd Management Channels

    Channel Console Secure Telnet Insecure Secure GUI/HTTP Insecure GUI/HTTPS GUI/HTTPS Secure XML/HTTP Insecure-XML-SNMP XML/HTTPS XML/HTTPS Secure-XML-SNMP SNMPv1/v2/v3 without Insecure-XML-SNMP Secure-XML-SNMP privacy SNMPv3 with privacy Secure-XML-SNMP (level-15 users) Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 562: Menu Cli And Password Recovery

    SSD rules are defined in the SSD Rules page. SSD Properties Only users with SSD read permission of Plaintext-only or Both are allowed to set SSD properties. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 563 Click Apply. The settings are saved to the Running Configuration file. STEP 2 SSD Rules Configuration Only users with SSD read permission of Plaintext-only or Both are allowed to set SSD rules. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 564 Plaintext Only—Higher read permission than above ones. Users are permitted to get sensitive data in plaintext only. Encrypted Only—Middle read permission. Users are permitted to get sensitive data as encrypted only. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 565 The following actions can be performed on selected rules: STEP 4 • Add, Edit or Delete rules or Restore to Default. • Restore All Rules to Default—Restore a user-modified default rule to the default rule. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 566: Chapter 24: Security: Ssh Server

    SSH server application, such as PuTTY. The public keys are entered in the device. The users can then open an SSH session on the device through the external SSH server application. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 567: Common Tasks

    Add the users and their public key into to SSH User Authentication Table in the SSH User STEP 4 Authentication page. Establish SSH sessions to the device from a SSH client application such as PUTTY. STEP 5 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 568: Ssh User Authentication

    (see User Accounts). • SSH User Authentication by Public Key—Select to perform authentication of the SSH client user using the public key. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 569: Ssh Server Authentication

    SSH driver. To perform SSH Server Authentication, the remote SSH client must have a copy of the SSH server public key (or fingerprint) of the target SSH server Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 570 If the key is already being displayed as plaintext, you can click Display Sensitive Data as Encrypted. to display the text in encrypted form. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 571: Chapter 25: Security: Ssh Client

    When files are downloaded via SCP, the information is downloaded from the SCP server to the device via a secure channel. The creation of this secure channel is preceded by authentication, which ensures that the user is permitted to perform the operation. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 572 One of the following can occur: If a match is found, both for the server’s IP address/host name and its fingerprint, the server is authenticated. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 573 SSH client to the SSH server. The action of creating the user and copy the public key (or fingerprint) to the SSH server is beyond the scope of this guide. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 574 When the connection between a device (as an SSH client) and an SSH server is established, the client and SSH server exchange data in order to determine the algorithms to use in the SSH transport layer. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 575 This section describes some common tasks performed by the device as a SSH client. All pages referenced are pages found under the SSH Client branch of the menu tree. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 576 Click Details to view the generated, encrypted keys, and copy them (including the Begin and STEP 3 End footers) from the Details page to an external device. Copy the public and private keys separately. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 577: Ssh User Authentication

    User Key Table block. Enter the Username (no matter what method was selected) or user the default username. This STEP 3 must match the username defined on the SSH server. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 578: Ssh Server Authentication

    • IPv6 Source Interface—Select the source interface whose IPv6 address will be used as the source IPv6 address for messages used in communication with IPv6 SSH servers. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 579 • Fingerprint—Enter the fingerprint of the SSH server (copied from that server). Click Apply. The trusted server definition is stored in the Running Configuration file. STEP 5 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 580: Change User Password On The Ssh Server

    Old Password—This must match the password on the server. • New Password—Enter the new password and confirm it in the Confirm Password field. Click Apply. The password on the SSH server is modified. STEP 3 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 581: Chapter 26: Security: Ipv6 First Hop Security

    • Attack Protection • Policies, Global Parameters and System Defaults • Common Tasks • Default Settings and Configuration • Configuring IPv6 First Hop Security through Web GUI Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 582: Ipv6 First Hop Security Overview

    Certification Path Advertisement message CPS message Certification Path Solicitation message DAD-NS message Duplicate Address Detection Neighbor Solicitation message FCFS-SAVI First Come First Served - Source Address Validation Improvement Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 583 If IPv6 First Hop Security is enabled on a VLAN, the switch traps the following messages: • Router Advertisement (RA) messages • Router Solicitation (RS) messages • Neighbor Advertisement (NA) messages Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 584 Trapped RS,CPS NS and NA messages are also passed to the ND Inspection feature. ND Inspection validates these messages, drops illegal messages, and passes legal messages to the IPv6 Source Guard feature. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 585 For example, in Figure 2 Switch B and Switch C are inner links inside the protected area. Figure 2 IPv6 First Hop Security Perimeter Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 586: Router Advertisement Guard

    FHS common component is enabled, a rate limited SYSLOG message is sent. Neighbor Discovery Inspection Neighbor Discovery (ND) Inspection supports the following functions: • Validation of received Neighbor Discovery protocol messages. • Egress filtering Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 587: Dhcpv6 Guard

    Neighbor Binding Integrity Neighbor Binding (NB) Integrity establishes binding of neighbors. A separate, independent instance of NB Integrity runs on each VLAN on which the feature is enabled. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 588 An IPv6 address is bound to a link layer property of the host's network attachment. This property, called a "binding anchor" consists of the interface identifier (ifIndex) through which the host is connected to and the host’s MAC address. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 589 If no NA message is received as a reply to the DAD-NS message, the local device infers that no binding for that address exists in other devices and creates the local binding for that address. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 590: Ipv6 Source Guard

    Neighbor Binding table except for the following messages that are passed without validation: • RS messages, if the source IPv6 address equals the unspecified IPv6 address. • NS messages, if the source IPv6 address equals the unspecified IPv6 address. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 591: Attack Protection

    NB Integrity provides protection against such attacks in the following ways: • If the given IPv6 address is unknown, the Neighbor Solicitation (NS) message is forwarded only on inner interfaces. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 592 MAC address for the last hop routing. A malicious host could send IPv6 messages with a different destination IPv6 address for the last hop forwarding, causing overflow of the NBD cache. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 593: Policies, Global Parameters And System Defaults

    When a user-defined policy is attached to an interface, the default policy for that interface is detached. If the user-define policy is detached from the interface, the default policy is reattached. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 594: Common Tasks

    In this same page, set the Global Packet Drop Logging feature. STEP 2 If required, either configure a user-defined policy or add rules to the default policies for the STEP 3 feature. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 595 In this same page, set the global configuration values that are used if no values are set in a STEP 2 policy. If required, either configure a user-defined policy or add rules to the default policies for the STEP 3 feature. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 596: Default Settings And Configuration

    Default Settings and Configuration If IPv6 First Hop Security is enabled on a VLAN, the switch traps the following messages by default: • Router Advertisement (RA) messages Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 597: Configuring Ipv6 First Hop Security Through Web Gui

    Click Apply to add the settings to the Running Configuration file. STEP 3 Create a FHS policy if required by clicking Add. STEP 4 Enter the following fields: • Policy Name—Enter a user-defined policy name. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 598 Policy Name—Enter a user-defined policy name. • Device Role—Displays one of the following options to specify the role of the device attached to the port for RA Guard. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 599 Minimal Hop Limit—Indicates if the RA Guard policy checks the minimum hop limit of the packet received. Inherited—Feature is inherited from either the VLAN or system default (client). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 600 The following values are acceptable: low, medium and high (see RFC4191). High—Specifies the maximum allowed Advertised Default Router Preference value. The following values are acceptable: low, medium and high (see RFC4191). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 601 Maximal Preference—This field indicates whether the DHCPv6 Guard policy will check the maximum advertised preference value of the packet received. This value must be greater than the Minimal Preference value. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 602 Match List— IPv6 prefix list to be matched. • Minimal Preference—This field indicates whether the DHCPv6 Guard policy will check the minimum advertised preference value of the packet received. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 603 The existing policies are displayed. The fields are displayed below except for the Policy Type field. This displays whether the policy is user-defined or a default one. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 604 Disable—Disable dropping messages with no CGA or RSA Signature option within an IPv6 ND Inspection policy. • Minimal Security Level—If unsecure messages are not dropped, select the security level below which messages are not forwarded. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 605 Click Security > IPv6 First Hop Security > Neighbor Binding Settings. STEP 1 Enter the following global configuration fields: STEP 2 • Neighbor Binding VLAN List—Enter one or more VLANs on which Neighbor Binding is enabled. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 606 Policy Name—Enter a user-defined policy name. • Device Role—Select one of the following options to specify the role of the device attached to the port for the Neighbor Binding policy. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 607 Entries per Interface—Select Inherited to use global value, No Limit to set no limit on the number of entries and User Defined to set a special value for this policy. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 608 Inherited—When policy is attached to a port it is untrusted). Trusted—When policy is attached to a port it is trusted. Click Apply to attach the policy. STEP 5 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 609 Policy Name—Select the name of the policy to attach to the interface • VLAN List—Select the VLANs to which the policy is attached. Click Apply to add the settings to the Running Configuration file. STEP 3 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 610 Interface— Port on which packet is received. • MAC Address— Neighbor MAC address of the packet. Click Apply to add the settings to the Running Configuration file. STEP 4 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 611 Select a port, LAG or VLAN for which the FHS state is reported. STEP 2 The following fields are displayed for the selected interface: STEP 3 • FHS Status Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 612 • ND Inspection Status ND Inspection State on Current VLAN:—Is ND Inspection enabled on the current VLAN. Device Role:—ND Inspection device role. Drop Unsecure:—Are unsecure messages dropped. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 613 The following global overflow counters are displayed: STEP 3 • Neighbor Binding Table—Number of entries that could not be added to this table because the table reached its maximum size. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 614 Feature— Type of message dropped (DHCPv6 Guard, RA Guard and so on). • Count—Number of messages dropped. • Reason—Reason that the messages dropped. Click Clear Global Counters to clear the global overflow counters. STEP 5 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 615: Chapter 27: Access Control

    Either a DENY or PERMIT action is applied to frames whose contents match the filter. The various devices supports the following number of ACLs and ACEs: Device Max ACLs Max ACEs SG550XG/SX550X Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 616 The following types of ACLs can be defined (depending on which part of the frame header is examined): • MAC ACL—Examines Layer 2 fields only, as described in Defining MAC-based ACLs Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 617 • For Layer 3 packets, the SYSLOG includes the information (if applicable): source IP, destination IP address, protocol, DSCP value, ICMP type, ICMP code, and IGMP type. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 618 IPv6-based ACL by using the IPv6-Based ACL page and the IPv6-Based ACE page 2. Associate the ACL with interfaces by using the ACL Binding (VLAN) ACL Binding (Port) page. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 619: Mac-Based Acls Creation

    Enter the name of the new ACL in the ACL Name field. ACL names are case-sensitive. STEP 3 Click Apply. The MAC-based ACL is saved to the Running Configuration file. STEP 4 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 620 Note that this mask is different than in other uses, such as subnet mask. Here, setting a bit as 1 indicates don't care and 0 indicates to mask that value. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 621: Ipv4-Based Acl Creation

    ICMP and IGMP type and code • Source/destination IP addresses (including wildcards) • DSCP/IP-precedence value ACLs are also used as the building elements of flow definitions for per-flow QoS handling. NOTE Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 622 Priority—Enter the priority. ACEs with higher priority are processed first. • Action—Select the action assigned to the packet matching the ACE. The options are as follows: Permit—Forward packets that meet the ACE criteria. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 623 IPV6:ROUT—Matches packets belonging to the IPv6 over IPv4 route through a gateway IPV6:FRAG—Matches packets belonging to the IPv6 over IPv4 Fragment Header IDRP—Inter-Domain Routing Protocol RSVP—ReSerVation Protocol AH—Authentication Header IPV6:ICMP—Internet Control Message Protocol Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 624 Single by number—Enter a single TCP/UDP source port to which packets are matched. This field is active only if 800/6-TCP or 800/17-UDP is selected in the Select from List drop-down menu. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 625 Either select the message type by name or enter the message type number: Any—All message types are accepted. Select from list—Select message type by name. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 626: Ipv6-Based Acl Creation

    This window contains the ACE (rules) for a specified ACL (group of rules). Select an ACL, and click Go. All currently-defined IP ACEs for the selected ACL are STEP 2 displayed. Click Add. STEP 3 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 627 Source IP Prefix Length—Enter the prefix length of the source IP address. • Destination IP Address—Select Any if all destination address are acceptable or User defined to enter a destination address or a range of destination addresses. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 628 Don’t care—Ignore the TCP flag. • Type of Service—The service type of the IP packet. Any—Any service type DSCP to Match—Differentiated Serves Code Point (DSCP) to match Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 629: Acl Binding

    ACL. In the same class map, a MAC ACL cannot be used with an IPv6 ACE that has a Destination NOTE IPv6 address as a filtering condition. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 630 MAC ACL—ACLs of type MAC that are bound to the interface (if any). • IPv4 ACL—ACLs of type IPv4 that are bound to the interface (if any). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 631 Click Apply. The ACL binding is modified, and the Running Configuration file is updated. STEP 6 If no ACL is selected, the ACL(s) that is previously bound to the interface are unbound. NOTE Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 632: Chapter 28: Quality Of Service

    This section covers the following topics: • QoS Features and Components • General • QoS Basic Mode • QoS Advanced Mode • QoS Statistics Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 633: Qos Features And Components

    CoS/802.1p to a Queue page or the DSCP to Queue page (depending on whether the trust mode is CoS/802.1p or DSCP, respectively). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 634 When changing from QoS Basic mode to Advanced mode, the QoS Trust mode configuration in Basic mode is not retained. • When disabling QoS, the shaper and queue setting (WRR/SP bandwidth setting) are reset to default values. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 635 STEP 8 a. Configure Basic mode, as described in Workflow to Configure Basic QoS Mode b. Configure Advanced mode, as described in Workflow to Configure Advanced QoS Mode. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 636 Set egress shaping per queue by using the Egress Shaping Per Queue page. b. Set ingress rate limit and egress shaping rate per port by using the Bandwidth page. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 637: General

    Select Port/LAG and click GO to display/modify all ports/LAGs on the device and their CoS STEP 3 information. The following fields are displayed for all ports/LAGs: • Interface—Type of interface. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 638 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 639 % of WRR Bandwidth—Displays the amount of bandwidth assigned to the queue. These values represent the percent of the WRR weight. Click Apply. The queues are configured, and the Running Configuration file is updated. STEP 3 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 640 The device is in QoS Basic mode and CoS/802.1p trusted mode • The device is in QoS Advanced mode and the packets belong to flows that are CoS/ 802.1p trusted Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 641 • The device is in QoS Advanced mode and the packets belongs to flows that is DSCP trusted Non-IP packets are always classified to the best-effort queue. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 642 DSCP Queue DSCP Queue The following tables describe the default DSCP to queue mapping for a 8-queue system where 8 is highest: DSCP Queue DSCP Queue DSCP Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 643 Select the Output Queue (traffic forwarding queue) to which the DSCP value is mapped. STEP 2 Click Apply. The Running Configuration file is updated. STEP 3 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 644 (Not relevant for LAGs) • Egress Shaping Rate—Select to enable egress shaping on the interface. • Committed Information Rate (CIR)—Enter the maximum bandwidth for the egress interface. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 645 CIR. Click Apply. The bandwidth settings are written to the Running Configuration file. STEP 6 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 646 Cannot be entered for LAGs. Click Apply. The VLAN rate limit is added, and the Running Configuration file is updated. STEP 4 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 647 This is also the source of the iSCSI traffic. You can select Any to define a flow according to the TCP port parameter, or enter an IP address in User Defined field to define a specific target address. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 648: Qos Basic Mode

    Nodes within the domain use these fields to assign the packet to a specific output queue. The initial packet classification and marking of these fields is done in the ingress of the trusted domain. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 649 Select Override Ingress DSCP to override the original DSCP values in the incoming packets STEP 3 with the new values entered in the DSCP Override table. When Override Ingress DSCP is Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 650 Select the Port or LAG interface. STEP 4 Click to enable or disable QoS State for this interface. STEP 5 Click Apply. The Running Configuration file is updated. STEP 6 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 651: Qos Advanced Mode

    QoS specification. An aggregate policer applies the QoS to one or more class maps, and thus one or more flows. An aggregate policer can support class maps from different policies. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 652 Out-of-Profile DSCP Remarking page. This in turn opens the DSCP Remarking page. 2. Create ACLs, as described in Create ACL Workflow. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 653 Default Mode Status field. This provides basic QoS functionality on Advanced QoS, so that you can trust CoS/DSCP on Advanced QoS by default (without having to create a policy). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 654 To use the out-of-profile DSCP exceed action, remap the DSCP value in the Out Of Profile DSCP Remarking Table. Otherwise the action is null, because the DSCP value in the table remaps the packets to itself by factory default. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 655 If more complex sets of rules are needed, several class maps can be grouped into a super-group called a policy (see Policy Table). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 656 MAC—Select the MAC based ACL for the class map. • Preferred ACL—Select whether packets are first matched to an IP-based ACL or a MAC-based ACL. Click Apply. The Running Configuration file is updated. STEP 4 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 657 An amount of traffic, measured in bytes, called a Committed Burst Size (CBS). This is traffic that is allowed to pass as a temporary burst even if it is above the defined maximum rate. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 658 Violate Action—Select one of the following actions if peak size is exceeded:. Drop—Drop the frames violating the peak size. Out-of-Profile DSCP—Mark frames violating the peak size with the DSCP value with previously-set DSCP value. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 659 Select a policy in the Filter, and click Go. All class maps in that policy are displayed. STEP 2 To add a new class map, click Add. STEP 3 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 660 If the ACL action of the mirrored flow is permitted – in addition to being mirrored – the flow traffic will be also be forwarded. If the action of flow ACL is deny – Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 661 Violate Action—Select one of the following actions if peak size is exceeded:. Drop—Drop the frames violating the peak size. Out-of-Profile DSCP—Mark frames violating the peak size with the DSCP value with previously-set DSCP value. Click Apply. STEP 7 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 662 Policy Name—Select the output policy being bound. • Default Action—Select action if packet matches policy: Deny Any—Select to forward packets on the interface if they match any policy. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 663: Qos Statistics

    Policy—Statistics are displayed for this policy. • Class Map—Statistics are displayed for this class map. • In-Profile Bytes—Number of in-profile bytes received. • Out-of-Profile Bytes—Number of out-profile bytes received. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 664 STEP 4 is updated. Queues Statistics The Queues Statistics page displays queue statistics, including statistics of forwarded and dropped packets, based on interface, queue, and drop precedence. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 665 Tail Dropped Packets—Percentage of packets that were tail dropped. • Transmitted Bytes—Number of bytes that were transmitted. • Tail Dropped Bytes—Percentage of bytes that were tail dropped. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 666: Chapter 29: Snmp

    The system responds only to SNMP messages specifying the community which has the correct permissions and correct operation. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 667 Advanced Mode—The access rights of a community are defined by a group (defined in the Groups page). You can configure the group with a specific security model. The access rights of a group are Read, Write, and Notify. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 668 SNMPv3 Notification Recipients page. STEP 7 Supported MIBs For a list of supported MIBs, visit the following URL and navigate to the download area listed as Cisco MIBS: www.cisco.com/cisco/software/navigator.html Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 669 SF352-08 8-Port 10/100Managed Switch 9.6.1.96.8.3 SF352-08P SF352-08P 8-Port 10/100 PoE Managed 9.6.1.96.8.5 Switch SF352-08MP SF352-08MP 8-Port 10/100 PoE Managed 9.6.1.96.8.6 Switch SF350-24 SF350-24 24-Port 10/100 Managed Switch 9.6.1.96.24.1 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 670 SG355-10P 10-Port Gigabit PoE Managed 9.6.1.95.10.10 Switch SG350-10MP SG350-10MP 10-Port Gigabit PoE Managed 9.6.1.95.10.6 Switch SG350-10SFP SG350-10SFP 10-Port Gigabit SFP Managed 9.6.1.95.10.8 Switch SG350-20 SG350-20 20-Port Gigabit Managed Switch 9.6.1.95.20.1 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 671 Switch SG350X-08PMD SG350X-8PMD 8-Port 2.5G PoE Stackable 9.6.1.94.8.12 Managed Switch SG350X-24 SG350X-24 24-Port Gigabit Stackable 9.6.1.94.24.1 Managed Switch SG350X-24P SG350X-24P 24-Port Gigabit PoE Stackable 9.6.1.94.24.5 Managed Switch Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 672 Managed Switch SF550X-48 SF550X-48 48-Port 10/100 Stackable 9.6.1.92.48.1 Managed Switch SF550X-48P SF550X-48P 48-Port 10/100 PoE Stackable 9.6.1.92.48.5 Managed Switch SF550X-48MP SF550X-48MP 48-Port 10/100 PoE Stackable 9.6.1.92.48.6 Managed Switch Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 673 9.6.1.1002.24.8 Managed Switch SX350X-24 SX350X-24 24-Port 10GBase-T Stackable 9.6.1.1002.24.9 Managed Switch SX350X-52 SX350X-52 52-Port 10GBase-T Stackable 9.6.1.1002.52.9 Managed Switch SX550X-16FT SX550X-16FT 16-Port 10G Stackable 9.6.1.1001.16.13 Managed Switch Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 674: Engine Id

    Local information is stored in four MIB variables that are read-only (snmpEngineId, snmpEngineBoots, snmpEngineTime, and snmpEngineMaxMessageSize). When the engine ID is changed, all configured users and groups are erased. CAUTION Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 675 Global—The IPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks. • Link Local Interface—Select the link local interface (if IPv6 Address Type Link Local is selected) from the list. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 676: Views

    Click nodes in the view to pass from one node to its sibling. Use the scrollbar to bring siblings in view. User Defined—Enter an OID not offered in the Select from list option. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 677: Groups

    SNMP user or community. To associate a non-default view with a group, first create the view in the Views page. NOTE Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 678 Notify—Limits the available content of the traps to those included in the selected view. Otherwise, there is no restriction on the contents of the traps. This can only be selected for SNMPv3. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 679: Users

    STEP 2 This page provides information for assigning SNMP access control privileges to SNMP users. Enter the parameters. STEP 3 • User Name—Enter a name for the user. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 680 Privacy Password—16 bytes are required (DES encryption key) if the DES privacy method was selected. This field must be exactly 32 hexadecimal characters. The Encrypted or Plaintext mode can be selected. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 681: Communities

    SNMP community. Click All to indicate that any IP device can access the SNMP community. • IP Version—Select either IPv4 or IPv6. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 682 (Community Type) Advanced—Select this type for a selected community. Group Name—Select an SNMP group that determines the access rights. Click Apply. The SNMP Community is defined, and the Running Configuration is updated. STEP 4 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 683: Trap Settings

    An SNMP notification is a message sent from the device to the SNMP management station indicating that a certain event has occurred, such as a link up/down. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 684 Server Definition—Select whether to specify the remote log server by IP address or name. • IP Version—Select either IPv4 or IPv6. • IPv6 Address Type—Select either Link Local or Global. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 685 Filter Name—Select the SNMP filter that defines the information contained in traps (defined in the Notification Filterpage). Click Apply. The SNMP Notification Recipient settings are written to the Running STEP 5 Configuration file. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 686 Global—The IPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks. • Link Local Interface—Select the link local interface (if IPv6 Address Type Link Local is selected) from the pull-down list. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 687 Filter Name—Select the SNMP filter that defines the information contained in traps (defined in the Notification Filter page). Click Apply. The SNMP Notification Recipient settings are written to the Running STEP 4 Configuration file. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 688: Notification Filter

    Select or deselect Include in filter. If this is selected, the selected MIBs are included in the STEP 4 filter, otherwise they are excluded. Click Apply. The SNMP views are defined and the running configuration is updated. STEP 5 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 689: Chapter 30: Smart Network Application (Sna)

    Right-Hand Information Panel • Operations • Overlays • Tags • Search • Notifications • Device Authorization Control (DAC) • Services • Saving SNA Settings • Technical Details Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 690: Sna Sessions

    This is done by re-entering the credentials, and can be done at any time. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 691: Sna Graphics

    The SNA feature is a graphical representation of the user network. When the main page of the SNA is opened, the screen is divided into the following parts: • Topology View • Right-Hand Information Panel • Topology Overlays • Overlays Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 692 Backbone Device. The orange number is the number of notifications existing for the device. Offline Device (greyed out) Access Point Client PC Client Phone Client Unknown Device Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 693: Top Right-Hand Menu

    A—Save configuration changes to the Startup Configuration file. • B—Open the DAC List Management system. See Device Authorization Control (DAC). • C—Open the Global Notifications page. See Notifications. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 694: Topology View

    Log out of system by clicking Log out. Upgrade your permissions by clicking Upgrade Permission. • E—Click to delete a selected device. Topology View The topology view is the main view of the SNA. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 695 Various overlays can be selected for the topology views that affect the graphic representation Topology Overlays. of elements. See The topology discovery mechanism uses information gathered from LLDP and CDP TLVs to identify devices in the network. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 696 Switches discovered on the network are labeled as one of the following types: SNA Switch— Switch (running version 2.2.5 or higher) with the full SNA feature set. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 697 Distinct visual appearance from online devices on the topology map (see “Topology View:”). Can be moved on the topology, and its placement can be saved. You can also add tags to the device (see Tags). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 698 These grouping of devices are called client groups, and individual clients comprising a client group can be viewed by clicking and entering its explorer (see Explorers). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 699 To view the ports on a device, select that device and then double-click it. This opens a panel that displays all ports of the device, including all units if the device is in stack mode. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 700 Operational Status (including disabling reason if the port is turned off by the software) • LAG membership • Description (if a description was defined) • Speed • Switchport mode • Port Utilization (Rx and Tx) Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 701 The width of connections between switches on the topology map is an indication of the aggregated bandwidth available on the connection as determined by the operational speed of the links in the connection. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 702 SNA-capable devices among them. SNA draws a cloud on the topology map and displays the devices detected in this cloud as connected clients. Most SNA operations are not applicable to clouds. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 703: Right-Hand Information Panel

    The right-hand information panel contains the following blocks: • Header Block • Right-Hand Information Panel Cogwheel • Basic Information Block • Notifications Block • Services Block • Tags • Statistics Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 704 Smart Network Application (SNA) Right-Hand Information Panel Figure 2 shows a sample of the right-hand information panel: Figure 2 Right-Hand Information Panel Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 705 IP address if the host name is not known, or MAC address if both the host name and the IP address are not known. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 706 Explore Device—This option is only available for SNA switches, and only appears when a single device is selected. Selecting this action opens the device explorer for the selected switch. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 707 Some of the information is shown at all times, and some is shown only if the View All button is clicked. If no information is received on a certain parameter, that parameter is not displayed in the Basic Information section. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 708 1, 6, 13-19, 1054, 2012- VLANs device. Dashed lines are used to join 2100, 4094 consecutive VLANs. Active The version number of the active 2.2.0.53 Firmware firmware Version Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 709 ID. This means that a maximum of eight fields may appear here. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 710 The base MAC address of the device 00:00:b0:83:1f:ac Device Type The type of client device Phone Host Unknown Connected The interface through which the GE1/14 Interface device is reached on the closest switch Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 711 Based on the information from the 80/42 % (Tx/Rx) connected port. PoE Power Appears only if the client is connected 8900 mW Consumption to a PoE port. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 712 The parameters below only appear when View all is clicked. Interface Uses the value of the interface’s ifAlias MIB. "WS 28" Description String with a maximum of 64 characters. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 713 8900 MW Consumption Spanning Tree Displays the interface STP-state. Blocking State Forwarding Disabled NOTE The Basic Information section is not displayed when selecting clients or layer 2 clouds. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 714 You can then view the status of this parameter on the selected interface for the previous year. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 715 Last hour—60 samples (one every minute) • Last day—24 samples (one every hour) • Last week—7 samples (one every day) • Last year—52 samples (one every week) Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 716 This graph is an interface-level graph that shows the total traffic on an interface in packets over time. The graph is available for all interfaces (ports or LAGs) of devices with full SNA support. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 717: Operations

    Launch web management sessions on other SNA-capable devices and on managed devices through SNA (bypassing the login screen) if the managed device/SNA device allows management sessions using the same credentials used to log in to SNA. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 718 To enter an explorer, click on the note representing the device or on a connection. The information displayed by the explorer may change according to the overlay selected (see Overlays). The following explorers exist: • Device Explorer • Connection Explorer Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 719 When the PoE overlay is selected, the following columns are displayed: Maximum Power Allocation — Displays only in the port table. Displays the maximum power allocation in MW. If a port does not support PoE, shows N/A. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 720 The interface names of the interfaces on both sides of the link • The LAG name (if any) on both sides of the link • The speed of the link Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 721 • PoE Overlay column Power Consumption—Shows the power consumed by the device in MW. If the connected port does not support PoE, shows N/A. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 722: Overlays

    Only one overlay can be active at a time, therefore selecting an overlay deactivates any other active overlay. The following overlays are supported: • Link Utilization • PoE Information • VLAN Membership • STP Information Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 723 The user can select the thresholds where these colors change for each type of data, and the specific colors used for each threshold reached. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 724 When activating this overlay, a list of existing VLANs in the network is displayed (listed by VLAN ID). When you select a VLAN, node, which are members in this VLAN, are highlighted. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 725: Tags

    Tags are used to quickly select multiple elements by searching for a specific tag. For example, you can search for all network nodes labelled with the IP Phone tag. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 726 Discovery protocols. See • User-defined tags—Added manually and assigned to nodes in the topology map. User-Defined Tags. Built-in and user-defined tags are visually distinct from each other. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 727 PoE). View Tags To view a list of all Tags, perform the following: STEP 1 Click the Hamburger menu in the left-hand side of the Topology view: Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 728 Click the search icon for a specific tag in the Close and Find Devices column to see a list STEP 3 of devices with the selected tag. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 729: Search

    In the Tag section, click the Add tag name text box. A list of tags is displayed. STEP 2 STEP 3 Select the tag to be applied to the device. Search Use the search functionality to locate specific devices in the Topology view. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 730 Click in the Search box: STEP 2 Enter the keyword “Tag” and the name of the tag, as shown in the example below: STEP 3 Click . The results are displayed. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 731: Dashboard

    This appears only in the aggregated notifications display. The originating device is identified by the strongest available form of identification according to the following priority: Host name > IP address > MAC address. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 732 Suspension Reason (string of up to 20 characters) • Auto Recovery Status (Enabled/Disabled) • A button to attempt to re-activate the interface (this button requires the SNA to be in full permission mode). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 733: Notifications

    In addition, a general notification icon on the application masthead is displayed when there is a notification. These indications are cleared when logging out, and are updated again as events take place while SNA is operational. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 734 Originating device — Appears only in the aggregated notifications display. The originating device is identified by the strongest available form of identification according to the following priority: Host name  IP address  MAC address. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 735 Smart Network Application (SNA) Notifications • Timestamp • Severity • SYSLOG text Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 736: Device Authorization Control (Dac)

    To access DAC, perform the following: STEP 1 Click the options menu in the left-hand side of the masthead: The following menu is displayed: Select Edit DAC Mode. STEP 2 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 737 Enter a key string that will be used by the DAC RADIUS server with all its clients on the network. Click Done. STEP 7 The DAC RADIUS server is highlighted in the Topology view. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 738 When informing the user of the new device, SNA provides the MAC address of the device and the device and port through which the device attempted to access the network. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 739 (this option is selected by default). Finally, apply the configurations. The report displays warnings if some steps of the DAC configuration process are missed, along with the status of the actions as handled by the devices. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 740 RADIUS server. • No ports are selected. • Status Pending When the status is a failure, the error message is shown • Success for the action. • Failure Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 741 (Last Seen) and through which port/device it attempted to access the network (Seen At). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 742 By default, all services copy the running configuration file to the startup configuration file automatically after the configuration is performed. You can disable this option. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 743 SG350XG-2F10. RADIUS Client Configuration This service enables you to configure one or more devices as RADIUS clients by defining the RADIUS server they are using for login. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 744 If an entry with the same IP address or host name already exists in a priority lower than 0, the entry’s priority is changed to 0, and the login usage is added to it, if needed. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 745 RADIUS. If RADIUS is selected, the actual value configured for all channels is RADIUS, Local. DNS Client Configuration The DNS Client Configuration service enables defining the DNS server that the selected devices use. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 746 If a static entry existed and was displayed, the new entry created by the service replaces the pre-existing entry. Displayed/Editable Parameters To define a new SYSLOG server, enter the server’s IPv4 or IPv6 address. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 747 SNTP server is displayed according to the following priority: First SNTP server (alphabetically) defined by host name. Lowest SNTP server defined by IPv4 Lowest SNTP server defined by IPv6 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 748 Instead, it performs an operation on all selected devices. Use this service to download new firmware versions or configuration files to the selected devices or reboot them. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 749 This file is then downloaded to all devices participating in the service. After downloading the new firmware, the device also automatically makes it the active firmware version. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 750 Used to download a new configuration file. In the local file system, browse to the new configuration file and select it. This file is then downloaded to the startup- configuration of all devices participating in the service. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 751 When activating the download, you can request that all devices reboot after downloading the configuration file to make the new configurations active. • Reboot: Click Go to reboot the devices without performing any other actions. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 752 Custom—Displayed if an SNA-created schedule is not applied uniformly to all Access ports. Access ports are ports whose VLAN mode is Access. Configured ports—A list of all ports that are bound to the SNA-created schedule. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 753 To set up a power management policy: STEP 1 Select a device in the Topology view. Select the Power Management service in the right-hand information. STEP 2 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 754 Smart Network Application (SNA) Services The following is displayed: Click Select Ports. STEP 3 Select one or more ports and click Done. STEP 4 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 755 Smart Network Application (SNA) Services Click +Add Schedule Time STEP 5 Complete the fields (see descriptions above) and click Go. STEP 6 A power management policy has been defined. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 756 After editing the membership and applying, the VLAN will be created on all devices that will now have ports belonging to it (if that VLAN did not exist in them before). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 757 SNA. • Schedule behavior—This information appears only if the port has an applied SNA- defined power schedule. The possible values are: PoE power inactive Data inactive Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 758 • Native VLAN (SNA version 2.3)—Appears only in Trunk mode. When displayed it shows the Native VLAN ID, and when configuring allows selection of the native VLAN. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 759 • Duplex Mode—This parameter is only available if Auto Negotiation is disabled and if the selected speed is 10M or 100M. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 760 If you manually save the settings after importing a new file, the option to revert is no longer available Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 761 Supported browsers: IE10 and above, Chrome, FireFox. • Safari on MAC OS: 6.1.2-7.0.2 • Supported OS: Win 7, Win 8, Win 8.1, Linux 2.6, 3.11, MAC OSX version 10.7 and up Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 762 Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.