Page 1 ADMINISTRATION GUIDE Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 2: Table Of Contents
Suspended Interfaces Stack Topology Traffic Errors Chapter 3: Configuration Wizards Getting Started Wizard VLAN Configuration Wizard ACL Wizard Chapter 4: Status and Statistics System Summary CPU Utilization Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 3 Console Settings (Autobaud Rate Support) User Accounts Idle Session Timeout System Log Reboot Routing Resources Ping Traceroute Chapter 6: Administration: File Management System Files Firmware Operations File Operations Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 4 System Time SNTP Unicast SNTP Multicast/Anycast SNTP Authentication Time Range Recurring Time Range Chapter 9: Administration: Discovery Bonjour LLDP and CDP Discover - LLDP Discovery - CDP Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 5 Built-in Smartport Macros Chapter 12: VLAN Management Overview Regular VLANs Private VLAN Settings GVRP Settings VLAN Groups Voice VLAN Access Port Multicast TV VLAN Customer Port Multicast TV VLAN Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 6 IP Multicast Group Address IPv4 Multicast Configuration IPv6 Multicast Configuration IGMP/MLD Snooping IP Multicast Group Multicast Router Port Forward All Unregistered Multicast Chapter 16: IP Configuration Overview Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 7 Chapter 19: IP Configuration: SLA Overview Using SLA Chapter 20: Security Configuring TACACS+ RADIUS Password Strength Key Management Management Access Method Management Access Authentication SSL Server TCP/UDP Services Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 8 SSD Properties Configuration Files SSD Management Channels Menu CLI and Password Recovery Configuring SSD Chapter 23: Security: SSH Server Overview Common Tasks SSH User Authentication SSH Server Authentication Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 9 Chapter 26: Access Control Overview MAC-Based ACLs Creation IPv4-based ACL Creation IPv6-Based ACL Creation ACL Binding Chapter 27: Quality of Service QoS Features and Components General QoS Basic Mode Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 10 SNA Graphics Top Right-Hand Menu Topology View Right-Hand Information Panel Operations Overlays Tags Search Notifications Device Authorization Control (DAC) DAC Workflow Services Saving SNA Settings Technical Details Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 11: Chapter 1: Getting Started
If you are using IPv6 interfaces on your management station, use the IPv6 global address and not the IPv6 link local address to access the device from your browser. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 12 PC. Logging In The default username/password is cisco/cisco. The first time that you log in with the default username and password, you are required to enter a new password. If you have not previously selected a language for the GUI, the language of the Login page is...
Page 13 Language Menu described in Application Header. If this is the first time that you logged on with the default user ID (cisco) and the default STEP 3 password (cisco) or your password has expired, the Change Password Page appears. See Password Expiration for additional information.
Page 14: Out-Of-Band Port
If you did select this option, the initial page is the System Summary page. Out-Of-Band Port OOB is only supported on SG350XG and SG550XG devices. NOTE Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 15 DHCP client (IPv4 and IPv6) is enabled by default on the OOB port and on the default VLAN. Static route on OOB port Static routes are supported on the OOB port. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 16: Usb Port
Both relative path or fully qualified paths can be used. The system supports the following user actions on the USB port through the GUI: • Display the USB contents Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 17: Basic Or Advanced Display Mode
When switching from one mode to another, any configuration which was made on the page (without Apply) is deleted. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 18: Quick Start Device Configuration
Configure SPAN Switched Port Analyzer (SPAN) There are two hot links on the Getting Started page that take you to Cisco web pages for more information. Clicking on the Support link takes you to the device product support page, and clicking on the Forums link takes you to the Support Community page.
Page 19: Interface Naming Conventions
For example, GE1/0/4 is port number 4 on the first unit of the stack. • Slot Number—The slot number is always 0. • Interface Number: Port, LAG, Tunnel, or VLAN ID. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 20: Window Navigation
Running Configuration. Username Displays the name of the user logged on to the device. The default username is cisco. (The default password is cisco). Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 21 Alert Status icon is no longer displayed. To display the page when there is not an active SYSLOG message, Click Status and Statistics > View Log > RAM Memory. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 22 Clear Logs Clears log files. Clear Table Clears table entries. Close Returns to main page. If any changes were not applied to the Running Configuration, a message appears. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 23: Search Facility
The search function helps the user to locate relevant GUI pages. The search result for a keyword includes links to the relevant pages, and also links to the relevant help pages. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 24 CDP: If you are in Basic mode, links to pages in Advanced mode are displayed but not available. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 25: Chapter 2: Dashboard
Stack Topology • Traffic Errors Grid Management The dashboard consists of multiple modules, but only a subset of the modules can be viewed at the same time. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 26 The module can be dropped in an unoccupied spot, or in a spot occupied by a module of the same size. If the selected spot is occupied, the modules switch places. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 27: System Health
• Fan Status—Yellow if one fan failed and is backed up by the redundant fan; Green if the fan is operational; Red if the fan is faulty. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 28: Resource Utilization
TCAM—Usage in percentage of all non-IP TCAM entries. • CPU—Percentage of CPU being used. Each bar becomes red if the resource utilization is higher than 80 percent. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 29: Identification
• MAC Address (master unit)—MAC address of the unit. • Serial Number (master unit)—Serial number of the unit. • System Location—Enter the physical location of the device. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 30: Port Utilization
This modules displays the ports on the device in either device or chart view. The view is selected in the configuration options (pencil icon in upper-right corner). • Display Mode—Device View Displays the device. Hovering over a port displays information about it. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 31 For each port, the following port utilization information is displayed: Tx—% (green) Rx—% (blue) • Refresh Time—Select one of the displayed options. • Interface Statistics—Lick to link to the Status and Statistics -> Interface page. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 32: Poe Utilization
When hovering on a bar, a tooltip appears showing the actual PoE utilization of the unit in watts. Latest Logs This module contains information about the five latest events logged by the system as SYSLOGs, as shown below: Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 33: Suspended Interfaces
Port name. If the port is a member of a LAG, the LAG identity of the port. The suspension reason if it is suspended. • Table View Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 34: Stack Topology
Stack Master—Number of unit functioning as the master unit of the stack. Hovering over a unit in the module displays a tooltip identifying the unit and providing basic information on its stacking ports. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 35: Traffic Errors
If the port is a member of a LAG, the LAG identity of the port. Details of the last error logged on the port. • Display Mode - Table View Interface—Name of port Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 36 Last traffic error—Traffic error that occurred on a port and the last time the error occurred. • Refresh Time—Select one of the refresh rates. • Traffic Error Information—Click to link to the Statistics page. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 37: Chapter 3: Configuration Wizards
No other symbols, punctuation characters, or blank spaces are permitted (as specified in RFC1033, 1034, 1035). Click Next. STEP 4 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 38 Clock Source—Select one of the following: Manual Settings—Select to enter the device system time. If this is selected, enter the Date and Time. Default SNTP Servers—Select to use the default SNTP servers. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 39: Vlan Configuration Wizard
Select the ports are that to be the access ports of the VLAN. Access ports of a VLAN is STEP 8 untagged member of the VLAN. (by clicking with mouse on the required ports in the graphical display). Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 40: Acl Wizard
User defined to enter a destination address or a range of destination addresses. • Destination MAC Value—Enter the MAC address to which the destination MAC address is to be matched and its mask (if relevant). Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 41 Note that this mask is different than in other uses, such as subnet mask. Here, setting a bit as 1 indicates don't care and 0 indicates to mask that value. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 42 VLANs only—Bind the ACL to a VLAN. Enter the list of VLANs in the Enter the list of VLANs you want to bind the ACL to field. No binding—Do not bind the ACL. Click Apply. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 43: Chapter 4: Status And Statistics
• GVRP • 802.1X EAP • • TCAM Utilization • Health and Power • Switched Port Analyzer (SPAN) • Diagnostics • RMON • sFlow • View Logs Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 44: System Summary
In a stack, the Firmware Version number shown is based on the version of the NOTE master. • Firmware MD5 Checksum (Active Image)—MD5 checksum of the active image. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 45 PoE Power Mode—Port Limit or Class Limit. The master unit is displayed graphically., as shown below: Hovering on a port displays its name. The following information is displayed for each unit: Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 46: Cpu Utilization
Select the Refresh Rate (time period in seconds) that passes before the statistics are refreshed. STEP 3 A new sample is created for each time period. The window containing a graph displaying CPU utilization on the device is displayed. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 47: Interface
Broadcast Packets—Good Broadcast packets transmitted. To view statistics counters in table view or graphic view: STEP 3 • Click View All Interfaces Statistics to see all ports in table view. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 48: Etherlike
Pause Frames Received—Received flow control pause frames. This field is only supported for XG ports. When the port speed is 1G, the received pause frames counter is not operational. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 49: Port Utilization
GVRP is a standards-based Layer 2 network protocol, for automatic configuration of VLAN information on switches. It is defined in the 802.1ak amendment to 802.1Q-2005. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 50 Invalid Attribute Length—Invalid attribute length errors. • Invalid Event—Invalid events. To clear statistics counters: STEP 3 • Click View All Interfaces Statistics to see all ports on a single page. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 51: 802.1X Eap
Last EAPOL Frame Source—Source MAC address attached to the most recently received EAPOL frame. To clear statistics counters: STEP 4 • Click View All Interfaces Statistics to view the counters of all interfaces. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 52: Acl
Some applications allocate rules upon their initiation. Additionally, processes that initialize during system boot use some of their rules during the startup process. To view TCAM utilization, click Status and Statistics > TCAM Utilization. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 53 IPv6 Policy Based Routing In Use—Number of router TCAM entries used for IPv6 Policy-based routing. Maximum—Number of available router TCAM entries that can be used for IPv6 Policy-based routing. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 54: Health And Power
Amber (solid) – RPS is connected but providing power to two other devices. In this case, the RPS will not be able to provide power to the current device, while providing power to the two other devices. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 55 Warning If fan status is OK, the ports are enabled. threshold - 2 °C). (On devices that support PoE) the PoE circuitry is enabled. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 56 Set the time range for the power operations. • Data—The Port Management > Port Settings page is displayed. Connect the time range to one or more ports. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 57 Active—Power supply is being used. Failure—Main power has failed. Main Power Supply Budget—Amount of power that can be can be allocated for device PSE operation by the main power supply. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 58 Redundant Fan Status—The following values are possible: Ready—Redundant fan is operational but not required. Active—One of the main fans is not working and this fan is replacing it. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 59 Not Connected—The PD port is not connected to a PSE device. • Negotiation Mode—One of the following values. Auto—CDP or LLDP negotiation is used to determine power level. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 60: Switched Port Analyzer (Span And Rspan)
Switched Port Analyzer (SPAN and RSPAN) The SPAN feature, which is sometimes called port mirroring or port monitoring, selects network traffic for analysis by a network analyzer. The network analyzer can be a Cisco SwitchProbe device or other Remote Monitoring (RMON) probes.
Page 61 1. Define the RSPAN VLAN. This RSPAN VLAN must be the same in all switches. 2. Define one or more source interfaces, which can be ports or a VLAN, and ensure that it is not a member of the RSPAN VLAN. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 62 The previously-defined RSPAN VLAN is displayed. To configure a VLAN as an RSPAN VLAN, select it from the RSPAN VLAN dropdown list STEP 2 of VLANs. Click Apply. STEP 3 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 63 One or more SPAN or RSPAN sources must be configured on the start and final devices. To configure the source ports to be mirrored: Click Status and Statistics > SPAN & RSPAN > SPAN Session Sources. STEP 1 Click Add. STEP 2 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 64: Diagnostics
Cables of up to 140 meters long can be tested. These results are displayed in the Test Results block of the Copper Test page. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 65 No Cable—Cable is not connected to the port. Open Cable—Cable is connected on only one side. Short Cable—Short circuit has occurred in the cable. Unknown Test Result—Error has occurred. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 66 550 m. • MGBT1: 1000BASE-T SFP transceiver for category 5 copper wire, supports up to 100 m. The following XG SFP+ (10,000Mbps) transceivers are supported: • Cisco SFP-10GSR Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 67 This page provides a detailed log of the device status. This is valuable when the technical support are trying to help a user with a problem, since it gives the output of many show commands (including debug command) in a single command. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 68: Rmon
The information is displayed according to the RMON standard. An oversized packet is defined as an Ethernet frame with the following criteria: • Packet length is greater than MRU byte size. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 69 (FCS Error) or a bad FCS with a non-integral octet (Alignment Error) number. A Jabber packet is defined as an Ethernet frame that satisfies the following criteria: Packet data length is greater than MRU. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 70 After the data is sampled and stored, it appears in the History Table page that can be viewed by clicking History Table. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 71 STEP 1 Click History Table. STEP 2 From the History Entry No. drop down menu, optionally select the entry number of the STEP 3 sample to display. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 72 You can control the occurrences that trigger an alarm and the type of notification that occurs. This is performed as follows: • Events Page—Configures what happens when an alarm is triggered. This can be any combination of logs and traps. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 73 Click Apply. The RMON event is saved to the Running Configuration file. STEP 4 Click Event Log Table to display the log of alarms that have occurred and that have been STEP 5 logged (see description below). Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 74 Alarm page below. In addition to those fields, the following field appears: • Counter Value—Displays the value of the statistic during the last sampling period. Click Add. STEP 2 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 75 Owner—Enter the name of the user or network management system that receives the alarm. Click Apply. The RMON alarm is saved to the Running Configuration file. STEP 4 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 76: Sflow
3. View and clear the sFlow statistics counters. Use the sFlow Statistics page for this. sFlow Receiver Settings To set the sFlow receiver parameters: Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 77 Port—Port to which SYSLOG message are sent. • Maximum Datagram Size—Maximum number of bytes that can be sent to the receiver in a single sample datagram (frame). Click Apply. STEP 6 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 78 The following sflow statistics per interface are displayed: Interface — Port for which sample was collected. Packets Sampled — Number of packets sampled. Datagrams Sent to Receiver — Number of sFlow sampling packets sent. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 79: View Logs
The following are displayed at the top of the page: • Alert Icon Blinking—Toggles between disable and enable. • Log Pop-Up—Enables receiving pop-up SYSLOGs as described above. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 80 • Log Time—Time when message was generated. • Severity—Event severity. • Description—Message text describing the event. To clear the messages, click Clear Logs. The messages are cleared. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 81: Chapter 5: Administration
• System Log • File Management • Reboot • Routing Resources • Discovery - Bonjour • Discovery - LLDP • Discovery - CDP • Ping • Traceroute Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 82: Device Models
PoE Managed Switch SG350X-24 24-Port Gigabit Stackable Managed Switch SG350X-24P 24-Port Gigabit PoE Stackable Managed Switch SG350X-24MP 24-Port Gigabit PoE Stackable Managed Switch SG350X-48 48-Port Gigabit Stackable Managed Switch Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 83 24-port 10GBase-T Stackable Switch(2 combo) with RPS support SG550XG-48T 48-port 10GBase-T Stackable Switch (2 combo) with RPS support SG550XG-24F 24-port SFP+ Ten Gigabit Stackable Switch (2 combo) with RPS support Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 84: System Settings
Console Settings (Autobaud Rate Support) The console port speed can be set to one of the following speeds: 4800, 9600, 19200, 38400, 57600, and 115200 or to Auto Detection. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 85: User Accounts
After adding a level 15 user (as described below), the default user is removed from the system. It is not permitted to delete all users. If all users are selected, the Delete button is disabled. NOTE Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 86 Read/Write Management Access (15)—User can access the GUI, and can configure the device. Click Apply. The user is added to the Running Configuration file of the device. STEP 5 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 87: Idle Session Timeout
The device generates the following local logs: • Log sent to the console interface. • Log written into a cyclical list of logged events in the RAM and erased when the device reboots. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 88 For example, if Warning is selected, all severity levels that are Warning and higher are stored in the log (Emergency, Alert, Critical, Error, and Warning). No events with severity level below Warning are stored (Notice, Informational, and Debug). Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 89 The Remote Log Servers page enables defining remote SYSLOG servers to which log messages are sent. For each server, you can configure the severity of the messages that it receives. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 90 Facility—Select a facility value from which system logs are sent to the remote server. Only one facility value can be assigned to a server. If a second facility code is assigned, the first facility value is overridden. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 91: Reboot
Reloading the device cause loss of connectivity in the network, thus by using delayed reboot, you can schedule the reboot to a time that is more convenient for the users (e.g. late night). Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 92: Routing Resources
Clear Startup Configuration File—Check to clear the startup configuration on the device for the next time it boots up. Routing Resources TCAM entries are divided into the following groups: Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 93 TCAM Entries is the number of router TCAM entries being used for the neighbors. There are 4 TCAM entries per neighbor for the SG550XG family and 1 for the SG350XG family. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 94 Interfaces (x TCAM entries per interface)—Count is the number of interfaces on the device and TCAM Entries is the number of TCAM entries being used for the interfaces. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 95 TCAM Resources Table—Displays the number of TCAM entries actually in use and available. • Maximum TCAM Entries for Routing and Multicast Routing—Number of TCAM entries available for routing and Multicast routing. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 96 Maximum TCAM Entries for Non-IP Rules—Number of TCAM entries available for non-IP rules. • Non-IP Rules In Use—Number of TCAM entries utilized for non-IP rules. Maximum—Maximum number of TCAM entries available for non-IP rules. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 97: Ping
IP Version—If the source interface is identified by its IP address, select either IPv4 or IPv6 to indicate that it will be entered in the selected format. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 98 Packets Lost—Percentage of packets lost in ping process • Minimum Round Trip Time—Shortest time for packet to return • Maximum Round Trip Time—Longest time for packet to return Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 99: Traceroute
Host—Displays a stop along the route to the destination. Round Trip Time (1-3)—Displays the round trip Time in (ms) for the first through third frame and the Status of the first through third operation. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 100: Chapter 6: Administration: File Management
The configuration files are text files and can be edited in a text editor, such as Notepad after they are copied to an external device, such as a PC. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 101 More commonly referred to as the image. • Language File—The dictionary that enables the web-based configuration utility windows to be displayed in the selected language. • Logging File—SYSLOG messages stored in Flash memory. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 102: Firmware Operations
Active Firmware Version—Displays the version of the current, active firmware file. Enter the following fields: STEP 2 • Operation Type—Select Update Firmware or Backup Firmware. • Copy Method—Select HTTP/HTTPS or USB. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 103 Link Local Interface—Select the link local interface (if IPv6 is used) from the list. • Server IP Address/Name—Enter the IP address or the name of the TFTP server, whichever is relevant. • (Update) Source—Enter the name of the source file. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 104 The username and password for one-time credential will not saved in NOTE configuration file. Enter the following fields: STEP 6 • Server Definition—Select whether to specify the SCP server by IP address or by domain name. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 105 Active Firmware File—Displays the current, active firmware file. • Active Firmware Version—Displays the version of the current, active firmware file. Enter the following fields are displayed: STEP 2 • Operation Type—Select Swap Image. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 106: File Operations
Unless the Running Configuration is copied to the Startup Configuration or another CAUTION configuration file, all changes made since the last time the file was copied are lost when the device is rebooted. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 107 Server Definition—Select whether to specify the TFTP server by IP address or by domain name. If Server Definition is By Address: IP Version—Select whether an IPv4 or an IPv6 address is used. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 108 System Credentials to go to the SSH User Authentication page where the user/ password can be set once for all future use. • Use SSH Client One-Time Credentials—Enter the following: Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 109 Source File Type—Select one of the configuration file types to backup. • Copy Method—Select HTTP/HTTPS. • Sensitive Data Handling—Select how sensitive data should be included in the backup file. The following options are available: Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 110 To backup a system configuration file using TFTP: Click Administration > File Management > File Operations. STEP 1 Enter the following fields: STEP 2 • Operation Type—Select Backup File. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 111 The available sensitive data options are determined by the current user SSD NOTE rules. For details, refer to Secure Sensitive Data Management > SSD Rules page. Click Apply to begin the operation. STEP 3 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 112 If a link local address exists on the interface, this entry replaces the address in the configuration. Global—The IPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 113: File Directory
The File Directory page displays the system files existing in the system. If there is more than one unit in the stack, the displayed files are taken from the master unit. NOTE Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 114: Dhcp Auto Configuration/Image Update
If both Auto Image Update and Auto Configuration are requested, Auto Image Update is NOTE performed first, then after reboot, Auto Configuration is performed and then a final reboot is performed. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 115 TFTP Only—The download is done through TFTP, regardless of the file extension of the configuration file name. • SCP Only—The download is done through SCP (over SSH), regardless of the file extension of the configuration file name. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 116 The switch downloads the Indirect Image File and extracts from it the name of the image file on the TFTP/SCP server. • The switch compares the version of the TFTP server's image file with the version of the switch active image. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 117 Auto Configuration/Image Update with the first answering TFTP server. Download Protocol Selection • The copy protocol (SCP/TFTP) is selected, as described in Download Protocols (TFTP SCP). Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 118 When an IPv6-enabled interface is defined as a DHCPv6 stateless configuration client. When DHCPv6 messages are received from the server (for example, when you press the Restart button on IPv6 Interfaces page, Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 119 • Auto Configuration is enabled. • Auto Image Update is enabled. • The device is enabled as a DHCP client. • Remote SSH server authentication is disabled. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 120 3. Copy this indirect file to the TFTP/SCP server’s main directory DHCP Server Configure the DHCP server with the following options • DHCPv4—Option 125 (indirect file name) Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 121 Image Auto Update Via DHCP—Select this field to enable update of the firmware image from the DHCP server. This feature is enabled by default, but can be disabled here. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 122 Link Local Interface—Select the link local interface (if IPv6 is used) from the list. Enter the following optional information that is used if the DHCP server did not provide the STEP 4 required information. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 123 This is An example of an indirect image file name is: indirect-cisco.scp. This file contains the path and name of the firmware image. The following fields are displayed: • Last Auto Configuration/Image Server IP Address—Address of the last backup server.
Page 124: Chapter 7: Administration: Stack Management
To stack two or more devices, reconfigure the desired network ports as stack ports in the devices and connect the devices with the resulting stack ports in a ring or chain topology. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 125 Until the stack recovers to the new chain topology, a stack unit loops back the packets that are supposed to be sent through its failed stacking port, and transmits the looped back packets through its remaining stacking port to the destinations. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 126: Types Of Units In Stack
Unit 6: LED 2 and 4 are lit. • Unit 7: LED 3 and 4 are lit. • Unit 8: LED 1, 3, and 4 are lit. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 127: Stack Topology
A ring topology is more reliable than a chain topology. The failure of one link in a ring does not affect the function of the stack, whereas the failure of one link in a chain connection might cause the stack to be split. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 128: Unit Id Assignment
If auto numbering has been selected, the duplicate unit is assigned a new unit number. If auto numbering was not selected, the duplicate unit is shut down. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 129 It did not win the master selection process between the master-enabled units (1 or 2). Duplicate Unit Shut Down The following shows a case where one of the duplicate units (auto-numbered) is renumbered. Duplicate Unit Renumbered Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 130: Master Selection Process
Unit ID—If both units have the same number of time segments, the unit with the lowest unit ID is selected. • MAC Address—If both units IDs are the same, the unit with the lowest MAC address is chosen. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 131: Stack Changes
The number of units in the stack exceeds the maximum number of units allowed. The new units that joined the stack are shut down, and a SYSLOG message is generated and appears on the master unit. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 132: Unit Failure In Stack
User-assigned Master-enabled Unit Unit Failure in Stack This section includes the following topics: • Failure of Master Unit • Master/Backup Switchover Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 133 When STP is used and the ports are in link up, the STP port’s state is temporarily Blocking, and NOTE it cannot forward traffic or learn MAC addresses. This is to prevent spanning tree loops between active units. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 134: Stack Ports
You must indicate to the system (reserve) which ports you plan to use as stack ports (in the Stack Management page). The following ports can be stack ports: • XG Devices—All ports can be stack ports Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 135 Physical Constraints for Stack LAGs The following factors constrain the use of stack LAGs: • A stack LAG must contain ports of the same speed. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 136 (auto-discovery is the default setting). The system automatically identifies the stack cable type and selects the highest speed supported by the cable and the port. A SYSLOG message (informational level) is displayed when the cable type is not recognized. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 137: Software Auto Synchronization In Stack
The unit automatically reboots itself to run the new version. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 138 The following is list of differences per each hybrid stack type, and the setting used in each unit type and in the hybrid stack: Feature/Table Sx550X SG550XG Hybrid Stack OOB port Not Supported Supported Not Supported MAC table size Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 139 All units in the stack must have the same stack unit mode. When the stack is initialized, it runs a topology discovery algorithm that collects information on the units of the stack. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 140 For example, if an old unit was an FE unit type with interface ID FE1/0/1, when it is replaced with a GE unit type, the running/startup configuration (and CLI show commands) automatically display the configuration under GE1/ 0/1. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 141: Stack Management
(master, backup or slave) and the devices that it is connected to in the stack and through which stacking ports. An example is shown below: Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 142 Unit ID After Reset—Select a unit ID or select Auto to have the unit ID be assigned by the system. • Unit x Stack Connection Speed—Displays the speed of the stack connection. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 143 Administration: Stack Management Stack Management Click Apply and Reboot. The parameters are copied to the Running Configuration file and STEP 4 the stack is rebooted. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 144: Chapter 8: Administration: Time Settings
Savings Time (DST). It covers the following topics: • System Time Configuration • SNTP Modes • System Time • SNTP Unicast • SNTP Multicast/Anycast • SNTP Authentication • Time Range • Recurring Time Range Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 145: System Time Configuration
After the time has been set by any of the above sources, it is not set again by the browser. SNTP is the recommended method for time setting. NOTE Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 146: Sntp Modes
The device supports having all of the above modes active at the same time and selects the best system time received from an SNTP server, according to an algorithm based on the closest stratum (distance from the reference clock). Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 147: System Time
SNTP server: Date—Enter the system date. Local Time—Enter the system time. • Time Zone Settings—The local time is used via the DHCP server or Time Zone offset. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 148 Day—Day of the week on which DST begins every year. Week—Week within the month from which DST begins every year. Month—Month of the year in which DST begins every year. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 149: Sntp Unicast
This page displays the following information for each Unicast SNTP server: • SNTP Server—SNTP server IP address. The preferred server, or hostname, is chosen according to its stratum level. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 150 DNS server or configured so that a DNS server is identified by using DHCP. (See Settings) • IP Version—Select the version of the IP address: Version 6 or Version 4. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 151: Sntp Multicast/Anycast
To enable receiving SNTP packets from all servers on the subnet and/or to enable transmitting time requests to SNTP servers: Click Administration > Time Settings > SNTP Multicast/Anycast. STEP 1 Select from the following options: STEP 2 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 152: Sntp Authentication
STEP 1 Create a key in the SNTP Authentication page below. STEP 2 Associate this key with an SNTP server in the SNTP Unicast page. STEP 3 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 153: Time Range
Time ranges can be defined and associated with the following types of commands, so that they are applied only during that time range: • ACLs • 8021X Port Authentication • Port Settings • Time-Based PoE Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 154 Absolute Starting Time—To define the start time, enter the following: Immediate—Select for the time range to start immediately. Date, Time—Enter the date and time that the Time Range begins. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 155: Recurring Time Range
Recurring Ending Time—Enter the date and time that the Time Range ends on a recurring basis. Click Apply. STEP 5 Click Time Range to access the Absolute Time Range page. STEP 6 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 156: Chapter 9: Administration: Discovery
If a service is changed, the device will send Bonjour packets with the new information. If the IP address of the device is changed, the device will also advertise its new IP address. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 157: Lldp And Cdp
Apply). LLDP and CDP LLDP (Link Layer Discovery Protocol) and CDP (Cisco Discovery Protocol) are link layer protocols for directly-connected LLDP and CDP-capable neighbors to advertise themselves and their capabilities. By default, the device sends an LLDP/CDP advertisement periodically to all its interfaces and processes incoming LLDP and CDP packets as required by the protocols.
Page 158 VLAN. A CDP/LLDP-capable device may receive advertisements from more than one device if the CDP/LLDP-incapable devices flood the CDP/LLDP packets. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 159: Discover - Lldp
The LLDP protocol has an extension called LLDP Media Endpoint Discovery (LLDP-MED) that provides and accepts information from media endpoint devices such as VoIP phones and video phones. For further information about LLDP-MED, see LLDP MED Network Policy. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 160 TLV Advertise Interval—Enter the rate in seconds at which LLDP advertisement updates are sent, or use the default. • Topology Change SNMP Notification Interval—Enter the minimum time interval between SNMP notifications. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 161 This page contains the port LLDP information. Select a port and click Edit. STEP 2 This page provides the following fields: • Interface—Select the port to edit (including the OOB port). Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 162 LLDP PDU is transmitted) can be aggregated. It also indicates whether the link is currently aggregated, and if so, provides the aggregated port identifier. 802.3 Maximum Frame Size—Maximum frame size capability of the MAC/PHY implementation. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 163 Administration: Discovery Discover - LLDP 4-Wire Power via MDI—(relevant to PoE ports supporting 60W PoE) Proprietary Cisco TLV defined to support power over Ethernet that allow for 60 watts power (standard support is up to 30 watts). Management Address Optional TLV •...
Page 164 When this box is checked, you may not manually configure a voice network NOTE policy. Click Apply to add this setting to the Running Configuration file. STEP 3 To define a new policy, click Add. STEP 4 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 165 User Defined Network Policy—Policies are defined for types of traffic (called application). This is defined in the LLDP MED Network Policy. In this case, the following information is displayed for the policy on the port: Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 166 Location ECS ELIN—Enter the Emergency Call Service (ECS) ELIN location to be published by LLDP. Click Apply. The LLDP MED port settings are written to the Running Configuration file. STEP 5 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 167 Local PoE ((Power Type, Power Source, Power Priority, Power Value)—Local PoE information advertised. • Remote PoE (Power Type, Power Source, Power Priority, Power Value)—PoE information advertised by the neighbor. • # of neighbors—Number of neighbors discovered. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 168 • Address Subtype—Type of management IP address that is listed in the Management Address field; for example, IPv4. • Address—Returned address most appropriate for management use. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 169 PSE Power Class—Advertised power class of the port. • Power Type—Type of pod device connected to the port. • Power Source—Port power source. • Power Priority—Port power priority. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 170 Device Class—LLDP-MED endpoint device class. The possible device classes are: Endpoint Class 1—Generic endpoint class, offering basic LLDP services. Endpoint Class 2—Media endpoint class, offering media streaming capabilities, as well as all Class 1 features. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 171 Tagged—Indicates the network policy is defined for tagged VLANs. Untagged—Indicates the network policy is defined for untagged VLANs. • User Priority—Network policy user priority. • DSCP—Network policy DSCP. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 172 • Local Port—Port number. • MSAP Entry—Device Media Service Access Point (MSAP) entry number. Basic Details • Chassis ID Subtype—Type of chassis ID (for example, MAC address). Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 173 Operational MAU Type—Medium Attachment Unit (MAU) type. The MAU performs physical layer functions, including digital data conversion from the Ethernet interfaces’ collision detection and bit injection into the network; for example, 100BASE-TX full duplex mode. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 174 802.3 Maximum Frame Size—Advertised maximum frame size that is supported on the port. 802.3 Link Aggregation • Aggregation Capability—Indicates if the port can be aggregated. • Aggregation Status—Indicates if the port is currently aggregated. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 175 PoE Power Priority—Port’s power priority. • PoE Power Value—Port’s power value. • Hardware Revision –Hardware version. • Firmware Revision—Firmware version. • Software Revision—Software version. • Serial Number—Device serial number. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 176 ECS ELIN—Device’s Emergency Call Service (ECS) Emergency Location Identification Number (ELIN). • Unknown—Unknown location information. Network Policy Table • Application Type—Network policy application type, for example, Voice. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 177 Unrecognized—Total number of received TLVs that unrecognized. • Neighbor's Information Deletion Count—Number of neighbor ageouts on the interface. Click Refresh to view the latest statistics. STEP 2 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 178 LLDP MED Location Size (Bytes)—Total LLDP MED location packets byte size. Status—If the LLDP MED locations packets sent, or if they overloaded. • LLDP MED Network Policy Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 179: Discovery - Cdp
LLDP information in each packet. Discovery - CDP This section describes how to configure CDP. It covers the following topics: • CDP Properties • CDP Interface Settings • CDP Local Information Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 180 • CDP Statistics CDP Properties Similar to LLDP, the Cisco Discovery Protocol (CDP) is a link layer protocol for directly- connected neighbors to advertise themselves and their capabilities to each other. Unlike LLDP, CDP is a Cisco proprietary protocol. CDP Configuration Workflow The followings is sample workflow for configuring CDP on the device.
Page 181 Syslog Voice VLAN Mismatch—Check to send a SYSLOG message when a voice VLAN mismatch is detected. This means that the voice VLAN information in the incoming frame does not match what the local device is advertising. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 182 CDP Local Information Details—Takes you to the CDP Local Information page. • CDP Neighbor Information Details—Takes you to the CDP Neighbors Information page. Select a port and click Edit. STEP 2 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 183 Device ID Type—Type of the device ID advertised in the device ID TLV. Device ID—Device ID advertised in the device ID TLV. • System Name TLV System Name—System name of the device. • Address TLV Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 184 Layer 2 CoS value, meaning, an 802.1D/802.1p priority value. This is the COS value with which all packets received on an untrusted port are remarked by the device. • Power Available TLV Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 185 Click Administration > Discovery - CDP > CDP Neighbor Information. STEP 1 To select a filter, check the Filter checkbox, select a Local interface, and click Go. STEP 2 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 186 Platform—Identifier of the neighbors platform. • Neighbor Interface—Interface number of the neighbor through which frame arrived. • Native VLAN—Neighbors native VLAN. • Application—Name of application running on the neighbor. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 187 Power Request List—List of ports requesting power. • 4-Wire Power via MDI 4-Pair PoE Supported—Indicates system and port support enabling the 4-pair wire (true only for specific ports that have this HW ability). Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 188 Other Errors—Number of packets received with errors other than illegal checksums. • Neighbors Over Maximum—Number of times that packet information could not be stored in cache because of lack of room. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 189 To clear all counters on all interfaces, click Clear All Interface Counters. To clear all STEP 2 counters on an interface, select it and click Clear Interface Counters. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 190: Chapter 10: Port Management
4. Configure the LACP parameters for the ports that are members or candidates of a dynamic LAG by using the LACP page. 5. Configure Green Ethernet and 802.3 Energy Efficient Ethernet by using the Properties page. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 191: Port Settings
To update the port settings, select the desired port, and click Edit. STEP 4 Modify the following parameters: STEP 5 • Interface—Select the port number. • Port Description—Enter the port user-defined name or comment. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 192 You can designate Administrative Speed only when port auto- negotiation is disabled. • Operational Port Speed—Displays the current port speed that is the result of negotiation. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 193 Master—Begin negotiation with the preference that the device port is the master in the auto-negotiation process. • Neighbor Advertisement—Displays the capabilities advertised by the neighboring device (link partner). Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 194 Member in LAG—If the port is a member of a LAG, the LAG number appears; otherwise this field is left blank. Click Apply. The Port Settings are written to the Running Configuration file. STEP 6 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 195: Error Recovery Settings
Link Flap Prevention—Select to minimize the disruption to your network. Enabled, this command automatically disables ports that experience link-flap events. Click Apply to update the global setting. STEP 3 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 196: Loopback Detection Settings
LBD packets. The following conditions must be true for a port to be LBD active: • LBD is globally enabled. • LBD is enabled on the port. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 197 Enter the Detection Interval. This is the interval between transmission of LBD packets. STEP 3 Click Apply to save the configuration to the Running Configuration file. STEP 4 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 198: Link Aggregation
The group of ports assigned to a static LAG are always active members. After a LAG is manually created, the LACP option cannot be added or Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 199 When the port is removed from the LAG, its original configuration is reapplied. • Protocols, such as Spanning Tree, consider all the ports in the LAG to be one port. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 200 • IP/MAC Address—Perform load balancing by the source and destination IP addresses on IP packets, and by the source and destination MAC addresses on non-IP packets Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 201 Click Port Management > Link Aggregation > LAG Settings. STEP 1 Select a LAG, and click Edit. STEP 2 Enter the values for the following fields: STEP 3 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 202 1000 Full—The LAG advertises a 1000 Mbps speed and the mode is full duplex. 10000 Full—The LAG advertises a 10000 Mbps speed and the mode is full duplex. This is only supported on the 550 family. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 203 LAG and which ports are put in hot-standby mode. Port priorities on the other device (the non-controlling end of the link) are ignored. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 204 To define the LACP settings: Click Port Management > Link Aggregation > LACP. STEP 1 Enter the LACP System Priority. STEP 2 Select a port, and click Edit. STEP 3 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 205: Udld
In this case, the status of the link is set to undetermined. The user can configure whether ports in the undetermined state are shut down or merely trigger notifications. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 206 The port is a copper port and you specifically enable UDLD on it. How UDLD Works When UDLD is enabled on a port, the following actions are performed: • UDLD initiates the detection state on the port. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 207 UDLD in the Error Recovery Settings page. In this case, when a port is shut down by UDLD, it is automatically reactivated when the automatic recovery interval Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 208 Usage Guidelines Cisco does not recommend enabling UDLD on ports that are connected to devices on which UDLD is not supported or disabled. Sending UDLD packets on a port connected to a device that does not support UDLD causes more traffic on the port without providing benefits.
Page 209 To bring a port up after it was shut down by UDLD and automatic Workflow3: reactivation was not configured: Open the Error Recovery Settings page. STEP 1 a. Select a port. b. Click Reactivate. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 210 To copy a particular set of values to more than one port, set that value for one port and use the Copy button to copy it to the other ports. To configure UDLD for an interface: Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 211 Modify the value of the UDLD state. If you select Default, the port receives the value of the STEP 3 Fiber Port UDLD Default State in the UDLD Global Settings page. Click Apply to save the settings to the Running Configuration file. STEP 4 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 212 Neighbor Expiration Time (Sec.)—Displays the time that must pass before the device attempts to determine the port UDLD status. This is three times the Message Time. • Neighbor Message Time (Sec.)—Displays the time between UDLD messages. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 213: Poe
Power over Ethernet can be used in any enterprise network that deploys relatively low-pod devices connected to the Ethernet LAN, such as: • IP phones • Wireless access points • IP gateways • Audio and video remote monitoring devices Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 214 16 ports 60W PoE, 32 ports AT The Power over Ethernet (PoE) feature is only available on the following PoE-based devices. SKU Name PoE PD 60W PoE/AT/AF PoE PSE AF/AT SF350-08 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 215 SG350-10MP 60W PoE/AF/AT AF/AT SG350-10SFP AF/AT SG350-28P 60W PoE/AF/AT SG350-28MP 60W PoE/AF/AT SG350-52P 60W PoE/AF/AT SG350-52MP 60W PoE/AF/AT SG350X-24P 60W PoE/AF/AT SG350X-24MP 60W PoE/af/at SG350X-48P 60W PoE/AF/AT Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 216 During device operation, to change the mode from Class Power Limit to Port Limit and vice versa. The power values per port that configured for the Port Limit mode are retained. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 217 Class Limit—Maximum power limit per port is determined by the class of the device, which results from the Classification stage. Port Limit—Maximum power limit per each port is configured by the user. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 218 1440 watts, which is too much. The device cannot provide enough power to each port, so it provides power according to the priority. The administrator sets the priority for each port, allocating how much power it can be given. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 219 Max Power Allocation—This field appears only if the Power Mode set in the PoE Properties page is Power Limit. Displays the maximum amount of power permitted on this port. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 220 When the power consumed on the port exceeds the class limit, the port power is turned off. PoE Priority Example: Device Models for a description of the device models that support PoE and the maximum power that can be allocated to PoE ports. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 221 • Class—Displays the class of the device, which indicates the maximum power level of the device: Class Maximum Power Delivered by Device Port 30.0 watt 4.0 watt Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 222 A sample's average PoE consumption per port/device is as follows: Sum of all PoE consumption readings in a period / Number of minutes in the sampling period. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 223 Clear Event Counters—Clear the displayed event counters. • View Interfaces Statistics—Display the above statistics for a selected interface • View Interface History Graph—Display the counters in graph format for a selected interface Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 224: Green Ethernet
This mode is only supported on RJ45 GE ports; it does not apply to Combo ports. This mode is disabled by default. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 225 Port LEDs can be disabled on the Properties page. 802.3az Energy Efficient Ethernet Feature This section describes the 802.3az Energy Efficient Ethernet (EEE) feature. It covers the following topics: • 802.3az EEE Overview Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 226 LPI status (and not in Down status), and power is reduced. For ports to stay in LPI mode, the Keep Alive signal must be received continuously from both sides. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 227 • If the port speed on the GE port is changed to 10Mbit, 802.3az EEE is disabled. This is supported in GE models only. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 228 Energy Detect Mode—(For non-XG devices) Click the checkbox to enable. • Short Reach—(For non-XG devices) Click the checkbox to enable. If Short Reach is enabled, EEE must be disabled. NOTE Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 229 Some fields may not be displayed on some SKUs. NOTE • Port—The port number. • Energy Detect—State of the port regarding the Energy Detect feature: Administrative—Displays whether Energy Detect is enabled. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 230 Select to enable or disable 802.3 Energy Efficient Ethernet (EEE) mode on the port. STEP 5 Select to enable or disable 802.3 Energy Efficient Ethernet (EEE) LLDP mode on the port STEP 6 (advertisement of EEE capabilities through LLDP). Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 231 Port Management Green Ethernet Click Apply. The Green Ethernet port settings are written to the Running Configuration file. STEP 7 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 232: Chapter 11: Smartport
There are two ways to apply a Smartport macro by Smartport type to an interface: • Static Smartport—You manually assign a Smartport type to an interface. The result is the corresponding Smartport macro is applied to the interface. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 233 Smartport types: • Printer • Desktop • Guest • Server • Host • IP Camera • IP phone • IP Phone+Desktop • Switch Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 234 Supported by Auto Smartport Supported by Auto Smartport by default Unknown Default Printer Desktop Guest Server Host IP camera IP phone IP phone desktop Switch Router Wireless Access Point Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 235 Smartport macros should not be confused with global macros. Global macros configure the device globally, however, the scope of a Smartport macro is limited to the interface on which it is applied. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 236 If the Startup Configuration File specifies a static Smartport type, the Smartport type of the interface is set to this static type. • If the Startup Configuration File specifies a Smartport type that was dynamically assigned by Auto Smartport: Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 237: How The Smartport Feature Works
Edit. Then, select the Smartport type you want to assign and adjust the parameters as necessary before clicking Apply. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 238: Auto Smartport
Enable by Auto Voice VLAN—This enables Auto Smartport to operate if Auto Voice VLAN is enabled and in operation. Enable by Auto Voice VLAN is the default. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 239 Router 0x01 Router TB Bridge 0x02 Wireless Access Point SR Bridge 0x04 Ignore Switch 0x08 Switch Host 0x10 Host IGMP conditional filtering 0x20 Ignore Repeater 0x40 Ignore Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 240 Multiple Devices Attached to the Port The device derives the Smartport type of a connected device via the capabilities the device advertises in its CDP and/or LLDP packets. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 241: Error Handling
When a smart port macro fails to apply to an interface, you can examine the point of the failure in the Interface Settings page and reset the port and reapply the macro after the error is corrected from the Interface Settings page. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 242: Default Configuration
Select the interface, and click Edit. STEP 6 Select Auto Smartport in the Smartport Application field. STEP 7 Check or uncheck Persistent Status if desired. STEP 8 Click Apply. STEP 9 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 243 Smartport type (if applicable) to an interface. 5. In the Edit page, modify the fields. 6. Click Apply to return the macro if the parameters changed. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 244: Configuring Smartport Using The Web-Based Interface
The Smartport feature is configured in the Smartport > Properties, Smartport Type Settings and Interface Settings pages. For Voice VLAN configuration, see Voice VLAN. For LLDP/CDP configuration, see the Discover - LLDP Discovery - CDP sections, respectively. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 245 Smartport can assign Smartport types to interfaces. If unchecked, Auto Smartport does not assign that Smartport type to any interface. Click Apply. This sets the global Smartport parameters on the device. STEP 3 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 246 Smartport type. The macro must have already been paired with an anti-macro. Pairing of the two macros is done by name and is described in the Smartport Macro section. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 247 • Reset unknown interfaces. This sets the mode of Unknown interfaces to Default. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 248 Resetting the interface of unknown type does not reset the configuration performed by the NOTE macro that failed. This clean up must be done manually. To assign a Smartport type to an interface or activate Auto Smartport on the interface: Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 249: Built-In Smartport Macros
Smartport type there is a macro to configure the interface and an anti macro to remove the configuration. Macro code for the following Smartport types are provided: • desktop Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 250 $max_hosts port security mode max-addresses port security discard trap 60 smartport storm-control broadcast level 10 smartport storm-control include-multicast smartport storm-control broadcast enable spanning-tree portfast Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 251 1 port security mode max-addresses port security discard trap 60 smartport storm-control broadcast level 10 smartport storm-control include-multicast smartport storm-control broadcast enable spanning-tree portfast no_printer Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 252 60 smartport storm-control broadcast level 10 smartport storm-control include-multicast smartport storm-control broadcast enable spanning-tree portfast no_guest]] [no_guest] #macro description No guest Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 253 10 smartport storm-control broadcast enable spanning-tree portfast no_server [no_server] #macro description No server no smartport switchport trunk native vlan smartport switchport trunk allowed vlan remove all Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 254 [no_host] #macro description No host no smartport switchport trunk native vlan smartport switchport trunk allowed vlan remove all Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 255 [no_ip_camera] #macro description No ip_camera no switchport access vlan no switchport mode no port security no port security mode no smartport storm-control broadcast enable Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 256 #macro description no ip_phone #macro keywords $voice_vlan #macro key description: $voice_vlan: The voice VLAN ID #Default Values are #$voice_vlan = 1 smartport switchport trunk allowed vlan remove $voice_vlan Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 257 60 smartport storm-control broadcast level 10 smartport storm-control include-multicast smartport storm-control broadcast enable spanning-tree portfast no_ip_phone_desktop [no_ip_phone_desktop] #macro description no ip_phone_desktop Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 258 $native_vlan spanning-tree link-type point-to-point no_switch [no_switch] #macro description No switch #macro keywords $voice_vlan #macro key description: $voice_vlan: The voice VLAN ID Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 259 $voice_vlan: The voice VLAN ID no smartport switchport trunk native vlan smartport switchport trunk allowed vlan remove all no smartport storm-control broadcast enable no smartport storm-control broadcast level no spanning-tree link-type Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 260 Smartport Built-in Smartport Macros [ap] #macro description ap #macro keywords $native_vlan $voice_vlan #macro key description: $native_vlan: The untag VLAN which will be configured on the port Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 261: Chapter 12: Vlan Management
A port in VLAN Access mode can be part of only one VLAN. If it is in General or Trunk mode, the port can be part of one or more VLANs. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 262 VLAN-aware router, where each of its interfaces can connect to one or more VLANs. Traffic to and from a VLAN-aware IP router can be VLAN tagged or untagged. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 263 2 network, meaning that they do not have to be on the same switch. The private VLAN is designed to receive untagged or priority-tagged traffic and transmit untagged traffic. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 264 A private VLAN-port can only be added to one private VLAN. Other port types, such as access or trunk ports, can be added to the individual VLANs that make up the private VLAN (since they are regular 802.1Q VLANs). Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 265 Figure 1 Traffic from Hosts to Servers/Routers Server Promiscous Promiscous Isolated vlan Community Vlan Isolated Isolated Community Community Community Isolated 1 Isolated 2 Community 1 Community 1 Community 1 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 266 The following describes server/router traffic (reply to host). Figure 2 Server/Router Traffic to Hosts Server Promiscous Promiscous Primary VLAN Isolated Isolated Community Community Community Isolated 1 Isolated 2 Community 1 Community 1 Community 1 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 267 IP connectivity. IP connectivity requires traffic to pass on a primary VLAN. Features Not Supported on Private VLAN Port Modes The following features are not supported on private VLAN port modes: • GVRP Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 268 MSTP—All VLANs in a private VLAN must be assigned to the same MSTP instance. • IP Source Guard—Binding an ACL on IP source guard ports with private VLAN is not recommended due to the amount of TCAM resources needed. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 269: Regular Vlans
Overview Subnet-based VLAN Groups Overview sections. 6. If required, configure TV VLAN as described in the Access Port Multicast TV VLAN Customer Port Multicast TV VLAN sections. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 270 The following field is not on the Add page. • Originators—How the VLAN was created GVRP—VLAN was dynamically created through Generic VLAN Registration Protocol (GVRP). Static—VLAN is user-defined. Default—VLAN is the default VLAN. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 271 To configure a Port or LAG, select it and click Edit. STEP 3 Enter the values for the following fields: STEP 4 • Interface—Select a Port/LAG. • Switchport Mode—Select either Layer 2 or Layer 3. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 272 If None is selected if the interface is not in private VLAN mode. • Secondary VLAN - Host—Select an isolated or community VLAN for those hosts that only require a single secondary VLAN. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 273 Select a VLAN and the interface type (Port or LAG), and click Go to display or to change the STEP 2 port characteristic with respect to the VLAN. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 274 VLAN ID. Port VLAN Membership The Port VLAN Membership page displays all ports on the device along with a list of VLANs to which each port belongs. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 275 Current VLAN Mode—Displays the port VLAN mode that was selected in the Interface Settings page. • Access Mode Membership (Active) Access VLAN ID—When the port is in Access mode, it will be a member of this VLAN. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 276 Operational VLANs—Port is currently a member of these VLANs. Click Apply (for Join VLAN). The settings are modified and written to the Running STEP 6 Configuration file. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 277: Private Vlan Settings
Port VLAN Membership page. If the VLAN does not exist, it is dynamically created when Dynamic VLAN creation is enabled for this port (in the GVRP Settings page). Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 278: Vlan Groups
This section describes how to configure VLAN groups. It describes the following features: • MAC-based VLAN Group Overview • Protocol-based VLAN Groups Overview • Subnet-based VLAN Groups Overview Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 279 If the interface does not belong to the VLAN, manually assign it to the VLAN using the Port to VLAN page. MAC-based Groups Table 1 for a description of the availability of this feature. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 280 Group ID—Select a VLAN group, defined in the MAC-based VLAN Group Overview page. • VLAN ID—Select the VLAN to which traffic from the VLAN group is forwarded. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 281 IP Address—Enter the IP address on which the subgroup is based. • Prefix Mask—Enter the prefix mask that defines the subnet. • Group ID—Enter a group ID. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 282 Groups of protocols can be defined and then bound to a port. After the protocol group is bound to a port, every packet originating from a protocol in the group is assigned the VLAN that is configured in the Protocol-Based Groups page. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 283 Protocol Value—Enter the protocol for LLC-SNAP (rfc 1042)encapsulation. • Group ID—Enter a protocol group ID. Click Apply. The Protocol Group is added, and written to the Running Configuration file. STEP 4 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 284: Voice Vlan
VLANs, IP (Layer 3) routers are needed to provide communication. This section covers the following topics: • Voice VLAN Overview • Voice VLAN Configuration • Telephony OUI Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 285 The following are typical voice deployment scenarios with appropriate configurations: • UC3xx/UC5xx hosted: All Cisco phones and VoIP endpoints support this deployment model. For this model, the UC3xx/UC5xx, Cisco phones and VoIP endpoints reside in the same voice VLAN. The voice VLAN of UC3xx/UC5xx defaults to VLAN 100. •...
Page 286 CDP and/or LLDP-MED. Voice End-Points To have a voice VLAN work properly, the voice devices, such as Cisco phones and VoIP endpoints, must be assigned to the voice VLAN where it sends and receives its voice traffic. Some of the possible scenarios are as follows: •...
Page 287 VLAN port memberships. Auto Voice VLAN performs the following functions when it is in operation: • It discovers voice VLAN information in CDP advertisements from directly connected neighbor devices. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 288 (UC) devices, are advertising their voice VLAN, the voice VLAN from the device with the lowest MAC address is used. If connecting the device to a Cisco UC device, you may need to configure the NOTE port on the UC device using the switchport voice vlan command to ensure the UC device advertises its voice VLAN in CDP at the port.
Page 289 The interface VLAN of a candidate port must be in General or Trunk mode. • The Voice VLAN QoS is applied to candidate ports that have joined the Voice VLAN, and to static ports. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 290 If the device is currently in Auto Voice VLAN mode, you must disable it before NOTE you can enable Telephony OUI. Configure Telephony OUI in the Telephony OUI Table page. STEP 2 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 291 VLAN as a static voice VLAN. If the option Auto Voice VLAN Activation triggered by external Voice VLAN is selected, then the default values need to be maintained. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 292 VLAN, which has higher priority than auto voice VLAN that was learned from external sources. Click Apply. The VLAN properties are written to the Running Configuration file. STEP 3 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 293 Click Restart Auto Voice VLAN to reset the voice VLAN to the default voice VLAN and STEP 2 restart Auto Voice VLAN discovery on all the Auto-Voice-VLAN-enabled switches in the LAN. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 294 VLAN from a higher priority source is discovered. Only one local source is the best local source. No—This is not the best local source. Click Refresh to refresh the information on the page STEP 3 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 295 Click Restore Default OUIs to delete all of the user-created OUIs, and leave only the default STEP 3 OUIs in the table. The OUI information may not be accurate until the restoration is completed. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 296 To configure an interface to be a candidate port of the telephony OUI-based voice VLAN, STEP 2 click Edit. Enter the values for the following fields: STEP 3 • Interface—Select an interface. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 297: Access Port Multicast Tv Vlan
Access port • Customer port (see Customer Port Multicast TV VLAN) One or more IP Multicast address groups can be associated with the same Multicast TV VLAN. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 298 The MSTP state for the access VLAN is discard. The MSTP state for the Multicast TV VLAN is discard, and the IGMP message is associated with this Multicast TV VLAN. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 299 2. Specify the access ports in each Multicast VLAN (using the Port Multicast VLAN Membership page. Multicast Group to VLAN To define the Multicast TV VLAN configuration: Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 300: Customer Port Multicast Tv Vlan
Configuration file. Customer Port Multicast TV VLAN A triple play service provisions three broadband services, over a single broadband connection: • High-speed Internet access • Video • Voice Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 301 4. Associate the customer port to a Multicast TV VLAN, using the Port Multicast VLAN Membership page. 5. Map the CPE VLAN (C-TAG) to the Multicast TV VLAN (S-Tag), using the CPE VLAN to VLAN page. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 302 STEP 3 The Candidate Customer Ports list contains all access ports configured on the device. Move STEP 4 the required ports to the Member Customer Ports field. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 303 VLAN Management Customer Port Multicast TV VLAN Click Apply. The new settings are modified, and written to the Running Configuration file. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 304: Chapter 13: Spanning Tree
STP provides a tree topology for any arrangement of switches and interconnecting links, by creating a unique path between end stations on a network, and thereby eliminating loops. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 305: Stp Status And Global Settings
• Spanning Tree State—Select to enable on the device. • STP Loopback Guard—Select to enable Loopback Guard on the device. • STP Operation Mode—Select an STP mode. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 306 Topology Changes Counts—The total number of STP topology changes that have occurred. • Last Topology Change—The time interval that elapsed since the last topology change occurred. The time appears in a days/hours/minutes/seconds format. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 307: Stp Interface Settings
0 and can be viewed on the STP Interface Settings page. Select an interface and click Edit. STEP 2 Enter the parameters STEP 3 • Interface—Select the Port or LAG on which Spanning Tree is configured. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 308 STP Status and Global Settings page. Filtering—Filters BPDU packets when Spanning Tree is disabled on an interface. Flooding—Floods BPDU packets when Spanning Tree is disabled on an interface. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 309 LAG—Displays the LAG to which the port belongs. If a port is a member of a LAG, the LAG settings override the port settings. Click Apply. The interface settings are written to the Running Configuration file. STEP 4 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 310 Auto—Automatically determines the device status by using RSTP BPDUs. • Point to Point Operational Status—Displays the Point-to-Point operational status if the Point to Point Administrative Status is set to Auto. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 311 MAC addresses. Forwarding—The port is in Forwarding mode. The port can forward traffic and learn new MAC addresses. Click Apply. The Running Configuration file is updated. STEP 8 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 312: Multiple Spanning Tree Overview
For two or more switches to be in the same MST region, they must have the same VLANs to MST instance mapping, the same configuration revision number, and the same region name. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 313: Vlans To A Mstp Instance
Configuration on this page (and all of the MSTP pages) applies if the system STP mode is MSTP. Up to 16 MST instances can be defined in addition to instance zero. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 314: Mstp Instance Settings
Included VLAN—Displays the VLANs mapped to the selected instance. The default mapping is that all VLANs are mapped to the common and internal spanning tree (CIST) instance 0). Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 315: Mstp Interface Settings
Instance ID—Select the MST instance to be configured. • Interface—Select the interface for which the MSTI settings are to be defined. • Interface Priority—Set the port priority for the specified interface and MST instance. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 316 STP Interface Settings page. • Mode—Displays the current interface Spanning Tree mode. If the link partner is using MSTP or RSTP, the displayed port mode is RSTP. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 317 Forward Transitions—Displays the number of times the port has changed from the Forwarding state to the Blocking state. Click Apply. The Running Configuration file is updated. STEP 6 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 318: Chapter 14: Managing Mac Address Tables
VLAN. Such frames are referred to as unknown Unicast frames. The device supports a maximum of 8K static and dynamic MAC addresses. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 319: Static Addresses
Secure—The MAC address is secure when the interface is in classic locked mode (see Port Security). Click Apply. A new entry appears in the table. STEP 4 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 320: Dynamic Addresses
Click Go. The Dynamic MAC Address Table is queried and the results are displayed. STEP 3 To delete all of the dynamic MAC addresses. click Clear Table. STEP 4 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 321: Reserved Mac Addresses
Action—Select one of the following actions to be taken upon receiving a packet that matches the selected criteria: Bridge—Forward the packet to all VLAN members. Discard—Delete the packet. Click Apply. A new MAC address is reserved. STEP 4 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 322: Chapter 15: Multicast
(drop) the Multicast on the rest of the ports by enabling the Bridge Multicast filtering status in the Properties page. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 323 ID. The device supports a maximum of 256 static and dynamic Multicast group addresses. Only one of filtering options can be configured per VLAN. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 324 • IGMP v1/v2/ v3 • MLD v1/v2 The device supports IGMP/MLD Snooping only on static VLANs. It does not support IGMP/ NOTE MLD Snooping on dynamic VLANs. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 325 Querier delays sending general query messages after its enabling for 60 seconds. If there is no other querier, it starts to send general query messages. It stops sending general query messages if it detects another querier. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 326 Another advantage is that it makes the proxy devices independent of the Multicast routing protocol used by the core network routers. Hence, proxy devices can be easily deployed in any Multicast network. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 327 By default, IP Multicast traffic arriving on an interface of the IGMP/MLD tree is forwarded. You can disable of IP Multicast traffic forwarding arriving on downstream interfaces. It can be done globally and on a given downstream interface. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 328: Properties
IPv4 Multicast group address. If an IPv4 address is configured on the VLAN, the operational forwarding method for IPv4 Multicast will be IP Group Address. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 329: Mac Group Address
• MAC Group Address—Defines the MAC address of the new Multicast group. Click Apply, the MAC Multicast group is saved to the Running Configuration file. STEP 6 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 330 Click Multicast > IP Multicast Group Address. STEP 1 The page contains all of the IP Multicast group addresses learned by snooping. Enter the parameters required for filtering. STEP 2 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 331 None—Indicates that the port is not currently a member of this Multicast group on this VLAN. This is selected by default until Static or Forbidden is selected. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 332: Ipv4 Multicast Configuration
Enable or disable the following features: • IGMP Snooping Status—Select to enable IGMP snooping globally on all interfaces. • IGMP Querier Status—Select to enable IGMP querier globally on all interfaces. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 333 IGMP Querier Version— Select the IGMP version to be used if the device becomes the elected querier. Select IGMPv3 if there are switches and/or Multicast routers in the VLAN that perform source-specific IP Multicast forwarding. Otherwise, select IGMPv2. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 334 The default value of 0 means all Multicast packets are forwarded on the interface. A value of 256 means that no Multicast packets are forwarded on the interface. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 335 TTL threshold value automatically become border routers. Select an interface, and click Edit. Enter the values of the fields described above. STEP 2 Click Apply. The Running Configuration file is updated. STEP 3 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 336 Enable—This enables forwarding from downstream interfaces. The following fields are displayed for each IPv4 Multicast route: • Source Address—Unicast source IPv4 address. • Group Address—Multicast destination IPv4 address. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 337 Uptime—Length of time in hours, minutes, and seconds that the entry has been in the IP Multicast routing table. • Expiry Time—Length of time in hours, minutes, and seconds until the entry is removed from the IP Multicast routing table. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 338: Ipv6 Multicast Configuration
Enable or disable the following features: STEP 2 • MLD Snooping Status—Select to enable MLD snooping globally on all interfaces. • MLD Querier Status—Select to enable MLD querier globally on all interfaces. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 339 Select MLDv2 if there are switches and/or Multicast routers in the VLAN that perform source-specific IP Multicast forwarding. Otherwise, select MLDv1. Click Apply. The Running Configuration file is updated. STEP 4 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 340 To configure an interface, select it and click Edit. Enter the fields that are described above. STEP 2 Click Apply. The Running Configuration file is updated. STEP 3 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 341 To configure a VLAN, select it and click Edit. Enter the fields described above. STEP 2 Click Apply. The Running Configuration file is updated. STEP 3 MLD Proxy To configure MLD Proxy: Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 342 Outgoing Interfaces—Interfaces through which packets will be forwarded. • Uptime—Length of time in hours, minutes, and seconds that the entry has been in the IP Multicast routing table. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 343 Multicast IPv6 Multicast Configuration • Expiry Time—Length of time in hours, minutes, and seconds until the entry is removed from the IP Multicast routing table. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 344: Igmp/Mld Snooping Ip Multicast Group
Excluded Ports—The list of ports not included in the group. • Compatibility Mode—The oldest IGMP/MLD version of registration from the hosts the device receives on the IP group address. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 345: Multicast Router Port
When Bridge Multicast Filtering is enabled, Multicast packets to registered Multicast groups are forwarded to ports based on IGMP Snooping and MLD snooping. If Bridge Multicast Filtering is disabled, all Multicast packets are flooded to the corresponding VLAN Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 346: Unregistered Multicast
You can select a port to receive or reject (filter) unregistered Multicast streams. The configuration is valid for any VLAN of which the port is a member (or will be a member). Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 347 Filtering—Enables filtering (rejecting) of unregistered Multicast frames to the selected interface. Click Apply. The settings are saved, and the Running Configuration file is updated. STEP 5 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 348: Chapter 16: Ip Configuration
IP address collisions occur when the same IP address is used in the same IP subnet by more than one device. Address collisions require administrative actions on the DHCP server and/or the devices that collide with the device. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 349: Ipv4 Management And Interfaces
To configure an IPv4 loopback interface, add a loopback interface in IPv4 Interface. To configure an IPv6 loopback interface, add a loopback interface in the IPv6 Addresses. IPv4 Management and Interfaces This section covers the following topics: Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 350 Interface—Unit/Interface for which the IP address is defined. This can also be the out- of-band port. • IP Address Type—The available options are: DHCP—Received from DHCP server. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 351 If Static IP Address was selected, enter the Mask field: STEP 5 • IP Address—Enter the IP address of the interface. • Network Mask—IP mask for this address. • Prefix Length—Length of the IPv4 prefix. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 352 Click Apply. The IPv4 address settings are written to the Running Configuration file. STEP 6 When the system is in one of the stacking modes with a Backup Master present, Cisco CAUTION recommends configuring the IP address as a static address to prevent disconnecting from the network during a Stacking Master switchover.
Page 353 Metric—Enter the administrative distance to the next hop. The range is 1–255. Click Apply. The IP Static route is saved to the Running Configuration file. STEP 4 RIPv2 IP Configuration: RIPv2. VRRP IP Configuration: VRRP Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 354 IP Address—The IP address of the IP device. • MAC Address—The MAC address of the IP device. • Status—Whether the entry was manually entered or dynamically learned. Click Add. STEP 4 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 355 Select ARP Proxy to enable the device to respond to ARP requests for remotely-located nodes STEP 2 with the device MAC address. Click Apply. The ARP proxy is enabled, and the Running Configuration file is updated. STEP 3 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 356 STEP 6 DHCP Snooping/Relay This section covers the following topics: • Overview • Properties • Interface Settings • DHCP Snooping Trusted Interfaces • DHCP Snooping Binding Database Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 357 The main goal of option 82 is to help to the DHCP server select the best IP subnet (network pool) from which to obtain an IP address. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 358 Option 82 with the original Option 82 the packet Disabled Option 82 Bridge – no Bridge – Packet Option 82 is is sent with the inserted original Option Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 359 Option (if port is trusted, (if port is behaves as if trusted, behaves DHCP Snooping is as if DHCP not enabled) Snooping is not enabled) Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 360 Option 82 Bridge – Packet Bridge – Packet is sent without Bridge – Packet is sent with the Option 82 is sent with the Option 82 Option 82 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 361 MAC address of the client and IP address of the client if it exists. The DHCP Snooping Binding database is also used by IP Source Guard and Dynamic ARP Inspection features to determine legitimate packet sources. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 362 Device snoops packet. If an entry exists in the DHCP Snooping Binding table that matches the STEP 5 packet, the device replaces it with IP-MAC binding on receipt of DHCPACK. Device forwards DHCPOFFER, DHCPACK, or DHCPNAK. STEP 6 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 363 DHCPRELEASE Same as Same as DHCPDECLINE. DHCPDECLINE. DHCPINFORM Forward to trusted Forward to trusted interfaces only. interfaces only. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 364 Configure interfaces as trusted or untrusted in the DHCP Snooping Trusted Interfaces page. STEP 3 Optional. Add entries to the DHCP Snooping Binding database in the DHCP Snooping STEP 4 Binding Database page. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 365 To enable DHCP Relay or DHCP Snooping on an interface, click ADD. STEP 2 Select the interface and the features to be enabled: DHCP Relay or DHCP Snooping or both. STEP 3 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 366 DHCP Snooping Binding database are not be able to connect to the network. To add entries to the DHCP Snooping Binding database: Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 367 Lease Time—If the entry is dynamic, enter the amount of time that the entry is to be active in the DHCP Database. If there is no Lease Time, check Infinite.) Click Apply. The settings are defined, and the device is updated. STEP 4 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 368 If DHCPv4 Relay is enabled, the device cannot be configured as a DHCP server. Default Settings and Configurations • The device is not configured as a DHCPv4 server by default. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 369 IP addresses to DHCP clients. Each network pool contains a range of addresses that belong to a specific subnet. These addresses are allocated to various clients within that subnet. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 370 Prefix Length—Check and enter the number of bits that comprise the address prefix. • Address Pool Start—Enter the first IP address in the range of the network pool. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 371 SNTP Server IP Address (Option 4)— Select one of the device’s SNTP servers (if already configured) or select Other and enter the IP address of the time server for the DHCP client. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 372 STEP 3 Static Hosts You might want to assign some DHCP clients a permanent IP address that never changes. This client is then known as a static host. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 373 Domain Name (Option 15)—Enter the domain name for the static host. • NetBIOS WINS Server IP Address (Option 44)— Enter the NetBIOS WINS name server available to the static host. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 374 Example: The DHCP option 66 is configured with the name of a TFTP server in the DHCP Options page. When a client DHCP packet is received containing option 66, the TFTP server is returned as the value of option 66. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 375 Value If the type is not Boolean, enter the value to be sent for this code. • Description—Enter a text description for documentation purposes. Click Apply. The Running Configuration file is updated. STEP 4 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 376 DHCP ACK is sent from the client. Then it becomes allocated. Click Delete. The Running Configuration file is updated. STEP 2 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 377: Ipv6 Management And Interfaces
IPv4-only network. This mechanism, called a tunnel, enables IPv6-only hosts to reach IPv4 services, and enables isolated IPv6 hosts and networks to reach an IPv6 node over the IPv4 infrastructure. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 378 IPv6 Routing—Select to enable IPv6 routing. If this is not enabled, the device acts as a host (not a router) and can receive management packets, but cannot forward packets. If routing is enabled, the device can forward the IPv6 packets. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 379 As opposed to other types of interfaces, a tunnel interface is first created in the IPv6 Tunnel page and then IPv6 interface is configured on the tunnel in this page. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 380 To configure additional IPv6 parameters, enter the following fields: STEP 7 • IPv6 Address Auto Configuration—Select to enable automatic address configuration from router advertisements sent by neighbors. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 381 When the button is pressed, it displays the following fields (for the information that was received from the DHCP server): • DHCP Operational Mode—This displays Enabled if the following conditions are fulfilled: Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 382 Only the IPv6 management interface can be tunneled. To create an IPv6 tunnel, define an IPv6 NOTE interface as a tunnel in the IPv6 Interfaces page and continue configuring the tunnel in the IPv6 tunnel page. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 383 32 bits of the interface identifier of the IPv6 next hop IPv6 address, if it is link local. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 384 Manual—Specifies the IPv4 address to use as the source address for packets sent on the tunnel interface. The local address of the tunnel interface is not changed when the IPv4 address is moved to another interface. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 385 • Source (called Source Type in the main page)—Displays one of the following options: Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 386 Address Table. These fields are described in the Add page except for the following fields: • DAD Status—Displays whether Duplicate Access Detection is active or not. • Type—Displays the type of the IPv6 address. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 387 EUI-64—Select to use the EUI-64 parameter to identify the interface ID portion of the Global IPv6 address by using the EUI-64 format based on a device MAC address. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 388 Managed Address Configuration Flag—Select this flag to indicate to attached hosts that they should use stateful auto configuration to obtain addresses. Hosts may use stateful and stateless address auto configuration simultaneously. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 389 Click IP Configuration > IPv6 Management and Interfaces > IPv6 Router Configuration STEP 1 > IPv6 Prefixes. If required, enable the Filter field and click Go. The group of interfaces matching the filter are STEP 2 displayed. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 390 An onlink prefix is inserted into the routing table as a connected prefix (L-bit set). Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 391 Type—The default router configuration that includes the following options: Static—The default router was manually added to this table through the Add button. Dynamic—The default router was dynamically configured. • Metric—Cost of this hop. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 392 Each entry displays to which interface the neighbor is connected, the neighbor’s IPv6 and MAC addresses, the entry type (static or dynamic), and the state of the neighbor. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 393 • Interface—The neighboring IPv6 interface to be added. • IPv6 Address—Enter the IPv6 network address assigned to the interface. The address must be a valid IPv6 address. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 394 List Name—Select one of the following options: Use Existing List—Select a previously-defined list to add a prefix to it. Create New List—Enter a name to create a new list. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 395 IPv6 Access Lists The IPv6 access list can be used in MLD Proxy > Global MLD Proxy Settings > SSM IPv6 Access List page. To create an access list: Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 396 IPv6 Address—IP route address for the destination IPv6 subnet address. • Prefix Length—IP route prefix length for the destination IPv6 subnet address. It is preceded by a forward slash. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 397 IPv6 Address—Add the IPv6 address of the new route. Click Apply to save the changes. STEP 5 DHCPv6 Relay This section covers the following topics: • Global Destinations • Interface Settings Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 398 DHCPv6 server is Link Local or Multicast. The interface can be a VLAN, LAG or tunnel. Click Apply. The Running Configuration file is updated. STEP 4 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 399: Policy-Based Routing
ACLs for classification. PBR lessens reliance on routes derived from routing protocols. Route Maps Route maps are the means used to configure PBR. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 400 Point to Point—A point-to-point tunnel. • Interface—Displays the outgoing Link Local interface. • Next Hop—IP address of the next hop router. Click Apply. The Running Configuration file is updated. STEP 3 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 401 Next Hop Status—Reachability of next hop: Active—The next hop IP address is reachable. Unreachable—The status is not active due to the fact that the next hop IP address is not reachable. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 402: Domain Name System
• Polling Retries—Enter the number of times to send a DNS query to a DNS server until the device decides that the DNS server does not exist. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 403 Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 404 This cache can contain the following type of entries: • Static Entries—These are mapping pairs that manually added to the cache. There can be up to 64 static entries. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 405 To add a host mapping, click Add. STEP 3 Enter the parameters. STEP 4 • IP Version—Select Version 6 for IPv6 or Version 4 for IPv4. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 406 IP Address—Enter a single address or up to eight associated IP addresses (IPv4 or IPv6). Click Apply. The settings are saved to the Running Configuration file. STEP 5 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 407: Chapter 17: Ip Configuration: Ripv2
The device supports RIP version 2, which is based on the following standards: • RFC2453 RIP Version 2, November 1998 • RFC2082 RIP-2 MD5 Authentication, January 1997 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 408: How Rip Operates On The Device
In this way, the relative cost of the interfaces can be adjusted as desired. It is your responsibility to set the offset for each interface (1 by default). Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 409 RIP information on this interface. By default, transmission of routing updates on an IP interface is enabled. RIPv2 Settings for more information. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 410 If these features are enabled, rejected routes are advertised by routes with a metric of 16. The route configurations can be propagated using one of the following options: • Default Metric Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 411 RIP. This is shown in the following, which illustrates a network where some routers support RIP and others do not. A Network with RIP and non-RIP Routers Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 412 RIP Peers Database You can monitor the RIP peers database per IP interface. See RIPv2 Peers Database for a description of these counters Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 413: Configuring Rip
Click IP Configuration > IPv4 Management and Interfaces> RIPv2 > RIPv2 Properties. STEP 1 Select the following options as required: STEP 2 • RIP—The following options are available: Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 414 RIP protocol when advertising this static route. If the metric value of a static route is greater than 15, the static route is not advertised to other routers using RIP. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 415 MD5—The MD5 digest of the key chain selected below is used for authentication. • Key Password—If Text was selected as the authentication type, enter the password to be used. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 416 IP destination is a Broadcast address, or the metric is 0 or greater than 16 • Update Sent—Specifies the number of packets sent by RIP on the IP interface. To clear all interface counters, click Clear All Interface Counters. STEP 2 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 417: Access Lists
To add a new Access List, click Add to open the Add Access List page and enter the following STEP 2 fields: • Name—Define a name for the access list. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 418 Source IPv4 Mask—Source IPv4 address mask type and value. The following options are available: Network Mask—Enter the network mask (for example 255.255.0.0). Prefix Length—Enter the prefix length. • Action—Action for the access list. The following options are available: Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 419 Permit—Permit entry of packets from the IP address(es) in the access list. Deny—Reject entry of packets from the IP address(es) in the access list. Click Apply. The settings are written to the Running Configuration file. STEP 3 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 420: Chapter 18: Ip Configuration: Vrrp
VRRP also enables load sharing of traffic. Traffic can be shared equitably among available routers by configuring VRRP in such a way that traffic to and from LAN clients are shared by multiple routers. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 421: Vrrp Topology
The VRRP router priority depends on the following: If the VRRP router is the owner, its priority NOTE is 255 (the highest), if it is not an owner, the priority is manually configured (always less than 255). Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 422 192.168.2.1 and is the virtual router master, and rB is the virtual router backup to rA. Clients 1 and 2 are configured with the default gateway IP address of 192.168.2.1. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 423: Configurable Elements Of Vrrp
The following cases might occur when configuring a virtual router: • All the existing VRRP routers of the virtual router operate in VRRPv3. In this case, configure your new VRRP router to operate in VRRPv3. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 424 IP subnet as the IP addresses of the virtual router. The corresponding IP subnets must be configured manually in the VRRP router, not DHCP assigned. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 425 Disabled—Even if a VRRP router with a higher priority than the current master is up, it does not replace the current master. Only the original master (when it becomes available) replaces the backup. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 426: Configuring Vrrp
Enter the following fields: STEP 3 • Interface—Interface on which virtual router is defined. • Virtual Router Identifier—User-defined number identifying virtual router. • Description—User-defined string identifying virtual router. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 427 The following fields are displayed for the selected virtual router: STEP 5 • Interface—The Layer 2 interface (port, LAG or VLAN) on which the virtual router is defined • Virtual Router Identifier—The virtual router identification number. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 428 The following fields are displayed for every interface on which VRRP is enabled: • Interface—Displays the interface on which VRRP is enabled. • Invalid Checksum—Displays number of packets with invalid checksums. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 429 STEP 2 Click Clear Interface Counter to clear the counters for that interface. STEP 3 Click Clear All Interface Counters to clear all the counters. STEP 4 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 430: Chapter 19: Ip Configuration: Sla
A track object is used to track operation results and set the status to up or down based on the success or failure of the ICMP destination. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 431 No any ICMP reply has been received—Return code is set to error. Configured Source IP address or Source interface is not accessible—Return code is set to error. • Tracker—Tracks the results of operations. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 432: Using Sla
Operation State—Select one of the following options: Pending—Operation is not activated. Scheduled—Operation is activated. ICMP-Echo Parameters • Operation Target—Select how the operation target is defined: By IP—Enter the operation target’s IP address. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 433 Delay Interval Remainder—How much of Delay period remains. To add a new object, click Add. STEP 2 Enter the following fields: STEP 3 • Track Number—Enter an unused number. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 434 Operation Successes—Number of times the SLA track echo was successful. • Operation Failures—Number of times the SLA track echo was successful. • ICMP-Echo Requests—Number of request packets that were sent. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 435 ICMP-Echo Errors—Number of error packets that were received. To refresh these counters click: • Clear Counters—Clears counters for selected operation. • Clear All Operations Counters—Clears counters for all operations. • Refresh—Refresh the counters. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 436 IP Configuration: SLA Using SLA Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 437: Chapter 20: Security
Storm Control • Access Control Access control of end-users to the network through the device is described in the following sections: • Management Access Method • Configuring TACACS+ Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 438: Configuring Tacacs
• Accounting—Enable accounting of login sessions using the TACACS+ server. This enables a system administrator to generate accounting reports from the TACACS+ server. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 439 The following defaults are relevant to this feature: • No default TACACS+ server is defined by default. • If you configure a TACACS+ server, the accounting feature is disabled by default. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 440 Encrypted or Plaintext mode. The device can be configured to use this key or to use a key entered for an specific server (entered in the Add TACACS+ Server page). Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 441 Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 442: Radius
To display sensitive data in plaintext form on this page, click Display Sensitive Data As STEP 8 Plaintext. RADIUS Remote Authorization Dial-In User Service (RADIUS) servers provide a centralized 802.1X or MAC-based network access control. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 443 Open an account for the device on the RADIUS server. STEP 1 Configure that server along with the other parameters in the RADIUS and ADD RADIUS STEP 2 Server pages. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 444 Source IPv4 Interface—Select the device IPv4 source interface to be used in messages for communication with the RADIUS server. • Source IPv6 Interface—Select the device IPv6 source interface to be used in messages for communication with the RADIUS server. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 445 RADIUS server before retrying the query, or switching to the next server if the maximum number of retries made. If Use Default is selected, the device uses the default timeout value. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 446 Click Security > RADIUS Server > RADIUS Server Global Settings. STEP 1 Enter the following parameters: STEP 2 • RADIUS Server Status—Check to enable the RADIUS server feature status. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 447 To add a secret key, click Add and enter the following fields: STEP 4 • NAS Address—Address of switch containing RADIUS client. Displays N/A if the Event Type is Date/Time Change or Reset. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 448 None—No VLAN ID is sent. VLAN ID—VLAN ID sent. VLAN Name—VLAN name sent Click Apply. The RADIUS group definition is added to the Running Configuration file of the STEP 3 device. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 449 Date/Time Change—Date/time on the device was changed. Reset—Device has reset at the specified time. • Authentication Method—Authentication method used by the user. Displays N/A if the Event Type is Date/Time Change or Reset. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 450 The rejected users are displayed along with the following fields: • Event Type—Displays one of the following options: Rejected—User was rejected. Time Change—Clock on device was changed by the administrator. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 451 To display authentication rejections due to NASs not being known to RADIUS server. Click Security > RADIUS Server > RADIUS Server Unknown NAS Entries. STEP 1 The following fields are displayed: • (Log) Event Type Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 452 • Incoming Authentication-Requests with Bad Authenticator—Number of incoming packets with bad passwords. • Incoming Authentication Packets with Other Mistakes—Number of received incoming authentication packets with other mistakes. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 453: Password Strength
To refresh the counters, click Refresh. Password Strength The default username/password is cisco/cisco. The first time that you log in with the default username and password, you are required to enter a new password. Password complexity is enabled by default. If the password that you choose is not complex enough (Password Complexity Settings are enabled in the Password Strength page), you are prompted to create another password.
Page 454 A zero-length password (no password) is allowed, and can still have password NOTE aging assigned to it. • Allowed Character Repetition—Enter the number of times that a character can be repeated. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 455: Key Management
Key Identifier—Integer identifier for the key chain. • Key String—Value of the key chain string. Enter one of the following options: User Defined (Encrypted)—Enter an encrypted version. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 456 Seconds—Number of seconds that the key-identifier is valid. Click Apply. The settings are written to the Running Configuration file. STEP 3 Key Settings To add a key to an already existing key chain. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 457 Days—Number of days that the key-identifier is valid. Hours—Number of hours that the key-identifier is valid. Minutes—Number of minutes that the key-identifier is valid. Seconds—Number of seconds that the key-identifier is valid. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 458: Management Access Method
Action—Permit or deny access to an interface or source address. • Interface—Which ports (including the OOB port), LAGs, or VLANs are permitted to access or are denied access to the web-based configuration utility. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 459 Click OK to select the active access profile or click Cancel to discontinue the action. STEP 3 Click Add to open the Add Access Profile page. The page allows you to configure a new STEP 4 profile and one rule. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 460 The Source IP Address field is valid for a subnetwork. Select one of the following values: All—Applies to all types of IP addresses. User Defined—Applies to only those types of IP addresses defined in the fields. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 461 The selected access profile appears in the Profile Rule Table. Click Add to add a rule. STEP 3 Enter the parameters. STEP 4 • Access Profile Name—Select an access profile. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 462 User Defined—Applies to only those types of IP addresses defined in the fields. • IP Version—Select the supported IP version of the source address: IPv6 or IPv4. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 463: Management Access Authentication
To define authentication methods for an access method: Click Security > Management Access Authentication. STEP 1 Enter the Application (type) of the management access method. STEP 2 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 464: Ssl Server
Security: Secure Sensitive Data Management. SSL Server This section describes the Secure Socket Layer (SSL) feature. It covers the following topics: • SSL Overview • SSL Server Authentication Settings Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 465 (Auto Generated) or the user (User Defined). Select an active certificate. STEP 2 Click Generate Certificate Request. STEP 3 Enter the following fields: STEP 4 • Certificate ID—Select the active certificate. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 466 Apply is clicked). When the text is displayed in encrypted form, the button becomes Display Sensitive Data as Plaintext enabling you to view the text in plaintext again. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 467: Tcp/Udp Services
Click Security > TCP/UDP Services. STEP 1 Enable or disable the following TCP/UDP services on the displayed services. STEP 2 • HTTP Service—Indicates whether the HTTP service is enabled or disabled. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 468: Storm Control
Storm Control This section describes storm control. It covers the following topics: • Storm Control • Storm Control Statistics Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 469 Multicast Type—Select one of the following types of Multicast packets on which to implement storm control: All—Enables storm control on all Multicast packets on the port. Registered Multicast—Enables storm control only on registered Multicast addresses on the port. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 470 No Refresh—Statistics are not refreshed. • 15 Sec—Statistics are refreshed every 15 seconds. • 30 Sec—Statistics are refreshed every 30 seconds. • 60 Sec—Statistics are refreshed every 60 seconds. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 471 To clear all counters on all interfaces, click Clear All Interfaces Counters. To clear all STEP 4 counters on an interface, select it and click Clear Interface Counters. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 472: Port Security
In addition to one of these actions, you can also generate traps, and limit their frequency and number to avoid overloading the devices. To configure port security: Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 473 Forward—Forwards packets from an unknown source without learning the MAC address. Shutdown—Discards packets from any unlearned source, and shuts down the port. The port remains shut down until reactivated, or until the device is rebooted. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 474 • IP Source Guard Work Flow • Properties • Interface Settings • Binding Database Interactions with Other Features The following points are relevant to IP Source Guard: Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 475: Ip Source Guard
Define the VLANs on which DHCP Snooping is enabled in the (DHCP Snooping) Interface STEP 2 Settings page. Configure interfaces as trusted or untrusted in the (DHCP Snooping) Interface Settings page. STEP 3 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 476 • IP Source Guard —Indicates whether IP Source Guard is enabled on the port. • DHCP Snooping Trusted Interface—Indicates whether this is a DHCP trusted interface. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 477 Status—Displays whether interface is active. • Type—Displays whether entry is dynamic or static. • Reason—If the interface is not active, displays the reason. The following reasons are possible: Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 478: Arp Inspection
The following shows an example of ARP cache poisoning. ARP Cache Poisoning Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 479 The ARP inspection feature relates to interfaces as either trusted or untrusted (see Interfaces Settings page). Interfaces are classified by the user as follows: • Trusted — Packets are not inspected. • Untrusted —Packets are inspected as described above. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 480 If DHCP Snooping is enabled, ARP Inspection uses the DHCP Snooping Binding database in addition to the ARP access control rules. If DHCP Snooping is not enabled, only the ARP access control rules are used. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 481 ARP Packet Validation—Select to enable validation checks. • Log Buffer Interval—Select one of the following options: Retry Frequency—Enable sending SYSLOG messages for dropped packets. Entered the frequency with which the messages are sent. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 482 • IP Address—IP address of packet. • MAC Address—MAC address of packet. Click Apply. The settings are defined, and the Running Configuration file is updated. STEP 4 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 483 ARP Access Control Name. Click Apply. The settings are defined, and the Running Configuration file is updated. STEP 4 First Hop Security Security: IPv6 First Hop Security Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 484: Denial Of Service Prevention
One method of resisting DoS attacks employed by the device is the use of SCT. SCT is enabled by default on the device and cannot be disabled. The Cisco device is an advanced device that handles management traffic, protocol traffic and snooping traffic, in addition to end-user (TCP) traffic.
Page 485 A SYN attack is identified if the number of SYN packets per second exceeds a user-configured threshold. • Block SYN-FIN packets. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 486 QoS policies that are bound to a port. ACL and advanced QoS policies are not active when a port has DoS Protection enabled on it. To configure DoS Prevention global settings and monitor SCT: Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 487 IP Fragmented—Click Edit to go to the IP Fragments Filtering page. Click Apply. The Denial of Service prevention Security Suite settings are written to the STEP 7 Running Configuration file. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 488 The SYN Protection Interface Table displays the following fields for every port or LAG (as requested by the user). • Current Status—Interface status. The possible values are: Normal—No attack was identified on this interface. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 489 Select Reserved Martian Addresses and click Apply to include the reserved Martian STEP 2 Addresses in the System Level Prevention list. To add a Martian address click Add. STEP 3 Enter the parameters. STEP 4 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 490 Mask—Network mask in dotted decimal format. Prefix Length—Enter the prefix of the IP address to define the range of IP addresses for which Denial of Service prevention is enabled. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 491 SYN Rate Limit—Enter the number of SYN packets that be received. Click Apply. The SYN rate protection is defined, and the Running Configuration is updated. STEP 4 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 492 Click Security > Denial of Service Prevention > IP Fragments Filtering. STEP 1 Click Add. STEP 2 Enter the parameters. STEP 3 • Interface—Select the interface on which the IP fragmentation is being defined. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 493 Prefix Length—Select the Prefix Length and enter the number of bits that comprise the source IP address prefix. Click Apply. The IP fragmentation is defined, and the Running Configuration file is updated. STEP 4 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 494: Chapter 21: Security: 802.1X Authentication
802.1x authentication is a client-server model. In this model, network devices have the following specific roles. • Client or supplicant • Authenticator • Authentication server Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 495 (EAPOL packets) and passes them to the authentication server, using the RADIUS protocol. With MAC-based or web-based authentication, the authenticator itself executes the EAP client part of the software on behalf on the clients seeking network access. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 496 Port Authentication States The port authentication state determines whether the client is granted access to the network. The port administrative state can be configured in the Port Authentication page. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 497 RADIUS-assigned VLAN or the unauthenticated VLANs. Radius VLAN assignment on a port is set in the Port Authentication page. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 498 If more than one authentication method is enabled on the switch, the following hierarchy of authentication methods is applied: • 802.1x Authentication: Highest • WEB-Based Authentication • MAC-Based Authentication: Lowest Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 499 (such as printers and IP phones) that do not have the 802.1X supplicant capability. MAC-based authentication uses the MAC address of the connecting device to grant or deny network access. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 500 Quiet Time. When the session is timed-out, the username/password is discarded, and the guest must re-enter them to open a new session. Authentication Methods and Port Modes. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 501 The member ports must be manually configured as tagged members. • The member ports must be trunk and/or general ports. An access port cannot be member of an unauthenticated VLAN. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 502 The RADIUS server must authenticate the device and dynamically assign a VLAN to the device. You can set the RADIUS VLAN Assignment field to static in the Port Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 503 802.1x † † † † † † Legend: †—The port mode supports the guest VLAN and RADIUS-VLAN assignment N/S—The port mode does not support the authentication method. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 504 A value of 0 specifies the unlimited number of login attempts. The duration of the quiet period and the maximum number of login attempts can be set in the Port Authentication page. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 505 N/S—The authentication method does not support the port mode. You can simulate the single-host mode by setting Max Hosts parameter to 1 in the Port NOTE Authentication page. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 506 Frames are Frames dropped bridged based sessions dropped on the static bridged unless VLAN based on they configuration the static belongs VLAN to the configurat unauthent icated VLANs Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 507 Set the Administrative Port Control field to Auto. STEP 11 Define the authentication methods. STEP 12 Click Apply, and the Running Configuration file is updated. STEP 13 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 508 Configure the Guest VLAN Timeout to be either Immediate or enter a value in the User STEP 4 defined field. Click Apply, and the Running Configuration file is updated. STEP 5 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 509 VLAN is enabled, all unauthorized ports automatically join the VLAN selected in the Guest VLAN ID field. If a port is later authorized, it is removed from the guest VLAN. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 510 Click Apply. The 802.1X properties are written to the Running Configuration file. STEP 3 To change Enable or Disable authentication on a VLAN, select it, click Edit and select either Enable or Disable. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 511: Port Authentication
Force Authorized—Authorizes the interface without authentication. • RADIUS VLAN Assignment—Select to enable Dynamic VLAN assignment on the selected port. Disable—Feature is not enabled. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 512 If the port is not in Force-Authorized or Force-Unauthorized, it is in Auto Mode NOTE and the authenticator displays the state of the authentication in progress. After the port is authenticated, the state is shown as Authenticated. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 513: Host And Session Authentication
The Host and Session Authentication page enables defining the mode in which 802.1X operates on the port and the action to perform if a violation has been detected. Port Host Modes for an explanation of these modes. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 514: Authenticated Hosts
Click Apply. The settings are written to the Running Configuration file. STEP 4 Authenticated Hosts To view details about authenticated users, click Security > 802.1X/MAC/Web Authentication > Authenticated Hosts. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 515: Locked Clients
Remaining Time (Sec)—The time remaining for the port to be locked. Select a port. STEP 2 Click Unlock. STEP 3 Web Authentication Customization This page enables designing web-based authentication pages in various languages. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 516 This page displays the languages that can be customized. Click Edit Login Page. STEP 2 Figure 4 The following page is displayed: Click Edit labeled 1. The following fields are displayed: STEP 3 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 517 Service Not Available—Enter the text of the message to be displayed when the authentication service is not available. Click Apply and the settings are saved to the Running Configuration file. STEP 6 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 518 • Copyright—Select to enable displaying copyright text. • Copyright Text—Enter the copyright text. Click Apply and the settings are saved to the Running Configuration file. STEP 12 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 519 To preview the login or success message, click Preview. To set the default language of the GUI interface as the default language for Web-based authentication, click Set Default Display Language. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 520: Chapter 22: Security: Secure Sensitive Data Management
Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 521: Ssd Management
A device comes with a set of default SSD rules. An administrator can add, delete, and change SSD rules as desired. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 522 Read Permission—The read permissions associate with the rules. These can be the following: (Lowest) Exclude—Users are not permitted to access sensitive data in any form. (Middle) Encrypted Only—Users are permitted to access sensitive data as encrypted only. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 523 Each management channel allows specific read presumptions. The following summarizes these. Read Permission Default Read Mode Allowed Exclude Exclude Encrypted Only *Encrypted Plaintext Only *Plaintext Both *Plaintext, Encrypted Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 524 When doing a file transfer initiated by an XML or SNMP command, the underlying protocol NOTE used is TFTP. Therefore, the SSD rule for insecure channel will apply. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 525 Insecure Encrypted Only Encrypted The default rules can be modified, but they cannot be deleted. If the SSD default rules have been changed, they can be restored. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 526: Ssd Properties
Length—Between 8-16 characters, inclusive. • Character Classes—The passphrase must have at least one upper case character, one lower case character, one numeric character, and one special character e.g. #,$. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 527 This mode should be used when a user does not want to expose the passphrase in a configuration file. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 528 Each session has a Read mode. This determines how sensitive data appears. The Read mode can be either Plaintext, in which case sensitive data appears as regular text, or Encrypted, in which sensitive data appears in its encrypted form. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 529: Configuration Files
The SSD control block, which is protected from tampering, contains SSD rules and SSD properties of the device creating the file. A SSD control block starts and ends with "ssd-control-start" and "ssd-control-end" respectively. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 530 If there is an SSD control block in the source configuration file and the file contains plaintext, sensitive data excluding the SSD configurations in the SSD control block, the file is accepted. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 531 A user can display, copy, and upload the complete mirror and backup configuration files, subject to SSD read permission, the current read mode in the session, and the file SSD indicator in the source file as follows: Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 532 Enforce the integrity of the file content • Include the secure, authentication configuration commands and SSD rules that properly control and secure the access to devices and the sensitive data Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 533: Ssd Management Channels
Channel Console Secure Telnet Insecure Secure GUI/HTTP Insecure GUI/HTTPS GUI/HTTPS Secure XML/HTTP Insecure-XML-SNMP XML/HTTPS XML/HTTPS Secure-XML-SNMP SNMPv1/v2/v3 without Insecure-XML-SNMP Secure-XML-SNMP privacy SNMPv3 with privacy Secure-XML-SNMP (level-15 users) Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 534: Menu Cli And Password Recovery
SSD rules are defined in the SSD Rules page. SSD Properties Only users with SSD read permission of Plaintext-only or Both are allowed to set SSD properties. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 535 Click Apply. The settings are saved to the Running Configuration file. STEP 2 SSD Rules Configuration Only users with SSD read permission of Plaintext-only or Both are allowed to set SSD rules. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 536 Plaintext Only—Higher read permission than above ones. Users are permitted to get sensitive data in plaintext only. Encrypted Only—Middle read permission. Users are permitted to get sensitive data as encrypted only. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 537 The following actions can be performed on selected rules: STEP 4 • Add, Edit or Delete rules or Restore to Default. • Restore All Rules to Default—Restore a user-modified default rule to the default rule. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 538: Chapter 23: Security: Ssh Server
SSH server application, such as PuTTY. The public keys are entered in the device. The users can then open an SSH session on the device through the external SSH server application. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 539: Common Tasks
Add the users and their public key into to SSH User Authentication Table in the SSH User STEP 4 Authentication page. Establish SSH sessions to the device from a SSH client application such as PUTTY. STEP 5 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 540: Ssh User Authentication
(see User Accounts). • SSH User Authentication by Public Key—Select to perform authentication of the SSH client user using the public key. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 541: Ssh Server Authentication
SSH driver. To perform SSH Server Authentication, the remote SSH client must have a copy of the SSH server public key (or fingerprint) of the target SSH server Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 542 If the key is already being displayed as plaintext, you can click Display Sensitive Data as Encrypted. to display the text in encrypted form. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 543: Chapter 24: Security: Ssh Client
When files are downloaded via SCP, the information is downloaded from the SCP server to the device via a secure channel. The creation of this secure channel is preceded by authentication, which ensures that the user is permitted to perform the operation. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 544 One of the following can occur: If a match is found, both for the server’s IP address/host name and its fingerprint, the server is authenticated. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 545 SSH client to the SSH server. The action of creating the user and copy the public key (or fingerprint) to the SSH server is beyond the scope of this guide. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 546 When the connection between a device (as an SSH client) and an SSH server is established, the client and SSH server exchange data in order to determine the algorithms to use in the SSH transport layer. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 547 This section describes some common tasks performed by the device as a SSH client. All pages referenced are pages found under the SSH Client branch of the menu tree. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 548 Click Details to view the generated, encrypted keys, and copy them (including the Begin and STEP 3 End footers) from the Details page to an external device. Copy the public and private keys separately. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 549: Ssh User Authentication
User Key Table block. Enter the Username (no matter what method was selected) or user the default username. This STEP 3 must match the username defined on the SSH server. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 550: Ssh Server Authentication
• IPv6 Source Interface—Select the source interface whose IPv6 address will be used as the source IPv6 address for messages used in communication with IPv6 SSH servers. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 551 • Fingerprint—Enter the fingerprint of the SSH server (copied from that server). Click Apply. The trusted server definition is stored in the Running Configuration file. STEP 5 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 552: Change User Password On The Ssh Server
Old Password—This must match the password on the server. • New Password—Enter the new password and confirm it in the Confirm Password field. Click Apply. The password on the SSH server is modified. STEP 3 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 553: Chapter 25: Security: Ipv6 First Hop Security
• Attack Protection • Policies, Global Parameters and System Defaults • Common Tasks • Default Settings and Configuration • Configuring IPv6 First Hop Security through Web GUI Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 554: Ipv6 First Hop Security Overview
Certification Path Advertisement message CPS message Certification Path Solicitation message DAD-NS message Duplicate Address Detection Neighbor Solicitation message FCFS-SAVI First Come First Served - Source Address Validation Improvement Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 555 If IPv6 First Hop Security is enabled on a VLAN, the switch traps the following messages: • Router Advertisement (RA) messages • Router Solicitation (RS) messages • Neighbor Advertisement (NA) messages Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 556 Trapped RS,CPS NS and NA messages are also passed to the ND Inspection feature. ND Inspection validates these messages, drops illegal messages, and passes legal messages to the IPv6 Source Guard feature. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 557 For example, in Figure 2 Switch B and Switch C are inner links inside the protected area. Figure 2 IPv6 First Hop Security Perimeter Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 558: Router Advertisement Guard
FHS common component is enabled, a rate limited SYSLOG message is sent. Neighbor Discovery Inspection Neighbor Discovery (ND) Inspection supports the following functions: • Validation of received Neighbor Discovery protocol messages. • Egress filtering Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 559: Dhcpv6 Guard
Neighbor Binding Integrity Neighbor Binding (NB) Integrity establishes binding of neighbors. A separate, independent instance of NB Integrity runs on each VLAN on which the feature is enabled. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 560 An IPv6 address is bound to a link layer property of the host's network attachment. This property, called a "binding anchor" consists of the interface identifier (ifIndex) through which the host is connected to and the host’s MAC address. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 561 If no NA message is received as a reply to the DAD-NS message, the local device infers that no binding for that address exists in other devices and creates the local binding for that address. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 562: Ipv6 Source Guard
Neighbor Binding table except for the following messages that are passed without validation: • RS messages, if the source IPv6 address equals the unspecified IPv6 address. • NS messages, if the source IPv6 address equals the unspecified IPv6 address. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 563: Attack Protection
NB Integrity provides protection against such attacks in the following ways: • If the given IPv6 address is unknown, the Neighbor Solicitation (NS) message is forwarded only on inner interfaces. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 564 MAC address for the last hop routing. A malicious host could send IPv6 messages with a different destination IPv6 address for the last hop forwarding, causing overflow of the NBD cache. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 565: Policies, Global Parameters And System Defaults
When a user-defined policy is attached to an interface, the default policy for that interface is detached. If the user-define policy is detached from the interface, the default policy is reattached. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 566: Common Tasks
In this same page, set the Global Packet Drop Logging feature. STEP 2 If required, either configure a user-defined policy or add rules to the default policies for the STEP 3 feature. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 567 In this same page, set the global configuration values that are used if no values are set in a STEP 2 policy. If required, either configure a user-defined policy or add rules to the default policies for the STEP 3 feature. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 568: Default Settings And Configuration
Default Settings and Configuration If IPv6 First Hop Security is enabled on a VLAN, the switch traps the following messages by default: • Router Advertisement (RA) messages Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 569: Configuring Ipv6 First Hop Security Through Web Gui
Click Apply to add the settings to the Running Configuration file. STEP 3 Create a FHS policy if required by clicking Add. STEP 4 Enter the following fields: • Policy Name—Enter a user-defined policy name. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 570 Policy Name—Enter a user-defined policy name. • Device Role—Displays one of the following options to specify the role of the device attached to the port for RA Guard. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 571 Minimal Hop Limit—Indicates if the RA Guard policy checks the minimum hop limit of the packet received. Inherited—Feature is inherited from either the VLAN or system default (client). Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 572 The following values are acceptable: low, medium and high (see RFC4191). High—Specifies the maximum allowed Advertised Default Router Preference value. The following values are acceptable: low, medium and high (see RFC4191). Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 573 This value must be greater than the Minimal Preference value. No Verification—Disables verification of the lower boundary of the hop count limit. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 574 Minimal Preference—This field indicates whether the DHCPv6 Guard policy will check the minimum advertised preference value of the packet received. Inherited—Minimal preference is inherited from either the VLAN or system default (client). Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 575 This displays whether the policy is user-defined or a default one. Enter the following global configuration fields: STEP 2 • ND Inspection VLAN List—Enter one or more VLANs on which ND Inspection is enabled. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 576 Inherited—Inherit value from VLAN or system default (disabled). No Verification—Disables verification of the security level. User Defined—Specify the security level of the message to be forwarded. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 577 Binding is enabled. • Device Role—Displays the device global default role (Perimeter). • Neighbor Binding Lifetime—Enter the length of time that addresses remain in the Neighbor Bindings table. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 578 Inherited—Role of device is inherited from either the VLAN or system default (client). Perimeter—Port is connected to devices not supporting IPv6 First Hop Security. Internal—Port is connected to devices supporting IPv6 First Hop Security. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 579 User Defined to set a special value for this policy. Click Apply to add the settings to the Running Configuration file. STEP 5 To attach this policy to an interface: STEP 6 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 580 To attach this policy to an interface click Attach Policy to Interface, which takes you to the STEP 6 Policy Attachment (Port) page where you can attach this policy to a port. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 581 Policy Name—Select the name of the policy to attach to the interface • VLAN List—Select the VLANs to which the policy is attached. Click Apply to add the settings to the Running Configuration file. STEP 3 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 582 Interface— Port on which packet is received. • MAC Address— Neighbor MAC address of the packet. Click Apply to add the settings to the Running Configuration file. STEP 4 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 583 Select a port, LAG or VLAN for which the FHS state is reported. STEP 2 The following fields are displayed for the selected interface: STEP 3 • FHS Status Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 584 • ND Inspection Status ND Inspection State on Current VLAN:—Is ND Inspection enabled on the current VLAN. Device Role:—ND Inspection device role. Drop Unsecure:—Are unsecure messages dropped. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 585 The following global overflow counters are displayed: STEP 3 • Neighbor Binding Table—Number of entries that could not be added to this table because the table reached its maximum size. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 586 Feature— Type of message dropped (DHCPv6 Guard, RA Guard and so on). • Count—Number of messages dropped. • Reason—Reason that the messages dropped. Click Clear Global Counters to clear the global overflow counters. STEP 5 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 587: Chapter 26: Access Control
Either a DENY or PERMIT action is applied to frames whose contents match the filter. The various devices supports the following number of ACLs and ACEs: Device Max ACLs Max ACEs SG550XG Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 588 MAC ACL—Examines Layer 2 fields only, as described in Defining MAC-based ACLs • IP ACL—Examines the Layer 3 layer of IP frames, as described in IPv4-based ACLs Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 589 The SYSLOG messages are in Informational severity, and state if the packet matched a deny rule or a permit rule. • For layer 2 packets, the SYSLOG includes the information (if applicable): source MAC, destination MAC, Ethertype, VLAN-ID, and CoS queue. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 590 IPv6-based ACL by using the IPv6-Based ACL page and the IPv6-Based ACE page 2. Associate the ACL with interfaces by using the ACL Binding (VLAN) ACL Binding (Port) page. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 591: Mac-Based Acls Creation
Enter the name of the new ACL in the ACL Name field. ACL names are case-sensitive. STEP 3 Click Apply. The MAC-based ACL is saved to the Running Configuration file. STEP 4 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 592 Note that this mask is different than in other uses, such as subnet mask. Here, setting a bit as 1 indicates don't care and 0 indicates to mask that value. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 593: Ipv4-Based Acl Creation
ICMP and IGMP type and code • Source/destination IP addresses (including wildcards) • DSCP/IP-precedence value ACLs are also used as the building elements of flow definitions for per-flow QoS handling. NOTE Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 594 Priority—Enter the priority. ACEs with higher priority are processed first. • Action—Select the action assigned to the packet matching the ACE. The options are as follows: Permit—Forward packets that meet the ACE criteria. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 595 IPV6:ROUT—Matches packets belonging to the IPv6 over IPv4 route through a gateway IPV6:FRAG—Matches packets belonging to the IPv6 over IPv4 Fragment Header IDRP—Inter-Domain Routing Protocol RSVP—ReSerVation Protocol AH—Authentication Header IPV6:ICMP—Internet Control Message Protocol Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 596 Single by number—Enter a single TCP/UDP source port to which packets are matched. This field is active only if 800/6-TCP or 800/17-UDP is selected in the Select from List drop-down menu. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 597 Either select the message type by name or enter the message type number: Any—All message types are accepted. Select from list—Select message type by name. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 598: Ipv6-Based Acl Creation
Select an ACL, and click Go. All currently-defined IP ACEs for the selected ACL are STEP 2 displayed. Click Add. STEP 3 Enter the parameters. STEP 4 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 599 Source IP Prefix Length—Enter the prefix length of the source IP address. • Destination IP Address—Select Any if all destination address are acceptable or User defined to enter a destination address or a range of destination addresses. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 600 ICMP—If the ACL is based on ICMP, select the ICMP message type that is used for filtering purposes. Either select the message type by name or enter the message type number. If all message types are accepted, select Any. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 601: Acl Binding
ACL Binding (VLAN) To bind an ACL to a VLAN: Click Access Control > ACL Binding (VLAN). STEP 1 Select a VLAN and click Edit. STEP 2 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 602 Default Action—Action of the ACL’s rules (drop any/permit any). To unbind all ACLs from an interface, select the interface, and click Clear. NOTE Select an interface, and click Edit. STEP 4 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 603 Click Apply. The ACL binding is modified, and the Running Configuration file is updated. STEP 6 If no ACL is selected, the ACL(s) that is previously bound to the interface are unbound. NOTE Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 604: Chapter 27: Quality Of Service
This section covers the following topics: • QoS Features and Components • General • QoS Basic Mode • QoS Advanced Mode • QoS Statistics Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 605: Qos Features And Components
CoS/802.1p to a Queue page or the DSCP to Queue page (depending on whether the trust mode is CoS/802.1p or DSCP, respectively). Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 606 When changing from QoS Basic mode to Advanced mode, the QoS Trust mode configuration in Basic mode is not retained. • When disabling QoS, the shaper and queue setting (WRR/SP bandwidth setting) are reset to default values. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 607: General
Workflow to Configure Basic QoS Mode b. Configure Advanced mode, as described in Workflow to Configure Advanced QoS Mode. General This section covers the following topics: • QoS Properties Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 608 Basic mode and Trust CoS is selected in the Global Settings page. Click Apply. The Running Configuration file is updated. STEP 4 To set QoS on an interface, select it, and click Edit. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 609 WRR queues. Only after the strict priority queues have been emptied is traffic from the WRR queues forwarded. (The relative portion from each WRR queue depends on its weight). Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 610 (0-7, 7 being the (8 queues 1-8, 8 (8 is the highest highest) is the highest priority used for priority) stack control traffic) Stack Background Best Effort Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 611 Queue 4 or Queue 8 is the highest priority egress queue and Queue 1 is the lowest priority. For each 802.1p priority, select the Output Queue to which it is mapped. STEP 3 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 612 • The device is in QoS Advanced mode and the packets belongs to flows that is DSCP trusted Non-IP packets are always classified to the best-effort queue. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 613 DSCP Queue DSCP Queue The following tables describe the default DSCP to queue mapping for a 8-queue system where 8 is highest: DSCP Queue DSCP Queue DSCP Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 614 Click Quality of Service > General > Bandwidth. STEP 1 The fields in this page are described in the Edit page below, except for the following fields: • Ingress Rate Limit: Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 615 This amount can be sent even if it temporarily increases the bandwidth beyond the allowed limit. Click Apply. The bandwidth settings are written to the Running Configuration file. STEP 5 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 616 Rate limiting per VLAN, performed in the VLAN Ingress Rate Limit page, enables traffic limiting on VLANs. When VLAN ingress rate limiting is configured, it limits aggregate traffic from all the ports on the device. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 617 If this feature is enabled on a device, iSCSI traffic on any interface will be assigned the defined priority, and iSCSI traffic will not be subject to ACL or Policy rules set on interface. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 618 TCP port parameter, or enter an IP address in User Defined field to define a specific target address. Click Apply to save the settings. STEP 5 Click Restore Default Flows to restore the default flows. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 619: Qos Basic Mode
DSCP trusted mode. CoS/802.1p trusted mode uses the 802.1p priority in the VLAN tag. DSCP trusted mode use the DSCP value in the IP header. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 620 The frame is mapped to an egress queue using the new, rewritten value, and not NOTE by the original DSCP value. If Override Ingress DSCP was enabled, click DSCP Override Table to reconfigure DSCP. STEP 4 (See DSCP Override Table). Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 621: Qos Advanced Mode
Click Apply. The Running Configuration file is updated. STEP 6 QoS Advanced Mode This section covers the following topics: • Overview • Global Settings • Out-of-Profile DSCP Mapping Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 622 Per flow QoS are applied to flows by binding the policies to the desired ports. A policy and its class maps can be bound to one or more ports, but each port is bound with at most one policy. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 623 Single Policer—Create a policy that associates a class map with a single policer by using the Policy Table page and the Class Mapping page. Within the policy, define the single policer. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 624 Select Override Ingress DSCP to override the original DSCP values in the incoming packets STEP 4 with the new values according to the DSCP Override Table (See DSCP Override Table). When Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 625 DSCP values 16, 24, and 48, Out of Profile DSCP Mapping changes the incoming values as they are mapped to the outgoing values. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 626 IPv6 address as a filtering condition. The Class Mapping page shows the list of defined class maps and the ACLs comprising each, and enables you to add/delete class maps. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 627 You can measure the rate of traffic that matches a pre-defined set of rules, and to enforce limits, such as limiting the rate of file-transfer traffic that is allowed on a port. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 628 DSCP value that marks them as lower-priority frames for all subsequent handling within the device. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 629 Drop—Drop the frames violating the peak size. Out-of-Profile DSCP—Mark frames violating the peak size with the DSCP value with previously-set DSCP value. Click Apply. The Running Configuration file is updated. STEP 4 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 630 To add a new class map, click Add. STEP 3 Enter the parameters. STEP 4 • Policy Name—Displays the policy to which the class map is being added. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 631 – the flow traffic will be also be forwarded. If the action of flow ACL is deny – flow traffic will be mirrored but not forwarded to the egress network interface (drop behavior). Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 632 Violate Action—Select one of the following actions if peak size is exceeded:. Drop—Drop the frames violating the peak size. Out-of-Profile DSCP—Mark frames violating the peak size with the DSCP value with previously-set DSCP value. Click Apply. STEP 7 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 633 Policy Name—Select the output policy being bound. • Default Action: Select action if packet matches policy: Deny Any—Select to forward packets on the interface if they match any policy. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 634: Qos Statistics
Policy—Statistics are displayed for this policy. • Class Map—Statistics are displayed for this class map. • In-Profile Bytes—Number of in-profile bytes received. • Out-of-Profile Bytes—Number of out-profile bytes received. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 635 STEP 4 is updated. Queues Statistics The Queues Statistics page displays queue statistics, including statistics of forwarded and dropped packets, based on interface, queue, and drop precedence. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 636 Set 2—Displays the statistics for Set 2 that contains all interfaces and queues with a low DP. • Interface—Select the ports for which statistics are displayed. The options are: Unit No—Selects the unit number. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 637 All—Whether to count packets all packets no matter what their probability of being dropped is. Click Apply. The Queue Statistics counter is added, and the Running Configuration file is STEP 4 updated. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 638: Chapter 28: Snmp
The system responds only to SNMP messages specifying the community which has the correct permissions and correct operation. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 639 Advanced Mode—The access rights of a community are defined by a group (defined in the Groups page). You can configure the group with a specific security model. The access rights of a group are Read, Write, and Notify. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 640 SNMPv3 Notification Recipients page. STEP 7 Supported MIBs For a list of supported MIBs, visit the following URL and navigate to the download area listed as Cisco MIBS: www.cisco.com/cisco/software/navigator.html Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 641 SG350-28 28-Port Gigabit Managed Switch 9.6.1.95.28.1 SG350-28P SG350-28P 28-Port Gigabit PoE Managed 9.6.1.95.28.5 Switch SG350-28MP SG350-28MP 28-Port Gigabit PoE Managed 9.6.1.95.28.6 Switch SG350X-24 24-Port Gigabit Stackable Managed Switch 9.6.1.94.24.1 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 642 SG550XG-24T 24-Port 10GBase-T Stackable 9.6.1.90.24.9 Managed Switch SG550XG-24F 24-port SFP+ Ten Gigabit Stackable Switch 9.6.1.90.24.8 (2 combo) with RPS support SG550XG-48T SG550XG-48T 48-Port 10GBase-T Stackable 9.6.1.90.48.9 Managed Switch Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 643: Engine Id
User Defined—Enter the local device engine ID. The field value is a hexadecimal string (range: 10 - 64). Each byte in the hexadecimal character strings is represented by two hexadecimal digits. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 644: Views
Each subtree is either included or excluded in the view being defined. The Views page enables creating and editing SNMP views. The default views (Default, DefaultSuper) cannot be changed. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 645 In order to verify your view configuration, select the user-defined views from the Filter: View STEP 6 Name list. The following views exist by default: • Default—Default SNMP view for read and read/write views. • DefaultSuper—Default SNMP view for administrator views. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 646: Groups
Three types of views with various security levels can be defined. For each security level, select the views for Read, Write and Notify by entering the following fields: • Enable—Select this field to enable the Security Level. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 647: Users
Groups enable network managers to assign access rights to a group of users instead of to a single user. A user can only belong to a single group. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 648 Authentication Method—Select the Authentication method that varies according to the Group Name assigned. If the group does not require authentication, then the user cannot configure any authentication. The options are: None—No user authentication is used. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 649: Communities
Advanced Mode—The access rights of a community are defined by a group (defined in the Groups page). You can configure the group with a specific security model. The access rights of a group are Read, Write, and Notify. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 650 MIB. If this is selected, enter the following fields: Access Mode—Select the access rights of the community. The options are: Read Only—Management access is restricted to read-only. Changes cannot be made to the community. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 651: Trap Settings
Notification Recipients Trap messages are generated to report system events, as defined in RFC 1215. The system can generate traps defined in the MIB that it supports. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 652 Traps IPv6 Source Interface—Select the source interface whose IPv6 address will be used as the source IPv6 address in trap messages for communication with IPv6 SNMP servers. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 653 • Notification Filter—Select to enable filtering the type of SNMP notifications sent to the management station. The filters are created in the Notification Filter page. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 654 Server Definition—Select whether to specify the remote log server by IP address or name. • IP Version—Select either IPv4 or IPv6. • IPv6 Address Type—Select the IPv6 address type (if IPv6 is used). The options are: Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 655 Privacy—Indicates the packet is both authenticated and encrypted. • Notification Filter—Select to enable filtering the type of SNMP notifications sent to the management station. The filters are created in the Notification Filter page. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 656: Notification Filter
Include in filter option is selected. Select or deselect Include in filter. If this is selected, the selected MIBs are included in the STEP 4 filter, otherwise they are excluded. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 657 SNMP Notification Filter Click Apply. The SNMP views are defined and the running configuration is updated. STEP 5 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 658: Chapter 29: Smart Network Application (Sna)
Right-Hand Information Panel • Operations • Overlays • Tags • Search • Notifications • Device Authorization Control (DAC) • Services • Saving SNA Settings • Technical Details Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 659: Sna Sessions
This is done by re-entering the credentials, and can be done at any time. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 660: Sna Graphics
The SNA uses the following icons: Table 1 Icon Descriptions Icon Description Cloud Backbone Device. The orange number is the number of notifications existing for the device. Offline Device (greyed out) Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 661 SNA Graphics Table 1 Icon Descriptions Icon Description Access Point Client PC Client Phone Client Unknown Device Side Panel Connection Side Panel Multi Selection Side Panel Port Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 662: Top Right-Hand Menu
Log out of system by clicking Log out. Upgrade your permissions by clicking Upgrade Permission. • E—Click to delete a selected device. Topology View The topology view is the main view of the SNA. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 663 Various overlays can be selected for the topology views that affect the graphic representation Topology Overlays. of elements. See The topology discovery mechanism uses information gathered from LLDP and CDP TLVs to identify devices in the network. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 664 Switches discovered on the network are labeled as one of the following types: SNA Switch— Switch (running version 2.2.5 or higher) with the full SNA feature set. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 665 Distinct visual appearance from online devices on the topology map (see “Topology View:”): Can be moved on the topology, and its placement can be saved. You can also add tags to the device (see Tags). Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 666 (see Explorers). If a device has one or more client devices attached to it, a + appears on it: Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 667 The following attributes are displayed: • Port name • Unit Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 668 The slot of the port is not shown on SNA. For example, the gigabyte port gi1/0/12 is shown as GE1/12 in SNA. Names of ports that are discovered on devices with no SNA capabilities are displayed as they are advertised with no manipulation. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 669 Link bandwidth for each link comprising the connection Clouds Clouds are sections of the network that SNA cannot map in detail. They are indicated by the following icon: Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 670: Right-Hand Information Panel
The right-hand information panel contains the following blocks: • Header Block • Right-Hand Information Panel Cogwheel • Basic Information Block • Notifications Block • Services Block • Tags • Statistics Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 671 Smart Network Application (SNA) Right-Hand Information Panel Figure 2 shows a sample of the right-hand information panel: Figure 2 Right-Hand Information Panel Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 672 IP address if the host name is not known, or MAC address if both the host name and the IP address are not known. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 673 Explore Device—This option is only available for SNA switches, and only appears when a single device is selected. Selecting this action opens the device explorer for the selected switch. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 674 Some of the information is shown at all times, and some is shown only if the View All button is clicked. If no information is received on a certain parameter, that parameter is not displayed in the Basic Information section. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 675 1, 6, 13-19, 1054, 2012- VLANs device. Dashed lines are used to join 2100, 4094 consecutive VLANs. Active The version number of the active 2.2.0.53 Firmware firmware Version Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 676 192.168.1.55 connect to the device when last seen. MAC Address The base MAC address of the device 00:00:b0:83:1f:ac Description Editable field of a maximum of 80 characters. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 677 Based on the information from the 80/42 % (Tx/Rx) connected port. PoE Power Appears only if the client is connected 8900 mW Consumption to a PoE port. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 678 The parameters below only appear when View all is clicked. Interface Uses the value of the interface’s ifAlias MIB. "WS 28" Description String with a maximum of 64 characters. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 679 Private – Host • Private – Promiscuous PoE Power Appears only for PoE-capable ports 8900 MW Consumption Spanning Tree Displays the interface STP-state. Blocking State Forwarding Disabled Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 680 Services for additional information. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 681 Last five minutes—20 samples (one every 15 seconds). • Last hour—60 samples (one every minute) • Last day—24 samples (one every hour) • Last week—7 samples (one every day) Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 682 The graph is available for all interfaces of devices with full SNA support and has separate lines for Tx and for Rx traffic. You can select a number of ports and types of traffic to run a side-by-side comparison. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 683: Operations
View information regarding the element—See • Services Configure an element—See • Manually Adding a Device or Add a device or switch to the Topology View—See Switch to the Topology View Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 684 Devices added by this method remain in the topology map until removed manually. If such devices are not connected, or not detected by SNA, they are displayed as offline devices. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 685 Description — Description of the interface. Uses the MIB ifAlias. • When the Link Utilization overlay is selected, the following columns are displayed: Current Speed — Current speed of the interface (10M, 100M, 1G…). Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 686 Some information on interfaces may only be available if the interface belongs to an SNA-capable device. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 687 There are no placeholders for non-available information. • Device Type—Type of client device. • Connected port—The port on the parent switch to which this client is connected. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 688: Overlays
Some overlays may have parameters associated with them, such as the VLAN overlay. When you select the VLAN overlay, for example, you must also select a specific VLAN. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 689 5% and the other direction has a utilization of 92%, the aggregated connection in the topology map is red, as the highest utilization in the connection is 92%. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 690 LAG. It is possible that some links in a LAG provide power while others do not. VLAN Membership This overlay enables viewing of the VLAN memberships of various ports and devices in the network. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 691 • If at least one link is highlighted, the connection is highlighted. • If at least one link has an asymmetric connection, the connection is yellow. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 692: Tags
The following is a list of built-in tags: Tags Method for Assigning Tag According to SNA internal data Partial SNA According to SNA internal data Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 693 According to SNA internal data. This is displayed if a device is capable of receiving power via PoE (even if it does not actually receive any power via PoE). Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 694 To view a list of all Tags, perform the following: STEP 1 Click the Hamburger menu in the left-hand side of the Topology view: The following menu is displayed: Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 695 User-Defined Tags You can create new tags and add them manually to selected elements in the topology in the Tags section of the right-hand information. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 696: Search
Use the search functionality to locate specific devices in the Topology view. The search term entered is searched in the information known to SNA. The following items can be searched: • IP addresses Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 697 Click in the Search box: STEP 2 Enter the keyword “Tag” and the name of the tag, as shown in the example below: STEP 3 Click . The results are displayed. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 698: Notifications
In addition, a general notification icon on the application masthead is displayed when there is a notification. These indications are cleared when logging out, and are updated again as events take place while SNA is operational. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 699 Originating device — Appears only in the aggregated notifications display. The originating device is identified by the strongest available form of identification according to the following priority: Host name  IP address  MAC address. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 700 Smart Network Application (SNA) Notifications • Timestamp • Severity • SYSLOG text Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 701: Device Authorization Control (Dac)
To access DAC, perform the following: STEP 1 Click the options menu in the left-hand side of the masthead: The following menu is displayed: Select Edit DAC Mode. STEP 2 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 702 Enter a key string that will be used by the DAC RADIUS server with all its clients on the network. Click Done. STEP 7 The DAC RADIUS server is highlighted in the Topology view. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 703 When informing the user of the new device, SNA provides the MAC address of the device and the device and port through which the device attempted to access the network. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 704 (this option is selected by default). Finally, apply the configurations. The report displays warnings if some steps of the DAC configuration process are missed, along with the status of the actions as handled by the devices. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 705 RADIUS server. • No ports are selected. • Status Pending When the status is a failure, the error message is shown • Success for the action. • Failure Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 706 (Last Seen) and through which port/device it attempted to access the network (Seen At). Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 707: Services
By default, all services copy the running configuration file to the startup configuration file automatically after the configuration is performed. You can disable this option. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 708 SG350XG-2F10. RADIUS Client Configuration This service enables you to configure one or more devices as RADIUS clients by defining the RADIUS server they are using for login. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 709 If an entry with the same IP address or host name already exists in a priority lower than 0, the entry’s priority is changed to 0, and the login usage is added to it, if needed. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 710 RADIUS. If RADIUS is selected, the actual value configured for all channels is RADIUS, Local. DNS Client Configuration The DNS Client Configuration service enables defining the DNS server that the selected devices use. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 711 If a static entry existed and was displayed, the new entry created by the service replaces the pre-existing entry. Displayed/Editable Parameters To define a new SYSLOG server, enter the server’s IPv4 or IPv6 address. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 712 SNTP server is displayed according to the following priority: First SNTP server (alphabetically) defined by host name. Lowest SNTP server defined by IPv4 Lowest SNTP server defined by IPv6 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 713 Instead, it performs an operation on all selected devices. Use this service to download new firmware versions or configuration files to the selected devices or reboot them. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 714 This file is then downloaded to all devices participating in the service. After downloading the new firmware, the device also automatically makes it the active firmware version. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 715 Used to download a new configuration file. In the local file system, browse to the new configuration file and select it. This file is then downloaded to the startup- configuration of all devices participating in the service. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 716 When activating the download, you can request that all devices reboot after downloading the configuration file to make the new configurations active. • Reboot: Click Go to reboot the devices without performing any other actions. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 717 Custom—Displayed if an SNA-created schedule is not applied uniformly to all Access ports. Access ports are ports whose VLAN mode is Access. Configured ports—A list of all ports that are bound to the SNA-created schedule. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 718 To set up a power management policy: STEP 1 Select a device in the Topology view. Select the Power Management service in the right-hand information. STEP 2 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 719 Smart Network Application (SNA) Services The following is displayed: Click Select Ports. STEP 3 Select one or more ports and click Done. STEP 4 Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 720 The following services are available for interfaces: • Power Management Settings (Port)—PoE priority and applying schedule behavior • VLAN Membership (port/LAG) — Switchport type (Access and Trunk), membership for Access and Trunk Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 721 PoE ports. • SNA Power Schedule (Applied/Not Applied—This control appears only if the device has a power schedule created by SNA. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 722 PoE power and data inactive is treated as if it were Data inactive, and the option PoE power inactive is treated as if the schedule was not activated on the non- PoE port. Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 723: Saving Sna Settings
If you manually save the settings after importing a new file, the option to revert is no longer available Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 724: Technical Details
Supported browsers: IE10 and above, Chrome, FireFox. • Safari on MAC OS: 6.1.2-7.0.2 • Supported OS: Win 7, Win 8, Win 8.1, Linux 2.6, 3.11, MAC OSX version 10.7 and up Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x...
Page 725 Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.

Cisco SX350 Series Administration Manual

Chapter 1: Getting Started

Chapter 2: Dashboard

Chapter 3: Configuration Wizards

Chapter 4: Status and Statistics

Chapter 5: Administration

Chapter 6: Administration: File Management

Chapter 7: Administration: Stack Management

Chapter 8: Administration: Time Settings

Chapter 9: Administration: Discovery

Chapter 10: Port Management

Chapter 11: Smartport

Chapter 12: VLAN Management

Chapter 13: Spanning Tree

Chapter 14: Managing MAC Address Tables

Chapter 15: Multicast

Chapter 16: IP Configuration

Chapter 17: IP Configuration: Ripv2

Chapter 18: IP Configuration: VRRP

Chapter 19: IP Configuration: SLA

Chapter 20: Security

Chapter 21: Security: 802.1X Authentication

Chapter 22: Security: Secure Sensitive Data Management

Chapter 23: Security: SSH Server

Chapter 24: Security: SSH Client

Chapter 25: Security: Ipv6 First Hop Security

Chapter 26: Access Control

Chapter 27: Quality of Service

Chapter 28: SNMP

Chapter 29: Smart Network Application (SNA)

Quick Links

Related Manuals for Cisco SX350 Series

Summary of Contents for Cisco SX350 Series