Manual Cisco Systems SG50028PK9NA

638 pages 6.55 mb

Download

Go to site of 638

Prev Next

Summary

Cisco Systems SG50028PK9NA - page 1

Cis c o 500 S erie s St ackable Manage d S witch Administration Guide Releas e 1 .3.5 ADMINISTR A TION GUIDE ...
Cisco Systems SG50028PK9NA - page 2

Cisco 500 S eries Stackable Manage d Switch Administration Guide 1 Con t en ts T able of C onten t s Chapter 1: Getting Started 1 Starting the Web-based Configuration Utility 1 Quick Start Device Configuration 5 Interface Naming Conventions 6 Differences Between Sx500, S G500X, ESW2-550X and the SG500XG De- vices<Sx500> 7 Window Navigation 8 ...
Cisco Systems SG50028PK9NA - page 3

Cisco 500 Serie s Stackable Managed Switch Admin istration Guide 2 Con te nt s Upgrade/Backup Firmware/Language 37 Active Image <Sx300-500> 41 Download/Backup Configuration/Log 42 Configuration Files Properties 48 Copy/Save Co nfiguration 49 Auto Configuration via DHCP 50 Chapter 5: Administration: Stack Management 58 Overview 59 Types of Uni ...
Cisco Systems SG50028PK9NA - page 4

Cisco 500 S eries Stackable Manage d Switch Administration Guide 3 Con t en ts Time Settings<print only> 112 System Log<print only> 112 File Management<print only> 113 Rebooting the Device 113 Routing Resources<Sx300-500> 115 Health 119 Diagnostics<print only> 121 Discover y - Bonjou r<print only> 121 UDLD<pri ...
Cisco Systems SG50028PK9NA - page 5

Cisco 500 Serie s Stackable Managed Switch Admin istration Guide 4 Con te nt s Chapter 10: Administration: Unid irectional Link Detection 183 UDLD Overview 183 UDLD Operation 184 Usage Guidelines 187 Dependencies On Other Features 187 Default Settings and Co nfiguration 188 Before You Start 188 Common UDLD Tasks 188 Configuring UDLD 189 Chapter 11: ...
Cisco Systems SG50028PK9NA - page 6

Cisco 500 S eries Stackable Manage d Switch Administration Guide 5 Con t en ts Built-in Smartport Macros 236 Chapter 13: Port Management: PoE 248 PoE on the Device 248 Configuring PoE Properties 251 Configuring PoE Settings 253 Chapter 14: VLAN Management 256 VLANs 257 Configuring Default VLAN Settings 260 Creating VLANs 261 Configuring VLAN Interf ...
Cisco Systems SG50028PK9NA - page 7

Cisco 500 Serie s Stackable Managed Switch Admin istration Guide 6 Con te nt s Chapter 16: Managing MAC Address Tables 308 Configuring St atic MAC Addresses 309 Managing Dynamic MAC Addresses 310 Defining Reserved MAC Addresses 311 Chapter 17: Multicast 312 Multicast Forwarding 312 Defining Multicast Properties 316 Adding MAC Group Address 317 Addi ...
Cisco Systems SG50028PK9NA - page 8

Cisco 500 S eries Stackable Manage d Switch Administration Guide 7 Con t en ts Overview 416 Configurable Elements of VRRP 420 Configuring VRRP 423 Chapter 21: Security 428 Defining Users 430 Configuring TACACS+<Sx300-500> 433 Configuring RADIUS 438 Key Manageme nt<Sx500> 442 Management Acce ss Method 445 Management Access Authentication ...
Cisco Systems SG50028PK9NA - page 9

Cisco 500 Serie s Stackable Managed Switch Admin istration Guide 8 Con te nt s <Sx300-500>Defining Time Ranges 510 <Sx300-500>Authentication Method and Port Mode Support 511 Chapter 23: Security: First Hop Security 515 First Hop Security Overview 516 Router Advertisement Guard 520 Neighbor Discov ery Inspection 520 DHCPv6 Guard 521 Neig ...
Cisco Systems SG50028PK9NA - page 10

Cisco 500 S eries Stackable Manage d Switch Administration Guide 9 Con t en ts Chapter 26: Security: Secure Sensitive Data Management 562 Introduction 562 SSD Rules 563 SSD Properties 569 Configuration Files 571 SSD Management Channels 576 Menu CLI and Password Recovery 577 Configuring SSD 577 Chapter 27: Access Control 582 Access Control Lists 582 ...
Cisco Systems SG50028PK9NA - page 11

Cisco 500 Serie s Stackable Managed Switch Admin istration Guide 10 Con te nt s Defining SNMP Communities 647 Defining Trap Settings 649 Notification Recipients 650 SNMP Notification Filters 654 ...
Cisco Systems SG50028PK9NA - page 12

1 Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion ) 1 Get ting St ar te d This section provides an introduction to the web-bas ed configuration utilit y , and covers the f o llowing t opics : • Star ting the Web-b ase d C onfigura tion Utilit y • Quick Star t Devic e Configuration • Inter ...
Cisco Systems SG50028PK9NA - page 13

Getting Started Star ting the W eb -bas ed Configur a tion Utilit y 2 Cisco Small Busines s 200 , 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 1 NOTE When the device is using the f act or y default IP addr ess of 192. 168. 1 .254, its power LED flashes continuously . When the devic e is using a DHCP as signed IP addre ...
Cisco Systems SG50028PK9NA - page 14

Get ting Star te d Star ting the Web-b ase d C on figura tion Utilit y Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 3 1 When the login at tempt is succes sful, the Get ting Star ted page app ears. If you ent ered an incorrect username or pas sword, an err or mes sage appears and the L ogin ...
Cisco Systems SG50028PK9NA - page 15

Getting Started Star ting the W eb -bas ed Configur a tion Utilit y 4 Cisco Small Busines s 200 , 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 1 Configuration change s hav e not yet been saved t o the Star tup Configuration file. The flashing can be disable d by clicking on the Disable Sav e Icon Blinking but ton on t ...
Cisco Systems SG50028PK9NA - page 16

Get ting Star te d Quick Star t Devic e Configur a tion Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion ) 5 1 Quick Star t D evic e C onfigura tion T o simplify device configuration throug h quick navigation, the Getting Star ted page provides links t o the most commonly use d pages . Ther e ar ...
Cisco Systems SG50028PK9NA - page 17

Getting Started In terface Naming C onven tions 6 Cisco Small Busines s 200 , 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 1 Inter face Naming C onventions Within the GUI, int e r faces are denot e d by concatenating the f ollowing elements : • Typ e of interface : The f ollowing t ype s of int er faces are f ound o ...
Cisco Systems SG50028PK9NA - page 18

Get ting Star te d Dif fer ences B etween 500 D evice s Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion ) 7 1 • Enabling IP v 4 routing is done differ ently in the devices , as f ollows : - SG500XSG500X G/ESW2-550X —IP v 4 routing must be enabled in the IP v 4 Inter face page. - Sx 500— W ...
Cisco Systems SG50028PK9NA - page 19

Getting Started W indow Na viga tion 8 Cisco Small Busines s 200 , 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 1 Window Na viga tion This se ction describ es the f eatures of the web- base d switch configuratio n utility. Applic a tion Header The Application Header a ppears on ev ery page. It provides the f ollowing ...
Cisco Systems SG50028PK9NA - page 20

Get ting Star te d W indow Naviga tion Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion ) 9 1 Language Menu This menu provides the f ollowing options : • Sele ct a language: Sele ct one of the languages that appear in the menu. This language will be the web - base d configu ration utilit y lan ...
Cisco Systems SG50028PK9NA - page 21

Getting Started W indow Na viga tion 10 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 1 Management But tons The f ollowing table de scrib es the commonly-use d but t ons that appear on various pages in the system. But ton Name D es cription Use the pull- down menu to configure the number of e ...
Cisco Systems SG50028PK9NA - page 22

Get ting Star te d W indow Naviga tion Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 11 1 Cop y Sett in gs A table typically c ontains one or mor e entries containing configuration s ett ings. Instead of modif ying each entr y individually , it is po ssib le t o modif y one entr y and then c ...
Cisco Systems SG50028PK9NA - page 23

Getting Started W indow Na viga tion 12 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 1 ...
Cisco Systems SG50028PK9NA - page 24

2 Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 13 St a tus and St a tistic s This sect ion describ es how to view device statistic s. It covers the f ollowin g t opics: • System Su mmar y • Viewing Ethernet Interfac e s • Viewing Etherlik e St a tistics • Viewing G VRP Statistics ? ...
Cisco Systems SG50028PK9NA - page 25

Status and Statistics Vi e w in g Et h e r n e t I nt e r fa c e s 14 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 2 T o displa y Ethernet statistics and/ or s et the refr esh rate: STEP 1 Click Sta tus and Statistics > Interfac e . STEP 2 En te r t h e p a r a me te r s . • Interfac e ...
Cisco Systems SG50028PK9NA - page 26

Status and Statistic s V iewing E therlike Sta tis tics Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 15 2 Viewing Etherlik e St a tistics The Etherlik e page displays statistics per p or t according to the Etherlik e MIB standard definition. The r efresh rate of the inf ormation can be s el ...
Cisco Systems SG50028PK9NA - page 27

Status and Statistics V iewing G VRP Sta tistics 16 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 2 • Click View All Interface s Statistics to see all por ts on a single page. Viewing G VRP Sta tistic s The GVRP page displa ys inf ormation regarding GARP VLAN Registration Prot o col (GV R P ...
Cisco Systems SG50028PK9NA - page 28

Status and Statistic s V iewing 802. 1 X E AP S ta tis tics Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 17 2 • Invalid A t tribute V alue —In valid at tribute value err o rs. • Invalid A ttribute Length —Invalid attribute le ngth err ors. • Invalid Even t —In valid events. T o ...
Cisco Systems SG50028PK9NA - page 29

Status and Statistics V iewing T C AM Utiliz a tion 18 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 2 • EAP Re que st /ID Frames T ransmit ted —E AP Req/ID frames transmit ted by the por t . • EAP Re que st F rames Transmitte d —E AP Request frames transmit ted by the por t . • Inv ...
Cisco Systems SG50028PK9NA - page 30

Status and Statistic s Health Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 19 2 • IP v4 Routing - In Use —Numb er of T CAM en tries use d f or IP v4 r outing. - Maximum — N u m b e r o f a v a i l a b l e TC A M e n t r i e s t h a t c a n b e u s e d fo r I P v4 ro ut i n g. • IP v ...
Cisco Systems SG50028PK9NA - page 31

Status and Statistics Managing RMON 20 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 2 RMON decreases the traf fic bet ween the manager and the device because the SN MP manager does not have t o poll the device frequently f or inf ormation, and enables the manager t o get time ly status r epo ...
Cisco Systems SG50028PK9NA - page 32

Status and Statistic s Managing RMON Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 21 2 • Pack ets Rec eived —Number of goo d packets r eceived, including Multicast and Broadcast packets. • B r oa dca st Pa c k et s R ece iv ed —Nu m ber of g ood Br oadca st pa ck ets r eceived . Thi ...
Cisco Systems SG50028PK9NA - page 33

Status and Statistics Managing RMON 22 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 2 • Frames of 512 to 1023 By te s —Number of frames , containing 512- 1023 by tes that wer e r ec eived. • Frames of 1024 By te s or More —Number of frames, containing 1024-2000 by t es , and Jum bo F ...
Cisco Systems SG50028PK9NA - page 34

Status and Statistic s Managing RMON Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 23 2 • Ow n e r —Enter the RMON station or user that requested the RMON inf o rmation. STEP 4 Click Apply . The entr y is added t o the Hist or y Control T able page , and the Running Configuration file is ...
Cisco Systems SG50028PK9NA - page 35

Status and Statistics Managing RMON 24 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 2 • Fra g me nt s —Fragments (packets with les s than 64 octets) r eceived, ex clud ing framing bits, but including FC S octets. • Jabbers — T otal number of received packets that wer e longer than 20 ...
Cisco Systems SG50028PK9NA - page 36

Status and Statistic s Managing RMON Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 25 2 - Non e —No action occurs when the alarm goe s off . - Lo g ( E v e n t Lo g T a b l e) —Add a lo g entr y to the E vent L o g table when the alarm is trigger ed. - T rap (S NMP M anager and SY S L O ...
Cisco Systems SG50028PK9NA - page 37

Status and Statistics Managing RMON 26 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 2 D efining RMON Alarms RMON alarms pr ovide a mechanism f or s etting thresholds and sampling int er vals to generat e e x ception events on an y counter or an y other SNMP object counter maintained by the a ...
Cisco Systems SG50028PK9NA - page 38

Status and Statistic s Vi e w L o g Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 27 2 • Rising Event —Select an event t o be per f ormed when a rising event is triggered. E v ents ar e cr eat ed in the E vents page. • Fa lling Threshold —Ent er the value that triggers the falling th ...
Cisco Systems SG50028PK9NA - page 39

Status and Statistics Vi e w L o g 28 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 2 ...
Cisco Systems SG50028PK9NA - page 40

3 Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 29 Administra tion: System Lo g This section de scribes the System L o g f eature, which enables the device to generat e multiple independent lo gs . Each log is a set of me ss ages des cribing syst em events. The device generat es the f ollowi ...
Cisco Systems SG50028PK9NA - page 41

Administration: System Log Setting Syst em L o g Settings 30 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 3 The event severity levels ar e list ed from the highest s everity to the lowest s everity , as f ollows : • Eme r g en cy —Syst em is no t usable. • Aler t —Action is neede d. ...
Cisco Systems SG50028PK9NA - page 42

Administration: System Lo g Setting Remo te L ogging S ettings Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 31 3 • Originator Identifier —Enable s adding an origin identifier to S YSL OG mes sages . The options ar e: - Non e —Do not include the origin identifier in S Y SL OG mes sage ...
Cisco Systems SG50028PK9NA - page 43

Administration: System Log Setting Remote L ogging S e ttings 32 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 3 NOTE If the Aut o option is selected, the system tak es the source IP addr es s from the IP address defined on the outgoing interface. STEP 3 Click Add . STEP 4 En te r t h e p a r ...
Cisco Systems SG50028PK9NA - page 44

Administration: System Lo g Vi e w i n g M e m o r y L o g s Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 33 3 Viewing Memor y Lo gs The device can write t o the f ollowin g logs: • L og in R AM (cleared during reboot). • L og in Flash memor y (cleared only upon user command) . Y ou can ...
Cisco Systems SG50028PK9NA - page 45

Administration: System Log V iewing Memory Logs 34 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 3 This page contains the f ollowing fields: • Log Index —L og entr y number . • Log Time — T ime when mes sage was generated. • Sev e ri t y —Even t s eve ri t y . • Desc r ip ti on ...
Cisco Systems SG50028PK9NA - page 46

4 Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 35 Administra tion: F ile Man agement This section de scribe s how syst em files are managed. The f ollowing topics are covered: • System F ile s • Upgrade/B ackup Firm ware/Language • Active Im age • Downlo ad/B ackup Configura tion/Lo ...
Cisco Systems SG50028PK9NA - page 47

Administration: F ile Managemen t Sys tem F iles 36 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 4 Configuration files on the device are defined by their ty p e , and contain the set tings and parameter values f o r the device. When a configuration is r ef erenced on the devic e, it is r ef ...
Cisco Systems SG50028PK9NA - page 48

Administration: File Management Syste m Files Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 37 4 Only the syst em can copy the Star tup Configuration to the Mirr or Configuration. However , you can copy fr om the Mirr or Configuration to other file typ es or t o another device. The option of ...
Cisco Systems SG50028PK9NA - page 49

Administration: F ile Managemen t Upgrade/Backup Firmw are/Language 38 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 4 This se ction covers the f ollowing topics: • Upgrade/B ackup Firm ware/Language • Active Im age • D ownload/B ack up Co nfigura tion/Log • Configuration Files Proper ...
Cisco Systems SG50028PK9NA - page 50

Administration: File Management Upgrade/Backup Firm war e/Language Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 39 4 - Copy image from TFTP /S CP ser ver to mast er , using the Upgrade/ Backup Firmwar e/Language page. - Change the active image, using the Active Image page. - Reboot , using ...
Cisco Systems SG50028PK9NA - page 51

Administration: F ile Managemen t Upgrade/Backup Firmw are/Language 40 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 4 • Ba c k u p —Specifies that a c opy of the file type is to be sav ed t o a file on another device. Enter the f ollowing fields : • Fil e Ty p e —Sele ct the destinat ...
Cisco Systems SG50028PK9NA - page 52

Administration: File Management Upgrade/Backup Firm war e/Language Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 41 4 • Remote SSH S er ver Authentication — T o enable SS H s er ver authentication (which is disable d by default), click Edit . This tak es you t o the SSH S e rver Authenti ...
Cisco Systems SG50028PK9NA - page 53

Administration: F ile Managemen t Active I mage 42 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 4 - Link L ocal — The IP v6 address uniquely identifie s hosts on a single network link . A link local addr es s has a pr efix of FE80 , is not routable, and can be use d f or communication only ...
Cisco Systems SG50028PK9NA - page 54

Administration: File Management Download/B ackup Configur a tion/L og Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 43 4 • Active Im age V ersion Numb er —Displays the firmwar e ve rsion of the active image. • Active Im age After Reb oot —Displa ys the image that is active a fter r e ...
Cisco Systems SG50028PK9NA - page 55

Administration: F ile Managemen t D ownload/Backup Configura tion/Log 44 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 4 • C h a n g e Q u e u e s M o d e f r o m 4 t o 8 —Queue-relat e d configurations must be examined and adjust ed t o meet QoS obje ctives with the new Queues mode. See ...
Cisco Systems SG50028PK9NA - page 56

Administration: File Management Download/B ackup Configur a tion/L og Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 45 4 Select either Downlo ad or Backup as the Sa ve Acti o n . Dow n loa d Sa v e Act i on —Specifies that the file on another device replace s a file type on the device. Ent ...
Cisco Systems SG50028PK9NA - page 57

Administration: F ile Managemen t D ownload/Backup Configura tion/Log 46 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 4 • Link L ocal — The IP v6 address uniquely identifie s hosts on a single network link . A link lo cal address has a prefix of FE80 , is not r outable, and can be used f ...
Cisco Systems SG50028PK9NA - page 58

Administration: File Management Download/B ackup Configur a tion/L og Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 47 4 STEP 4 If you selected via HTTP /HTTPS , enter the paramet ers as described in this st ep. Select the Sa ve Act i o n . If Sa v e Act ion is Download (replacing the file o ...
Cisco Systems SG50028PK9NA - page 59

Administration: F ile Managemen t D ownload/Backup Configura tion/Log 48 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 4 SSH Client Authentic a tion —Client authentication can be done in one of the f ollowing ways: • Use S SH Client —Sets permanent S SH us er cr edentials . Click Syste ...
Cisco Systems SG50028PK9NA - page 60

Administration: File Management Configur a tion Files Proper tie s Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 49 4 If Sa v e Act ion is Bac k up (copying a file t o another device), enter the f ollowing fields (in addition t o those fields listed above) : • Sou r ce F ile T ype —S ele ...
Cisco Systems SG50028PK9NA - page 61

Administration: F ile Managemen t Cop y /Sa ve Con figur at io n 50 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 4 STEP 2 If r equired, disable Auto Mirror C onfigura tion . This disables the aut omatic creation of mirr or configuration files . When dis abling this f eature, the mirr or conf ...
Cisco Systems SG50028PK9NA - page 62

Administration: File Management Auto Configura tion via DHCP Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 51 4 • If you ar e backing up a configuration file, sele ct one of the f ollowing f ormats f or the b ackup file. - Exclude —Sensitive data is not included in the b ackup file. - En ...
Cisco Systems SG50028PK9NA - page 63

Administration: F ile Managemen t Auto Configur a tion via DHCP 52 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 4 Aut o Configura tion via DHCP v 4 is triggered in the f ollowi ng cases : • After r eboot when an IP addres s is allocated or renewed dynamically (using DHCP v 4) . • Upon an ...
Cisco Systems SG50028PK9NA - page 64

Administration: File Management Auto Configura tion via DHCP Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 53 4 Auto C onfigura tion Downlo ad Protoc ol ( TF TP or S CP) The Aut o Configuration download protocol can be configured, as f ollows: • Au to B y Fi l e E x te ns i on —(Default) ...
Cisco Systems SG50028PK9NA - page 65

Administration: F ile Managemen t Auto Configur a tion via DHCP 54 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 4 Auto C onfigura tion Proc e s s When the Aut o Configuration proce ss is trigger ed, the f ollowing sequenc e of events occurs : • The DHCP ser ver is acces sed to acquire the ...
Cisco Systems SG50028PK9NA - page 66

Administration: File Management Auto Configura tion via DHCP Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 55 4 • If the inf ormation is available, the TFTP /S CP ser v er is acces se d t o download the file from it. The download proces s is done only if the new configuration filename is d ...
Cisco Systems SG50028PK9NA - page 67

Administration: F ile Managemen t Auto Configur a tion via DHCP 56 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 4 ser ver table. This ensures that each de vice has its own r eser ved IP addres s and other r elevant inf ormation. T o configure aut o configuration: STEP 1 Click Adm in ist ra t ...
Cisco Systems SG50028PK9NA - page 68

Administration: File Management Auto Configura tion via DHCP Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 57 4 • IP V e rsion —Select whether an IP v 4 or an IP v6 address is us ed. • IP v 6 Addres s Typ e —Select the IP v6 addres s ty pe (if IP v6 is used) . The options are: - Link ...
Cisco Systems SG50028PK9NA - page 69

5 Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 58 Administrat ion: Stack Man agement This sect ion describ es how stacks are ma naged. It covers the f ollowing topics : • O ver view • Type s of Units in Stack • Stack T op ology • Unit ID As signment • Master S elec tion Proc es s ...
Cisco Systems SG50028PK9NA - page 70

Administr a tion: Stack Managemen t Over view Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 59 5 An example of eight devices conne ct ed into a stack is shown in the f ollowing : Stack Architecture (Chain T opolo gy) A stack provides the f ollowing b enefits: • Network capacit y can be exp ...
Cisco Systems SG50028PK9NA - page 71

Administr a tion: Stack Managemen t T ype s of U nits in Stack Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 60 5 Typ e s of Units in St ack A stack consists of a maximum of eight units . A unit in a stack is one of the fo l l o w i n g t y p e s : • Master — The master unit’ s ID must ...
Cisco Systems SG50028PK9NA - page 72

Administr a tion: Stack Managemen t T ype s of U nits in Stack Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 61 5 Unit LEDs The device has 4 LEDs marked as 1 , 2, 3, 4, which are use d t o display the unit ID of each unit (e.g. on Unit ID 1 , LED 1 is ON and the other LEDs are OFF). T o su p ...
Cisco Systems SG50028PK9NA - page 73

Administr a tion: Stack Managemen t Stack T opolo gy Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 62 5 Stack T op olo gy T y pes o f S ta ck T o po l og y The units in a stack can be conne ct ed in one of the f ollowing type s of t opologie s: Chain T opolo gy —One stack por t (either lef ...
Cisco Systems SG50028PK9NA - page 74

Administr a tion: Stack Managemen t Unit ID Assignmen t Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 63 5 • Merging t wo stacks into a single stack • Splitt ing the stack • Inser ting other slav e units t o the stack , f or instanc e becaus e the units were pr eviously disconne cted f ...
Cisco Systems SG50028PK9NA - page 75

Administr a tion: Stack Managemen t Unit ID Assignmen t Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 64 5 Duplicate Unit Shut D own The f ollowing shows a case where one of the duplicat e units (aut o-number ed) is re nu m b e re d . Duplicate Unit Renumb ered ...
Cisco Systems SG50028PK9NA - page 76

Administr a tion: Stack Managemen t Mast er Sele c tion Pr oc ess Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 65 5 The f ollowing shows a case where one of the duplicat e units is r enumbered. The one with the lowe r MAC r etains its unit ID ( see Master Sele ction Proc es s fo r a descrip ...
Cisco Systems SG50028PK9NA - page 77

Administr a tion: Stack Managemen t Stack Changes Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 66 5 • MAC Addr es s—I f both units ID s ar e the same, the unit with the lowest MAC addr es s is chosen. NOTE F or a stack to operat e, it must ha ve a master unit . A mast er unit is defined ...
Cisco Systems SG50028PK9NA - page 78

Administr a tion: Stack Managemen t Stack Changes Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 67 5 • One or more duplicat e unit ID s exist . Aut o numbering resolves conflicts and assigns unit ID s . In case of manual numbering, only one unit retains its unit ID and the other(s ) ar e s ...
Cisco Systems SG50028PK9NA - page 79

Administr a tion: Stack Managemen t Unit F ailure in Stack Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 68 5 The f ollowing shows what happ ens when a user -assigne d, mast er -enable d unit with Unit ID 1 joins a stack that already has a mast er unit with user -assigne d unit ID 1 . The ne ...
Cisco Systems SG50028PK9NA - page 80

Administr a tion: Stack Managemen t Unit F ailure in Stack Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 69 5 If a unit is inser ted into a running stack , and is selected as a backup unit , the mast er synchroniz es it so that it has an up-to date configuration, and then generates a S YN C ...
Cisco Systems SG50028PK9NA - page 81

Administr a tion: Stack Managemen t Sof t ware Auto S ynchronization in St ack Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 70 5 Re co nnec ting the Original Master Unit Af ter Failover After failov er , if the original mast er is connected again, the mast er selection pr oc es s is per f o ...
Cisco Systems SG50028PK9NA - page 82

Administr a tion: Stack Managemen t Stack Unit Mode Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 71 5 • Adva nced Hyb ri d— A de vi c e i n A dv an c e d H yb ri d m o de ca n b e c on ne c ted t o Sx 500 and SG500X /ESW2-550 X devic es to f orm a stack . In this mo de, VRRP and/ or RIP ...
Cisco Systems SG50028PK9NA - page 83

Administr a tion: Stack Managemen t Stack Unit Mode Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 72 5 C onsistency of St ack Unit Mode s in the St ack All units in the stack must have the same stack unit mode. When the stack is initialized, it runs a topology discover y algorithm that c oll ...
Cisco Systems SG50028PK9NA - page 84

Administr a tion: Stack Managemen t Stack Unit Mode Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 73 5 Changing the Stack Unit Mo de Change the stack unit mode of a device to r emove it fr om a stack (by changing its stack unit mode to Standalone), or when co nfiguring it to become par t of ...
Cisco Systems SG50028PK9NA - page 85

Administr a tion: Stack Managemen t Stack Por ts Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 74 5 • SG500XG: - Standalone to Native Stacking— Retained only when the unit is f orced t o bec ome the ma st er unit with unit ID = 1 - Native to Advance d Hybrid X G— Retained only when the ...
Cisco Systems SG50028PK9NA - page 86

Administr a tion: Stack Managemen t Stack Por ts Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 75 5 • SG500XG Devic es— Any por ts can be stack or net work . By default the device is standalone. When you con vert a devic e fr om one of the Stacking modes t o Standalone mode, all its stac ...
Cisco Systems SG50028PK9NA - page 87

Administr a tion: Stack Managemen t Stack Por ts Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 76 5 Pairs of Por ts The f ollowing table des cribes the pairs of p or ts that ar e a vailable on the device in the various stack unit modes : P o rt S peeds The spee d of stack por ts can be set m ...
Cisco Systems SG50028PK9NA - page 88

Administr a tion: Stack Managemen t Stack Por ts Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 77 5 Auto Sele c tion of Por t Spe e d Y ou can set the stacking cable t ype to be discover ed automatically when the cable is connected t o the por t (aut o-disc over y is the de fault setting) . ...
Cisco Systems SG50028PK9NA - page 89

Administr a tion: Stack Managemen t Stack Por ts Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 78 5 The f o llowing describ es the po ss ible combinations of cable s typ es and po rt s. Stack Por ts Net work Por ts Conne ctor Typ e S 1 -S2-5G for S G500X / ESW2- 550X and S3-S4 for Sx500 S1 , ...
Cisco Systems SG50028PK9NA - page 90

Administr a tion: Stack Managemen t Stack Por ts Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 79 5 100Mbs S FP Module MFEBX 1 Not suppor ted Not suppor ted Not suppor t ed Not suppor t ed 100Mbs Not suppor ted Othe r SFPs 1 G Acco r d in g to : Fo rc e d u s e r speed EEPROM speed 1G s p ee ...
Cisco Systems SG50028PK9NA - page 91

Administr a tion: Stack Managemen t Default Configur a t ion Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 80 5 D efault C onfigura tion The f ollowing are the device defaults in the various stacking modes : Interactions With O ther Fe a tures RIP and VRRP ar e not suppor ted in Basic Hybrid ...
Cisco Systems SG50028PK9NA - page 92

Administr a tion: Stack Managemen t Syst em Mode s Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 81 5 • Change the stack mode of a device t o one of the stacking modes , change the unit ID , stack p or ts, and the spee d of the stack p orts of all the devices in a stack . • Change the sy ...
Cisco Systems SG50028PK9NA - page 93

Administr a tion: Stack Managemen t Syst em Mode s Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 82 5 STEP 1 Click Admin ist ra tion > System Mo de and Stack Management . The operational status of a standalone device or a stack is displa yed in the Operational Stat us block : • Stack Un ...
Cisco Systems SG50028PK9NA - page 94

Administr a tion: Stack Managemen t Syst em Mode s Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 83 5 • Model Name —Mo del name of a known and active unit . • Stack C onnec tion 1 —Inf ormation f or the fir st stack connection: - Por t — The t ype of the stack por t that is connect ...
Cisco Systems SG50028PK9NA - page 95

5 Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 57 Administra tion This section describ es how to view syst em inf ormation and configure various options on the device. It covers the f ollowin g t opics: • Dev i ce M ode ls • System Set tings • Cons ole S ettings (Autob aud Rate Sup po ...
Cisco Systems SG50028PK9NA - page 96

Administration Dev i ce M ode l s 58 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 5 D evic e Mo dels All models can be fully manage d through the web-base d switch configuration utility. NOTE Each model can be s et to La y er 3 system mode by using the System Mode and Stack Management page. ...
Cisco Systems SG50028PK9NA - page 97

Admin ist ra ti on Dev ice M od el s Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 59 5 SG500 -28P SG500 -28P -K9 28-Port Gigabit PoE Stackable Managed Switch 180W 24 SG500 -52 SG500 -52-K9 52-P or t Gigabit Stackable Managed Switch N/ A N / A SG500 -52MP SG500 -52MP -K9 52-P or t Gigabit Ma ...
Cisco Systems SG50028PK9NA - page 98

Administration Syst em Settings 60 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 5 System S et tings The Syst em Summar y page prov ides a grap hic view of the devic e, and displa ys device status, hardwar e inf ormation, firmwar e v ersion inf ormation, general P oE status, and other items. ...
Cisco Systems SG50028PK9NA - page 99

Admin ist ra ti on Syst em Settings Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 61 5 • System Uptime — T ime that has elaps ed since the last reboot . • Current Time —Current syst em time. • Ba se M AC Ad d r ess —Device MAC addr es s. If the system is in stack mode, the base M ...
Cisco Systems SG50028PK9NA - page 100

Administration Syst em Settings 62 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 5 • SNMP Ser vice —Displays whether SNMP is enable d/ disable d. • Te l n e t S e r v i c e —Displays whether T elnet is enabled/ disabled. • SSH Se rvice —Displa ys whether SS H is enabled/ disable d ...
Cisco Systems SG50028PK9NA - page 101

Admin ist ra ti on Cons ole Settings (Autobaud Ra te Suppor t) Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 63 5 - Us e D ef au l t — The default hostname (Syst em Name) of these switches is: switch 123456 , wher e 123456 r epr esents the last three by tes of the device MAC address in hex ...
Cisco Systems SG50028PK9NA - page 102

Administration Management In terface 64 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 5 STEP 1 Click Adm in ist ra tion > Con so l e Se t ti n g s . STEP 2 Select one of the f ollowing: • Au to D e te c ti on — The cons ole baud rate is det e cted aut omatically . • Static —Select ...
Cisco Systems SG50028PK9NA - page 103

Admin ist ra ti on Ti m e S e t t i n g s Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 65 5 T o s et the idle se ssion time out f or various t ype s of ses sions: STEP 1 Click Admin ist ra tion > Idle Se s sion Timeout . STEP 2 Sele ct the timeout f or the each s es sion from the corresp ...
Cisco Systems SG50028PK9NA - page 104

Administration Reb o ot in g t he D evi c e 66 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 5 There ar e cases when you might pr ef er to set the t ime of the reboot for some time in the futur e. This could happen f or example in one of the f ollowing case s: • Y ou ar e per f orming actio ...
Cisco Systems SG50028PK9NA - page 105

Admin ist ra ti on Routing R es ource s Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 67 5 • Rebo ot to Factor y D efaults —Reboots the device by using the fact or y default configuration. This proces s erase s the Star tup Configuration file and the backup configuration file. The stack ...
Cisco Systems SG50028PK9NA - page 106

Administration Rou tin g Res ourc e s 68 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 5 If IP v6 r outing is enabled on the device, the f ollowing table describe s the number of T C AM entries used by the various f eatur es : The Rout er Resources page enables you t o adjust the T CAM alloca ...
Cisco Systems SG50028PK9NA - page 107

Admin ist ra ti on Routing R es ource s Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 69 5 • To t a l —Displays the number of T C AM entries which are curr ently b eing used. • Maximum Entries —Select one of the f ollowing options: - Us e D ef au l t —On Sx 500 the number of T CAM ...
Cisco Systems SG50028PK9NA - page 108

Administration Health 70 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 5 STEP 3 Sav e the new set tings by clicking Apply . This checks the f easibilit y of the T CAM allocation. If i t is incorrect , an error mes sage is displayed. If it is correct , the allocation is saved t o the Running C ...
Cisco Systems SG50028PK9NA - page 109

Admin ist ra ti on Diagno stics Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 71 5 T o view t he device health parameters, click St atus and Statistic s > Health . If the device is in Standalone mode , the f ollowing fields ar e display ed: • Fan S t atu s —F an status. The f ollowing ...
Cisco Systems SG50028PK9NA - page 110

Administration Disc over y - Bonjour 72 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 5 Dis c over y - B onjour See Bo n jo ur . Dis c over y - LLDP See Configuring LLDP . Dis c over y - CDP See Configuring CDP . Ping Ping is a utility used to t est if a r emot e host can be r eached and t o ...
Cisco Systems SG50028PK9NA - page 111

Admin ist ra ti on Ping Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 73 5 in this drop-down field. If the Ho st Defi nition field was By IP Address , only the ex isting IP addresse s of the typ e spec ifie d in the IP V ersion field wil l be display ed. NOTE If the A ut o option is selected ...
Cisco Systems SG50028PK9NA - page 112

Administration T r aceroute 74 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 5 T rac eroute T raceroute discovers the IP r outes along which packets wer e forwarded by sending an IP packet t o the target host and back t o the device. The T racerout e page shows each hop bet ween the device an ...
Cisco Systems SG50028PK9NA - page 113

Admin ist ra ti on T raceroute Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 75 5 • TT L —Enter the ma ximum number of hops that T rac er out e permits. This is used to pr ev ent a case wher e the sent frame gets int o an endless lo op. The T rac er oute command t erminates when the dest ...
Cisco Systems SG50028PK9NA - page 114

Administration T r aceroute 76 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 5 ...
Cisco Systems SG50028PK9NA - page 115

Admin ist ra ti on T raceroute Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 77 5 ...
Cisco Systems SG50028PK9NA - page 116

Administration T r aceroute 78 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 5 ...
Cisco Systems SG50028PK9NA - page 117

Admin ist ra ti on T raceroute Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 79 5 ...
Cisco Systems SG50028PK9NA - page 118

Administration T r aceroute 80 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 5 ...
Cisco Systems SG50028PK9NA - page 119

Admin ist ra ti on T raceroute Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 81 5 ...
Cisco Systems SG50028PK9NA - page 120

Administration T r aceroute 82 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 5 ...
Cisco Systems SG50028PK9NA - page 121

Admin ist ra ti on T raceroute Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 83 5 ...
Cisco Systems SG50028PK9NA - page 122

6 Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 72 Administra tion: Time S et tings Synchr onized syst em clocks provide a frame of ref erence betw een all devices on the network . Network time synchronization is critical because ever y aspe ct of managing, se curing, planning, and debugging ...
Cisco Systems SG50028PK9NA - page 123

Administ ra tion: Time Set tings Syst em T ime Options Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 73 6 System Time Options Syst em time can be se t manually by the user , d ynamically from an SNTP ser ver , or synchroniz ed from the PC running the GUI. If an S NTP ser ver is chose n, the ...
Cisco Systems SG50028PK9NA - page 124

Administration: Time Settings SNTP Mo des 74 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 6 Time Zone and Daylight Savings Time (DST ) The T ime Z one and D ST can be set on the device in the f ollowing ways: • Dynamic configuration of the devic e thro ugh a DHCP ser ver , where: - Dynamic ...
Cisco Systems SG50028PK9NA - page 125

Administ ra tion: Time Set tings Configuring Sys t em T ime Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 75 6 C onfiguring System Time S elec ting S ource of System Time Use the System T ime page to select t he syst em time source. If the source is manual, you can ent er the time here. ! CA ...
Cisco Systems SG50028PK9NA - page 126

Administration: Time Settings Configuring Syst em T ime 76 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 6 Manual Set tings —S et the date and time manually . The local time is used when there is no alt ernate sour ce of time, such as an SNTP s er ver : • Date —Ent er the system dat e. ...
Cisco Systems SG50028PK9NA - page 127

Administ ra tion: Time Set tings Configuring Sys t em T ime Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 77 6 - Fro m —Day and time that DST start s. - To —Day and ti me that DST ends. Selecting Recurring allows diff er ent cust omization of the start and stop of DS T : • Fro m —Dat ...
Cisco Systems SG50028PK9NA - page 128

Administration: Time Settings Configuring Syst em T ime 78 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 6 • IP v4 S ource Inter face —S elect the IP v 4 int er face whose IP v 4 addr es s will be us ed as the source IP v 4 ad dr es s in mes sages used f or communication with the SNTP s e ...
Cisco Systems SG50028PK9NA - page 129

Administ ra tion: Time Set tings Configuring Sys t em T ime Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 79 6 • Sou rce —How SNTP s er ver was defined, f or e xample : manually or from DHCP v6 ser ver . • Interfac e —Inter face on which pack ets ar e r eceived. STEP 3 T o add a Unic ...
Cisco Systems SG50028PK9NA - page 130

Administration: Time Settings Configuring Syst em T ime 80 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 6 is a secondar y ser ver , and so f orth. If the primar y s er ver is down, the device polls all s er vers with the polling set ting enable d, and select s a new primar y ser ver with the ...
Cisco Systems SG50028PK9NA - page 131

Administ ra tion: Time Set tings Configuring Sys t em T ime Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 81 6 Select an interfac e and select the reception/transmis sion options. STEP 4 Click Apply to sav e the set tings t o the Running Configuration file. D efining SNTP Authentication SNTP ...
Cisco Systems SG50028PK9NA - page 132

Administration: Time Settings Configuring Syst em T ime 82 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 6 • Authentication K ey —Enter the ke y use d f or aut hentication (up to eight characters ) . The S NTP ser ver must send this k ey f or the devic e t o synchroniz e t o it . • T ru ...
Cisco Systems SG50028PK9NA - page 133

Administ ra tion: Time Set tings Configuring Sys t em T ime Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 83 6 of the network is blo ck ed (see Chapter 9 , “C onfiguring Por t s ” and Chapter 9 , “Configuring L AG Set tings” ) • Limit PoE operation to a specifie d period. Abs olute ...
Cisco Systems SG50028PK9NA - page 134

Administration: Time Settings Configuring Syst em T ime 84 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 6 STEP 3 T o add a new recurring time range, click Add . STEP 4 Enter the f oll owing fiel ds: • Rec ur rin g St ar t ing T i me —Ent er the date and time that the T ime Range begins o ...
Cisco Systems SG50028PK9NA - page 135

7 Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 85 Administra tion: Diagno stic s This section c ontains inf ormation f or configuring por t mirroring, running cable tests, and viewing device op erational inf ormation. It covers the f ollowin g t opics: • T e sting Copp er Por ts • Displ ...
Cisco Systems SG50028PK9NA - page 136

Administration: Diagnostics Te s t i n g C o p p e r P o r t s 86 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 7 • (Optional) Disable EEE (see the Port Management > Green Ethernet > Pr oper ties page) Use a CA T5 data cable when t esting cables using ( VCT ) . Accuracy of the test r ...
Cisco Systems SG50028PK9NA - page 137

Administration: Diagno stic s Displaying Op tical Mo dule Sta tus Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 87 7 I f t h e p o r t b e i n g te s te d is a G i g a p o r t , t h e Advanced Inf ormation block contains the f ollowing information, which is r efr eshed each time you enter th ...
Cisco Systems SG50028PK9NA - page 138

Administration: Diagnostics Displa ying Optical Module Sta tus 88 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 7 • MGBLH 1 : 1000BA SE-LH S FP transc eiver , f or single-mo de fiber , 1310 nm wav elength, suppor ts up to 40 km. • MGBLX 1 : 1000BA S E-LX SFP transceiver , f or single-mo d ...
Cisco Systems SG50028PK9NA - page 139

Administration: Diagno stic s Configuring P or t and VL AN Mirroring Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 89 7 C onfiguring Por t and VL AN Mirroring Po r t mirroring is used on a network devic e t o send a copy of network packets seen on one device po r t , multiple device por ts , ...
Cisco Systems SG50028PK9NA - page 140

Administration: Diagnostics V iewing CP U Utiliz a tion and Secure Core T echnolo gy 90 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 7 - Active —B oth source and destination inter faces are up and f orwarding traffic. - Not R ea d y —Either s our ce or destination (or both) ar e down or ...
Cisco Systems SG50028PK9NA - page 141

Administration: Diagno stic s V iewing CPU Utiliz ation and S ecure Core T e chnolo gy Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 91 7 Excessive traf fic bur dens the CPU , and might prev ent normal device operation. The device uses the S ecure Cor e T e chnology (SCT ) f eature t o ensur ...
Cisco Systems SG50028PK9NA - page 142

8 Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 92 Administra tion: Dis c over y This sect ion pr ovides inf ormation f or configuring Dis cover y . It covers the f ollowin g t opics: • Bo n jo ur • LLDP and CDP • Configuring LLDP • Con fig u r i n g C D P Bo n j o u r As a Bonjour c ...
Cisco Systems SG50028PK9NA - page 143

Administration: Disc over y Bon jo ur Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 93 8 When Bonjour Discover y is disable d, the device st ops any ser vice typ e adver tisements and does not respond to r equests f or ser vic e fr om network management applications. T o glob ally enable Bon ...
Cisco Systems SG50028PK9NA - page 144

Administration: Discovery LLDP and CDP 94 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 8 STEP 3 Click Apply to updat e the Running Configuration file. STEP 4 T o enable Bonjour on an interface, click Add. STEP 5 Select the inter face, and click Apply . NOTE Click Del ete t o disable Bonjour ...
Cisco Systems SG50028PK9NA - page 145

Administration: Disc over y Configuring LLDP Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 95 8 • CDP and LLDP end devices, such as IP phones, learn the voice VL AN configuration from CDP and LLDP adv er tisements . By default , the device is enabled to send out CDP and LLDP adv er tisemen ...
Cisco Systems SG50028PK9NA - page 146

Administration: Discovery Configuring LLDP 96 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 8 • Displaying LLD P Loc al Information • Displa ying LLDP Neighbors Informa tion • Access i n g L LD P S t a tis tic s • LLDP O verloading LLDP O ver view LLDP is a pr otocol that enables net ...
Cisco Systems SG50028PK9NA - page 147

Administration: Disc over y Configuring LLDP Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 97 8 4. A s sociate LLDP MED netw ork policies and the optional LLDP- MED TL Vs t o the desired int er faces by using the LLDP MED Port Set tings page. 5. If Auto Smartp ort is to detect the capa bilit ...
Cisco Systems SG50028PK9NA - page 148

Administration: Discovery Configuring LLDP 98 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 8 • Chassis ID Adver tisement —Select one of the f ollowing options f or advertis ement in the LLDP mes sage s: - MAC Address —Adver tise the MAC address of the device. - Host Name —Adver tise ...
Cisco Systems SG50028PK9NA - page 149

Administration: Disc over y Configuring LLDP Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 99 8 • SNMP Notification —Select En able to send notifications t o SNMP notification recipients; f or example, an SNMP managing system, when ther e is a topology change. The time inter val bet ween ...
Cisco Systems SG50028PK9NA - page 150

Administration: Discovery Configuring LLDP 100 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 8 - Auto Adver tis e —Spe cifies that the sof tware would aut omatically choos e a management ad dr es s to adv er t ise from all the IP addr es ses of the product . In case of multiple IP address e ...
Cisco Systems SG50028PK9NA - page 151

Administration: Disc over y Configuring LLDP Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 101 8 Set ting LLDP MED Net work Policy An LLDP -MED net work policy is a relat e d set of configuration s ettings fo r a specific real-time application such as vo ice, or vide o. A network policy , if ...
Cisco Systems SG50028PK9NA - page 152

Administration: Discovery Configuring LLDP 102 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 8 • VL AN T ag —S elect whether the traffic is T agge d or Untagged. • User Priorit y —Select the traffic priorit y applied to traffic defined by this network p olicy . This is the C oS value. ...
Cisco Systems SG50028PK9NA - page 153

Administration: Disc over y Configuring LLDP Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 103 8 • SNMP Notification —Sele ct whether S NMP notification is sent on a per -por t basis when an end station that suppor ts MED is discovered; f or example a SNMP managing system, when ther e is ...
Cisco Systems SG50028PK9NA - page 154

Administration: Discovery Configuring LLDP 104 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 8 LL D P P o r t S tat u s Gl ob al In fo r m ati o n • Chas sis ID Subt ype — T ype of chas sis ID (f or e xample, MAC addr ess). • Chassis ID —Identifier of chassis . Wher e the chassis ID s ...
Cisco Systems SG50028PK9NA - page 155

Administration: Disc over y Configuring LLDP Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 105 8 Click LLDP L ocal Inf ormation Details to see the details of the LLDP and LLDP MED TL V s sent to the neighbor . Click LLDP Neighbor Inf ormation Details to see the details of the LLDP and LLDP - ...
Cisco Systems SG50028PK9NA - page 156

Administration: Discovery Configuring LLDP 106 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 8 MA C/PHY Details • Auto-Negoti ation Suppor ted —Por t spee d auto-negotiation suppor t status . • Auto-Ne gotiation Enabled —P ort s peed a ut o-n ego ti at io n a ct iv e sta tu s. • Aut ...
Cisco Systems SG50028PK9NA - page 157

Administration: Disc over y Configuring LLDP Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 107 8 • Current Capabilitie s —MED capabilities enabled on the p or t . • Dev ice C l a ss —LLDP -MED endp oint device class . The pos sible device class es are: - Endpoint Clas s 1 —Indicate ...
Cisco Systems SG50028PK9NA - page 158

Administration: Discovery Configuring LLDP 108 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 8 • VL AN Typ e — VLAN t ype for which the network policy is define d. The po ssible field value s ar e: - Ta g g e d —Indicates the network policy is define d f o r tagged VL ANs . - Untagged ? ...
Cisco Systems SG50028PK9NA - page 159

Administration: Disc over y Configuring LLDP Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 109 8 The LLDP Neighbor Inf ormation page contains the f o llowing fields: Por t Details • Lo ca l Por t —P or t number . • MSAP Entr y —Device Media S er vice Acc es s P oint (MSAP) entr y num ...
Cisco Systems SG50028PK9NA - page 160

Administration: Discovery Configuring LLDP 110 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 8 • Auto-Ne gotiation Enabled —Por t spe ed auto-negotiation active status. The pos sible values are T rue and F alse. • Auto-Ne gotiation Adver tise d Cap abilities —Por t spee d aut o-negoti ...
Cisco Systems SG50028PK9NA - page 161

Administration: Disc over y Configuring LLDP Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 111 8 • Remote R x —Indicates the time (in micro seconds) that the r eceiving link par tner requests that the transmitting link par tner waits befor e transmis sion of data f ollowing L ow P ower I ...
Cisco Systems SG50028PK9NA - page 162

Administration: Discovery Configuring LLDP 112 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 8 802. 1 VL AN and Protocol • PVI D —Adv ertise d por t VL AN ID . PPVID T able • VID —Pro tocol VLAN ID . • Suppor ted —Supp or ted P ort and Prot ocol VL AN IDs . • Enable d —En ab l ...
Cisco Systems SG50028PK9NA - page 163

Administration: Disc over y Configuring LLDP Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 113 8 Access i n g L L D P S ta t i s t i cs The LLDP Statistics page displays LLDP statistica l inf o rmation per p or t . T o view the LLDP statistics: STEP 1 Click Admin ist ra tion > Disc over y ...
Cisco Systems SG50028PK9NA - page 164

Administration: Discovery Configuring LLDP 114 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 8 T o view LLDP overloading inf ormation: STEP 1 Click Adm in ist ra tion > Disc over y - LLDP > LLDP O verlo ading . This page contains the f ollowing fields f or each por t : • Interfac e ? ...
Cisco Systems SG50028PK9NA - page 165

Administration: Disc over y Configuring CDP Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 115 8 - Status —If the LLDP MED extended p ower via MDI packets were sent , or if they were overloade d. • 802.3 TL Vs - Size (Bytes) — T otal LLDP MED 802.3 TL V s packets byte size. - Status — ...
Cisco Systems SG50028PK9NA - page 166

Administration: Discovery Configuring CDP 116 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 8 S et ting CDP Proper tie s Similar to LLDP , CDP (Cisco Discover y Protoc ol) is a link la yer pr ot ocol f or dir ectly conne ct ed neighbors to adv er tise themselve s and their capabilities t o ea ...
Cisco Systems SG50028PK9NA - page 167

Administration: Disc over y Configuring CDP Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 117 8 • CDP V e rsion —Select the version of CDP t o use. • CDP Hold Time —Amount of time that CDP packets are held befor e the packets ar e discarded, measured in multiples of the TL V Adver ti ...
Cisco Systems SG50028PK9NA - page 168

Administration: Discovery Configuring CDP 118 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 8 • Syslo g Duplex Misma tch —Check to send a SY S L OG mes sage when duplex inf ormation is mismatched. This means that the dupl e x inf orm ation in the incoming frame do es not match what the lo ...
Cisco Systems SG50028PK9NA - page 169

Administration: Disc over y Configuring CDP Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 119 8 This page provides the f ollowing fields : • Interfac e —Sele ct the interface to be defined. • CDP Status —Select t o enable/ dis able the CDP publis hing option f or the port . NOTE The ...
Cisco Systems SG50028PK9NA - page 170

Administration: Discovery Configuring CDP 120 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 8 • Syste m Na me T L V - Sys te m N am e — S ystem name of the device. • Address TL V - Addres s 1 -3— IP addres ses (adver tised in the devic e address TL V ) . • Por t T L V - Por t ID — ...
Cisco Systems SG50028PK9NA - page 171

Administration: Disc over y Configuring CDP Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 121 8 • CoS f or Untr ust ed Ports TL V - CoS for Untruste d Por ts —If Ex tended T rust is disable d on the por t , this fields displa ys the Layer 2 CoS v alue, meaning, an 802. 1 D/802. 1 p prior ...
Cisco Systems SG50028PK9NA - page 172

Administration: Discovery Configuring CDP 122 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 8 • Sys te m N am e —Neighbors system name. • Loc al Inter face —Numb er of the local por t to which the neighbor is conne ct ed. • Adver tis ement V ersion —CDP prot o col version. • Tim ...
Cisco Systems SG50028PK9NA - page 173

Administration: Disc over y Configuring CDP Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 123 8 NOTE Clicking on the Clear T able but ton disconnect all c onnected devices if from CDP , and if Aut o Smartp or t is enabled change all por t t ype s t o default . Viewing CDP Statistics The CDP ...
Cisco Systems SG50028PK9NA - page 174

Administration: Discovery Configuring CDP 124 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 8 ...
Cisco Systems SG50028PK9NA - page 175

Administration: Disc over y Configuring CDP Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 125 8 ...
Cisco Systems SG50028PK9NA - page 176

9 Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 124 Por t Management This section de scribe s por t configurat ion, link aggregation, and the Green Ethernet f eature. It covers the f ollowin g t opics: • Con fig u r i n g P o rts • Set ting Por t Configuration • Link Aggregation • UD ...
Cisco Systems SG50028PK9NA - page 177

Por t Management Setting Por t C onfigur a tion Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 125 9 7 . If PoE is suppor ted and enabled f or the device, configure the device as descr ibed in Por t Management: PoE . S et ting Por t C onfigura tion Po r ts can be configured in the f ollowing ...
Cisco Systems SG50028PK9NA - page 178

Port Management Setting Por t Configura tion 126 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 9 - Combo F iber — S FP Fiber G igabit I nter face Conver ter Por t with the f ollowing value s: 100M and 1000M (typ e: C omboF ). - 10G-Fiber Optics—Ports with sp eed of either 1G or 10G. NOTE ...
Cisco Systems SG50028PK9NA - page 179

Por t Management Setting Por t C onfigur a tion Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 127 9 • Administrative Duplex Mode —Select the p or t duplex mode. This field is configurable only when aut o-negotiation is disabled, and the p or t spee d is s e t to 1 0 M o r 1 0 0 M . A t p ...
Cisco Systems SG50028PK9NA - page 180

Port Management Setting Por t Configura tion 128 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 9 - MDI —Sele ct to connect this device to a station by using a straight through cable. - Auto —Select t o configure this device to aut omatically detect the correct pinouts f or the c onnection ...
Cisco Systems SG50028PK9NA - page 181

Por t Management Link Aggrega tion Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 129 9 • Por t Se curit y —Select to enable the err or recover y mechanism for the port securit y err -disable state. • 802. 1 x Single Ho st Viola tion —Select to enable err or r ecover y me chanism f or ...
Cisco Systems SG50028PK9NA - page 182

Port Management Link Aggr egation 130 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 9 Link Aggregation O ver view Link Aggr egation Control Prot o col (L ACP) is part of the IEEE spe cification ( 802.3az) that enables you to bundle several physical ports together to f orm a single lo gical ch ...
Cisco Systems SG50028PK9NA - page 183

Por t Management Link Aggrega tion Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 131 9 Ev er y LAG has the f ollowing charact eristics : • All por ts in a LAG must be of the s ame media t ype. • T o add a p or t t o the LAG, it cannot be long to any VLAN ex cept the default VL AN. • Po ...
Cisco Systems SG50028PK9NA - page 184

Port Management Link Aggr egation 132 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 9 T o configure a dynamic LAG, per f orm the f ollowing actions : 1. E n a b l e L A C P o n t h e L A G . A s s i g n u p t o 1 6 c a n d i d a t e s p o r t s t o t h e d y n a m i c L A G by sele cting and ...
Cisco Systems SG50028PK9NA - page 185

Por t Management Link Aggrega tion Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 133 9 • Unit /Slot— Displays the stacking member f or which L AG inf ormation is defined. • Por t List —Move those por ts that ar e t o be assigne d t o the LAG from the Por t List to th e LA G M em be r ...
Cisco Systems SG50028PK9NA - page 186

Port Management Link Aggr egation 134 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 9 • Re activate Suspende d L AG —Select t o r eactivat e a p ort if the L AG has been dis abled through the lock ed por t se curit y option or thr ough A CL configurations . • Administrative Auto Negoti ...
Cisco Systems SG50028PK9NA - page 187

Por t Management Link Aggrega tion Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 135 9 C onfiguring LA C P A dynamic LAG is LACP -enabled, and LACP is run on ever y candidate por t defined in the L AG. L ACP Priorit y and Rule s LACP system priority and L ACP por t priority are both used to ...
Cisco Systems SG50028PK9NA - page 188

Port Management Link Aggr egation 136 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 9 However , ther e are cases when one link par tner is temporarily not configured f or LACP . One example f or such case is when the link par tner is on a device, which is in the process of r eceiving its c on ...
Cisco Systems SG50028PK9NA - page 189

Por t Management UDLD Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 137 9 STEP 5 Click Apply . The Running Configuration file is updated. UDLD See Por t Management : Unidirection al Link Dete ction . PoE See Por t Management : PoE . C onfiguring Green Ethernet This section de scribe s the Gr ...
Cisco Systems SG50028PK9NA - page 190

Port Management Configuring Gr een Etherne t 138 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 9 operational mode is fast , transparent , and no frames are lost . This mode is suppor ted on both GE and FE por ts . • Shor t-Reach Mo de — This f eatur e pr ovides f or power savings on a sho ...
Cisco Systems SG50028PK9NA - page 191

Por t Management Configuring Gr een Etherne t Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 139 9 Power Saving by Dis abling Por t LEDs The Dis able Port LED s f eature allows the us er t o sav e extra power consumed by device LEDs . Since most of the time the devices are in an unoccupied r ...
Cisco Systems SG50028PK9NA - page 192

Port Management Configuring Gr een Etherne t 140 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 9 LLDP is use d t o select the optimal s et of paramet ers f or b oth devices . If LLDP is not suppor ted by the link par tner , or is disabled , 802.3az EEE still be operational, but it might not b ...
Cisco Systems SG50028PK9NA - page 193

Por t Management Configuring Gr een Etherne t Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 141 9 Default Configuration By default, 802.3az EEE and EEE LLDP are enabled globally and per por t . I nteractions Bet w een Fea tures The f ollowing de scribe 802.3az EEE interactions with other f e ...
Cisco Systems SG50028PK9NA - page 194

Port Management Configuring Gr een Etherne t 142 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 9 STEP 4 T o s ee 802.3 EEE-r elat ed inf ormation on the local device, open the Administration > Disc over y LLDP >LLDP Local Inf ormation page, and view the inf ormation in the 802.3 Energy ...
Cisco Systems SG50028PK9NA - page 195

Por t Management Configuring Gr een Etherne t Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 143 9 STEP 3 Click Apply . The Gr een Ethernet Proper ties ar e written t o the Running Configuration file. S et ting Green Ethernet Proper ties for Por ts The P or t Set tings page displa ys the curr ...
Cisco Systems SG50028PK9NA - page 196

Port Management Configuring Gr een Etherne t 144 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 9 NOTE Shor t -r each mode is only suppor ted on RJ45 GE por ts; it doe s not apply t o Combo por ts . • 802.3 Energy Ef ficient Ethernet (EEE)— Stat e of the por t regar ding the EEE fe a t u r ...
Cisco Systems SG50028PK9NA - page 197

Por t Management Configuring Gr een Etherne t Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 145 9 ...
Cisco Systems SG50028PK9NA - page 198

10 Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 146 Por t Management : Unidire ction al Link D ete c tion This sect ion describ es how the Unidirectional Link D etection (UDLD) f eature. It covers the f ollowin g t opics: • UDLD O ver view • UDLD Operation • Usage Guideline s • De p ...
Cisco Systems SG50028PK9NA - page 199

Por t Management: Unidire ctional Link Dete ction UDLD Op er a tion Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 147 10 All connected device s must suppor t UDLD f or the prot o col to succes sfully detect unidir ectional links . If only the local device suppor ts UDLD, it is not pos sible ...
Cisco Systems SG50028PK9NA - page 200

Port Management: Unidirectional Link Detection UDLD Opera tion 148 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 10 UDLD is enabled on a por t when one of the f ollowing occurs : • The por t is a fiber por t and UDLD is enabled globally . • The por t is a copper por t and you specifically ...
Cisco Systems SG50028PK9NA - page 201

Por t Management: Unidire ctional Link Dete ction UDLD Op er a tion Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 149 10 If an interface is down and UDLD is enable d, the device removes all neighbor inf ormation and sends at least one ULDL message to the neighbors inf orming them that the po ...
Cisco Systems SG50028PK9NA - page 202

Port Management: Unidirectional Link Detection Usage Guideline s 150 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 10 UDLD again begins running on the p or t . If the link is still un idir ectional, UDLD shuts it down again after the UDLD e xpiration time e xpir es , f or instanc e. • Manua ...
Cisco Systems SG50028PK9NA - page 203

Por t Management: Unidire ctional Link Dete ction Default Settings and Configur a tion Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 151 10 • UDLD and La yer 2 Pr ot ocols UDLD runs on a por t independently from other La yer 2 pr otocols running on the same por t , such as S TP or LACP . F ...
Cisco Systems SG50028PK9NA - page 204

Port Management: Unidirectional Link Detection Configuring UDLD 152 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 10 STEP 2 Click Apply Wor k fl ow 2 : T o ch ange the UDLD configurat io n of a fiber p or t or to enable UDLD on a copper p or t, p er form the f ollow ing steps : STEP 1 Open th ...
Cisco Systems SG50028PK9NA - page 205

Por t Management: Unidire ctional Link Dete ction Configuring UDLD Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 153 10 • Fiber Port UDLD D efault State — This field is only relevant f or fib er por ts. The UDLD stat e of copper por ts must b e set individually in the UDLD Int er face Se ...
Cisco Systems SG50028PK9NA - page 206

Port Management: Unidirectional Link Detection Configuring UDLD 154 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 10 determination (if there was one), or since UDLD began running on the por t , so that the state is not y et dete rmined. - Bid ire ct io nal — T raf fic sent by the lo cal dev ...
Cisco Systems SG50028PK9NA - page 207

Por t Management: Unidire ctional Link Dete ction Configuring UDLD Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 155 10 • State —State of the link betwe en the local and neighboring device on the local po r t . The f ollowing val ues ar e pos sible : - Detect ion — The latest UDLD stat ...
Cisco Systems SG50028PK9NA - page 208

11 Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 156 Smar tp or t This document de scribe s the Smar tp or ts f eature. It contains the f ollowing t opics : • O ver view • What is a Smar tp or t • Smar tp or t Typ es • Smar tp or t Macro s • Macro F ailure and the Rese t Operation ...
Cisco Systems SG50028PK9NA - page 209

Smar tp or t Over view Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 157 11 Ov e rv i e w The Smar tpor t f eatur e pr ovides a convenient wa y t o sa ve and shar e common configurations . By applying the same Smar tpor t macro to multiple int er fac es , the int erface s shar e a common set ...
Cisco Systems SG50028PK9NA - page 210

Smartport Wha t is a Smar tp or t 158 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 11 Wha t is a Smar tp or t A Smar tpor t is an inter face to which a built -in (or user -define d) macro ma y be applied. Thes e macr os are designed to pr ovide a means of quickly configuri ng the device to s ...
Cisco Systems SG50028PK9NA - page 211

Smar tp or t Smar tpor t T yp es Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 159 11 • Statically fro m a Smar tpor t macro by name only from the CLI. A Smar tpor t macro can be applied by its Smar tpor t typ e statically fr om CLI and GUI, and dynamically by Auto Smartpor t . Aut o Smar ...
Cisco Systems SG50028PK9NA - page 212

Smartport Smar tp or t Macros 160 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 11 If Aut o Smar tpor t assigns a Smar tp ort t ype to an interface and the interface is not configured to be Aut o Smar tp or t P ersistent, then its Smar tp or t typ e is re-initializ ed to Default in the f ollo ...
Cisco Systems SG50028PK9NA - page 213

Smar tp or t Smar tpor t Macros Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 161 11 There ar e t wo t ypes of Smar tp or t macr os : • Built-In — The se ar e macr os provided by the syst em. One macr o applies the configuration pro file and the other r emoves it . The macro names of the ...
Cisco Systems SG50028PK9NA - page 214

Smartport Macro F ailure and the Reset Opera tion 162 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 11 - Else the c orresponding anti-macro is applied and the interface s status is set t o Def au lt. Macro F ailure and the Res e t Op era tion A Smar tport macro might f ail if ther e is a conf ...
Cisco Systems SG50028PK9NA - page 215

Smar tp or t Auto Smartp or t Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 163 11 Ther e are two ways t o apply a Smar tpor t macro by Smartp ort t ype to an interface : • Static Smar tpor t Y ou manually assign a Smartp ort t ype to an int erface. The corresponding Smar tpor t macro is a ...
Cisco Systems SG50028PK9NA - page 216

Smartport Auto Smar tpor t 164 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 11 • Enable d — This manually enabl es Auto Smar tpor t and places it into operation immediately . • Enable by Auto V oice VL AN — This enable s Aut o Smartp or t t o operate if Aut o V oice VLAN is enabled a ...
Cisco Systems SG50028PK9NA - page 217

Smar tp or t Auto Smartp or t Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 165 11 SR Bridge 0x04 Ignore Switch 0x08 Switch Host 0x 10 Host IGMP conditional filt ering 0x20 Ignore Repeat er 0x 40 Ignore V oIP Phone 0x80 ip_phone Remot ely-Managed Device 0x 100 Ignore CAST P hone P or t 0x200 ...
Cisco Systems SG50028PK9NA - page 218

Smartport Auto Smar tpor t 166 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 11 NOTE If only the IP Phone and Host bits ar e set , then the Smar tpor t t ype is ip_phone_desktop. Multiple D evice s At tache d to the Por t The device derives the Smartpor t t ype of a connected device via the c ...
Cisco Systems SG50028PK9NA - page 219

Smar tp or t Er ror H an d li n g Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 167 11 Pe rsiste nt status of an interface is disabled, the interface reverts to the default Smar tpor t typ e when the attaching devic e to it ages out , the int erfac e goes down, or the device is r ebooted. En ...
Cisco Systems SG50028PK9NA - page 220

Smartport Rela tionship s with Other Fea tur es and Back wards Compa tibility 168 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 11 Rela tionships with O ther Featur e s and B ack wards C omp a tibilit y Aut o Smartp or t is enabled by default and ma y be disable d. T elephony OUI cannot funct ...
Cisco Systems SG50028PK9NA - page 221

Smar tp or t Common Smar tp or t T asks Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 169 11 W ork flow2: T o configure an in ter face a s a static Smar tpor t , per f orm the fol lo wing steps : STEP 1 T o enable the Smar tpor t featur e on the inter face, open the Smar tpor t > Interfac ...
Cisco Systems SG50028PK9NA - page 222

Smartport Configuring Smar tp or t Using The W eb -bas ed Interface 170 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 11 W ork flow4: T o rerun a Smar tp or t macro after it has failed, p er form the fol l ow in g st e p s : STEP 1 In the Int er face Settings page, sele ct an int erfac e with ...
Cisco Systems SG50028PK9NA - page 223

Smar tp or t Configuring Smartp or t Using The Web-b ase d In terfac e Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 171 11 Smar tpor t Prop er tie s T o c onfigur e the Smartp or t f eature globally : STEP 1 Click Smar tp or t > Prop er ties . STEP 2 Enter the parameters. • Administrat ...
Cisco Systems SG50028PK9NA - page 224

Smartport Configuring Smar tp or t Using The W eb -bas ed Interface 172 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 11 Smar tpor t Typ e S et tings Use the Smar tpor t T ype Set tings page to edit the Smar tpor t T ype s ettings and view the Macro Sour ce. By default , each Smar tpor t t yp ...
Cisco Systems SG50028PK9NA - page 225

Smar tp or t Configuring Smartp or t Using The Web-b ase d In terfac e Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 173 11 • Macro P aramet ers —Displays the f ollowing fields f or three parameters in the macro: - Parameter Name —Name of paramet er in macro . - Parameter Value —Curr ...
Cisco Systems SG50028PK9NA - page 226

Smartport Configuring Smar tp or t Using The W eb -bas ed Interface 174 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 11 since the last macro application. Y ou hav e t o be familiar with the current configurations on the device and the de finition of the macro to det ermine if a reapplication ...
Cisco Systems SG50028PK9NA - page 227

Smar tp or t Built-in Smar tpor t Macros Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 175 11 STEP 1 Select a n int er face and click Edit . STEP 2 Enter the fields. • Interfac e —Sele ct the por t or LAG. • Smar tp or t Type —Displays the Smartp or t type currently assigned to the p ...
Cisco Systems SG50028PK9NA - page 228

Smartport Built-in Smar tpor t Macros 176 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 11 Macr o code fo r the f ollowing Smar tpor t typ es are pr ovide d: • desktop • printer • guest • serve r • ho st • ip_camera • ip_phone • ip_phone_desktop • switch • rou ter • ap d ...
Cisco Systems SG50028PK9NA - page 229

Smar tp or t Built-in Smar tpor t Macros Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 177 11 # @ no_desktop [no_desktop] #macro description No Desktop # no smartport switchport trunk nati ve vlan smartport switchport trunk allowed vlan remove all # no port security no port security mode no ...
Cisco Systems SG50028PK9NA - page 230

Smartport Built-in Smar tpor t Macros 178 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 11 no_printer [no_printer] #macro description No printer # no switchport access vlan no switchport mode # no port security no port security mode # no smartport storm-control broadcast e nable no smartport ...
Cisco Systems SG50028PK9NA - page 231

Smar tp or t Built-in Smar tpor t Macros Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 179 11 [no_guest] #macro description No guest # no switchport access vlan no switchport mode # no port security no port security mode # no smartport storm-control broadca st enable no smartport storm-contr ...
Cisco Systems SG50028PK9NA - page 232

Smartport Built-in Smar tpor t Macros 180 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 11 # no smartport switchport trunk native v lan smartport switchport trunk allowed vla n remove all # no port security no port security mode no port security max # no smartport storm-control broadcast e na ...
Cisco Systems SG50028PK9NA - page 233

Smar tp or t Built-in Smar tpor t Macros Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 181 11 no smartport switchport trunk nati ve vlan smartport switchport trunk allowed vlan remove all # no port security no port security mode no port security max # no smartport storm-control broadca st en ...
Cisco Systems SG50028PK9NA - page 234

Smartport Built-in Smar tpor t Macros 182 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 11 no port security mode # no smartport storm-control broadcast e nable no smartport storm-control broadcast l evel no smartport storm-control include-mul ticast # spanning-tree portfast auto # @ ip_phone ...
Cisco Systems SG50028PK9NA - page 235

Smar tp or t Built-in Smar tpor t Macros Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 183 11 #$voice_vlan = 1 # smartport switchport trunk allowed vlan remove $voice_vlan no smartport switchport trunk nati ve vlan smartport switchport trunk allowed vlan remove all # no port security no port ...
Cisco Systems SG50028PK9NA - page 236

Smartport Built-in Smar tpor t Macros 184 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 11 [no_ip_phone_desktop] #macro description no ip_phone_desktop #macro keywords $voice_vlan # #macro key description: $voice_vlan: The voice VLAN ID # #Default Values are #$voice_vlan = 1 # smartport switc ...
Cisco Systems SG50028PK9NA - page 237

Smar tp or t Built-in Smar tpor t Macros Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 185 11 # #macro key description: $voice_v lan: The voice VLAN ID # no smartport switchport trunk nati ve vlan smartport switchport trunk allowed vlan remove all # no spanning-tree link-type # @ router [rou ...
Cisco Systems SG50028PK9NA - page 238

Smartport Built-in Smar tpor t Macros 186 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 11 # no smartport storm-co ntrol broadcast enable no smartport storm-co ntrol broadcast level # no spanning-tree link-type # @ ap [ap] #macro description ap #macro keywords $native_vlan $voice_vl an # #mac ...
Cisco Systems SG50028PK9NA - page 239

12 Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 187 Por t Management : PoE The P ower over Ethernet (P oE) f eature is only a vailable on PoE-base d devices . F or a list of Po E-base d devices , ref er to the De v ice M od e l s sect io n. This section de scribes how to use the P oE f eatu ...
Cisco Systems SG50028PK9NA - page 240

Port Management: PoE PoE o n t h e D e v ic e 188 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 12 Power ov er Ethernet can be used in any ent erprise net work that deploys r elatively low-powered device s connected to the Ethernet LAN, such as : • IP phones • W i r eless a cce ss p oi n ...
Cisco Systems SG50028PK9NA - page 241

Por t Management : PoE PoE on t he D e vi c e Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 189 12 Y ou can decide the f ollowing: • Maximum power a PS E is allowed to supply to a PD • During device operation, to change the mode from Class Power Limit t o Port Limit and vice versa. The p ...
Cisco Systems SG50028PK9NA - page 242

Port Management: PoE Configuring PoE Pr op er tie s 190 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 12 a P oE device acting as a PSE may mistakenly det e ct and supply power to an attaching PS E , including other PoE swit ches, as a legacy PD . Ev en though Sx200/300/500 P oE switches are P ...
Cisco Systems SG50028PK9NA - page 243

Por t Management : PoE Configuring P oE Settings Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 191 12 • Tr a p s —Enable or disable traps. If traps are enab led, you must also enable SNMP and co nfigur e at least one SNMP Notification Recipient . • Pow e r T r a p T h re sh o ld —Ent ...
Cisco Systems SG50028PK9NA - page 244

Port Management: PoE Configuring PoE Settings 192 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 12 • Class Limit : Power is limit e d based on the clas s of the c onnect ed PD . F or thes e sett ings t o be active, the syst em must be in PoE Class Limit mode. That mode is configured in the ...
Cisco Systems SG50028PK9NA - page 245

Por t Management : PoE Configuring P oE Settings Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 193 12 • Administrative P ower Allo cation — This field app ears only if the Power Mode set in the PoE Pr oper ties page is Port Limit . If the Power mode is Power Limit , enter the power in mi ...
Cisco Systems SG50028PK9NA - page 246

Port Management: PoE Configuring PoE Settings 194 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 12 ...
Cisco Systems SG50028PK9NA - page 247

13 Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 195 VL AN Man agement This section c overs the f ollowing topics: • VL ANs • Configuring D e fault VL AN S ettings • Creating VL ANs • Configuring VL AN Interface S et tings • Defi nin g VLAN M em be rs hip • GVR P S et ti ng s • ...
Cisco Systems SG50028PK9NA - page 248

VLAN Management VL ANs 196 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 13 VL AN Des cription Each VLAN is co nfigur ed with a unique VI D ( VL AN ID) with a value fr om 1 t o 4094. A por t on a device i n a bridged networ k is a member o f a VLAN if it can se nd data to and r e ceive data f ...
Cisco Systems SG50028PK9NA - page 249

VL AN Management VL ANs Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 197 13 VL AN Roles VLANs function at Layer 2. All VLAN traf fic (Unicast /Broadcast /Multicast) remains within its VLAN. D evices at tached to diff er ent VLANs do not have dir ect connectivit y t o each other over the Eth ...
Cisco Systems SG50028PK9NA - page 250

VLAN Management VL ANs 198 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 13 Cust omer traffic is encapsulated with an S-tag with TPID 0x8100, r egar dles s of whether it was originally c-tagged or untagge d. The S-tag allows this traffic to be treat ed as an aggregat e within a pr ovider brid ...
Cisco Systems SG50028PK9NA - page 251

VL AN Management Configuring Def ault VL AN S ettings Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 199 13 C onfiguring D efault VL AN S et tings When using fact or y default settings , the device automatically creat es VLAN 1 as the default VLAN, th e default int er face status of all p ort ...
Cisco Systems SG50028PK9NA - page 252

VLAN Management Crea tin g VL ANs 200 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 13 • De fault VL AN ID After Reb oot —Enter a new VLAN ID to r eplace the default VLAN ID after r eboot . STEP 3 Click Apply . STEP 4 Click Sa v e (in the upper-right corner of the window) and sav e the Ru ...
Cisco Systems SG50028PK9NA - page 253

VL AN Management Configuring VL AN Int er f ace S ettings Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 201 13 The page enables the creation of either a single VLAN or a range of VLANs . STEP 3 T o cr eat e a single VLAN, s elect the VL AN radio but t on, enter the VLAN ID ( VID) , and optio ...
Cisco Systems SG50028PK9NA - page 254

VLAN Management De f i ni n g VLAN M e mbe r s hi p 202 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 13 - Customer —S electing this option pla ces the interface in QinQ mode. This enables you to use your own VLAN arrangements (PVID) across the provider network . The device is in Q-in-Q mod ...
Cisco Systems SG50028PK9NA - page 255

VL AN Management De fin i ng V L AN Me m ber shi p Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 203 13 Untagged por t membership betwe en two VL AN-a war e devi ces with no intervening VL AN-awar e devices , must be t o the same VL AN. In other wor ds, the PVID on the por ts b etwe en the t ...
Cisco Systems SG50028PK9NA - page 256

VLAN Management De f i ni n g VLAN M e mbe r s hi p 204 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 13 • Multicast T V VLAN — The interface us ed f or Digital T V using Multicast IP . The por t joins the VL AN with a VL AN tag of Multicast T V VL AN. See Acces s P or t Multicast T V VL ...
Cisco Systems SG50028PK9NA - page 257

VL AN Management GV R P S e t t i n g s Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 205 13 • LA G —If int er face selected is Port , displa ys the LAG in which it is a member . STEP 3 Sele ct a por t , and click the Join VL AN but ton. STEP 4 Enter the values f or the f ollowing fields ...
Cisco Systems SG50028PK9NA - page 258

VLAN Management GV R P S e t t i n g s 206 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 13 When a por t joins a VLAN by using GVRP , it is added to the VLAN as a dynamic member , unle ss this was expr essly forbidden in the P ort VL AN Membership page. If t he V L AN d oe s n ot exis t , it ...
Cisco Systems SG50028PK9NA - page 259

VL AN Management VL AN Gr oups Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 207 13 VL AN Gr oup s VLAN groups are used f or load balancing of traffic on a Layer 2 network . Pa cke ts ar e assigned a VLAN according t o various classifications that have been configured ( such as VLAN groups). ...
Cisco Systems SG50028PK9NA - page 260

VLAN Management VL AN Groups 208 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 13 Wo rk f l ow T o define a MAC- based VL AN gr oup: 1 . A s sign a MAC addr ess to a VLAN group ID (using the MAC-Based Groups page). 2. For each r equired inter face: a . A s s i g n t h e V L A N g r o u p t o ...
Cisco Systems SG50028PK9NA - page 261

VL AN Management VL AN Gr oups Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 209 13 - Le n g t h — Prefix of the MAC addr e ss • Group ID —Enter a user -created VLAN group ID number . STEP 4 Click Apply . The MAC addr ess is as signed to a VLAN gr oup. Mapping VL A N Group to VL AN Per ...
Cisco Systems SG50028PK9NA - page 262

VLAN Management VL AN Groups 210 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 13 1 . D efine a prot o col group (using the Pr ot ocol-B ased Groups page). 2. For each r e quired int erfac e, assign the prot ocol group t o a VLAN (using P r o t o c o l - B a s e d G r o u p s t o V L A N p a ...
Cisco Systems SG50028PK9NA - page 263

VL AN Management Vo i c e V L A N Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 211 13 Protoc ol-B as ed Group s to VL AN Mapping T o map a prot o col group to a por t , the p or t must be in General mo de and not have D V A configured on it ( see C onfiguring VL AN Interfac e S et tings ). ...
Cisco Systems SG50028PK9NA - page 264

VLAN Management Vo i c e V L A N 212 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 13 V oic e VL AN O ver view This se ction covers the f ollowing topics: • Dy na m i c V oi ce VLAN M od es • Auto V o ice VL AN, Auto Smar tpor t s, CDP , and LLDP • Vo i c e V L A N Q o S • V o ice VL ...
Cisco Systems SG50028PK9NA - page 265

VL AN Management Vo i c e V L A N Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 213 13 The devic e suppor ts a single voice VL AN. By de fault , the voic e VLAN is VLAN 1 . The voice VLAN is defaulted t o VLAN 1 . A dif f er ent v oice VL AN can be manually configured. It can also be dynamic ...
Cisco Systems SG50028PK9NA - page 266

VLAN Management Vo i c e V L A N 214 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 13 V oic e E nd-Points T o ha ve a v oice VLAN work properly , the voice devices, such as Cisc o phones and V oIP endpoints , must be as signed to the v oice VL AN wher e it sends and r eceives its voice traffi ...
Cisco Systems SG50028PK9NA - page 267

VL AN Management Vo i c e V L A N Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 215 13 NOTE The default configuration list her e applies t o swit ches whose firmware v ersion suppor ts Aut o V oice VLAN out of the box. It als o applies to unconfigur ed switches that ha ve been upgrade d to t ...
Cisco Systems SG50028PK9NA - page 268

VLAN Management Vo i c e V L A N 216 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 13 NOTE If the device is in Lay er 2 syst em mode, it can synchroniz e with only VSD P capable switches in the same ma nagement VL AN. If the device is in Lay er 3 syst em mode, it can synchronize with V SDP ca ...
Cisco Systems SG50028PK9NA - page 269

VL AN Management Vo i c e V L A N Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 217 13 V oic e VL AN C onstraints The f ollowing c onstraints exist: • Only one V oice VL AN is suppor ted. • A VLAN that is defined as a V oice VL AN cannot be re moved In addition the f ollowing c onstraint ...
Cisco Systems SG50028PK9NA - page 270

VLAN Management Vo i c e V L A N 218 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 13 STEP 4 Sel ect th e A ut o V oice VL AN Activation method. NOTE If the device is currently in T elephony OUI mode, you must disab le it bef ore you can configure Aut o V oice Vlan STEP 5 Click Apply . STEP 6 ...
Cisco Systems SG50028PK9NA - page 271

VL AN Management Vo i c e V L A N Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 219 13 Configuring V oice VL AN Proper tie s Use the V oic e VLAN Proper ties page f or the following: • V iew how voice VLAN is currently configured. • Configure the VLAN ID of the V oice VL AN. • Configur ...
Cisco Systems SG50028PK9NA - page 272

VLAN Management Vo i c e V L A N 220 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 13 - Enable T elephony OUI —Enable Dynamic V oic e VLAN in T elephony OUI mode. - Disable —Disable Aut o V oice Vlan or T elephony OUI. • Auto V oic e VL AN A ctivation —If Aut o V oice VL AN was enable ...
Cisco Systems SG50028PK9NA - page 273

VL AN Management Vo i c e V L A N Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 221 13 • Sou rce T y pe —Displays the type of source wher e the voice VLAN is discovered by the root device. • CoS/802. 1 p —Displays CoS/802. 1 p values to be use d by the LLDP -MED as a voice net work p ...
Cisco Systems SG50028PK9NA - page 274

VLAN Management Vo i c e V L A N 222 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 13 • Vo i c e V L A N I D — The identifier of the current voice VLAN. • CoS/802. 1 p — The advertis ed or configur ed CoS/802. 1 p values that are used by the LLDP-MED as a voice net work policy . • D ...
Cisco Systems SG50028PK9NA - page 275

VL AN Management Vo i c e V L A N Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 223 13 T o c onfigure T elephony OUI and/ or add a new V oice VL AN OUI: STEP 1 Click VL AN Man agement > Vo i c e V L A N > Te l e p h o n y O U I . The T elephon y OUI page cont ains the f ollowing fields ...
Cisco Systems SG50028PK9NA - page 276

VLAN Management Vo i c e V L A N 224 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 13 Adding Inter fac es to V oice VL A N on Ba sis of OUIs The QoS at tribut es can be assigne d per por t to the voice packets in one of the f ollowing mo des : • All —Quality of S er vice (QoS) value s con ...
Cisco Systems SG50028PK9NA - page 277

VL AN Management Acc e ss Po r t Multicast TV VL AN Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 225 13 Ac c e s s Por t Multic ast T V VL AN Multicast T V VL ANs enable Multicast transmissions to subscribers who are not on the same data VL AN (La yer 2-isolated), without replicating the Mu ...
Cisco Systems SG50028PK9NA - page 278

VLAN Management Acces s P ort Mu lti cas t TV V L A N 226 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 13 IGMP Sno oping Multicast T V VL AN r elies on IGMP snooping, which means that : • Subscrib ers use IGMP mess ages to join or lea ve a Multica st group. • Devi ce perf orms IG MP s no ...
Cisco Systems SG50028PK9NA - page 279

VL AN Management Acc e ss Po r t Multicast TV VL AN Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 227 13 Configuration Wo rk f l ow Configure T V VLAN with the following st ep s: 1 . D efine a T V VL AN by as sociating a M ulticast group t o a VLAN (using the Multicast Gr oup t o VLAN page) ...
Cisco Systems SG50028PK9NA - page 280

VLAN Management Cust omer P or t Multicas t TV VL AN 228 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 13 Por t Multic ast VL AN Memb ership T o define the Multi cast T V VL AN configuration: STEP 1 Click VLAN Management > A c ce s s Po r t M ul ti c as t T V VL A N > Po r t M ul ti c a ...
Cisco Systems SG50028PK9NA - page 281

VL AN Management Cust omer P or t Multicas t TV VL AN Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 229 13 All packets fr om the sub scriber to the ser vice provider network are encapsulat ed by the acce ss device with the subs criber ’ s VL AN configured as cust omer VLAN (Outer tag or S- ...
Cisco Systems SG50028PK9NA - page 282

VLAN Management Cust omer P or t Multicas t TV VL AN 230 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 13 To m a p C P E V L A N s : STEP 1 Click VLAN Management > Customer P ort Multicast T V VLAN > CPE VL AN t o VLAN. STEP 2 Click Add . STEP 3 Enter the f oll owing fiel ds: • CPE VL ...
Cisco Systems SG50028PK9NA - page 283

14 Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 231 Sp anning T re e This section de scribe s the Spanning T ree Pr otocol (STP) (IEEE802. 1D and IEEE802. 1Q) and covers the f ollowing topics: • STP Flavors • Configuring STP Status and Global S et tings • De fining Spanning Tr ee Inte ...
Cisco Systems SG50028PK9NA - page 284

Spanning Tree Configuring S TP Status and Global Settings 232 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 14 The device suppor ts the f ollowing Spanning T ree Pr ot ocol versions : • Classic STP – Provides a single path bet ween any two end stations , av oiding and eliminating lo ops . ...
Cisco Systems SG50028PK9NA - page 285

Sp anning Tree Configuring S TP Sta tus and Global Settings Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 233 14 • BPDU Handling —Sele ct how Bridge Pr ot ocol Da ta Unit (BPDU) pack ets ar e managed when STP is disabled on the por t or the device. BPDUs are used t o transmit spanning tr ...
Cisco Systems SG50028PK9NA - page 286

Spanning Tree Defining Spanning T ree Int er face S e ttings 234 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 14 • T op ology Change s Counts — The total number of S TP t opology changes that hav e occurred. • L ast T op ology Change — The time int er val that elapse d since the last ...
Cisco Systems SG50028PK9NA - page 287

Sp anning Tree Defining Spannin g T r ee In ter f ace S ettings Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 235 14 • Root Guard —Enables or disable s Root Guar d on the device. The Root Guar d option pr ovides a way t o enfor c e the r oot bridge placement in the network . Root Guar d ...
Cisco Systems SG50028PK9NA - page 288

Spanning Tree Configur ing Rapid Spann ing T ree S etting s 236 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 14 - Blo ck ing — The po r t is curr ently blocked, and cannot f or ward traffic (with the ex c eption of BPDU data) or learn MA C addresse s. - Listening — The p or t is in List ...
Cisco Systems SG50028PK9NA - page 289

Sp anning Tree Configuring R apid Spanning T r ee S ettings Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 237 14 T o enter RS TP settings : STEP 1 Click Sp anning T r ee > STP Status and Global S ettings . Enable RSTP . STEP 2 Click Sp anning T ree > RSTP In terface Settin gs . The RS ...
Cisco Systems SG50028PK9NA - page 290

Spanning Tree Configur ing Rapid Spann ing T ree S etting s 238 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 14 - Design at ed — The interface through which the bridge is connected t o the LAN, which provides the lowest co st path fr om the LAN to the R oot Bridge. - Alternat e —Provides ...
Cisco Systems SG50028PK9NA - page 291

Sp anning Tree Multiple S panning T ree Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 239 14 Multiple Sp anning T re e Multiple Spanning T ree Prot o col (MSTP) is used to separat e the S TP por t state bet ween various domains (on dif f erent VL ANs ). For e xample, while por t A is blocked ...
Cisco Systems SG50028PK9NA - page 292

Spanning Tree Mapping VL ANs to a MS TP I nstance 240 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 14 Switches int ended to be in the s ame MST r egion are never separated by switches from another MS T r egion. If they are separat ed, the region bec omes t wo separat e re gi on s . This mapp ...
Cisco Systems SG50028PK9NA - page 293

Sp anning Tree De fin ing M S TP I n s tan ce Se tt ing s Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 241 14 F or those VL ANs that are not explicitly mapped to one of the MS T instances , the device automatically maps them to the CIS T (C ore and Inte rnal Spanning T ree) instance. The CI ...
Cisco Systems SG50028PK9NA - page 294

Spanning Tree De f i n in g MS TP I nt erf ace Sett i n g s 242 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 14 • Included VL AN —Displa ys the VLANs mappe d t o the selected instance. The default mapping is that all VLANs are mapped to the common and internal spanning tr ee (CIST ) inst ...
Cisco Systems SG50028PK9NA - page 295

Sp anning Tree De fin i ng M S TP I n te rf ace Se tti ng s Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 243 14 STEP 5 Enter the parameters. • Instanc e ID —S elect the MS T instance to be configured. • Interfac e —Sele ct the interface f or which the MS TI set tings ar e t o be def ...
Cisco Systems SG50028PK9NA - page 296

Spanning Tree De f i n in g MS TP I nt erf ace Sett i n g s 244 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 14 - Bac k u p — The interface provides a b ackup path t o the designated por t path t oward the Spanning T ree le av es . Ba ck up ports occur w hen two por ts are connected in a l ...
Cisco Systems SG50028PK9NA - page 297

Sp anning Tree De fin i ng M S TP I n te rf ace Se tti ng s Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 245 14 ...
Cisco Systems SG50028PK9NA - page 298

15 Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 246 Man aging MA C A ddre s s T able s This section de scribe how to add MA C addresse s t o the syst em. It covers the f o llowing t opics : • Configuring St a tic MAC Addr es s es • Managing D ynamic MA C Addres se s • Def in i n g R e ...
Cisco Systems SG50028PK9NA - page 299

Ma nagi ng M A C Ad d r ess T a bl es Configuring Sta tic MAC Address e s Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 247 15 C onfiguring Static MA C A ddres s e s Static MAC addr ess es are assigne d t o a specific physical int erface and VL AN on the device. If that address is detected o ...
Cisco Systems SG50028PK9NA - page 300

Managing MAC Address Tables Managing Dynamic MAC Addresse s 248 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 15 Managing D yn amic MA C Addres se s The Dynamic Address T able (bridging table) c ontains the MAC addr ess es acquired by monitoring the sour ce addresse s of frames entering the d ...
Cisco Systems SG50028PK9NA - page 301

Ma nagi ng M A C Ad d r ess T a bl es De fin in g R eser v ed M A C Ad d r esses Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 249 15 D efining Re s e r ve d MA C Addre s s e s When the device receive s a frame with a De stination MAC address that b elongs to a r ese r ved range (per the IEE ...
Cisco Systems SG50028PK9NA - page 302

16 Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 250 Multic ast This section de scribe s the Multicast F or warding f eature, and covers the f ollowing top ic s : • Multicast For warding • De fining Multicast Proper tie s • Addi ng M A C Gro up Ad dr ess • Ad d in g IP Mul tica st Gr ...
Cisco Systems SG50028PK9NA - page 303

Multic ast Multicas t Forwar ding Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 251 16 F or Multicast f or warding t o work acr oss IP subnets , node s, and routers must be Multicast-capable. A Multicast -capable node must be able to: • Send and receive Multicast pack ets. • Register the ...
Cisco Systems SG50028PK9NA - page 304

Multicast Multicast F orwarding 252 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 16 The device can f or ward Multicast streams based on one of the f ollowing options: • Multicast MAC Group Addr ess • IP Multicast Group Addr ess (G) • A combination of the source IP addr ess (S) and the ...
Cisco Systems SG50028PK9NA - page 305

Multic ast Defining Multicas t Proper ties Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 253 16 I f t h e d e vi c e i s en a b l e d a s a n I G M P Qu e r i e r , i t s t a r ts a f te r 6 0 s ec on d s h ave p a s s e d with no IGMP traffic (queries) det ected fr om a Multicast rout er . ...
Cisco Systems SG50028PK9NA - page 306

Multicast Defining Multicas t Pr op er tie s 254 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 16 A common wa y of repr e senting Multicast membership is the (S, G) notation where S is the (single) sour ce send ing a Multicast stream of data, and G is the IP v 4 or IP v6 group addr ess . If a ...
Cisco Systems SG50028PK9NA - page 307

Multic ast Adding MAC Gr oup Address Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 255 16 STEP 3 Click Apply . The Running Configuration file is updated. Adding MAC Gr oup Addres s The device supp or ts f o r warding incoming Multicast traffic bas ed on the Multicast gr oup inf ormation. Thi ...
Cisco Systems SG50028PK9NA - page 308

Multicast Adding MAC Gr oup Addr ess 256 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 16 Entries that wer e crea ted both in this page a nd in the IP Multicast Gr oup Addres s page are displa y ed. For those cr eat ed in the IP Multicast Group Addr es s page, the IP addr es ses are con verte ...
Cisco Systems SG50028PK9NA - page 309

Multic ast Adding IP Multicast Gr oup Addresse s Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 257 16 Adding IP Multic ast Group Addres se s The IP Multicast G roup Addr es s page is similar t o the MAC Gr oup Addr es s page ex c ept that Multicast groups are identified by IP addr ess es . T ...
Cisco Systems SG50028PK9NA - page 310

Multicast Configuring IGMP Snooping 258 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 16 • Sourc e Sp ecific —Indicates that the entr y contains a sp ecific source, and adds the addr es s in the IP Source Address field. If not , the entr y is added as a (*,G) entr y , an IP group ad dr es ...
Cisco Systems SG50028PK9NA - page 311

Multic ast Configuring IGMP Sn ooping Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 259 16 When IGMP Snooping is enable d globally or on a VL AN, all IGMP pack ets ar e f or warded t o the CPU . The CPU analyzes the incoming packets, and det ermines the f ollowing : • Which por ts are aski ...
Cisco Systems SG50028PK9NA - page 312

Multicast Configuring IGMP Snooping 260 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 16 Ther e can be only one IGMP Querier in a network . The device suppor ts standar ds-base d IGMP Querier elec tion. So me of the values of the operational paramet ers of this table ar e sent by the elected ...
Cisco Systems SG50028PK9NA - page 313

Multic ast MLD Snooping Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 261 16 • Operational Last Memb er Quer y Inter val —Displa ys the Last Member Quer y Inter val sent by the ele ct ed querier . • Im m e d i ate L e ave —Enable Imme diat e L ea ve t o de crease the time it tak es t ...
Cisco Systems SG50028PK9NA - page 314

Multicast MLD Snooping 262 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 16 In an appr oach similar to IGMP snooping, MLD frames are snoop ed as they are f or war ded by the device from stations t o an upstream Multicast r out er and vice versa. This facility enable s a device to conclude the ...
Cisco Systems SG50028PK9NA - page 315

Multic ast Quer ying IGMP /MLD IP Multicast G r oup Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 263 16 • Operational Quer y Robustnes s —Displays the r obustnes s variable sent by the elected querier . • Quer y Inter val —Enter the Quer y Interval value to be use d by the de vice i ...
Cisco Systems SG50028PK9NA - page 316

Multicast Defining Multic ast R out er Po r ts 264 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 16 Ther e might be a dif f erence bet ween information on this page and, f or example, inf ormation displa yed in the MAC Gr oup Addr es s page . A ssuming that the system is in MAC-based groups a ...
Cisco Systems SG50028PK9NA - page 317

Multic ast Defining F orward All Multicast Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 265 16 T o statically c onfigur e or see dynamically- detect ed por ts conne ct ed to the Multicast rout er : STEP 1 Click Multic ast > Multicast Router Por t . STEP 2 Enter some or all of f ollowing ...
Cisco Systems SG50028PK9NA - page 318

Multicast D e fining Unr egistered Multicast Settings 266 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 16 IGMP or MLD mes sages ar e not f or warded to por ts defined as Fo r w a rd All . NOTE The configuration aff e cts only the por ts that are members of the selected VLAN. T o define F or ...
Cisco Systems SG50028PK9NA - page 319

Multic ast Defining Unr egister ed Multicas t Settings Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 267 16 Y ou can select a p or t t o r eceive or filter unr egist ered Multicast str eams. The configuratio n is valid f or a n y VLAN of which it is a mem ber (or will b e a member) . This f ...
Cisco Systems SG50028PK9NA - page 320

Multicast D e fining Unr egistered Multicast Settings 268 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 16 ...
Cisco Systems SG50028PK9NA - page 321

17 Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 268 IP C onfigura tion IP int er face addr es ses can b e configured manually by the user , or automatically configured by a DHCP se r ver . This se ction provides inf orm ation f o r defining the device IP address es , either manually or by m ...
Cisco Systems SG50028PK9NA - page 322

IP Configuration Over view Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 269 17 retains much of the La yer 2 functionalit y , such as Spanning T ree Pr ot ocol and VLAN memb ership. • In La yer 3 syst em mode on Sx 500 devices only , the device do es not suppor t MAC-based VL AN, D ynamic ...
Cisco Systems SG50028PK9NA - page 323

IP Configuration Over view 270 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 17 When a VLAN is configured to use dynamic IP v 4 addres ses , the device is sues DHCP v 4 requests until it is assigned an IP v 4 addr e ss from a DHCPv 4 ser ver . In Lay er 2 system mode, only the management VLAN ...
Cisco Systems SG50028PK9NA - page 324

IP Configuration Over view Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 271 17 All the IP addr es ses configured or as signed to the device ar e r ef erred to as Management IP addr es ses in this guide. If the pages f or Lay er 2 and La yer 3 ar e dif f er ent , both versions are displa yed ...
Cisco Systems SG50028PK9NA - page 325

IP Configuration IPv4 Managemen t and In terface s 272 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 17 T o configure an IP v6 loopback interface, do the f ollowing: • In Lay er 2, add a loopback inter face in the Administration > Management Interface > IP v6 Interfaces page. C onfigu ...
Cisco Systems SG50028PK9NA - page 326

IP Configuration IPv4 Management and In terface s Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 273 17 - Static —Manually define a static IP address . NOTE DHCP Option 12 (Host Name option ) is suppor ted when the device is a DHCP client . If DHCP Option 12 is received from a DHCP ser ver ...
Cisco Systems SG50028PK9NA - page 327

IP Configuration IPv4 Managemen t and In terface s 274 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 17 • Auto Configuration via DHCP —Displa ys status of Aut o Configuration f eature. Y ou can configure this fr om Administration > F ile Management > DHCP A ut o Confi gurati on . ST ...
Cisco Systems SG50028PK9NA - page 328

IP Configuration IPv4 Management and In terface s Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 275 17 • Mask —C onfigured IP addr es s mask . • Status —Results of the IP address duplication check . - Te n t a t i v e — There is no final r esult f or the IP address duplication chec ...
Cisco Systems SG50028PK9NA - page 329

IP Configuration IPv4 Managemen t and In terface s 276 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 17 ! CAUT I ON When the system is in one of the stacking modes with a Backup Master pr e sent , it is recommended to configure the IP a ddress as a static addr ess to pr event disconne cting f ...
Cisco Systems SG50028PK9NA - page 330

IP Configuration IPv4 Management and In terface s Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 277 17 NOTE Y ou cannot configur e a static r oute thr ough a directly-connected IP subnet wher e the device gets its IP addr es s from a DHCP server . • Metric —Enter the administrativ e dist ...
Cisco Systems SG50028PK9NA - page 331

IP Configuration IPv4 Managemen t and In terface s 278 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 17 • ARP Entr y Age Out —Ent er the number of sec onds that dynamic addr ess es can remain in the ARP table. A dynamic address ages out after the time it is in the table ex c eed s the ARP ...
Cisco Systems SG50028PK9NA - page 332

IP Configuration IPv4 Management and In terface s Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 279 17 • MA C Addres s —Ent er the MAC addr ess of the lo cal device. STEP 6 Click Apply . The ARP entr y is saved t o the Running Configuration file. ARP Pro x y The Pr oxy ARP technique is u ...
Cisco Systems SG50028PK9NA - page 333

IP Configuration IPv4 Managemen t and In terface s 280 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 17 UDP Rela y /IP Help er The UDP Rela y /IP Help er f eature is only a vailable when the device is in La yer 3 system mode. Switches do not typically r oute IP Br o adcast packets betwe en IP ...
Cisco Systems SG50028PK9NA - page 334

IP Configuration IPv4 Management and In terface s Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 281 17 An untrusted por t is a por t that is not allowed to assign DHCP address es. By default , all por ts are consider ed untrusted until you declar e them trust ed (in the DHCP Snooping Interfa ...
Cisco Systems SG50028PK9NA - page 335

IP Configuration IPv4 Managemen t and In terface s 282 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 17 • DHCP Inser tion - Add Option 82 info rmation t o pack ets that do not ha ve f oreign Option 82 inf ormation. • DHCP Passthrough - F or ward or r eject DHCP pack ets that contain Optio ...
Cisco Systems SG50028PK9NA - page 336

IP Configuration IPv4 Management and In terface s Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 283 17 The f ollowing de scribe s how DHCP request packets ar e handled when both DHCP Snooping and DHCP Relay ar e enabled: Option 82 Inser tion Disable d Pac ke t i s s en t without Option 82 Pa ...
Cisco Systems SG50028PK9NA - page 337

IP Configuration IPv4 Managemen t and In terface s 284 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 17 The f ollowing de scrib es how DHCP Reply pack ets ar e handled when DHCP Snooping is dis abled: Option 82 Inser tion Enabled Relay – is sen t with Option 82 Bridge – Option 82 is added ...
Cisco Systems SG50028PK9NA - page 338

IP Configuration IPv4 Management and In terface s Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 285 17 Option 82 inser tion disable d Pac ke t is sen t without Option 82 Pac ke t is sent with the original Option 82 Relay – discards Option 82 Bridge – Pac ket is sent without Option 82 Rel ...
Cisco Systems SG50028PK9NA - page 339

IP Configuration IPv4 Managemen t and In terface s 286 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 17 The f ollowing de scrib es how DHCP r eply packets ar e handled when both DHCP Snooping and DHCP Rela y ar e enabled DHCP Sno oping Binding Da tab as e DHCP Snooping builds a databas e (kno ...
Cisco Systems SG50028PK9NA - page 340

IP Configuration IPv4 Management and In terface s Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 287 17 The DHCP Snooping Binding databas e is also use d by IP Source Guar d and Dynamic ARP Inspe ction f eatures to det ermine legitimate packet sour ces . DHCP T rusted Por ts Po r ts can be ei ...
Cisco Systems SG50028PK9NA - page 341

IP Configuration IPv4 Managemen t and In terface s 288 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 17 STEP 6 Device f orwards DHCPOFFER , DHCP AC K , or DHCPNAK . The f ollowing summarize s how DHCP pack ets ar e handled fr om both trusted and untrusted por ts. The DHCP Sno oping Binding da ...
Cisco Systems SG50028PK9NA - page 342

IP Configuration IPv4 Management and In terface s Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 289 17 DHCP Sno oping Along With DHCP Rela y If both DHCP Snooping and DHCP Relay ar e globally enabled, then if DHCP Snooping is enabled on the client's VL AN, DHCP Snooping rules c ontained ...
Cisco Systems SG50028PK9NA - page 343

IP Configuration IPv4 Managemen t and In terface s 290 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 17 STEP 1 Enable DHCP Sno oping and/ or DH CP Relay in the IP C onfigura tion > DHCP > Propertie s page or in the Se curit y > DHCP Snooping > Proper ties page. STEP 2 Define the i ...
Cisco Systems SG50028PK9NA - page 344

IP Configuration IPv4 Management and In terface s Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 291 17 STEP 2 Click Apply . The set tings ar e written t o the Running Configuration file. STEP 3 T o define a DHCP ser ver , click Add . STEP 4 Enter the IP addr es s of the DHCP ser ver and clic ...
Cisco Systems SG50028PK9NA - page 345

IP Configuration IPv4 Managemen t and In terface s 292 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 17 DHCP Sno oping Binding Da tabas e See How the DHCP Snooping Binding Databas e is Built f or a de scription of how dynamic entries are added to the DHCP Snooping Binding database. Not e the ...
Cisco Systems SG50028PK9NA - page 346

IP Configuration DHCP S er ver Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 293 17 STEP 3 Enter the fields: • VL AN ID — VLAN on which packet is e xpected. • MAC Addr es s— MAC addr ess of packet . • IP Address— IP addr es s of packet . • Interfac e —Unit /Slot /Int er face ...
Cisco Systems SG50028PK9NA - page 347

IP Configuration DHCP Ser ver 294 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 17 Depe nd e n ci es Betwee n F ea tu res • It is impo ssible to configure DHCP ser ver and DHCP client on the system at the same time, meanin g: if one inter face is DHCP client enable d, it is impo ssible to e ...
Cisco Systems SG50028PK9NA - page 348

IP Configuration DHCP S er ver Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 295 17 DHCP v4 S er ver T o c onfigur e the device as a DHCP v 4 s er ver : STEP 1 Click IP Configuration > IP v 4 Management and Int erfac es > DHCP Ser ver > Proper ties to displa y the Pr oper ties page. ...
Cisco Systems SG50028PK9NA - page 349

IP Configuration DHCP Ser ver 296 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 17 • Mask —Enter one of f ollowing : - Network Mask —Che ck and ent er the pool’ s network mask . - Prefix L ength —Check and ent er the number of bits that compris e the address pr efix. • Address Poo ...
Cisco Systems SG50028PK9NA - page 350

IP Configuration DHCP S er ver Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 297 17 - Mi xe d —A combination of b -node and p-no de communications is us ed to r egister and r esolve NetBIOS name s. M-no de first uses b -nod e; then, if nece ss ar y , p-node. M-no de is typically not the b ...
Cisco Systems SG50028PK9NA - page 351

IP Configuration DHCP Ser ver 298 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 17 T o manually allocate a permanent IP addres s t o a specific client : STEP 1 Click IP Configuration > IP v 4 Management and Int erfac es > DHCP Ser ver > Static Hosts to displa y the Static Hosts page. ...
Cisco Systems SG50028PK9NA - page 352

IP Configuration DHCP S er ver Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 299 17 - Hybrid —A hybrid combination of b -node and p-node is us ed. When configured to use h-node, a computer always tries p-node first and use s b-no de only if p-node fails. This is the default . - Mi xe d — ...
Cisco Systems SG50028PK9NA - page 353

IP Configuration DHCP Ser ver 300 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 17 T o configure one or more DHCP options: STEP 1 Click IP Configuration > IP v 4 Management and Int erfac es > DHCP Ser ver > DHCP Options . The pr eviously-configured DHCP options are displa y ed.. STEP ...
Cisco Systems SG50028PK9NA - page 354

IP Configuration DHCP S er ver Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 301 17 Addres s Binding Use the Addres s Binding page to view and remov e the IP addresse s allocated by the device and their c orresponding MAC addr es se s. T o view and/ or remov e addr es s bindings: STEP 1 Clic ...
Cisco Systems SG50028PK9NA - page 355

IP Configuration IPv6 Management and In terface s 302 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 17 IP v 6 Management and Inter face s The Int ernet Prot o col version 6 (IPv6) is a net work -lay er pr ot ocol f or packet - switched int ernetworks . IP v6 was designed to r eplace IP v 4, t ...
Cisco Systems SG50028PK9NA - page 356

IP Configuration IPv6 Manag ement and I n ter f ace s Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 303 17 • Directly-attache d, meaning that the destination is directly-at tached to an interface on the device, s o that the pack et destination (which is the interface) is us ed as the next- ...
Cisco Systems SG50028PK9NA - page 357

IP Configuration IPv6 Management and In terface s 304 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 17 - Link -Layer —(D efa ult). If you sele ct this option, the MAC addr es s of the device is use d. - E nterp rise Num ber —If y ou select this option, enter the f ollowing fields . • En ...
Cisco Systems SG50028PK9NA - page 358

IP Configuration IPv6 Manag ement and I n ter f ace s Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 305 17 • Tu n n e l T y p e —(Not present f or S x 500) If the IP v6 interface is a tunnel, select its typ e: Manual or ISA T AP (se e IP v 6 T unnel ). STEP 5 T o configure the i nt er fa ...
Cisco Systems SG50028PK9NA - page 359

IP Configuration IPv6 Management and In terface s 306 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 17 STEP 7 Click Apply t o enable IP v6 proces sing on the selected interface. Regular IP v6 interfaces have the f ollowing addres ses automatically configured: • Link local addres s using EUI ...
Cisco Systems SG50028PK9NA - page 360

IP Configuration IPv6 Manag ement and I n ter f ace s Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 307 17 • Remaining Information Refresh Time —Remaining time until ne xt refresh. • DNS Ser vers —List of DNS ser vers received from the DHCPv6 se r ver . • DNS Dom ain S earch List ? ...
Cisco Systems SG50028PK9NA - page 361

IP Configuration IPv6 Management and In terface s 308 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 17 record is not r esolved, IS A T AP ho st name-to-addr ess mapping is searched in the host mapping table. - When the IS A T AP router IPv 4 addr es s is not r esolve d via the DNS proces s, t ...
Cisco Systems SG50028PK9NA - page 362

IP Configuration IPv6 Manag ement and I n ter f ace s Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 309 17 STEP 6 Enter the f ollowing fields: • Type —Displays the tunnel type : Manual or ISA T AP . • Tu n n e l S t at e —Sele ct to enable the tunnel. • L i n k S t a t u s S N M P ...
Cisco Systems SG50028PK9NA - page 363

IP Configuration IPv6 Management and In terface s 310 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 17 • ISA T AP Router Name — (For ISA T AP tunnels only) Select one of the f ollowing options to configure a global string that r epresents a spe cific aut omatic tunnel ro uter domain name. ...
Cisco Systems SG50028PK9NA - page 364

IP Configuration IPv6 Manag ement and I n ter f ace s Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 311 17 - Anycast —(La yer 3 only) The IPv6 addres s is an Any cast address . This is an address that is as signe d t o a set of inter faces that t ypically belong to differ ent no des . A pa ...
Cisco Systems SG50028PK9NA - page 365

IP Configuration IPv6 Management and In terface s 312 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 17 • Suppres s Router Adver tisement —Select Ye s to suppr ess IP v6 router advertis ement transmissions on the interface. If this f eature is not suppresse d, enter the f ollowing fields . ...
Cisco Systems SG50028PK9NA - page 366

IP Configuration IPv6 Manag ement and I n ter f ace s Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 313 17 The int er val bet ween transmis sions should be les s than or equal t o the IPv6 r outer adv er tisement lif etime if y ou configure the r out e as a default r outer by using this comm ...
Cisco Systems SG50028PK9NA - page 367

IP Configuration IPv6 Management and In terface s 314 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 17 - Prefix -Length — The length of the IP v6 prefix. A decimal value that indicat es how many of the high-or der c ontiguous bits of the addr es s compris e the pr efix (the network por tion ...
Cisco Systems SG50028PK9NA - page 368

IP Configuration IPv6 Manag ement and I n ter f ace s Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 315 17 - Offlink —C onfigures the specified prefix as offlink . The prefix will be adver tised with t he L -bit clear . The prefix will not be ins er ted into the r outing table as a connect ...
Cisco Systems SG50028PK9NA - page 369

IP Configuration IPv6 Management and In terface s 316 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 17 • Metric —Cost of this hop. STEP 2 Click Add t o add a static default rout er . STEP 3 Enter the f oll owing fiel ds: • Nex t Hop — The IP addres s of the ne xt destination to which ...
Cisco Systems SG50028PK9NA - page 370

IP Configuration IPv6 Manag ement and I n ter f ace s Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 317 17 T o define IP v6 neighbors : STEP 1 In La yer 2 syst em mode, click Ad ministra tion > Management In ter face > IP v6 Neighb ors . In La yer 3 syst em mode, click IP C onfiguratio ...
Cisco Systems SG50028PK9NA - page 371

IP Configuration IPv6 Management and In terface s 318 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 17 STEP 3 Ent er values f or the f ollowing fields : • Interfac e — The neighboring IP v6 interface to be added. • IP v 6 Addre ss —Ent er the IP v6 network address as signed to the int ...
Cisco Systems SG50028PK9NA - page 372

IP Configuration IPv6 Manag ement and I n ter f ace s Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 319 17 T o creat e a pr efix list: STEP 1 (In Lay er 3) Click IP Configuration > IP v 6 Management Interfac es > IP v6 Pref ix List . -or (In Lay er 2)Click A dministration > IP v 6 M ...
Cisco Systems SG50028PK9NA - page 373

IP Configuration IPv6 Management and In terface s 320 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 17 • Lower Than —Maximum pr efix length to be used f or matching. Select one of the f o llowing options: - No L i mi t —No maxi mum pr efix le ngth t o be used f or matching. - Us er D ef ...
Cisco Systems SG50028PK9NA - page 374

IP Configuration IPv6 Manag ement and I n ter f ace s Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 321 17 network . Only one link local address is suppor ted. If a link local address ex ists on the int erface, this entr y replaces the address in the configuration. - Glo b al —An IP v6 add ...
Cisco Systems SG50028PK9NA - page 375

IP Configuration IPv6 Management and In terface s 322 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 17 • Int er face List — This is a per -int er face list of DHCP v6 ser vers . When a DHCP v6 packet is r e ceived on an interface, the packet is rela yed both t o the ser vers on the interf ...
Cisco Systems SG50028PK9NA - page 376

IP Configuration Domain Name Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 323 17 Enter the fields: • Sourc e Interfac e —Sele ct the interface (por t , LAG, VLAN or tunnel) f or which DHCP v6 Rela y is enabled. • Us e Global D e stinations Only —S elect to f or ward packets t o the ...
Cisco Systems SG50028PK9NA - page 377

IP Configuration Do m a i n N am e 324 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 17 • Polling Time out —Ent er the numb er of seconds that the devic e will wait f or a response to a DNS query . • Polling Inter val —Ent er how often (in seconds) the device sends DNS quer y pack ets ...
Cisco Systems SG50028PK9NA - page 378

IP Configuration Domain Name Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 325 17 - Link L o cal — The IP v6 addres s uniquely identifies hosts on a single network link . A link lo cal address has a prefix of FE80 , is not r outable, and can be use d f or c ommunication only on the local n ...
Cisco Systems SG50028PK9NA - page 379

IP Configuration Do m a i n N am e 326 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 17 Ho st Mapping Host name/IP address mappings are st or ed in the Host Mapping T able (DNS cache). This cache can contain the f ollowing typ e of entries : • Static Entries — The se are mapping pairs tha ...
Cisco Systems SG50028PK9NA - page 380

IP Configuration Domain Name Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 327 17 - No Resp onse — There was no r esponse, but system can tr y again in future. • TT L — If this is a dynamic entr y , how long will it remain in the cache. • Remaining T TL — If this is a dynamic entr ...
Cisco Systems SG50028PK9NA - page 381

IP Configuration Do m a i n N am e 328 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 17 ...
Cisco Systems SG50028PK9NA - page 382

IP Configuration Domain Name Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 329 17 ...
Cisco Systems SG50028PK9NA - page 383

IP Configuration Do m a i n N am e 330 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 17 ...
Cisco Systems SG50028PK9NA - page 384

IP Configuration Domain Name Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 331 17 ...
Cisco Systems SG50028PK9NA - page 385

IP Configuration Do m a i n N am e 332 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 17 ...
Cisco Systems SG50028PK9NA - page 386

IP Configuration Domain Name Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 333 17 ...
Cisco Systems SG50028PK9NA - page 387

IP Configuration Do m a i n N am e 334 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 17 ...
Cisco Systems SG50028PK9NA - page 388

IP Configuration Domain Name Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 335 17 ...
Cisco Systems SG50028PK9NA - page 389

IP Configuration Do m a i n N am e 336 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 17 ...
Cisco Systems SG50028PK9NA - page 390

IP Configuration Domain Name Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 337 17 ...
Cisco Systems SG50028PK9NA - page 391

IP Configuration Do m a i n N am e 338 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 17 ...
Cisco Systems SG50028PK9NA - page 392

19 Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 379 IP C onfigura tion: RIP v2 This section de scrib es the Routing Inf ormat ion Pr otocol (RIP) version 2 f eature. It covers the f ollowin g t opics: • O ver view • How Rip Operates on the D evice • Con fig u r i n g R I P NOTE RIP is ...
Cisco Systems SG50028PK9NA - page 393

IP Configuration: RIPv2 How Rip Opera tes on the Device 380 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 19 • RFC2453 RIP V ersion 2, November 1998 • RFC2082 RIP -2 MD5 Authentication, Januar y 1997 • RFC 1724 RIP V ersion 2 MIB Extension Received RIP v 1 packets ar e dr opped. How Rip ...
Cisco Systems SG50028PK9NA - page 394

IP Configuration: RIP v2 How Rip Opera tes on the D evice Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 381 19 It is your r esponsibilit y t o set the offset f or each interface ( 1 by default) . The f ollowing illustrates the configurat ion of the metric offset f or various interface s, b a ...
Cisco Systems SG50028PK9NA - page 395

IP Configuration: RIPv2 How Rip Opera tes on the Device 382 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 19 See RIP v2 S ettings on an IP Inter face fo r m o r e i n fo r m a t i o n . F iltering Routing Updates Y ou can filt er incoming and outgoing rout es f or a giv en IP int er face usin ...
Cisco Systems SG50028PK9NA - page 396

IP Configuration: RIP v2 How Rip Opera tes on the D evice Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 383 19 If th ese f eatu r es ar e ena bl ed, r eject ed r o ut es ar e adv er ti sed b y r out es wi th a metric of 16. The rout e c onfigurations can be propagat ed using one of the f oll ...
Cisco Systems SG50028PK9NA - page 397

IP Configuration: RIPv2 How Rip Opera tes on the Device 384 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 19 Using RIP in Net work with Non-Rip D evice s Static r oute configuration and connected inter faces must be taken into account when using RIP . This is shown in the f ollowing, which il ...
Cisco Systems SG50028PK9NA - page 398

IP Configuration: RIP v2 Configuring RIP Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 385 19 • MD5 —Use s MD5 digest authentication. Each rout er is configured with a set of secret ke ys. This s et is called a ke y c ha i n . Each k ey chain consists of one or mor e ke ys. Each key has ...
Cisco Systems SG50028PK9NA - page 399

IP Configuration: RIPv2 Configuring RIP 386 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 19 - Configure the offset added to the metric f or incoming rout es on an IP int er face, using the RIP v2 Set tings page. - Enable passive mode on an IP interface, using the RIP v2 S ettings page. - Con ...
Cisco Systems SG50028PK9NA - page 400

IP Configuration: RIP v2 Configuring RIP Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 387 19 STEP 3 Re distribute Static Route —Select to enable this f eature (des cribed in Redistribution Fe ature . STEP 4 If Re distribute Static Route is enabled, sele ct an option f or the Redistribute ...
Cisco Systems SG50028PK9NA - page 401

IP Configuration: RIPv2 Configuring RIP 388 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 19 RIP v2 S et tings on an IP Interface T o c onfigur e RIP on an IP int er face : STEP 1 Click IP Configuration > RIP v2 > RIP v2 S et tings . STEP 2 RIP paramet ers ar e displa yed per IP int erf ...
Cisco Systems SG50028PK9NA - page 402

IP Configuration: RIP v2 Configuring RIP Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 389 19 • Key Pas sw ord —If Te x t was selected as the authentication t ype, enter the pas sword to be used. • Key Ch a in —If MD5 was sele ct ed as the authentication mode, enter the ke y chain to ...
Cisco Systems SG50028PK9NA - page 403

IP Configuration: RIPv2 Configuring RIP 390 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 19 STEP 2 T o clear al l interface c ount ers , click Clear All Interface Counters . Displa ying the RIP v2 Pe ers Datab ase T o view the RIP P e ers (neighbors) database: STEP 1 Click IP Configuration & ...
Cisco Systems SG50028PK9NA - page 404

IP Configuration: RIP v2 Configuring RIP Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 391 19 Creating an Ac ce s s List T o s et the global configuration of an acces s list . STEP 1 Click IP C onfigura tion > Ac ce ss Li st > Acce ss Lis t Setting s . STEP 2 T o add a new Acc es s Lis ...
Cisco Systems SG50028PK9NA - page 405

IP Configuration: RIPv2 Configuring RIP 392 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 19 • Sourc e IP v4 Addres s —Source IP v 4 addr ess . The f o llowing options ar e available: - An y —All IP addr es ses are included. - Us er D ef in e d —Enter an IP addr e ss . • Sou r ce IP ...
Cisco Systems SG50028PK9NA - page 406

20 Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 393 IP C onfigura tion: VRRP This chapter describe s how V ir tual Router R edundancy Prot o col ( VRRP) works and how t o configure virtual rout ers running VRRP thr ough the WEB GUI. NOTE The SF500 models do not supp ort the VRRP f eature. I ...
Cisco Systems SG50028PK9NA - page 407

IP Configuration: VRRP Over view 394 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 20 Co n s tr ai n ts VRRP is only suppor ted on S G500 X /ESW2-55 0X swit ches. VRRP T opolo gy The f ollowing shows a L AN topology in which VRRP is configured. In this example, Rout ers A , B and C are VRRP a ...
Cisco Systems SG50028PK9NA - page 408

IP Configuration: VRRP Over view Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 395 20 Rout er B and C function as a vir tual router backups . If the vir tual rout er mast er fails, the rout er configured with the higher priority be comes the vir tual rout er master and pr ovides ser vice to ...
Cisco Systems SG50028PK9NA - page 409

IP Configuration: VRRP Over view 396 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 20 Load Sharing VRRP T op ology In this t opolo gy , t wo vir tual rout ers ar e configured. F o r vir tual r out er 1 , rA is the owner of IP address 192. 168.2. 1 and is the vir tual rout er mast er , and rB ...
Cisco Systems SG50028PK9NA - page 410

IP Configuration: VRRP Configur able Elemen ts of VRRP Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 397 20 C onfigurable Elements of VRRP A vir tual r outer must be assigned an uniqu e virtual rout er identifier ( VRID) among all the vir tual r out ers on the same LAN. All VRRP rout ers sup ...
Cisco Systems SG50028PK9NA - page 411

IP Configuration: VRRP Configur able E lemen ts o f VRRP 398 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 20 • If ther e is at least one VRRP r out er of the virtual router operating in both VRRP v2 and VRRPv3. In this case , config ur e your VRRP r out er t o operate in VRRP v3 even tho u ...
Cisco Systems SG50028PK9NA - page 412

IP Configuration: VRRP Configur able Elemen ts of VRRP Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 399 20 All the VRRP r outers supporting the same vir tual rout er must ha ve the same configuration. If the configur ations are dif f erent , the configuration of the master is used. A b acku ...
Cisco Systems SG50028PK9NA - page 413

IP Configuration: VRRP Configuring VRRP 400 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 20 • Enabled - When a VRRP r oute r is config ur ed with higher priorit y than the current mast er is up, it r eplaces the current master . • Disabled - Even if a VRRP r outer with a higher priority ...
Cisco Systems SG50028PK9NA - page 414

IP Configuration: VRRP Configuring VRRP Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 401 20 • Descr i p ti o n —User -defined string identif ying vir tual r outer . • Status —Sele ct t o enable VRRP on the device. • Ve r s i o n —Sele ct the version of VRR P t o be use d on this ...
Cisco Systems SG50028PK9NA - page 415

IP Configuration: VRRP Configuring VRRP 402 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 20 • Status —Is VRRP enabled. • IP Address O wner — The owner of the IP address of the vir tual rout er . • Master /B ackup Status —Is the virtual rout er the mast er or backup. • Skew T im ...
Cisco Systems SG50028PK9NA - page 416

IP Configuration: VRRP Configuring VRRP Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 403 20 • In valid VRRP Pack et T ype —Displays number of packets with in valid VRRP packet types . • In valid VRRP ID —Displays number of pack ets with in valid VRRP IDs. • In valid Prot ocol Numb ...
Cisco Systems SG50028PK9NA - page 417

18 Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 328 Sec u r i t y This section de scrib es device s ecurit y and acces s control. The syst em handles various typ es of se curit y . The f ollowing list of topics des cribes the various t ype s of securit y f eatures des cribed in this se ctio ...
Cisco Systems SG50028PK9NA - page 418

Secu r ity De fin i ng U ser s Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 329 18 • Co nfiguring T AC A C S+ • Configurin g R ADIUS • Configurin g Por t Se curit y • 802. 1 X • De fining Time Ranges Prot e ction fr om other ne twork users is describ ed in the f ollowing sections ...
Cisco Systems SG50028PK9NA - page 419

Security De fin i ng Us er s 330 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 18 NOTE It is not permitted to delet e all users . If all users are selected, the De l e t e button is disabled. T o add a new user : STEP 1 Click Adm in ist ra tion > Us er Acco un ts . This page displays the u ...
Cisco Systems SG50028PK9NA - page 420

Secu r ity De fin i ng U ser s Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 331 18 - Read / Wr i te M anag em en t Access ( 15 ) —User can acce ss the GUI, and can configure the device. STEP 5 Click Apply . The user is added to the Running Configuration file of the device. Set ting Passwo ...
Cisco Systems SG50028PK9NA - page 421

Security Configuring T ACACS+ 332 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 18 • Do not r epeat or reverse the manufacturers name or any variant reached by changing the case of the charact ers. STEP 4 If the Password Complexit y S et tings are enabled, the f ollowing parameters may be c ...
Cisco Systems SG50028PK9NA - page 422

Secu r ity Configuring T ACACS+ Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 333 18 • Authoriza tion —P er f orme d at login. Af t er the authentication ses sion is completed, an authorization s es sion star ts using the authenticated username. The T ACACS+ ser ver then checks user priv ...
Cisco Systems SG50028PK9NA - page 423

Security Configuring T ACACS+ 334 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 18 The f ollowing information is sent to the T AC ACS+ ser ver by the device when a user lo gs in or out: Def au l t s The f ollowing defaults are r elevant t o this f eature: • No default T A CACS+ ser ver is d ...
Cisco Systems SG50028PK9NA - page 424

Secu r ity Configuring T ACACS+ Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 335 18 STEP 3 Select TA C A C S + in the Management Acce ss Authentication page, so that when a user logs onto the device, authenticati on is per f ormed on the T ACA CS+ ser ver instead of in the local database. N ...
Cisco Systems SG50028PK9NA - page 425

Security Configuring T ACACS+ 336 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 18 • Sou r ce IPv4 —(In La yer 3 syst em mode only) Select the devic e IPv 4 source interface to be used in me s sages sent for communication with the TA C A C S + s e r v e r. • Sou r ce I Pv6 —(In Lay er ...
Cisco Systems SG50028PK9NA - page 426

Secu r ity Configuring T ACACS+ Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 337 18 • Priorit y —Ent er the or der in which this T A CACS+ ser ver is used. Z er o is the highest priorit y T ACA CS+ ser ver and is the first ser ver use d. If it cannot establish a session with the high pr ...
Cisco Systems SG50028PK9NA - page 427

Security Configur ing R ADIUS 338 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 18 C onfiguring R ADIUS Remot e Authorization Dial-In User Ser vic e (R ADIUS) ser vers provide a centralized 802. 1 X or MAC-based network acc es s control. The device is a R ADIUS client that can use a R ADIUS s ...
Cisco Systems SG50028PK9NA - page 428

Secu r ity Configuring RADIUS Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 339 18 Interactions With O ther Features Y ou cannot enable acc ounting on both a R ADIUS and T ACA CS+ s er ver . Radius Workflow T o us er a R ADIUS ser ver , do the f ollowing : STEP 1 Open an acc ount f or the de ...
Cisco Systems SG50028PK9NA - page 429

Security Configur ing R ADIUS 340 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 18 • Dea d T i m e —Enter the number of minut es that elaps e bef ore a non- responsive R ADIUS ser ver is bypas se d f or s er vic e r eque sts. If the value is 0 , the ser ver is not bypas se d. • Key St r ...
Cisco Systems SG50028PK9NA - page 430

Secu r ity Configuring RADIUS Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 341 18 - Glo b al — The IP v6 address is a glob al Unicast IPV 6 t ype that is visible and r eachable from other networks . • Link Loc al Inter face —Sele ct the link local inter face (if IPv6 Ad dr es s T ype ...
Cisco Systems SG50028PK9NA - page 431

Security Key M anag eme nt 342 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 18 - All —R ADIUS ser ver is use d f or authenticating user that ask t o administer the device and f or 802. 1 X authentication. STEP 6 T o display sensitive data in plaint ext f orm in the c onfiguration file, cli ...
Cisco Systems SG50028PK9NA - page 432

Secu r ity Key Ma na ge me nt Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 343 18 - User Defined (Plain tex t)— Ent er a plainte xt version NOTE Both the Acce pt Lif e T ime and the Send Lif e T i me values can be enter ed. The Accept Lif e T ime indicate s when the key-identifier f or re ...
Cisco Systems SG50028PK9NA - page 433

Security Key M anag eme nt 344 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 18 Creating a K ey Set tings Use the Ke y Chain Set tings page t o add a k ey t o an alr eady e xisting k ey chain. STEP 1 Click Sec ur i ty > Ke y M an a g e m en t > Ke y S e t ti n g s . STEP 2 T o add a new ...
Cisco Systems SG50028PK9NA - page 434

Secu r ity Management Acce ss Method Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 345 18 - Day s —Number of days that the k e y-identifier is valid. - Ho ur s —Numb er of hours that the ke y-identifier is valid. - Mi nu t e s —Number of minut es that the ke y-identifier is vali d. - S ...
Cisco Systems SG50028PK9NA - page 435

Security Management Acce ss Method 346 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 18 • Sourc e IP Address —IP addres ses or subnets . Acc es s t o management methods might diff er among user groups. For e xample, one user gr oup might be able to acce ss the devic e module only by using ...
Cisco Systems SG50028PK9NA - page 436

Secu r ity Management Acce ss Method Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 347 18 A caution mes sage displays if you selected any other acces s profile, warning you that , depending on the s elected acces s profile, y ou might be disc onnected fr om the web- base d configuration util ...
Cisco Systems SG50028PK9NA - page 437

Security Management Acce ss Method 348 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 18 - All — A p p l i es to al l po r ts, VLA N s, a n d LA Gs. - Us er D ef in e d —Applie s t o selected interfac e. • Interfac e —Ent er the interface numb er if User Define d was sele ct ed. • Ap ...
Cisco Systems SG50028PK9NA - page 438

Secu r ity Management Acce ss Method Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 349 18 STEP 1 Click Secu r i ty > Mgmt Ac c es s Metho d > Profile Rules . STEP 2 Sele ct the Filt er field, and an acce ss profile. Click Go . The selected acce ss profile appears in the Pr ofile Rule T ...
Cisco Systems SG50028PK9NA - page 439

Security Management Acce ss Authentica tion 350 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 18 • Interfac e —Ent er the interface number . • Applies to S ource IP Addres s —Select the t ype of s our ce IP address to which the acces s profile applies. The Sou r ce I P Ad dre ss field ...
Cisco Systems SG50028PK9NA - page 440

Secu r ity Se cure Sensitive Da ta Managemen t Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 351 18 If an authentication method fails or the us er has insuff icient privilege level, the user is de ni ed a ccess t o the de vi ce. In ot he r wor ds, if authentication fails at an authentication ...
Cisco Systems SG50028PK9NA - page 441

Security SSL Serve r 352 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 18 SS L Se r ve r This se ction describ es the Se cur e Socket Lay er (SS L ) f eature. S SL O ver view The Secure Socket La yer (SS L) f eature is used to open an HTTPS ses sion to the device. An HTTPS s es sion may be op ...
Cisco Systems SG50028PK9NA - page 442

Secu r ity SSL Serve r Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 353 18 • Va l i d T o — Sp ecifies the date up to which the cer tificate is valid. • Cer tificate Source— Spe cifies whether the c er tificate was generat ed by the syst em (Aut o Generat ed) or the user (User D efi ...
Cisco Systems SG50028PK9NA - page 443

Security SSH Serve r 354 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 18 • Private K ey (Encr ypted) —S elect and copy in the RS A private k ey in encr ypted f o rm. • Priva te K ey (Plain text) —Select and copy in the RSA private ke y in plain te x t fo r m . STEP 4 Click Displa y S ...
Cisco Systems SG50028PK9NA - page 444

Secu r ity Configuring T CP /UDP S er vic es Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 355 18 • Te l n e t —Disabled by fact or y default • SSH —Disabled by factor y default The active T CP c onnections are also display ed in this window . T o c onfigure T CP /UDP se r vice s: ST ...
Cisco Systems SG50028PK9NA - page 445

Security Defining St orm Cont rol 356 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 18 • Loc al IP Addre ss —L ocal I P a d dr es s t hr ough w h ich the device is off ering the ser v ice. • Loc al Por t —L o cal UDP por t through which the device is of f ering the s er vice. • Appl ...
Cisco Systems SG50028PK9NA - page 446

Secu r ity Configuring P or t S ecurit y Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 357 18 • Storm C ontrol Mode —Select one of the mode s: - U n kn own U nicas t, M u lti cast & B r oadc ast —Counts unknown Unicast , Br oadcast , and Multicast tra ffic towar ds the bandwidth th ...
Cisco Systems SG50028PK9NA - page 447

Security Configuring P or t Se curit y 358 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 18 When a frame fr om a new MA C addr es s is det ected on a port where it is not authorized (the por t is clas sically locked, and there is a new MAC addr ess , or the por t is dynamically locked, and th ...
Cisco Systems SG50028PK9NA - page 448

Secu r ity 802 . 1 X Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 359 18 - Sec u r e Pe rma nen t —K eeps the current dynamic MAC addr e sse s as sociated with the por t and learns up to the maximum number of addr es ses allowed on the p or t ( set by Ma x N o . of Add r esses A l lo wed ...
Cisco Systems SG50028PK9NA - page 449

Security Denial of Ser vice Preven tion 360 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 18 D enial of S er vic e Prevention A Denial of Ser vice (DoS) at tack is a hack er at tempt t o make a dev ice unavailable to i t s u s e rs . DoS attacks s aturat e the device with ext ernal communicat ...
Cisco Systems SG50028PK9NA - page 450

Secu r ity Denial of S er vice Preven tion Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 361 18 • Mar tian Address es —Mar tian address es are illegal from the point of view of the IP prot oc ol. See Ma r t ia n A d dr esses f or more details. • ICMP Attack —Sending malformed ICMP pa ...
Cisco Systems SG50028PK9NA - page 451

Security Denial of Ser vice Preven tion 362 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 18 • Pr event T CP co nnections from a specific interface (SYN F i lt ering page) and rate limit the packets (S YN Rate Pr ot ection page) • Configure the blocking of cer tain ICMP packets (ICMP F il ...
Cisco Systems SG50028PK9NA - page 452

Secu r ity Denial of S er vice Preven tion Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 363 18 STEP 1 Click Secu r i ty > Deni al of Ser vic e Prevention > Se curit y Suite Set tings . The Sec u r i ty S ui te Se t tin gs displays. CPU Protection Me chanism: Enable d indicat es that S ...
Cisco Systems SG50028PK9NA - page 453

Security Denial of Ser vice Preven tion 364 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 18 SYN Protection The network por ts might be use d by hackers t o attack the devic e in a S YN attack , which consume s T CP resources (buf f ers ) and CPU power . Since the CPU is prot e ct ed using SC ...
Cisco Systems SG50028PK9NA - page 454

Secu r ity Denial of S er vice Preven tion Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 365 18 • Current Status —Int erface status . The pos sible values are: - Nor m al —No attack was ident ified on this inter face. - Blo cke d — T raff ic is not f or warded on this inter face. - A ...
Cisco Systems SG50028PK9NA - page 455

Security Denial of Ser vice Preven tion 366 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 18 STEP 3 T o add a Mar tian addres s click Add . STEP 4 En te r t h e p a r a me te r s . • IP V ersion —Indicates the suppor ted IP version. Curr ently , supp or t is only o f fe r e d fo r I P v4 ...
Cisco Systems SG50028PK9NA - page 456

Secu r ity Denial of S er vice Preven tion Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 367 18 - Us e r De f i ne d —Enter a port number . - All Por ts —S elect to indicat e that all por ts are filt ered. STEP 4 Click Apply . The S YN filt er is defined, and the Running C onfiguration f ...
Cisco Systems SG50028PK9NA - page 457

Security Denial of Ser vice Preven tion 368 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 18 STEP 4 Click Apply . The S YN rat e pr ot ection is define d, and the Running C onfiguration is updated. ICMP Filtering The ICMP Filt ering page enables the blo cking of ICMP pack ets from cert ain so ...
Cisco Systems SG50028PK9NA - page 458

Secu r ity DHCP Sno oping Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 369 18 • Interfac e —Sele ct the interface on which the IP fragmentation is being defined. • IP Addres s —Enter an IP network from which the fragment ed IP packets is filt ered or select All Addres s es to bl ock ...
Cisco Systems SG50028PK9NA - page 459

Security IP S ource Guard 370 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 18 • DHCP Snooping must b e globally enabled in order t o enable IP Source Guard on an int er face. • IP source guard can be active on an int er face only if: - DHCP Snooping is enabled on at least one of the por ...
Cisco Systems SG50028PK9NA - page 460

Secu r ity IP S ource Guard Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 371 18 C onfiguring IP Sourc e Guard W ork Flow T o c onfigure IP Sour ce Guard: STEP 1 Enable DHCP Snooping in the IP Configurat ion > DHCP > Pr oper ties page or in the Securit y > DHCP Snooping > Proper ...
Cisco Systems SG50028PK9NA - page 461

Security IP S ource Guard 372 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 18 STEP 1 Click Sec ur i ty > IP Sourc e Guard > Interface S et tings. STEP 2 Sele ct por t /L AG from the Fil t er field and click Go . The por ts/LAGs on this unit ar e display ed along with the f ollowing: ? ...
Cisco Systems SG50028PK9NA - page 462

Secu r ity ARP Inspe ction Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 373 18 The entries in the Binding datab ase are displa yed: • VL AN ID — VLAN on which packet is e xpected. • MAC Addr es s— MAC a ddr ess to be mat ched. • IP Address— IP addr es s t o be matched. • Inter ...
Cisco Systems SG50028PK9NA - page 463

Security ARP Inspection 374 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 18 The f ollowing shows an example of ARP cache poisoning. ARP Cache Pois oning Hosts A , B, and C are connected to the swit ch on int er faces A , B and C, all of which ar e on the same subnet . Their IP , MAC addr ess ...
Cisco Systems SG50028PK9NA - page 464

Secu r ity ARP Inspe ction Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 375 18 • T rusted — Packets ar e not inspected. • Untrusted — Packets ar e insp ected as describe d above. ARP inspec tion is per f ormed only on untrust ed interfac es . ARP pack ets that ar e r eceived on the ...
Cisco Systems SG50028PK9NA - page 465

Security ARP Inspection 376 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 18 Interaction B et ween ARP Insp ect i o n a n d D H C P S n oo p i ng If DHCP Snooping is enabled, ARP Insp ection us es the DHCP Snooping Binding database in add ition t o the ARP acce ss c ontro l rules . If DHCP Sn ...
Cisco Systems SG50028PK9NA - page 466

Secu r ity ARP Inspe ction Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 377 18 STEP 1 Click Securi ty > ARP Inspection > Proper ties . Enter the f ollowing fields : • ARP Insp ec tion Status — Select to enable ARP Inspe ction. • ARP P ack et V alidation— Select to enable the f ...
Cisco Systems SG50028PK9NA - page 467

Security ARP Inspection 378 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 18 STEP 3 Sel ect Tr u s t e d or Untrusted and click Apply t o save the set tings to the Running Configurat ion file. Def i ni n g A R P I n spect io n Access Con tr ol T o add entries to the ARP Inspection table: STEP ...
Cisco Systems SG50028PK9NA - page 468

Secu r ity F irst Hop Se curit y Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 379 18 D efining ARP Insp e ction VL AN S et tings T o enable ARP Inspe ction on VLANs and as sociate Acce ss Control Gr oups with a VL AN: STEP 1 Click Securi ty > ARP Inspection > VL AN Set tings . STEP 2 ...
Cisco Systems SG50028PK9NA - page 469

Security Fir st H o p S ec u ri t y 380 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 18 ...
Cisco Systems SG50028PK9NA - page 470

19 Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 381 S e curit y : 802. 1 X Authentic a tion This section de scribe s 802. 1 X authentication. It covers the f ollowin g t opics: • O ver view of 802. 1 X • Authenticator Ov er view • Common T asks • 802. 1 X C onfiguration Through the ...
Cisco Systems SG50028PK9NA - page 471

Security: 802.1X Authentication Over view o f 802. 1 X 382 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 19 This is described in the figur e b elow: A network devic e can be either a client / s upplicant , authen ticat or or both per p or t . Client or Supplicant A client or supplicant is a n ...
Cisco Systems SG50028PK9NA - page 472

Se curit y : 802. 1 X Authentic a tion Authentica tor Ov er view Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 383 19 See Por t Ho st Mo des f or more inf ormation. The f ollowing aut hentication methods are suppor ted: • 802. 1 x-based —Suppor ted in all authentication modes . • MAC-b ...
Cisco Systems SG50028PK9NA - page 473

Security: 802.1X Authentication Authen tica tor Over view 384 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 19 • f orce-unauthorized Port authentication is dis abled and the p or t transmits all traf fic via the guest VLAN and unauthenticated VL ANs . F or mor e inf ormation s ee D efining ...
Cisco Systems SG50028PK9NA - page 474

Se curit y : 802. 1 X Authentic a tion Authentica tor Ov er view Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 385 19 When a por t is unauthorized and a gue st VL AN is enabled, untagged traf fic is remapped to the guest VLAN. T agge d traffic is dropped unle ss it b elongs t o the guest VL ...
Cisco Systems SG50028PK9NA - page 475

Security: 802.1X Authentication Authen tica tor Over view 386 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 19 - SG500X G Multiple Authenti c a tion Methods If mor e than one authentication method is enabled on the switch, the f ollowing hierarch y of authentication methods is applied: • 80 ...
Cisco Systems SG50028PK9NA - page 476

Se curit y : 802. 1 X Authentic a tion Authentica tor Ov er view Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 387 19 This is descr ibed in the following: Figur e 1 802. 1 x-B as e d Authentication MAC-Bas e d Authentication MAC-based authentication is an alternativ e t o 802. 1 X authentica ...
Cisco Systems SG50028PK9NA - page 477

Security: 802.1X Authentication Authen tica tor Over view 388 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 19 WEB -B as e d Authentication WEB-b ased authentication is us ed to authe nticate end users who r equest ac ces s to a network through a swit ch. It enable s clients dir ectly conne c ...
Cisco Systems SG50028PK9NA - page 478

Se curit y : 802. 1 X Authentic a tion Authentica tor Ov er view Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 389 19 After authent ication is complet ed, the switch f or wards all tra ffic arriving fr om the client on the por t , as shown in the figure below . Figur e 3 WEB -B ase d Authent ...
Cisco Systems SG50028PK9NA - page 479

Security: 802.1X Authentication Authen tica tor Over view 390 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 19 NOTE • When web-bas ed authenticati on is not suppor t ed, guest VLAN and D V A cannot be configured in multi-s ess ion mode. • When web -base d authentication is suppor ted, gue ...
Cisco Systems SG50028PK9NA - page 480

Se curit y : 802. 1 X Authentic a tion Authentica tor Ov er view Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 391 19 Ho st Mode s with Gue st VL AN The host mo des work with gue st VLAN in the f ollowing wa y : • Single-Host and Mult i-Host Mode Untagged traf fic and tagged traffic b elon ...
Cisco Systems SG50028PK9NA - page 481

Security: 802.1X Authentication Authen tica tor Over view 392 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 19 F or a device to be authenticat ed and authorized at a por t which is D V A-enabled: • The R ADIUS se r ver must authenticat e the device and dynamically as sign a VLAN to the devi ...
Cisco Systems SG50028PK9NA - page 482

Se curit y : 802. 1 X Authentic a tion Authentica tor Ov er view Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 393 19 Viola tion Mo de In single-host mode you can c onfigur e the action to be taken when an unauthorized host on authorized por t at t empts t o acce ss the inter face. This is d ...
Cisco Systems SG50028PK9NA - page 483

Security: 802.1X Authentication Common T asks 394 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 19 C ommon T asks W ork flow 1 : T o enable 802. 1 x authentication on a p or t: STEP 1 Click Securit y > 802. 1 X /MAC/Web A u thentication > Pr oper ties . STEP 2 Enable P ort-based Authent ...
Cisco Systems SG50028PK9NA - page 484

Se curit y : 802. 1 X Authentic a tion Comm on T asks Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 395 19 STEP 4 Click Apply , and the Running Configuration file is updated. Use the Copy Settings button t o copy settings from one port to another . W ork flow 4: T o configure the quiet p eri ...
Cisco Systems SG50028PK9NA - page 485

Security: 802.1X Authentication 802. 1 X Configura tion Through the GUI 396 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 19 802. 1 X C onfigura tion Thr ough the GUI D efining 802. 1 X Prop er tie s The 802. 1 X Pr oper ties page is used to globally enable 802. 1 X and define how por ts are ...
Cisco Systems SG50028PK9NA - page 486

Se curit y : 802. 1 X Authentic a tion 802. 1 X C on figur a tion Thr ough the GUI Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 397 19 - If the por t state changes from Authorized to Not A ut h o ri z e d , the por t is added to th e guest VL AN only aft er the Gue s t VL A N time out has e ...
Cisco Systems SG50028PK9NA - page 487

Security: 802.1X Authentication 802. 1 X Configura tion Through the GUI 398 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 19 STEP 1 Click Sec ur i ty > 802. 1 X /MAC/ W eb Authentication > Por t Authentication . This page displays authentication settings f or all por ts . STEP 2 Select ...
Cisco Systems SG50028PK9NA - page 488

Se curit y : 802. 1 X Authentic a tion 802. 1 X C on figur a tion Thr ough the GUI Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 399 19 After an authentication failur e, and if guest VL AN is activated globally on a given por t , the guest VL AN is automatically assigned to the unauthorized ...
Cisco Systems SG50028PK9NA - page 489

Security: 802.1X Authentication 802. 1 X Configura tion Through the GUI 400 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 19 • Maximum WBA Login A t tempts —A vail able only in La yer 2 swit ch mode. Ent er the maximum number of login attempts allowed on the interface. Sele ct either Infi ...
Cisco Systems SG50028PK9NA - page 490

Se curit y : 802. 1 X Authentic a tion 802. 1 X C on figur a tion Thr ough the GUI Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 401 19 T o define 802. 1X advanced set tings f or p ort s: STEP 1 Click Secu r i ty > 802. 1 X /MAC/ W eb Authentication > Ho st and Se s sion Authentication ...
Cisco Systems SG50028PK9NA - page 491

Security: 802.1X Authentication 802. 1 X Configura tion Through the GUI 402 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 19 Viewing Authenticated Ho sts T o view details about authenticat ed users : STEP 1 Click Sec ur i ty > 802. 1 X /MAC/ W eb Authentication > Authenticated Ho sts . ...
Cisco Systems SG50028PK9NA - page 492

Se curit y : 802. 1 X Authentic a tion 802. 1 X C on figur a tion Thr ough the GUI Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 403 19 W eb Authentication Customiza tion This page enables designing web-b ased authentication page s in various languages . Y ou can add up to 4 languages. NOTE ...
Cisco Systems SG50028PK9NA - page 493

Security: 802.1X Authentication 802. 1 X Configura tion Through the GUI 404 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 19 T o cust omize the web-authentication pages : STEP 1 Click Sec ur i ty > 802. 1 X /MAC / W eb Authentication > Web Authen tication Customization. This page displa ...
Cisco Systems SG50028PK9NA - page 494

Se curit y : 802. 1 X Authentic a tion 802. 1 X C on figur a tion Thr ough the GUI Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 405 19 - Non e —No logo. - Default —Use the default logo. - Other —Selec t t o ent er a customiz ed logo. If the Ot h er logo option is selected, the f ollow ...
Cisco Systems SG50028PK9NA - page 495

Security: 802.1X Authentication 802. 1 X Configura tion Through the GUI 406 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 19 • Language Dropdown L ab el —Ent er the label of the language selection dropdown. • Login But ton L abel —Enter the label of the login but ton. • Login Pro gr ...
Cisco Systems SG50028PK9NA - page 496

Se curit y : 802. 1 X Authentic a tion Defining T ime R ange s Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 407 19 STEP 15 Enter the Su ccess M essag e , which is the te xt that will b e displayed if the end user succe ssfully lo gs in. STEP 16 Cli ck Apply and the set tings ar e saved t o ...
Cisco Systems SG50028PK9NA - page 497

Security: 802.1X Authentication Authenti ca tion Me thod and Port Mo de Suppor t 408 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 19 Mo de B ehavior The f ollowing table de scrib es how authenticated and non-authenticated traffic is handled in vari ous situations . Unauthenticated Tra f fic ...
Cisco Systems SG50028PK9NA - page 498

Se curit y : 802. 1 X Authentic a tion Authent ica tion Me thod and Port Mo de Suppor t Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 409 19 Fu l l multi- sessi o n s Frames are re-mapped to the guest VLAN Frames are re- mapped to the guest VLAN unless they belongs to the unauthent icated VL ...
Cisco Systems SG50028PK9NA - page 499

Security: 802.1X Authentication Authenti ca tion Me thod and Port Mo de Suppor t 410 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 19 ...
Cisco Systems SG50028PK9NA - page 500

20 Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 410 S e curit y : IP V6 F irst Hop S e curit y This se ction describ es how First Hop Se curity (FHS) works and how t o configure it in the GUI. It covers the f ollowin g t opics: • First Hop Securit y Over view • Router Adver tisement Gua ...
Cisco Systems SG50028PK9NA - page 501

Se curit y : IPV6 First Hop S ecurit y F irst Hop Se curit y Over view Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 411 20 F irst Hop S e curit y O ver view IP v6 FHS is a suit e of f eatures designe d t o secure link operations in an IP v6 - enabled net work . It is base d on the Neighbor ...
Cisco Systems SG50028PK9NA - page 502

Security: IPV6 First Hop Security Fi rst Hop Se curit y Over view 412 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 20 IP v 6 First Hop Se curit y Comp onents IP v6 First Hop Securit y includes the following f eatures: • IP v6 First Hop Securit y Common • RA G u a r d • ND Inspec tion ? ...
Cisco Systems SG50028PK9NA - page 503

Se curit y : IPV6 First Hop S ecurit y F irst Hop Se curit y Over view Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 413 20 • Neighbor Solicitation (NS) me ss ages • ICMP v6 Redirect message s • Cer tification P ath Adver tisement (CP A) me s sages • Cer tifica tion Path Solicitation ...
Cisco Systems SG50028PK9NA - page 504

Security: IPV6 First Hop Security Fi rst Hop Se curit y Over view 414 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 20 IP v 6 First Hop Se curit y Perimeter IP v6 First Hop Securit y switches can f orm a per imet er separating untrusted area from trust ed ar ea. All switches inside the perime ...
Cisco Systems SG50028PK9NA - page 505

Se curit y : IPV6 First Hop S ecurit y Rout er Adver tisement Guar d Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 415 20 The device-r ole command in the Neighbor Bi nding policy configur ation screen specifie s the perimeter . Each IP v6 Firs t Hop Se curity switch establishes binding for n ...
Cisco Systems SG50028PK9NA - page 506

Security: IPV6 First Hop Security DHCPv 6 Guard 416 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 20 • V alidation of received Neighbor Dis cover y prot ocol mes sage s. • Egress filtering Me ss age V alidation ND Inspection validates the Neighbor Dis cover y prot o col mes sage s, b ased ...
Cisco Systems SG50028PK9NA - page 507

Se curit y : IPV6 First Hop S ecurit y Neighbor Binding In t egrit y Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 417 20 Neighb or Binding Integrit y Neighbor Binding (NB) Int egrit y establishe s binding of neighbors . A separate, independent instance of NB Integrity runs on each VLAN on w ...
Cisco Systems SG50028PK9NA - page 508

Security: IPV6 First Hop Security Neighb or Binding In tegrit y 418 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 20 NBI-NDP metho d The NBI-NDP method us ed is bas ed on the FCFS- SA VI method spe cified in RFC6620 , with the f ollowing dif f erences : • Unlike F CFS-SA VI, which supp or t ...
Cisco Systems SG50028PK9NA - page 509

Se curit y : IPV6 First Hop S ecurit y A ttack Pro tecti on Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 419 20 NBI-NDP suppor ts a lif etime timer . A value of the timer is configurable in the Neighbor Binding Settings page. The timer is r estar ted each time that the bound IP v6 addr es s ...
Cisco Systems SG50028PK9NA - page 510

Security: IPV6 First Hop Security At t ac k Prot e cti o n 420 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 20 • A Neighbor Advertis ement (NA) mes sage is dropped if the target IP v6 address is bound with another int er face. Protection against IP v 6 Duplication Addre ss D ete ction Sp o ...
Cisco Systems SG50028PK9NA - page 511

Se curit y : IPV6 First Hop S ecurit y Pol ic i e s, Gl ob al Pa ra mete r s a n d S y stem D efa ul t s Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 421 20 A malicious host could send IP v6 me ss ag es with a differ ent destination IP v6 addr es s f or the last hop fo r war ding, causing o ...
Cisco Systems SG50028PK9NA - page 512

Security: IPV6 First Hop Security Common T asks 422 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 20 When a user -defined p olicy is attache d to an interface, the default policy f or that int er face is detached. If the user - define policy is detache d from the int erface, the default polic ...
Cisco Systems SG50028PK9NA - page 513

Se curit y : IPV6 First Hop S ecurit y Comm on T asks Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 423 20 STEP 3 If required, either configur e a user -defined p olicy or add rules to the def ault p o l i c i e s fo r t h e fe a t u re . STEP 4 Attach the po licy t o a VLAN, p or t or LAG u ...
Cisco Systems SG50028PK9NA - page 514

Security: IPV6 First Hop Security Default Settings and C onfigur a tion 424 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 20 STEP 3 If requir ed, either configure a user -defin ed policy or add rules to the default p o l i c i e s for t h e fe a t u r e . STEP 4 A ttach the p olicy t o a VLAN ...
Cisco Systems SG50028PK9NA - page 515

Se curit y : IPV6 First Hop S ecurit y Be f ore Y ou St art Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 425 20 B e for e Y ou Star t No preliminar y tasks are r equired. C onfiguring F irst Hop Se curit y thr ough W eb GUI FHS C ommon S et tings Use the FHS Set tings page to enable the FHS ...
Cisco Systems SG50028PK9NA - page 516

Security: IPV6 First Hop Security Configuring F irst H op Se curit y through W eb GUI 426 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 20 RA Gu a r d Se tti n gs Use the R A Guard Settings page to enable the R A Guard f eature o n a specifie d group of VLANs and to set the global configurati ...
Cisco Systems SG50028PK9NA - page 517

Se curit y : IPV6 First Hop S ecurit y Configuring F irs t Hop Se curit y through W eb GUI Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 427 20 • Other C onfiguration Flag — This field specifie s verification of the adver tised O ther Configuration flag within an IP v6 R A Guard policy . ...
Cisco Systems SG50028PK9NA - page 518

Security: IPV6 First Hop Security Configuring F irst H op Se curit y through W eb GUI 428 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 20 T o cr eat e an R A Guard policy or to configur e the system-defined def ault policies , click Add and ent er the ab ove paramet ers. If requir ed, click ...
Cisco Systems SG50028PK9NA - page 519

Se curit y : IPV6 First Hop S ecurit y Configuring F irs t Hop Se curit y through W eb GUI Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 429 20 • Dev ice R ole —S elect either Ser v er or Clien t t o specify the role of the device attache d to the port f or DHCP v6 Guard. - I nheri ted ? ...
Cisco Systems SG50028PK9NA - page 520

Security: IPV6 First Hop Security Configuring F irst H op Se curit y through W eb GUI 430 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 20 T o configure ND Inspection on p or ts or LAGs : STEP 1 Click Sec ur i ty > F irst Hop Se curit y > ND Insp e ction S et tings . STEP 2 Ent er the f ...
Cisco Systems SG50028PK9NA - page 521

Se curit y : IPV6 First Hop S ecurit y Configuring F irs t Hop Se curit y through W eb GUI Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 431 20 STEP 5 If required, click either At t ac h Po l i c y to V L AN or Att ach Policy to Interface . Neighb or Binding S et tings The Neighbor Binding t ...
Cisco Systems SG50028PK9NA - page 522

Security: IPV6 First Hop Security Configuring F irst H op Se curit y through W eb GUI 432 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 20 STEP 4 Enter the f oll owing fiel ds: • Policy Name —Enter a user -defined p olicy name. • Dev ice R o l e —Select either Serve r or Client t o sp ...
Cisco Systems SG50028PK9NA - page 523

Se curit y : IPV6 First Hop S ecurit y Configuring F irs t Hop Se curit y through W eb GUI Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 433 20 Policy Att achment (Por t) T o at tach a policy to one or more por ts or L AGs: STEP 1 Click Secu r i ty > F irst Hop Se curit y > Policy Att ...
Cisco Systems SG50028PK9NA - page 524

Security: IPV6 First Hop Security Configuring F irst H op Se curit y through W eb GUI 434 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 20 FHS Status T o displa y the global configuration f or the FHS f eatures: STEP 1 Click Sec ur i ty > F irst Hop Se curit y > FHS St a tus. STEP 2 Sel ...
Cisco Systems SG50028PK9NA - page 525

Se curit y : IPV6 First Hop S ecurit y Configuring F irs t Hop Se curit y through W eb GUI Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 435 20 - Device Role: —ND Inspe ction device role. - Dro p Un s e cu re : —Are unsecure mes sages dropped. - Mi ni m al S e c u ri t y Leve l : —If u ...
Cisco Systems SG50028PK9NA - page 526

Security: IPV6 First Hop Security Configuring F irst H op Se curit y through W eb GUI 436 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 20 FHS Statistics T o displa y FHS statistics : STEP 1 Click Sec ur i ty > F irst Hop Se curit y > FHS St a tistics: STEP 2 The f ollowing fields are d ...
Cisco Systems SG50028PK9NA - page 527

Se curit y : IPV6 First Hop S ecurit y Configuring F irs t Hop Se curit y through W eb GUI Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 437 20 ...
Cisco Systems SG50028PK9NA - page 528

22 Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 457 S e curit y : S SH Client This section de scrib es the device when it functions as a n SS H client . It covers the f ollowin g t opics: • Se cure Copy (S CP) and S SH • Protection Metho ds • SSH S er ver Authentic a tion • SSH Clie ...
Cisco Systems SG50028PK9NA - page 529

Secu r i ty: SSH C li e n t Pr o t ec tio n Me th ods Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 458 22 When files are downloaded via TF TP or HTTP , the data transf er is unsecured. When files are downloaded via S CP , the inf ormation is downloade d fr om the SCP ser ver t o the device ...
Cisco Systems SG50028PK9NA - page 530

Security: SSH Client Pro te c tion Me thods 459 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 22 The username/password must then be cre ated on the device. When data is transf erred from the ser v er to the devi ce, the username/pas sword supplied by the device must match the username/pas swo ...
Cisco Systems SG50028PK9NA - page 531

Secu r i ty: SSH C li e n t SSH S er ver Authentica tion Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 460 22 When a privat e k ey is crea ted on a dev ice, it is also pos sible to cr eat e an as sociated passph rase . This passphras e is used to encr ypt the private k ey and t o impor t it ...
Cisco Systems SG50028PK9NA - page 532

Security: SSH Client SSH Client Authen tica tion 461 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 22 S SH Client Authen tic a tion SS H client authentication by password is enabled by default , with the username/ password being “anon ymous ”. The user must configure the f ollowi ng inf o ...
Cisco Systems SG50028PK9NA - page 533

Secu r i ty: SSH C li e n t Be f ore Y ou Begin Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 462 22 Be f o r e Y o u Beg i n The f ollowing actions must b e per f ormed bef ore using the SCP f eature : • When using the password a uthentication m ethod, a username/password must be s et up ...
Cisco Systems SG50028PK9NA - page 534

Security: SSH Client SSH Client Configur a tion Thr ough the GUI 463 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 22 STEP 4 If the public/privat e k ey method is being used, per f orm the f ollowing steps: a. Select whether to use an RS A or DS A k ey , cr eat e a username and then generate ...
Cisco Systems SG50028PK9NA - page 535

Secu r i ty: SSH C li e n t SSH Client Configur a tion Thr ough the GUI Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 464 22 S SH User Authentic a tion Use this page to select an SS H user au thentication method, set a username and password on the device, if the password method is selected o ...
Cisco Systems SG50028PK9NA - page 536

Security: SSH Client SSH Client Configur a tion Thr ough the GUI 465 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 22 • Generate —Generate a ne w ke y . • Edit —Displa y the k eys f or copying/pasting to another device. • Del et e —Delete the k ey . • Det ai ls —Display the k ...
Cisco Systems SG50028PK9NA - page 537

Secu r i ty: SSH C li e n t SSH Client Configur a tion Thr ough the GUI Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 466 22 - Link L o cal — The IP v6 addres s uniquely identifies hosts on a single network l ink . A link lo cal address has a prefix of FE80 , is not r outable, and can be u ...
Cisco Systems SG50028PK9NA - page 538

Security: SSH Client SSH Client Configur a tion Thr ough the GUI 467 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 22 - Gl ob al — The IP v6 addres s is a global Unicast IPV 6 t ype that is visible and reachable from other netw orks. • Link Loc al Inter face —Select the link lo cal inte ...
Cisco Systems SG50028PK9NA - page 539

21 Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 438 S e curit y : S e cure S ensitive Da ta Man agement Secure Sensitive Data (SS D) is an archit ecture that facilitat es the prot e ction of sensitive data on a dev ice, such as passwo rds and k e ys. The facility makes use of passphras es , ...
Cisco Systems SG50028PK9NA - page 540

Secu r ity: Sec u r e Se ns i t iv e D a ta M ana gem e n t SSD R u les Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 439 21 SSD gr ants read permission to sensitive data on ly to authenticated and authorized users, and according to SSD rules. A device aut henticate s and authorizes manageme ...
Cisco Systems SG50028PK9NA - page 541

Security: Secure Sensitive Data Ma nagement SSD R u les 440 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 21 NOTE A device may not suppor t all the channels defined by SS D . Elements of an SSD Rule An SS D rule includes the f ollowing elements: • User t ype— The us er typ es suppor ted i ...
Cisco Systems SG50028PK9NA - page 542

Secu r ity: Sec u r e Se ns i t iv e D a ta M ana gem e n t SSD R u les Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 441 21 - (Higher) Plain text On ly —Us ers are permitted to acc es s sensitive data in plainte x t only . Users will als o ha ve r e ad and writ e permission to SS D parame ...
Cisco Systems SG50028PK9NA - page 543

Security: Secure Sensitive Data Ma nagement SSD R u les 442 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 21 NOTE Not e the f ollowing : • The default Read mode f or the Secure XML SNMP and Inse cure XML SNMP management channe ls must be identical t o their r ead permission. • Read permis ...
Cisco Systems SG50028PK9NA - page 544

Secu r ity: Sec u r e Se ns i t iv e D a ta M ana gem e n t SSD R u les Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 443 21 is recommended that the user authentication proce ss on a device is se cured. T o secure the user authentication proces s, you can use the local authentication databas ...
Cisco Systems SG50028PK9NA - page 545

Security: Secure Sensitive Data Ma nagement SSD Proper tie s 444 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 21 SSD D efault Re ad Mode S e ssion O verride The syst em contains sensitive data in a se ssion, as either encr ypted or plaint e xt , based on the read permis sion and the def ault ...
Cisco Systems SG50028PK9NA - page 546

Secu r ity: Sec u r e Se ns i t iv e D a ta M ana gem e n t SSD Proper tie s Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 445 21 • Character Clas ses — The pas sphrase must hav e at least one upper case charact er , one lower cas e character , one numeric charact er , and one sp ecial c ...
Cisco Systems SG50028PK9NA - page 547

Security: Secure Sensitive Data Ma nagement SSD Proper tie s 446 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 21 • Unrestrict ed (default)— The devic e includes its pas sphrase when creating a configuration file. This enables any de vice accepting the configuration file to learn the pass ...
Cisco Systems SG50028PK9NA - page 548

Secu r ity: Sec u r e Se ns i t iv e D a ta M ana gem e n t Configur a tion Files Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 447 21 Re ad Mode Each ses sion has a Read mode. This determines how sensi tive data appears. The Read mode can be either Plai nte x t , in which case sensitive dat ...
Cisco Systems SG50028PK9NA - page 549

Security: Secure Sensitive Data Ma nagement Configur a tion Files 448 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 21 The SS D indicator in a file is set acc ording t o the user ’ s instruction, during copy , to include encr ypted, plainte x t or ex clude sensitive data fr om a file. SS D ...
Cisco Systems SG50028PK9NA - page 550

Secu r ity: Sec u r e Se ns i t iv e D a ta M ana gem e n t Configur a tion Files Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 449 21 • If ther e is an SS D control block in the s ource configuration file and the file fails the SS D int egrit y check , and/ or file integrity che ck , the ...
Cisco Systems SG50028PK9NA - page 551

Security: Secure Sensitive Data Ma nagement Configur a tion Files 450 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 21 • Configurat ion commands with encr ypted sensitive data, that ar e encr ypted with the k ey generat ed from the local passphras e, are configured into the Running Configur ...
Cisco Systems SG50028PK9NA - page 552

Secu r ity: Sec u r e Se ns i t iv e D a ta M ana gem e n t Configur a tion Files Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 451 21 Sensitive Data Zero- T ouch Auto Configuration SS D Z er o-touch A ut o Configuration is the auto configuration of target devices with encr ypted sensitive d ...
Cisco Systems SG50028PK9NA - page 553

Security: Secure Sensitive Data Ma nagement SSD Ma n a g em en t C ha nn e l s 452 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 21 S SD Management Channels Device s can be managed over management channels such as telnet, S S H, and web. SS D categories the channels into the f ollowing t ypes ...
Cisco Systems SG50028PK9NA - page 554

Secu r ity: Sec u r e Se ns i t iv e D a ta M ana gem e n t Configuring SSD Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 453 21 Passwor d recover y is curr ently activated fr om the bo ot menu and allows the user t o log on to the t erminal without authentication. If SS D is suppor ted, thi ...
Cisco Systems SG50028PK9NA - page 555

Security: Secure Sensitive Data Ma nagement Configuring SSD 454 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 21 • User D efine d (Plain tex t) —Ent er a new passphras e. • Con fir m P a ss ph r a se —Confirm the new pas sphrase. SS D R u les Only users with SS D read permission of Pl ...
Cisco Systems SG50028PK9NA - page 556

Secu r ity: Sec u r e Se ns i t iv e D a ta M ana gem e n t Configuring SSD Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 455 21 • Read Permis sion— The read permissions ass ociated with the rule. These can be the f ollowing: - Exclude —Lowest r ead permis sion. Users are not permit te ...
Cisco Systems SG50028PK9NA - page 557

Security: Secure Sensitive Data Ma nagement Configuring SSD 456 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 21 ...
Cisco Systems SG50028PK9NA - page 558

23 Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 468 S e curit y : S SH S er ver This section de scribe s how to establish an S SH s es sion on the device. It covers the f ollowin g t opics: • O ver view • Common T asks • SSH Se rve r Co n f ig u r a tio n Pa g es O ver view The SS H S ...
Cisco Systems SG50028PK9NA - page 559

Security: SSH Server Common T asks 469 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 23 C ommon T asks This se ction describ es so me common tasks per f ormed using the S SH S er ver fe a t u re . W ork flow 1 : T o lo gon to the device o ver S S H using the device ’s automatica lly-created ...
Cisco Systems SG50028PK9NA - page 560

Secu r i ty: SSH Se rver SSH Se rver Co n fig u r a ti o n P ages Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 470 23 S SH S er ver C onfigura tion Page s This section de scribe s the pages used to configure the SS H Se rve r fe a t u re . S SH User Authentic a tion Use the S SH User Authen ...
Cisco Systems SG50028PK9NA - page 561

Security: SSH Server SSH S er ver Configura tion Pages 471 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 23 • SSH Us er Authentic a tion by Public K ey —Sele ct to perform authentication of the SS H client user using the public key . • Automatic Login — This field can be enabled if th ...
Cisco Systems SG50028PK9NA - page 562

Secu r i ty: SSH Se rver SSH Se rver Co n fig u r a ti o n P ages Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 472 23 • Edit —Enables you to copy in a k ey fr om another device. • Del e t e —Enables you t o delet e a k ey . • De tails —Enable s you t o view the generat e d ke y ...
Cisco Systems SG50028PK9NA - page 563

Security: SSH Server SSH S er ver Configura tion Pages 473 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 23 ...
Cisco Systems SG50028PK9NA - page 564

24 Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 474 Access Co n tr o l The Acce ss C ontr ol List (ACL ) f eature is part of the se curity me chanism. ACL definitions ser ve as one of the mechanisms to define tra ffic f lows that ar e given a specific Quality of Ser vice (QoS). For mor e in ...
Cisco Systems SG50028PK9NA - page 565

Access Control Acces s Co n t r ol L is ts 475 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 24 When a pack et mat ches an ACE filt er , the ACE action is tak en and that A CL proces sing is st opped. If the packet does not mat ch the ACE filt er , the next ACE is pr oces sed . If a ll A CE s ...
Cisco Systems SG50028PK9NA - page 566

Acce ss Cont ro l De fin i ng M AC - ba sed A CL s Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 476 24 Crea ting A CLs Work flow T o creat e ACLs and asso ciat e them with an int er face, per f orm the f ollowing : 1 . Create one or more of the f ollowing typ es of ACLs: a. MAC-base d ACL b ...
Cisco Systems SG50028PK9NA - page 567

Access Control De f i ni n g MA C - ba sed A C L s 477 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 24 MAC-base d ACLs ar e defined in the MAC Bas ed ACL page. The rule s are defined in the MAC Base d ACE page . T o define a MAC- based ACL: STEP 1 Click A ccess Co nt r ol > MA C-B ase d A ...
Cisco Systems SG50028PK9NA - page 568

Acce ss Cont ro l De fin i ng M AC - ba sed A CL s Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 478 24 • Time Range —Sele ct to enable limiting the use of the ACL t o a specific time range. • Time Range Name —If T ime Range is sele ct ed, sele ct the time range to be used. T ime ran ...
Cisco Systems SG50028PK9NA - page 569

Access Control IPv4-bas ed ACLs 479 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 24 IP v4-b as e d A CL s IP v 4-b ase d ACLs ar e used to check IPv4 pack ets, while other t ype s of frames, such as ARPs, are not checked. The f ollowing fields can b e matched: • IP pr otocol (by name f or ...
Cisco Systems SG50028PK9NA - page 570

Acce ss Cont ro l IPv4-b ase d A CLs Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 480 24 Adding Rule s (ACEs) to an IP v4-B ase d ACL NOTE Each IPv 4-base d rule consumes one TC AM rule. Not e that the T CAM allocation is per f ormed in couples , such that , f or the first ACE, 2 T C AM rul ...
Cisco Systems SG50028PK9NA - page 571

Access Control IPv4-bas ed ACLs 481 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 24 - EGP —Ex terior Gatewa y Prot oc ol - IGP —Int erior Gat eway Prot o col - UDP —User Datagram Prot ocol - HMP —Host Mapping Prot oc ol - RDP —Reliable Datagram Pr otocol. - IDPR —Inter -Domain Po ...
Cisco Systems SG50028PK9NA - page 572

Acce ss Cont ro l IPv4-b ase d A CLs Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 482 24 • Sou rce I P Wi ldca rd M as k —Enter the mask to define a range of IP addresse s . Not e that this mask is diff er ent than in other uses, such as subnet mask . Here, set ting a bit as 1 indicates ...
Cisco Systems SG50028PK9NA - page 573

Access Control IPv 6-B ase d A CLs 483 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 24 - D S CP to M a tc h —D i f feren t ia te d S e r ve s C o d e Po i nt (D S CP ) to m atc h - IP Precedence t o m at c h —IP precedenc e is a model of T OS (t ype of ser vic e) that the network uses to ...
Cisco Systems SG50028PK9NA - page 574

Acce ss Cont ro l IPv6 -B ase d ACLs Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 484 24 NOTE AC Ls are also used as the building elemen ts of flow definitions f or per -flow QoS handling (see QoS Ad va n ced M o de ). Defining an IP v 6 -bas ed A CL T o define an IP v6 -based ACL: STEP 1 C ...
Cisco Systems SG50028PK9NA - page 575

Access Control IPv 6-B ase d A CLs 485 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 24 • Time Range —Select to enable limiting the use of the ACL to a specific time range. • Time Range Name —If T ime Range is sele cted, select the time range t o be use d. T i me ranges ar e describ e ...
Cisco Systems SG50028PK9NA - page 576

Acce ss Cont ro l IPv6 -B ase d ACLs Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 486 24 - Range —Sele ct a range of T CP /UDP source por ts to which the packet is matched. • Dest in a tio n P ort —S elect one of the a vailable values . ( They are the same as f or the Source Port fiel ...
Cisco Systems SG50028PK9NA - page 577

Access Control Defining ACL Bin ding 487 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 24 D efining ACL Binding When an ACL is bound to an interface ( por t , L AG or VL AN), its ACE rules are applied to pack ets arriving at tha t interface. Pack ets that do not match an y of the ACEs in the ...
Cisco Systems SG50028PK9NA - page 578

Acce ss Cont ro l Defining ACL B inding Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 488 24 • De fault Action —Select one of the f ollowing options: - Den y An y —If pack et does not match an ACL, it is denied (dropped) . - Permit An y —If pack et does not match an ACL, it is perm i ...
Cisco Systems SG50028PK9NA - page 579

25 Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 489 Qualit y of S er vic e The Quality of Ser vice f eature is applied throughout the network to ensur e that network traf fic is prioritized according t o requir ed criteria and the desi r ed traffi c r eceive s pr ef erential tr eatment . Th ...
Cisco Systems SG50028PK9NA - page 580

Qualit y of S er vice QoS Fea tures and Comp onents Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 490 25 Q oS Fe a tures and C omp onen ts The QoS f eatur e is used to optimiz e network p er f ormanc e. QoS provides the following : • Classification of incoming traffic to traffic class es , ...
Cisco Systems SG50028PK9NA - page 581

Quality of Service QoS Fea tures and Components 491 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 25 QoS Mod es The QoS mode that is sele ct ed applies to all int er faces in the system. • Ba s ic Mod e—Clas s of Ser vic e (CoS) . All traffic of the s ame class receives the same treatment ...
Cisco Systems SG50028PK9NA - page 582

Qualit y of S er vice QoS Fea tures and Comp onents Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 492 25 • When disabling Q oS, the shaper and queue set ting (WRR /SP bandwidth setting) ar e r eset t o defa ult valu es. All other user configur ati ons remain intact . Qo S W or kf l o w T o ...
Cisco Systems SG50028PK9NA - page 583

Quality of Service Configuring QoS - General 493 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 25 C onfiguring Q oS - General The QoS Propertie s P age contains fields f or setting the QoS mo de f or the system (Basic, Advanc ed, or Disable d, as des cribed in the “QoS Mo de s” sec ti on ...
Cisco Systems SG50028PK9NA - page 584

Qualit y of S er vice Configuring QoS - General Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 494 25 STEP 2 Click Apply . The interface default CoS value is saved t o Running C onfiguration file. Configuring Q oS Queue s The device suppor ts either 4 or 8 queues f or each int erface (selecte ...
Cisco Systems SG50028PK9NA - page 585

Quality of Service Configuring QoS - General 495 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 25 T o select the priorit y method and enter WRR data. STEP 1 Click Qualit y of Ser vice > General > Queue . STEP 2 En te r t h e p a r a me te r s . • Queue —Displays the queue number . ? ...
Cisco Systems SG50028PK9NA - page 586

Qualit y of S er vice Configuring QoS - General Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 496 25 The f ollowing table de scribes the default mapping when ther e ar e 8 queues: 11 B e s t E f f o r t 2 2 Excellent Eff or t 3 3 Critical Application - L VS phone SIP 43 V i d e o 5 4 V oic e ...
Cisco Systems SG50028PK9NA - page 587

Quality of Service Configuring QoS - General 497 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 25 By changing the CoS/802. 1 p to Queue mapping (CoS/802. 1 p to Queu e) and the Queue schedule metho d and bandwidth alloca tion (Queue page) , it is pos sible to achieve the desired quality of s ...
Cisco Systems SG50028PK9NA - page 588

Qualit y of S er vice Configuring QoS - General Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 498 25 • The device is in Q oS Advanced mo de and the packets belongs t o flows that is DS CP trusted Non-IP pack ets ar e alwa ys classified to the best-eff ort queue. ...
Cisco Systems SG50028PK9NA - page 589

Quality of Service Configuring QoS - General 499 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 25 The f ollowing table s des cribe the defaul t DS CP to queue mapping f or a 4-queue system: The f ollowing table s des cribe the defaul t DS CP to queue mapping f or a 8-queue system wher e 7 is ...
Cisco Systems SG50028PK9NA - page 590

Qualit y of S er vice Configuring QoS - General Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 500 25 DSCP 60 52 44 36 28 20 12 4 Queue 6 6 7 5 4321 DSCP 59 51 43 35 27 19 11 3 Queue 6 6 7 5 4321 DSCP 58 50 42 34 26 18 10 2 Queue 6 6 7 5 4321 DSCP 57 49 41 33 25 17 9 1 Queue 6 6 7 5 4321 DSCP ...
Cisco Systems SG50028PK9NA - page 591

Quality of Service Configuring QoS - General 501 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 25 The f ollowing table s des cribe the defaul t DS CP to queue mapping f or a 8-queue system w here 8 is highest : To m a p D S C P t o q u e u e s : STEP 1 Click Qualit y of Ser vice > General ...
Cisco Systems SG50028PK9NA - page 592

Qualit y of S er vice Configuring QoS - General Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 502 25 STEP 3 Click Apply . The Running Configuration file is updated. C onfiguring B andwidth The Bandwidth page enable s users to define two values , Ingres s Rate Limit and Egress Shaping Rate, w ...
Cisco Systems SG50028PK9NA - page 593

Quality of Service Configuring QoS - General 503 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 25 • Ingres s Commit te d Burst Size (CB S) —Enter the maximum burst size of data f or the ingress inter face in by tes of data. This amount can be sent even if it temporarily incr eases the b a ...
Cisco Systems SG50028PK9NA - page 594

Qualit y of S er vice Configuring QoS - General Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 504 25 This page enables shaping the egress f or up t o eight queues on each interface. STEP 4 Select the Interface . STEP 5 For each queue that is r equired, enter the f ollowing fields : • Enabl ...
Cisco Systems SG50028PK9NA - page 595

Quality of Service Configuring QoS - General 505 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 25 T o define the VLAN ingres s rat e limit: STEP 1 Click Qualit y of Ser vice > General > VL AN Ingres s Rate Limit . This page displays the VLAN Ingress Rate Limit T able. STEP 2 Click Add . ...
Cisco Systems SG50028PK9NA - page 596

Qualit y of S er vice QoS Ba s i c Mod e Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 506 25 Qo S Ba s i c M od e In QoS Basic mo de, a specific domain in the net work can be defined as trusted. W ithin that domain, pack ets ar e mark ed with 802. 1 p priorit y and/ or D S CP t o signal the ...
Cisco Systems SG50028PK9NA - page 597

Quality of Service QoS Ba s i c M od e 507 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 25 • CoS/802. 1 p — T r affic is mappe d to queues base d on the VPT field in the VLAN tag, or bas ed on the per -por t default CoS/802. 1 p value (if there is no VLAN tag on the inc oming packet), th ...
Cisco Systems SG50028PK9NA - page 598

Qualit y of S er vice QoS A d va n ced M od e Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 508 25 T o e n ter Q o S s e t t i ng s p e r in te r fa c e : STEP 1 Click Qualit y of Ser vic e > Qo S Bas i c Mod e > Interface S et tings . STEP 2 Select Por t or LA G t o displa y the list ...
Cisco Systems SG50028PK9NA - page 599

Quality of Service QoS A dv a n ced M od e 509 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 25 • Per flow QoS ar e applied t o flows by binding the policies to the desir ed ports. A po lic y a nd it s c lass maps ca n be bou nd t o o ne or mor e ports, bu t each por t is bound with at mo s ...
Cisco Systems SG50028PK9NA - page 600

Qualit y of S er vice QoS A d va n ced M od e Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 510 25 4. Creat e a policy using the P olicy T able page, and as sociate the policy with one or mor e class map s using the P olicy Cl ass Map page. Y ou can also spe cify the QoS, if ne eded , by ass ...
Cisco Systems SG50028PK9NA - page 601

Quality of Service QoS A dv a n ced M od e 511 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 25 In QoS A dv anced Mod e , when the Default Mode Status is set to Not T rust ed, the default CoS values configured on the inter face is ignor ed and all the traf fic goes to queue 1 . See the Qualit ...
Cisco Systems SG50028PK9NA - page 602

Qualit y of S er vice QoS A d va n ced M od e Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 512 25 F or e xample: A ssume that there ar e three levels of servic e: Silver , Gold, and Platinum and the DS CP incoming values us ed to mark these levels are 10 , 20 , and 30 respectively . If this ...
Cisco Systems SG50028PK9NA - page 603

Quality of Service QoS A dv a n ced M od e 513 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 25 T o define a Class Map : STEP 1 Click Qualit y of Ser vice > Qo S A d va n ced M ode > Clas s Mapping . This page displays the alr eady-defined class maps . STEP 2 Click Add . A new clas s ma ...
Cisco Systems SG50028PK9NA - page 604

Qualit y of S er vice QoS A d va n ced M od e Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 514 25 This can be done by using the ACLs in the class map (s ) t o match the desired traffic, and by using a p olicer to apply the QoS on the mat ching traffic. A policer is configured with a QoS spe ...
Cisco Systems SG50028PK9NA - page 605

Quality of Service QoS A dv a n ced M od e 515 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 25 D efining Aggre ga te Policers An aggregat e policer applie s the QoS to one or mor e class maps , theref ore one or more flows. An aggregation polic er can su ppor t class map s from diff erent po ...
Cisco Systems SG50028PK9NA - page 606

Qualit y of S er vice QoS A d va n ced M od e Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 516 25 C onfiguring a Policy The Policy T able Map page displays the li st of advanced Q oS polices define d in the syst em. The page also allows you t o cr eate and delete police s. Only thos e polic ...
Cisco Systems SG50028PK9NA - page 607

Quality of Service QoS A dv a n ced M od e 517 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 25 STEP 3 T o add a new class map, click Add . STEP 4 En te r t h e p a r a me te r s . • Policy Name —Displays th e policy to which the class map is being added. • Class Map Name —Select an e ...
Cisco Systems SG50028PK9NA - page 608

Qualit y of S er vice QoS A d va n ced M od e Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 518 25 If Polic e Typ e is Single , enter the f ollowing QoS parameters: • Ingres s Commit te d Information Ra te (CIR) —Ent er the CIR in Kbps. Se e a description of this in the B andwidth page. ...
Cisco Systems SG50028PK9NA - page 609

Quality of Service Manag ing QoS Sta tisti cs 519 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 25 • Binding —Sele ct t o bind the policy t o the int er face. • Permit Any —Select to f or ward packets on the int er fac e if they do not mat ch an y policy . NOTE P ermit Any can be defi ...
Cisco Systems SG50028PK9NA - page 610

Qualit y of S er vice Managing Q oS Sta tis tics Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 520 25 • Out-of-Pr ofile By te s —Number of out-pr ofile by t es received. STEP 2 Click Add. STEP 3 Enter the parameters. • Interfac e —Sele ct the interface f or which statistic s are accu ...
Cisco Systems SG50028PK9NA - page 611

Quality of Service Manag ing QoS Sta tisti cs 521 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 25 T o view Queues Statistic s: STEP 1 Click Qualit y of Ser vice > QoS S ta tis tics > Queues St atistics . This page displays the f ollowing fields : • Refresh Rate —Sele ct the time pe ...
Cisco Systems SG50028PK9NA - page 612

Qualit y of S er vice Managing Q oS Sta tis tics Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 522 25 - Unit No —Sele cts the unit number . - Por t —Selects the por t on the sele cted unit number f or which statistic s are displa yed. - All Por ts —Sp ecifies that statistic s are displ ...
Cisco Systems SG50028PK9NA - page 613

Quality of Service Manag ing QoS Sta tisti cs 523 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 25 ...
Cisco Systems SG50028PK9NA - page 614

Qualit y of S er vice Managing Q oS Sta tis tics Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 524 25 ...
Cisco Systems SG50028PK9NA - page 615

26 Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 521 SNMP Thi s sect io n desc ri bes t he Si mp le Netw or k Management Prot ocol (S NMP) f eatur e that pr ovides a method f or managing network device s. It covers the f ollowin g t opics: • SNMP V ersions and Workflow • Model OIDs • S ...
Cisco Systems SG50028PK9NA - page 616

SNMP SNMP V ersions and Workflow Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 522 26 SNMP v1 and v2 T o c ontro l acces s to the syst em, a list of communit y entries is define d. Each communit y entr y consists of a communit y strin g and its acc es s privilege. The syst em responds only t ...
Cisco Systems SG50028PK9NA - page 617

SNMP SNMP V ersions and W ork flow 523 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 26 The f ollowing is the recommende d seri e s of actions f or configuring S NMP : If you decide to use S NMP v 1 or v 2: STEP 1 Na vigate t o the SNMP -> C ommunities page and click Add . The c ommunity c ...
Cisco Systems SG50028PK9NA - page 618

SNMP Model OIDs Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 524 26 STEP 5 Optionally , enable or disable trap s by using the T rap Set tings page. STEP 6 Optionally , define a notification filter( s ) by using the Notification Filt er page. STEP 7 Define a notification recipient(s ) by usi ...
Cisco Systems SG50028PK9NA - page 619

SNMP SNMP Engine ID 525 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 26 The private Object IDs are placed under : enterprises( 1).cisc o(9 ).otherEnterprises (6).cis cosb ( 1).swit ch001 ( 101 ). SNMP Engine ID The Engine ID is used by S NMP v3 entiti es to uniquely identify them. An S NMP a ...
Cisco Systems SG50028PK9NA - page 620

SNMP SNMP Engine ID Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 526 26 T o define the S NMP engine ID : STEP 1 Click SNMP > Engine ID . STEP 2 Cho ose which to use f or Lo c al Engine ID . • Us e D efau lt —Select to use the device-generated engine ID . The default engine ID is bas ...
Cisco Systems SG50028PK9NA - page 621

SNMP Configuring SNMP V iews 527 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 26 • Link Loc al Inter face —Select the link local int erface (if IP v6 Address T ype Link L ocal is sele cted) fr om the list . • Serve r IP Add r ess /N a m e— Ent er the IP address or domain name of the ...
Cisco Systems SG50028PK9NA - page 622

SNMP Crea ting SNMP Groups Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 528 26 - Us e r De f i ne d —Enter an OID not off e r ed in the S elect from list option. STEP 4 Sele ct or des elect Include in view . If this is selected, the sele ct ed MIBs are included in the view , other wise th ...
Cisco Systems SG50028PK9NA - page 623

SNMP Crea ting SNMP Groups 529 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 26 • Authentication (Authentication and no privacy) • Authentication and privacy SN MPv3 provides a means of controlling the content each user can read or write and the notifications they r eceive. A group define ...
Cisco Systems SG50028PK9NA - page 624

SNMP Managing SNMP Us ers Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 530 26 • View —As so ciating a view with the read, write, and notify ac ces s privile ges of the gr oup limits the scope of the MIB tree to which the gr oup has r ead, write, and notify acce ss . - View —Select a p ...
Cisco Systems SG50028PK9NA - page 625

SNMP Managing SNMP Users 531 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 26 T o displa y SNMP us ers and define new ones : STEP 1 Click SNMP > Users . This page contains existing users. STEP 2 Click Add. This page provides inf orm ation f or assigning S NMP acc es s control privileges to ...
Cisco Systems SG50028PK9NA - page 626

SNMP Defining SNMP Communities Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 532 26 • Authentication Password —If authentication is acc omplished by either a MD5 or a SH A password, ent er the local user pas sword in either Encr ypted or Plain te x t . Local user pas swords ar e c ompar ...
Cisco Systems SG50028PK9NA - page 627

SNMP Defining SNMP Communit ies 533 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 26 T o define SNMP c ommunities : STEP 1 Click SNMP > Communitie s . This page contains a table of configured SNMP communitie s and their pr oper ties . STEP 2 Click Add. This page enables net work managers t ...
Cisco Systems SG50028PK9NA - page 628

SNMP De fin i ng T r a p Se tti ngs Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 534 26 Read Write—Management acces s is read-writ e. Changes can be made t o the device configuration, but not to the communit y . SNMP A dm in— Use r h as a ccess t o a ll device configuration options , as ...
Cisco Systems SG50028PK9NA - page 629

SNMP Notifica tion Recipients 535 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 26 Notific a tion Re cipients T rap mes sage s are generat e d to r ep or t syste m events, as define d in RFC 1215. The system can generate traps defined in the MIB that it supp or ts. T rap receivers (aka Notifi ...
Cisco Systems SG50028PK9NA - page 630

SNMP Notifi ca tion R ecipients Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 536 26 • T raps IP v4 Sourc e Inter face —Select the s our ce interface whos e IPv6 address wi ll be use d as the source IP v6 addres s in trap mes sa ges f or communication with IP v6 S NMP ser vers . • Info ...
Cisco Systems SG50028PK9NA - page 631

SNMP Notifica tion Recipients 537 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 26 • Ret rie s —Enter the number of time s that the device resends an inf orm re qu e st . • Communit y String —Sele ct from the pull-down the communit y string of the trap manager . Communit y String name ...
Cisco Systems SG50028PK9NA - page 632

SNMP Notifi ca tion R ecipients Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 538 26 STEP 2 Click Add. STEP 3 Enter the parameters. • Ser ver Definition —S elect whether t o specify the remot e log ser ver by IP address or na me. • IP V e rsion —Select either IP v 4 or IP v6. • IP ...
Cisco Systems SG50028PK9NA - page 633

SNMP SNMP Notifi ca tion Filt ers 539 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 26 NOTE The Securit y Lev el her e depends on which User Name was sele ct ed. If this User Name was configured as No Authentication, the Se curity Level is No Authentication only . However , if this User Name ...
Cisco Systems SG50028PK9NA - page 634

SNMP SNMP Notification F ilters Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 540 26 T o define a notification filter : STEP 1 Click SNMP > Notific a tion Filter . The Notification Filt er page contains no tification inf ormation for each filt er . The table is able to filt er notificatio ...
Cisco Systems SG50028PK9NA - page 635

SNMP SNMP Notifi ca tion Filt ers 541 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 26 ...
Cisco Systems SG50028PK9NA - page 636

SNMP SNMP Notification F ilters Cisco Small Busines s 200, 300 and 500 Series Managed Swit ch Administration Guide (Int ernal V ersion) 542 26 ...
Cisco Systems SG50028PK9NA - page 637

SNMP SNMP Notifi ca tion Filt ers 543 Cisco Small Busines s 200, 300 and 500 Series Manage d Switch Administration Guide (Internal V ersion) 26 ...
Cisco Systems SG50028PK9NA - page 638

© 2012-2013 Cisco Systems, Inc. All rights r eser ved. 78-21349-01 Cisco and the Cisco logo are trademarks or registere d trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a li st of Cisco trademarks, go to this URL: www.cisco.co m/go/trademarks. Thir d-party trademarks me ntioned are t he propert y of their r espe ...

Manufacturer Cisco Systems Category Switch

Documents that we receive from a manufacturer of a Cisco Systems SG50028PK9NA can be divided into several groups. They are, among others:
- Cisco Systems technical drawings
- SG50028PK9NA manuals
- Cisco Systems product data sheets
- information booklets
- or energy labels Cisco Systems SG50028PK9NA
All of them are important, but the most important information from the point of view of use of the device are in the user manual Cisco Systems SG50028PK9NA.

A group of documents referred to as user manuals is also divided into more specific types, such as: Installation manuals Cisco Systems SG50028PK9NA, service manual, brief instructions and user manuals Cisco Systems SG50028PK9NA. Depending on your needs, you should look for the document you need. In our website you can view the most popular manual of the product Cisco Systems SG50028PK9NA.

Similar manuals

A complete manual for the device Cisco Systems SG50028PK9NA, how should it look like?
A manual, also referred to as a user manual, or simply "instructions" is a technical document designed to assist in the use Cisco Systems SG50028PK9NA by users. Manuals are usually written by a technical writer, but in a language understandable to all users of Cisco Systems SG50028PK9NA.

A complete Cisco Systems manual, should contain several basic components. Some of them are less important, such as: cover / title page or copyright page. However, the remaining part should provide us with information that is important from the point of view of the user.

1. Preface and tips on how to use the manual Cisco Systems SG50028PK9NA - At the beginning of each manual we should find clues about how to use the guidelines. It should include information about the location of the Contents of the Cisco Systems SG50028PK9NA, FAQ or common problems, i.e. places that are most often searched by users in each manual
2. Contents - index of all tips concerning the Cisco Systems SG50028PK9NA, that we can find in the current document
3. Tips how to use the basic functions of the device Cisco Systems SG50028PK9NA - which should help us in our first steps of using Cisco Systems SG50028PK9NA
4. Troubleshooting - systematic sequence of activities that will help us diagnose and subsequently solve the most important problems with Cisco Systems SG50028PK9NA
5. FAQ - Frequently Asked Questions
6. Contact detailsInformation about where to look for contact to the manufacturer/service of Cisco Systems SG50028PK9NA in a specific country, if it was not possible to solve the problem on our own.

Do you have a question concerning Cisco Systems SG50028PK9NA?

Use the form below

If you did not solve your problem by using a manual Cisco Systems SG50028PK9NA, ask a question using the form below. If a user had a similar problem with Cisco Systems SG50028PK9NA it is likely that he will want to share the way to solve it.

Manual Cisco Systems SG50028PK9NA

Summary

Cisco Systems SG50028PK9NA - page 1

Cisco Systems SG50028PK9NA - page 2

Cisco Systems SG50028PK9NA - page 3

Cisco Systems SG50028PK9NA - page 4

Cisco Systems SG50028PK9NA - page 5

Cisco Systems SG50028PK9NA - page 6

Cisco Systems SG50028PK9NA - page 7

Cisco Systems SG50028PK9NA - page 8

Cisco Systems SG50028PK9NA - page 9

Cisco Systems SG50028PK9NA - page 10

Cisco Systems SG50028PK9NA - page 11

Cisco Systems SG50028PK9NA - page 12

Cisco Systems SG50028PK9NA - page 13

Cisco Systems SG50028PK9NA - page 14

Cisco Systems SG50028PK9NA - page 15

Cisco Systems SG50028PK9NA - page 16

Cisco Systems SG50028PK9NA - page 17

Cisco Systems SG50028PK9NA - page 18

Cisco Systems SG50028PK9NA - page 19

Cisco Systems SG50028PK9NA - page 20

Cisco Systems SG50028PK9NA - page 21

Cisco Systems SG50028PK9NA - page 22

Cisco Systems SG50028PK9NA - page 23

Cisco Systems SG50028PK9NA - page 24

Cisco Systems SG50028PK9NA - page 25

Cisco Systems SG50028PK9NA - page 26

Cisco Systems SG50028PK9NA - page 27

Cisco Systems SG50028PK9NA - page 28

Cisco Systems SG50028PK9NA - page 29

Cisco Systems SG50028PK9NA - page 30

Cisco Systems SG50028PK9NA - page 31

Cisco Systems SG50028PK9NA - page 32

Cisco Systems SG50028PK9NA - page 33

Cisco Systems SG50028PK9NA - page 34

Cisco Systems SG50028PK9NA - page 35

Cisco Systems SG50028PK9NA - page 36

Cisco Systems SG50028PK9NA - page 37

Cisco Systems SG50028PK9NA - page 38

Cisco Systems SG50028PK9NA - page 39

Cisco Systems SG50028PK9NA - page 40

Cisco Systems SG50028PK9NA - page 41

Cisco Systems SG50028PK9NA - page 42

Cisco Systems SG50028PK9NA - page 43

Cisco Systems SG50028PK9NA - page 44

Cisco Systems SG50028PK9NA - page 45

Cisco Systems SG50028PK9NA - page 46

Cisco Systems SG50028PK9NA - page 47

Cisco Systems SG50028PK9NA - page 48

Cisco Systems SG50028PK9NA - page 49

Cisco Systems SG50028PK9NA - page 50

Cisco Systems SG50028PK9NA - page 51

Cisco Systems SG50028PK9NA - page 52

Cisco Systems SG50028PK9NA - page 53

Cisco Systems SG50028PK9NA - page 54

Cisco Systems SG50028PK9NA - page 55

Cisco Systems SG50028PK9NA - page 56

Cisco Systems SG50028PK9NA - page 57

Cisco Systems SG50028PK9NA - page 58

Cisco Systems SG50028PK9NA - page 59

Cisco Systems SG50028PK9NA - page 60

Cisco Systems SG50028PK9NA - page 61

Cisco Systems SG50028PK9NA - page 62

Cisco Systems SG50028PK9NA - page 63

Cisco Systems SG50028PK9NA - page 64

Cisco Systems SG50028PK9NA - page 65

Cisco Systems SG50028PK9NA - page 66

Cisco Systems SG50028PK9NA - page 67

Cisco Systems SG50028PK9NA - page 68

Cisco Systems SG50028PK9NA - page 69

Cisco Systems SG50028PK9NA - page 70

Cisco Systems SG50028PK9NA - page 71

Cisco Systems SG50028PK9NA - page 72

Cisco Systems SG50028PK9NA - page 73

Cisco Systems SG50028PK9NA - page 74

Cisco Systems SG50028PK9NA - page 75

Cisco Systems SG50028PK9NA - page 76

Cisco Systems SG50028PK9NA - page 77

Cisco Systems SG50028PK9NA - page 78