Go to page of
Similar user manuals
-
Switch
Cisco Systems SFS 3012R
84 pages 6.61 mb -
Switch
Cisco Systems 3750G
48 pages 2.8 mb -
Switch
Cisco Systems VPN 3000
502 pages 6.51 mb -
Switch
Cisco Systems UBR-3X10
128 pages 3.07 mb -
Switch
Cisco Systems 2950SX-24
15 pages 0.27 mb -
Switch
Cisco Systems 2955
674 pages 18.88 mb -
Switch
Cisco Systems 7000
204 pages 45.73 mb -
Switch
Cisco Systems MEM-MSFC2-512MB=
32 pages 3.46 mb
A good user manual
The rules should oblige the seller to give the purchaser an operating instrucion of Cisco Systems SG30052PK9NA, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.
What is an instruction?
The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of Cisco Systems SG30052PK9NA one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.
Unfortunately, only a few customers devote their time to read an instruction of Cisco Systems SG30052PK9NA. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.
What should a perfect user manual contain?
First and foremost, an user manual of Cisco Systems SG30052PK9NA should contain:
- informations concerning technical data of Cisco Systems SG30052PK9NA
- name of the manufacturer and a year of construction of the Cisco Systems SG30052PK9NA item
- rules of operation, control and maintenance of the Cisco Systems SG30052PK9NA item
- safety signs and mark certificates which confirm compatibility with appropriate standards
Why don't we read the manuals?
Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of Cisco Systems SG30052PK9NA alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of Cisco Systems SG30052PK9NA, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the Cisco Systems service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of Cisco Systems SG30052PK9NA.
Why one should read the manuals?
It is mostly in the manuals where we will find the details concerning construction and possibility of the Cisco Systems SG30052PK9NA item, and its use of respective accessory, as well as information concerning all the functions and facilities.
After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.
Table of contents for the manual
-
Page 1
Cis c o Sm all Busine s s 300 S erie s Manage d Switch Administration Guide Releas e 1 .3 ADMINISTR A TION GUIDE[...]
-
Page 2
Cisco Small Busine ss 300 Series Mana ged Switch Admin istration Guide 1 Con t en ts Chapter 1: Getting Started 1 Starting the Web-based Configuration Utility 1 Launching the Configuration Utility 2 HTTP/HTTPS 3 Logging Out 4 Quick Start Device Configuration 5 Interface Naming Conventions 6 Window Navigation 7 Application Header 7 Management Button[...]
-
Page 3
Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 2 Con te nt s Chapter 4: Administration: File Management 34 System Files 34 Upgrade/Backup Firmware/Language 37 Upgrade/Backing Firmware or Language File 38 Active Image 41 Download/Backup Configuration/Log 41 Configuration File Backwards Compatibility 42 Downloading or Backing-u[...]
-
Page 4
Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 3 Con te nt s System Time Options 73 Time 73 Time Zone a nd Daylight Savings Time (DST) 74 SNTP Modes 74 Configuring System Time 75 Selecting Source of System Time 75 Adding a Unicast SNTP Server 77 Configuring the SNTP Mode 80 Defining SNTP Authentication 80 Time Range 81 Absolu[...]
-
Page 5
Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 4 Con te nt s Displaying LLDP Neighbors Information 108 Accessing LLDP Statistics 112 LLDP Overloading 113 Configuring CDP 115 Setting CDP Properti es 115 Editing CDP Interface Settings 118 Displaying CDP Lo cal Information 119 Displaying CDP Neig hbors Information 121 Viewing CD[...]
-
Page 6
Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 5 Con te nt s What is a Smartport 146 Smartport Types 146 Special Smartport Types 148 Smartport Macros 149 Applying a Smartport Type to an Interface 150 Macro Failure and the Reset Operation 150 How the Smartport Feature Works 151 Auto Smartport 152 Enabling Auto Smartport 152 Id[...]
-
Page 7
Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 6 Con te nt s Chapter 12: VLAN Management 184 VLANs 184 Configuring De fault VLAN Settings 187 Creating VLANs 189 Configuring VLAN Inte rface Settings 190 Defining VLAN Membership 191 Configuring Port to VLAN 192 Configuring VLAN Membership 193 GVRP Settings 194 Defining GVRP Set[...]
-
Page 8
Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 7 Con te nt s Customer Port Mu lticast TV VLAN 214 Mapping CPE VLANs to Multicast TV VLANs 215 CPE Port Multicast VLAN Membership 216 Chapter 13: Spanning Tree 218 STP Flavors 218 Configuring ST P Status and Global Setting s 219 Defining Spanning Tree Interface Settings 221 Confi[...]
-
Page 9
Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 8 Con te nt s MLD Snooping 247 Querying IGMP/MLD IP Multicast Group 249 Defining Multicast Router Ports 250 Defining Forward All Multicast 251 Defining Unregistered Multicast Settings 252 Chapter 16: IP Configuration 2 54 Overview 254 Layer 2 IP Addressing 255 Layer 3 IP Addressi[...]
-
Page 10
Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 9 Con te nt s DHCP Server 276 DHCP Options 276 Dependencies Between Features 278 Default Settings and Configurations 278 DHCPv4 Server 279 Network Pool 279 Excluded Addresses 281 Static Hosts 281 Address Binding 283 IPv6 Management and Interfaces 284 IPv6 Global Configuration 285[...]
-
Page 11
Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 10 Con te nt s Interactions With Other Features 308 Workflow 308 Configuring a TACACS+ Server 308 Configuring RADIUS 311 Accounting Using a RADIUS Server 311 Defaults 311 Interactions With Other Features 312 Radius Workflow 312 Configuring Management Access Authentication 315 Def[...]
-
Page 12
Cisco Small Busine ss 300 Series Mana ged Switch Admin istration Guide 11 Con t en ts Default Configuration 342 Configuring DoS Prevention 342 Security Suite Settings 342 SYN Protection 344 Martian Addresses 345 SYN Filtering 346 SYN Rate Protection 347 ICMP Filtering 348 IP Fragmented Filtering 348 IP Source Guard 349 Interactions with Other Featu[...]
-
Page 13
Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 12 Con te nt s SSD Default Read Mode Session Override 366 SSD Properties 366 Passphrase 367 Default and User-defined Passphrases 367 Local Passphrase 367 Configuration File Passphrase Control 368 Configuration File Integrity Control 368 Read Mode 369 Configuration Files 369 File [...]
-
Page 14
Cisco Small Busine ss 300 Series Mana ged Switch Admin istration Guide 13 Con t en ts SSH Client Configurat ion Through the GUI 387 SSH User Authentication 387 SSH Server Authentication 388 Modifying the User Password on the SSH Server 388 Chapter 20: Security: SSH Server 390 Overview 390 Common Tasks 391 SSH Server Configuration Pages 392 SSH User[...]
-
Page 15
Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 14 Con te nt s Configuring Bandwidth 423 Configuring Egress Shaping per Queue 425 Configuring VLAN Ingress Rate Limit 425 TCP Congestion Avoidance 427 QoS Basic Mode 427 Workflow to Configure Basic QoS Mode 427 Configuring Global Settings 428 Interface QoS Settings 429 QoS Advanc[...]
-
Page 16
Cisco Small Busine ss 300 Series Mana ged Switch Admin istration Guide 15 Con t en ts Configuring SNMP Views 452 Creating SNMP Groups 453 Managing SNMP Users 455 Defining SNMP Communities 457 Defining Trap Settings 45 9 Notification Recipients 460 Defining SNMPv1,2 Notification Recipients 460 Defining SNMPv3 Notification Recipients 462 SNMP Notific[...]
-
Page 17
Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 16 Con te nt s[...]
-
Page 18
1 Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 1 Get ting St ar te d This section provides an introduction to the web-bas ed configuration utilit y , and covers the f o llowing t opics : • Star ting the Web-b ase d C onfigura tion Utilit y • Quick Star t Devic e Configuration • Interfac e Naming C onventions • Windo[...]
-
Page 19
Get ting Star te d Star ting the Web-b ase d C on figura tion Utilit y Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 2 1 La unching the Configuration Utilit y T o open the web-bas ed configuration utilit y : STEP 1 Open a W eb br owser . STEP 2 Enter the IP addr ess of the device you are configuring in the addr ess b ar on t[...]
-
Page 20
Getting Started Star ting the W eb -bas ed Configur a tion Utilit y 3 Cisco Small Business 300 S eries Ma nage d Swit ch Administration Guide 1 STEP 3 If this is the first time that you logged on with the default us er ID ( cis co ) and the default password ( cisco ) or your pas sword has ex pired, the Change Password Page appears. S ee Password Ex[...]
-
Page 21
Get ting Star te d Star ting the Web-b ase d C on figura tion Utilit y Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 4 1 Logging Out By default, the application logs out after t en minutes of inactivit y . Y ou can change this def ault value as described in the D efining Idle S es sion Time out section. ! CAU TI O N Unles s [...]
-
Page 22
Getting Started Quick Star t D evice C on figura tion 5 Cisco Small Business 300 S eries Ma nage d Swit ch Administration Guide 1 Quick Star t D evic e C onfiguration T o simplify device configuration throug h quick navigation, the Getting Star ted page provides links t o the most commonly us ed pages . Ther e ar e two hot links on the Get ting Sta[...]
-
Page 23
Get ting Star te d In terface Naming Conventions Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 6 1 Inter face Naming C onven tions W ithin the GUI, int erface s ar e denot ed by concatenating the f ollowing elements: • Type of inter face : The f ollowing t ypes of inter faces ar e f ound on the various typ es of de vi ce s[...]
-
Page 24
Getting Started W indow Na vigat ion 7 Cisco Small Business 300 S eries Ma nage d Swit ch Administration Guide 1 Window Na viga tion This se ction describ es the f eatures of the web- base d switch configurati on utility. Applic a tion Header The Application Header a ppears on ev ery page. It provides the f ollowing application links: Application L[...]
-
Page 25
Get ting Star te d W indow Naviga tion Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 8 1 Language Menu This menu provides the f ollowing options : • Sele ct a language: Sele ct one of the languages that appear in the menu. This language will be the web - base d configu ration utilit y language. • Dow n loa d Lan gu age: [...]
-
Page 26
Getting Started W indow Na vigat ion 9 Cisco Small Business 300 S eries Ma nage d Swit ch Administration Guide 1 Management But tons The f ollowing table de scrib es the commonly-use d but t ons that appear on various pages in the system. Management But tons But ton Name D es cription Use the pull- down menu to configure the number of entries per p[...]
-
Page 27
Get ting Star te d W indow Naviga tion Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 10 1 Cop y Sett in gs A table typically c ontains one or mor e entries containing configuration s ett ings. Instead of modif ying each entr y individually , it is po ssib le t o modif y one entr y and then copy the sele ct ed entr y to multi[...]
-
Page 28
Getting Started W indow Na vigat ion 11 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 1[...]
-
Page 29
2 Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 12 St a tus and St a tistic s This sect ion describ es how to view device statistic s. It covers the f ollowin g t opics : • Viewing Ethernet Interfac e s • Viewing Etherlik e St a tistics • Viewing G VRP Statistics • Viewing 802. 1 X E AP Statistics • Viewing TC AM U[...]
-
Page 30
Status and Statistics V iewing E therlike Sta tistics 13 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 2 - 15 Se c —Statistics are r efr eshed ever y 15 seconds . - 30 Se c —Statistics are r efr eshed ever y 30 seconds . - 60 Se c —Statistics are r efr eshed ever y 60 seconds . The Receive Statistics area displays inf[...]
-
Page 31
Status and Statistic s V iewing E therlike Sta tist ics Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 14 2 STEP 1 Click Status and Sta tistics > Etherlike . STEP 2 Enter the paramet ers. • Interfac e —Sele ct the t ype of int er face and spe cific interface f or which Ethernet statistics are t o be display ed. • Ref[...]
-
Page 32
Status and Statistics V iewing G VRP Statis tic s 15 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 2 Viewing G VRP Sta tistic s The GVRP page displa ys inf ormation regarding GARP VLAN Registration Prot ocol (GV R P ) f r am e s th a t w e re s en t or re c e i ve d fro m a p o r t . GVR P is a st a n da rd s -b a s e d Lay[...]
-
Page 33
Status and Statistic s V iewing 802. 1 X E AP Sta tis tics Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 16 2 T o clear statistics counters: • Click Cle ar Interfac e Counters to clear the selected counters. • Click View All Inter fac es St a tistic s t o see all por ts on a single page. Viewing 802. 1 X E AP Statistics [...]
-
Page 34
Status and Statistics V iewing T CAM Utiliz a tion[ 17 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 2 • Invalid EAPOL Frames Re c eived —Un r ecog n i z ed EA POL fra m es r ece iv ed on this por t . • EAP Le ng th E rr o r F ram es R ece iv ed —E APOL frame s with an invalid Pack et Body Length r eceived on this p[...]
-
Page 35
Status and Statistic s Managing RMON Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 18 2 • Non-IP Rule s - In Use —Numb er of T CAM entrie s used f or non-IP rule s. - Maximum —Number of available T CAM entries that can be us ed f or non- IP rules . Managing RMON RMON (Remote Networ king Monitoring) is an SNM P specifi [...]
-
Page 36
Status and Statistics Managing RMON 19 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 2 • Lat e collision event has not been detected. • Received (R x) error event has not been detect ed. • Pack et has a valid CRC. T o view RMON statistic s and/ or s et the r efresh rat e: STEP 1 Click Sta tus and Statistics > RMON [...]
-
Page 37
Status and Statistic s Managing RMON Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 20 2 - Pack et has an in valid CRC. - Received (R x) Error E v ent has not been detected. • Co llisions —Number of c ollisions r eceived. If Jumb o Frames are enabled, the threshold of Jabber Frames is raise d to the ma ximum size of Jumbo[...]
-
Page 38
Status and Statistics Managing RMON 21 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 2 T o enter RMON control inf ormation: STEP 1 Click Sta tus and Statistics > RMON > Histor y . The fields display ed on this page ar e defined in the Add RMON Hist or y page, below . The only field is that is on this page and not defi[...]
-
Page 39
Status and Statistic s Managing RMON Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 22 2 The fields are displa yed f or the s elected sample. • Ow n e r —Histor y table entr y owner . • Sam p l e N o . —Statistics wer e tak en fr om this sample. • Drop Events —Dropped packets due t o lack of network resources duri[...]
-
Page 40
Status and Statistics Managing RMON 23 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 2 • Alarms Page —Configur es the occurrences that trigger an alarm. T o define RMON events: STEP 1 Click Sta tus and Statistics > RMON > Events . This page displays pr eviously defined events. STEP 2 Click Add. STEP 3 En te r th e[...]
-
Page 41
Status and Statistic s Managing RMON Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 24 2 Viewing the RMON Events Lo gs The Ev ent L og T able page displays the log of events (actions ) that occurred. T wo type s of events can be logged: Lo g or L og and T rap . The action in the event is per f ormed when the ev ent is bound t[...]
-
Page 42
Status and Statistics Managing RMON 25 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 2 T o enter RMON alarms: STEP 1 Click Sta tus and Statistics > RMON > Alarms . All previously-defined alarms ar e display ed. The fields are describ ed in the Add RMON Alarm page b elow . In addition to those fields, the f ollowing fi[...]
-
Page 43
Status and Statistic s Managing RMON Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 26 2 • Inter val —Ent er the alarm interval time in s econds . • Ow n e r —Enter the name of the user or network management system that receives the alarm. STEP 4 Click Apply . The RMON alarm is saved t o the Running Configuration file[...]
-
Page 44
Status and Statistics Managing RMON 27 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 2[...]
-
Page 45
3 Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 28 Administra tion: System Lo g This section de scribes the System L o g f eature, which enables the device to generat e several independent logs . Each log is a set of mes sage s descr ibing syst em events. The device generat es the f ollowing local logs: • L og sent to the [...]
-
Page 46
Administration: System Log Setting Syst em Log S e ttings 29 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 3 The event severity levels ar e list ed from the highest s everity to the lowest s everity , as f ollows : • Eme r g en cy —Syst em is no t usable. • Aler t —Action is needed. • Crit ic al —System is in a [...]
-
Page 47
Administration: System Lo g Setting Remo te L ogging S ettings Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 30 3 • Originator Identifier —Enable s adding an origin identifier to S YSL OG mes sages . The options ar e: - Non e —Do not include the origin identifier in S Y SL OG mes sage s. - Ho s t n am e —Include the [...]
-
Page 48
Administration: System Log V iewing Memory Logs 31 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 3 - Link L ocal — The IP v6 address uniquely identifie s hosts on a single network link . A link local address has a prefix of FE80 , is not routable, and can be use d f or communication only on the local net work . Only one l[...]
-
Page 49
Administration: System Lo g Vi e w i n g M e m o r y L o g s Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 32 3 R AM Memor y The R AM Memor y pag e displays all mess ages that were sav ed in the R AM (cache) in chro nological order . Entries ar e sto red in the R AM log ac cording t o the configuration in the L og Se ttings [...]
-
Page 50
Administration: System Log V iewing Memory Logs 33 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 3[...]
-
Page 51
4 Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 34 Administra tion: F ile Man agement This section de scribe s how syst em files are managed. The f ollowing topics are covered: • System F ile s • Upgrade/B ackup Firm ware/Language • Active Im age • Downlo ad/B ackup Configura tion/Log • Configuration Files Proper t[...]
-
Page 52
Administration: F ile Management Sys tem F iles 35 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 4 Configuration files on the device are defined by their ty p e , and contain the set tings and parameter values f o r the device. When a configuration is r ef e r enced on the device, it is ref erenced by its configuration file[...]
-
Page 53
Administration: File Management Syste m Files Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 36 4 Only the syst em can copy the Star tup Configuration to the Mirr or Configuration. However , you can copy fr om the Mirr or Configuration to other file typ es or t o another device. The option of aut omatically copying the Runnin[...]
-
Page 54
Administration: F ile Management Upgrade/Backup Firmw are/Language 37 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 4 This se ction covers the f ollowing topics: • Upgrade/B ackup Firm ware/Language • Active Im age • D ownload/B ackup Configuration/Log • Configuration Files Proper tie s • Cop y / Sa ve Co nfi gur [...]
-
Page 55
Administration: File Management Upgrade/Backup Firm war e/Language Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 38 4 Up grade/B acking Firm ware or Language File T o up grade or backup a soft war e image or language file: STEP 1 Click Admin ist ra tion > File Ma n a ge m en t > Up grade/B ackup F irmwar e/ Lan g ua ge[...]
-
Page 56
Administration: F ile Management Upgrade/Backup Firmw are/Language 39 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 4 • Link Loc al Interface —S elect the link lo cal int er face (if IP v6 is use d) fr om the list . • TFTP S er ver IP A ddress/Name —Enter the IP address or the domain name of the TFTP s er ver . • [...]
-
Page 57
Administration: File Management Upgrade/Backup Firm war e/Language Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 40 4 Select one of the f ollowing Save Actions : • Up grade —Sp ecifies that the file type on th e device is t o be replace d with a new version of that file typ e located on a TF TP ser ver . • Ba c k u p ?[...]
-
Page 58
Administration: F ile Management Active I mage 41 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 4 • If SS H ser ver authentication is not enabled, the operation succee ds f or any SC P s e rv er . Ac tive Im age Ther e ar e two firmware images stor e d on the device. One of the images is identified as the active i mage an[...]
-
Page 59
Administration: File Management Download/B ackup Configur a tion/L og Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 42 4 • Restoring configuration files from an e x ternal device t o the device. When r estoring a configuration file t o the Running Configuration, the impor ted file adds any configuration commands that did n[...]
-
Page 60
Administration: F ile Management D ownload/Backup Configura tion/Log 43 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 4 D ownlo ading or B acking-up a C onfiguration or Log File T o b ackup or rest or e the syst em configuration file: STEP 1 Click Adm in ist ra tion > File M an a g em en t > D ownload/B ackup Configur[...]
-
Page 61
Administration: File Management Download/B ackup Configur a tion/L og Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 44 4 Ba c k u p Sa ve Ac t i on —Specifie s that a file t ype is to be copied t o a file on another device. Enter the f ollowing fields : a. Ser ver De finition —Select whether t o specify the TF TP ser ver[...]
-
Page 62
Administration: F ile Management D ownload/Backup Configura tion/Log 45 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 4 STEP 4 If y ou selected via HTTP /HTTPS , enter the parameters as describe d in this st ep. Sel ect t he Sa ve Act i on . If Sa ve Ac t i o n is Download (replacing the file on the device with a new versio[...]
-
Page 63
Administration: File Management Download/B ackup Configur a tion/L og Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 46 4 SSH Client Authentic a tion —Client authentication can be done in one of the fo l l o w i n g w a y s : • Us e S SH Client —Sets permanent S SH user credentials . Click Sys te m Credenti als t o go t[...]
-
Page 64
Administration: F ile Management Configura t ion Files Proper tie s 47 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 4 If Sa ve Ac t i o n is Bac kup (c opying a file t o another devic e), enter the f ollowing fields (in addition to those fields listed above) : • Sou r ce F il e T ype —Select the config uration file ty [...]
-
Page 65
Administration: File Management Cop y /Sav e Con figu r a tion Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 48 4 STEP 3 If r equired, select either the Star tup C o nfiguration, Backup Co nfiguration or both and click Clea r F iles to delet e these file s. This page provides the f ollowing fields : • Configuration File Na[...]
-
Page 66
Administration: F ile Management DHCP Auto Configur a tion 49 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 4 STEP 3 Se lec t t he De stin a tion File Name t o be overwrit ten by the sour ce file. • If you ar e backing up a configuration file , select one of the f ollowing f ormats f or the b ackup file. - Exclude —Sens[...]
-
Page 67
Administration: File Management DHCP Auto Con figur a tion Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 50 4 • After r eboot when an IP add r es s is allocated or r enewed dynamically (using DHCP v 4) . • Upon an explicit DHCP v 4 renewal request and if the device and the ser ver are configured to do so. • Upon automa[...]
-
Page 68
Administration: F ile Management DHCP Auto Configur a tion 51 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 4 extension ar e downlo aded using SC P , and files with the other extensions ar e downloaded using TF TP . • TFTP Only — The download is done through TFTP regardless of the file extension of the configuration fil[...]
-
Page 69
Administration: File Management DHCP Auto Con figur a tion Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 52 4 • If the DHCP ser ver did not send the se options and the backup TF TP /S CP ser ver addr es s paramet er is empty then: - For DHCP v4: SC P — The Auto Configuration proces s is halted. TF TP — The devic e send[...]
-
Page 70
Administration: F ile Management DHCP Auto Configur a tion 53 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 4 C onfiguring DHCP Auto C onfigura tion Wo rk f l ow T o configure DHCP Aut o Configuration. 1 . Configur e the DHCPv4 and/ or DHCP v6 ser vers to send the r equired options. this pr oces s is not des cribed in this [...]
-
Page 71
Administration: File Management DHCP Auto Con figur a tion Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 54 4 • Downlo ad Protoc ol— Select one of the f ollowing options : - Auto By File Ex tensio n —Select to indicate that aut o c onfiguration uses the TFTP or S CP prot o col dep ending on the e xtension of the config[...]
-
Page 72
Administration: F ile Management DHCP Auto Configur a tion 55 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 4 - Global — The IP v6 address is a global Unicast IPV 6 typ e that is visible and reachable from other netw orks. • Link Loc al Interface —S elect the link lo cal int er face (if IP v6 is use d) fr om the list [...]
-
Page 73
5 Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 56 Administra tion: General Inf orm a tion This section describ es how to view syst em inf ormation and configure various options on the device. It covers the f ollowin g t opics : • Dev i ce Mod e l s • System I nfo rma ti on • Cons ole S ettings (Autob aud Rate Sup por [...]
-
Page 74
Administration: General Information Dev i ce Mod e l s 57 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 5 • FE is used f or F ast Ethernet ( 10/ 100) por ts . The f ollowing table de scrib es the various models , the number and t ype of por ts on them and their P oE inf ormation. Manage d Switch Mo dels Model Name Produc [...]
-
Page 75
Administration: General Informa tion Syst em In f orma tion Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 58 5 System Information The Syst em Summar y page pro vides a graphic view of the device, and displays de vi c e st at us , h a rdw are in form a ti on , fi rmwar e version inf ormation, genera l P oE status, and other i[...]
-
Page 76
Administration: General Information Sys tem I n f orma ti on 59 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 5 Sy stem Inf ormation: • Sys te m Descri ptio n —A de scription of the system. • System Lo cation —Ph ysical location of the device. Click Edit to go the Syst em Sett ings page t o ent er this value. • Sy[...]
-
Page 77
Administration: General Informa tion Syst em In f orma tion Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 60 5 • Firm ware V ersion (Ac tive Image) —Firm war e version number of the active image. • Firm ware MD5 Checksum (Active Im age) —MD5 checksum of the active image. • Firm ware V ersion (Non-active Im age) —[...]
-
Page 78
Administration: General Information Cons ole Settings (Autobaud Ra te Suppor t) 61 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 5 • Host Name —S elect the ho st name of this device . This is used in the pr ompt of CLI commands: - Us e D ef au lt — The default ho stname (Syst e m Name) of these switches is: switch 123[...]
-
Page 79
Administration: General Informa tion Reb o oti n g t he D e v ic e Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 62 5 Af te r A uto D ete c ti on i s e na b le d in th e C o nsole S et tings page, it can be activat ed by connecting the c onsole to the device and press the Enter k ey twice. The device det ects the b aud rate [...]
-
Page 80
Administration: General Information Reb o ot in g t he D ev ic e 63 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 5 To r e b o o t t h e d e v i c e : STEP 1 Click Adm in ist ra tion > Reboot . STEP 2 Click one of the Reb oo t but t ons to reboot the device. • Rebo ot —R eboots the device. Sinc e an y unsaved inf orm[...]
-
Page 81
Administration: General Informa tion Routing R es ource s Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 64 5 Routing Re s ource s Use the Router R esources page to displa y T CAM allocation an d modify total T CAM size. T CAM entries ar e divided into the f ollowing groups : • IP Entries — T CA M e nt ri es r eser ved f [...]
-
Page 82
Administration: General Information Monitori ng F an Sta tus 65 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 5 Y ou must save y our curr ent configuration bef or e changing the T CAM Allo cation Setti ngs. NOTE A summar y of the T CAM entries actually in use and available is display ed at the bot tom of this page. F or an [...]
-
Page 83
Administration: General Informa tion Monitori ng F an Sta tus Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 66 5 T o view the device health parameters, click Status and St atistics > He alth . The Health page displays the f ollowing fields : • Fan S t atu s —F an status. The f ollowing values ar e po ssible : - OK—F[...]
-
Page 84
Administration: General Information D e fining Idle Se ssion T ime out 67 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 5 D efining Idle S e s s ion Time out The Idle Ses sion T ime out configures the time int er vals that the management se ssions can remain idle bef ore they timeout and you must log in again to reestablish[...]
-
Page 85
Administration: General Informa tion Pinging a Ho st Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 68 5 • IP V e rsion —If the host is identified by its IP addr es s, sele ct either IP v 4 or IP v6 t o indicat e that it will be enter ed in the selected f ormat . • IP v 6 Addres s Typ e —Select Link Local or Global as[...]
-
Page 86
Administration: General Information T r aceroute 69 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 5 T rac eroute T rac er out e discovers the IP r outes along which pack ets wer e f or warded by sending an IP packet t o the target host and back t o the device. The T racerout e page shows each hop bet ween the device and a t[...]
-
Page 87
Administration: General Informa tion T raceroute Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 70 5 A page appears showing the Round T rip T ime (RT T ) and status f or each trip in the fields : • Index —Displa ys the number of the hop. • Ho st —Displa ys a st op along the r out e t o the destination. • Round T rip[...]
-
Page 88
Administration: General Information T r aceroute 71 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 5[...]
-
Page 89
6 Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 72 Administra tion: Time S et tings Synchr onized syst em clocks provide a frame of ref erence bet ween all device s on the network . Network time synchronization is critical because ever y asp ect of managing, se curing, planning, and debugging a network inv olves determining [...]
-
Page 90
Administration: Time Settings Sys tem T ime Op tions 73 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 6 System Time Options Syst em time can be se t manually by the us er , dynamically from an SNTP ser ver , or synchronized fr om the PC running the GUI. If an S NTP ser ver is chos en, the manual time set tings ar e ov er wr[...]
-
Page 91
Administ ra tion: Time Set tings SNTP Mode s Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 74 6 Time Zone and Da ylight Savings Time (DST ) The T ime Z one and DST can be set on the device in the f ollowing wa ys: • Dynamic co nfiguration of the device through a DHCP ser ver , where: - Dynamic D ST , when enable d and avai[...]
-
Page 92
Administration: Time Settings Configuring Syst em T ime 75 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 6 C onfiguring S ystem Time S elec ting S ource of Sy stem Time Use the Syst em T ime page t o select the system time source. If the sour ce is manual, you can ent er the time her e. ! CAUT I ON If the system ti me is se[...]
-
Page 93
Administ ra tion: Time Set tings Configuring Sys tem T ime Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 76 6 Manual Set tings —Set the date and time manually . The local time is us ed when ther e is no alt ernate sour ce of time, such as an S NTP ser ver : • Date —Ent er the system dat e. • Lo ca l Time —Enter the[...]
-
Page 94
Administration: Time Settings Configuring Syst em T ime 77 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 6 - Fro m —Day and ti me that DST st ar ts. - To —Day and time that DST ends. Sel ecti ng Recurring allows diff erent cust omization of the star t and stop of DS T : • Fro m —Date when DST begins each year . - Da[...]
-
Page 95
Administ ra tion: Time Set tings Configuring Sys tem T ime Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 78 6 • Poll Inter val —Displays whether polling is enabled or dis abled. • Authentication K ey ID —Ke y Identification use d t o communicate bet ween the SNTP ser ver and device. • Stratum Level —Distance from[...]
-
Page 96
Administration: Time Settings Configuring Syst em T ime 79 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 6 • IP V ersion —S elect the version of the IP address : Ve r s i o n 6 or Ve r s i o n 4 . • IP v 6 Addres s Typ e —Select the IP v 6 addr es s typ e (if IP v6 is used) . The options are - Link L ocal — The IP[...]
-
Page 97
Administ ra tion: Time Set tings Configuring Sys tem T ime Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 80 6 C onfiguring the SNTP Mode The device can be in active and/ or pas sive mode ( see SNTP Mo de s fo r m o re inf o rmation). T o enable receiving S NTP packets fr om all s er vers on the subnet and/ or to enable trans[...]
-
Page 98
Administration: Time Settings Configuring Syst em T ime 81 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 6 The authentication k ey is cr eated on the SNTP se rver i n a sep ara t e p r oces s th at depends on the t ype of S NTP ser ver you ar e using. Consult with the SNTP ser ver system administrat or f or more inf ormatio[...]
-
Page 99
Administ ra tion: Time Set tings Configuring Sys tem T ime Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 82 6 • 8021 X Por t Authentication • Por t St a t • Ti m e - B a s e d P o E Ther e are two typ es of time ranges : • Absolute — This t ype of time range be gins on a specific date or immediat ely and ends on a [...]
-
Page 100
Administration: Time Settings Configuring Syst em T ime 83 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 6 • T ime Range Name —Ent er a new tim e range na me. • Absolute Star ting T ime — T o define the star t tim e, ent er the f ollowing: - Im me d i at e —S elect f or the time range to star t immediately . - Dat[...]
-
Page 101
7 Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 84 Administra tion: Diagno stic s This section c ontains inf ormation f or configuring por t mirroring, running cable tests, and viewing device op erational inf ormation. It covers the f ollowin g t opics : • T e sting Copp er Por ts • Displaying Optical Mo dule Status • [...]
-
Page 102
Administration: Diagnostics Te s t i n g C o p p e r P o r t s 85 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 7 • (Optional) Disable EEE (see the Port Management > Green Ethernet > Pr oper ties page) Use a CA T5 data cable when t esting cables using ( VCT ) . Accuracy of the test r esults can have an err or range [...]
-
Page 103
Administration: Diagno stic s Displaying Op tical Mo dule Sta tus Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 86 7 I f t h e p o r t b e i n g te s t e d i s a G i g a p o r t , t h e Advanced Inf ormation block contains the f ollowing information, which is r efr eshed each time you enter the page: • Cabl e Length : Prov[...]
-
Page 104
Administration: Diagnostics Configuring P or t and VL AN Mirroring 87 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 7 • MGBLH 1 : 1000BA SE-LH S FP transc eiver , f or single-mo de fiber , 1310 nm wav elength, suppor ts up to 40 km. • MGBLX 1 : 1000BA S E-LX SFP transc eiver , f or single-mode fib er , 1310 nm wav eleng[...]
-
Page 105
Administration: Diagno stic s Configuring P or t and VL AN Mirroring Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 88 7 A pack et that is r eceived on a net work por t assigne d t o a VLAN that is subject to mirr oring is mirror e d to the analyzer por t even if the packet was eventually trapped or discarded. Pack ets sent b[...]
-
Page 106
Administration: Diagnostics V iewing CP U Utiliza tion and Se cure Cor e T e chnology 89 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 7 • Des t i na ti o n P o rt —S elect the analyzer por t t o wher e packets ar e copie d. A network analyzer , such as a P C running Wir eshark , is conne cted t o this por t . If a por [...]
-
Page 107
Administration: Diagno stic s V iewing CPU Utiliz a tion and Se cure Core T e chnolog y Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 90 7 STEP 1 Click Administration > Diagnostic s > CPU Utiliza tion . The CPU Utiliz ation page appears. The CPU Input Rate field displa ys the rate of input frames to the CPU per second.[...]
-
Page 108
Administration: Diagnostics V iewing CP U Utiliza tion and Se cure Cor e T e chnology 91 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 7[...]
-
Page 109
8 Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 92 Administra tion: Dis c over y This sect ion pr ovides inf ormation f or configuring Dis cover y . It covers the f ollowin g t opics : • Configuring B onjour Dis cover y • LLDP and CDP • Configuring LLDP • Con fig u r in g CD P C onfiguring B o njour Dis c over y As a[...]
-
Page 110
Administration: Discovery Configuring Bonjour Dis cover y 93 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 8 When Bonjour Discover y is disable d, the device st ops any ser vice t ype advertis ements and does not respond t o requests f or ser vice from network management applications . T o glob ally enable Bonjour when the [...]
-
Page 111
Administration: Disc over y LLDP and CDP Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 94 8 STEP 3 Click Apply to updat e the Running Configuration file. STEP 4 T o enable Bonjour on an inter face, click Add. STEP 5 Select the interface, and click Apply . NOTE Click De le t e t o disable Bonjour on an interface (this p erfor[...]
-
Page 112
Administration: Discovery Configuring LLDP 95 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 8 • CDP and LLDP end devices , such as IP phones , learn the voice VLAN configuration from CDP and LLDP adv er tisements . By def ault , the device is enabled to send out CDP and LLDP advert isement bas ed on the voice VLAN c onfig[...]
-
Page 113
Administration: Disc over y Configuring LLDP Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 96 8 • Displaying LLDP Loc al Information • Displaying LLDP Neighbors Inform a tion • Acce ssing L LD P Sta tist ics • LLDP O verlo ading LLDP O ver view LLDP is a pr ot oc ol that enables network managers to tr ouble shoot and[...]
-
Page 114
Administration: Discovery Configuring LLDP 97 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 8 4. A sso ciate LLDP MED network policies an d the optional LLDP -MED TL Vs t o the desired inter faces by using the LLDP MED Port S ettings page. 5. If Aut o Smar tpor t is to det ect the capa bilitie s of LLDP devices , enable LLD[...]
-
Page 115
Administration: Disc over y Configuring LLDP Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 98 8 STEP 3 In the Fast Star t Repe at Count field, enter the number of times LLDP packets ar e sent when the LLDP -MED F ast Start me chanism is initia lized. This occurs when a new endpoint device links to the device. Fo r a descript[...]
-
Page 116
Administration: Discovery Configuring LLDP 99 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 8 The time interval b etween notifications is ent ered in the T opo logy Change S NMP Notification Int er val field in the LLDP Proper ties page. Define S NMP Notification Recipients by using the S NMP > Notificati on Recipient v [...]
-
Page 117
Administration: Disc over y Configuring LLDP Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 100 8 lowest IP addr es s among the dynamic IP addr es ses . If there ar e no dynamic addresse s, the s oft ware chooses the lowe st IP address among the static IP address es . - Non e —Do not adver tise the management IP addres s . [...]
-
Page 118
Administration: Discovery Configuring LLDP 101 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 8 Set ting LLDP MED Net w ork Policy An LLDP -MED net work po licy is a r elat e d set of co nfiguration sett ings f or a spe cific r eal-time application such as voic e, or video. A net work policy , if configured, can be included i[...]
-
Page 119
Administration: Disc over y Configuring LLDP Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 102 8 • VL AN T ag —S elect whether the traffic is T agge d or Untagged. • Us er Pri orit y —Select the tr affic priorit y applied to traffic defined by this network p olicy . This is the CoS value. • DSCP V alue —Select th[...]
-
Page 120
Administration: Discovery Configuring LLDP 103 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 8 • SNMP Notific ation —Select whether S NMP notification is sent on a per - por t basis when an end station that suppor ts MED is di scovered; f or ex ample a SNMP managing system, when ther e is a t opology change. • A v aila[...]
-
Page 121
Administration: Disc over y Configuring LLDP Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 104 8 • Chassi s ID Subt yp e — T yp e of chassis ID (f or e xample, MAC addr es s ). • Chassi s ID —Identifier of chas sis . Where the chassis ID subt ype is a MAC address , the MAC address of the dev ice appe ars. • System [...]
-
Page 122
Administration: Discovery Configuring LLDP 105 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 8 This page pr ovides the f ollowing fields: Glo b al • Chas sis ID Subt ype — T ype of chas sis ID . (F or example, the MA C address .) • Chassis ID —Identifier of chassis . Wher e the chassis ID subt ype is a MAC address , [...]
-
Page 123
Administration: Disc over y Configuring LLDP Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 106 8 • Auto-Negoti a tion Adver tis ed Cap abilities —Port spee d aut o-negotiation capabilities ; f or example, 1000BAS E- T half duplex mode, 100BAS E- TX full duplex mode. • Operational MA U Type —Me dium Attachment Unit (M[...]
-
Page 124
Administration: Discovery Configuring LLDP 107 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 8 - Endpoint Clas s 1 —Indicat es a generic endpoint clas s, of f ering basic LLDP ser v ices . - Endpoint Clas s 2 —Indicates a media endp oint clas s, of f ering media streaming capabilities , as well as all Clas s 1 f eatures [...]
-
Page 125
Administration: Disc over y Configuring LLDP Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 108 8 - Untagged —Indicates the network p olicy is defined f or untagged VL ANs. • Us er Pri orit y —Network policy us er priorit y . • DSCP —Network policy D S CP . Displa ying LLDP Neighb ors Informa tion The LLDP Neighbors[...]
-
Page 126
Administration: Discovery Configuring LLDP 109 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 8 Ba sic Details • Chas sis ID Subt ype — T ype of chas sis ID (f or e xample, MAC addr es s ). • Chassis ID —Identifier of the 802 LAN neighboring devic e chassis . • Por t ID Subt yp e — T yp e of the port identifier th[...]
-
Page 127
Administration: Disc over y Configuring LLDP Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 110 8 • Operational MA U Type —Me dium Attachment Unit (MAU) type. The MAU per f orms physical la yer functions, including digital data c on version fr om the Ethernet int erfaces’ collision det ection and bit injection into the [...]
-
Page 128
Administration: Discovery Configuring LLDP 111 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 8 MED Details • Cap abilities Supp or te d —MED capabilities enabled on the por t . • Current Capabilitie s —MED TL V s advertis ed by the por t . • Dev ice C l a ss —LLDP -MED en dpoint device clas s . The po ssible devi[...]
-
Page 129
Administration: Disc over y Configuring LLDP Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 112 8 • Enable d —Enabled Port and Prot ocol VL AN IDs . VL AN IDs • VID —Port and Protocol VLAN ID . • VL AN Name s —Advertis ed VLAN names . Protocol IDs • Protoc ol ID T able —Adver tised prot ocol ID s. L o cation I[...]
-
Page 130
Administration: Discovery Configuring LLDP 113 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 8 STEP 1 Click Adm in ist ra tion > Discover y - LLDP > LLDP Statistics . F or each por t , the fiel ds are display ed: • Interfac e —Identifier of int erface. • Tx F rames T otal —Number of tr ansmit t ed frame s. • [...]
-
Page 131
Administration: Disc over y Configuring LLDP Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 114 8 • Lef t to Send (By tes) — T otal numb er of a vailable by tes left f or ad ditional LLDP inf ormation in each packet . • Status — Whether TL V s ar e being transmitted or if they ar e ove rloaded. STEP 2 T o view the ove[...]
-
Page 132
Administration: Discovery Configuring CDP 115 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 8 • LLDP Optional TL V s - Size (By t es) — T otal LLDP MED optional TL Vs pack ets by t e size. - Status —If the LLDP MED optional TL V s packets were sent , or if they wer e overloaded. • LLDP MED Inven tor y - Size (By t es[...]
-
Page 133
Administration: Disc over y Configuring CDP Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 116 8 CDP Config uration W orkflow The f o llowings is sample work flow in configuring CDP on the devic e. Y ou can also find additional CDP configuration gu idelines in the LLDP /CDP section. STEP 1 Enter the CDP global paramet ers usi[...]
-
Page 134
Administration: Discovery Configuring CDP 117 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 8 • CDP Hold Time —Amount of time that CDP packets ar e held bef ore the pack ets ar e discarded, measur ed in mu ltiples of the TL V Advertise Inter val. F or e xample, if the TL V Adver tise Inter val is 30 sec onds, and the Hol[...]
-
Page 135
Administration: Disc over y Configuring CDP Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 118 8 Editing CDP Inter face S et tings The Interface S etting s page enables administrators to enable/ dis able CDP per por t . Notifications can als o be trigge red when there ar e conflicts with CDP neighbors . The conflict can be V [...]
-
Page 136
Administration: Discovery Configuring CDP 119 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 8 • Sys log V oice V LAN Mi s ma tc h —Select to enable the option of sending a S Y SL OG me ss age when a voice VLAN mismatch is detect ed This means that the voice VLAN inf ormation in the incoming frame does not mat ch what the[...]
-
Page 137
Administration: Disc over y Configuring CDP Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 120 8 - Por t ID —I de nt if ie r o f po rt a dv ert is e d in t he po rt T L V . • Cap ab il iti e s T L V - Capabilitie s —Capabilities adv er tised in the por t TL V ) • Ve r s i o n T L V - Ve r s i o n —Inf ormation about[...]
-
Page 138
Administration: Discovery Configuring CDP 121 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 8 - Req ue st ID —La st pow er r eq uest I D r eceiv ed ec ho es t he R equest -ID field last r ec eived in a P ower R equested TL V . It is 0 if no P ower Requested TL V was received sinc e the interface last transitioned to Up. - [...]
-
Page 139
Administration: Disc over y Configuring CDP Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 122 8 • Capabilitie s —Capabilities adv er tised by neighbor . • Platform —Inf ormation fr om Pl atf orm TL V of neighb or . • Neighbor Inter fac e —Outgoing int er face of the neighbor . STEP 2 Select a device, and click De[...]
-
Page 140
Administration: Discovery Configuring CDP 123 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 8 Viewing CDP Statistics The CDP Statistics page displa ys inf ormation regarding Cisco Disc over y Pr otocol (CDP) frames that were sent or received from a por t . CDP packets are r eceived from devices attache d to the swit ches int[...]
-
Page 141
9 Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 124 Por t Man agemen t This section de scribe s por t configurat ion, link aggregation, and the Green Ethernet f eature. It covers the f ollowin g t opics : • Con fig u r in g Po rts • Set ting Por t Configuration • Configuring Link Aggre ga tion • Configuring G reen Et[...]
-
Page 142
Port Management Setting Por t Configura tion 125 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 9 S et ting Por t C onfiguration The Po r t Set tings page displays the global and per p or t set ting of all the por ts. This page enables you to select and configure the desir ed por ts from the Edit P ort Set tings page. T o con[...]
-
Page 143
Por t Management Setting Por t C onfigur a tion Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 126 9 • Operational Status —Displa ys whether the port is curr ently Up or Down. If the por t is down be cause of an error , the des cription of the error is displa yed. • Time Range —Sele ct to enable the time range during [...]
-
Page 144
Port Management Setting Por t Configura tion 127 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 9 • Auto Adver tis ement —Select the capabiliti es advertis ed by aut o- negotiation when it is enabled. The options are: - Max Ca p ab il it y —All por t sp eeds and duplex mode s ettings can b e accepted. - 10 H alf — 10 [...]
-
Page 145
Por t Management Configuring Link Aggr egation Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 128 9 - Prot e cted P orts provide Lay er 2 is olation betwe en interfaces (Ethernet por ts and LAGs) th at share the same VLAN. - Pack ets received from pr ot ected por ts can be f or warded only to unprot ected egress p or ts. Pr o[...]
-
Page 146
Port Management Configuring Link Aggr egation 129 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 9 Link Aggregation O ver view Link Aggr egation Control Prot o col (L ACP) is part of the IEEE spe cification ( 802.3az) that enables you to bundle several physical ports together to f orm a single lo gical channel (LAG) . L AGs m[...]
-
Page 147
Por t Management Configuring Link Aggr egation Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 130 9 Ev er y L AG has the f ollowing characteristics: • All por ts in a LAG must be of the s ame media t ype. • T o add a p or t t o the LAG, it cannot be long to any VLAN ex cept the default VL AN. • Po r ts in a LAG must not[...]
-
Page 148
Port Management Configuring Link Aggr egation 131 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 9 T o c onfigure a dynamic L AG, per f orm the f ollowing actions : 1. E n a b l e L A C P o n t h e L A G . A s s i g n u p t o 1 6 c a n d i d a t e s p o r t s t o t h e d y n a m i c L A G by sele cting and moving the por ts f[...]
-
Page 149
Por t Management Configuring Link Aggr egation Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 132 9 • Por t List —Move those por ts that ar e to be assigned to the LAG from the Por t List to th e LA G M em be r s list . Up to eight por ts per static LAG can be assigne d, and 16 por ts can be as signed to a dynamic LAG. ST[...]
-
Page 150
Port Management Configuring Link Aggr egation 133 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 9 • Administrative Auto Negoti a tion —Enables or dis able auto-negotiation on the LAG. Aut o-negotiation is a pr otocol bet ween t wo link par tners that enables a LAG to adv er tise its transmission sp eed and flow c ontro l[...]
-
Page 151
Por t Management Configuring Link Aggr egation Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 134 9 C onfiguring LA C P A dynamic LAG is LACP -enabled, and LACP is run on ever y candidate por t defined in the L AG. L ACP Priorit y and Rule s LACP system priority and L ACP por t priority are both used to det ermine which of th[...]
-
Page 152
Port Management Configuring Link Aggr egation 135 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 9 However , ther e are cases when one link par tner is temporarily not configured f or LACP . One example f or such case is when the link par tner is on a device, which is in the process of r eceiving its c onfigurat ion using the[...]
-
Page 153
Por t Management Configuring Gr een Etherne t Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 136 9 STEP 5 Click Apply . The Running Co nfiguration file is updated. C onfiguring Green Ethernet This section de scribe s the Gr een Ethernet f eature that is designed to sav e power on the devic e. It contains the f ollowing sectio[...]
-
Page 154
Port Management Configuring Gr een Ethernet 137 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 9 In addition t o the above Green Ethernet f eatures, the 802.3az Energy Ef ficient Ethernet (EEE) is f ound on devices suppor ting GE p ort s. EEE reduces p ower consumption when there is no tra ffic on the por t . See 802.3az Ener[...]
-
Page 155
Por t Management Configuring Gr een Etherne t Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 138 9 802.3az Energy Ef ficient Ethernet Feature This section de scribe s the 802.3az Ener gy Efficient Ethernet (EEE) f e atur e. It covers the f o llowing t opics : • 802.3az EEE O ver view • Adver tise Cap abilitie s Negotiatio[...]
-
Page 156
Port Management Configuring Gr een Ethernet 139 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 9 Adver t ise Capabilities Negotiation 802.3az EEE suppor t is advertise d during the Aut o-Negotiation stage. Aut o- Negotiation prov ides a linked device with the capabi lity to det ect the abilities (mode s of operation) suppor t[...]
-
Page 157
Por t Management Configuring Gr een Etherne t Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 140 9 802. 3a z EEE Configura tion Workflow This section des cribes how to configur e the 802.3az EEE f eatur e and view its counters. STEP 1 Ensure that auto-negotiation is enabled on the por t by opening the Po r t Management > P[...]
-
Page 158
Port Management Configuring Gr een Ethernet 141 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 9 • Energy Dete ct Mo de —Disable d by default . Click the checkbox t o enable. • Shor t Reach — Globa lly enable or disable Shor t Reach mode if there are GE por ts on the devic e. NOTE If Shor t Reach is enabled, EEE must [...]
-
Page 159
Por t Management Configuring Gr een Etherne t Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 142 9 T o def in e pe r port Gr een Et he rne t se tting s: STEP 1 Click Por t Man agement > Green Ethernet > Por t Set tings . The Port S ettings page displays the f ollowing : • Glob al Parameter Status —Describ es the ena[...]
-
Page 160
Port Management Configuring Gr een Ethernet 143 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 9 - EEE Suppor t on Remote — Displays whether EEE is suppor ted on the link par tner . EEE must b e suppor ted on both the local and r emote link par tners. NOTE The window displa ys the Short Reach, Energy Detect and EEE set ting[...]
-
Page 161
10 Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 144 Smar tp or t This document de scribe s the Smar tp or ts f eature. It contains the f ollowing t opics : • O ver view • What is a Smar tp or t • Smar tp or t Typ es • Smar tp or t Macro s • Macro F ailure and the Res et Operation • How the Smar tp ort Fe atur e [...]
-
Page 162
Smartport Over view 145 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 10 O ver view The Smar tpor t f eature provides a con venient way t o sa ve and shar e c ommon configurations . By applying the s ame Smartp or t macr o to multiple int e r faces , the interfaces share a common s et of configurations . A Smar tpor t macro [...]
-
Page 163
Smar tp or t Wha t is a Smar tpor t Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 146 10 Wha t is a Smar tp or t A Smar tpor t is an interface to which a built -in (or user - defined) macro ma y be applied. The se macros are designed to pr ovide a means of quickly configuring the device to suppor t the c ommunication r equir[...]
-
Page 164
Smartport Smar tpor t T yp es 147 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 10 • Statically from a Smar tpor t macro by name only from the CLI. A Smar tpor t macro can be applie d by its Smar tpor t t ype stat ically from CLI and GUI, and dynamically by Au t o Smar tpor t . Auto Smartpor t derives the Smar tpor t typ e[...]
-
Page 165
Smar tp or t Smar tpor t T yp es Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 148 10 Sp e cial Sm ar tp or t Typ e s There ar e t wo spe cial Smar tpor t t ypes ; default and unknown . These t wo typ es are not ass ociated with macros, but they exist t o signif y the stat e of the int er face re g a rdi n g Sm a r t p or t [...]
-
Page 166
Smartport Smar tp or t Macro s 149 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 10 Smar tp or t Macro s A Smar tpor t macr o is a script of CLI commands that configure an i nterface appr opriately f or a par ticular net work device. Smar tpor t macros should not be co nfused with glob al macros. Global macros configure the [...]
-
Page 167
Smar tp or t Macro F ailure and t he R es et Opera tion Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 150 10 Applying a Smar tpor t Typ e to an Inter face When Smar tpor t type s are applied to int erfaces , the Smar tpor t typ es and configuration in the as sociated Smar tp or t macros ar e sav ed in the Running Configurati[...]
-
Page 168
Smartport How the Smar tpor t Fea tur e W orks 151 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 10 After the sour ce of the pr oblem is det erm ined and the e xisting configuration or Smar tpor t macro is correct ed, you must per f orm a reset operation to r eset the int er face bef ore it can be r eapplied with a Smartp or[...]
-
Page 169
Smar tp or t Auto Smartp or t Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 152 10 Auto Smar tp or t In or der f or Auto Smartpor t to aut omatically assign Smar tpor t type s to i nterfaces , the Aut o Smartp ort f eature must be enabled glob ally and on the r elevant interfaces which Aut o Smar tpor t should be allowed to [...]
-
Page 170
Smartport Auto Smar tpor t 153 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 10 If , f or example, an IP phone is at tached to a por t , it transmits CDP or LLDP packets that advertise its capabilities . Afte r r ece ption of thes e CDP and/ or LLDP pack ets, the device derives the appr opriate Smartpor t t ype f or phone an[...]
-
Page 171
Smar tp or t Auto Smartp or t Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 154 10 NOTE If only the IP P hone and Host bits are set , then the Smartpor t typ e is ip_phone_desktop. Multiple D evic e s A t tache d to the Por t The device derives the Sm ar tpor t t ype of a conne cted device via the capabilities the device adv[...]
-
Page 172
Smartport Erro r Ha n dl in g 155 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 10 • If all devices on an interface advertis e the same capability (ther e is no conflict) the matching Smartp ort t ype is applie d to the int er face. • If one of the devices is a switch, the Switch Smartp ort t ype is used. • If one of t[...]
-
Page 173
Smar tp or t Default Configur a tion Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 156 10 D efault C onfigura tion Smar tpor t is always a vailable. By defaul t , Aut o Smar tpor t is enabled by Auto V oice VL AN, relies on both CDP and LLDP to det ect at taching device's Smar tpor t type, and detects Smar tpor t t ype [...]
-
Page 174
Smartport Common Smar tp or t T asks 157 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 10 STEP 4 Click Apply STEP 5 T o enable the Aut o Smar tpor t f eatur e on one or mor e int er faces , open the Smar tpor t > Interface Set tings page. STEP 6 Select the interface, and click Ed it . STEP 7 Select Aut o Smar tpor t in th[...]
-
Page 175
Smar tp or t Common Smar tp or t T asks Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 158 10 3. Click Vi e w M a c r o S o u r c e to view the curr ent Smar tpor t macro that is as sociated with the sele cted Smar tpor t T yp e. 4. Click Edit to open a new window in which you can bind user -defined macros to the selected Sma[...]
-
Page 176
Smartport Configuring Smar tp or t Using The W eb -bas ed Interface 159 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 10 C onfiguring Smar tp or t Using The We b -b as e d Inter face The Smar tpor t f e atur e is configured in the Smartp or t > Propertie s, Smar tp or t T yp e Set tings and Interface S etting s pages . F [...]
-
Page 177
Smar tp or t Configuring Smartp or t Using The Web-b ase d In terfac e Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 160 10 STEP 3 Click Apply . This sets the glob al Smar tpor t parameters on the device. Smar tpor t Typ e S et tings Use the Smar tp or t T ype S ettings page to edit the Smar tpor t T ype s ettings and view t[...]
-
Page 178
Smartport Configuring Smar tp or t Using The W eb -bas ed Interface 161 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 10 • User Defined Macro —If desired, select the user -define d macro that is t o be ass ociated with the sele ct ed Smar tpor t typ e. The macr o must hav e already been paired with an anti-macr o. Pairin[...]
-
Page 179
Smar tp or t Configuring Smartp or t Using The Web-b ase d In terfac e Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 162 10 corrections hav e been made prior to clicking Re apply . See the work flow area in Common Smar tp or t T asks section f or troubleshooting tips . • Reapply a Smar tpor t macro t o an interface. In som[...]
-
Page 180
Smartport Configuring Smar tp or t Using The W eb -bas ed Interface 163 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 10 NOTE Reset ting the int er face of unknown type do es not reset the configuration per f ormed by the macro that f ailed. This clean up must b e done manually . T o as sign a Smar tpor t t ype to an int erf[...]
-
Page 181
Smar tp or t Built-in Smar tpor t Macros Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 164 10 Built-in Smar tp or t Macros The f ollowing de scribes the pair of built-in macr os f or each Smartp or t type. For each Smartp or t type there is a macro t o c onfigure the int er face and an anti macro t o remov e the configurat i[...]
-
Page 182
Smartport Built-in Smar tpor t Macros 165 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 10 port security mode max-addresses port security discard trap 60 # smartport storm-control broadcast leve l 10 smartport storm-control include-multic ast smartport storm-control broadcast enab le # spanning-tree portfast # @ no_desktop [[...]
-
Page 183
Smar tp or t Built-in Smar tpor t Macros Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 166 10 # smartport storm-control broadcast level 10 smartport storm-control include-multicast smartport storm-control broadcast enable # spanning-tree portfast # @ no_printer [no_printer] #macro description No printer # no switchport acces[...]
-
Page 184
Smartport Built-in Smar tpor t Macros 167 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 10 smartport storm-control broadcast enab le # spanning-tree portfast # @ no_gue st] ] [no_guest] #macro description No guest # no switchport access vlan no switchport mode # no port security no port security mode # no smartport storm-con[...]
-
Page 185
Smar tp or t Built-in Smar tpor t Macros Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 168 10 spanning-tree portfast # @ no_ser ver [no_server] #macro description No server # no smartport switchport trunk nati ve vlan smartport switchport trunk allowed vlan remove all # no port security no port security mode no port security[...]
-
Page 186
Smartport Built-in Smar tpor t Macros 169 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 10 # @ no_host [no_host] #macro description No host # no smartport switchport trunk native v lan smartport switchport trunk allowed vla n remove all # no port security no port security mode no port security max # no smartport storm-contro[...]
-
Page 187
Smar tp or t Built-in Smar tpor t Macros Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 170 10 no_ip_cam era [no_ip_camera] #macro description No ip_camera # no switchport access vlan no switchport mode # no port security no port security mode # no smartport storm-control broadca st enable no smartport storm-control broadca s[...]
-
Page 188
Smartport Built-in Smar tpor t Macros 171 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 10 no_ip_phone [no_ip_phone] #macro description no ip_phone #macro keywords $voice_vlan # #macro key description: $voice_vlan: The voice VLAN ID # #Default Values are #$voice_vlan = 1 # smartport switchport trunk allowed vla n remove $voi[...]
-
Page 189
Smar tp or t Built-in Smar tpor t Macros Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 172 10 smartport storm-control broadcast enable # spanning-tree portfast # @ no_ip_phone_de sktop [no_ip_phone_desktop] #macro description no ip_phone_des ktop #macro keywords $voice_vlan # #macro key description: $voice_v lan: The voice V[...]
-
Page 190
Smartport Built-in Smar tpor t Macros 173 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 10 # @ no_switch [no_switch] #macro description No switch #macro keywords $voice_vlan # #macro key description: $voice_vlan: The voice VLAN ID # no smartport switchport trunk native v lan smartport switchport trunk allowed vla n remove al[...]
-
Page 191
Smar tp or t Built-in Smar tpor t Macros Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 174 10 #macro keywords $voice_vlan # #macro key description: $voice_vlan: The voice VLAN ID # no smartport switchport trunk native vlan smartport switchport trunk allowed vlan rem ove all # no smartport storm-control broadcast en able no s[...]
-
Page 192
Smartport Built-in Smar tpor t Macros 175 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 10[...]
-
Page 193
11 Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 176 Por t Man agemen t : PoE The P ower over Ethernet (P oE) f eature is only a vailable on P oE-b ased devices . F or a list of Po E-base d devices , ref er to the De v i ce M od e l s sect io n. This section de scribes how to use the P oE f eature. It covers the f ollowin g [...]
-
Page 194
Port Management: PoE PoE o n t h e D e v ic e 177 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 11 Power ov er Ethernet can be used in any ent erprise net work that deploys re latively low-powered device s connected to the Ethernet LAN, such as : • IP phones • W i r eless a ccess po i n ts • IP gatewa ys • Audio and [...]
-
Page 195
Por t Management : PoE PoE on t he D e vi c e Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 178 11 Y ou can decide the f ollowing: • Maximum power a PS E is allowed to supply to a PD • During device operation, to change the mode from Class Power Limit t o Port Limit and vice versa. The p ower values p er por t that were [...]
-
Page 196
Port Management: PoE Configuring PoE Pr op er tie s 179 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 11 may not be able t o pr operly supply power to its attaching PD s. T o prevent false det ection, you should disable PoE on the por ts on the PoE switches that are used to connect to PSEs . Y ou should also first p ower up [...]
-
Page 197
Por t Management : PoE Configuring P oE Settings Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 180 11 The f ollowing c ounters ar e displ a yed f or each device : • Nominal Power — The total amount of power th e devic e can supply to all the connected PD s. • Consum ed P ower —Amount of power currently being consume [...]
-
Page 198
Port Management: PoE Configuring PoE Settings 181 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 11 The administrat or configures all por ts to a llocate up t o 30 wat ts . This r esults in 48 times 30 p ort s equaling 1440 watts , which is too much. The device cannot pr ovide enough power to each por t , so it provides power[...]
-
Page 199
Por t Management : PoE Configuring P oE Settings Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 182 11 • Clas s — This field appears only if the P ower Mode set in the P oE Pr oper ties page is Class Limit . The clas s det ermines the power level: • Pow e r C o n su m pt i on —Display s the amount of power in milliwat[...]
-
Page 200
Port Management: PoE Configuring PoE Settings 183 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 11[...]
-
Page 201
12 Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 184 VL AN Mana gemen t This section c overs the f ollowing topics: • VL ANs • Configuring D e fault VL AN S ettings • Creating VL ANs • Configuring VL AN Interfac e Set tings • Defi nin g VLAN Me m be rs h ip • GVR P S et t in g s • VL AN Group s • Vo i c e V L[...]
-
Page 202
VLAN Management VL ANs 185 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 12 VL AN Des cription Each VLAN is co nfigur ed with a unique VI D ( VL AN ID) with a value fr om 1 t o 4094. A por t on a device i n a bridged networ k is a member o f a VLAN if it can se nd data to and r e ceive data from the VLAN. A por t is an untag[...]
-
Page 203
VL AN Management VL ANs Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 186 12 VL AN Roles VLANs function at Layer 2. All VLAN traf fic (Unicast /Broadcast /Multicast) remains within its VLAN. D evices at tached to diff er ent VLANs do not have dir ect connectivit y t o each other over the Ethernet MAC la yer . D evices from d[...]
-
Page 204
VLAN Management Configuring Def ault VL AN S ettings 187 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 12 Cust omer traffic is encapsulated with an S-tag with TPID 0x8100, r egardless of whether it was originally c-tagged or untagge d. The S-tag allows this traffic to be treat ed as an aggregat e within a pr ovider bridge ne[...]
-
Page 205
VL AN Management Configuring Def ault VL AN S ettings Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 188 12 • It cannot be use d f or any special role, such as unauthenticat ed VLAN or V oice VL AN. This is only r elevant f or OUI-enabled voice VL AN. • If a por t is no longer a memb er of any VLAN, the device au t omatic[...]
-
Page 206
VLAN Management Crea tin g VL ANs 189 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 12 Creating VL ANs Y ou can creat e a VL AN, but this has no eff ect until the VL AN is attache d t o at least one por t , either manually or dynamically . Po r ts must alwa ys belong to one or mor e VLANs . The 300 Serie s device suppor ts u[...]
-
Page 207
VL AN Management Configuring VL AN Int er face Settings Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 190 12 C onfiguring VL AN Inter fac e S et tings The Interface Set tings page displays and enables config uration of VL AN-relat ed parameters f or all interface s T o c onfigur e the VLAN s et tings: STEP 1 Click VL AN Man [...]
-
Page 208
VLAN Management De f i ni n g V L AN M em bers hi p 191 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 12 - Admit T agged Only — The interface acc epts only tagged frames . - Admit Untagged Only — The int erface accepts only untagged and priority frame s. • Ingres s Filtering —(A vailable only in General mode) Sele ct[...]
-
Page 209
VL AN Management De fin i ng V L AN Me mbe r s hi p Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 192 12 C onfiguring Por t to VL AN Use the Port to VLAN page t o display and configure the por ts within a spe cific VL AN. T o map p or ts or LAGs to a VLAN: STEP 1 Click VL AN Man agement > Port to VL AN . STEP 2 Select a V[...]
-
Page 210
VLAN Management De f i ni n g V L AN M em bers hi p 193 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 12 C onfiguring VL AN Memb ership The Port VL AN Membership page displays all por ts on the device along with a list of VLANs to which each por t belongs . If the por t-based authentication method fo r an interface is 802. 1[...]
-
Page 211
VL AN Management GV R P S e t t i n g s Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 194 12 - Forbidden — The interface is not allowed to join the VLAN even fr om GVRP r e gistration. When a por t is not a member of any other VLAN, enabling this option on the por t makes the por t par t of internal VLAN 4095 (a r eser ved[...]
-
Page 212
VLAN Management VL AN Groups 195 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 12 GVRP must be activat ed glob ally as well as on each por t . When it is activat ed, it transmits and r ec eives GARP P ack et Data Units (GPDUs ) . VL ANs that ar e defined but not active ar e not propagat e d. T o propagate the VLAN, it must b[...]
-
Page 213
VL AN Management VL AN Groups Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 196 12 If several classifications scheme s are defined, pack ets ar e assigne d t o a VLAN in the f ollowing order : • TA G : If the pack et is tagged , the VLAN is taken fr om the tag. • MAC-Based VLAN: If a MAC-ba sed VLAN has b een defined, th[...]
-
Page 214
VLAN Management VL AN Groups 197 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 12 NOTE This MAC addr ess cannot b e assigned to any other VLAN group. • Prefix Mask —Enter one of the f ollowing : - Ho st —Source host of the MAC address - Le n g t h — Prefix of the MAC address • Group ID —Ent er a user -cre ated VL[...]
-
Page 215
VL AN Management Vo i c e V L A N Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 198 12 Vo i c e V L A N In a LAN, voic e devices , such as IP phone s, V oIP endp oints, and voice syst ems ar e placed into the same VLAN. This VLAN is ref erred as the voice VLAN. If the voice devices are in diff er ent voice VLANs , IP (Lay er[...]
-
Page 216
VLAN Management Vo i c e V L A N 199 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 12 From a VLAN perspe ctive, the above models operate in both VLAN-awar e and VLAN-unaware en vironments. In the VL AN-awar e en vir onment , the voice VLAN is one of the many VLANs configured in an installation. The VLAN-unawar e scenario is [...]
-
Page 217
VL AN Management Vo i c e V L A N Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 200 12 Unlik e T elephon y OUI mode that dete cts voice devices ba sed on telephon y OU I, Au to Voi c e V L A N m o de de p e nd s o n Auto S ma r t p or t to d yn a mi ca l ly add the por ts to the v oice VL AN. Aut o Smartp or t , if enabled, [...]
-
Page 218
VLAN Management Vo i c e V L A N 201 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 12 When Aut o Smar tpor t is enabled, dep ending on Aut o V oice VL AN mode, Auto Smar tpor t is enabled when Auto V oic e VLAN become s operational. If desired, you can mak e Aut o Smar tpor t independent of Auto V oice VL AN. NOTE The defaul[...]
-
Page 219
VL AN Management Vo i c e V L A N Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 202 12 • When a new voice VLAN is c onfigured/ dis covered, the device automatically cr eat es it , and r eplaces all the p or t memberships of the existing voice VL AN t o the new voice VL AN. This ma y int errupt or terminat e e xisting voice[...]
-
Page 220
VLAN Management Vo i c e V L A N 203 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 12 V oic e VL AN C onstraints The f ollowing c onstraints exist: • Only one V oice VL AN is suppor ted. • A VLAN that is define d as a V oic e VLAN cannot b e remov ed In addition the f ollowing c onstraint s are applicable f or T elephon [...]
-
Page 221
VL AN Management Vo i c e V L A N Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 204 12 STEP 4 Select the Aut o V oice VL AN Activation metho d. NOTE If the device is currently in T elephon y OUI mode, you must disable it bef or e you can configur e Aut o V oice Vlan STEP 5 Click Apply . STEP 6 Configure Smartp or ts as descr[...]
-
Page 222
VLAN Management Vo i c e V L A N 205 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 12 Co nfiguring V oic e VL AN Proper tie s Use the V oice VL AN Proper ties page f or the f ollowing: • V iew how voice VL AN is curr ently configured. • Configure the VLAN ID of the V oic e VLAN. • Configure v oice VLAN QoS s ettings . [...]
-
Page 223
VL AN Management Vo i c e V L A N Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 206 12 - Enable T elephony OUI —Enable Dynamic V oic e VL AN in T elephony OUI mode. - Disable —Disable Aut o V oic e Vlan or T elephony OUI. • Auto V o ice VL AN Activation —If Aut o V oice VL AN was enabled, s elect one of the f ollowin[...]
-
Page 224
VLAN Management Vo i c e V L A N 207 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 12 • Sou r ce Ty pe —Displa ys the type of source where the voice VLAN is discovered by the r oot device. • CoS/802. 1 p —Displays CoS/802. 1 p values to be used by the LLDP -MED as a voice network policy . • DSCP —Displa ys DS CP [...]
-
Page 225
VL AN Management Vo i c e V L A N Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 208 12 • Vo i c e V L A N I D — T he identifier of the curr ent voice VLAN. • CoS/802. 1 p — The adver tised or configured CoS/802. 1 p value s that ar e used by the LLDP -MED as a voice network po licy . • DSCP — The adver tised or c[...]
-
Page 226
VLAN Management Vo i c e V L A N 209 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 12 T o c onfigure T elephony OUI and/ or add a new V oice VLAN OUI: STEP 1 Click VL AN Management > Vo i c e V L A N > Te l e p h o n y O U I . The T elephony OUI page contains the f ollowing fields: • T elephony OUI Op erational Statu[...]
-
Page 227
VL AN Management Vo i c e V L A N Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 210 12 Adding Interfac es to V oice VL AN on B asis of OUIs The QoS at tribut es can be as signed p er por t to the v oice packets in one of the f ollowing modes: • All —Qualit y of Ser vice (Q oS) values configured t o the V oice VL AN are a[...]
-
Page 228
VLAN Management Acces s P ort Mu lti c as t TV V L AN 211 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 12 Ac c e s s Por t Multic ast T V VL AN Multicast T V VL ANs enable Multicast tran smis sions to subscribers who are not on the same data VL AN (La yer 2-isolat ed), without replicating the Multicast transmission frames f[...]
-
Page 229
VL AN Management Acc e ss Po r t Multicast TV VL AN Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 212 12 IGMP Sno oping Multicast T V VL AN re lies on IGMP snooping, which means that : • Subscrib ers use IGMP me ssage s to jo in or leav e a Multicast gr oup. • Device p er f orms IGMP sno oping and configures the acc es s[...]
-
Page 230
VLAN Management Acces s P ort Mu lti c as t TV V L AN 213 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 12 C onfigura tion Wo rk f l ow Configure TV VL AN with the f ollowing st eps: 1 . Define a T V VL AN by associatin g a Multicast gr oup to a VLAN (using the Multicast Gr oup to VLAN page). 2. Spe cify the ac ces s p or ts[...]
-
Page 231
VL AN Management Cust omer Port Multicast TV VL AN Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 214 12 Por t Multicast VL AN Memb ership T o define the Multicast T V VL AN configuration: STEP 1 Click VLAN Management > Ac ces s Port Multicast T V VLAN > Por t Multicast VLAN Membership . STEP 2 Select a VL AN from the M[...]
-
Page 232
VLAN Management Cust omer Po r t Multicas t TV VL AN 215 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 12 All pack ets from the subscriber to the ser vice provider network are encapsulated by the acce ss devic e with the subscrib er ’ s VL AN configured as cust omer VLAN (Outer tag or S- VID), except f or IGMP snooping me [...]
-
Page 233
VL AN Management Cust omer Port Multicast TV VL AN Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 216 12 To m a p C P E V L A N s : STEP 1 Click VL AN Management > Customer P ort Multicast T V VLAN > CPE VL AN to VLAN. STEP 2 Click Add . STEP 3 Enter the f ollowing fields : • CPE VLAN —Enter the VLAN define d on the[...]
-
Page 234
VLAN Management Cust omer Po r t Multicas t TV VL AN 217 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 12[...]
-
Page 235
13 Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 218 Sp anning T re e This section de scribe s the Spanning T ree Prot o col (STP) (IEEE802. 1D and IEEE802. 1Q) and covers the f ollowing topics: • STP Flavors • Configuring STP Status and Global S et tings • De fining Spanning Tr ee Inter face S et tings • Configuring[...]
-
Page 236
Spanning Tree Configuring S TP Status and Global Settings 219 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 13 The device suppor ts the f ollowing Spanning T ree Pr otocol versions: • Classic STP – Provides a single path bet ween any two end stations , av oiding and eliminating lo ops . • Rapid STP (R STP) – Det ects[...]
-
Page 237
Sp anning Tree Configuring S TP Sta tus and Global Sett ings Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 220 13 • BPDU Handling —Sele ct how Bridge Pr ot oc ol Da ta Unit (BPDU) pack ets ar e managed when STP is disabled on the por t or the device. BPDUs are used t o transmit spanning tr ee inf ormation. - Fil t e ri n[...]
-
Page 238
Spanning Tree Defining Spanning T ree Int er face S e ttings 221 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 13 • T op ology Change s Counts — The total number of S TP t opology changes that hav e occurred. • L ast T op ology Change — The time int er val that elapse d since the last topology change occurred. The ti[...]
-
Page 239
Sp anning Tree Defining Spannin g T r ee Int er face Settings Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 222 13 • Root Guard —Enables or disable s Root Guar d on the device. The Root Guar d option pr ovides a way t o enf orce the r oot bridge placement in the network . Root Guar d ensur es that the por t on which this[...]
-
Page 240
Spanning Tree Configur ing Rapid Spann ing T ree S etting s 223 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 13 - Blo ck ing — The po r t is curr ently blocked, and cannot f or ward traffic (with the ex c eption of BPDU data) or learn MA C addresse s. - Listening — The por t is in Listening mode. T he por t cannot f or [...]
-
Page 241
Sp anning Tree Configuring R apid Spanning T r ee S ettings Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 224 13 T o enter RS TP settings : STEP 1 Click Sp anning T r ee > STP Status and Global S et tings . Enable RSTP . STEP 2 Click Sp anning T r ee > RSTP I nt erfa ce Setting s . The RS TP Int er face Set tings page [...]
-
Page 242
Spanning Tree Configur ing Rapid Spann ing T ree S etting s 225 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 13 - Design at ed — The interface through which the bridge is connected t o the LAN, which provides the lowest co st path fr om the LAN to the R oot Bridge. - Alternat e —Provides an alt ernat e path t o the Root[...]
-
Page 243
Sp anning Tree Multiple S panning T ree Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 226 13 Multiple Sp anning T re e Multiple Spanning T ree Prot o col (MSTP) is used to separat e the S TP por t state bet ween various domains (on dif f erent VL ANs ). For e xample, while por t A is blocked in one S TP instance due t o a lo[...]
-
Page 244
Spanning Tree Mapping VL ANs to a MS TP I nstance 227 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 13 Switches int ended to be in the s ame MST r egion are never separated by switches from another MS T r egion. If they are separat ed, the region bec omes t wo separat e re gi on s . This mapping can be done in the VL AN to M[...]
-
Page 245
Sp anning Tree De fin ing M S TP I n s tan ce Se tt i n gs Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 228 13 F or those VL ANs that ar e not e xplicitly mapped to one of the MS T instances , the device automatically maps them to the CIS T (C ore and Inte rnal Spanning T ree) instance. The CIST instance is MST instance 0. [...]
-
Page 246
Spanning Tree De f i ni n g MS TP I n te rfa ce Se tt i ng s 229 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 13 • Included VL AN —Displa ys the VLANs mappe d to the select ed instance. The default mapping is that all VLANs are mapped to the common and internal spanning tr ee (CIST ) instance 0) . • Bridge Priorit y ?[...]
-
Page 247
Sp anning Tree De fin in g M S TP I n terf ace Se tti ng s Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 230 13 STEP 5 Enter the paramet ers. • Instanc e ID —S elect the MS T instance to be configured. • Interfac e —Sele ct the interface f or which the MS TI set tings ar e t o be defined. • Interfac e Priorit y —[...]
-
Page 248
Spanning Tree De f i ni n g MS TP I n te rfa ce Se tt i ng s 231 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 13 - Bac k u p — The interface provides a b ackup path to the designat ed por t path t oward the Spanning T ree le av es . Ba cku p p orts occ ur wh en two por ts are connected in a loop by a p oint -to-point link[...]
-
Page 249
14 Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 232 Man aging MA C A ddre s s T able s This section de scribe how to add MA C addresse s t o the syst em. It covers the f o llowing t opics : • Configuring St a tic MAC Addr es s es • Managing D ynamic MA C Addres se s • Def in i n g R ese r ved MA C A d d r esses Typ es[...]
-
Page 250
Managing MAC Address Tables Configuring Sta tic MAC Addr ess es 233 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 14 C onfiguring Static MA C A ddres s e s Static MAC a ddresses are assigne d t o a specific physical i nterface and VLAN on the device. If tha t address is detected on another interface, it is ignor ed, and is n[...]
-
Page 251
Ma nagi ng M A C Ad d r ess T abl es Managing Dynamic MAC Addr ess es Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 234 14 Managing D yn amic MA C Addre s s e s The Dynamic Addr e ss T able (bridg ing table ) contains the MA C addr ess es acquired by monit oring the source addr es ses of frame s entering the device. T o prev[...]
-
Page 252
Managing MAC Address Tables Defining Res er ve d MAC Address es 235 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 14 D efining Re s er ve d MA C A ddres s e s When the device receives a frame with a Destination MAC address that belongs to a r eser ved range (per the IEEE standard), the frame can be dis carded or bridged. The[...]
-
Page 253
15 Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 236 Multic ast This section de scribe s the Multicast F or warding f eature, and covers the f ollowing top ic s : • Multicast For warding • De fining Multicast Proper tie s • Addi ng M A C Gr oup Addr e ss • Ad d in g IP Mul tica st G r oup Add r esses • Configuring [...]
-
Page 254
Multicast Multicast F orwarding 237 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 15 F or Multicast f or warding t o work acr os s IP subnets, node s, and rout ers must be Multicast-capable. A Multicast -capable node must be able to: • Send and r eceive Multicast pack ets . • Register the Multicast addr e sse s being lis[...]
-
Page 255
Multic ast Multicas t Forwar ding Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 238 15 The device can f orward Multicast str eams based on one of the f ollowing options: • Multicast MAC Gr oup Addr es s • IP Multicast Group Addr ess (G) • A combination of the source IP address (S) and the destination IP Multicast Group[...]
-
Page 256
Multicast Defining Multicas t Pr oper tie s 239 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 15 If the device is enab led as an IGMP Querier , i t star ts after 60 se conds have passed with no IGMP traffic (queries ) det ect ed from a Multicast r outer . In the presence of other IGMP Queriers, the devic e might (or might no[...]
-
Page 257
Multic ast Defining Multicas t Proper ties Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 240 15 A common way of r epr esenting Multicast memb ership is the (S,G) notation wher e S is the (single) sour ce sending a Multicast stream of data, and G is the IP v 4 or IP v6 gr oup addr es s. If a Multicast client can receive Multi[...]
-
Page 258
Multicast Adding MAC Gr oup Addr ess 241 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 15 STEP 3 Click Apply . The Running C onfiguration file is updated. Adding MAC Gr oup Addre s s The device suppor ts f orwarding incoming Multicast traffic base d on the Multicast group inf ormation. This inf ormation is derived fr om the [...]
-
Page 259
Multic ast Adding MAC Gr oup Address Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 242 15 Entries that were cr eat ed both in this page and in the IP Multicast Group Addr es s page ar e display ed. For those creat ed in the IP Multicast Group Addr es s page, the IP address es are conv er ted t o MAC addr ess es . STEP 4 Clic[...]
-
Page 260
Multicast Adding IP M ulticas t Gr oup Addr esse s 243 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 15 Adding IP Multic ast Group Addre s s e s The IP Multicast Group Addr ess page is similar to the MAC Gr oup Addr ess page ex c ept that Multicast gr oups are id entified by IP addresses . The IP Multicast Group Addr ess pag[...]
-
Page 261
Multic ast Configuring IGMP Sn ooping Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 244 15 • IP Sourc e Addre ss —D efines the source address to be included. STEP 6 Click Apply . The IP Multicast group is added, and the device is up dat ed. STEP 7 T o configure and displa y the r egistration of an IP gr oup addr ess , se[...]
-
Page 262
Multicast Configuring IGMP Snooping 245 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 15 When IGMP Snooping is enabled globally or on a VL AN, all IGMP packets ar e f or warded t o the CPU . The CPU analy zes the incoming packets, and determines the f ollowing : • Which por ts ar e asking t o join which Multicast gr oups o[...]
-
Page 263
Multic ast Configuring IGMP Sn ooping Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 246 15 Ther e can be only one IGMP Querier in a network . The device supp or ts standards-based IGMP Querier election. Some of the values of the operational parameters of this table ar e sent by the elected querier . The other values are deri[...]
-
Page 264
Multicast MLD Snooping 247 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 15 • Operational L ast Member Quer y Inter val —Displays the Last Member Quer y Inter val sent by the elected querier . • Im m e d i ate L e av e —Enable Imme diate L eave t o decrease the time it takes to block a Multicast stream sent t o a me [...]
-
Page 265
Multic ast MLD Snooping Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 248 15 In an appr oach similar to IGMP snooping, MLD frames are snooped as they are f or warded by the device from stations t o an upstream Multicast rout er and vice versa. This facility enable s a device to conclude the f ollowing : • On which por ts s[...]
-
Page 266
Multicast Quer ying IGMP /MLD IP Multicas t Group 249 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 15 • Operational Quer y Robustness —Displa ys the robustness variable sent by the elected querier . • Quer y Inter val —Enter the Quer y Int er val value t o be used by the devic e if the device cannot derive the value[...]
-
Page 267
Multic ast Defining Mu lticast R outer P orts Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 250 15 There might be a diff er ence bet ween information on this page and, f or example, inf ormation displayed in the MAC Group Addr ess page . A ssuming that the system is in MAC-base d gr oups and a p or t that requested to join t[...]
-
Page 268
Multicast Defining F orward Al l Multicas t 251 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 15 T o statically c onfigure or see dynamically- detect ed por ts c onnected to the Multicast rout er : STEP 1 Click Multicast > Multic ast Router Por t . STEP 2 Ent e r some or all of fo llowing quer y filter crit eria: • VL A[...]
-
Page 269
Multic ast Defining Unr egister ed Multicas t Settings Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 252 15 IGMP or MLD mes sages are not f or warded to por ts defined as For w a r d A l l . NOTE The configuration aff ects only the por ts that ar e members of the selected VL AN. T o define Forw ar d All Multicast : STEP 1 Cl[...]
-
Page 270
Multicast D e fining Unregist ered Multicast Settings 253 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 15 Y ou can select a p or t to receive or filt er unregister ed Multicast streams. The configuration is valid f or an y VL AN of which it is a member (or will be a member) . This f eature ensures that the cust omer r eceiv[...]
-
Page 271
16 Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 254 IP C onfigura tion IP int er face addresse s can be configured manually by the user , or automatically configured by a DHCP se r ver . This se ction provides inf o rmation f or defining the device IP address es , either manually or by making the device a DHCP client . This[...]
-
Page 272
IP Configuration Over view 255 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 16 L a yer 2 IP Addre ssing In Lay er 2 system mode, the device has up to one IPv 4 address and up to two IP v6 interfaces (either “native” int er face or T unnel) in the management VLAN. This IP address and the default gatewa y can be configure[...]
-
Page 273
IP Configuration IPv4 Management and In terface s Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 256 16 • The system status LED changes to solid gr een when a new unique IP addr es s is r eceived from the DHC P ser ver . If a static IP address has been set , the system status LED also chang es to solid gr een. The LED flash[...]
-
Page 274
IP Configuration IPv4 Managemen t and In terface s 257 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 16 D efining an IP v4 Inter face in L ayer 2 System Mo de T o manage the device by using the web- b ased c onfiguration utility , the IPv4 device management IP address must b e defined and known. The devic e IP address can be[...]
-
Page 275
IP Configuration IPv4 Management and In terface s Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 258 16 If a dynamic IP addr es s is retrieved fr om the DHCP ser ver , s elect tho se of the f ollowing fields that are enabled: • Renew IP Addres s Now — The device dynamic IP address can be renewed any time after it is assig[...]
-
Page 276
IP Configuration IPv4 Managemen t and In terface s 259 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 16 • IP Addres s —Configured IP address f or the int er face. • Mask —Configured IP address mask . • Status —R esults of the IP addr es s duplication check . - Te n t a t i v e — There is no final result f or th[...]
-
Page 277
IP Configuration IPv4 Management and In terface s Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 260 16 IP v4 Route s When the device is in La yer 3 syst em mode, this page enables configuring and viewing IP v 4 static rout es on the device. When routing traffic, the ne xt hop is decide d on according t o the longest prefix m[...]
-
Page 278
IP Configuration IPv4 Managemen t and In terface s 261 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 16 ARP The device maintains an ARP (A ddr es s Re solution Pro tocol) table f or all known devices that reside in the IP subnets directly connected to it . A directly-connected IP subnet is the subnet t o which an IPv4 inte r[...]
-
Page 279
IP Configuration IPv4 Management and In terface s Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 262 16 • Status — Whether the entr y was manually enter ed or dynamically learned. STEP 4 Click Add . STEP 5 Enter the paramet ers: • IP V e rsion — T he IP addr es s f o rmat suppor t ed by the host . Only IP v 4 is suppo[...]
-
Page 280
IP Configuration IPv4 Managemen t and In terface s 263 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 16 STEP 3 Click Apply . The ARP pro x y is enabled, and the Running Configuration file is updated. UDP Rela y /IP Help er The UDP Rela y /IP Help er f eature is only a vailable when the device is in La yer 3 system mode. Swit[...]
-
Page 281
IP Configuration IPv4 Management and In terface s Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 264 16 A trust ed p or t is a por t that is connected to a DHCP ser ver and is allowed to assign DHCP ad dr es ses . DHCP mes sage s r eceived on trusted por ts are allowed t o pas s thr ough the device. An untrusted por t is a po[...]
-
Page 282
IP Configuration IPv4 Managemen t and In terface s 265 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 16 The f ollowing Option 82 options are a vailable on the device : • DHCP Inser tion - Add Option 82 info rmation to pack ets that do not ha ve f oreign Option 82 inf ormation. • DHCP Passthrough - F or ward or r eject DH[...]
-
Page 283
IP Configuration IPv4 Management and In terface s Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 266 16 The f ollowing de scribe s how DHCP request packets are handled when both DHCP Snooping and DHCP Relay ar e enabled: Option 82 Inser tion Disable d Pac ke t i s s en t without Option 82 Pac ke t i s s e n t with the origina[...]
-
Page 284
IP Configuration IPv4 Managemen t and In terface s 267 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 16 The f ollowing de scrib es how DHCP Reply pack ets ar e handled when DHCP Snooping is dis abled: Option 82 Inser tion Enabled Relay – is sen t with Option 82 Bridge – Option 82 is added (if por t is trust ed, beha ves [...]
-
Page 285
IP Configuration IPv4 Management and In terface s Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 268 16 Option 82 inser tion disable d Pac ke t is sen t without Option 82 Pac ke t is sent with the original Option 82 Relay – discards Option 82 Bridge – Pac ket is sent without Option 82 Relay – 1. I f r e p l y originat e[...]
-
Page 286
IP Configuration IPv4 Managemen t and In terface s 269 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 16 The f ollowing de scrib es how DHCP r eply packets ar e handled when both DHCP Snooping and DHCP Rela y ar e enabled DHCP Sno oping Binding Da tab as e DHCP Snooping builds a databas e (known as the DHCP Snooping Binding d[...]
-
Page 287
IP Configuration IPv4 Management and In terface s Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 270 16 The DHCP Snooping Binding databas e is also use d by IP Source Guar d and Dynamic ARP Inspe ction f eatures to det ermine legitimate packet sour ces . DHCP T rusted Por ts Po r ts can be either DHCP trusted or untrusted. By[...]
-
Page 288
IP Configuration IPv4 Managemen t and In terface s 271 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 16 STEP 6 Device f or wards DHCPOFFER, DHCP A CK , or DHCPNAK . The f ollowing summarize s how DHCP pack ets ar e handled from both trust ed and untrusted por ts. The DHCP Sno oping Binding databas e is st or ed in non-volati[...]
-
Page 289
IP Configuration IPv4 Management and In terface s Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 272 16 DHCP Sno oping Along With DHCP Rela y If both DHCP Snooping and DHCP Relay ar e globally enabled, then if DHCP Snooping is enabled on the client's VL AN, DHCP Snooping rules c ontained in the DHCP Snooping Binding data[...]
-
Page 290
IP Configuration IPv4 Managemen t and In terface s 273 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 16 STEP 1 Enable DHCP Sno oping and/ or DH CP Relay in the IP C onfigura tion > DHCP > Propertie s page or in the Se curit y > DHCP Snooping > Proper ties page. STEP 2 Define the inter faces on which DH CP Snoopin[...]
-
Page 291
IP Configuration IPv4 Management and In terface s Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 274 16 STEP 2 Click Apply . The set tings ar e written to the Running Configuration file. STEP 3 T o define a DHCP ser ver , click Add . STEP 4 Enter the IP addr ess of the DHCP s er ver and click Apply . The set tings ar e writte[...]
-
Page 292
IP Configuration IPv4 Managemen t and In terface s 275 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 16 DHCP Sno oping Binding Da tabas e See How the DHCP Snooping Binding Databas e is Built f or a de scription of how dynamic entries are added to the DHCP Snooping Binding database. Not e the f o llowing points about mainte n[...]
-
Page 293
IP Configuration DHCP S er ver Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 276 16 STEP 4 Click Apply . The set tings ar e defined, and the device is up dat ed. DHCP S er ver The DHCP v 4 Ser ver f eature enables you t o configure the device as a DHCP v 4 ser ver . A DHCP v 4 ser ver is used t o assign IP v 4 addr ess and o[...]
-
Page 294
IP Configuration DHCP Ser ver 277 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 16 The f ollowing options can b e set with the generic DHCP option CLI command: • Integer type : 2, 13, 22, 26, 24, 25, 35, 38 • A SCII t ype : 14, 17 , 18, 40 , 43, 47 , 64 • IP Addr es s type : 16, 28, 32 • IP List typ e: 5, 7 - 11 , 21[...]
-
Page 295
IP Configuration DHCP S er ver Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 278 16 De pe n d e n c ies Betw een Fea tu r es • A single interface cannot be configured as both a DHCP v 4 client and DHCP v 4 ser ver at the s ame time. • If DHCP v 4 Relay is enabled, the device cannot be c onfigured as a DHCP ser ver . D ef[...]
-
Page 296
IP Configuration DHCP Ser ver 279 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 16 STEP 5 V iew the allocated IP addr ess es using the Address Binding page. IP address es can be deleted in this page. DHCP v4 S er ver T o c onfigure the device as a DHCP v 4 ser ver : STEP 1 Click IP Configuration > IP v 4 Management and In[...]
-
Page 297
IP Configuration DHCP S er ver Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 280 16 • Po ol N am e — Enter the pool name. • Subnet IP Address —Enter the subnet in which the network p ool resides . • Mask —Ent er one of f ollowing : - Network Mask —Che ck and ente r the pool’s network mask . - Prefix L ength ?[...]
-
Page 298
IP Configuration DHCP Ser ver 281 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 16 - Mixe d —A combination of b -node and p-node c ommunications is used to regist er and r esolve NetBIO S names . M-node first uses b-node ; then, if nec ess ar y , p-no de. M-node is t ypically not the best choice f or larger networks b ecau[...]
-
Page 299
IP Configuration DHCP S er ver Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 282 16 T o manually allocate a permanent IP address to a specific client : STEP 1 Click IP Configuration > IP v 4 Management and Int er faces > DHCP Ser ver > Static Hosts to displa y the Static Hosts page. The static hosts are displa yed. [...]
-
Page 300
IP Configuration DHCP Ser ver 283 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 16 - Hybrid —A hybrid combination of b -node and p-node is us ed. When configured to use h-node, a computer alwa ys trie s p-node first and uses b- node only if p-node fails. This is the default . - Mixe d —A combination of b -node and p-node[...]
-
Page 301
IP Configuration IPv6 Manag ement and I n ter faces Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 284 16 • Le a s e E x p i r a t i o n — The leas e expiration dat e and time of the host’ s IP addr es s or Infinite is such was the lease duration defined. • Ty p e — The manner in which the IP addres s was assigned t[...]
-
Page 302
IP Configuration IPv6 Management and In terface s 285 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 16 IP v 6 Glob al C onfiguration T o define IPv6 glob al parameters and DHCPv6 client set tings : STEP 1 In La yer 2 syst em mode, click Admini stra tion > Management In terfac e > IP v 6 Global C onfiguration . In Lay e[...]
-
Page 303
IP Configuration IPv6 Manag ement and I n ter faces Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 286 16 T o define an IP v6 inter face: STEP 1 In La yer 2 syst em mode, click Admini str a ti on > Managemen t Interfac e > IP v 6 Interfac e s . In La yer 3 syst em mode, click IP C onfiguration > IP v6 Man agement and[...]
-
Page 304
IP Configuration IPv6 Management and In terface s 287 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 16 • Sen d I CM P v6 M essag e s —Enable generating unreachable destination mess ages. STEP 6 Click Apply t o enable IPv6 proce ssing on the se lected int er face. Regular IP v6 interfaces have the f ollowing addres ses au[...]
-
Page 305
IP Configuration IPv6 Manag ement and I n ter faces Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 288 16 • Rec eive d Information Refresh Time —Refr esh time r e ceived fr om D HCP v6 ser ver . • Remaining Information Refresh Time —Remaining time until ne xt refresh. • DNS Ser vers —List of DNS ser vers r eceived[...]
-
Page 306
IP Configuration IPv6 Management and In terface s 289 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 16 Co nfiguring T unnels NOTE T o configure a tunnel, first configure an IP v6 interface as a tunnel in the IP v6 Interface s page. T o configure an IP v6 tunnel: STEP 1 In La yer 2 syst em mode, click Administration > Mana[...]
-
Page 307
IP Configuration IPv6 Manag ement and I n ter faces Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 290 16 • ISA T AP Robustnes s —Us ed t o calculate the int er val f or the DNS or r out er solicitation queries. The larger the numb er , the more fr equent the queries . NOTE The ISA T AP tunnel is not operational if the un[...]
-
Page 308
IP Configuration IPv6 Management and In terface s 291 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 16 is spe cified in hexadecimal f ormat b y using 16-bit values s eparat ed by colons .Y ou cannot configure an IP v6 addresse s directly on an ISA T AP tunnel int er face. • Prefix Length — The length of the Global IP v6 [...]
-
Page 309
IP Configuration IPv6 Manag ement and I n ter faces Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 292 16 In La yer 3 syst em mode, click IP C onfiguration > IP v6 Man agement and Interfac e s > IP v 6 D efault Router List . This page displays the f ollowing fiel ds f or each default rout er : • De fault Ro uter IP v [...]
-
Page 310
IP Configuration IPv6 Management and In terface s 293 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 16 D efining IP v 6 Neighb ors Information The IP v6 Neighbors page enables configuring and viewing the list of IP v6 neighbors on the IP v6 int erfac e. The IP v6 Neighbor T able (also known as IP v6 Neighbor Disc over y Cach[...]
-
Page 311
IP Configuration IPv6 Manag ement and I n ter faces Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 294 16 - Stale —Pr eviously-known neighbor is unreachable. No action is tak en t o verify its reachability until traffic must be sent . - Dela y —Pr eviously-known neighbor is unreachable. The int erface is in Delay stat e f[...]
-
Page 312
IP Configuration IPv6 Management and In terface s 295 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 16 STEP 1 Click Administra tion > Management Interfac e > IP v 6 Routes . -or T o view IPv6 routing entries in Lay er 3 system mode: Click IP Configuration > IP v 6 Management and Interfac e s > IP v6 Route s . Thi[...]
-
Page 313
IP Configuration IPv6 Manag ement and I n ter faces Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 296 16 - Static — The entr y was manually c onfigured by a user . DHCP v 6 Relay DHCP v6 Rela y is used f or r elaying DHCPv6 mes sage s t o DHCP v6 ser vers . It is defined in RFC 3315. When the DHCP v6 client is not dir ectl[...]
-
Page 314
IP Configuration Do m ai n Na me 297 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 16 • DHCP v 6 Ser ver IP Addres s —Enter the addr e ss of the DHCP v6 s er ver t o which pack ets ar e f or warded. • IP v 6 Interface —Ent er the int er face on which pack ets ar e transmitted when the address t ype of the DHCP v6 ser[...]
-
Page 315
IP Configuration Domain Name Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 298 16 As a DNS client , the device resolves domain nam es to IP addr e s ses through the use of one or mor e configured DNS ser vers. DNS S et tings Use the DNS Set tings page to e nable the DNS f eatur e, configure the DNS ser vers and set the defau[...]
-
Page 316
IP Configuration Do m ai n Na me 299 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 16 • Prefer ence —Each s er ver has a pref erence value, a lowe r value means a higher chance of being us ed. • Sou r ce —Source of the ser ver ’ s IP addr es s (static or DHCPv 4 or DHCP v6) • Interfac e —Int er face of the ser [...]
-
Page 317
IP Configuration Domain Name Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 300 16 • Sou rce —Source of the ser ver ’ s IP addr es s ( static or DHCP v 4 or DHCPv6) f or this dom ain. • Interfac e —Interface of the s er ver ’s IP addr e ss fo r this domain. • Pref erence — This is the order in which the domain[...]
-
Page 318
IP Configuration Do m ai n Na me 301 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 16 • Type —Is this a Dy na m i c or Static entr y to the cache. • Status — Displa ys the results of attempts t o acces s the host - OK —A t t e mpt su cceed ed. - Negative Cache —Attempt f ailed, do not tr y again. - No Response ?[...]
-
Page 319
17 Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 302 Sec u r i t y This section de scrib es device s ecurit y and acces s control. The syst em handles various typ es of se curit y . The f ollowing list of topics des cribes the various t ype s of securit y f eatures des cribed in this se ction. Some f eatur es are used f or m[...]
-
Page 320
Security De fin i ng Use r s 303 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 • Con fig u r in g RAD I U S • Con fig u ri n g P ort Secu r ity • Configuring 802. 1 X • De fining Time Ranges Pr otection fr om other network us ers is describe d in the f ollowing s ections. The se ar e att acks that pass through, bu[...]
-
Page 321
Secu r ity De fin i ng U ser s Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 304 17 STEP 1 Click Admin ist ra tion > User Acc ounts . This page displays the users defined in the system and their user privilege level. STEP 2 Select P a s s w o r d R e c o v e ry S erv i ce to enable this f eature. When this is enabled, an [...]
-
Page 322
Security De fin i ng Use r s 305 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 STEP 5 Click Apply . The us er is added to the Running Configuration file of the device. Set t ing Password Complexit y Rules Pa s swor ds ar e used to authenticat e users acce ssing the device. Simple passwords are potential securit y hazards.[...]
-
Page 323
Secu r ity Configuring T ACACS+ Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 306 17 STEP 4 If the Password C omplexit y Set ti ngs ar e enabled, the f ollowing parameters ma y be c onfigured: • Minimal Pas sword Length —Enter the minimal number of charact ers r equi r ed f or p a ssw or ds. NOTE A zer o-length pas sword[...]
-
Page 324
Security Configuring T ACACS+ 307 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 • Accoun ting —Enable accounting of lo gin ses sions using the T AC ACS+ ser ver . This enable s a syst em administrat or to generat e ac counting reports from the T ACACS+ ser ver . In addition t o providing authentication and authorizati[...]
-
Page 325
Secu r ity Configuring T ACACS+ Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 308 17 Def au l t s The f ollowing defaults are r elevant t o this f eature: • No def ault T ACACS+ ser ver is defined by def ault . • If you configure a T ACACS+ ser ver , the acc ounting f eature is disable d by default . Interactions With O [...]
-
Page 326
Security Configuring T ACACS+ 309 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 STEP 1 Click Sec ur i ty > TA C A C S + . STEP 2 Enable T ACACS+ Ac counting if required. Se e e xplanation in the Accou nt ing Using a T AC A CS+ S er ver secti on . STEP 3 Ent er the f ollowing default paramet ers: • Key St ri ng —Ent[...]
-
Page 327
Secu r ity Configuring T ACACS+ Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 310 17 • Serve r IP Add r ess/ N a me —Enter the IP address or name of the T ACA CS+ ser ver . • Priorit y —Ent er the order in which this T A CA CS+ ser ver is used. Z ero is the highest priorit y T ACA CS+ se r ver and is the first ser ve[...]
-
Page 328
Security Configur ing R ADIUS 311 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 C onfiguring R ADIUS Remot e Authorization Dial-In User Ser vic e (R ADIUS) ser vers pr ovide a centralized 802. 1 X or MAC-based net work acces s control. The device is a R ADIUS client that can use a R ADIUS ser ver t o pr ovide centralized [...]
-
Page 329
Secu r ity Configuring RADIUS Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 312 17 Interactions With O ther Features Y ou cannot enable acc ounting on both a R ADIUS and T ACA CS+ s er ver . Radius Workflow T o us er a R ADIUS ser ver , do the f ollowing: STEP 1 Open an acc ount f or the devic e on the R ADIUS ser ver . STEP[...]
-
Page 330
Security Configur ing R ADIUS 313 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 • Dea d T i m e —Ent er the numb er of minutes that elapse befor e a non- responsive R ADIUS ser ver is bypas se d f or s er vic e r eque sts. If the value is 0 , the ser ver is not bypas se d. • Key St ri ng —Enter the default ke y st[...]
-
Page 331
Secu r ity Configuring RADIUS Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 314 17 • Serve r IP Add r ess/ N a me —Enter the R ADIUS ser ver by IP address or name. • Priorit y —Ent er the priority of the s er ver . The priorit y det ermines the order the device attempts t o contact the ser vers t o authenticat e a us[...]
-
Page 332
Security Configurin g Manageme nt Acc es s Authentication 315 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 STEP 6 T o display sensitive data in plaint e xt f orm in the configuration file, click Displa y Sen sitive Data As Plaintex t . STEP 7 Click Apply . The R ADIUS ser ver definition is added to the Running Configurat[...]
-
Page 333
Secu r ity Defining Management Acc ess Method Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 316 17 • Lo c a l —Us ername and pas swor d are check ed against the data stor ed on the local device . These username and pas sword pairs ar e defined in the User Acc ounts page. NOTE The Loc al or None authentication method must[...]
-
Page 334
Security Defining Managemen t Ac ce ss Method 317 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 • Sourc e IP Address —IP addres ses or subnets . Acc es s t o management methods might diff er among user groups. For e xample, one user group might be able to acce ss the devic e module only by using an HTTPS ses sion, whi[...]
-
Page 335
Secu r ity Defining Management Acc ess Method Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 318 17 A caution mes sage displays if you selected any other acces s profile, warning you that , depending on the s elected acces s profile, y ou might be disc onnected from the web- base d configuration utilit y . STEP 3 Click OK to [...]
-
Page 336
Security Defining Managemen t Ac ce ss Method 319 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 - All — A p p l ie s t o a l l po r t s, VL A Ns, an d LA G s. - Us er D ef in e d —Applie s t o selected interfac e. • Interfac e —Ent er the interface numb er if User Define d was sele ct ed. • Applies to S ource IP[...]
-
Page 337
Secu r ity Defining Management Acc ess Method Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 320 17 STEP 1 Click Secu r i ty > Mgmt Ac c es s Metho d > Profile Rules . STEP 2 Select the Filter field, and an acce ss profile. Click Go . The selected acce ss profile appears in the Pr ofile Rule T able. STEP 3 Click Add t o[...]
-
Page 338
Security SSL Serve r 321 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 • Interfac e —Ent er the interface numbe r . • Applies to S ource IP Addres s —Select the t ype of s our ce IP address to which the acces s profile applies. The Sour ce I P A d dr ess field is valid f or a subnetwork . Sele ct one of the f ollo[...]
-
Page 339
Secu r ity SSL Serve r Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 322 17 T o op en an HTTPS s ession with a us er -creat ed cer tificate, per f orm the f ollowing actions: 1 . G enerat e a cer tificat e. 2. Request that the cer tificat e be cer tified by a CA . 3. Impor t the signed c er tificate int o the de vice. D efau[...]
-
Page 340
Security SSL Serve r 323 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 - Org ani z ati on Un it— Spe cifies the organization-unit or depar tment name. - Org ani z ati on Na me — Sp ecifies the organization name. - Lo c a t i o n — Specifie s the lo cation or city name. - St a t e— Specifie s the stat e or pr ovinc[...]
-
Page 341
Secu r ity Configuring T CP /UDP S er vic es Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 324 17 C onfiguring T CP /UDP S e r vic e s The T CP /UDP S er vice s page enables T CP or UDP -base d ser vices on the device, usually f o r securit y reasons . The devic e of f er s the f ollowing T CP /UDP s er vic es : • HT TP ?[...]
-
Page 342
Security Defining St orm Cont rol 325 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 • Remote IP Addre ss —IP ad dr es s of the remot e device that is requesting the service. • Remote Por t — T CP por t of the remot e device that is requesting the s er vice. • State —Status of the ser vice. The UDP Ser vic es t[...]
-
Page 343
Secu r ity Configuring P or t S ecurit y Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 326 17 STEP 1 Click Secu r i ty > Storm C ontrol . All the fields on this page ar e describ ed in the Edit St orm Control page e x cept f or the Sto rm C o ntrol Rate T hre sh old (%) . It displays the percent of the t otal a vailable b[...]
-
Page 344
Security Configuring P or t Se curit y 327 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 • Classic Lo ck —All learne d MAC addr es ses on the p or t are locked, and the por t doe s not learn any new MAC addr ess es . The learned address es are not subject to aging or re-learning. • Limite d Dyna mic Lock — The dev[...]
-
Page 345
Secu r ity Configuring P or t S ecurit y Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 328 17 • Interfac e —Sele ct the interface name. • Interfac e Status —Select to lock the por t . • Le arning Mode —S elect the t ype of por t lo cking. T o configure this field, the Int er face Status must be unlocked. The L ea[...]
-
Page 346
Security Configuring 802. 1 X 329 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 • Tr a p —Select to enable traps when a packet is r eceived on a lo ck ed por t . This is relevant f or lo ck violations . F or Classic L ock , this is any new address received. F or Limited Dynamic L ock , this is any new addr e ss that e[...]
-
Page 347
Secu r ity Configuring 802. 1 X Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 330 17 - Single se s sion/multiple hosts — This f ollows the 802. 1 x standar d. In this mode, the device as an authenticat or allows an y device to use a port as long as it has been granted permis sion. • Multi-S es sion 802. 1 X —E ver y de[...]
-
Page 348
Security Configuring 802. 1 X 331 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 delimiting charact ers (f or e xample : aaccbb55 ccf f). T o us e MAC-based authentication at a por t : - A Guest VL AN must be defined - The por t must be Gue st VLAN enable d. - The packets fr om the first supplicant at the por t bef or e it[...]
-
Page 349
Secu r ity Configuring 802. 1 X Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 332 17 The device als o uses the Gue st VLAN for the authentication proces s at por ts configured with Multiple Se ssion mo de and MAC-based authentication. Theref ore, you must configur e a Guest VL AN bef or e you can use the MAC authentication m[...]
-
Page 350
Security Configuring 802. 1 X 333 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 • Por t-B ase d Authentication —Enable or disable por t-based, 802. 1 X authentication. • Authentication Method —S elect the us er authentication methods. The options are: - RA D I U S, N o n e —Perf orm por t authentication f irst b[...]
-
Page 351
Secu r ity Configuring 802. 1 X Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 334 17 Configuring U nauthent icated VL ANs When a por t is 802. 1 x-enabled, unauthori zed por ts or device s are not allowed to acce ss a VL AN unle ss the VL AN is a Guest VL AN or an unauthenticat ed VL AN. Y ou can mak e a static VLAN an au th[...]
-
Page 352
Security Configuring 802. 1 X 335 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 • Curren t Port C ontrol —Displa ys the current por t authorization state. If the stat e is Authorized , the por t is either authenticated or the Administrative Por t Control is Fo rc e A ut h or iz e d . Conv ersely , if the stat e is Una[...]
-
Page 353
Secu r ity Configuring 802. 1 X Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 336 17 • Authentication Method —S elect the authentication metho d f or the p or t . The options are: - 802. 1 X Only —802. 1 X authentication is the only authentication method per f orme d on the port . - MA C Only —Port is authenticated b[...]
-
Page 354
Security Configuring 802. 1 X 337 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 • Re sending E AP —Enter the number of se conds that the devic e waits f or a response to an Exte nsible Authentica tion Prot o col (E AP) request /identit y frame fr om the supplicant (client) bef ore resending the request . • Max EAP R[...]
-
Page 355
Secu r ity Configuring 802. 1 X Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 338 17 T o define 802. 1X advanced set tings f or p ort s: STEP 1 Click Secu r i ty > 802. 1 X > Ho st and Se s sion Authentication . 802. 1 X authentication parameters ar e describe d f or all p or ts . All fields e xcept the f ollowing are [...]
-
Page 356
Security Defining T ime R ange s 339 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 - Shutdown —Dis car ds the packets and shuts down the por t . The por ts remains shut down until r eactivated, or until the device is re booted. • Tr a p s (on single host violation)—Select to enable traps. • T rap F requency (on Si[...]
-
Page 357
Secu r ity Denial of S er vice Preven tion Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 340 17 D enial of S er v ic e Preven tion A Denial of S er vic e (DoS) atta ck is a hacker attempt t o mak e a device unavailable to it s u s e rs . DoS at tacks saturate the device with external communication r equests , so that it cann[...]
-
Page 358
Security Denial of Ser vice Preven tion 341 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 • Mar tian Addr e ss es —Mar tian addresse s are illegal fr om the point of view of the IP prot ocol. Se e Ma r ti an Add r esses f or more details. • ICMP Attack —Sending malformed ICMP pack ets or ov er whelming number of I[...]
-
Page 359
Secu r ity Denial of S er vice Preven tion Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 342 17 • Prev ent T CP connections from a specific interface (SYN F iltering page) and rate limit the pack ets (SYN Rat e Pr ot ection page) • Configure the blocking of cer tain ICMP packets (ICMP F ilt ering page) • Discard fragme[...]
-
Page 360
Security Denial of Ser vice Preven tion 343 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 STEP 1 Click Sec ur i ty > Denial of S er vic e Prevention > Se curit y Suite Set tings . The Sec u ri t y S u i te Settin g s displays. CPU Protection Me chanism: Enable d indicates that SCT is enabled. STEP 2 Click Det ai ls [...]
-
Page 361
Secu r ity Denial of S er vice Preven tion Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 344 17 SYN Protec tion The net work por ts might b e used by hackers to attack the device in a S YN attack , which consumes T CP r esources (buf f ers ) and CPU power . Since the CPU is prot ected using SCT , T CP tr af fic t o the CPU i[...]
-
Page 362
Security Denial of Ser vice Preven tion 345 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 • Curren t Sta tus —Int erface status . The pos sible values are: - Nor m al —No attack was identified on this int er face. - Blo cke d — T raf fic is not f or warded on this interface. - At tacked —Attack was identified on[...]
-
Page 363
Secu r ity Denial of S er vice Preven tion Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 346 17 STEP 3 T o ad d a Martian addres s click Add . STEP 4 Enter the paramet ers. • IP V e rsion —Indicat es the suppor ted IP version. Curr ently , suppor t is only o f fe r e d fo r I P v4 . • IP Addres s —Enter an IP address[...]
-
Page 364
Security Denial of Ser vice Preven tion 347 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 - Us er D ef in e d —Enter a por t number . - All P or ts —S elect to indicat e that all por ts ar e filt er ed. STEP 4 Click Apply . The SYN filt er is defined, and the Running Configuration file is updated. SYN Rate Pr otec tio[...]
-
Page 365
Secu r ity Denial of S er vice Preven tion Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 348 17 STEP 4 Click Apply . The SYN rate pr otection is defined, and the Running Configuration is updated. ICMP F iltering The ICMP Fi ltering page enables the bl ocking of ICMP packets fr om cer tain sources. This can r e duce the lo ad[...]
-
Page 366
Security IP S ource Guard 349 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 • Interfac e —Select the inte r face on which the IP fragmentation is being defined. • IP Addres s —Ent er an IP network from which the fragment ed IP packets is filter e d or select All Addres s es to block IP fragmented pack ets fr om al[...]
-
Page 367
Secu r ity IP S ource Guard Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 350 17 - The int er face is DH CP untrusted. All packets on trust e d por ts ar e fo r w a r d e d . • If a por t is DHCP trusted, filt ering of static IP addr es ses can be c onfigured, even though IP Source Guar d is not active in that condition by[...]
-
Page 368
Security IP S ource Guard 351 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 STEP 5 En a b l e I P S o u rc e G u a rd o n t h e u n t r u s te d i n te r f a c e s a s re q u i re d i n t h e S e c u r i t y > I P Source Guard > Int er face S ettings page. STEP 6 V iew entries to the Binding databas e in the Securit[...]
-
Page 369
Secu r ity IP S ource Guard Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 352 17 Binding Da tab as e IP Source Guard uses the DHCP Snoopi ng Binding datab ase to check pack ets from untrust ed por ts . If the device at tempts t o write too man y entries to the DHCP Snooping Binding data base, the excess ive entries are maint[...]
-
Page 370
Security Dyn am ic A RP I nspec t io n 353 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 - No S n o op VL A N —DHCP Snooping is not enable d on the VLAN. - Tr u s t e d Por t —P or t has beco me trust ed. - Res ource Problem — TC AM resources are e xhausted. T o s ee a subs et of these entries , enter the r elevant [...]
-
Page 371
Secu r ity Dynamic A RP I nspection Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 354 17 Hosts A , B, and C are connected to the swi tch on int er faces A , B and C, all of which are on the same subnet . Their IP , MAC addr e sse s are s hown in par entheses ; f or ex ample, Host A uses IP address IA and MAC address MA . Whe[...]
-
Page 372
Security Dyn am ic A RP I nspec t io n 355 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 • If a pack et is valid, it is f or warded and the ARP cache is updated. If the ARP Pack et V alidation option is selected (Pr oper ties page) , the f ollowing additional validation checks are per f orme d: • Sou r ce MA C — Com[...]
-
Page 373
Secu r ity Dynamic A RP I nspection Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 356 17 ARP Insp ec tion W ork Flow T o c onfigur e ARP Inspection: STEP 1 Enable ARP Inspection and configure va rious options in the Security > ARP Inspection > Proper ties page. STEP 2 Configure int er fac es as ARP trust ed or untruste[...]
-
Page 374
Security Dyn am ic A RP I nspec t io n 357 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 - Never — Dis abled SY SL OG dropped packet messag es. STEP 2 Click Apply . The set tings are defined, and the Running Configuration file is updated. Def i n i n g Dy na mi c A R P I n s pect io n I n te rf a ces Se tti ng s Pack et[...]
-
Page 375
Secu r ity Dynamic A RP I nspection Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 358 17 STEP 4 Click Apply . The set tings ar e defined, and the Running Configuration file is updated. D efining ARP Insp e ction A c ce s s C ontr ol Rule s T o a d d m o re ru l e s to a p re v i ou s l y- c re at e d AR P A c c e s s C o n t[...]
-
Page 376
Security Dyn am ic A RP I nspec t io n 359 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17[...]
-
Page 377
18 Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 360 S e curit y : S e cure S ensitive Da ta Man agement Secure Sensitive Data (SS D) is an archit ecture that facilitat es the prot e ction of sensitive data on a dev ice, such as passwo rds and k eys. The facility makes use of passphras es , encr yption, acce ss c ontrol, and[...]
-
Page 378
Security: Secure Sensitive Data Ma nagement SSD R u les 361 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 18 SSD grants read permission to sensitive data on ly to authenticated and authorized users, and according to S SD rules. A device authenticate s and authorizes management access to us ers through the user authentication[...]
-
Page 379
Secu r ity: Sec u r e Sen s it ive Da ta Ma nage m e n t SSD R u les Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 362 18 NOTE A device ma y not suppor t all the channels defined by S SD. Elements of an S SD Rule An SS D rule includes the f ollowing elements: • User t ype— The user t ypes supp or t ed in order of most pr[...]
-
Page 380
Security: Secure Sensitive Data Ma nagement SSD R u les 363 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 18 - (Higher) Plai ntext O nly —Users are permitted to acces s sensitive data i n plainte x t only . Users will also hav e re ad and writ e permis sion to SS D parameters as well. - (Highest) Both —Users hav e both e[...]
-
Page 381
Secu r ity: Sec u r e Sen s it ive Da ta Ma nage m e n t SSD R u les Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 364 18 * The Read mode of a ses sion can be temporarily changed in the SS D Prop er t ie s pa ge i f the new read m od e doe s not violat e the r ead permission. NOTE Not e the f ollowing : • The default Read [...]
-
Page 382
Security: Secure Sensitive Data Ma nagement SSD R u les 365 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 18 NOTE When doing a file transf er initiated by an XM L or SNMP c ommand, the underlying pr otocol used is TF TP . Ther ef ore, the SS D rule f or inse cure channel will apply . SSD Rule s and Us er Authentication S SD [...]
-
Page 383
Secu r ity: Sec u r e Sen s it ive Da ta Ma nage m e n t SSD Proper tie s Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 366 18 The default rules can be mo dified, but they cannot be deleted. If the SS D default rules have been changed, they can be rest ored. SSD D e fault Read Mo de S es sion O verride The system contains se[...]
-
Page 384
Security: Secure Sensitive Data Ma nagement SSD Proper tie s 367 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 18 Pas sphrase A pass phrase is the basis of the securit y mechanism in the S SD f eature, and is used to generat e the ke y f or the encr yption and de cr yption of sensitive data. Sx200 , Sx300 , Sx500 , and S G50[...]
-
Page 385
Secu r ity: Sec u r e Sen s it ive Da ta Ma nage m e n t SSD Proper tie s Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 368 18 automatically changed t o the passphras e in the star tup configuration file, when the star tup configuration be comes the runnin g configuration of the device. When a device is reset to fact or y de[...]
-
Page 386
Security: Secure Sensitive Data Ma nagement Configur a tion Files 369 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 18 A device determines whether th e int egrit y of a confi gurati on file is pr ot ect ed by examining the F il e Int egrit y Control command in the file's SS D Control block . If a file is int egrit y pro[...]
-
Page 387
Secu r ity: Sec u r e Sen s it ive Da ta Ma nage m e n t Configur a tion Files Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 370 18 • A te xt-based configuration that doe s not include an SS D indicator is considered not t o contain sensitive data. • The SS D indicator is used to enf orce SS D read permissions on te xt-b[...]
-
Page 388
Security: Secure Sensitive Data Ma nagement Configur a tion Files 371 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 18 • If there is a pas sphrase in the SS D co ntrol block of the sour ce configuration file, the device will reject the source file, and the copy fails if ther e is encr ypted sensitive data in the file not e[...]
-
Page 389
Secu r ity: Sec u r e Sen s it ive Da ta Ma nage m e n t Configur a tion Files Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 372 18 • Wh en co pi ed f r om a so ur ce fi le, th e co p y will f ail if the passphrase in the source file is in plaint e xt . If the pas sphrase is encr yp t ed, it is ignored. • When directly c[...]
-
Page 390
Security: Secure Sensitive Data Ma nagement Configur a tion Files 373 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 18 • A user with Ex clude permis sion cannot acces s mirror and backup configuration file s with their file SS D indicat or showing either encr ypted or plainte x t sensitive data. The user should not manuall[...]
-
Page 391
Secu r ity: Sec u r e Sen s it ive Da ta Ma nage m e n t SSD Management Channels Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 374 18 If the device creating the configuration fi le is in Unrestrict ed pas sphrase control mode, the devic e includes the pas sphrase in the file. As a result , the us er can auto configure the ta[...]
-
Page 392
Security: Secure Sensitive Data Ma nagement Menu CLI and Passw ord R ec over y 375 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 18 Menu CLI and Pas sword Rec over y The Menu CLI int er face is only allowed to users if their r ead permissions are Both or Plaint e xt Only . O ther users are reject ed. Sensitive data in the Me[...]
-
Page 393
Secu r ity: Sec u r e Sen s it ive Da ta Ma nage m e n t Configuring SSD Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 376 18 STEP 1 Click Secu r i ty > Secu re Sen s it i ve Da ta M a na ge men t > Proper ties . The f ollowing field ap pears : • Current Loc al Passphrase Type —Displays whether the defa ult pass ph[...]
-
Page 394
Security: Secure Sensitive Data Ma nagement Configuring SSD 377 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 18 - Lev e l 1 5 — Indicat es that this rule applies to all users with privile ge level 15. - All— Indicat e s that this rule applies t o all users. • Channel — This defines the se curity level of the input c[...]
-
Page 395
Secu r ity: Sec u r e Sen s it ive Da ta Ma nage m e n t Configuring SSD Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 378 18 • Restore All Rules to D efault— Restor e all user -modified d efault rules to the defaul t rule and r emove all user -defined rules.[...]
-
Page 396
Security: Secure Sensitive Data Ma nagement Configuring SSD 379 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 18[...]
-
Page 397
19 Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 380 S e curit y : S SH Client This section de scrib es the device when it functions as a n SS H client . It covers the f ollowin g t opics : • Se cure Copy (S CP) and S SH • Protection Metho ds • SSH S er ver Authentic a tion • SSH Client Authentic a tion • Be f or e[...]
-
Page 398
Security: SSH Client Pro te c tion Me thods 381 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 19 When files are downloaded via TFTP or HT TP , the data transf er is unsecured. When files are do wnloaded via SCP , the inf ormation is downloaded from the SCP ser ver to the device via a secure channel. The cr eation of this sec[...]
-
Page 399
Secu r ity: SS H Cl ien t Pr o t ec tio n Me th ods Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 382 19 The username/pas swor d must then be creat ed on the device. When data is transf erred from the ser ver t o the device, the username/pas sword supplied by the device must match the username/password on the ser ver . Data [...]
-
Page 400
Security: SSH Client SSH S er ver Authen ticat ion 383 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 19 When a privat e ke y is cr eat ed on a device, it is als o pos sible to cr eate an ass ociat ed passphr ase . This passphrase is us ed to encr ypt the privat e k ey and t o impor t it int o the remaining switches. In this [...]
-
Page 401
Secu r ity: SS H Cl ien t SSH Client Authen tica tion Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 384 19 S SH Client Authen tication SS H client authen tication by pass wor d is enabled by default, with the username/ pas swor d being “anonymous ”. The user must configure the f ollow ing inf ormation f or authentication[...]
-
Page 402
Security: SSH Client Be f ore Y o u Begi n 385 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 19 Be f o r e Y o u Be g i n The f ollowing actions must be per f ormed be f ore using the SCP f eature: • When using the pas swor d authentication method, a username/pas sword must be set up on the S S H ser ver . • When using p[...]
-
Page 403
Secu r ity: SS H Cl ien t Comm on T asks Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 386 19 STEP 4 If the public/private k ey method is being use d, per f orm the f ollowing steps : a. Select whether to use an RS A or D SA key , create a username and then generate the public/privat e k eys. b. V iew the generat ed k ey by [...]
-
Page 404
Security: SSH Client SSH Client Configur a tion Thr ough the GUI 387 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 19 S SH Client Configuration Thr ough the GUI This se ction describ es the pages us ed to configur e the SS H Client f eature. S SH User Authentic a tion Use this page to select an S SH user authentication metho[...]
-
Page 405
Secu r ity: SS H Cl ien t SSH Client Configur a tion Thr ough the GUI Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 388 19 • Ke y S o ur c e —Aut o Generat ed or Us er Defined. • Fin g er p ri nt —Fingerprint generat ed from the k e y . STEP 6 T o handle an RS A or DS A ke y , select ei ther RSA or D S A and per f or[...]
-
Page 406
Security: SSH Client SSH Client Configur a tion Thr ough the GUI 389 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 19 STEP 1 Click Sec ur i ty > SSH C l ie n t > Change User Password on SS H Ser ver . STEP 2 Ent er the f ollowing fi elds: • Serve r Def i n it io n —Define the SS H ser ver by sele cting either By IP[...]
-
Page 407
20 Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 390 S e curit y : S SH S er ver This section de scribe s how to establish an S SH s es sion on the device. It covers the f ollowin g t opics : • O ver view • Common T asks • SSH Se rver Co nf igu ra t i on P ag e s O ver view The SS H Ser ver f eature enables users to cr[...]
-
Page 408
Security: SSH Server Common T asks 391 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 20 C ommon T asks This se ction describ es so me common tasks per f ormed using the S SH S er ver fe a t u r e . W ork flow 1 : T o lo gon to the device o ver S S H using the device ’s automatica lly-created (def ault) ke y , p er form the[...]
-
Page 409
Secu r ity: SS H Serve r SSH Se rver Co n fig ur a t io n P ages Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 392 20 S SH S er ver C onfiguration Pages This section de scribe s the pages used to configure the SSH Serv er fe a t u re . S SH User Authentic a tion Use the S SH User Authentication page to enable SS H user authe[...]
-
Page 410
Security: SSH Server SSH S er ver Configura tion Pages 393 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 20 • SSH Us er Authentication by Password —Select to per form authentication of the SS H client user usin g the username/password configured in the local database (see Def i n i n g U ser s ). • SSH Us er Authentic [...]
-
Page 411
Secu r ity: SS H Serve r SSH Se rver Co n fig ur a t io n P ages Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 394 20 STEP 3 Y ou can per f orm an y of the f ollowing actions : • Generate —Generates a k ey of the selected typ e. • Edit —Enables you to copy in a k ey from another device. • Del e te —Enables you t [...]
-
Page 412
Security: SSH Server SSH S er ver Configura tion Pages 395 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 20[...]
-
Page 413
21 Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 396 Access Co n t r o l The Acce ss C ontr ol List (ACL ) f eature is part of the se curity mechanism. ACL definitions ser ve as one of the mechanisms to define tra ffic f lows that ar e given a specific Quality of Ser vice (QoS) . F or mor e inf ormation see Qualit y of S er [...]
-
Page 414
Access Control Acces s Co n t r ol Li st s 397 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 21 When a pack et mat ches an ACE filt er , the ACE action is tak en and that ACL proces sing is st opped. If the packet does not mat ch the ACE filt er , the ne xt ACE is pr oces sed . If al l AC Es of an A CL ha ve bee n p r ocesse[...]
-
Page 415
Acce ss Cont ro l De fin in g MA C -b ased AC L s Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 398 21 Crea ting A C Ls W orkflow T o creat e ACLs and asso ciat e them with an int er face, per f orm the f ollowing : 1 . Cr eat e one or mor e of the f ollowing typ es of ACLs: a. MAC-base d ACL by using the MAC Based ACL page [...]
-
Page 416
Access Control De f i ni n g M A C- based A C L s 399 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 21 MAC-base d ACLs ar e defined in the MAC Bas ed ACL page. The rule s are defined in the MAC Base d ACE page . T o define a MAC- based ACL: STEP 1 Click A ccess Co n tr o l > MAC-Bas e d A CL . This page contains a list of[...]
-
Page 417
Acce ss Cont ro l De fin in g MA C -b ased AC L s Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 400 21 • Time Range Name —If T ime Range is sele ct ed, sele ct the time range to be used. T ime range s are defined in the Time Range secti on. • Dest i na ti on M A C Add ress —Select Any i f all destination addr es ses [...]
-
Page 418
Access Control IPv4-bas ed ACLs 401 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 21 IP v4-b as e d ACLs IP v 4-b ase d ACLs ar e used to check IP v 4 packets, while other t ype s of frames , such as ARPs, are not checked. The f ollowing fields can b e matched: • IP pr otocol (by name f or well-known prot ocols , or dir ec[...]
-
Page 419
Acce ss Cont ro l IPv4-b ase d A CLs Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 402 21 Adding Rule s (ACEs) to an IP v4-B ase d ACL T o ad d rules (ACEs ) to an IPv 4-base d ACL: STEP 1 Click Acc ess Contr ol > IP v4-B as ed ACE . STEP 2 Select an ACL, and click Go . All cu rr ently-define d IP ACEs f or the sele ct ed[...]
-
Page 420
Access Control IPv4-bas ed ACLs 403 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 21 - UDP —User Datagram Prot ocol - HMP —Host Mapping Prot oc ol - RDP —Reliable Datagram Pr otocol. - IDPR —Inter -Domain Policy Routing Pr ot ocol - IPV 6 —IP v6 over IPv 4 tunneling - IPV 6:ROUT —Matches pack ets belonging t o th[...]
-
Page 421
Acce ss Cont ro l IPv4-b ase d A CLs Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 404 21 NOTE Giv en a mask of 0000 0000 0000 0000 0000 0 000 1111 1111 (which means that you mat ch on the bits wher e there is 0 and don't match on the bits wher e ther e ar e 1's). Y ou nee d t o translat e the 1's t o a decima[...]
-
Page 422
Access Control IPv 6-B ase d A CLs 405 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 21 - IP Precedence t o M at ch —IP precedenc e is a model of T OS (t ype of ser vic e) that the network uses to help pr ovide the appr opriate QoS commitme nts. This mo del uses the 3 mo st significant bits of the ser v ice typ e by te in [...]
-
Page 423
Acce ss Cont ro l IPv6 -B ase d ACLs Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 406 21 NOTE AC Ls are also used as the building elemen ts of flow definitions f or per -flow QoS handling (see QoS Ad va n ced M ode ). Defining an IP v 6 -bas ed A CL T o define an IP v6 -based ACL: STEP 1 Click Acc ess Contr ol > IP v 6-B[...]
-
Page 424
Access Control IPv 6-B ase d A CLs 407 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 21 • Time Range —Select to enable limiting the use of the ACL to a specific time range. • Time Range Name —If T ime Range is sele cted, select the time range t o be use d. T i me ranges ar e des cribed in the Time Range secti on. •[...]
-
Page 425
Acce ss Cont ro l IPv6 -B ase d ACLs Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 408 21 - Range —Sele ct a range of T CP /UDP source por ts to which the packet is matched. • Dest in a tio n Po rt —Select one of the a vailable values . ( They are the same as f or the Source Port field de scribe d above). NOTE Y ou mus[...]
-
Page 426
Access Control Defining ACL Bin ding 409 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 21 D efining ACL Binding When an ACL is bound t o an int er face, its ACE rules ar e applied to packets arriving at that int erface. Pack ets that do not mat ch an y of the ACEs in the A CL are matched t o a default rule, whose action is t[...]
-
Page 427
Acce ss Cont ro l Defining ACL B inding Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 410 21 • Permit Any —Select one of the f ollowing options: - . Dis ab le ( Deny A n y) —If packet does not match an A CL, it is denied (dropped) . - Ena bl e —If pack et does not mat ch an ACL, it is permit t ed (f or war ded) . NOT[...]
-
Page 428
Access Control Defining ACL Bin ding 411 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 21[...]
-
Page 429
22 Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 412 Qualit y of S er vic e The Quality of Ser vice f eatur e is applied throughout the network to ensur e that network traf fic is prioritized according t o required crit eria and the desi r ed traf fic r ece ives pr ef erential tr eatment . This section c overs the f ollowing[...]
-
Page 430
Quality of Service QoS Fea tures and Comp onen ts 413 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 22 Q oS Fe a tures and C omp onents The QoS f eatur e is used to optimiz e network per f ormance. QoS provides the f ollowing : • Clas sification of incoming traffic to traffic clas se s, b ased on at tributes , including: -[...]
-
Page 431
Qualit y of S er vice QoS Fea tures and Comp onents Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 414 22 The header field t o be trusted is ent ered in the Glo bal Set tings page. F or ever y value of that field, an egress queue is as signed where the frame is sent in the CoS/802. 1 p to Queue page or the DSCP to Queue page [...]
-
Page 432
Quality of Service Configuring QoS - General 415 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 22 STEP 3 Assign the sche dule method (Strict Priority or WRR) and bandwidth allocation f or WRR to the egress queue s by using the Queue page. STEP 4 Designate an egr es s queue t o each IP DS CP / T C value with the DS CP to Que [...]
-
Page 433
Qualit y of S er vice Configuring QoS - General Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 416 22 Se tti n g Qo S P r ope rti es To s e l e c t t h e Q o S m o d e : STEP 1 Click Qualit y of Ser vic e > General > QoS P r opert ies . STEP 2 Set the QoS mode. The f ollowing options ar e a vailable: • Disa ble —QoS[...]
-
Page 434
Quality of Service Configuring QoS - General 417 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 22 C onfiguring Qo S Queues The device suppor ts either 4 or 8 queues f or each int er face (select ed in the Syst em Mode and Stack Management page) . Queue number f our or eight is the highest priorit y queue. Queue number one is[...]
-
Page 435
Qualit y of S er vice Configuring QoS - General Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 418 22 - Strict Priorit y — T raf fic scheduling for the selected queue and all higher queues is bas ed strictly on the queue priority . - WRR — T raf fic scheduling f or the selected queue is bas ed on WRR . The period time is [...]
-
Page 436
Quality of Service Configuring QoS - General 419 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 22 D efa ult Ma ppin g for 8 Q ueu es By changing the CoS/802. 1 p to Queue mapping (CoS/802. 1 p to Queue) and the Queue schedule metho d and bandwidth alloca tion (Queue page) , it is pos sible to achieve the desired quality of s[...]
-
Page 437
Qualit y of S er vice Configuring QoS - General Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 420 22 • The device is in Q oS Basic mode and C oS/802. 1 p trusted mode • The device is in Q oS Advanced mode and the packets belong to flows that are CoS/802. 1 p trusted Queue 1 has the lowest priority , queue 4 or 8 has the [...]
-
Page 438
Quality of Service Configuring QoS - General 421 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 22 The f ollowing table s des cribe the default DS CP to queue mapping f o r a 4 and 8 queue systems : T able 4 DSCP to Queue D efault Mapping – 4 Queues System DSCP 63 55 47 39 31 23 15 7 Queue 3343 3 2 1 1 DSCP 62 54 46 38 30 2[...]
-
Page 439
Qualit y of S er vice Configuring QoS - General Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 422 22 Queue 6 6 7 5 4321 DSCP 61 53 45 37 29 21 13 5 Queue 6 6 7 5 4321 DSCP 60 52 44 36 28 20 12 4 Queue 6 6 7 5 4321 DSCP 59 51 43 35 27 19 11 3 Queue 6 6 7 5 4321 DSCP 58 50 42 34 26 18 10 2 Queue 6 6 7 5 4321 DSCP 57 49 41 33 2[...]
-
Page 440
Quality of Service Configuring QoS - General 423 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 22 To m a p D S C P t o q u e u e s : STEP 1 Click Qualit y of Ser vice > General > DS CP to Queue . The DS CP to Queue page contains Ingr es s DS CP . It displa ys the DS CP value in the incoming packet and its associated cl[...]
-
Page 441
Qualit y of S er vice Configuring QoS - General Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 424 22 • Commit te d Burst Size (CB S) is the burst of data that is allowed to be sent , even though it is above the CIR. This is defined in number of by tes of data. T o enter bandwidth limitation: STEP 1 Click Qualit y of Ser vi[...]
-
Page 442
Quality of Service Configuring QoS - General 425 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 22 C onfiguring Egres s Shaping p er Queue In addition t o limiting tra nsmission rate per por t , which is done in the B andwidth page, the device can lim it the transmission ra t e o f se le ct ed egr es si ng fr am es on a per -[...]
-
Page 443
Qualit y of S er vice Configuring QoS - General Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 426 22 Rate limiting per VLAN, per formed in the VLAN Ingres s Rate Limit page, enables traffic limiting on VL ANs . When VLAN ingres s rate limiting is configur ed, it limits aggregat e traffic from all the por ts on the devic e. T[...]
-
Page 444
Quality of Service QoS Ba s i c M od e 427 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 22 T CP C onge stion A voidanc e The T CP C ongestion A voidance page en ables activating a T CP conge stion av oidance algorithm. The algorithm breaks up or a voids T CP globa l synchronization in a congested node, where the congestion [...]
-
Page 445
Qualit y of S er vice QoS Ba s i c M od e Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 428 22 C onfiguring Global S et tings The Global Set tings page contains information f or enabling T rust on the devic e (see the T rust Mo de field below) . This co nfiguration is active when the QoS mode is Basic mod e. P ackets ent eri[...]
-
Page 446
Quality of Service QoS A dv a nced Mod e 429 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 22 Inter face Q oS S et tings The Int er face Set tings page enables configuring QoS on each por t of the device, as f ollows : QoS State Disable d on an In ter face —All inbound traf fic on the por t is mapped to the best ef f ort q[...]
-
Page 447
Qualit y of S er vice QoS A dv a n ced M ode Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 430 22 quality of s er vices . Thus , a policy contains one or more flows, each with a user defined QoS. • The QoS of a clas s map (flow) is enf or ced by the asso ciating policer . There are tw o typ e of policers , single policer a[...]
-
Page 448
Quality of Service QoS A dv a nced Mod e 431 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 22 W orkflow to Co nfigure Advanc e d QoS Mo de T o c onfigure Advanced Q oS mode, pe rform the f ollowing: 1 . Select Advanc ed mode f or the syst em by using the QoS Proper ties page . Sele ct the T rust Mo de using the Global S etti[...]
-
Page 449
Qualit y of S er vice QoS A dv a n ced M ode Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 432 22 • CoS/802. 1 p — T raffic is mapped to queues based on the VPT field in the VLAN tag, or b ased on the p er -p or t default CoS/802. 1 p value (if there is no VLAN tag on the incoming packet), the actual mapping of the VPT t[...]
-
Page 450
Quality of Service QoS A dv a nced Mod e 433 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 22 If the ex c eed action is Out of Profile DSCP , the devic e r emaps the original DS CP value of the out-of-pr ofile IP packets with a new value base d on the Out of Pr ofile DS CP Mapping T able. The device use s the new values to a[...]
-
Page 451
Qualit y of S er vice QoS A dv a n ced M ode Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 434 22 D efining Clas s Mapping A Clas s Map defines a traf fic flow with ACLs (Acces s Control Lists). A MAC ACL, IP ACL, and IP v6 ACL can be combine d int o a class map. Clas s maps are configured t o match pack et criteria on a mat[...]
-
Page 452
Quality of Service QoS A dv a nced Mod e 435 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 22 • MAC —Select the MAC based ACL f or the class map. • Preferr ed ACL —Sele ct whether pack ets are first mat che d to an IP -base d ACL o r a MAC-b as ed ACL . STEP 4 Click Apply . The Running C onfiguration file is updated.[...]
-
Page 453
Qualit y of S er vice QoS A dv a n ced M ode Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 436 22 Each polic er is defined with its own Q oS specificat ion with a combination of the f ollowing param et ers : • A maximum allowed rate, called a Committed Inf ormation Rat e (CIR), measured in Kbps. • An amount of traffic, m[...]
-
Page 454
Quality of Service QoS A dv a nced Mod e 437 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 22 • Ingres s Commit te d Burst Size (CB S) —Ent er the ma ximum burst siz e (ev en if it goe s beyond the CIR) in bytes . See the de scription of this in the Bandwidth page. • Exce ed A ction —Select the action to be p er f or[...]
-
Page 455
Qualit y of S er vice QoS A dv a n ced M ode Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 438 22 STEP 4 Click Apply . The QoS p olicy pr ofile is added, an d the Running Configuration file is updated. Policy Clas s Map s One or mor e class maps can be adde d t o a policy . A clas s map defines the type of packets that ar e [...]
-
Page 456
Quality of Service QoS A dv a nced Mod e 439 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 22 If the new value (0 ..7) is a CoS/802. 1 p priorit y , us e the priority value and the CoS/802. 1 p to Queue T able to det ermine the e gress queue of all the matching pack ets . If the new value (0 ..63) is a DSCP , use the new DS [...]
-
Page 457
Qualit y of S er vice Managing Q oS Sta tis tics Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 440 22 Policy Binding The Policy Binding page shows which policy profile is bound and t o which por t . When a policy profile is bound to a specific por t , it is active on that por t . Only one policy profile can be configured on [...]
-
Page 458
Quality of Service Manag ing QoS Sta tistics 441 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 22 Polic er Statistics A Single Policer is bound to a class map from a single policy . An Aggregate P olicer is bound to one or mo re class maps from one or mor e policies . Viewing Single Polic er Statistics The Single Policer Sta[...]
-
Page 459
Qualit y of S er vice Managing Q oS Sta tis tics Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 442 22 Viewing Aggre ga ted Polic er Statistics T o vi ew aggregat ed pol icer statistic s: STEP 1 Click Qualit y of Ser vic e > QoS Sta ti s t i cs > A gg re gat e Po l ic er S t ati s ti c s . This page displays the f oll o[...]
-
Page 460
Quality of Service Manag ing QoS Sta tistics 443 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 22 - 60 Se c —Statistics are r efr eshed ever y 60 seconds . • Counter S et — The options are: - Set 1 —Displays the stati stics f or S et 1 that contains all int erfaces and queues w ith a h igh D P (Dr op Preced ence). - [...]
-
Page 461
Qualit y of S er vice Managing Q oS Sta tis tics Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 444 22 - Se t 1 —Displays the statistics for Set 1 that contains all inter faces and queues with a high DP (Drop Pr eced ence) . - Se t 2 — Displays the statistics f or S et 2 that contains al l int er faces and queues with a l[...]
-
Page 462
Quality of Service Manag ing QoS Sta tistics 445 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 22[...]
-
Page 463
23 Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 446 SNMP Thi s sec ti on desc ri bes th e Sim pl e Ne two r k Management Pr otocol (S NMP) f e atur e that pr ovides a method f or managing net work devices . It covers the f ollowin g t opics : • SNMP V ersions and Workflow • Model OIDs • SNMP Engine ID • Con fig u r [...]
-
Page 464
SNMP SNMP V ersions and W ork flow 447 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 23 SNMP v1 and v2 T o control acces s to the syst em, a list of communit y entries is define d. Each communit y entr y c onsists of a comm unit y strin g and its acce ss privilege. The system r e sponds only to SNMP mes sage s specif ying th[...]
-
Page 465
SNMP SNMP V ersions and Workflow Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 448 23 If you decide to use S NMP v 1 or v 2: STEP 1 Navigat e to the SNMP -> C ommunities page and click Add . The community can be as sociated with acc es s rights and a view in Ba sic mode or with a group in Advanced mode. There are two ways[...]
-
Page 466
SNMP Model OIDs 449 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 23 STEP 7 Define a notification r ecipient(s ) by us ing the Notification Recipients S NMP v3 page. Supp or te d MIBs F or a list of suppor ted MIBs, visit the f ollowing URL and navigat e t o the download ar ea list ed as Cisco MIB S : ww w .c isco .com / cis[...]
-
Page 467
SNMP SNMP Engine ID Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 450 23 The privat e Object IDs are placed under : enterprises ( 1 ).cis co ( 9).otherEnterprises (6). cisco sb( 1 ).switch001 ( 101 ). SNMP Engine ID The Engine ID is used by S NMPv3 entiti es to uniquely identify them. An SNMP agent is considered an authorita[...]
-
Page 468
SNMP SNMP Engine ID 451 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 23 L ocal inf ormation is stor ed in f our MIB va riable s that are r ead-only ( snmpEngineId, snmpEngineBoots , snmpEngineT ime, and snmpEngineMaxMess ageSiz e). ! CAUT I ON When the engine ID is change d, all configur ed users and groups are erased. T o [...]
-
Page 469
SNMP Configuring SNMP V iews Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 452 23 - Link L o cal — The IP v6 addres s uniquely identifies hosts on a single network link . A link lo cal address has a prefix of FE80 , is not r outable, and can be use d f or c ommunication only on the local net work . Only one link local addr[...]
-
Page 470
SNMP Crea ting SNMP Groups 453 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 23 • Obje ct ID Subtree —Select the node in the MIB tr e e that is included or ex clude d in the selected SNMP view . The options to select the object are as f ollows : - Se lect from list —Enables you t o navigat e the MIB tree. Pr es s the U[...]
-
Page 471
SNMP Crea ting SNMP Groups Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 454 23 • Privacy —SNMP frame s can carr y encr ypted data. Thus, in S NMP v3, there ar e three levels of securit y : • No securit y (No authentication and no privacy) • Authentication (Authentication and no privacy) • Authentication and privac[...]
-
Page 472
SNMP Managing SNMP Users 455 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 23 - Auth en tica ti on a nd P rivac y —Authenticat es SNMP me ssage s, and encr ypts them. • View —As so ciating a view wi th the r ead, writ e, and notify acce ss privilege s of the group limits the scope of the MIB tree t o which the gr oup h[...]
-
Page 473
SNMP Managing SNMP Us ers Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 456 23 T o disp la y S NMP users and define new ones : STEP 1 Click SNMP > Us ers . This page contains existing users. STEP 2 Click Add. This page provides inf ormation f or assigning S NMP acc es s control privileges to SNM P use rs. STEP 3 Enter the[...]
-
Page 474
SNMP Defining SNMP Communit ies 457 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 23 • Authentication Password —If authentication is accomplished by either a MD5 or a SHA pas sword, ent er the local user pas swor d in either Encr ypted or Plain te xt . Local user pas swords ar e compared to the local databas e. and can c[...]
-
Page 475
SNMP Defining SNMP Communities Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 458 23 T o define S NMP communitie s: STEP 1 Click SNMP > Com m un it ies . This page contains a table of c onfigur ed SNM P communities and their proper ties . STEP 2 Click Add. This page enables net work managers t o define and configure new SN[...]
-
Page 476
SNMP De f i ni n g T r a p Se ttin gs 459 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 23 Read Writ e—Management acc es s is r ead-writ e. Change s can be made to the dev ice configuration, but no t to the community . SN MP Admin—User has acce ss to all device configuration options , as well as permis sions to modify th[...]
-
Page 477
SNMP Notifi ca tion R ecipients Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 460 23 Notific a tion Re cipients T rap me ssage s ar e generat ed to r epor t syst em events, as defined in RFC 1215. The system can generat e traps defined in the MIB that it supp or ts. T rap receivers (aka Notification Recipients) are network n[...]
-
Page 478
SNMP Notifica tion Recipients 461 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 23 • IP V ersion —S elect either IP v 4 or IPv6. • IP v 6 Addres s Typ e —Select either Link L o cal or Glo ba l . - Link L ocal — The IP v6 address uniquely identifie s hosts on a single network link . A link local address has a prefix[...]
-
Page 479
SNMP Notifi ca tion R ecipients Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 462 23 D efining SNMP v3 Notification Recipients T o define a recipient in S NMP v3: STEP 1 Click SNMP > Notific a tion Recipients SNMP v3 . This page contains recipients f or SNMP v3. STEP 2 Click Add. STEP 3 Enter the paramet ers. • Ser ver [...]
-
Page 480
SNMP SNMP Notifi ca tion F ilters 463 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 23 • User Name —Sele ct from the dr op-down list the user to whom SNMP notifications ar e sent . In order t o r eceive notifications , this user must be defined on the SN MP User page, and its engine ID must be r emot e. • Secu rity L e[...]
-
Page 481
SNMP SNMP Notification F ilters Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 464 23 T o define a notification filter : STEP 1 Click SNMP > Notific a tion Filter . The Notification Filt er page contains no tification inf o rmation f or each filter . The table is able to filt er notification entries by Filt er Name. STEP 2[...]
-
Page 482
SNMP SNMP Notifi ca tion F ilters 465 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 23[...]
-
Page 483
© 2010-2013 Cisc o Syst ems, Inc. All rights reser ved. 78- 19308- 01 Cisco and the Cisco logo are trademarks or registere d trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a li st of Cisco trademarks, go to this URL: www.cisco.co m/go/trademarks. Thir d-party trademarks me ntioned are t he property o f their res[...]