Cisco Small Business 300 Administration Manual
  1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Switch
  5. Small Business 300
  6. Administration manual

Cisco Small Business 300 Administration Manual

Managed switch release 1.3
Hide thumbs Also See for Small Business 300:
1
Table Of Contents
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
Table of Contents

Advertisement

Quick Links

Download this manual
ADMINISTRATION
GUIDE
Cisco Small Business 300 Series Managed Switch
Administration Guide Release 1.3

Advertisement

Table of Contents
loading

Related Manuals for Cisco Small Business 300

Summary of Contents for Cisco Small Business 300

  • Page 1 ADMINISTRATION GUIDE Cisco Small Business 300 Series Managed Switch Administration Guide Release 1.3...

  • Page 2: Table Of Contents

    Defining RMON Events Control Viewing the RMON Events Logs Defining RMON Alarms Chapter 3: Administration: System Log Setting System Log Settings Setting Remote Logging Settings Viewing Memory Logs RAM Memory Flash Memory Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 3 Displaying the System Summary Configuring the System Settings Console Settings (Autobaud Rate Support) Rebooting the Device Routing Resources Monitoring Fan Status Defining Idle Session Timeout Pinging a Host Traceroute Chapter 6: Administration: Time Settings Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 4 LLDP and CDP Configuring LLDP LLDP Overview Setting LLDP Properties Editing LLDP Port Settings LLDP MED Network Policy Configuring LLDP MED Port Settings Displaying LLDP Port Status Displaying LLDP Local Information Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 5 Configuring Green Ethernet Green Ethernet Overview Power Saving by Disabling Port LEDs 802.3az Energy Efficient Ethernet Feature Setting Global Green Ethernet Properties Setting Green Ethernet Properties for Ports Chapter 10: Smartport Overview Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 6 Smartport Interface Settings Built-in Smartport Macros Chapter 11: Port Management: PoE PoE on the Device PoE Features PoE Operation PoE Configuration Considerations Configuring PoE Properties Configuring PoE Settings PoE priority example: Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 7 Adding Interfaces to Voice VLAN on Basis of OUIs Access Port Multicast TV VLAN IGMP Snooping Differences Between Regular and Multicast TV VLANs Configuration Multicast TV Group to VLAN Port Multicast VLAN Membership Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 8 Querying Dynamic Addresses Defining Reserved MAC Addresses Chapter 15: Multicast Multicast Forwarding Typical Multicast Setup Multicast Address Properties Defining Multicast Properties Adding MAC Group Address Adding IP Multicast Group Addresses Configuring IGMP Snooping Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 9 How the DHCP Snooping Binding Database is Built DHCP Snooping Along With DHCP Relay DHCP Default Configuration Configuring DHCP Work Flow DHCP Snooping/Relay Properties Interface Settings DHCP Snooping Trusted Interfaces DHCP Snooping Binding Database Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 10 Global Destinations Interface Settings Domain Name DNS Settings Search List Host Mapping Chapter 17: Security Defining Users Setting User Accounts Setting Password Complexity Rules Configuring TACACS+ Accounting Using a TACACS+ Server Defaults Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 11 Defining 802.1X Port Authentication Defining Host and Session Authentication Viewing Authenticated Hosts Defining Time Ranges Denial of Service Prevention Secure Core Technology (SCT) Types of DoS Attacks Defense Against DoS Attacks Dependencies Between Features Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 12 Defining ARP Inspection Access Control Rules Defining ARP Inspection VLAN Settings Chapter 18: Security: Secure Sensitive Data Management Introduction SSD Management SSD Rules Elements of an SSD Rule SSD Rules and User Authentication Default SSD Rules Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 13 SSD Rules Chapter 19: Security: SSH Client Secure Copy (SCP) and SSH Protection Methods Passwords Public/Private Keys Import Keys SSH Server Authentication SSH Client Authentication Supported Algorithms Before You Begin Common Tasks Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 14 Chapter 22: Quality of Service QoS Features and Components QoS Modes QoS Workflow Configuring QoS - General Setting QoS Properties Configuring QoS Queues Mapping CoS/802.1p to a Queue Mapping DSCP to Queue Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 15 Viewing Single Policer Statistics Viewing Aggregated Policer Statistics Viewing Queues Statistics Chapter 23: SNMP SNMP Versions and Workflow SNMPv1 and v2 SNMPv3 SNMP Workflow Supported MIBs Model OIDs SNMP Engine ID Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 16 Contents Configuring SNMP Views Creating SNMP Groups Managing SNMP Users Defining SNMP Communities Defining Trap Settings Notification Recipients Defining SNMPv1,2 Notification Recipients Defining SNMPv3 Notification Recipients SNMP Notification Filters Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 17 Contents Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 18: Chapter 1: Getting Started

    IPv6 address. • If you have multiple IPv6 interfaces on your management station, use the IPv6 global address instead of the IPv6 link local address to access the device from your browser. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 19: Cisco Small Business 300 Series Managed Switch Administration Guide

    IP address, the power LED is on solid. Logging In The default username is cisco and the default password is cisco. The first time that you log in with the default username and password, you are required to enter a new password.

  • Page 20: Http/Https

    Getting Started Starting the Web-based Configuration Utility If this is the first time that you logged on with the default user ID (cisco) and the STEP 3 default password (cisco) or your password has expired, the Change Password Page appears. See Password Expiration for additional information.

  • Page 21: Cisco Small Business 300 Series Managed Switch Administration Guide

    Getting Started page. If you did not select this option, the initial page is the Getting Started page. If you did select this option, the initial page is the System Summary page. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 22: Cisco Small Business 300 Series Managed Switch Administration Guide

    Configure Port Mirroring Port and VLAN Mirroring page There are two hot links on the Getting Started page that take you to Cisco web pages for more information. Clicking on the Support link takes you to the device product support page, and clicking on the Forums link takes you to the Small Business Support Community page.

  • Page 23: Cisco Small Business 300 Series Managed Switch Administration Guide

    Gigabit Ethernet ports (10/100/1000 bits)—These are displayed as LAG (Port Channel)—These are displayed as LAG. VLAN—These are displayed as VLAN. Tunnel —These are displayed as Tunnel. • Interface Number: Port, LAG, tunnel or VLAN ID Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 24: Cisco Small Business 300 Series Managed Switch Administration Guide

    Configuration and sets the device parameters according to the data in the Running Configuration. Username Displays the name of the user logged on to the device. The default username is cisco. (The default password is cisco). Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 25: Cisco Small Business 300 Series Managed Switch Administration Guide

    SYSLOG Alert Status icon is no longer displayed. To display the page when there is not an active SYSLOG message, Click Status and Statistics > View Log > RAM Memory. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 26: Cisco Small Business 300 Series Managed Switch Administration Guide

    Click to clear the statistic counters for the selected Counters interface. Clear Logs Clears log files. Clear Table Clears table entries. Close Returns to main page. If any changes were not applied to the Running Configuration, a message appears. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 27: Cisco Small Business 300 Series Managed Switch Administration Guide

    2. Click Close to return to the main page. Enter the query filtering criteria and click Go. The results are displayed on the page. Test Click Test to perform the related tests. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 28: Cisco Small Business 300 Series Managed Switch Administration Guide

    Getting Started Window Navigation Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 29: Chapter 2: Status And Statistics

    Interface—Select the type of interface and specific interface for which Ethernet statistics are to be displayed. • Refresh Rate—Select the time period that passes before the interface Ethernet statistics are refreshed. The available options are: No Refresh—Statistics are not refreshed. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 30: Cisco Small Business 300 Series Managed Switch Administration Guide

    The refresh rate of the information can be selected. This page provides more detailed information regarding errors in the physical layer (Layer 1), which might disrupt traffic. To view Etherlike Statistics and/or set the refresh rate: Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 31: Cisco Small Business 300 Series Managed Switch Administration Guide

    To clear statistics counters: • Click Clear Interface Counters to clear the selected interfaces counters. • Click View All Interfaces Statistics to see all ports on a single page. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 32: Cisco Small Business 300 Series Managed Switch Administration Guide

    Invalid Protocol ID—Invalid protocol ID errors. • Invalid Attribute Type—Invalid attribute ID errors. • Invalid Attribute Value—Invalid attribute value errors. • Invalid Attribute Length—Invalid attribute length errors. • Invalid Event—Invalid events. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 33: Viewing 802.1X Eap Statistics

    EAP Response Frames Received—EAP Response frames received by the port (other than Resp/ID frames). • EAP Request/ID Frames Transmitted—EAP Req/ID frames transmitted by the port. • EAP Request Frames Transmitted—EAP Request frames transmitted by the port. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 34: Viewing Tcam Utilization

    Maximum TCAM Entries for IPv4 and Non-IP (Rules)—Maximum TCAM Entries available. • IPv4 Routing In Use—Number of TCAM entries used for IPv4 routing. Maximum—Number of available TCAM entries that can be used for IPv4 routing. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 35: Managing Rmon

    RMON standard. An oversized packet is defined as an Ethernet frame with the following criteria: • Packet length is greater than MRU byte size. • Collision event has not been detected. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 36 (FCS Error) or a bad FCS with a non-integral octet (Alignment Error) number. A Jabber packet is defined as an Ethernet frame that satisfies the following criteria: Packet data length is greater than MRU. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 37: Configuring Rmon History

    After the data is sampled and stored, it appears in the History Table page that can be viewed by clicking History Table. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 38: Viewing The Rmon History Table

    Click Status and Statistics > RMON > History. STEP 1 Click History Table. STEP 2 From the History Entry No. list, select the entry number of the sample to display. STEP 3 Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 39: Defining Rmon Events Control

    You can control the occurrences that trigger an alarm and the type of notification that occurs. This is performed as follows: • Events Page—Configures what happens when an alarm is triggered. This can be any combination of logs and traps. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 40 Click Apply. The RMON event is saved to the Running Configuration file. STEP 4 Click Event Log Table to display the log of alarms that have occurred and that have STEP 5 been logged (see description below). Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 41: Viewing The Rmon Events Logs

    The Alarms page provides the ability to configure alarms and to bind them with events. Alarm counters can be monitored by either absolute values or changes (delta) in the counter values. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 42 Rising Alarm—A rising value triggers the rising threshold alarm. Falling Alarm—A falling value triggers the falling threshold alarm. Rising and Falling—Both rising and falling values trigger the alarm. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 43 Interval—Enter the alarm interval time in seconds. • Owner—Enter the name of the user or network management system that receives the alarm. Click Apply. The RMON alarm is saved to the Running Configuration file. STEP 4 Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 44 Status and Statistics Managing RMON Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 45: Chapter 3: Administration: System Log

    (-) on each side (except for Emergency that is indicated by the letter F). For example, the log message "%INIT-I-InitCompleted: … " has a severity level of I, meaning Informational. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 46 Time and sent in a single message. The aggregated messages are sent in the order of their arrival. Each message states the number of times it was aggregated. • Max Aggregation Time—Enter the interval of time that SYSLOG messages are aggregated. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 47: Setting Remote Logging Settings

    Server Definition—Select whether to identify the remote log server by IP address or name. • IP Version—Select the supported IP format. • IPv6 Address Type—Select the IPv6 address type (if IPv6 is used). The options are: Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 48: Viewing Memory Logs

    You can configure the messages that are written to each log by severity, and a message can go to more than one log, including logs that reside on external SYSLOG servers. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 49: Ram Memory

    Log Index—Log entry number. • Log Time—Time when message was generated. • Severity—Event severity. • Description—Message text describing the event. To clear the messages, click Clear Logs. The messages are cleared. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 50 Administration: System Log Viewing Memory Logs Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 51: Chapter 4: Administration: File Management

    The possible methods of file transfer are: • Internal copy. • HTTP/HTTPS that uses the facilities that the browser provides. • TFTF/SCP client, requiring a TFTP/SCP server. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 52 The device has been operating continuously for 24 hours. No configuration changes have been made to the Running Configuration in the previous 24 hours. The Startup Configuration is identical to the Running Configuration. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 53 Copy one configuration file type to another configuration file type as described in the Copy/Save Configuration section. • Enable automatically uploading a configuration file from a DHCP server to the device, as described in the DHCP Auto Configuration section. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 54: Upgrade/Backup Firmware/Language

    (the old version) until you change the status of the new image to be the active image by using the procedure in the Active Image section. Then boot the device. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 55: Upgrade/Backing Firmware Or Language File

    If a link local address exists on the interface, this entry replaces the address in the configuration. Global—The IPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 56 Use SSH Client One-Time Credentials—Enter the following: Username—Enter a username for this copy action. Password—Enter a password for this copy. The username and password for one-time credential will not saved in NOTE configuration file. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 57 If SSH server authentication is enabled (in the SSH Server Authentication page), and the SCP server is trusted, the operation succeeds. If the SCP server is not trusted, the operation fails and an error is displayed. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 58: Active Image

    Click Apply. The active image selection is updated. STEP 3 Download/Backup Configuration/Log The Download/Backup Configuration/Log page enables: • Backing up configuration files or logs from the device to an external device. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 59: Configuration File Backwards Compatibility

    System mode. The device is configured with an empty configuration file. See DHCP Auto Configuration. • Configuration After Reboot for a description of what happens when the stacking modes are changed. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 60: Downloading Or Backing-Up A Configuration Or Log File

    160 characters. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”). g. Destination File Type—Enter the destination configuration file type. Only valid file types are displayed. (The file types are described in the Files and File Types section). Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 61 (\ or /), the leading letter of the file name must not be a period (.), and the file name must be between 1 and 160 characters. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”). Click Apply. The file is upgraded or backed up. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 62 SSH user authentication method (password or public/private key), set a username and password on the device, if the password method is selected, and generate an RSA or DSA key if required. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 63 Source File Name—Enter the name of the source file. • Destination File Type—Select the configuration file type. Only valid file types are displayed. (The file types are described in the Files and File Types section). Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 64: Configuration Files Properties

    When disabling this feature, the mirror configuration file, if it exists, is deleted. See System Files for a description of mirror files and why you might not want to automatically create mirror configuration files. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 65: Copy/Save Configuration

    Click Administration > File Management > Copy/Save Configuration. STEP 1 Select the Source File Name to be copied. Only valid file types are displayed STEP 2 (described in the Files and File Types section). Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 66: Dhcp Auto Configuration

    RADIUS server keys and SSH/SSL keys, by using the Secured Copy Protocol (SCP) and the Secure Sensitive Data (SSD) feature (See Security: Secure Sensitive Data Management). DHCPv4 Auto Configuration is triggered in the following cases: Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 67: Dhcp Server Options

    SCP (over SSH), while files with other extensions are downloaded using TFTP. For example, if the file extension specified is.xyz, files with the .xyz Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 68: Ssh Client Authentication Parameters

    If a server and configuration file options were not supplied by the DHCP server, then: For DHCPv4: The user-defined, backup configuration file name is used. For DHCPv6: The process is halted. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 69 The download process is done only if the new configuration filename is different from the current configuration filename (even if the current configuration file is empty). • A SYSLOG message is generated acknowledging that the Auto Configuration process is completed. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 70: Configuring Dhcp Auto Configuration

    Click Administration > File Management > DHCP Auto Configuration. STEP 1 Enter the values. STEP 2 • Auto Configuration Via DHCP—Select this field to enable DHCP Auto Configuration. This feature is enabled by default, but can be disabled here. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 71 Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 72 Backup Configuration File Name—Enter the path and file name of the file to be used if no configuration file name was specified in the DHCP message. Click Apply. The parameters are copied to the Running Configuration file. STEP 4 Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 73: Chapter 5: Administration: General Information

    When the device operates in Layer 3 system mode, the VLAN Rate Limit, and QoS policers are not operational. Other QoS Advanced mode features are operational. The following port conventions are used: NOTE • GE is used for Gigabit Ethernet (10/100/1000) ports. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 74 24 FE ports plus 4 GE special-purpose ports - 2 uplinks and 2 combo-ports. SF300- SRW224G4P 24 FE ports plus 4 GE special-purpose ports - 2 180W uplinks and 2 combo-ports. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 75: System Information

    PoE status, and other items. Displaying the System Summary To view system information, click Status and Statistics > System Summary. The System Summary page contains system and hardware information. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 76 Telnet Service—Displays whether Telnet is enabled/disabled. • SSH Service—Displays whether SSH is enabled/disabled. Other Summary Information: • Model Description—Device model description. • Serial Number—Serial number. • PID VID—Part number and version ID. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 77: Configuring The System Settings

    View or modify the system settings. STEP 2 • System Description—Displays a description of the device. • System Location—Enter the location where the device is physically located. • System Contact—Enter the name of a contact person. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 78: Console Settings (Autobaud Rate Support)

    (115,200 by default). When Auto Detection is enabled but the console baud-rate was not yet discovered, the system uses speed 115,200 for displaying text (for example, the boot-up information). Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 79: Rebooting The Device

    Reloading the device cause loss of connectivity in the network, thus by using delayed reboot, you can schedule the reboot to a time that is more convenient for the users (e.g. late night). Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 80 Clearing the Startup Configuration File and Rebooting is not the same NOTE as Rebooting to Factory Defaults. Rebooting to Factory Defaults is more intrusive. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 81: Routing Resources

    Maximum Entries—Select one of the following options: Use Default—The number of TCAM entries available for IP entries is 25% of the TCAM size (128). User Defined—Enter a value up to 512 entries. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 82: Monitoring Fan Status

    Event Action At least one temperature The following are generated: sensor exceeds the • SYSLOG message Warning threshold • SNMP trap Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 83 Fail—Fan is not operating correctly. N/A—Fan ID is not applicable for the specific model. • Fan Direction—(On relevant devices) The direction that the fans are working in (for example: Front to Back). Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 84: Defining Idle Session Timeout

    To ping a host: Click Administration > Ping. STEP 1 Configure ping by entering the fields: STEP 2 • Host Definition—Select whether to specify hosts by their IP address or name. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 85 View the results of ping in the Ping Counters and Status section of the page. STEP 4 Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 86: Traceroute

    Timeout—Enter the length of time that the system waits for a frame to return before declaring it lost, or select Use Default. Click Activate Traceroute. The operation is performed. STEP 3 Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 87 Host—Displays a stop along the route to the destination. • Round Trip Time (1-3)—Displays the round trip time in (ms) for the first through third frame and the status of the first through third operation. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 88 Administration: General Information Traceroute Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 89: Chapter 6: Administration: Time Settings

    This section describes the options for configuring the system time, time zone, and Daylight Savings Time (DST). It covers the following topics: • System Time Options • SNTP Modes • Configuring System Time Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 90: System Time Options

    After the time has been set by any of the above sources, it is not set again by the browser. SNTP is the recommended method for time setting. NOTE Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 91: Time Zone And Daylight Savings Time (Dst)

    The device supports having all of the above modes active at the same time and selects the best system time received from an SNTP server, according to an algorithm based on the closest stratum (distance from the reference clock). Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 92: Configuring System Time

    RIP MD5 authentication to work. This also helps features that associate with time, for example: Time Based ACL, Port, 802. 1 port authentication that are supported on some devices. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 93 —DST is set manually, typically for a country other than the USA or a European country. Enter the following parameters: Recurring —DST occurs on the same date every year. By Dates Selecting allows customization of the start and stop of DST: Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 94: Adding A Unicast Sntp Server

    STEP 1 This page contains the following information for each Unicast SNTP server: • SNTP Server—SNTP server IP address. The preferred server, or hostname, is chosen according to its stratum level. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 95 To specify a well-known SNTP server, the device must be connected NOTE to the Internet and configured with a DNS server or configured so that a DNS server is identified by using DHCP. (See Settings) Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 96 Authentication Key ID—If authentication is enabled, select the value of the key ID. (Create the authentication keys using the SNTP Authentication page.) Click Apply. The STNP server is added, and you are returned to the main page. STEP 5 Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 97: Configuring The Sntp Mode

    MD5 function; the result of the MD5 is also included in the response packet. The SNTP Authentication page enables configuration of the authentication keys that are used when communicating with an SNTP server that requires authentication. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 98: Time Range

    STEP 6 Configuration file. Time Range Time ranges can be defined and associated with the following types of commands, so that they are applied only during that time range: • ACLs Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 99: Absolute Time Range

    Click Administration > Time Settings > Time Range. STEP 1 The existing time ranges are displayed. To add a new time range, click Add. STEP 2 Enter the following fields: STEP 3 Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 100: Recurring Time Range

    Recurring Starting Time—Enter the date and time that the Time Range begins on a recurring basis. • Recurring Ending Time—Enter the date and time that the Time Range ends on a recurring basis. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 101: Chapter 7: Administration: Diagnostics

    Copper Test page. Preconditions to Running the Copper Port Test Before running the test, do the following: • (Mandatory) Disable Short Reach mode (see the Port Management > Green Ethernet > Properties page) Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 102 Unknown Test Result—Error has occurred. • Distance to Fault—Distance from the port to the location on the cable where the fault was discovered. • Operational Port Status—Displays whether port is up or down. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 103: Displaying Optical Module Status

    MFELX1: 100BASE-LX SFP transceiver, for single-mode fiber, 1310 nm wavelength, supports up to 10 km. The following GE SFP (1000Mbps) transceivers are supported: • MGBBX1: 1000BASE-BX-20U SFP transceiver, for single-mode fiber, 1310 nm wavelength, supports up to 40 km. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 104: Configuring Port And Vlan Mirroring

    A network analyzer connected to the monitoring port processes the data packets for diagnosing, debugging, and performance monitoring. Up to eight sources can be mirrored. This can be any combination of eight individual ports and/or VLANs. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 105 Not Ready—Either source or destination (or both) are down or not forwarding traffic for some reason. Click Add to add a port or VLAN to be mirrored. STEP 2 Enter the parameters: STEP 3 Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 106: Viewing Cpu Utilization And Secure Core Technology

    SCT is enabled by default on the device and cannot be disabled. There are no interactions with other features. To display CPU utilization: Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 107 X axis is the sample number. Select the Refresh Rate (time period in seconds) that passes before the statistics STEP 2 are refreshed. A new sample is created for each time period Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 108 Administration: Diagnostics Viewing CPU Utilization and Secure Core Technology Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 109: Chapter 8: Administration: Discovery

    Services page. When Bonjour Discovery and IGMP are both enabled, the IP Multicast address of Bonjour appears on the Adding IP Multicast Group Address page. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 110: Bonjour In Layer 3 System Mode

    Bonjour Discovery advertisements sent by other devices. To configure Bonjour when the device is in Layer 3 system mode: Click Administration > Discovery - Bonjour. STEP 1 Select Enable to enable Bonjour discovery globally. STEP 2 Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 111: Lldp And Cdp

    Apply). LLDP and CDP LLDP (Link Layer Discovery Protocol) and CDP (Cisco Discovery Protocol) are link layer protocols for directly-connected LLDP and CDP-capable neighbors to advertise themselves and their capabilities to each other. By default, the device sends an LLDP/CDP advertisement periodically to all its interfaces and terminates and processes incoming LLDP and CDP packets as required by the protocols.

  • Page 112: Configuring Lldp

    This section describes how to configure LLDP. It covers the following topics: • LLDP Overview • Setting LLDP Properties • Editing LLDP Port Settings • LLDP MED Network Policy • Configuring LLDP MED Port Settings • Displaying LLDP Port Status Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 113: Lldp Overview

    LLDP PDUs, send SNMP notifications, specify which TLVs to advertise, and advertise the device's management address. 3. Create LLDP MED network policies by using the LLDP MED Network Policy page. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 114: Setting Lldp Properties

    LLDP, following an LLDP enable/disable cycle. • Transmit Delay—Enter the amount of time in seconds that passes between successive LLDP frame transmissions due to changes in the LLDP local systems MIB. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 115: Editing Lldp Port Settings

    Disable—Indicates that LLDP is disabled on the port. • SNMP Notification—Select Enable to send notifications to SNMP notification recipients; for example, an SNMP managing system, when there is a topology change. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 116 Auto Advertise—Specifies that the software would automatically choose a management address to advertise from all the IP addresses of the product. In case of multiple IP addresses the software chooses the Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 117: Lldp Med Network Policy

    Voice over Internet Protocol (VoIP), Emergency Call Service (E-911) by using IP Phone location information. • Troubleshooting information. LLDP MED sends alerts to network managers upon: Port speed and duplex mode conflicts QoS policy misconfigurations Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 118 Network Policy Number—Select the number of the policy to be created. • Application—Select the type of application (type of traffic) for which the network policy is being defined. • VLAN ID—Enter the VLAN ID to which the traffic must be sent. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 119: Configuring Lldp Med Port Settings

    MED Network Policies to a port, select it, and click Edit. Enter the parameters: STEP 4 • Interface—Select the interface to configure. • LLDP MED Status—Enable/disable LLDP MED on this port. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 120: Displaying Lldp Port Status

    TLVs sent to the neighbor. Click LLDP Neighbor Information Detail to see the details of the LLDP and LLDP- STEP 3 MED TLVs received from the neighbor. LLDP Port Status Global Information Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 121: Displaying Lldp Local Information

    TLVs sent to the neighbor. Click LLDP Neighbor Information Details to see the details of the LLDP and LLDP- MED TLVs received from the neighbor. Select the desired port from the Port list. STEP 3 Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 122 Interface Subtype—Numbering method used for defining the interface number. • Interface Number—Specific interface associated with this management address. MAC/PHY Details • Auto-Negotiation Supported—Port speed auto-negotiation support status. • Auto-Negotiation Enabled—Port speed auto-negotiation active status. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 123 Rx value. MED Details • Capabilities Supported—MED capabilities supported on the port. • Current Capabilities—MED capabilities enabled on the port. • Device Class—LLDP-MED endpoint device class. The possible device classes are: Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 124 VLAN ID—VLAN ID for which the network policy is defined. • VLAN Type—VLAN type for which the network policy is defined. The possible field values are: Tagged —Indicates the network policy is defined for tagged VLANs. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 125: Displaying Lldp Neighbors Information

    Select a local port, and click Details. STEP 2 This page contains the following fields: Port Details • Local Port—Port number. • MSAP Entry—Device Media Service Access Point (MSAP) entry number. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 126 • Auto-Negotiation Enabled—Port speed auto-negotiation active status. The possible values are True and False. • Auto-Negotiation Advertised Capabilities—Port speed auto-negotiation capabilities, for example, 1000BASE-T half duplex mode, 100BASE-TX full duplex mode. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 127 Local Tx Echo—Indicates the local link partner’s reflection of the remote link partner’s Tx value. • Local Rx Echo—Indicates the local link partner’s reflection of the remote link partner’s Rx value. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 128 Model Name—Device model name. • Asset ID—Asset ID. 802. 1 VLAN and Protocol • PVID—Advertised port VLAN ID. PPVID Table • VID—Protocol VLAN ID. • Supported—Supported Port and Protocol VLAN IDs. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 129: Accessing Lldp Statistics

    VLAN Type—VLAN type, Tagged or Untagged, for which the network policy is defined. • User Priority—Network policy user priority. • DSCP—Network policy DSCP. Accessing LLDP Statistics The LLDP Statistics page displays LLDP statistical information per port. To view the LLDP statistics: Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 130: Lldp Overloading

    Click Administration > Discovery - LLDP > LLDP Overloading. STEP 1 This page contains the following fields for each port: • Interface—Port identifier. • Total (Bytes)—Total number of bytes of LLDP information in each packet Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 131 • 802.3 TLVs Size (Bytes) —Total LLDP MED 802.3 TLVs packets byte size. Status —If the LLDP MED 802.3 TLVs packets were sent, or if they were overloaded. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 132: Configuring Cdp

    • Viewing CDP Statistics Setting CDP Properties Similar to LLDP, CDP (Cisco Discovery Protocol) is a link layer protocol for directly connected neighbors to advertise themselves and their capabilities to each other. Unlike LLDP, CDP is a Cisco proprietary protocol.
  • Page 133 CDP Mandatory TLVs Validation—If selected, incoming CDP packets not containing the mandatory TLVs are discarded and the invalid error counter is incremented. • CDP Version—Select the version of CDP to use. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 134 This means that the duplex information in the incoming frame does not match what the local device is advertising. Click Apply. The LLDP properties are defined. STEP 3 Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 135: Editing Cdp Interface Settings

    CDP Status—Select to enable/disable the CDP publishing option for the port. The next three fields are operational when the device has been set up NOTE to send traps to the management station. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 136: Displaying Cdp Local Information

    Device ID—Device ID advertised in the device ID TLV. • System Name TLV System Name—System name of the device. • Address TLV Address1-3—IP addresses (advertised in the device address TLV). • Port TLV Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 137 Layer 2 CoS value, meaning, an 802. 1 D/802. 1 p priority value. This is the COS value with which all packets received on an untrusted port are remarked by the device. • Power TLV Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 138: Displaying Cdp Neighbors Information

    Local Interface—Number of the local port to which the neighbor is connected. • Advertisement Version—CDP protocol version. • Time to Live (sec)—Time interval (in seconds) after which the information for this neighbor is deleted. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 139 Power Drawn—Amount of power consumed by neighbor on the interface. • Version—Neighbors software version. Clicking on the Clear Table button disconnect all connected devices if from CDP, NOTE and if Auto Smartport is enabled change all port types to default. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 140: Viewing Cdp Statistics

    Configuring CDP Viewing CDP Statistics The CDP Statistics page displays information regarding Cisco Discovery Protocol (CDP) frames that were sent or received from a port. CDP packets are received from devices attached to the switches interfaces, and are used for the Smartport feature.

  • Page 141: Chapter 9: Port Management

    6. Configure Green Ethernet energy mode and 802.3 Energy Efficient Ethernet per port by using the Port Settings page. 7. If PoE is supported and enabled for the device, configure the device as described in Port Management: PoE. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 142: Setting Port Configuration

    SFP Fiber takes precedence in Combo ports when both ports are NOTE being used. • Port Description—Enter the port user-defined name or comment. • Administrative Status—Select whether the port must be Up or Down when the device is rebooted. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 143 Half—The interface supports transmission between the device and the client in only one direction at a time. • Operational Duplex Mode—Displays the ports current duplex mode. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 144 Operational MDI/MDIX—Displays the current MDI/MDIX setting. • Protected Port—Select to make this a protected port. (A protected port is also referred as a Private VLAN Edge (PVE).) The features of a protected port are as follows: Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 145: Configuring Link Aggregation

    This section describes how to configure LAGs. It covers the following topics: • Link Aggregation Overview • Static and Dynamic LAG Workflow • Defining LAG Management • Configuring LAG Settings • Configuring LACP Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 146: Link Aggregation Overview

    In general, a LAG is treated by the system as a single logical port. In particular, the LAG has port attributes similar to a regular port, such as state and speed. The device supports 32 LAGs with up to 8 ports in a LAG group. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 147: Default Settings And Configuration

    Members list. Select the load balancing algorithm for the LAG. Perform these actions in the LAG Management page. 2. Configure various aspects of the LAG, such as speed and flow control by using the LAG Settings page. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 148: Defining Lag Management

    LACP—Select to enable LACP on the selected LAG. This makes it a dynamic LAG. This field can only be enabled after moving a port to the LAG in the next field. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 149: Configuring Lag Settings

    Operational Time-Range State—Displays whether the time range is currently active or inactive. • Reactivate Suspended LAG—Select to reactivate a port if the LAG has been disabled through the locked port security option or through ACL configurations. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 150 Protected LAG—Select to make the LAG a protected port for Layer 2 isolation. See the Port Configuration description in Setting Basic Port Configuration for details regarding protected ports and LAGs. Click Apply. The Running Configuration file is updated. STEP 4 Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 151: Configuring Lacp

    LACP With No Link Partner In order for LACP to create a LAG, the ports on both link ends should be configured for LACP, meaning that the ports send LACP PDUs and handle received PDUs. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 152: Setting Lacp Parameter Settings

    LACP Timeout—Time interval between the sending and receiving of consecutive LACP PDUs. Select the periodic transmissions of LACP PDUs, which occur at either a Long or Short transmission speed, depending upon the expressed LACP timeout preference. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 153: Configuring Green Ethernet

    RJ45 GE ports; it does not apply to Combo ports. This mode is globally disabled by default. It cannot be enabled if EEE mode is enabled (see below). Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 154: Power Saving By Disabling Port Leds

    On the System Summary page, the LEDs that are displayed on the device board pictures are not affected by disabling the LEDs. On the Green Ethernet -> Properties page, the device enables the user to disable the ports LEDs in order to save power. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 155: 802.3Az Energy Efficient Ethernet Feature

    Keep Alive signal indicates that the ports are in LPI status (and not in Down status), and power is reduced. For ports to stay in LPI mode, the Keep Alive signal must be received continuously from both sides. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 156 Mode option on the port is checked. • If the port speed on the GE port is changed to 10Mbit, 802.3az EEE is disabled. This is supported in GE models only. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 157: Setting Global Green Ethernet Properties

    It also displays the current power savings. To enable Green Ethernet and EEE and view power savings: Click Port Management > Green Ethernet > Properties. STEP 1 Enter the values for the following fields: STEP 2 Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 158: Setting Green Ethernet Properties For Ports

    Auto negotiation. The exception is that EEE is still functional even when Auto Negotiation is disabled, but the port is at 1GB or higher. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 159 Status), whether it has been enabled on the local port and whether it is operational on the local port. LLDP Administrative—Displays whether advertising EEE counters through LLDP was enabled. LLDP Operational—Displays whether advertising EEE counters through LLDP is currently operating. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 160 (advertisement of EEE capabilities through LLDP) if there are GE ports on the device. Click Apply. The Green Ethernet port settings are written to the Running STEP 7 Configuration file. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 161: Chapter 10: Smartport

    Auto Smartport • Error Handling • Default Configuration • Relationships with Other Features and Backwards Compatibility • Common Smartport Tasks • Configuring Smartport Using The Web-based Interface • Built-in Smartport Macros Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 162: Overview

    Voice VLAN and Smartport, described in the Voice VLAN section. • LLDP/CDP for Smartport, described in the Configuring LLDP Configuring CDP sections, respectively. Additionally, typical work flows are described in the Common Smartport Tasks section. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 163: What Is A Smartport

    "the anti-macro," serves to undo all configuration performed by "the macro" when that interface happens to become a different Smartport type. You can apply a Smartport macro by the following methods: • The associated Smartport type. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 164 Smartport Type Supported by Auto Supported by Auto Smartport Smartport by default Unknown Default Printer Desktop Guest Server Host IP camera IP phone IP phone desktop Switch Router Wireless Access Point Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 165: Special Smartport Types

    CDP or LLDP messages are received on the interface before both TTLs of the most recent CDP and LLDP packets decrease to 0, then the anti- macro is run, and the Smartport type returns to default. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 166: Smartport Macros

    (for example: no_my_printer) Smartport macros are bound to Smartport types in the Edit Smartport Type Setting page. Built-in Smartport Macros for a listing of the built-in Smartport macros for each device type. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 167: Applying A Smartport Type To An Interface

    When a Smartport macro fails on an interface, the status of the interface is set to Unknown. The reason for the failure can be displayed in the Interface Settings page, Show Diagnostics popup. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 168: How The Smartport Feature Works

    In both cases, the associated anti-macro is run when the Smartport type is removed from the interface, and the anti-macro runs in exactly the same manner, removing all of the interface configuration. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 169: Auto Smartport

    (in the Interface Settings page), the device applies a Smartport macro to the interface based on the Smartport type of the attaching device. Auto Smartport derives the Smartport types of attaching devices based on the CDP and/or LLDP the devices advertise. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 170: Using Cdp/Lldp Information To Identify Smartport Types

    0x08 Switch Host 0x10 Host IGMP conditional filtering 0x20 Ignore Repeater 0x40 Ignore VoIP Phone 0x80 ip_phone Remotely-Managed Device 0x100 Ignore CAST Phone Port 0x200 Ignore Two-Port MAC Relay 0x400 Ignore Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 171: Multiple Devices Attached To The Port

    If multiple devices are connected to the device through one interface, Auto Smartport considers each capability advertisement it receives through that interface in order to assign the correct Smartport type. The assignment is based on the following algorithm: Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 172: Persistent Auto Smartport Interface

    When a smart port macro fails to apply to an interface, you can examine the point of the failure in the Interface Settings page and reset the port and reapply the macro after the error is corrected from the Interface Settings and Interface Settings Edit pages. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 173: Default Configuration

    Select whether the device is to process CDP and/or LLDP advertisements from STEP 2 connected devices. Select which type of devices are to be detected in the Auto Smartport Device STEP 3 Detection field. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 174 Restore the parameter defaults to the factory settings. • Bind a user-defined macro pair (a macro and its corresponding anti-macro) to a Smartport type. 1. Open the Smartport > Smartport Type Settings page. 2. Select the Smartport Type. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 175 Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 176: Configuring Smartport Using The Web-Based Interface

    Auto Smartport Device Detection—Select each type of device for which Auto Smartport can assign Smartport types to interfaces. If unchecked, Auto Smartport does not assign that Smartport type to any interface. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 177: Smartport Type Settings

    Macro Name—Displays the name of the Smartport macro currently associated with the Smartport type. • Macro Type—Select whether the pair of macro and anti-macro associated with this Smartport type is built-in or user-defined. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 178: Smartport Interface Settings

    Smartport type to become Unknown. • Reapply a Smartport macro after it fails for one of the following types of interfaces: switch, router and AP. It is expected that the necessary Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 179 This performs a reset on all interfaces with type Unknown, meaning that all interfaces are returned to the Default type. After correcting the error in the macro or on the current interface configuration or both, a new macro may be applied. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 180 Click Reset to set an interface to Default if it is in Unknown status (as a result of an STEP 3 unsuccessful macro application). The macro can be reapplied on the main page. Click Apply to update the changes and assign the Smartport type to the interface. STEP 4 Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 181: Built-In Smartport Macros

    #Default Values are #$native_vlan = Default VLAN #$max_hosts = 10 #the port type cannot be detected automatically #the default mode is trunk smartport switchport trunk native vlan $native_vlan port security max $max_hosts Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 182 #$native_vlan = Default VLAN #the port type cannot be detected automatically switchport mode access switchport access vlan $native_vlan #single host port security max 1 port security mode max-addresses port security discard trap 60 Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 183 #the port type cannot be detected automatically switchport mode access switchport access vlan $native_vlan #single host port security max 1 port security mode max-addresses port security discard trap 60 smartport storm-control broadcast level 10 smartport storm-control include-multicast Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 184 #the default mode is trunk smartport switchport trunk native vlan $native_vlan port security max $max_hosts port security mode max-addresses port security discard trap 60 smartport storm-control broadcast level 10 smartport storm-control broadcast enable Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 185 $native_vlan port security max $max_hosts port security mode max-addresses port security discard trap 60 smartport storm-control broadcast level 10 smartport storm-control include-multicast smartport storm-control broadcast enable spanning-tree portfast Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 186 $native_vlan #single host port security max 1 port security mode max-addresses port security discard trap 60 smartport storm-control broadcast level 10 smartport storm-control include-multicast smartport storm-control broadcast enable spanning-tree portfast Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 187 $native_vlan port security max $max_hosts port security mode max-addresses port security discard trap 60 smartport storm-control broadcast level 10 smartport storm-control include-multicast smartport storm-control broadcast enable spanning-tree portfast Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 188 $voice_vlan smartport switchport trunk native vlan $native_vlan port security max $max_hosts port security mode max-addresses port security discard trap 60 smartport storm-control broadcast level 10 smartport storm-control include-multicast Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 189 #Default Values are #$native_vlan = Default VLAN #$voice_vlan = 1 #the default mode is trunk smartport switchport trunk allowed vlan add all smartport switchport trunk native vlan $native_vlan spanning-tree link-type point-to-point Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 190 $native_vlan smartport storm-control broadcast level 10 smartport storm-control broadcast enable spanning-tree link-type point-to-point no_router [no_router] #macro description No router Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 191 [ap] #macro description ap #macro keywords $native_vlan $voice_vlan #macro key description: $native_vlan: The untag VLAN which will be configured on the port Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 192 Smartport Built-in Smartport Macros Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 193: Chapter 11: Port Management: Poe

    Eliminates the need to run 110/220 V AC power to all devices on a wired LAN. • Removes the necessity for placing all network devices next to power sources. • Eliminates the need to deploy double cabling systems in an enterprise significantly decreasing installation costs. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 194: Poe Operation

    There are two factors to consider in the PoE feature: • The amount of power that the PSE can supply • The amount of power that the PD is actually attempting to consume Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 195 Even though Sx200/300/500 PoE switches are PSE, and as such should be powered by AC, they could be powered up as a legacy PD by another PSE due to false detection. When this happens, the PoE device may not operate properly and Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 196: Configuring Poe Properties

    SNMP and configure at least one SNMP Notification Recipient. • Power Trap Threshold—Enter the usage threshold that is a percentage of the power limit. An alarm is initiated if the power exceeds this value. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 197: Configuring Poe Settings

    When the power consumed on the port exceeds the class limit, the port power is turned off. PoE priority example: Given: A 48 port device is supplying a total of 375 watts. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 198 PoE Properties page is Port Limit. If the Power mode is Power Limit, enter the power in milliwatts allocated to the port. • Max Power Allocation—Displays the maximum amount of power permitted on this port. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 199 PSE. Signatures are generated during powered device detection, classification, or maintenance. Click Apply. The PoE settings for the port are written to the Running Configuration STEP 4 file. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 200 Port Management: PoE Configuring PoE Settings Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 201: Chapter 12: Vlan Management

    A VLAN is a logical group of ports that enables devices associated with it to communicate with each other over the Ethernet MAC layer, regardless of the physical LAN segment of the bridged network to which they are connected. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 202 VLAN, and the original frame does not have a VLAN tag. • Removes the VLAN tag from the frame if the egress port is an untagged member of the target VLAN, and the original frame has a VLAN tag. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 203 With QinQ, the device adds an ID tag known as Service Tag (S-tag) to forward traffic over the network. The S-tag is used to segregate traffic between various customers, while preserving the customer VLAN tags. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 204: Configuring Default Vlan Settings

    The default VLAN has the following characteristics: • It is distinct, non-static/non-dynamic, and all ports are untagged members by default. • It cannot be deleted. • It cannot be given a label. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 205 Click Save (in the upper-right corner of the window) and save the Running STEP 4 Configuration to the Startup Configuration. The Default VLAN ID After Reset becomes the Current Default VLAN ID after you reboot the device. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 206: Creating Vlans

    VLANs to be created by entering the Starting VID and Ending VID, inclusive. When using the Range function, the maximum number of VLANs you can create at one time is 100. Click Apply to create the VLAN(s). STEP 4 Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 207: Configuring Vlan Interface Settings

    Frames that are not of the configured frame type are discarded at ingress. These frame types are only available in General mode. Possible values are: Admit All—The interface accepts all types of frames: untagged frames, tagged frames, and priority tagged frames. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 208: Defining Vlan Membership

    VLAN-aware or VLAN-unaware. If a destination end node is VLAN-unaware, but is to receive traffic from a VLAN, then the last VLAN-aware device (if there is one), must send frames of the destination VLAN to the end node untagged. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 209: Configuring Port To Vlan

    Click Apply. The interfaces are assigned to the VLAN written to the Running STEP 4 , and Configuration file. You can continue to display and/or configure port membership of another VLAN by selecting another VLAN ID. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 210: Configuring Vlan Membership

    The default VLAN might appear in the right list if it is tagged, but it cannot be selected. • Tagging—Select one of the following tagging/PVID options: Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 211: Gvrp Settings

    Port VLAN Membership page. If the VLAN does not exist, it is dynamically created when Dynamic VLAN creation is enabled for this port (in the GVRP Settings page). Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 212: Defining Gvrp Settings

    VLAN groups are used for load balancing of traffic on a Layer 2 network. Packets are assigned a VLAN according to various classifications that have been configured (such as VLAN groups). Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 213: Mac-Based Groups

    Click VLAN Management > VLAN Groups > MAC-Based Groups. STEP 1 Click Add. STEP 2 Enter the values for the following fields: STEP 3 • MAC Address—Enter a MAC address to be assigned to a VLAN group. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 214: Mapping Vlan Group To Vlan Per Interface

    Click Apply to set the mapping of the VLAN group to the VLAN. This mapping STEP 4 does not bind the interface dynamically to the VLAN; the interface must be manually added to the VLAN.) Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 215: Voice Vlan

    The following are typical voice deployment scenarios with appropriate configurations: • UC3xx/UC5xx hosted: All Cisco phones and VoIP endpoints support this deployment model. For this model, the UC3xx/UC5xx, Cisco phones and VoIP endpoints reside in the same voice VLAN. The voice VLAN of UC3xx/ UC5xx defaults to VLAN 100.

  • Page 216: Dynamic Voice Vlan Modes

    VLAN, manually configured, or learned from external devices such as UC3xx/5xx and from switches that advertise voice VLAN in CDP or VSDP. VSDP is a Cisco defined protocol for voice service discovery. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 217: Voice End-Points

    CDP and/or LLDP-MED. Voice End-Points To have a voice VLAN work properly, the voice devices, such as Cisco phones and VoIP endpoints, must be assigned to the voice VLAN where it sends and receives its voice traffic.
  • Page 218 Communication (UC) devices, are advertising their voice VLAN, the voice VLAN from the device with the lowest MAC address is used. If connecting the device to a Cisco UC device, you may need to NOTE configure the port on the UC device using the switchport voice vlan command to ensure the UC device advertises its voice VLAN in CDP at the port.

  • Page 219: Voice Vlan Qos

    Telephony OUI voice streams, you can override the quality of service and optionally remark the 802. 1 p of the voice streams by specifying the desired CoS/ 802. 1 p values and using the remarking option under Telephony OUI. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 220: Voice Vlan Constraints

    Select the Voice VLAN ID. It cannot be set to VLAN ID 1 (this step is not required for STEP 2 dynamic Voice VLAN). Set Dynamic Voice VLAN to Enable Auto Voice VLAN. STEP 3 Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 221: Configuring Voice Vlan

    Configuring Voice VLAN This section describes how to configure voice VLAN. It covers the following topics: • Configuring Voice VLAN Properties • Displaying Auto Voice VLAN Settings • Configuring Telephony OUI Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 222: Configuring Voice Vlan Properties

    Dynamic Voice VLAN—Select this field to disable or enable voice VLAN feature in one of the following ways: Enable Auto Voice VLAN —Enable Dynamic Voice VLAN in Auto Voice VLAN mode. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 223: Displaying Auto Voice Vlan Settings

    The Operation Status block on this page shows the information about the current voice VLAN and its source: • Auto Voice VLAN Status—Displays whether Auto Voice VLAN is enabled. • Voice VLAN ID—The identifier of the current voice VLAN Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 224 Static—User-defined voice VLAN configuration defined on the device. CDP—UC that advertised voice VLAN configuration is running CDP. LLDP—UC that advertised voice VLAN configuration is running LLDP. Voice VLAN ID—The identifier of the advertised or configured voice VLAN Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 225: Configuring Telephony Oui

    Auto Membership Aging time can be configured. If the specified time period passes with no telephony activity, the port is removed from the Voice VLAN. Use the Telephony OUI page to view existing OUIs, and add new OUIs. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 226 Enter the values for the following fields: STEP 5 • Telephony OUI—Enter a new OUI. • Description—Enter an OUI name. Click Apply. The OUI is added to the Telephony OUI Table. STEP 6 Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 227: Adding Interfaces To Voice Vlan On Basis Of Ouis

    All—QoS attributes are applied on all packets that are classified to the Voice VLAN. Telephony Source MAC Address—QoS attributes are applied only on packets from IP phones. Click Apply. The OUI is added. STEP 4 Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 228: Access Port Multicast Tv Vlan

    (see Configuring VLAN Interface Settings). The Multicast TV VLAN configuration is defined per port. Customer ports are configured to be member of Multicast TV VLANs using the Multicast TV VLAN Page. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 229: Igmp Snooping

    VLAN. data VLAN. Group registration All Multicast group Groups must be associated registration is dynamic. to Multicast VLAN statically, but actual registration of station is dynamic. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 230: Configuration

    Click Add to associate a Multicast group to a VLAN. Any VLAN can be selected. STEP 2 When a VLAN is selected, it becomes a Multicast TV VLAN. Click Apply. Multicast TV VLAN settings are modified, and written to the Running STEP 3 Configuration file. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 231: Port Multicast Vlan Membership

    Packets from subscribers to the service provider network are forwarded as VLAN tagged frames, in order to distinguish between the service types, which mean that for each service type there is a unique VLAN ID in the CPE box. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 232: Mapping Cpe Vlans To Multicast Tv Vlans

    VLAN. CPE (internal) Multicast VLANs must be mapped to the Multicast provider (external) VLANs. After a CPE VLAN is mapped to a Multicast VLAN, it can participate in IGMP snooping. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 233: Cpe Port Multicast Vlan Membership

    The ports associated with the Multicast VLANs must be configured as customer ports (see Configuring VLAN Interface Settings). Use the Port Multicast VLAN Membership page to map these ports to Multicast TV VLANs as described in Port Multicast VLAN Membership Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 234 VLAN Management Customer Port Multicast TV VLAN Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 235: Chapter 13: Spanning Tree

    STP provides a tree topology for any arrangement of switches and interconnecting links, by creating a unique path between end stations on a network, and thereby eliminating loops. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 236: Configuring Stp Status And Global Settings

    Click Spanning Tree > STP Status & Global Settings. STEP 1 Enter the parameters. STEP 2 Global Settings: • Spanning Tree State—Enable or disable STP on the device. • STP Operation Mode—Select an STP mode. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 237 Root Port—The port that offers the lowest cost path from this bridge to the Root Bridge. (This is significant when the bridge is not the root.) • Root Path Cost—The cost of the path from this bridge to the root. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 238: Defining Spanning Tree Interface Settings

    NOTE the port to fast link mode if a host is connected to it, or sets it as a regular STP port if connected to another device. This helps avoid loops. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 239 0 to 240, set in increments of 16. • Port State—Displays the current STP state of a port. Disabled—STP is currently disabled on the port. The port forwards traffic while learning MAC addresses. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 240: Configuring Rapid Spanning Tree Settings

    The RSTP Interface Settings page enables you to configure RSTP per port. Any configuration that is done on this page is active when the global STP mode is set to RSTP or MSTP. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 241 • Role—Displays the role of the port that was assigned by STP to provide STP paths. The possible roles are: Root —Lowest cost path to forward packets to the Root Bridge. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 242 MAC addresses. Forwarding —The port is in Forwarding mode. The port can forward traffic and learn new MAC addresses. Click Apply. The Running Configuration file is updated. STEP 7 Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 243: Multiple Spanning Tree

    For two or more switches to be in the same MST region, they must have the same VLANs to MST instance mapping, the same configuration revision number, and the same region name. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 244: Mapping Vlans To A Mstp Instance

    Configuration on this page (and all of the MSTP pages) applies if the system STP mode is MSTP. Up to seven MST instances (predefined from 1-7) can be defined on 300 Series switches, in addition to instance zero. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 245: Defining Mstp Instance Settings

    Status and Global Settings. To enter MSTP instance settings: Click Spanning Tree > MSTP Instance Settings. STEP 1 Enter the parameters. STEP 2 • Instance ID—Select an MST instance to be displayed and defined. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 246: Defining Mstp Interface Settings

    Interface Type equals to—Select whether to display the list of ports or LAGs. Click Go. The MSTP parameters for the interfaces on the instance are displayed. STEP 3 Select an interface, and click Edit. STEP 4 Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 247 LAN, which provides the lowest root path cost from the LAN to the Root Bridge for the MST instance. Alternate—The interface provides an alternate path to the root device from the root interface. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 248 Remaining Hops—Displays the hops remaining to the next destination. • Forward Transitions—Displays the number of times the port has changed from the Forwarding state to the Blocking state. Click Apply. The Running Configuration file is updated. STEP 6 Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 249: Chapter 14: Managing Mac Address Tables

    MAC address that is not found in the tables, they are transmitted/broadcasted to all the ports on the relevant VLAN. Such frames are referred to as unknown Unicast frames. The device supports a maximum of 8K static and dynamic MAC addresses. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 250: Configuring Static Mac Addresses

    Delete on timeout—The MAC address is deleted when aging occurs. Secure—The MAC address is secure when the interface is in classic locked mode (see Configuring Port Security). Click Apply. A new entry appears in the table. STEP 4 Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 251: Managing Dynamic Mac Addresses

    VLAN ID, MAC address, or interface. Click Go. The Dynamic MAC Address Table is queried and the results are STEP 4 displayed. To delete all of the dynamic MAC addresses. click Clear Table. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 252: Defining Reserved Mac Addresses

    Action—Select one of the following actions to be taken upon receiving a packet that matches the selected criteria: Discard —Delete the packet. Bridge —Forward the packet to all VLAN members. Click Apply. A new MAC address is reserved. STEP 4 Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 253: Chapter 15: Multicast

    The data is sent only to relevant ports. Forwarding the data only to the relevant ports conserves bandwidth and host resources on links. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 254: Typical Multicast Setup

    When the device is IGMP/MLD-snooping-enabled and receives a frame for a Multicast stream, it forwards the Multicast frame to all the ports that have registered to receive the Multicast stream using IGMP Join messages. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 255 The device can be configured to be an IGMP Querier as a backup querier, or in situation where a regular IGMP Querier does not exist. The device is not a full capability IGMP Querier. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 256: Multicast Address Properties

    VLAN as defined in the Multicast Forwarding Data Base. Multicast filtering is enforced on all traffic. By default, such traffic is flooded to all relevant ports, but you can limit forwarding to a smaller subset. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 257 Source Specific IP Group Address. • Forwarding Method for IPv4—Set one of the following forwarding methods for IPv4 addresses: MAC Group Address, IP Group Address, or Source Specific IP Group Address. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 258: Adding Mac Group Address

    If no MAC Group Address is specified, the page contains all the MAC Group Addresses from the selected VLAN. Click Go, and the MAC Multicast group addresses are displayed in the lower STEP 3 block. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 259 Click Apply, and the Running Configuration file is updated. STEP 10 Entries that were created in the IP Multicast Group Address page NOTE cannot be deleted in this page (even if they are selected). Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 260: Adding Ip Multicast Group Addresses

    Source Specific—Indicates that the entry contains a specific source, and adds the address in the IP Source Address field. If not, the entry is added as a (*,G) entry, an IP group address from any IP source. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 261: Configuring Igmp Snooping

    Multicast frames to ports that have registered Multicast clients. The device supports IGMP Snooping only on static VLANs. It does not support NOTE IGMP Snooping on dynamic VLANs. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 262 Multicast traffic. The device only performs IGMP Snooping if both IGMP snooping and Bridge Multicast filtering are enabled. Select a VLAN, and click Edit. STEP 3 Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 263 Last Member Query Counter. • Last Member Query Interval—Enter the Maximum Response Delay to be used if the device cannot read Max Response Time value from group- specific queries sent by the elected querier. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 264: Mld Snooping

    MLDv2 snooping uses MLDv2 control packets to forward traffic based on the source IPv6 address, and the destination IPv6 Multicast address. The actual MLD version is selected by the Multicast router in the network. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 265 MRouter Ports Auto-Learn—Enable or disable Auto Learn for the Multicast router. • Query Robustness—Enter the Robustness Variable value to be used if the device cannot read this value from messages sent by the elected querier. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 266: Querying Igmp/Mld Ip Multicast Group

    Click Apply. The Running Configuration file is updated. STEP 5 Querying IGMP/MLD IP Multicast Group The IGMP/MLD IP Multicast Group page displays the IPv4 and IPv6 group address learned from IGMP/MLD messages. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 267: Defining Multicast Router Ports

    Multicast router port(s) numbers when it forwards the Multicast streams and IGMP/MLD registration messages. This is required so that the Multicast routers can, in turn, forward the Multicast streams and propagate the registration messages to other subnets. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 268: Defining Forward All Multicast

    Multicast traffic is flooded to ports in the device. You can statically (manually) configure a port to Forward All, if the devices connecting to the port do not support IGMP and/or MLD. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 269: Defining Unregistered Multicast Settings

    The Unregistered Multicast page enables handling Multicast frames that belong to groups that are not known to the device (unregistered Multicast groups). Unregistered Multicast frames are usually forwarded to all ports on the VLAN. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 270 Forwarding—Enables forwarding of unregistered Multicast frames to the selected interface. Filtering—Enables filtering (rejecting) of unregistered Multicast frames to the selected interface. Click Apply. The settings are saved, and the Running Configuration file is updated. STEP 3 Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 271: Chapter 16: Ip Configuration

    Configuring the device to work in either mode is performed in the Administration > System Settings page. Switching from one system mode (layer) to another (on Sx500 devices) requires a NOTE mandatory reboot, and the startup configuration of the device is then deleted. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 272: Layer 2 Ip Addressing

    If the IP address on the device is changed, the device issues gratuitous ARP packets to the corresponding VLAN to check IP address collisions. This rule also applies when the device reverts to the default IP address. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 273: Layer 3 Ip Addressing

    If the pages for Layer 2 and Layer 3 are different, both versions are displayed. IPv4 Management and Interfaces IPv4 Interface IPv4 interfaces can be defined on the device when it is in Layer 2 or Layer 3 system mode. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 274: Defining An Ipv4 Interface In Layer 2 System Mode

    Operational Default Gateway—Displays the current default gateway status. If the device is not configured with a default gateway, it cannot NOTE communicate with other devices that are not in the same IP subnet. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 275: Defining Ipv4 Interface In Layer 3 System Mode

    This page displays the following fields in the IPv4 Interface Table: • Interface—Interface for which the IP address is defined. • IP Address Type—IP address defined as static or DHCP. Static—Entered manually. DHCP—Received from DHCP server. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 276 STEP 5 • Network Mask—IP mask for this address. • Prefix Length—Length of the IPv4 prefix. Click Apply. The IPv4 address settings are written to the Running Configuration STEP 6 file. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 277: Ipv4 Routes

    IP address from a DHCP server. • Metric—Enter the administrative distance to the next hop. The range is 1– 255. Click Apply. The IP Static route is saved to the Running Configuration file. STEP 4 Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 278: Arp

    Interface—The IPv4 Interface of the directly-connected IP subnet where the IP device resides. • IP Address—The IP address of the IP device. • MAC Address—The MAC address of the IP device. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 279: Arp Proxy

    Click IP Configuration > IPv4 Management and Interfaces > ARP Proxy. STEP 1 Select ARP Proxy to enable the device to respond to ARP requests for remotely- STEP 2 located nodes with the device MAC address. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 280: Udp Relay/Ip Helper

    DHCP snooping provides a security mechanism to prevent receiving false DHCP response packets and to log DHCP addresses. It does this by treating ports on the device as either trusted or untrusted. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 281: Dhcpv4 Relay

    The main goal of option 82 is to help to the DHCP server select the best IP subnet (network pool) from which to obtain an IP address. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 282: Interactions Between Dhcpv4 Snooping, Dhcpv4 Relay And Option 82

    Snooping is not enabled and DHCP Relay is enabled. DHCP Relay DHCP Relay VLAN with IP Address VLAN without IP Address Packet arrives Packet arrives Packet arrives Packet arrives without Option with Option without with Option Option 82 Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 283 Option sent with the Option 82 discards the Disabled original packet Bridge – no Option 82 Option 82 is Bridge – inserted Packet is sent with the original Option 82 Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 284 Snooping is disabled: DHCP Relay DHCP Relay VLAN with IP Address VLAN without IP Address Packet arrives Packet arrives Packet arrives Packet arrives without with Option without with Option Option 82 Option 82 Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 285 Option 82 Option 82 Bridge – Bridge – Packet is sent Bridge – Packet is sent without Packet is sent with the Option 82 with the Option 82 Option 82 Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 286: Dhcp Snooping Binding Database

    DHCP packets entering the device through trusted ports. The DHCP Snooping Binding database contains the following data: input port, input VLAN, MAC address of the client and IP address of the client if it exists. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 287: Dhcp Trusted Ports

    DHCPNAK to deny the address request. Device snoops packet. If an entry exists in the DHCP Snooping Binding table that STEP 5 matches the packet, the device replaces it with IP-MAC binding on receipt of DHCPACK. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 288 Otherwise the packet is forwarded to trusted interfaces only, and the entry is removed from database. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 289: Dhcp Snooping Along With Dhcp Relay

    Not enabled Option 82 Passthrough Not enabled Verify MAC Address Enabled Backup DHCP Snooping Binding Not enabled Database DHCP Relay Disabled Configuring DHCP Work Flow To configure DHCP Relay and DHCP Snooping: Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 290: Dhcp Snooping/Relay

    —Select to back up the DHCP Snooping Binding database on the device’s flash memory. Backup Database Update Interval —Enter how often the DHCP Snooping Binding database is to be backed up (if Backup Database is selected). Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 291: Interface Settings

    Relay > DHCP Snooping Trusted Interfaces. Select the interface and click Edit. STEP 2 Select Trusted Interface (Yes or No) and click Apply to save the settings to the STEP 3 Running Configuration file. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 292: Dhcp Snooping Binding Database

    • Lease Time—If the entry is dynamic, enter the amount of time that the entry is to be active in the DHCP Database. If there is no Lease Time, check Infinite.) Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 293: Dhcp Server

    Option # Type of Option Name Option Basic Subnet Mask Basic Router Option Basic Time Server Option Basic Domain Name Server Option Basic Host Name Option Basic Domain Name Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 294 5 - DHCPACK • 6 - DHCPNAK • 7 - DHCPRELEASE • 8 - DHCPINFORM Server Identifier This option, created by the DHCP client, is the IP address of the selected server. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 295: Dependencies Between Features

    Define up to 8 network pools of IP addresses using the Network Pools page. STEP 3 Configure clients that will be assigned a permanent IP address, using the Static STEP 4 Hosts page. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 296: Dhcpv4 Server

    Click Add to define a new network pool. Note that you either enter the Subnet IP STEP 2 Address and the Mask, or enter the Mask, the Address Pool Start and Address Pool End. Enter the fields: STEP 3 Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 297 Hybrid—A hybrid combination of b-node and p-node is used. When configured to use h-node, a computer always tries p-node first and uses b-node only if p-node fails. This is the default. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 298: Excluded Addresses

    End IP Address—Last IP address in the range of excluded IP addresses. Static Hosts You might want to assign some DHCP clients a permanent IP address that never changes. This client is then known as a static host. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 299 NetBIOS WINS Server (Option 44)— Enter the NetBIOS WINS name server available to the static host. • NetBIOS Node Type (Option 46)—Select how to resolve the NetBIOS name. Valid node types are: Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 300: Address Binding

    Address Type— Whether the address of the DHCP client appears as a MAC address or using a client identifier. • MAC Address/Client Identifier—A unique identification of the client specified as a MAC Address or in dotted hexadecimal notation, e.g., 01b6.0819.6811.72. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 301: Ipv6 Management And Interfaces

    Tunneling treats the IPv4 network as a virtual IPv6 local link, with mappings from each IPv4 address to a link local IPv6 address. The device detects IPv6 frames by the IPv6 Ethertype. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 302: Ipv6 Global Configuration

    An IPv6 interface can be configured on a port, LAG, VLAN, or tunnel. A tunnel interface is configured with an IPv6 address based on the settings defined in the IPv6 Tunnel page. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 303 DAD verification. Entering 0 in this field disables duplicate address detection processing on the specified interface. Entering 1 in this field indicates a single transmission without follow-up transmissions. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 304 DHCPv6 Server Address—Address of DHCPv6 server. • DHCPv6 Server DUID—Unique identifier of the DHCPv6 server. • DHCPv6 Server Preference—Priority of this DHCPv6 server. • Information Minimum Refresh Time— See above. • Information Refresh Time—See above. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 305: Ipv6 Tunnel

    When the ISATAP router IPv4 address is not resolved via the DNS process, the ISATAP IP interface remains active. The system does not have a default router for ISATAP traffic until the DNS process is resolved. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 306: Configuring Tunnels

    • ISATAP Solicitation Interval—The number of seconds between ISATAP router solicitations messages, when there is no active ISATAP router. The interval can be the default value or a user defined interval. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 307: Defining Ipv6 Addresses

    The device supports a maximum of 128 addresses at the interface. Each address must be a valid IPv6 address that Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 308: Ipv6 Default Router List

    An alert message appears when attempting to insert a non-link local type address, meaning 'fe80:'. To define a default router: In Layer 2 system mode, click Administration > Management Interface > IPv6 STEP 1 Default Router List. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 309 Link Local Interface—Displays the outgoing Link Local interface. • Default Router IPv6 Address—The IP address of the default router Click Apply. The default router is saved to the Running Configuration file. STEP 4 Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 310: Defining Ipv6 Neighbors Information

    Type—Neighbor discovery cache information entry type (static or dynamic). • State—Specifies the IPv6 neighbor status. The values are: Incomplete —Address resolution is working. The neighbor has not yet responded. Reachable —Neighbor is known to be reachable. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 311: Viewing Ipv6 Route Tables

    IPv6 subnets that the device wants to communicate. To view IPv6 routes: To view IPv6 routing entries in Layer 2 system mode: Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 312 —A directly-connected network whose prefix is derived from a manually-configured device’s IPv6 address. Dynamic —The destination is an indirectly-attached (remote) IPv6 subnet address. The entry was obtained dynamically via the ND or ICMP protocol. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 313: Dhcpv6 Relay

    Enter the fields: STEP 3 • IPv6 Address Type—Enter the type of the destination address to which client messages are forwarded. The address type can be Link Local, Global or Multicast (All_DHCP_Relay_Agents_and_Servers). Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 314: Interface Settings

    Click Apply. The Running Configuration file is updated. STEP 3 Domain Name The Domain Name System (DNS) translates domain names into IP addresses for the purpose of locating and addressing hosts. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 315: Dns Settings

    Click Apply. The Running Configuration file is updated. STEP 3 DNS Server Table: The following fields are displayed for each DNS server configured: • DNS Server—The IP address of the DNS server. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 316: Search List

    Click IP Configuration > Domain Name > Search List. STEP 1 The following fields are displayed for each DNS server configured on the device. • Domain Name—Name of domain that can be used on the device. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 317: Host Mapping

    All Dynamic & Static—Deletes the static and dynamic hosts. The Host Mapping Table displays the following fields: • Host Name—User-defined host name or fully-qualified name. • IP Address—The host IP address. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 318 0 through 9, the underscore and the hyphen. A period (.) is used to separate labels. • IP Address(es)—Enter a single address or up to eight associated IP addresses (IPv4 or IPv6). Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 319: Chapter 17: Security

    Access Control Access control of end-users to the network through the device is described in the following sections: • Configuring Management Access Authentication • Defining Management Access Method • Configuring TACACS+ Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 320: Defining Users

    Access Control Defining Users The default username/password is cisco/cisco. The first time that you log in with the default username and password, you are required to enter a new password. Password complexity is enabled by default. If the password that you choose is not complex enough (Password Complexity Settings are enabled in the Password Strength page), you are prompted to create another password.
  • Page 321 CLI commands that change the device configuration. See the CLI Reference Guide for more information. Read/Write Management Access (15)—User can access the GUI, and can configure the device. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 322: Setting Password Complexity Rules

    Do not repeat or reverse the users name or any variant reached by changing the case of the characters. • Do not repeat or reverse the manufacturers name or any variant reached by changing the case of the characters. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 323: Configuring Tacacs

    • Authorization—Performed at login. After the authentication session is completed, an authorization session starts using the authenticated username. The TACACS+ server then checks user privileges. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 324: Accounting Using A Tacacs+ Server

    Username that is entered for login authentication. rem-addr P address of the user. elapsed-time Indicates how long the user was logged in. reason Reports why the session was terminated. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 325: Defaults

    Privilege level 15 is given to a user or group of users on the TACACS+ server by the following string in the user or group definition: service = exec { priv-lvl = 15 To configure TACACS+ server parameters: Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 326 By IP Address—If this is selected, enter the IP address of the server in the Server IP Address/Name field. By Name—If this is selected enter the name of the server in the Server IP Address/Name field. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 327 To display sensitive data in plaintext form in the configuration file, click Display STEP 7 Sensitive Data As Plaintext. Click Apply. The TACACS+ server is added to the Running Configuration file of the STEP 8 device. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 328: Configuring Radius

    The following defaults are relevant to this feature: • No default RADIUS server is defined by default. • If you configure a RADIUS server, the accounting feature is disabled by default. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 329: Interactions With Other Features

    RADIUS server before a failure is considered to have occurred. • Timeout for Reply—Enter the number of seconds that the device waits for an answer from the RADIUS server before retrying the query, or switching to the next server. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 330 Global—The IPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks. • Link Local Interface—Select the link local interface (if IPv6 Address Type Link Local is selected) from the list. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 331 802. 1 X—RADIUS server is used for 802. 1 x authentication. All—RADIUS server is used for authenticating user that ask to administer the device and for 802. 1 X authentication. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 332: Configuring Management Access Authentication

    RADIUS servers. • TACACS+—User authenticated on the TACACS+ server. You must have configured one or more TACACS+ servers. • None—User is allowed to access the device without authentication. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 333: Defining Management Access Method

    All of the above • Action—Permit or deny access to an interface or source address. • Interface—Which ports, LAGs, or VLANs are permitted to access or are denied access to the web-based configuration utility. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 334: Active Access Profile

    This only applies to device types that offer a console port. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 335 Permit—Permits access to the device if the user matches the settings in the profile. Deny—Denies access to the device if the user matches the settings in the profile. • Applies to Interface—Select the interface attached to the rule. The options are: Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 336: Defining Profile Rules

    IT management center. In this way, the device can still be managed and has gained another layer of security. To add profile rules to an access profile: Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 337 Or select Deny to deny access. • Applies to Interface—Select the interface attached to the rule. The options are: All—Applies to all ports, VLANs, and LAGs. User Defined—Applies only to the port, VLAN, or LAG selected. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 338: Ssl Server

    Some browsers generate warnings when using a default certificate, since this certificate is not signed by a Certification Authority (CA). It is best practice to have a certificate signed by a trusted CA. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 339: Default Settings And Configuration

    Key Length—Enter the length of the RSA key to be generated. Common Name—Specifies the fully-qualified device URL or IP address. If unspecified, defaults to the lowest IP address of the device (when the certificate is generated). Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 340 RSA key-pair to another device (using copy/paste). When you click Display Sensitive Data as Encrypted., the private keys are displayed in encrypted form. Click Apply to apply the changes to the Running Configuration. STEP 5 Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 341: Configuring Tcp/Udp Services

    Type—IP protocol the service uses. • Local IP Address—Local IP address through which the device is offering the service. • Local Port—Local TCP port through which the device is offering the service. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 342: Defining Storm Control

    When the rate of Broadcast, Multicast, or Unknown Unicast frames is higher than the user-defined threshold, frames received beyond the threshold are discarded. To define Storm Control: Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 343: Configuring Port Security

    MAC addresses. The MAC addresses can be either dynamically learned or statically configured. Port security monitors received and learned packets. Access to locked ports is limited to users with specific MAC addresses. Port Security has four modes: Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 344 Session Authentication page). To configure port security: Click Security > Port Security. STEP 1 Select an interface to be modified, and click Edit. STEP 2 Enter the parameters. STEP 3 Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 345 Forward—Forwards packets from an unknown source without learning the MAC address. Shutdown—Discards packets from any unlearned source, and shuts down the port. The port remains shut down until reactivated, or until the device is rebooted. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 346: Configuring 802.1X

    All access by other devices received from the same port are denied until the authorized supplicant is no longer using the port or the access is to the unauthenticated VLAN or guest VLAN. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 347 MAC address of the devices as the username and password when communicating with the RADIUS servers. MAC addresses for username and password must be entered in lower case and with no Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 348 Guest VLAN when the first supplicant of the port is authorized. • The Guest VLAN cannot be used as the Voice VLAN and an unauthenticated VLAN. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 349: 802.1X Parameters Workflow

    For 802. 1 X to function, it must be activated both globally and individually on each port. To define port-based authentication: Click Security > 802.1X > Properties. STEP 1 Enter the parameters. STEP 2 Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 350 The VLAN Authentication Table displays all VLANs, and indicates whether authentication has been enabled on them. Click Apply. The 802. 1 X properties are written to the Running Configuration file. STEP 3 Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 351: Defining 802.1X Port Authentication

    STEP 1 This page displays authentication settings for all ports. Select a port, and click Edit. STEP 2 Enter the parameters. STEP 3 • Interface—Select a port. • User Name—Displays the username. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 352 After an authentication failure, and if Guest VLAN is activated globally on a given port, the guest VLAN is automatically assigned to the unauthorized ports as an Untagged VLAN. Cleared—Disables Guest VLAN on the port. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 353 • Time Range Name—Select the profile that specifies the time range. • Quiet Period—Enter the number of seconds that the device remains in the quiet state following a failed authentication exchange. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 354: Defining Host And Session Authentication

    Multiple Sessions—Enables the number of specific authorized hosts to access the port. Each host is treated as if it were the first and only user and must be authenticated. Filtering is based on the source MAC address. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 355 Action on Violation—Select the action to be applied to packets arriving in Single Session/Single Host mode, from a host whose MAC address is not the supplicant MAC address. The options are: Protect (Discard)—Discards the packets. Restrict (Forward)—Forwards the packets. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 356: Viewing Authenticated Hosts

    None—No authentication is applied; it is automatically authorized. RADIUS—Supplicant was authenticated by a RADIUS server. • MAC Address—Displays the supplicant MAC address. Defining Time Ranges Time Range for an explanation of this feature. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 357: Denial Of Service Prevention

    One method of resisting DoS attacks employed by the device is the use of SCT. SCT is enabled by default on the device and cannot be disabled. The Cisco device is an advanced device that handles management traffic, protocol traffic and snooping traffic, in addition to end-user (TCP) traffic.

  • Page 358: Defense Against Dos Attacks

    A SYN attack is identified if the number of SYN packets per second exceeds a user-configured threshold. • Block SYN-FIN packets. • Block packets that contain reserved Martian addresses (Martian Addresses page) Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 359: Dependencies Between Features

    QoS policies that are bound to a port. ACL and advanced QoS policies are not active when a port has DoS Protection enabled on it. To configure DoS Prevention global settings and monitor SCT: Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 360 Click Apply. The Denial of Service prevention Security Suite settings are written to STEP 6 the Running Configuration file. • If Interface-Level Prevention is selected, click the appropriate Edit button to configure the desired prevention. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 361: Syn Protection

    Click Apply. SYN protection is defined, and the Running Configuration file is STEP 3 updated. The SYN Protection Interface Table displays the following fields for every port or LAG (as requested by the user) Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 362: Martian Addresses

    Click Security > Denial of Service Prevention > Martian Addresses. STEP 1 Select Reserved Martian Addresses and click Apply to include the reserved STEP 2 Martian Addresses in the System Level Prevention list. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 363: Syn Filtering

    Network Mask—Enter the network mask for which the filter is enabled in IP address format. • TCP Port—Select the destination TCP port being filtered: Known Ports—Select a port from the list. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 364: Syn Rate Protection

    Prefix Length—Select the Prefix Length and enter the number of bits that comprise the source IP address prefix. • SYN Rate Limit—Enter the number of SYN packets that be received. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 365: Icmp Filtering

    The IP Fragmented page enables blocking fragmented IP packets. To configure fragmented IP blocking: Click Security > Denial of Service Prevention > IP Fragments Filtering. STEP 1 Click Add. STEP 2 Enter the parameters. STEP 3 Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 366: Ip Source Guard

    DHCP Snooping must be globally enabled in order to enable IP Source Guard on an interface. • IP source guard can be active on an interface only if: DHCP Snooping is enabled on at least one of the port's VLANs Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 367: Filtering

    Configure interfaces as trusted or untrusted in the IP Configuration > DHCP > STEP 3 DHCP Snooping Interface page. Enable IP Source Guard in the Security > IP Source Guard > Properties page. STEP 4 Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 368: Enabling Ip Source Guard

    Select the port/LAG and click Edit. Select Enable in the IP Source Guard field to STEP 3 enable IP Source Guard on the interface. Click Apply to copy the setting to the Running Configuration file. STEP 4 Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 369: Binding Database

    Status—Displays whether interface is active. • Type—Displays whether entry is dynamic or static. • Reason—If the interface is not active, displays the reason. The following reasons are possible: No Problem—Interface is active. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 370: Dynamic Arp Inspection

    After the attack, all traffic from the device under attack flows through the attacker's computer and then to the router, switch, or host. The following shows an example of ARP cache poisoning. ARP Cache Poisoning Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 371: How Arp Prevents Cache Poisoning

    If the packet's IP address was not found in the ARP access control rules or in the DHCP Snooping Binding database the packet is invalid and is dropped. A SYSLOG message is generated. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 372: Interaction Between Arp Inspection And Dhcp Snooping

    Dynamic ARP Inspection Not enabled. ARP Packet Validation Not enabled ARP Inspection Enabled on Not enabled VLAN Log Buffer Interval SYSLOG message generation for dropped packets is enabled at 5 seconds interval Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 373: Arp Inspection Work Flow

    Addresses include 0.0.0.0, 255.255.255.255, and all IP Multicast addresses. • Log Buffer Interval—Select one of the following options: Retry Frequency—Enable sending SYSLOG messages for dropped packets. Entered the frequency with which the messages are sent. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 374: Defining Dynamic Arp Inspection Interfaces Settings

    To add an entry, click Add. STEP 2 Enter the fields: STEP 3 • ARP Access Control Name—Enter a user-created name. • MAC Address—MAC address of packet. • IP Address—IP address of packet. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 375: Defining Arp Inspection Access Control Rules

    To associate an ARP Access Control group with a VLAN, click Add. Select the STEP 3 VLAN number and select a previously-defined ARP Access Control group. Click Apply. The settings are defined, and the Running Configuration file is STEP 4 updated. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 376 Security Dynamic ARP Inspection Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 377: Chapter 18: Security: Secure Sensitive Data Management

    SSD provides users with the flexibility to configure the desired level of protection no protection with sensitive data in plaintext, minimum on their sensitive data; from protection with encryption based on the default passphrase, and better protection with encryption based on user-defined passphrase. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 378: Ssd Management

    A device comes with a set of default SSD rules. An administrator can add, delete, and change SSD rules as desired. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 379: Elements Of An Ssd Rule

    User Type will be applied). Specific—The rule applies to a specific user. Default User (cisco)—The rule applies to the default user (cisco). Level 15—The rule applies to users with privilege level 15. All—The rule applies to all users.
  • Page 380 Each management channel allows specific read presumptions. The following summarizes these. Table 2 Default Read Modes for Read Permissions Read Permission Default Read Mode Allowed Exclude Exclude Encrypted Only *Encrypted Plaintext Only *Plaintext Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 381 CLI/GUI sessions. When the SSD rule applied upon the session login is changed from NOTE within that session, the user must log out and back in to see the change. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 382: Ssd Rules And User Authentication

    Rule Key Rule Action User Channel Read Default Read Mode Permission Level Secure XML Plaintext Only Plaintext SNMP Level Secure Both Encrypted Level Insecure Both Encrypted Insecure XML Exclude Exclude SNMP Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 383: Ssd Properties

    • Controlling how the sensitive data is encrypted. • Controlling the strength of security on configuration files. • Controlling how the sensitive data is viewed within the current session. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 384: Passphrase

    By default, the local passphrase and default passphrase are identical. It can be changed by administrative actions from either the Command Line Interface (if available) or the web-based interface. It is Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 385: Configuration File Passphrase Control

    Configuration File Integrity Control be enabled when a device uses a user-defined passphrase with Unrestricted Configuration File Passprhase Control. Any modification made to a configuration file that is integrity protected is CAUTION considered tampering. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 386: File Ssd Indicator

    • The SSD indicator, if it exists, must be in the configuration header file. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 387: Ssd Control Block

    SSD control block, the device rejects the source file and the copy fails. • If there is no SSD control block in the source configuration file, the SSD configuration in the Startup Configuration file is reset to default. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 388: Running Configuration File

    (meaning read permissions of either Both or Plaintext Only), the device rejects all SSD commands. • When copied from a source file, File SSD indicator, SSD Control Block Integrity, and SSD File Integrity are neither verified nor enforced. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 389: Backup And Mirror Configuration File

    SSD Indicator shows Exclude or Plaintext Only sensitive data. • A user with Encrypted Only permission can access mirror and backup configuration files with their file SSD Indicator showing Exclude or Encrypted sensitive data. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 390: Sensitive Data Zero-Touch Auto Configuration

    However, for auto configuration to succeed with a user-defined passphrase, the target devices must be manually pre-configured with the same passphrase as the device that generates the files, which is not zero touch. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 391: Ssd Management Channels

    Management Channel SSD Management Parallel Secured Channel Type Management Channel Console Secure Telnet Insecure Secure GUI/HTTP Insecure GUI/HTTPS GUI/HTTPS Secure XML/HTTP Insecure-XML- XML/HTTPS SNMP XML/HTTPS Secure-XML-SNMP SNMPv1/v2/v3 without Insecure-XML- Secure-XML-SNMP privacy SNMP Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 392: Menu Cli And Password Recovery

    SSD rules are defined in the SSD Rules page. SSD Properties Only users with SSD read permission of Plaintext-only or Both are allowed to set SSD properties. To configure global SSD properties: Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 393: Ssd Rules

    Specific User—Select and enter the specific user name to which this rule applies (this user does not necessarily have to be defined). Default User (cisco)—Indicates that this rule applies to the default user. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 394 Encrypted—Sensitive data is presented encrypted. Plaintext—Sensitive data is presented as plaintext. The following actions can be performed: STEP 3 • Restore to Default—Restore a user-modified default rule to the default rule. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 395 Security: Secure Sensitive Data Management Configuring SSD • Restore All Rules to Default—Restore all user-modified default rules to the default rule and remove all user-defined rules. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 396 Security: Secure Sensitive Data Management Configuring SSD Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 397: Chapter 19: Security: Ssh Client

    SCP server to a device. With respect to SSH, the SCP running on the device is an SSH client application and the SCP server is a SSH server application. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 398: Protection Methods

    SSH server. This is not done through the device’s management system, although, after a username has been established on the server, the server password can be changed through the device’s management system. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 399: Public/Private Keys

    SSH server. To facilitate this process, an additional feature enables secure transfer of the encrypted private key to all switches in the system. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 400: Ssh Server Authentication

    If no matching IP address/host name is found, the search is completed and authentication fails. • If the entry for the SSH server is not found in the list of trusted servers, the process fails. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 401: Ssh Client Authentication

    The following algorithms are supported on the client side: • Key Exchange Algorithm-diffie-hellman • Encryption Algorithms aes128-cbc 3des-cbc arcfour aes192-cbc aes256-cbc • Message Authentication Code Algorithms hmac-sha1 hmac-md5 Compression algorithms are not supported. NOTE Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 402: Before You Begin

    SSH User Authentication page can be used. Set up a username/password on the SSH server or modify the password on the STEP 3 SSH server. This activity depends on the server and is not described here. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 403 To change your password on an SSH server: Identify the server in the Change User Password on SSH Server page. STEP 1 Enter the new password. STEP 2 Click Apply. STEP 3 Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 404: Ssh Client Configuration Through The Gui

    • Display Sensitive Data As Plaintext—Sensitive data for the current page appears as plaintext. The SSH User Key Table contains the following fields for each key: • Key Type—RSA or DSA. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 405: Modifying The User Password On The Ssh Server

    Click Apply. The trusted server definition is stored in the Running Configuration STEP 4 file. Modifying the User Password on the SSH Server To change the password on the SSH server: Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 406 Old Password—This must match the password on the server. • New Password—Enter the new password and confirm it in the Confirm Password field. Click Apply. The password on the SSH server is modified. STEP 3 Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 407: Chapter 20: Security: Ssh Server

    SSH server application, such as PuTTY. The public keys are entered in the device. The users can then open an SSH session on the device through the external SSH server application. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 408: Common Tasks

    Log on to device B and open the SSH Server Authentication page. Select either STEP 3 the RSA or DSA key, click Edit and paste in the key from device A. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 409: Ssh Server Configuration

    This page is optional. You do not have to work with user authentication in SSH. To enable authentication and add a user. Click Security > SSH Server > SSH User Authentication. STEP 1 Select the following fields: STEP 2 Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 410: Ssh Server Authentication

    The following fields are displayed for each key: • Key Type—RSA or DSA. • Key Source—Auto Generated or User Defined. • Fingerprint—Fingerprint generated from the key. Select either an RSA or DSA key. STEP 2 Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 411 Display Sensitive Data as Encrypted. to display the text in encrypted form. If new keys were copied in from another, click Apply. The key(s) are stored in the STEP 4 Running Configuration file. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 412 Security: SSH Server SSH Server Configuration Pages Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 413: Chapter 21: Access Control

    Either a DENY or PERMIT action is applied to frames whose contents match the filter. The device supports a maximum of 512 ACLs, and a maximum of 512 ACEs. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 414 If a frame matches the filter in an ACL, it is defined as a flow with the name of that ACL. In advanced QoS, these frames can be referred to using this Flow name, and QoS can be applied to these frames (see QoS Advanced Mode). Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 415: Defining Mac-Based Acls

    Only then can the ACL be modified, as described in this section. Defining MAC-based ACLs MAC-based ACLs are used to filter traffic based on Layer 2 fields. MAC-based ACLs check all frames for a match. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 416: Adding Rules To A Mac-Based Acl

    Such ports can be reactivated from the Port Settings page. • Time Range—Select to enable limiting the use of the ACL to a specific time range. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 417 802.1p Mask—Enter the wildcard mask to be applied to the VPT tag. • Ethertype—Enter the frame Ethertype to be matched. Click Apply. The MAC-based ACE is saved to the Running Configuration file. STEP 5 Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 418: Ipv4-Based Acls

    Enter the name of the new ACL in the ACL Name field. The names are STEP 3 case-sensitive. Click Apply. The IPv4-based ACL is saved to the Running Configuration file. STEP 4 Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 419: Adding Rules (Aces) To An Ipv4-Based Acl

    ICMP —Internet Control Message Protocol IGMP —Internet Group Management Protocol IP in IP —IP in IP encapsulation —Transmission Control Protocol —Exterior Gateway Protocol —Interior Gateway Protocol Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 420 Note that this mask is different than in other uses, such as subnet mask. Here, setting a bit as 1 indicates don't care and 0 indicates to mask that value. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 421 • Type of Service—The service type of the IP packet. —Any service type DSCP to Match —Differentiated Serves Code Point (DSCP) to match Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 422: Ipv6-Based Acls

    Click Apply. The IPv4-based ACE is saved to the Running Configuration file. STEP 5 IPv6-Based ACLs The IPv6-Based ACL page displays and enables the creation of IPv6 ACLs, which check pure IPv6-based traffic. IPv6 ACLs do not check IPv6-over-IPv4 or ARP packets. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 423: Adding Rules (Aces) For An Ipv6-Based Acl

    Deny—Drop packets that meet the ACE criteria. Shutdown—Drop packets that meet the ACE criteria, and disable the port to which the packets were addressed. Ports are reactivated from the Port Management page. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 424 Any—Match to all source ports. Single—Enter a single TCP/UDP source port to which packets are matched. This field is active only if 800/6-TCP or 800/17-UDP is selected in the IP Protocol drop-down menu. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 425 Select one of the following options, to configure whether to filter on this code: Any—Accept all codes. User defined—Enter an ICMP code for filtering purposes. Click Apply. STEP 5 Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 426: Defining Acl Binding

    Select MAC Based ACL—Select a MAC-based ACL to be bound to the interface. • Select IPv4 Based ACL—Select an IPv4-based ACL to be bound to the interface. • Select IPv6 Based ACL—Select an IPv6-based ACL to be bound to the interface. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 427 Click Apply. The ACL binding is modified, and the Running Configuration file is STEP 7 updated. If no ACL is selected, the ACL(s) that is previously bound to the NOTE interface is unbound. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 428 Access Control Defining ACL Binding Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 429: Chapter 22: Quality Of Service

    This section covers the following topics: • QoS Features and Components • Configuring QoS - General • QoS Basic Mode • QoS Advanced Mode • Managing QoS Statistics Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 430: Qos Features And Components

    Code Point (DSCP) value for IPv4 or Traffic Class (TC) value for IPv6 in Layer 3. When operating in Basic Mode, the device trusts this external assigned QoS value. The external assigned QoS value of a packet determines its traffic class and QoS. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 431: Qos Workflow

    QoS Properties page. The following steps in the workflow, assume that you have chosen to enable QoS. Assign each interface a default CoS priority by using the QoS Properties page. STEP 2 Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 432: Configuring Qos - General

    The QoS Properties Page contains fields for setting the QoS mode for the system (Basic, Advanced, or Disabled, as described in the “QoS Modes” section). In addition, the default CoS priority for each interface can be defined. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 433: Setting Qos Properties

    Default CoS—Select the default CoS (Class-of-Service) value to be assigned for incoming packets (that do not have a VLAN tag). Click Apply. The interface default CoS value is saved to Running Configuration file. STEP 2 Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 434: Configuring Qos Queues

    To select the priority method and enter WRR data. Click Quality of Service > General > Queue. STEP 1 Enter the parameters. STEP 2 • Queue—Displays the queue number. • Scheduling Method: Select one of the following options: Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 435: Mapping Cos/802.1P To A Queue

    Default Mapping for 4 Queues 802.1p Queue Notes Values (4 queues 1- (0-7, 7 being 4, 4 being the the highest) highest priority) Background Best Effort Excellent Effort Critical Application - LVS phone SIP Video Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 436 Queue schedule method and bandwidth allocation (Queue page), it is possible to achieve the desired quality of service in a network. The CoS/802. 1 p to Queue mapping is applicable only if one of the following exists: Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 437: Mapping Dscp To Queue

    The device is in QoS Basic mode and DSCP is the trusted mode, or • The device is in QoS Advanced mode and the packets belongs to flows that is DSCP trusted Non-IP packets are always classified to the best-effort queue. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 438 DSCP Queue DSCP Queue DSCP Queue Table 5 DSCP to Queue Default Mapping – 8 Queues System (7 is highest and 8 is used for stack control purposes) DSCP Queue DSCP Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 439 Queue DSCP Queue DSCP Queue DSCP Queue DSCP Queue Table 6 DSCP to Queue Default Mapping – 8 Queues System (8 is highest) DSCP Queue DSCP Queue DSCP Queue DSCP Queue Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 440: Configuring Bandwidth

    The following values are entered for egress shaping: • Committed Information Rate (CIR) sets the average maximum amount of data allowed to be sent on the egress interface, measured in bits per second Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 441 This amount can be sent even if it temporarily increases the bandwidth beyond the allowed limit. Click Apply. The bandwidth settings are written to the Running Configuration file. STEP 5 Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 442: Configuring Egress Shaping Per Queue

    Click Apply. The bandwidth settings are written to the Running Configuration file. STEP 6 Configuring VLAN Ingress Rate Limit The VLAN Rate Limit feature is not available when the device is in Layer 3 mode. NOTE Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 443 This amount can be sent even if it temporarily increases the bandwidth beyond the allowed limit. Cannot be entered for LAGs. Click Apply. The VLAN rate limit is added, and the Running Configuration file is STEP 4 updated. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 444: Tcp Congestion Avoidance

    It is recommended that you disable the trusted mode at the ports where the CoS/802. 1 p and/or DSCP values in the incoming packets are not trustworthy. Otherwise, it might negatively affect the performance of your network Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 445: Configuring Global Settings

    Select the DSCP Out value to indicate the outgoing value is mapped. STEP 5 Click Apply. The Running Configuration file is updated with the new DSCP values. STEP 6 Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 446: Interface Qos Settings

    A class map defines a flow with one or more associating ACLs. Packets that match only ACL rules (ACE) in a class map with Permit (forward) action are considered belonging to the same flow, and are subjected to the same Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 447 • Definition of the actions to be applied to frames in each flow that match the rules. • Binding the combinations of rules and action to one or more interfaces. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 448: Workflow To Configure Advanced Qos Mode

    Select the Trust Mode while the device is in Advanced mode. If a packet CoS STEP 2 level and DSCP tag are mapped to separate queues, the Trust mode determines the queue to which the packet is assigned: Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 449: Configuring Out-Of-Profile Dscp Mapping

    QoS-specified limits. The portion of the traffic that causes the flow to exceed its QoS limit is referred to as out-of-profile packets. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 450 Select the DSCP Out value to where the incoming value is mapped. STEP 2 Click Apply. The Running Configuration file is updated with the new DSCP STEP 3 Mapping table. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 451: Defining Class Mapping

    —A packet must match either the IP based ACL or the MAC based ACL in the class map. • IP—Select the IPv4 based ACL or the IPv6 based ACL for the class map. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 452: Qos Policers

    Aggregate Policer page. An aggregate policer is defined if the policer is to be shared with more than one class. Policers on a port cannot be shared with other policers in another device. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 453: Defining Aggregate Policers

    Aggregate Policer Name—Enter the name of the Aggregate Policer. • Ingress Committed Information Rate (CIR)—Enter the maximum bandwidth allowed in bits per second. See the description of this in the Bandwidth page. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 454: Configuring A Policy

    Click Policy Class Map Table to display the Policy Class Maps page. STEP 2 Click Add to open the Add Policy Table page. Enter the name of the new policy in the New Policy Name field. STEP 3 Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 455: Policy Class Maps

    CoS/802. 1 p value and the CoS/802. 1 p to Queue Table. —If this option is selected, use the value entered in the New Value box to determine the egress queue of the matching packets as follows: Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 456 Drop—Packets exceeding the defined CIR value are dropped. Out of Profile DSCP—IP packets exceeding the defined CIR are forwarding with a new DSCP derived from the Out Of Profile DSCP Mapping Table. Click Apply. STEP 5 Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 457: Policy Binding

    Click Apply. The QoS policy binding is defined, and the Running Configuration file STEP 5 is updated. Managing QoS Statistics From these pages you can manage the Single Policer, Aggregated Policer, and view queues statistics. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 458: Policer Statistics

    • Policy Name—Select the policy name. • Class Map Name—Select the class name. Click Apply. An additional request for statistics is created and the Running STEP 4 Configuration file is updated. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 459: Viewing Aggregated Policer Statistics

    Refresh Rate—Select the time period that passes before the interface Ethernet statistics are refreshed. The available options are: No Refresh—Statistics are not refreshed. 15 Sec—Statistics are refreshed every 15 seconds. 30 Sec—Statistics are refreshed every 30 seconds. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 460 Total Packets—Number of packets forwarded or tail dropped. • Tail Drop Packets—Percentage of packets that were tail dropped. Click Add. STEP 4 Enter the parameters. STEP 5 • Counter Set—Select the counter set: Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 461 Queue—Select the queue for which statistics are displayed. • Drop Precedence—Enter drop precedence that indicates the probability of being dropped. Click Apply. The Queue Statistics counter is added, and the Running Configuration STEP 6 file is updated. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 462 Quality of Service Managing QoS Statistics Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 463: Chapter 23: Snmp

    The device functions as SNMP agent and supports SNMPv1, v2, and v3. It also reports system events to trap receivers using the traps defined in the supported MIBs (Management Information Base). Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 464: Snmpv1 And V2

    For security reasons, SNMP is disabled by default. Before you can NOTE manage the device via SNMP, you must turn on SNMP on the Security >TCP/ UDP Services page. The following is the recommended series of actions for configuring SNMP: Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 465 If the SNMP Engine ID is not set, then users may not be created. Optionally, enable or disable traps by using the Trap Settings page. STEP 5 Optionally, define a notification filter(s) by using the Notification Filter page. STEP 6 Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 466: Model Oids

    8 FE ports plus 2 GE ports 9.6. 1 .82.08. 1 SF302-08MP 8 FE ports plus 2 GE ports 9.6. 1 .82.08.3 SF302-08P 8 FE ports plus 2 GE ports 9.6. 1 .82.08.2 Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 467: Snmp Engine Id

    The default SNMP Engine ID is comprised of the enterprise number and the default MAC address. This engine ID must be unique for the administrative domain, so that no two devices in a network have the same engine ID. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 468 Server Definition—Select whether to specify the Engine ID server by IP address or name. • IP Version—Select the supported IP format. • IPv6 Address Type—Select the IPv6 address type (if IPv6 is used). The options are: Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 469: Configuring Snmp Views

    To define SNMP views: Click SNMP > Views. STEP 1 Click Add to define new views. STEP 2 Enter the parameters. STEP 3 • View Name—Enter a view name between 0-30 characters) Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 470: Creating Snmp Groups

    SNMPv1 and SNMPv2 are not secure. In SNMPv3, the following security mechanisms can be configured. • Authentication—The device checks that the SNMP user is an authorized system administrator. This is done for each frame. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 471 No Authentication and No Privacy—Neither the Authentication nor the Privacy security levels are assigned to the group. Authentication and No Privacy—Authenticates SNMP messages, and ensures the SNMP message origin is authenticated but does not encrypt them. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 472: Managing Snmp Users

    An engine ID must first be configured on the device. This is done in the Engine ID page. • An SNMPv3 group must be available. An SNMPv3 group is defined in the Groups page. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 473 MD5 Password—A password that is used for generating a key by the MD5 authentication method. SHA Password—A password that is used for generating a key by the SHA (Secure Hash Algorithm) authentication method. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 474: Defining Snmp Communities

    Advanced Mode—The access rights of a community are defined by a group (defined in the Groups page). You can configure the group with a specific security model. The access rights of a group are Read, Write, and Notify. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 475 By default, it applies to the entire MIB. If this is selected, enter the following fields: Access Mode—Select the access rights of the community. The options are: Read Only—Management access is restricted to read-only. Changes cannot be made to the community. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 476: Defining Trap Settings

    STEP 2 notifications. Select Enable for Authentication Notifications to enable SNMP authentication STEP 3 failure notification. Click Apply. The SNMP Trap settings are written to the Running Configuration file. STEP 4 Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 477: Notification Recipients

    STEP 1 This page contains recipients for SNMPv1,2. Click Add. STEP 2 Enter the parameters. STEP 3 • Server Definition—Select whether to specify the remote log server by IP address or name. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 478 Filter Name—Select the SNMP filter that defines the information contained in traps (defined in the Notification Filter page). Click Apply. The SNMP Notification Recipient settings are written to the Running STEP 4 Configuration file. Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 479: Defining Snmpv3 Notification Recipients

    Timeout—Enter the amount of time (seconds) the device waits before re- sending informs/traps. Timeout: Range 1-300, default 15 • Retries—Enter the number of times that the device resends an inform request. Retries: Range 1-255, default 3 Cisco Small Business 300 Series Managed Switch Administration Guide...

  • Page 480: Snmp Notification Filters

    Notification Recipients SNMPv3 page. The notification filter enables filtering the type of SNMP notifications that are sent to the management station based on the OID of the notification to be sent. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 481 Select or deselect Include in filter. If this is selected, the selected MIBs are STEP 4 included in the filter, otherwise they are excluded. Click Apply. The SNMP views are defined and the running configuration is STEP 5 updated. Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 482 SNMP SNMP Notification Filters Cisco Small Business 300 Series Managed Switch Administration Guide...
  • Page 483 Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.

This manual is also suitable for:

Small business 300 series

Table of Contents