Download  Print this page

Cisco 350 Series Administration Manual

Managed switches
Hide thumbs
   
1
Table Of Contents
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762

Advertisement

ADMINISTRATION
GUIDE
Cisco 350, 350X and 550X Series Managed Switches, Firm-
ware Release 2.4, ver 0.4

Advertisement

Table of Contents
loading

  Related Manuals for Cisco 350 Series

  Summary of Contents for Cisco 350 Series

  • Page 1 ADMINISTRATION GUIDE Cisco 350, 350X and 550X Series Managed Switches, Firm- ware Release 2.4, ver 0.4...
  • Page 2: Table Of Contents

    Interface Naming Conventions Window Navigation Search Facility Chapter 3: Dashboard Grid Management System Health Resource Utilization Identification Port Utilization PoE Utilization Latest Logs Suspended Interfaces Traffic Errors Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 3 Switched Port Analyzer (SPAN) Diagnostics RMON View Logs Chapter 6: Administration System Settings User Accounts Idle Session Timeout Time Settings System Log File Management Plug-n-Play (PNP) Reboot Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 4 Stack Changes Unit Failure in Stack Stack Ports Software Auto Synchronization in Stack Stack Management Chapter 9: Administration: Time Settings System Time Configuration SNTP Modes System Time Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 5 Chapter 12: Smartport Overview How the Smartport Feature Works Auto Smartport Error Handling Default Configuration Relationships with Other Features Common Smartport Tasks Configuring Smartport Using The Web-based Interface Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 6 Dynamic Addresses Chapter 16: Multicast Multicast Forwarding Overview Properties MAC Group Address IP Multicast Group Address IPv4 Multicast Configuration IPv6 Multicast Configuration IGMP/MLD Snooping IP Multicast Group Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 7 Chapter 19: IP Configuration: VRRP Overview VRRP Topology Configurable Elements of VRRP Configuring VRRP Chapter 20: IP Configuration: SLA Overview Using SLA Chapter 21: Security RADIUS Password Strength Management Access Method Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 8 SSD Rules SSD Properties Configuration Files SSD Management Channels Menu CLI and Password Recovery Configuring SSD Chapter 24: Security: SSH Server Overview Common Tasks SSH User Authentication Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 9 Configuring IPv6 First Hop Security through Web GUI Chapter 27: Access Control Overview MAC-Based ACLs Creation IPv4-based ACL Creation IPv6-Based ACL Creation ACL Binding Chapter 28: Quality of Service QoS Features and Components Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 10 Chapter 30: Smart Network Application (SNA) SNA Sessions SNA Graphics Top Right-Hand Menu Topology View Right-Hand Information Panel Operations Overlays Tags Search Dashboard Notifications Device Authorization Control (DAC) DAC Workflow Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 11 Contents Services Saving SNA Settings Technical Details Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 12: Chapter 1: Quick Getting Started

    If the supplied screws are lost, use replacement screws in the following size: Diameter of the screw head: 6.9 mm Length of face of screw head to base of screw: 5.9 mm Shaft diameter: 3.94 mm Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 13: Rack Mounting Switch

    Repeat the previous step to attach the other bracket to the opposite side of the switch. STEP 2 After the brackets are securely attached, the switch is now ready to be installed into a standard STEP 3 19-inch rack. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 14: Power Over Ethernet Considerations

    SF350-48P 48- 7* PD69208 AF/AT/60W Port 10/100 PoE (0x4AC2) / Managed Switch 7*69208M (0x4B42) (as of 2.2.7) SF350-48P SF350-48P 48- 7*69208M AF/AT/60W Port 10/100 PoE (0x4B42) Managed Switch Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 15 1*PD69204 Managed Switch (0x4AC2) / 3*69208M (0x4B42) + 1*69204 SG350-28MP SG350-28MP 28- 3x PD69208+ AF/AT/60W Port Gigabit PoE 1*PD69204 Managed Switch (0x4AC2) / 3*69208M (0x4B42) + 1*69204 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 16 3*69208M AF/AT/60W 24-Port 2.5G PoE (0x4B42) + Stackable 1*69204 Managed Switch SG350X-48P SG350X-48P 48- 7* PD69208 af/at/60w Port Gigabit PoE (0x4AC2) / Stackable 7*69208M Managed Switch (0x4B42) Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 17 4* PD69208 af/at/60w 24-Port Gigabit (0x4AC2) / PoE Stackable 4*69208M Managed Switch (0x4B42) SG550X-24MPP SG550X-24MPP 4* PD69208 af/at/60w 24-Port Gigabit (0x4AC2) / PoE Stackable 4*69208M Managed Switch (0x4B42) Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 18 PoE switch. When a device is being falsely detected as a PD, you should disconnect the device from the PoE port and power recycle the device with AC power before reconnecting its PoE ports. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 19 To configure the switch using the web-based interface: Power on the computer and your switch. STEP 1 For Cisco 350-550 XG switches, connect the computer to the OOB port found on the front STEP 2 panel. For all other switches, connect the computer to any network port.
  • Page 20 When the login page appears, choose the language that you prefer to use in the web-based STEP 6 interface and enter the username and password. The default username is cisco. The default password is cisco. Usernames and passwords are both case sensitive. Click Log In.
  • Page 21: Configuring Your Switch Using The Console Port

    1 stop bit • no flow control Enter a username and password. The default username is cisco, and the default password is STEP 4 cisco. Usernames and passwords are both case sensitive. If this is the first time that you have logged on with the default username and password, the following message appears: Please change your password from the default settings.
  • Page 22 The OOB port cannot be a member of VLAN or LAG, and the bridge’s protocols (for example, STP, GVRP, etc.) cannot be enabled on the OOB port. Only untagged traffic is supported on the OOB port. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 23 QoS and ACL are not supported on the OOB port (so all TCAM-based features like DOS Attack Prevention are also not supported). Only Management ACLs are supported. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 24: Usb Port

    A stack can have up to four 350X devices or eight 550X devices in it. Any 10G port of the switch can be used for stacking. The switch can only be stacked without Mesh topology. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 25 98DX4203, 98DX4204, 98DX4210, 98DX4211, and 98DX4212Switch Features The switches in the same stack are connected together through their stack ports. Depending on the type of stack ports and the desired speed, you may need Cat6a Ethernet cables or Cisco approved modules or cables for the switches.
  • Page 26 SF350-48MP SF350-48MP 48-Port 10/100 PoE Managed Switch SG350-08PD SG350-8PD 8-Port 2.5G PoE Managed Switch SG350-10 SG350-10 10-Port Gigabit Managed Switch SG350-10P SG350-10P 10-Port Gigabit PoE Managed Switch Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 27 SG350-28SFP SG350-28SFP 28-Port Gigabit SFP Managed Switch SG350-52 SG350-52 52-Port Gigabit Managed Switch SG350-52P SG350-52P 52-Port Gigabit PoE Managed Switch SG350-52MP SG350-52MP 52-port Gigabit PoE Managed Switch Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 28 SG350X-48P 48-Port Gigabit PoE Stackable Managed Switch SG350X-48MP SG350X-48MP 48-Port Gigabit PoE Stackable Managed Switch SF550X-24 SF550X-24 24-Port 10/100 Stackable Managed Switch SF550X-24P SF550X-24P 24-Port 10/100 PoE Stackable Managed Switch Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 29 SG550X-24MPP 24-Port Gigabit PoE Stackable Managed Switch SG550X-48 SG550X-48 48-Port Gigabit Stackable Managed Switch SG550X-48P SG550X-48P 48-Port Gigabit PoE Stackable Managed Switch SG550X-48MP SG550X-48MP 48-Port Gigabit PoE Stackable Managed Switch Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 30 SX550X-24 24-Port 10GBase-T Stackable Managed Switch SX550X-24FT SX550X-24FT 24-Port 10G Stackable Managed Switch SX550X-24F SX550X-24F 24-Port 10G SFP+ Stackable Managed Switch SX550X-52 SX550X-52 52-Port 10GBase-T Stackable Managed Switch Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 31 Mbps, 1 Gbps, and 2.5 Gbps, on Cat 5e cables. Much of the cabling deployed worldwide is limited to 1 Gbps at 100 meters. Cisco Multigigabit Ethernet enables speeds up to 2.5 Gbps on the same infrastructure without replacing a cable.
  • Page 32 The SFP+ ports are compatible with the following Cisco SFP 1G optical modules MGBSX1, MGBLH1, MGBT1, as well as other brands. • The Cisco SFP+ 10G optical modules that are supported in the Cisco switches are: SFP-10G-SR, SFP-10G-LR, SFP-10G-SR-S, and SFP-10G-LR-S.
  • Page 33 Power—Connects the switch to AC power. • Console—Connects a serial cable to a computer serial port so that it can be configured by using a terminal emulation program. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 34: Chapter 2: General Information

    Navigate from one mode to another, as shown below: When the user switches from basic to advanced, the browser reloads the page. However, after reload, the user stays on the same page. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 35 When switching from one mode to another, any configuration which was made on the page (without Apply) is deleted. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 36: Quick Start Device Configuration

    Switched Port Analyzer (SPAN and RSPAN) There are two hot links on the Getting Started page that take you to Cisco web pages for more information. Clicking on the Support link takes you to the device product support page, and clicking on the Forums link takes you to the Support Community page.
  • Page 37: Interface Naming Conventions

    For example, GE1/0/4 is port number 4 on the first unit of the stack. • Slot Number—The slot number is always 0. • Interface Number: Port, LAG, Tunnel, or VLAN ID. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 38: Window Navigation

    Download Language: Add a new language to the device. To upgrade a language file, use the Upgrade/Backup NOTE Firmware/Language page. Logout Click to log out of the web-based switch configuration utility. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 39 Cancel Click to reset changes made on the page. Clear Clear information on page. Clear Filter Click to clear filter to select information displayed. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 40 Click Refresh to refresh the counter values. Test Click Test to perform the related tests. Restore Defaults Click Restore Defaults to restore factory defaults. Cancel Defaults Click Cancel Defaults to restore factory defaults. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 41: Search Facility

    CDP: If you are in Basic mode, links to pages in Advanced mode are displayed but not available. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 42: Chapter 3: Dashboard

    Stack Topology • Traffic Errors Grid Management The dashboard consists of multiple modules, but only a subset of the modules can be viewed at the same time. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 43 The module can be dropped in an unoccupied spot, or in a spot occupied by a module of the same size. If the selected spot is occupied, the modules switch places. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 44: System Health

    • Fan Status—Yellow if one fan failed and is backed up by the redundant fan; Green if the fan is operational; Red if the fan is faulty. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 45: Resource Utilization

    Each bar becomes red if the resource utilization is higher than 80 percent. Hovering over a bar displays a tooltip displaying the numeric utilization information (used resources/max available). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 46: Identification

    System Location—Enter the physical location of the device. • System Contact—Enter the name of a contact person. • Total Available Power—Amount of power available to the device. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 47: Port Utilization

    A list of ports is displayed. The port utilization is displayed in bar format: For each port, the following port utilization information is displayed: Tx—% (red) Rx—% (blue) Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 48: Poe Utilization

    Refresh Time—Select one of the displayed options. • PoE Global Properties—Link to the Port Management -> PoE -> Properties page. • PoE Port Settings—Link to the Port Management -> PoE -> Settings page. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 49: Latest Logs

    When units are connected in a stack, a drop-down selector enables the user to select the device to be viewed. All suspended ports in the device are shown as red. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 50 The following configuration options (right-hand corner) are available: • Display Mode—Select either Device View or Table View. • Refresh Time—Select one of the options displayed. • Error Recovery Settings—Click to open Error Recovery Settings. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 51 Hovering over a stack connection in the module displays a tooltip detailing the connected units and the stacking ports generating the connection. The following configuration options (right-hand corner) are available: • Stack Management—Click to open Stack Management. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 52: Traffic Errors

    Last traffic error—Traffic error that occurred on a port and the last time the error occurred. • Refresh Time—Select one of the refresh rates. • Traffic Error Information—Click to link to the Statistics page. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 53: Chapter 4: Configuration Wizards

    No other symbols, punctuation characters, or blank spaces are permitted (as specified in RFC1033, 1034, 1035). Click Next. STEP 4 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 54 Clock Source—Select one of the following: Manual Settings—Select to enter the device system time. If this is selected, enter the Date and Time. Default SNTP Servers—Select to use the default SNTP servers. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 55: Vlan Configuration Wizard

    Select the ports are that to be the access ports of the VLAN. Access ports of a VLAN is STEP 8 untagged member of the VLAN. (by clicking with mouse on the required ports in the graphical display). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 56: Acl Wizard

    User defined to enter a destination address or a range of destination addresses. • Destination MAC Value—Enter the MAC address to which the destination MAC address is to be matched and its mask (if relevant). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 57 Note that this mask is different than in other uses, such as subnet mask. Here, setting a bit as 1 indicates don't care and 0 indicates to mask that value. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 58 VLANs only—Bind the ACL to a VLAN. Enter the list of VLANs in the Enter the list of VLANs you want to bind the ACL to field. No binding—Do not bind the ACL. Click Apply. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 59: Chapter 5: Status And Statistics

    802.1X EAP • • Hardware Resource Utilization • Health and Power • Switched Port Analyzer (SPAN and RSPAN) • Diagnostics • RMON • sFlow • View Logs Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 60: System Summary

    In a stack, the Firmware Version number shown is based on the version of the NOTE master. • Firmware MD5 Checksum (Active Image)—MD5 checksum of the active image. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 61 Total PoE Power Consumption (W)—Total PoE power delivered to connected PoE devices. • PoE Power Mode—Port Limit or Class Limit. The master unit is displayed graphically, as shown below: Hovering on a port displays its name. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 62: Cpu Utilization

    Select the Refresh Rate (time period in seconds) that passes before the statistics are refreshed. STEP 3 A new sample is created for each time period. The window containing a graph displaying CPU utilization on the device is displayed. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 63: Interface

    Broadcast Packets—Good Broadcast packets transmitted. To view statistics counters in table view or graphic view: STEP 3 • Click View All Interfaces Statistics to see all ports in table view. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 64: Etherlike

    Pause Frames Received—Received flow control pause frames. This field is only supported for XG ports. When the port speed is 1G, the received pause frames counter is not operational. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 65: Port Utilization

    GVRP is a standards-based Layer 2 network protocol, for automatic configuration of VLAN information on switches. It is defined in the 802.1ak amendment to 802.1Q-2005. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 66 Invalid Attribute Length—Invalid attribute length errors. • Invalid Event—Invalid events. To clear statistics counters, click View All Interfaces Statistics to see all ports on a single STEP 3 page. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 67: 802.1X Eap

    EAPOL frame. • EAPOL EAP Supplicant Frames Transmitted—EAPOL EAP Supplicant frames transmitted on the port. • EAPOL Start Frames Transmitted—EAPOL Start frames transmitted on the port. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 68: Acl

    Trapped Packets—Port/LAG Based—The interfaces on which packets forwarded or rejected based on ACL rules. • Trapped Packets—VLAN Based—The VLANs on which packets forwarded or rejected based on ACL rules. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 69: Hardware Resource Utilization

    VLAN mapping. • IP Entries In Use—Number of TCAM entries used for IP rules. Maximum—Number of available TCAM entries that can be used for IP rules. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 70: Health And Power

    Amber (solid) – RPS is connected but providing power to two other devices. In this case, the RPS will not be able to provide power to the current device, while providing power to the two other devices. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 71 In this case, the redundant fan becomes part of the environment monitoring of the device. It is recommended to let the redundant fan work for at least 1 minute once a day. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 72 This section displays the power saved by the device due to the Green Ethernet and Led Disable features, as well as due to ports being down (physically or due to time range settings). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 73 • PoE—The Port Management > PoE > Settings page is displayed. Connect the time range to the PoE operations on one or more ports. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 74 Active—Power supply is being used. Failure—Main power has failed. Main Power Supply Budget—Amount of power that can be can be allocated for device PSE operation by the main power supply. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 75 If the device is not part of a stack, the Health and Power page displays the following fields: • Fan Status—The following values are possible: OK—Fan is operating normally. Failure—Fan is not operating correctly. N/A—Fan ID is not applicable for the specific model. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 76 The following fields are displayed: • Port Name—Number of port. • PD Status—Displays one of the following values: Connected—The PD port is connected to a PSE device that is providing power. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 77: Switched Port Analyzer (Span)

    Switched Port Analyzer (SPAN and RSPAN) The SPAN feature, which is sometimes called port mirroring or port monitoring, selects network traffic for analysis by a network analyzer. The network analyzer can be a Cisco SwitchProbe device or other Remote Monitoring (RMON) probes.
  • Page 78 If accurate monitoring is required, the TCAM-based mirror policy can be used. RSPAN Workflow The following workflow describes how to configure the start, intermediate and final switches: • Start Switch • Intermediate Switch(es) • Final Switch Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 79 STEP 1 The previously-defined RSPAN VLAN is displayed. To configure a VLAN as an RSPAN VLAN, select it from the RSPAN VLAN drop-down list STEP 2 of VLANs. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 80 Network Traffic—Select to enable that traffic other than monitored traffic is possible on the port. Click Apply. STEP 4 SPAN Session Sources One or more SPAN or RSPAN sources must be configured on the start and final devices. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 81: Diagnostics

    • Tech-Support Information Copper Ports Tests The Copper Test page displays the results of integrated cable tests performed on copper cables by the Virtual Cable Tester (VCT). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 82 Last Update—Time of the last test conducted on the port. • Test Results—Cable test results. Possible values are: OK—Cable passed the test. No Cable—Cable is not connected to the port. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 83 MGBLX1: 1000BASE-LX SFP transceiver, for single-mode fiber, 1310 nm wavelength, supports up to 10 km. • MGBSX1:1000BASE-SX SFP transceiver, for multimode fiber, 850 nm wavelength, supports up to 550 m. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 84 Transmitter Fault—Remote SFP reports signal loss. Values are True, False, and No Signal (N/S). • Loss of Signal—Local SFP reports signal loss. Values are True and False. • Data Ready—SFP is operational. Values are True and False. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 85: Rmon

    Define interesting changes in counter values, such as “reached a certain number of late collisions” (defines the alarm), and then specify what action to perform when this event occurs (log, trap, or log and trap). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 86 Undersize Packets—Undersized packets (less than 64 octets) received. • Oversize Packets—Oversized packets (over 2000 octets) received. • Fragments—Fragments (packets with less than 64 octets, excluding framing bits, but including FCS octets) received. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 87 The RMON feature enables monitoring statistics per interface. The History page defines the sampling frequency, amount of samples to store and the port from which to gather the data. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 88 History Control table described above. To view RMON history statistics: Click Status and Statistics > RMON > History. STEP 1 Click History Table. STEP 2 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 89 Sequence) with an integral number of octets (FCS Error) or a bad FCS with a non- integral octet (Alignment Error) number. • Collisions—Collisions received. • Utilization—Percentage of current interface traffic compared to maximum traffic that the interface can handle. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 90 Log and Trap—Add a log entry to the Event Log table and send a trap to the remote log server when the alarm goes off. • Owner—Enter the device or user that defined the event. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 91 One or more alarms are bound to an event, which indicates the action to be taken when the alarm occurs. Alarm counters can be monitored by either absolute values or changes (delta) in the counter values. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 92 Falling Alarm—A falling value triggers the falling threshold alarm. Rising and Falling—Both rising and falling values trigger the alarm. • Interval—Enter the alarm interval time in seconds. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 93 V5 (if supported by the interface): Generic interface counters (RFC 2233) Ethernet interface counters (RFC 2358) Workflow By default, flow and counter sampling are disabled. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 94 If a link local address exists on the interface, this entry replaces the address in the configuration. Global—The IPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 95 Sampling Interval—If x is entered, this specifies that a counter sample will be taken for each x seconds. Receiver Index—Select one of the indices that was defined in these sFlow Receiver Settings pages. Click Apply. STEP 3 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 96: View Logs

    The web GUI will poll the RAM log every 10 seconds. Notifications pop-ups for all SYSLOGs created in the last 10 seconds will appear at the bottom right of the screen. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 97 Log Time—Time when message was generated. • Severity—Event severity. • Description—Message text describing the event. To clear the log messages, click Clear Logs. The messages are cleared. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 98 • Log Time—Time when message was generated. • Severity—Event severity. • Description—Message text describing the event. To clear the messages, click Clear Logs. The messages are cleared. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 99: Chapter 6: Administration

    • Plug-n-Play (PNP) • Reboot • Hardware Resources • Discovery - Bonjour • Discovery - LLDP • Discovery - CDP • Locate Device • Ping • Traceroute Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 100: System Settings

    The banner can contain up to 1000 characters. After 510 characters, press <Enter> to continue. Click Apply to save the values in the Running Configuration file. STEP 3 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 101: User Accounts

    (read-only or read-write) or changing the passwords of existing users. After adding a level 15 user (as described below), the default user is removed from the system. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 102 Read/Write Management Access (15)—User can access the GUI, and can configure the device. Click Apply. The user is added to the Running Configuration file of the device. STEP 4 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 103: Idle Session Timeout

    The device generates the following local logs: • Log sent to the console interface. • Log written into a cyclical list of logged events in the RAM and erased when the device reboots. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 104 For example, if Warning is selected, all severity levels that are Warning and higher are stored in the log (Emergency, Alert, Critical, Error, and Warning). No events with severity level below Warning are stored (Notice, Informational, and Debug). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 105 The Remote Log Servers page enables defining remote SYSLOG servers to which log messages are sent. For each server, you can configure the severity of the messages that it receives. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 106 Facility—Select a facility value from which system logs are sent to the remote server. Only one facility value can be assigned to a server. If a second facility code is assigned, the first facility value is overridden. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 107: File Management

    Using the Cisco Plug-n-Play solution, you can perform Zero Touch Installs of the switches in various deployment scenarios and deployment locations. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 108 If a link local address exists on the interface, this entry replaces the address in the configuration. Global—The IPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 109 Click Apply. The parameters are copied to the Running Configuration file. STEP 3 Click Display Sensitive Data as Plaintext to display the password if it is encrypted. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 110 If the agent is in the Discovery Waiting state, it is set to the Discovery state. • If the agent is in the PnP Session Waiting state, it is set to the PnP Session state. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 111: Reboot

    (using a 24-hour clock). If you specify the month and day, the reload is scheduled to take place at the specified time and date. If you do not specify the month and day, Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 112 The number of router TCAM entries for a specific entry type that you allocate is less than the number currently in use. • The total number of router TCAM entries that you allocated is greater than the maximum available. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 113: Discovery - Bonjour

    Click on Hardware Resource Management to configure resources allocated to each type of resource. Discovery - Bonjour See Bonjour. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 114: Discovery - Lldp

    When the feature is activated the Start button is replaced by the Stop button, which allows you to stop the LED blinking before the defined timer expires. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 115: Ping

    • Destination IP Address/Name—Address or host name of the device to be pinged. Whether this is an IP address or host name depends on the Host Definition. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 116: Traceroute

    • IP Version—If the host is identified by its IP address, select either IPv4 or IPv6 to indicate that it will be entered in the selected format. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 117 Host—Displays a stop along the route to the destination. Round Trip Time (1-3)—Displays the round trip Time in (ms) for the first through third frame and the Status of the first through third operation. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 118: Chapter 7: Administration: File Management

    The configuration files are text files and can be edited in a text editor, such as Notepad after they are copied to an external device, such as a PC. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 119 More commonly referred to as the image. • Language File—The dictionary that enables the web-based configuration utility windows to be displayed in the selected language. • Logging File—SYSLOG messages stored in Flash memory. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 120: Firmware Operations

    Active Firmware Version—Displays the version of the current, active firmware file. Enter the following fields: STEP 2 • Operation Type—Select Update Firmware or Backup Firmware. • Copy Method—Select HTTP/HTTPS or USB. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 121 Link Local Interface—Select the link local interface (if IPv6 is used) from the list. • Server IP Address/Name—Enter the IP address or the name of the TFTP server, whichever is relevant. • (Update) Source—Enter the name of the source file. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 122 The username and password for one-time credential will not saved in NOTE configuration file. Enter the following fields: STEP 6 • Server Definition—Select whether to specify the SCP server by IP address or by domain name. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 123 Active Firmware File—Displays the current, active firmware file. • Active Firmware Version—Displays the version of the current, active firmware file. Enter the following fields are displayed: STEP 2 • Operation Type—Select Swap Image. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 124: File Operations

    Unless the Running Configuration is copied to the Startup Configuration or another CAUTION configuration file, all changes made since the last time the file was copied are lost when the device is rebooted. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 125 Destination File Type—Select one of the configuration file types to update. • Copy Method—Select TFTP. • Server Definition—Select whether to specify the TFTP server by IP address or by domain name. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 126 To enable SSH server authentication (which is disabled by default), click Edit by Remote STEP 3 SSH Server Authentication. This takes you to the SSH Server Authentication page to configure the SSH server Return to this page. STEP 4 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 127 To backup a system configuration file using HTTP/HTTPS: Click Administration > File Management > File Operations. STEP 1 Enter the following fields: STEP 2 • Operation Type—Select Backup File. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 128 The available sensitive data options are determined by the current user SSD NOTE rules. For details, refer to the SSD Rules page. Click Apply to begin the operation. STEP 3 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 129 Plaintext—Include sensitive data in the backup in its plaintext form. The available sensitive data options are determined by the current user SSD NOTE rules. For details, refer to Secure Sensitive Data Management > SSD Rules page. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 130 Server Definition—Select whether to specify the SCP server by IP address or by domain name. • IP Version—Select whether an IPv4 or an IPv6 address is used. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 131 Source File Name—Select one of the configuration file types to copy. • Destination File Name—Enter name of the destination configuration file. Click Apply to begin the operation. STEP 3 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 132: File Directory

    Auto Image Update—Automatic downloading a firmware image from a remote TFTP/SCP server. At the end of the Auto Configuration/Image Update process, the device reboots itself to the firmware image. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 133 SCP, and files with the other extensions are downloaded using TFTP. The default extension is .scp. • TFTP Only—The download is done through TFTP, regardless of the file extension of the configuration file name. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 134 If the DHCP server did not send the indirect file name of the firmware image file, the Backup Indirect Image File Name (from the DHCP Auto Configuration/Image Update page) is used. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 135 TFTP—The device sends TFTP Request messages to a limited Broadcast address (for IPv4) or ALL NODES address (for IPv6) on its IP interfaces and continues the process of Auto Configuration/Image Update with the first answering TFTP server. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 136 If Auto Configuration is enabled, the Auto Configuration process is triggered when the configuration file name is received from a DHCP server or a backup configuration file name has been configured. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 137 The form and format of the file are checked, but the validity of the configuration parameters is not checked prior to loading it to the Startup Configuration. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 138 66 (single server address) or 150 (list of server addresses) 67 (name of configuration file) • DHCPv6 Option 59 (server address) Options 60 (name of configuration file plus indirect image file name, separated by a comma) Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 139 Enter the values. STEP 2 • Auto Configuration Via DHCP—Select this field to enable DHCP Auto Configuration. This feature is disabled by default, but can be enabled here. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 140 SSH server if required. • SSH Client Authentication—Click on the System Credentials link to enter user credentials in the SSH User Authentication page. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 141 This is An example of an indirect image file name is: indirect-cisco.scp. This file contains the path and name of the firmware image. The following fields are displayed: • Last Auto Configuration/Image Server IP Address—Address of the last backup server.
  • Page 142: Chapter 8: Administration: Stack Management

    In some cases, stack ports can become members in a stack of Link Aggregation Groups (LAGs) increasing the bandwidth of the stack interfaces. See Stack Port Link Aggregation. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 143 During Fast Stack Link failover, the master/backup units remain active and functioning. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 144: Types Of Units In Stack

    Unit 6: LED 2 and 4 are lit. • Unit 7: LED 3 and 4 are lit. • Unit 8: LED 1, 3, and 4 are lit. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 145: Stack Topology

    Ring Topology—Each unit is connected to the neighboring unit. The last unit is connected to the first unit. The following shows a ring topology of an eight-unit stack: Figure 1 Stack in Rig Topology (550 Family) Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 146 During topology discovery, each unit in a stack exchanges packets, which contain topology information. After the topology discovery process is completed, each unit contains the stack mapping information of all units in the stack. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 147: Unit Id Assignment

    It did not win the master selection process between the master-enabled units (1 or 2). Duplicate Unit Shut Down Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 148 Duplication Between Two Units With Auto Number Unit ID If a new stack has more than the maximum number of units, all extra units are shut down. NOTE Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 149: Master Selection Process

    The stack changes between ring and chain formation. When units are added or removed to and from a stack, it triggers topology changes, master election process, and/or unit ID assignment. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 150 The best unit is the unit with the higher uptime in segments of 10 minutes. The other unit is made the backup. Auto-numbered Master-enabled Unit Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 151: Unit Failure In Stack

    The backup configuration file remains on the previous master. Dynamic process-state information, such as the STP state table, dynamically-learned MAC addresses, dynamically-learned Smartport types, MAC Multicast tables, LACP, and GVRP are not synchronized. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 152 STP. Packet flooding to unknown Unicast MAC addresses occurs until the MAC NOTE addresses are learned or relearned. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 153: Stack Ports

    The allowed interface combination for the same stacking LAG is either interfaces XG1 and XG2 or interfaces XG3 and XG4. Other combination of interlaces in the same stack LAG is not supported. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 154 (auto-discovery is the default setting). The system automatically identifies the stack cable type and selects the highest speed supported by the cable and the port. A SYSLOG message (informational level) is displayed when the cable type is not recognized. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 155: Software Auto Synchronization In Stack

    The unit automatically reboots itself to run the new version. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 156 In addition, the 2-4 XG ports of the Sx350X/Sx550X units must be configured as stacking ports, and connected to the SG350XG/SX350X and SG550XG/SX550X devices stacking ports. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 157 Number of Multicast groups Max. number of IPv4 routes 7168 Max. number of IPv4 host 7092 directly-connected Max. number of IPv4 1800 Multicast routes Max number of IPv6 interfaces Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 158 This usually succeeds, but there are exceptions as described below: Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 159: Stack Management

    350 devices or mixed types of 550 devices (but not a mix of 350 and 550 devices). • Stack Topology—Displays whether the topology of the stack is chain or ring. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 160 When you hover over a port, a tool tip displays the stacking port number, unit that it is connected to (if there is one), the port speed and its connection status. See an example of Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 161 Unit x Stack Connection Speed—Displays the speed of the stack connection. Click Apply and Reboot. The parameters are copied to the Running Configuration file and STEP 4 the stack is rebooted. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 162: Chapter 9: Administration: Time Settings

    Savings Time (DST). It covers the following topics: • System Time Configuration • SNTP Modes • System Time • SNTP Unicast • SNTP Multicast/Anycast • SNTP Authentication • Time Range • Recurring Time Range Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 163: System Time Configuration

    After the time has been set by any of the above sources, it is not set again by the browser. SNTP is the recommended method for time setting. NOTE Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 164: Sntp Modes

    The device supports having all of the above modes active at the same time and selects the best system time received from an SNTP server, according to an algorithm based on the closest stratum (distance from the reference clock). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 165: System Time

    SNTP server: Date—Enter the system date. Local Time—Enter the system time. • Time Zone Settings—The local time is used via the DHCP server or Time Zone offset. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 166 Day—Day of the week on which DST begins every year. Week—Week within the month from which DST begins every year. Month—Month of the year in which DST begins every year. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 167: Sntp Unicast

    This page displays the following information for each Unicast SNTP server: • SNTP Server—SNTP server IP address. The preferred server, or hostname, is chosen according to its stratum level. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 168 DNS server or configured so that a DNS server is identified by using DHCP. (See Settings) • IP Version—Select the version of the IP address: Version 6 or Version 4. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 169 Authentication Key ID—If authentication is enabled, select the value of the key ID. (Create the authentication keys using the SNTP Authentication page.) Click Apply. The STNP server is added, and you are returned to the main page. STEP 6 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 170: Sntp Multicast/Anycast

    The authentication key is created on the SNTP server in a separate process that depends on the type of SNTP server you are using. Consult with the SNTP server system administrator for more information. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 171: Time Range

    Time Range Time ranges can be defined and associated with the following types of commands, so that they are applied only during that time range: • ACLs Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 172 The existing time ranges are displayed. To add a new time range, click Add. STEP 2 Enter the following fields: STEP 3 • Time Range Name—Enter a new time range name. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 173: Recurring Time Range

    Recurring Ending Time—Enter the date and time that the Time Range ends on a recurring basis. Click Apply. STEP 5 Click Time Range to access the Absolute Time Range page. STEP 6 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 174: Chapter 10: Administration: Discovery

    If a service is changed, the device will send Bonjour packets with the new information. If the IP address of the device is changed, the device will also advertise its new IP address. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 175: Lldp And Cdp

    Apply). LLDP and CDP LLDP (Link Layer Discovery Protocol) and CDP (Cisco Discovery Protocol) are link layer protocols for directly-connected LLDP and CDP-capable neighbors to advertise themselves and their capabilities. By default, the device sends an LLDP/CDP advertisement periodically to all its interfaces and processes incoming LLDP and CDP packets as required by the protocols.
  • Page 176 VLAN. A CDP/LLDP-capable device may receive advertisements from more than one device if the CDP/LLDP-incapable devices flood the CDP/LLDP packets. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 177: Discover - Lldp

    The LLDP protocol has an extension called LLDP Media Endpoint Discovery (LLDP-MED) that provides and accepts information from media endpoint devices such as VoIP phones and video phones. For further information about LLDP-MED, see LLDP MED Network Policy. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 178 TLV Advertise Interval—Enter the rate in seconds at which LLDP advertisement updates are sent, or use the default. • Topology Change SNMP Notification Interval—Enter the minimum time interval between SNMP notifications. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 179 This page contains the port LLDP information. Select a port and click Edit. STEP 2 This page provides the following fields: • Interface—Select the port to edit (including the OOB port). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 180 LLDP PDU is transmitted) can be aggregated. It also indicates whether the link is currently aggregated, and if so, provides the aggregated port identifier. 802.3 Maximum Frame Size—Maximum frame size capability of the MAC/PHY implementation. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 181 Administration: Discovery Discover - LLDP 4-Wire Power via MDI—(relevant to PoE ports supporting 60W PoE) Proprietary Cisco TLV defined to support power over Ethernet that allow for 60 watts power (standard support is up to 30 watts). Management Address Optional TLV •...
  • Page 182 Select Auto for LLDP-MED Network Policy for Voice Application if the device is to STEP 2 automatically generate and advertise a network policy for voice application based on the voice VLAN maintained by the device. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 183 Auto and Auto Voice VLAN is in operation, then the device automatically generates an LLDP- MED Network Policy for Voice Application for all the ports that are LLDP-MED enabled and are members of the voice VLAN. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 184 LLDP MED Network Policy page. To include one or more user-defined network polices in the advertisement, you must also select Network Policy from the Available Optional TLVs. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 185 WLAN AP, or Router. • Enabled System Capabilities—Primary enabled function(s) of the device. • Port ID Subtype—Type of the port identifier that is shown. • LLDP Port Status Table Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 186 WLAN AP, or Router. • Enabled System Capabilities—Primary enabled function(s) of the device. • Port ID Subtype—Type of the port identifier that is shown. • Port ID—Identifier of port. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 187 802.3 Power via MDI • MDI Power Support Port Class—Advertised power support port class. • PSE MDI Power Support—Indicates if MDI power is supported on the port. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 188 PD Spare Pair Desired State—Indicates a pod device requesting to enable the 4-pair ability. • PD Spare Pair Operational State—Indicates whether the 4-pair ability is enabled or disabled. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 189 Coordinates—Map coordinates: latitude, longitude, and altitude. • ECS ELIN—Emergency Call Service (ECS) Emergency Location Identification Number (ELIN). Network Policy Table • Application Type—Network policy application type; for example, Voice. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 190 Port ID—Identifier of port. • System Name—Published name of the device. • Time to Live—Time interval (in seconds) after which the information for this neighbor is deleted. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 191 • Address—Managed address. • Interface Subtype—Port subtype. • Interface Number—Port number. MAC/PHY Details • Auto-Negotiation Supported—Port speed auto-negotiation support status. The possible values are True and False. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 192 PD Spare Pair Desired State—Indicates a pod device requesting to enable the 4-pair ability. • PD Spare Pair Operational State—Indicates if the 4-pair ability is enabled or disabled. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 193 Class 2 features plus location, 911, Layer 2 switch support and device information management capabilities. • PoE Device Type—Port PoE type, for example, PD/PSE. • PoE Power Source—Port’s power source. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 194 Protocol ID—Advertised protocol IDs. Location Information Enter the following data structures in hexadecimal as described in section 10.2.4 of the ANSI-TIA-1057 standard: • Civic—Civic or street address. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 195 Tx Frames (Total)—Number of transmitted frames. • Rx Frames Total—Number of received frames. Discarded—Total number of received frames that discarded. Errors—Total number of received frames with errors. • Rx TLVs Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 196 LLDP Mandatory TLVs Size (Bytes)—Total mandatory TLV byte size. Status—If the mandatory TLV group is being transmitted, or if the TLV group was overloaded. • LLDP MED Capabilities Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 197 Total (Bytes)—Total number of bytes of LLDP information in each packet Available Bytes Left—Total number of available bytes left to send for additional LLDP information in each packet. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 198: Discovery - Cdp

    • CDP Statistics CDP Properties Similar to LLDP, the Cisco Discovery Protocol (CDP) is a link layer protocol for directly- connected neighbors to advertise themselves and their capabilities to each other. Unlike LLDP, CDP is a Cisco proprietary protocol. CDP Configuration Workflow The followings is sample workflow for configuring CDP on the device.
  • Page 199 • Source Interface—IP address to be used in the TLV of the frames. The following options are possible: Use Default—Use the IP address of the outgoing interface. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 200 • No. of Neighbors—Number of neighbors detected. The bottom of the page has four buttons: • Copy Settings—Select to copy a configuration from one port to another. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 201 STEP 2 • Interface—Number of the local port. The OOB port can also be selected. • CDP State—Displays whether CDP is enabled or not. • Device ID TLV Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 202 Disabled indicates that the port is not trusted in which case, the following field is relevant. • CoS for Untrusted Ports TLV Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 203 After timeout (based on the value received from the neighbor Time To Live TLV during which no CDP PDU was received from a neighbor), the information is deleted. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 204 Bits 0 through 7 indicate Other, Repeater, Bridge, WLAN AP, Router, Telephone, DOCSIS cable device, and station respectively. Bits 8 through 15 are reserved. • Platform—Identifier of the neighbors platform. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 205 (true only for specific ports that have this HW ability). Spare Pair Detection/Classification Required—Indicates that the 4-pair wire is needed. PD Spare Pair Desired State—Indicates a pod device requesting to enable the 4-pair ability. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 206 To clear all counters on all interfaces, click Clear All Interface Counters. To clear all STEP 2 counters on an interface, select it and click Clear Interface Counters. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 207: Chapter 11: Port Management

    4. Configure the LACP parameters for the ports that are members or candidates of a dynamic LAG by using the LACP page. 5. Configure Green Ethernet and 802.3 Energy Efficient Ethernet by using the Properties page. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 208: Port Settings

    To update the port settings, select the desired port, and click Edit. STEP 4 Modify the following parameters: STEP 5 • Interface—Select the port number. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 209 Flow Control abilities to the port link partner. • Operational Auto Negotiation—Displays the current auto-negotiation status on the port. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 210 This is only supported on the 550 family. 10000 Full—The LAG advertises a 10000 Mbps speed and the mode is full duplex. This is only supported on the 550 family. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 211 Packets received from protected ports can be forwarded only to unprotected egress ports. Protected port filtering rules are also applied to packets that are forwarded by software, such as snooping applications. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 212: Error Recovery Settings

    STP BPDU guard. STP Loopback Guard— Enable automatic recovery when the port has been shut down by STP Loopback Guard. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 213: Loopback Detection Settings

    Network managers can define a Detection Interval that sets the time interval between LBD packets. The following loop cases can be detected by the Loopback Detection protocol: • Shorted wire—Port that loop backs all receiving traffic. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 214 Loopback detection is not enabled by default. Interactions with Other Features If STP is enabled on a port on which Loopback Detection is enabled, the port must be in STP forwarding state. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 215: Link Aggregation

    Click Apply to save the configuration to the Running Configuration file. STEP 8 Link Aggregation This section describes how to configure LAGs. It covers the following topics: • Link Aggregation Overview • Default Settings and Configuration Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 216 By MAC Addresses—Based on the destination and source MAC addresses of all packets. • By IP and MAC Addresses—Based on the destination and source IP addresses for IP packets, and destination and source MAC addresses for non-IP packets. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 217 Select the load balancing algorithm for the LAG. Perform these actions in the Management page. 2. Configure various aspects of the LAG, such as speed and flow control by using the Settings page. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 218 Active Member—Active ports in the LAG. • Standby Member—Candidate ports for this LAG. Enter the values for the following fields: STEP 2 • LAG—Select the LAG number. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 219 When the time range is not active, the port is in shutdown. If a time range is configured, it is effective only when the port is administratively Up. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 220 Protected LAG—Select to make the LAG a protected port for Layer 2 isolation. See the Port Configuration description in Port Settings for details regarding protected ports and LAGs. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 221 In order for LACP to create a LAG, the ports on both link ends should be configured for LACP, meaning that the ports send LACP PDUs and handle received PDUs. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 222 LACP PDUs. Select the periodic transmissions of LACP PDUs, which occur at either a Long or Short transmission speed, depending upon the expressed LACP timeout preference. Click Apply. The Running Configuration file is updated. STEP 5 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 223 Shutdown—The link is unidirectional. Traffic sent by a local device is received by its neighbor, but traffic from the neighbor is not received by the local device. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 224 (3 times message time) has passed. If a new message is received before the expiration time, the information in that message replaces the previous one. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 225 UDLD again begins running on the port. If the link is still unidirectional, UDLD shuts it down again after the UDLD expiration time expires, for instance. • Manually—You can reactivate a port in the Error Recovery Settings page Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 226 UDLD Usage Guidelines Cisco does not recommend enabling UDLD on ports that are connected to devices on which UDLD is not supported or disabled. Sending UDLD packets on a port connected to a device that does not support UDLD causes more traffic on the port without providing benefits.
  • Page 227 The UDLD feature can be configured for all fiber ports at one time (in the UDLD Global Settings page) or per port (in the UDLD Interface Settings page). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 228 Information is displayed for all ports on which UDLD is enabled, or, if you have filtered only a certain group of ports, information is displayed for that group of ports. • Port—The port identifier. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 229 Click Apply to save the settings to the Running Configuration file. STEP 4 UDLD Neighbors To view all devices connected to the local device, click Port Management > UDLD > UDLD Neighbors. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 230 Neighbor Expiration Time (Sec.)—Displays the time that must pass before the device attempts to determine the port UDLD status. This is three times the Message Time. • Neighbor Message Time (Sec.)—Displays the time between UDLD messages. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 231: Poe

    Power over Ethernet can be used in any enterprise network that deploys relatively low-pod devices connected to the Ethernet LAN, such as: • IP phones • Wireless access points • IP gateways • Audio and video remote monitoring devices Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 232 Consider the following when configuring PoE: • The amount of power that the PSE can supply • The amount of power that the PD is actually attempting to consume Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 233 Output power is disabled during power-on reboot, initialization, and system configuration to ensure that PDs are not damaged. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 234 Available Power—Nominal power minus the amount of consumed power. • PSE Chipset & Hardware Revision—PoE chipset and hardware revision number. Click Apply to save the PoE properties. STEP 3 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 235 Operational Status—Displays whether PoE is currently active on the port. • PoE Standard—Displays the type of PoE supported, such as 60W PoE and 802.3 AT PoE). Select a port and click Edit. STEP 2 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 236 PoE is enabled. When the time range is not active, PoE is disabled. To use this feature, a time range must first be defined in the Time Range page. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 237 • Force Four Pair—Enable this feature to provide enhanced power supply. • Power Consumption—Displays the amount of power in milliwatts assigned Settings (Class Limit) Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 238 A sample's average PoE consumption per port/device is as follows: Sum of all PoE consumption readings in a period / Number of minutes in the sampling period. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 239 Clear Event Counters—Clear the displayed event counters. • View Interfaces Statistics—Display the above statistics for a selected interface • View Interface History Graph—Display the counters in graph format for a selected interface Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 240: Green Ethernet

    This mode is only supported on RJ45 ports; it does not apply to Combo ports. This mode is disabled by default. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 241 LEDs that are displayed on the device board pictures are not affected by disabling the LEDs. Port LEDs can be disabled on the Properties page. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 242 When signals from both sides are received, the Keep Alive signal indicates that the ports are in LPI status (and not in Down status), and power is reduced. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 243 • If the port speed on the GE port is changed to 10Mbit, 802.3az EEE is disabled. This is supported in GE models only. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 244 Energy Detect Mode— Click the checkbox to enable this mode. This setting is not supported for some of the XG devices. • Short Reach—(For non-XG devices) Click the checkbox to enable this feature. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 245 Some fields may not be displayed on some SKUs. NOTE • Port—The port number. • Energy Detect—State of the port regarding the Energy Detect feature: Administrative—Displays whether Energy Detect is enabled. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 246 Select to enable or disable 802.3 Energy Efficient Ethernet (EEE) mode on the port. STEP 5 Select to enable or disable 802.3 Energy Efficient Ethernet (EEE) LLDP mode on the port STEP 6 (advertisement of EEE capabilities through LLDP). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 247 Port Management Green Ethernet Click Apply. The Green Ethernet port settings are written to the Running Configuration file. STEP 7 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 248: Chapter 12: Smartport

    The result is that these devices share a common configuration. The Smartport feature works in conjunction with other features such as: • Voice VLAN and Smartport, described in the Voice VLAN section. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 249 The “macro” serves to apply the desired configuration • The “anti-macro” serves to undo all configuration performed by the macro when an interface is attached to a different Smartport type. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 250 Smartport Type Supported by Auto Smartport Supported by Auto Smartport by default Unknown Default Printer Desktop Guest Server Host IP camera IP phone IP phone desktop Switch Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 251 LLDP messages are received on the interface before both TTLs of the most recent CDP and LLDP packets decrease to 0, then the anti-macro is run, and the Smartport type returns to default. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 252 Smartport macros are bound to Smartport types in the Type Settings page. Built-in Smartport Macros for a listing of the built-in Smartport macros for each device type. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 253 Smartport type (in the Interface Settings pages). See the workflow area in Common Smartport Tasks section for troubleshooting tips. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 254: How The Smartport Feature Works

    • If a device is aged out (no longer receiving advertisements from other devices), the interface configuration is changed according to its Persistent Status. If the Persistent Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 255 CDP and/or LLDP advertisements from the device for a specified time period. Using CDP/LLDP Information to Identify Smartport Types The device detects the type of device attached to the port, based on the CDP/LLDP capabilities. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 256 DOCSIS cable device IETF RFC 4639 and Ignore IETF RFC 4546 Station Only IETF RFC 4293 Host C-VLAN Component of a VLAN Bridge Switch IEEE Std. 802.1Q Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 257 (assuming the configuration was saved). The Smartport type and the configuration of the interface are not Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 258: Error Handling

    CDP and LLDP to detect attaching device's Smartport type, and detects Smartport type IP phone, IP phone + Desktop, Switch, and Wireless Access Point. Voice VLAN for a description of the voice factory defaults. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 259: Relationships With Other Features

    Select the interface, and click Edit. STEP 2 Select the Smartport type that is to be assigned to the interface in the Smartport Application STEP 3 field. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 260 Troubleshoot, then correct the problem. Consider the troubleshooting tip below. STEP 3 Click Edit. A new window appears in which you can click Reset to reset the interface. STEP 4 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 261: Configuring Smartport Using The Web-Based Interface

    Enter the parameters. STEP 2 • Administrative Auto Smartport—Select to globally enable or disable Auto Smartport. The following options are available: Disable—Select to disable Auto Smartport on the device. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 262 Editing these parameters for the Smartport types applied by Auto Smartport from the Smartport Type Settings page configures the default values for these parameters. These defaults are used by Auto Smartport. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 263 Smartport type by Auto Smartport. Auto Smartport does not apply the changes to interfaces that statically assigned a Smartport type. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 264 All Switches, Routers and Wireless Access Points—Reapplies the macros to all interfaces. • All Switches—Reapplies the macros to all interfaces defined as switches. • All Routers —Reapplies the macros to all interfaces defined as routers. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 265 Interface—Select the port or LAG. • Smartport Type—Displays the Smartport type currently assigned to the port/LAG. • Smartport Application—Select the Smartport type from the Smartport Application pull-down. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 266: Built-In Smartport Macros

    Smartport type there is a macro to configure the interface and an anti macro to remove the configuration. Macro code for the following Smartport types are provided: • desktop • printer • guest • server • host • ip_camera • ip_phone Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 267 #macro description No Desktop no smartport switchport trunk native vlan smartport switchport trunk allowed vlan remove all no port security no port security mode no port security max Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 268 #macro description No printer no switchport access vlan no switchport mode no port security no port security mode no smartport storm-control broadcast enable no smartport storm-control broadcast level Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 269 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 270 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 271 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 272 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 273 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 274 #macro key description: $voice_vlan: The voice VLAN ID #Default Values are #$voice_vlan = 1 smartport switchport trunk allowed vlan remove $voice_vlan no smartport switchport trunk native vlan Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 275 #macro keywords $voice_vlan #macro key description: $voice_vlan: The voice VLAN ID no smartport switchport trunk native vlan smartport switchport trunk allowed vlan remove all no spanning-tree link-type Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 276 [ap] #macro description ap #macro keywords $native_vlan $voice_vlan #macro key description: $native_vlan: The untag VLAN which will be configured on the port Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 277: Chapter 13: Vlan Management

    VLANs address security and scalability issues. Traffic from a VLAN stays within the VLAN, and terminates at devices in the VLAN. It also eases network configuration by logically connecting devices without physically relocating those devices. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 278 Adjacent VLAN-aware devices exchange VLAN information with each other by using Generic VLAN Registration Protocol (GVRP). As a result, VLAN information is propagated through a bridged network. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 279 The following types of ports can be members in a private VLAN: • Promiscuous—A promiscuous port can communicate with all ports of the same private VLAN. These ports connect servers and routers. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 280 VLAN’s various VLANs (primary, isolated and the communities). The switch supports 16 primary VLANs and 256 secondary VLANs. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 281 Figure 1 Traffic from Hosts to Servers/Routers Server Promiscous Promiscous Isolated vlan Community Vlan Isolated Isolated Community Community Community Isolated 1 Isolated 2 Community 1 Community 1 Community 1 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 282 The following describes server/router traffic (reply to host). Figure 2 Server/Router Traffic to Hosts Server Promiscous Promiscous Primary VLAN Isolated Isolated Community Community Community Isolated 1 Isolated 2 Community 1 Community 1 Community 1 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 283 IPv4 and IPv6. Both can be defined on a primary VLAN. Isolated and community ports do not allow for IP connectivity. IP connectivity requires traffic to pass on a primary VLAN. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 284 IP Source Guard—A TCAM rule is required to forward/drop IP traffic. • First Hop Security—A TCAM rule is required to trap IPv6 traffic (when IPv6 source guard is enabled). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 285: Regular Vlans

    VLAN Settings section. STEP 1 Set the desired VLAN-related configuration for ports and enable QinQ on an interface as STEP 2 described in the Interface Settings section. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 286 Each VLAN must be configured with a unique VID with a value from 1 to 4094. The device reserves VID 4095 as the Discard VLAN. All packets classified to the Discard VLAN are discarded at ingress, and are not forwarded to a port. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 287 For example, if you shut down a VLAN, on which an IP interface is configured, bridging into the VLAN continues, but the switch cannot transmit and receive IP traffic on the VLAN Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 288 Trunk—The interface is an untagged member of one VLAN at most, and is a tagged member of zero or more VLANs. A port configured in this mode is known as a trunk port. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 289 VLANs that are required for normal packet forwarding from the Available Secondary VLANs. Promiscuous and trunk ports can be members in multiple VLANs. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 290 The S-VLAN specified by the user must be created on the device before configuring it on an interface as an S-VLAN. If this VLAN does not exist, the command fails. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 291 VLAN tunneling. The customer port mode is a particular case of VLAN-mapping tunnel port mode, and does not require allocation of TCAM resources. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 292 Mapping Type selection. Select one of the following: Source VLAN—Configure the ID of the customer VLAN (C-VLAN) that will be translated to S-VLAN (translated VLAN). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 293 VLAN-unaware. If a destination end node is VLAN-unaware, but is to receive traffic from a VLAN, then the last VLAN-aware device (if there is one), must send frames of the destination VLAN to the end node untagged. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 294 Running STEP 3 , and Configuration file. You can continue to display and/or configure port membership of another VLAN by selecting another VLAN ID. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 295 • Interface—Select a Port or LAG. • Current VLAN Mode—Displays the port VLAN mode that was selected in the Interface Settings page. • Access Mode Membership (Active) Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 296 Select a port and click Details to view the following fields: STEP 5 • Administrative VLANs—Port is configured for these VLANs. • Operational VLANs—Port is currently a member of these VLANs. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 297: Gvrp Settings

    Generic VLAN Registration Protocol (GVRP). GVRP is based on the Generic Attribute Registration Protocol (GARP) and propagates VLAN information throughout a bridged network. To enable GVRP on an interface, it must be configured in General mode. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 298 Click Apply. GVRP settings are modified, and written to the Running Configuration file.. STEP 7 VLAN Groups This section describes how to configure VLAN groups. It describes the following features: • MAC-Based VLAN Group Overview Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 299 General mode. b. If the interface does not belong to the VLAN, manually assign it to the VLAN using the Port to VLAN page. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 300 Group ID—Select a VLAN group, defined in the MAC-Based VLAN Group Overview page. • VLAN ID—Select the VLAN to which traffic from the VLAN group is forwarded. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 301 IP Address—Enter the IP address on which the subgroup is based. • Prefix Mask—Enter the prefix mask that defines the subnet. • Group ID—Enter a group ID. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 302 Groups of protocols can be defined and then bound to a port. After the protocol group is bound to a port, every packet originating from a protocol in the group is assigned the VLAN that is configured in the Protocol-Based Groups page. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 303 Protocol Value—Enter the protocol for LLC-SNAP (rfc 1042)encapsulation. • Group ID—Enter a protocol group ID. Click Apply. The Protocol Group is added, and written to the Running Configuration file. STEP 4 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 304: Voice Vlan

    VLANs, IP (Layer 3) routers are needed to provide communication. This section covers the following topics: • Voice VLAN Overview • Voice VLAN Configuration • Telephony OUI Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 305 The following are typical voice deployment scenarios with appropriate configurations: • UC3xx/UC5xx hosted: All Cisco phones and VoIP endpoints support this deployment model. For this model, the UC3xx/UC5xx, Cisco phones and VoIP endpoints reside in the same voice VLAN. The voice VLAN of UC3xx/UC5xx defaults to VLAN 100. •...
  • Page 306 CDP and/or LLDP-MED. Voice End-Points To have a voice VLAN work properly, the voice devices, such as Cisco phones and VoIP endpoints, must be assigned to the voice VLAN where it sends and receives its voice traffic. Some of the possible scenarios are as follows: •...
  • Page 307 VLAN port memberships. Auto Voice VLAN performs the following functions when it is in operation: • It discovers voice VLAN information in CDP advertisements from directly connected neighbor devices. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 308 (UC) devices, are advertising their voice VLAN, the voice VLAN from the device with the lowest MAC address is used. If connecting the device to a Cisco UC device, you may need to configure the NOTE port on the UC device using the switchport voice vlan command to ensure the UC device advertises its voice VLAN in CDP at the port.
  • Page 309 The interface VLAN of a candidate port must be in General or Trunk mode. • The Voice VLAN QoS is applied to candidate ports that have joined the Voice VLAN, and to static ports. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 310 If the device is currently in Auto Voice VLAN mode, you must disable it before NOTE you can enable Telephony OUI. Configure Telephony OUI in the Telephony OUI Table page. STEP 2 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 311 VLAN as a static voice VLAN. If the option Auto Voice VLAN Activation triggered by external Voice VLAN is selected, then the default values need to be maintained. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 312 VLAN, which has higher priority than auto voice VLAN that was learned from external sources. Click Apply. The VLAN properties are written to the Running Configuration file. STEP 3 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 313 Click Restart Auto Voice VLAN to reset the voice VLAN to the default voice VLAN and STEP 2 restart Auto Voice VLAN discovery on all the Auto-Voice-VLAN-enabled switches in the LAN. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 314 VLAN from a higher priority source is discovered. Only one local source is the best local source. No—This is not the best local source. Click Refresh to refresh the information on the page STEP 3 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 315 Click Restore Default OUIs to delete all of the user-created OUIs, and leave only the default STEP 3 OUIs in the table. The OUI information may not be accurate until the restoration is completed. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 316 To configure an interface to be a candidate port of the telephony OUI-based voice VLAN, STEP 2 click Edit. Enter the values for the following fields: STEP 3 • Interface—Select an interface. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 317 One or more IP Multicast address groups can be associated with the same Multicast TV VLAN. Any VLAN can be configured as a Multicast-TV VLAN. A port assigned to a Multicast-TV VLAN: • Joins the Multicast-TV VLAN. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 318 VLAN Membership Source and all receiver ports Source and receiver ports cannot must be static members in the be members in the same data same data VLAN. VLAN. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 319 Multicast TV VLAN—VLAN to which the Multicast packets are assigned. • Multicast Group Start—First IPv4 address of the Multicast group. • Group End—Final IPv4 address of the Multicast group range. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 320 STEP 4 required ports to the Member Access Ports field. Click Apply. Multicast TV VLAN settings are modified, and written to the Running STEP 5 Configuration file. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 321 2. Configure the network port as a trunk or general port with subscriber and Multicast TV VLAN as tagged VLANS. (using the Interface Settings page. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 322 Click Apply. CPE VLAN Mapping is modified, and written to the Running Configuration file. STEP 4 Port Multicast VLAN Membership The ports associated with the Multicast VLANs must be configured as customer ports (see Interface Settings). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 323 STEP 4 the required ports to the Member Customer Ports field. Click Apply. The new settings are modified, and written to the Running Configuration file. STEP 5 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 324: Chapter 14: Spanning Tree

    STP provides a tree topology for any arrangement of switches and interconnecting links, by creating a unique path between end stations on a network, and thereby eliminating loops. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 325: Stp Status And Global Settings

    • Spanning Tree State—Select to enable on the device. • STP Loopback Guard—Select to enable Loopback Guard on the device. • STP Operation Mode—Select an STP mode. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 326 Topology Changes Counts—The total number of STP topology changes that have occurred. • Last Topology Change—The time interval that elapsed since the last topology change occurred. The time appears in a days/hours/minutes/seconds format. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 327: Stp Interface Settings

    0 and can be viewed on the STP Interface Settings page. Select an interface and click Edit. STEP 2 Enter the parameters STEP 3 • Interface—Select the Port or LAG on which Spanning Tree is configured. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 328 STP Status and Global Settings page. Filtering—Filters BPDU packets when Spanning Tree is disabled on an interface. Flooding—Floods BPDU packets when Spanning Tree is disabled on an interface. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 329 LAG—Displays the LAG to which the port belongs. If a port is a member of a LAG, the LAG settings override the port settings. Click Apply. The interface settings are written to the Running Configuration file. STEP 4 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 330 Auto—Automatically determines the device status by using RSTP BPDUs. • Point to Point Operational Status—Displays the Point-to-Point operational status if the Point to Point Administrative Status is set to Auto. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 331 MAC addresses. Forwarding—The port is in Forwarding mode. The port can forward traffic and learn new MAC addresses. Click Apply. The Running Configuration file is updated. STEP 8 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 332: Multiple Spanning Tree Overview

    For two or more switches to be in the same MST region, they must have the same VLANs to MST instance mapping, the same configuration revision number, and the same region name. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 333: Vlans To A Mstp Instance

    Configuration on this page (and all of the MSTP pages) applies if the system STP mode is MSTP. Up to 16 MST instances can be defined in addition to instance zero. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 334: Mstp Instance Settings

    Included VLAN—Displays the VLANs mapped to the selected instance. The default mapping is that all VLANs are mapped to the common and internal spanning tree (CIST) instance 0). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 335: Mstp Interface Settings

    Instance ID—Select the MST instance to be configured. • Interface—Select the interface for which the MSTI settings are to be defined. • Interface Priority—Set the port priority for the specified interface and MST instance. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 336 STP Interface Settings page. • Mode—Displays the current interface Spanning Tree mode. If the link partner is using MSTP or RSTP, the displayed port mode is RSTP. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 337 Forward Transitions—Displays the number of times the port has changed from the Forwarding state to the Discarding state. Click Apply. The Running Configuration file is updated. STEP 6 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 338: Chapter 15: Managing Mac Address Tables

    VLAN. Such frames are referred to as unknown Unicast frames. The device supports a maximum of 8K static and dynamic MAC addresses. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 339: Static Addresses

    Secure—The MAC address is secure when the interface is in classic locked mode (see Port Security). Click Apply. A new entry appears in the table. STEP 4 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 340: Dynamic Addresses

    Click Go. The Dynamic MAC Address Table is queried and the results are displayed. STEP 3 To delete all of the dynamic MAC addresses. click Clear Table. STEP 4 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 341 Action—Select one of the following actions to be taken upon receiving a packet that matches the selected criteria: Bridge—Forward the packet to all VLAN members. Discard—Delete the packet. Click Apply. A new MAC address is reserved. STEP 4 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 342: Chapter 16: Multicast

    (drop) the Multicast on the rest of the ports by enabling the Bridge Multicast filtering status in the Properties page. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 343 ID. The device supports a maximum of 256 static and dynamic Multicast group addresses. Only one of filtering options can be configured per VLAN. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 344 • IGMP v1/v2/ v3 • MLD v1/v2 The device supports IGMP/MLD Snooping only on static VLANs. It does not support IGMP/ NOTE MLD Snooping on dynamic VLANs. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 345 Querier delays sending general query messages after its enabling for 60 seconds. If there is no other querier, it starts to send general query messages. It stops sending general query messages if it detects another querier. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 346 Another advantage is that it makes the proxy devices independent of the Multicast routing protocol used by the core network routers. Hence, proxy devices can be easily deployed in any Multicast network. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 347 By default, IP Multicast traffic arriving on an interface of the IGMP/MLD tree is forwarded. You can disable of IP Multicast traffic forwarding arriving on downstream interfaces. It can be done globally and on a given downstream interface. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 348: Properties

    IPv4 Multicast group address. If an IPv4 address is configured on the VLAN, the operational forwarding method for IPv4 Multicast will be IP Group Address. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 349: Mac Group Address

    • MAC Group Address—Defines the MAC address of the new Multicast group. Click Apply, the MAC Multicast group is saved to the Running Configuration file. STEP 6 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 350: Ip Multicast Group Address

    The IP Multicast Group Address page is similar to the MAC Group Address page except that Multicast groups are identified by IP addresses. The IP Multicast Group Address page enables querying and adding IP Multicast groups. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 351 The VLAN ID, IP Version, IP Multicast Group Address, and Source IP Address selected are displayed as read-only in the top of the window. You can select the filter type: • Interface Type equals to—Select whether to display ports or LAGs. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 352: Ipv4 Multicast Configuration

    To support selective IPv4 Multicast forwarding, bridge Multicast filtering must be enabled (in Properties page), and IGMP Snooping must be enabled globally and for each relevant VLAN in the IGMP Snooping page. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 353 Use Query Robustness (x)—This value is set in MLD Interface Settings page. The number in parentheses is the current query robustness value. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 354 The following fields are displayed for each interface on which IGMP is enabled: • Interface Name—Interface on which IGMP snooping is defined. • Router IGMP Version—IGMP version. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 355 Query Interval (sec)—Interval between the General Queries to be used if this device is the elected querier. • Query Max Response Interval (sec)—Delay used to calculate the Maximum Response Code inserted into the periodic General Queries. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 356 User defined access list—Select the standard IPv4 access list name defining the SSM range. These access lists are defined in Access Lists. Click Apply. The Running Configuration file is updated. STEP 3 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 357 Uptime—Length of time in hours, minutes, and seconds that the entry has been in the IP Multicast routing table. • Expiry Time—Length of time in hours, minutes, and seconds until the entry is removed from the IP Multicast routing table. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 358: Ipv6 Multicast Configuration

    Enable or disable the following features: STEP 2 • MLD Snooping Status—Select to enable MLD snooping globally on all interfaces. • MLD Querier Status—Select to enable MLD querier globally on all interfaces. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 359 Select MLDv2 if there are switches and/or Multicast routers in the VLAN that perform source-specific IP Multicast forwarding. Otherwise, select MLDv1. Click Apply. The Running Configuration file is updated. STEP 4 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 360 To configure an interface, select it and click Edit. Enter the fields that are described above. STEP 2 Click Apply. The Running Configuration file is updated. STEP 3 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 361 TTL threshold value automatically become border routers. To configure a VLAN, select it and click Edit. Enter the fields described above. STEP 2 Click Apply. The Running Configuration file is updated. STEP 3 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 362 Click Apply. The Running Configuration file is updated. STEP 5 The following fields are displayed for each IP Multicast route: • Source Address—Unicast source IPv4 address. • Group Address—Multicast destination IPv4 address. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 363 Uptime—Length of time in hours, minutes, and seconds that the entry has been in the IP Multicast routing table. • Expiry Time—Length of time in hours, minutes, and seconds until the entry is removed from the IP Multicast routing table. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 364: Igmp/Mld Snooping Ip Multicast Group

    Excluded Ports—The list of ports not included in the group. • Compatibility Mode—The oldest IGMP/MLD version of registration from the hosts the device receives on the IP group address. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 365: Multicast Router Port

    When Bridge Multicast Filtering is enabled, Multicast packets to registered Multicast groups are forwarded to ports based on IGMP Snooping and MLD snooping. If Bridge Multicast Filtering is disabled, all Multicast packets are flooded to the corresponding VLAN Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 366: Unregistered Multicast

    You can select a port to receive or reject (filter) unregistered Multicast streams. The configuration is valid for any VLAN of which the port is a member (or will be a member). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 367 Filtering—Enables filtering (rejecting) of unregistered Multicast frames to the selected interface. Click Apply. The settings are saved, and the Running Configuration file is updated. STEP 5 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 368: Chapter 17: Ip Configuration

    If the device does not receive a DHCPv4 response in 60 seconds, it continues to send DHCPDISCOVER queries, and adopts the default IPv4 address: 192.168.1.254/24. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 369 This is defined in the IPv4 Static Routes IPv6 Routes pages. All the IP addresses configured or assigned to the device are referred to as Management IP addresses in this guide. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 370: Loopback Interface

    IPv4 Management and Interfaces This section covers the following topics: • IPv4 Interface • IPv4 Static Routes • IPv4 Forwarding Table • RIPv2 • VRRP • • ARP Proxy Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 371 The following fields are displayed in the IPv4 Interface Table: • Interface—Unit/Interface for which the IP address is defined. This can also be the out- of-band port. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 372 Static IP Address—Enter the IP address. If Static IP Address was selected, enter the following fields: STEP 5 • IP Address—Enter the IP address of the interface. • Mask Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 373 Click Apply. The IPv4 address settings are written to the Running Configuration file. STEP 6 When the system is in one of the stacking modes with a Backup Master present, Cisco CAUTION recommends configuring the IP address as a static address to prevent disconnecting from the network during a Stacking Master switchover.
  • Page 374 Tracking Object ID—(Only on 550 family) Enter the object ID. This field and the next one only appears when SLA exists Click Apply. The IP Static route is saved to the Running Configuration file. STEP 4 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 375 Administrative Distance—The administrative distance to the next hop (a lower value is preferred). This is not relevant for static routes. • Outgoing Interface—Outgoing interface for this route. RIPv2 IP Configuration: RIPv2. VRRP IP Configuration: VRRP Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 376 IP Address—The IP address of the IP device. • MAC Address—The MAC address of the IP device. • Status—Whether the entry was manually entered or dynamically learned. Click Add. STEP 4 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 377 Select ARP Proxy to enable the device to respond to ARP requests for remotely-located nodes STEP 2 with the device MAC address. Click Apply. The ARP proxy is enabled, and the Running Configuration file is updated. STEP 3 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 378 STEP 6 DHCP Snooping/Relay This section covers the following topics: • Overview • Properties • Interface Settings • DHCP Snooping Trusted Interfaces • DHCP Snooping Binding Database Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 379 The main goal of option 82 is to help to the DHCP server select the best IP subnet (network pool) from which to obtain an IP address. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 380 Option 82 with the original Option 82 the packet Disabled Option 82 Bridge – no Bridge – Packet Option 82 is is sent with the inserted original Option Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 381 Enabled Option 82 Bridge – no Bridge – no Bridge – Packet Option 82 is sent Option 82 is is sent with the sent original Option Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 382 DHCP Relay VLAN with IP Address VLAN without IP Address Packet arrives Packet arrives Packet arrives Packet arrives without Option with Option 82 without Option with Option 82 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 383 DHCP Relay VLAN with IP Address VLAN without IP Address Packet arrives Packet arrives Packet arrives Packet arrives with without Option with Option 82 without Option Option 82 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 384 Packets from trusted ports are used to create the Binding database and are handled as described below. If DHCP Snooping is not enabled, all ports are trusted by default. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 385 DHCP Snooping Packet Handling Packet Type Arriving from Untrusted Arriving from Trusted Ingress Ingress Interface Interface DHCPDISCOVER Forward to trusted Forwarded to trusted interfaces only. interfaces only. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 386 DHCPRELEASE Same as Same as DHCPDECLINE. DHCPDECLINE. DHCPINFORM Forward to trusted Forward to trusted interfaces only. interfaces only. DHCPLEASEQUE Filtered. Forward. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 387 Click IP Configuration > IPv4 Management and Interfaces >DHCP Snooping/Relay > STEP 1 Properties. Enter the following fields: • Option 82—Select Option 82 to insert Option 82 information into packets. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 388 DHCP Snooping Trusted Interfaces Packets from untrusted ports/LAGs are checked against the DHCP Snooping Binding database (see the DHCP Snooping Binding Database page). By default, interfaces are trusted. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 389 Add page, except for the IP Source Guard field: • Status— Active—IP Source Guard is active on the device. Inactive—IP Source Guard is not active on the device. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 390 Click Apply. The settings are defined, and the device is updated. STEP 4 DHCP Server This section covers the following topics: • Overview • Properties • Network Pool • Excluded Addresses • Static Hosts • DHCP Options Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 391 Define up to 16 network pools of IP addresses using the Network Pool page. STEP 3 Configure clients that will be assigned a permanent IP address, using the Static Hosts page. STEP 4 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 392 IP addresses of the pool belong to the IP subnet. • Remote Client—The device takes an IP address from the network pool with the IP subnet that matches the IP address of the DHCP relay agent. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 393 Minutes—The number of minutes in the lease. A days value and an hours value must be added before a minutes value can be added. • Default Router IP Address (Option 3)— Enter the default router for the DHCP client. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 394 By default, the DHCP server assumes that all pool addresses in a pool may be assigned to clients. A single IP address or a range of IP addresses can be excluded. The excluded addresses are excluded from all DHCP pools. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 395 Network Mask—Check and enter the static host’s network mask. Prefix Length—Check and enter the number of bits that comprise the address prefix. • Identifier Type—Set how to identify the specific static host. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 396 Other and enter the IP address of the time server for the DHCP client. • File Server IP Address (siaddr)—Enter the IP address of the TFTP/SCP server from which the configuration file is downloaded. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 397 A hex value can be provided in place of any other type of value. For instance, you can provide a hex value of an IP address instead of the IP address itself. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 398 MAC Address or in hexadecimal notation, e.g., 01b60819681172. • Lease Expiration—The lease expiration date and time of the host’s IP address or Infinite is such was the lease duration defined. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 399: Ipv6 Management And Interfaces

    IPv6 Global Configuration • IPv6 Interfaces • IPv6 Tunnel • IPv6 Addresses • IPv6 Router Configuration • IPv6 Default Router List • IPv6 Neighbors • IPv6 Prefix List Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 400 When static routes must be updated, this must be done explicitly by the user. It is the user's responsibility to prevent routing loops in the network. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 401 DHCP server to locate the client. It can be in one of the following formats: Link-Layer—(Default). If you select this option, the MAC address of the device is used. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 402 Click Add to add a new interface on which interface IPv6 is enabled. STEP 4 Enter the fields: STEP 5 • IPv6 Interface—Select a specific unit, port, LAG, loopback interface or VLAN for the IPv6 address. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 403 • Link local address using EUI-64 format interface ID based on a device’s MAC address • All node link local Multicast addresses (FF02::1) Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 404 Information Minimum Refresh Time— See above. • Information Refresh Time—See above. • Received Information Refresh Time—Refresh time received from DHCPv6 server. • Remaining Information Refresh Time—Remaining time until next refresh. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 405 When the ISATAP router IPv4 address is not resolved via the DNS process, the ISATAP IP interface remains active. The system does not have a default router for ISATAP traffic until the DNS process is resolved. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 406 IPv6 address, if it is link local. The following table summarizes tunnel support in the various devices: Tunnel Sx350 SG350x SG350XG/SX350X SG550X SG550XG/SX550X Type ISATAP Supported Supported Supported Supported Supported Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 407 Source IPv4 Address and ISATAP Router Name fields. See the following explanations for these fields. Enter the following fields: STEP 3 • Tunnel Name—Select a tunnel number. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 408 Use Default—This is always ISATAP. User Defined—Enter the router’s domain name. Click Apply. The tunnel is saved to the Running Configuration file. STEP 4 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 409 If a link local address exists on the interface, this entry replaces the address in the configuration. Global—An IPv6 address that is a global Unicast IPV6 type that is visible and reachable from other networks. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 410 Click Apply. The Running Configuration file is updated. STEP 5 IPv6 Router Configuration The following sections describe how to configure IPv6 routers. It covers the following topics: • Router Advertisement • IPv6 Prefixes Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 411 Neighbor Solicitation Retransmissions Interval—Set the interval to determine the time between retransmissions of neighbor solicitation messages to a neighbor when resolving the address or when probing the reachability of a neighbor. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 412 • Prefix Address—The IPv6 network. This argument must be in the form documented in RFC 4293 where the address is specified in hexadecimal—using 16-bit values between colons. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 413 (for example, because the prefix was also configured by adding an IPv6 address), it will be removed. Click Apply to save the configuration to the Running Configuration file. STEP 6 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 414 Next Hop Type—The IP address of the next destination to which the packet is sent. This is composed of the following: Global—An IPv6 address that is a global Unicast IPV6 type that is visible and reachable from other networks. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 415 Static Only—Deletes the static IPv6 address entries. • Dynamic Only—Deletes the dynamic IPv6 address entries. • All Dynamic & Static—Deletes the static and dynamic address entries IPv6 address entries. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 416 When First Hop Security is configured, it is possible to define rules for filtering based on IPv6 prefixes. These lists can be defined in the IPv6 Prefix List page. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 417 If an entry with the number exists, it is replaced by the new one. • Rule Type—Enter the rule for the prefix list: Permit—Permits networks that matches the condition. Deny—Denies networks that matches the condition. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 418 Create new list—Enter a name for the new access list. • Source IPv6 Address—Enter the source IPv6 address. The following options are available: Any—All IP addresses are included. User Defined—Enter an IP address. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 419 Global—An IPv6 address that is a global Unicast IPV6 type that is visible and reachable from other networks. Point-to-Point—A Point-to-point tunnel. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 420 The user must configure the list DHCP servers to which packets are forwarded. Two sets of DHCPv6 servers can be configured: • Global Destinations—Packets are always relayed to these DHCPv6 servers. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 421 To enable DHCPv6 on an interface and optionally add a DHCPv6 server for an interface, click STEP 2 Add. Enter the fields: • Source Interface—Select the interface (port, LAG, VLAN or tunnel) for which DHCPv6 Relay is enabled. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 422 If a route map has more than one rule (ACL) defined on it, the sequence number determines the order in which the packets will be matched against the ACLs (from lower to higher number). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 423 Bound IPv4 Route Map—Select an IPv4 route map to bind to the interface. • Bound IPv6 Route Map—Select an IPv6 route map to bind to the interface. Click Apply. The Running Configuration file is updated. STEP 3 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 424: Domain Name System

    As a DNS client, the device resolves domain names to IP addresses through the use of one or more configured DNS servers. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 425 Use Default—Select to use the default value. This value = 2*(Polling Retries + 1)* Polling Timeout User Defined—Select to enter a user-defined value. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 426 Preference—Select a value that determines the order in which the domains are used (from low to high). This effectively determines the order in which unqualified names are completed during DNS queries. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 427 Name resolution always begins by checking static entries, continues by checking the dynamic entries, and ends by sending requests to the external DNS server. Eight IP addresses are supported per DNS server per host name. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 428 Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 429 IP Address—Enter a single address or up to eight associated IP addresses (IPv4 or IPv6). Click Apply. The settings are saved to the Running Configuration file. STEP 5 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 430: Chapter 18: Ip Configuration: Ripv2

    The device supports RIP version 2, which is based on the following standards: • RFC2453 RIP Version 2, November 1998 • RFC2082 RIP-2 MD5 Authentication, January 1997 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 431: How Rip Operates On The Device

    In this way, the relative cost of the interfaces can be adjusted as desired. It is your responsibility to set the offset for each interface (1 by default). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 432 RIP information on this interface. By default, transmission of routing updates on an IP interface is enabled. RIPv2 Settings for more information. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 433 If these features are enabled, rejected routes are advertised by routes with a metric of 16. The route configurations can be propagated using one of the following options: • Default Metric Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 434 RIP. This is shown in the following, which illustrates a network where some routers support RIP and others do not. A Network with RIP and non-RIP Routers Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 435 RIP Peers Database You can monitor the RIP peers database per IP interface. See RIPv2 Peers Database for a description of these counters Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 436: Configuring Rip

    The following pages are described: • RIPv2 Properties • RIPv2 Settings • RIPv2 Statistic • RIPv2 Peers Database RIPv2 Properties This feature is only supported on 550 family of devices. NOTE Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 437 Connected Metric field. The following options are available: • Default Metric—Causes RIP to use the default metric value for the propagated static route configuration (refer to Redistribution Feature). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 438 Enable—Advertise the default route on this RIP interface. Disable—On this RIP interface, do not advertise the default route. • Default Route Advertisement Metric—Enter the metric for the default route for this interface. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 439 The following fields are displayed: • IP Interface—IP interface defined on the Layer 2 interface. • Bad Packets Received—Specifies the number of bad packets identified by RIP on the IP interface. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 440: Access Lists

    1. Create an access list with a single IP address, using the Access Lists pages. 2. Add additional IP addresses if required, using the Source IPv4 Access List page. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 441 To modify the parameters of an access list, click Add and modify any of the following fields: STEP 2 • Access List Name—Name of the access list. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 442 Permit—Permit entry of packets from the IP address(es) in the access list. Deny—Reject entry of packets from the IP address(es) in the access list. Click Apply. The settings are written to the Running Configuration file. STEP 3 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 443: Chapter 19: Ip Configuration: Vrrp

    VRRP also enables load sharing of traffic. Traffic can be shared equitably among available routers by configuring VRRP in such a way that traffic to and from LAN clients are shared by multiple routers. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 444: Vrrp Topology

    The VRRP router priority depends on the following: if the VRRP router is the owner, its priority NOTE is 255 (the highest), if it is not an owner, the priority is manually configured (always less than 255). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 445 192.168.2.1 and is the virtual router master, and rB is the virtual router backup to rA. Clients 1 and 2 are configured with the default gateway IP address of 192.168.2.1. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 446: Configurable Elements Of Vrrp

    The following cases might occur when configuring a virtual router: • All the existing VRRP routers of the virtual router operate in VRRPv3. In this case, configure your new VRRP router to operate in VRRPv3. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 447 IP subnet as the IP addresses of the virtual router. The corresponding IP subnets must be configured manually in the VRRP router, not DHCP assigned. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 448 Disabled—Even if a VRRP router with a higher priority than the current master is up, it does not replace the current master. Only the original master (when it becomes available) replaces the backup. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 449: Configuring Vrrp

    Enter the following fields: STEP 3 • Interface—Interface on which virtual router is defined. • Virtual Router Identifier—User-defined number identifying virtual router. • Description—User-defined string identifying virtual router. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 450 Advertisement Interval—Enter how frequently advertisement packets are sent. If these parameters are changed (Edit), the virtual router is modified and a new NOTE message is sent with the new parameters. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 451 Priority—Priority of this virtual router’s device, based on its ability to function as a master. Advertisement Interval—Time interval, as described in VRRP Advertisements. Source IP Address—IP address to be used in VRRP messages. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 452 STEP 2 Click Clear Interface Counter to clear the counters for that interface. STEP 3 Click Clear All Interface Counters to clear all the counters. STEP 4 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 453: Chapter 20: Ip Configuration: Sla

    This enables connectivity to the next hop via the new selected master router. IP SLA is not required when using RIP or other dynamic routing protocols Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 454 Operation—Each IP SLAs ICMP Echo operation sends a single ICMP Echo request to a target address at a configured frequency rate. It then waits for a response. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 455 Y. If the delay timer is expired, the state of the tracking object is changed to X and the X state is passed to the associated applications. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 456: Using Sla

    To define this field, select from one of the following options: Auto—The source interface is based on Forwarding Table information. By address— Specify a different source IP address. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 457 To add a new object, click Add. STEP 2 Enter the following fields: STEP 3 • Track Number—Enter an unused number. • Operation Number—Select an SLA operation from a list. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 458 • ICMP-Echo Requests—Number of request packets that were sent. • ICMP-Echo Replies—Number of reply packets that were received. • ICMP-Echo Errors—Number of error packets that were received. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 459 Using SLA To refresh these counters click: • Clear Counters—Clears counters for selected operation. • Clear All Operations Counters—Clears counters for all operations. • Refresh—Refresh the counters. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 460: Chapter 21: Security

    Storm Control • Access Control Access control of end-users to the network through the device is described in the following sections: • Management Access Method • Configuring TACACS+ Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 461 • Accounting—Enable accounting of login sessions using the TACACS+ server. This enables a system administrator to generate accounting reports from the TACACS+ server. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 462 The following defaults are relevant to this feature: • No default TACACS+ server is defined by default. • If you configure a TACACS+ server, the accounting feature is disabled by default. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 463 Encrypted or Plaintext mode. The device can be configured to use this key or to use a key entered for an specific server (entered in the Add TACACS+ Server page). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 464 Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 465: Radius

    To display sensitive data in plaintext form on this page, click Display Sensitive Data As STEP 8 Plaintext. RADIUS Remote Authorization Dial-In User Service (RADIUS) servers provide a centralized 802.1X or MAC-based network access control. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 466 Open an account for the device on the RADIUS server. STEP 1 Configure that server along with the other parameters in the RADIUS and ADD RADIUS STEP 2 Server pages. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 467 Source IPv4 Interface—Select the device IPv4 source interface to be used in messages for communication with the RADIUS server. • Source IPv6 Interface—Select the device IPv6 source interface to be used in messages for communication with the RADIUS server. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 468 RADIUS server before retrying the query, or switching to the next server if the maximum number of retries made. If Use Default is selected, the device uses the default timeout value. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 469 Click Security > RADIUS Server > RADIUS Server Global Settings. STEP 1 Enter the following parameters: STEP 2 • RADIUS Server Status—Check to enable the RADIUS server feature status. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 470 Click Apply. The RADIUS default settings for the device are updated in the Running STEP 3 Configuration file. To add a secret key, click Add and enter the following fields: STEP 4 • NAS Address—Address of switch containing RADIUS client. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 471 None—No VLAN ID is sent. VLAN ID—VLAN ID sent. VLAN Name—VLAN name sent Click Apply. The RADIUS group definition is added to the Running Configuration file of the STEP 3 device. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 472 Date/Time Change—Date/time on the device was changed. Reset—Device has reset at the specified time. • Authentication Method—Authentication method used by the user. Displays N/A if the Event Type is Date/Time Change or Reset. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 473 The rejected users are displayed along with the following fields: • Event Type—Displays one of the following options: Rejected—User was rejected. Time Change—Clock on device was changed by the administrator. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 474 The following fields are displayed: • (Log) Event Type Unknown NAS—An unknown NAS event occurred. Time Change—Clock on device was changed by the administrator. Reset—Device was reset by the administrator. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 475 Incoming Authentication Packets of Unknown Type—Number of received incoming authentication packets of unknown type. • Incoming Packets on the Accounting Port—Number of incoming packets on the accounting port. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 476: Password Strength

    To refresh the counters, click Refresh. Password Strength The default username/password is cisco/cisco. The first time that you log in with the default username and password, you are required to enter a new password. Password complexity is enabled by default. If the password that you choose is not complex enough (Password Complexity Settings are enabled in the Password Strength page), you are prompted to create another password.
  • Page 477 Minimal Number of Character Classes—Enter the number of character classes which must be present in a password. Character classes are lower case (1), upper case (2), digits (3), and symbols or special characters (4). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 478 Key Identifier—Integer identifier for the key chain. • Key String—Value of the key chain string. Enter one of the following options: User Defined (Encrypted)—Enter an encrypted version. User Defined (Plaintext)—Enter a plaintext version Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 479 Minutes—Number of minutes that the key-identifier is valid. Seconds—Number of seconds that the key-identifier is valid. Click Apply. The settings are written to the Running Configuration file. STEP 3 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 480 • Duration—Length of time that the key identifier is valid. Enter the following fields: Days—Number of days that the key-identifier is valid. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 481: Management Access Method

    Access Methods—Methods for accessing and managing the device: Telnet Secure Telnet (SSH) Hypertext Transfer Protocol (HTTP) Secure HTTP (HTTPS) Simple Network Management Protocol (SNMP) All of the above Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 482 This only applies to device types that offer a console port. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 483 Deny—Denies access to the device if the user matches the settings in the profile. • Applies to Interface—Select the interface attached to the rule. The options are: All—Applies to all ports, VLANs, and LAGs. User Defined—Applies to selected interface. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 484 To add profile rules to an access profile: Click Security > Mgmt Access Method > Profile Rules. STEP 1 Select the Filter field, and an access profile. Click Go. STEP 2 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 485 All—Applies to all ports, VLANs, and LAGs. User Defined—Applies only to the port, VLAN, or LAG selected. • Interface—Enter the interface number. The OOB port can also be entered. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 486: Management Access Authentication

    In other words, if authentication fails for an authentication method, the device stops the authentication attempt; it does not continue and does not attempt to use the next authentication method. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 487 Local or None are ignored. Click Apply. The selected authentication methods are associated with the access method. STEP 5 Secure Sensitive Data Management Security: Secure Sensitive Data Management. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 488: Ssl Server

    Table. Select one of these fields. These fields are defined in the Edit page except for the following fields: • Valid From—Specifies the date from which the certificate is valid. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 489 Certificate ID—Select the active certificate. • Certificate Source—Displays that the certificate is user-defined. • Certificate—Copy in the received certificate. • Import RSA Key-Pair—Select to enable copying in the new RSA key-pair. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 490 Duration—Enter the length of time that the certificate will be valid. Click Apply to apply the changes to the Running Configuration. STEP 4 SSH Server Security: SSH Server. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 491: Ssh Client

    The TCP Service Table displays the following fields for each service: • Service Name—Access method through which the device is offering the TCP service. • Type—IP protocol the service uses. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 492: Storm Control

    When the rate of Broadcast, Multicast, or Unknown Unicast frames is higher than the user- defined threshold, frames received beyond the threshold are discarded. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 493 • Trap on Storm—Select to send a trap when a storm occurs on a port. If this is not selected, the trap is not sent. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 494 Multicast Traffic Type—(Only for Multicast traffic) Registered or Unregistered. • Bytes Passed—Number of bytes received. • Bytes Dropped—Number of bytes dropped because of storm control. • Last Drop Time—Time that the last byte was dropped. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 495 To clear all counters on all interfaces, click Clear All Interfaces Counters. To clear all STEP 4 counters on an interface, select it and click Clear Interface Counters. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 496: Port Security

    In addition to one of these actions, you can also generate traps, and limit their frequency and number to avoid overloading the devices. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 497 Forward—Forwards packets from an unknown source without learning the MAC address. Shutdown—Discards packets from any unlearned source, and shuts down the port. The port remains shut down until reactivated, or until the device is rebooted. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 498: 802.1X Authentication

    This section describes the IP Source Guard feature. It covers the following topics: • Interactions with Other Features • Filtering • IP Source Guard Work Flow • Properties • Interface Settings • Binding Database Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 499 If source IP address filtering is enabled: IPv4 traffic: Only traffic with a source IP address that is associated with the port is permitted. Non IPv4 traffic: Permitted (Including ARP packets). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 500 • Non IPv4 traffic — All non-IPv4 traffic is permitted. Interactions with Other Features for more information about enabling IP Source Guard on interfaces. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 501 Click Apply to save the above changes to the Running Configuration and/or Retry Now to STEP 3 check TCAM resources. The entries in the Binding database are displayed: • VLAN ID—VLAN on which packet is expected. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 502 ARP request was not received. After the attack, all traffic from the device under attack flows through the attacker's computer and then to the router, switch, or host. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 503 This section describes ARP Inspection and covers the following topics: • How ARP Prevents Cache Poisoning • Interaction Between ARP Inspection and DHCP Snooping • ARP Defaults • ARP Inspection Work Flow Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 504 DHCP Snooping Binding database the packet is invalid and is dropped. A SYSLOG message is generated. • If a packet is valid, it is forwarded and the ARP cache is updated. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 505 If DHCP Snooping is enabled, ARP Inspection uses the DHCP Snooping Binding database in addition to the ARP access control rules. If DHCP Snooping is not enabled, only the ARP access control rules are used. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 506 ARP Packet Validation—Select to enable validation checks. • Log Buffer Interval—Select one of the following options: Retry Frequency—Enable sending SYSLOG messages for dropped packets. Entered the frequency with which the messages are sent. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 507 • IP Address—IP address of packet. • MAC Address—MAC address of packet. Click Apply. The settings are defined, and the Running Configuration file is updated. STEP 4 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 508 ARP Access Control Name. Click Apply. The settings are defined, and the Running Configuration file is updated. STEP 4 First Hop Security Security: IPv6 First Hop Security Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 509: Denial Of Service Prevention

    One method of resisting DoS attacks employed by the device is the use of SCT. SCT is enabled by default on the device and cannot be disabled. The Cisco device is an advanced device that handles management traffic, protocol traffic and snooping traffic, in addition to end-user (TCP) traffic.
  • Page 510 A SYN attack is identified if the number of SYN packets per second exceeds a user-configured threshold. • Block SYN-FIN packets. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 511 NOTE advanced QoS policies that are bound to a port. ACL and advanced QoS policies are not active when a port has DoS Protection enabled on it. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 512 SYN Rate Protection page. • ICMP Filtering—Click Edit to go to the ICMP Filtering page. • IP Fragmented—Click Edit to go to the IIP Fragments Filtering page. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 513 SYN Protection Period—Time in seconds before unblocking the SYN packets (the deny SYN with MAC-to-me rule is unbound from the port). Click Apply. SYN protection is defined, and the Running Configuration file is updated. STEP 3 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 514 Class E Address Space. You can also add new Martian Addresses for DoS prevention. Packets that have a Martian addresses are discarded. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 515 Click Security > Denial of Service Prevention > SYN Filtering. STEP 1 Click Add. STEP 2 Enter the parameters. STEP 3 • Interface—Select the interface on which the filter is defined. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 516 Mask—Select the subnet to which the source IP address belongs and enter the subnet mask in dotted decimal format. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 517 Click Apply. The ICMP filtering is defined, and the Running Configuration is updated. STEP 4 IIP Fragments Filtering The IP Fragmented page enables blocking fragmented IP packets. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 518 Prefix Length—Select the Prefix Length and enter the number of bits that comprise the source IP address prefix. Click Apply. The IP fragmentation is defined, and the Running Configuration file is updated. STEP 4 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 519: Chapter 22: Security: 802.1X Authentication

    802.1x authentication is a client-server model. In this model, network devices have the following specific roles. • Client or supplicant • Authenticator • Authentication server Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 520 (EAPOL packets) and passes them to the authentication server, using the RADIUS protocol. With MAC-based or web-based authentication, the authenticator itself executes the EAP client part of the software on behalf on the clients seeking network access. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 521 Port Authentication States The port authentication state determines whether the client is granted access to the network. The port administrative state can be configured in the Port Authentication page. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 522 RADIUS-assigned VLAN or the unauthenticated VLANs. Radius VLAN assignment on a port is set in the Port Authentication page. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 523 If more than one authentication method is enabled on the switch, the following hierarchy of authentication methods is applied: • 802.1x Authentication: Highest • WEB-Based Authentication • MAC-Based Authentication: Lowest Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 524 (such as printers and IP phones) that do not have the 802.1X supplicant capability. MAC-based authentication uses the MAC address of the connecting device to grant or deny network access. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 525 Quiet Time. When the session is timed-out, the username/password is discarded, and the guest must re-enter them to open a new session. Authentication Methods and Port Modes. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 526 The member ports must be manually configured as tagged members. • The member ports must be trunk and/or general ports. An access port cannot be member of an unauthenticated VLAN. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 527 You can set the RADIUS VLAN Assignment field to static in the Port Authentication page. This enables the host to be bridged according to static configuration. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 528 In single-host mode you can configure the action to be taken when an unauthorized host on authorized port attempts to access the interface. This is done in the Host and Session Authentication page. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 529 A value of 0 specifies the unlimited number of login attempts. The duration of the quiet period and the maximum number of login attempts can be set in the Port Authentication page. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 530 N/S—The authentication method does not support the port mode. You can simulate the single-host mode by setting Max Hosts parameter to 1 in the Port NOTE Authentication page. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 531 Frames are Frames dropped bridged based sessions dropped on the static bridged unless VLAN based on they configuration the static belongs VLAN to the configurat unauthent icated VLANs Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 532 An EAP Identifier Request message is received on the port and the supplicant is enabled on the port. 802.1x authenticator and supplicant cannot be configured at the same time on a single interface. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 533 Select the required port and click Edit. STEP 2 Enter the fields required for the port. STEP 3 The fields in this page are described in Port Authentication. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 534 Click Security > 802.1X > Port Authentication. STEP 2 Select the required port and click Edit. STEP 3 Enable supplicant support and specify the credentials to use. STEP 4 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 535: Properties

    The guest VLAN can be defined as a layer 3 interface (assigned an IP address) like any other VLAN. However, device management is not available via the guest VLAN IP address. • Guest VLAN ID—Select the guest VLAN from the list of VLANs. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 536 Click Apply. The 802.1X properties are written to the Running Configuration file. STEP 3 To change Enable or Disable authentication on a VLAN, select it, click Edit and select either Enable or Disable. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 537: Port Authentication

    The options are: Force Unauthorized—Denies the interface access by moving the interface into the unauthorized state. The device does not provide authentication services to the client through the interface. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 538 Reauthentication Period—Enter the number of seconds after which the selected port is reauthenticated. • Reauthenticate Now—Select to enable immediate port re-authentication. • Authenticator State—Displays the defined port authorization state. The options are: Initialize—In process of coming up. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 539 EAP Timeout—Enter the maximum time that is waited for EAP responses before timeout occurs. • Supplicant Timeout—Enter the number of seconds that lapses before EAP requests are resent to the supplicant. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 540: Host And Session Authentication

    Interface—Enter a port number for which host authentication is enabled. The OOB port is not included. • Host Authentication—Select one of the modes. These modes are described above in Port Host Modes. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 541: Authenticated Hosts

    • Authentication Method—Method by which the last session was authenticated. • Authentication Server—RADIUS server. • MAC Address—Displays the supplicant MAC address. • VLAN ID—Port’s VLAN. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 542 Click Apply and the settings are saved to the Running Configuration file. STEP 5 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 543 The selected color is shown in the Text field. Header and Footer Text Color—Enter the ASCII code of the header and footer text color. The selected color is shown in the Text field. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 544 Username Textbox—Select for a username textbox to be displayed. • Username Textbox Label—Select the label to be displayed before the username textbox. • Password Textbox—Select for a password textbox to be displayed. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 545 Enter the Success Message, which is the text that will be displayed if the end user successfully STEP 15 logs in. Click Apply and the settings are saved to the Running Configuration file. STEP 16 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 546 To configure MAC-based authentication: Click Security > 802.1X Authentication > MAC-Based Authentication Settings STEP 1 Enter the following fields: STEP 2 • MAC Authentication Type—Select one of the following options: Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 547 Plaintext—Define a password in plaintext format. • Password MD5 Digest—Displays the MD5 Digest password. Click Apply and the settings are saved to the Running Configuration file. STEP 3 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 548: Chapter 23: Security: Secure Sensitive Data Management

    Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 549: Ssd Management

    A device comes with a set of default SSD rules. An administrator can add, delete, and change SSD rules as desired. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 550 Read Permission—The read permissions associate with the rules. These can be the following: (Lowest) Exclude—Users are not permitted to access sensitive data in any form. (Middle) Encrypted Only—Users are permitted to access sensitive data as encrypted only. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 551 Each management channel allows specific read presumptions. The following summarizes these. Read Permission Default Read Mode Allowed Exclude Exclude Encrypted Only *Encrypted Plaintext Only *Plaintext Both *Plaintext, Encrypted Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 552 When doing a file transfer initiated by an XML or SNMP command, the underlying protocol NOTE used is TFTP. Therefore, the SSD rule for insecure channel will apply. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 553 Insecure Encrypted Only Encrypted The default rules can be modified, but they cannot be deleted. If the SSD default rules have been changed, they can be restored. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 554: Ssd Properties

    Length—Between 8-16 characters, inclusive. • Character Classes—The passphrase must have at least one upper case character, one lower case character, one numeric character, and one special character e.g. #,$. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 555 This mode should be used when a user does not want to expose the passphrase in a configuration file. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 556 Each session has a Read mode. This determines how sensitive data appears. The Read mode can be either Plaintext, in which case sensitive data appears as regular text, or Encrypted, in which sensitive data appears in its encrypted form. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 557: Configuration Files

    The SSD control block, which is protected from tampering, contains SSD rules and SSD properties of the device creating the file. A SSD control block starts and ends with "ssd-control-start" and "ssd-control-end" respectively. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 558 If there is an SSD control block in the source configuration file and the file contains plaintext, sensitive data excluding the SSD configurations in the SSD control block, the file is accepted. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 559 Configuration file always indicates that the file contains encrypted sensitive data. By default, auto mirror configuration service is enabled. To configure auto mirror configuration to be enabled or disabled, click Administration > File Management > Firmware Operations. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 560 Enforce the integrity of the file content • Include the secure, authentication configuration commands and SSD rules that properly control and secure the access to devices and the sensitive data Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 561: Ssd Management Channels

    Channel Console Secure Telnet Insecure Secure GUI/HTTP Insecure GUI/HTTPS GUI/HTTPS Secure XML/HTTP Insecure-XML-SNMP XML/HTTPS XML/HTTPS Secure-XML-SNMP SNMPv1/v2/v3 without Insecure-XML-SNMP Secure-XML-SNMP privacy SNMPv3 with privacy Secure-XML-SNMP (level-15 users) Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 562: Menu Cli And Password Recovery

    SSD rules are defined in the SSD Rules page. SSD Properties Only users with SSD read permission of Plaintext-only or Both are allowed to set SSD properties. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 563 Click Apply. The settings are saved to the Running Configuration file. STEP 2 SSD Rules Configuration Only users with SSD read permission of Plaintext-only or Both are allowed to set SSD rules. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 564 Plaintext Only—Higher read permission than above ones. Users are permitted to get sensitive data in plaintext only. Encrypted Only—Middle read permission. Users are permitted to get sensitive data as encrypted only. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 565 The following actions can be performed on selected rules: STEP 4 • Add, Edit or Delete rules or Restore to Default. • Restore All Rules to Default—Restore a user-modified default rule to the default rule. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 566: Chapter 24: Security: Ssh Server

    SSH server application, such as PuTTY. The public keys are entered in the device. The users can then open an SSH session on the device through the external SSH server application. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 567: Common Tasks

    Add the users and their public key into to SSH User Authentication Table in the SSH User STEP 4 Authentication page. Establish SSH sessions to the device from a SSH client application such as PUTTY. STEP 5 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 568: Ssh User Authentication

    (see User Accounts). • SSH User Authentication by Public Key—Select to perform authentication of the SSH client user using the public key. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 569: Ssh Server Authentication

    SSH driver. To perform SSH Server Authentication, the remote SSH client must have a copy of the SSH server public key (or fingerprint) of the target SSH server Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 570 If the key is already being displayed as plaintext, you can click Display Sensitive Data as Encrypted. to display the text in encrypted form. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 571: Chapter 25: Security: Ssh Client

    When files are downloaded via SCP, the information is downloaded from the SCP server to the device via a secure channel. The creation of this secure channel is preceded by authentication, which ensures that the user is permitted to perform the operation. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 572 One of the following can occur: If a match is found, both for the server’s IP address/host name and its fingerprint, the server is authenticated. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 573 SSH client to the SSH server. The action of creating the user and copy the public key (or fingerprint) to the SSH server is beyond the scope of this guide. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 574 When the connection between a device (as an SSH client) and an SSH server is established, the client and SSH server exchange data in order to determine the algorithms to use in the SSH transport layer. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 575 This section describes some common tasks performed by the device as a SSH client. All pages referenced are pages found under the SSH Client branch of the menu tree. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 576 Click Details to view the generated, encrypted keys, and copy them (including the Begin and STEP 3 End footers) from the Details page to an external device. Copy the public and private keys separately. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 577: Ssh User Authentication

    User Key Table block. Enter the Username (no matter what method was selected) or user the default username. This STEP 3 must match the username defined on the SSH server. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 578: Ssh Server Authentication

    • IPv6 Source Interface—Select the source interface whose IPv6 address will be used as the source IPv6 address for messages used in communication with IPv6 SSH servers. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 579 • Fingerprint—Enter the fingerprint of the SSH server (copied from that server). Click Apply. The trusted server definition is stored in the Running Configuration file. STEP 5 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 580: Change User Password On The Ssh Server

    Old Password—This must match the password on the server. • New Password—Enter the new password and confirm it in the Confirm Password field. Click Apply. The password on the SSH server is modified. STEP 3 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 581: Chapter 26: Security: Ipv6 First Hop Security

    • Attack Protection • Policies, Global Parameters and System Defaults • Common Tasks • Default Settings and Configuration • Configuring IPv6 First Hop Security through Web GUI Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 582: Ipv6 First Hop Security Overview

    Certification Path Advertisement message CPS message Certification Path Solicitation message DAD-NS message Duplicate Address Detection Neighbor Solicitation message FCFS-SAVI First Come First Served - Source Address Validation Improvement Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 583 If IPv6 First Hop Security is enabled on a VLAN, the switch traps the following messages: • Router Advertisement (RA) messages • Router Solicitation (RS) messages • Neighbor Advertisement (NA) messages Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 584 Trapped RS,CPS NS and NA messages are also passed to the ND Inspection feature. ND Inspection validates these messages, drops illegal messages, and passes legal messages to the IPv6 Source Guard feature. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 585 For example, in Figure 2 Switch B and Switch C are inner links inside the protected area. Figure 2 IPv6 First Hop Security Perimeter Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 586: Router Advertisement Guard

    FHS common component is enabled, a rate limited SYSLOG message is sent. Neighbor Discovery Inspection Neighbor Discovery (ND) Inspection supports the following functions: • Validation of received Neighbor Discovery protocol messages. • Egress filtering Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 587: Dhcpv6 Guard

    Neighbor Binding Integrity Neighbor Binding (NB) Integrity establishes binding of neighbors. A separate, independent instance of NB Integrity runs on each VLAN on which the feature is enabled. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 588 An IPv6 address is bound to a link layer property of the host's network attachment. This property, called a "binding anchor" consists of the interface identifier (ifIndex) through which the host is connected to and the host’s MAC address. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 589 If no NA message is received as a reply to the DAD-NS message, the local device infers that no binding for that address exists in other devices and creates the local binding for that address. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 590: Ipv6 Source Guard

    Neighbor Binding table except for the following messages that are passed without validation: • RS messages, if the source IPv6 address equals the unspecified IPv6 address. • NS messages, if the source IPv6 address equals the unspecified IPv6 address. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 591: Attack Protection

    NB Integrity provides protection against such attacks in the following ways: • If the given IPv6 address is unknown, the Neighbor Solicitation (NS) message is forwarded only on inner interfaces. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 592 MAC address for the last hop routing. A malicious host could send IPv6 messages with a different destination IPv6 address for the last hop forwarding, causing overflow of the NBD cache. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 593: Policies, Global Parameters And System Defaults

    When a user-defined policy is attached to an interface, the default policy for that interface is detached. If the user-define policy is detached from the interface, the default policy is reattached. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 594: Common Tasks

    In this same page, set the Global Packet Drop Logging feature. STEP 2 If required, either configure a user-defined policy or add rules to the default policies for the STEP 3 feature. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 595 In this same page, set the global configuration values that are used if no values are set in a STEP 2 policy. If required, either configure a user-defined policy or add rules to the default policies for the STEP 3 feature. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 596: Default Settings And Configuration

    Default Settings and Configuration If IPv6 First Hop Security is enabled on a VLAN, the switch traps the following messages by default: • Router Advertisement (RA) messages Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 597: Configuring Ipv6 First Hop Security Through Web Gui

    Click Apply to add the settings to the Running Configuration file. STEP 3 Create a FHS policy if required by clicking Add. STEP 4 Enter the following fields: • Policy Name—Enter a user-defined policy name. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 598 Policy Name—Enter a user-defined policy name. • Device Role—Displays one of the following options to specify the role of the device attached to the port for RA Guard. Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...
  • Page 599 Minimal Hop Limit—Indicates if the RA Guard policy checks the minimum hop limit of the packet received. Inherited—Feature is inherited from either the VLAN or system default (client). Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4...