Cisco 200 - Manuals

1 Cisco Small Business 200 Series Smart Switch Administration Guide 1 Getting Started This section provides an introduction to the web-based configuration utility, and covers the following topics: • Starting the Web-based Configuration Utility • Quick Start Device Configuration • Interface Naming Co...

Getting Started Starting the Web-based Configuration Utility Cisco Small Business 200 Series Smart Switch Administration Guide 2 1 Launching the Configuration Utility To open the web-based configuration utility: STEP 1 Open a Web browser. STEP 2 Enter the IP address of the device you are configuring...

Getting Started Starting the Web-based Configuration Utility 3 Cisco Small Business 200 Series Smart Switch Administration Guide 1 STEP 3 If this is the first time that you logged on with the default user ID ( cisco ) and the default password ( cisco ) or your password has expired, the Change Passwo...

Getting Started Starting the Web-based Configuration Utility Cisco Small Business 200 Series Smart Switch Administration Guide 4 1 Logging Out By default, the application logs out after ten minutes of inactivity. You can change this default value as described in the Defining Idle Session Timeout sec...

Getting Started Quick Start Device Configuration 5 Cisco Small Business 200 Series Smart Switch Administration Guide 1 Quick Start Device Configuration To simplify device configuration through quick navigation, the Getting Started page provides links to the most commonly used pages. There are two ho...

Getting Started Interface Naming Conventions Cisco Small Business 200 Series Smart Switch Administration Guide 6 1 • Type of interface: The following types of interfaces are found on the various types of devices: - Fast Ethernet (10/100 bits) —These are displayed as FE . - Gigabit Ethernet ports (10...

Getting Started Window Navigation 7 Cisco Small Business 200 Series Smart Switch Administration Guide 1 Window Navigation This section describes the features of the web-based switch configuration utility. Application Header The Application Header appears on every page. It provides the following appl...

Getting Started Window Navigation Cisco Small Business 200 Series Smart Switch Administration Guide 8 1 Language Menu This menu provides the following options: • Select a language: Select one of the languages that appear in the menu. This language will be the web-based configuration utility language...

Getting Started Window Navigation 9 Cisco Small Business 200 Series Smart Switch Administration Guide 1 Management Buttons The following table describes the commonly-used buttons that appear on various pages in the system. Management Buttons Button Name Description Use the pull-down menu to configur...

Getting Started Window Navigation Cisco Small Business 200 Series Smart Switch Administration Guide 10 1 Copy Settings A table typically contains one or more entries containing configuration settings. Instead of modifying each entry individually, it is possible to modify one entry and then copy the ...

2 Cisco Small Business 200 Series Smart Switch Administration Guide 12 Status and Statistics This section describes how to view device statistics. It covers the following topics: • Viewing Ethernet Interfaces • Viewing Etherlike Statistics • Viewing 802.1X EAP Statistics • Managing RMON Viewing Ethe...

Status and Statistics Viewing Etherlike Statistics 13 Cisco Small Business 200 Series Smart Switch Administration Guide 2 - 60 Sec —Statistics are refreshed every 60 seconds. The Receive Statistics area displays information about incoming packets. • Total Bytes (Octets) —Octets received, including b...

Status and Statistics Viewing 802.1X EAP Statistics Cisco Small Business 200 Series Smart Switch Administration Guide 14 2 • Interface —Select the type of interface and specific interface for which Ethernet statistics are to be displayed. • Refresh Rate —Select the amount of time that passes before ...

Status and Statistics Managing RMON Cisco Small Business 200 Series Smart Switch Administration Guide 16 2 Managing RMON RMON (Remote Networking Monitoring) is an SNMP specification that enables an SNMP agent in the device to proactively monitor traffic statistics over a given period and send traps ...

Status and Statistics Managing RMON Cisco Small Business 200 Series Smart Switch Administration Guide 18 2 • Collisions —Number of collisions received. If Jumbo Frames are enabled, the threshold of Jabber Frames is raised to the maximum size of Jumbo Frames. • Frames of 64 Bytes —Number of frames, c...

Status and Statistics Managing RMON 19 Cisco Small Business 200 Series Smart Switch Administration Guide 2 To enter RMON control information: STEP 1 Click Status and Statistics > RMON > History . The fields displayed on this page are defined in the Add RMON History page, below . The only field...

Status and Statistics Managing RMON Cisco Small Business 200 Series Smart Switch Administration Guide 20 2 The fields are displayed for the selected sample. • Owner —History table entry owner. • Sample No. —Statistics were taken from this sample. • Drop Events —Dropped packets due to lack of network...

Status and Statistics Managing RMON Cisco Small Business 200 Series Smart Switch Administration Guide 22 2 Viewing the RMON Events Logs The Event Log Table page displays the log of events (actions) that occurred. Two types of events can be logged: Log or Log and Trap . The action in the event is per...

Status and Statistics Managing RMON Cisco Small Business 200 Series Smart Switch Administration Guide 24 2 • Interval —Enter the alarm interval time in seconds. • Owner —Enter the name of the user or network management system that receives the alarm. STEP 4 Click Apply . The RMON alarm is saved to t...

3 Cisco Small Business 200 Series Smart Switch Administration Guide 26 Administration: System Log This section describes the System Log feature, which enables the device to generate several independent logs. Each log is a set of messages describing system events. The device generates the following l...

Administration: System Log Setting Remote Logging Settings Cisco Small Business 200 Series Smart Switch Administration Guide 28 3 • Originator Identifier —Enables adding an origin identifier to SYSLOG messages. The options are: - None —Do not include the origin identifier in SYSLOG messages. - Hostn...

Administration: System Log Viewing Memory Logs 29 Cisco Small Business 200 Series Smart Switch Administration Guide 3 - Link Local —The IPv6 address uniquely identifies hosts on a single network link. A link local address has a prefix of FE80 , is not routable, and can be used for communication only...

4 Cisco Small Business 200 Series Smart Switch Administration Guide 32 Administration: File Management This section describes how system files are managed. The following topics are covered: • System Files • Upgrade/Backup Firmware/Language • Download/Backup Configuration/Log • Configuration Files Pr...

Administration: File Management System Files 33 Cisco Small Business 200 Series Smart Switch Administration Guide 4 When a configuration is referenced on the device, it is referenced by its configuration file type (such as Star tup Configuration or Running Configuration) , as opposed to a file name ...

Administration: File Management System Files Cisco Small Business 200 Series Smart Switch Administration Guide 34 4 Only the system can copy the Startup Configuration to the Mirror Configuration. However, you can copy from the Mirror Configuration to other file types or to another device. The option...

Administration: File Management Upgrade/Backup Firmware/Language Cisco Small Business 200 Series Smart Switch Administration Guide 36 4 Upgrade/Backing Firmware or Language File To upgrade or backup a software image or language file: STEP 1 Click Administration > File Management > Upgrade/Back...

Administration: File Management Upgrade/Backup Firmware/Language 37 Cisco Small Business 200 Series Smart Switch Administration Guide 4 • Link Local Interface —Select the link local interface (if IPv6 is used) from the list. • TFTP Server IP Address/Name —Enter the IP address or the domain name of t...

Administration: File Management Download/Backup Configuration/Log 39 Cisco Small Business 200 Series Smart Switch Administration Guide 4 • If SSH server authentication is not enabled, the operation succeeds for any SCP server. Download/Backup Configuration/Log The Download/Backup Configuration/Log p...

Administration: File Management Download/Backup Configuration/Log Cisco Small Business 200 Series Smart Switch Administration Guide 40 4 Otherwise, if the System mode is changed, the following cases are possible: - If the configuration file is downloaded onto the device (using the Download/Backup Co...

Administration: File Management Download/Backup Configuration/Log 41 Cisco Small Business 200 Series Smart Switch Administration Guide 4 - Global —The IPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks. d. Link-Local Interface —Select the link local interfac...

Administration: File Management Copy/Save Configuration 45 Cisco Small Business 200 Series Smart Switch Administration Guide 4 ITo set whether mirror configuration files will be created, clear configuration files and see when configuration files were created: STEP 1 Click Administration > File Ma...

Administration: File Management DHCP Auto Configuration 47 Cisco Small Business 200 Series Smart Switch Administration Guide 4 DHCP Auto Configuration Auto configuration enables passing configuration information to hosts on a TCP/IP network. Based on this protocol, the Auto Configuration feature ena...

Administration: File Management DHCP Auto Configuration Cisco Small Business 200 Series Smart Switch Administration Guide 48 4 DHCP Server Options DHCP messages might contain the configuration server name/address and the configuration file name/path (these are optional options). These options are fo...

Administration: File Management DHCP Auto Configuration 49 Cisco Small Business 200 Series Smart Switch Administration Guide 4 NOTE The SSH Client authentication parameters can also be used when downloading a file for manual download (a download that is not performed through the DHCP Auto Configurat...

Administration: File Management DHCP Auto Configuration Cisco Small Business 200 Series Smart Switch Administration Guide 50 4 - The SSH Server is configured in the SSH Trusted Servers list. If the SSH server authentication process is enabled, and the SSH server is not found in the SSH Trusted Serve...

5 Cisco Small Business 200 Series Smart Switch Administration Guide 54 Administration: General Information This section describes how to view system information and configure various options on the device. It covers the following topics: • Device Models • System Information • Rebooting the Device • ...

Administration: General Information Device Models 55 Cisco Small Business 200 Series Smart Switch Administration Guide 5 The following table describes the various models, the number and type of ports on them and their PoE information. Smart Switch Models Model Name Product ID (PID) Description of Po...

Administration: General Information System Information Cisco Small Business 200 Series Smart Switch Administration Guide 56 5 System Information The System Summary page provides a graphic view of the device, and displays device status, hardware information, firmware version information, general PoE ...

Administration: General Information System Information 57 Cisco Small Business 200 Series Smart Switch Administration Guide 5 • HTTPS Service —Displays whether HTTPS is enabled/disabled. • SNMP Service —Displays whether SNMP is enabled/disabled. Other Summary Information: • Model Description —Device...

Administration: General Information Rebooting the Device 59 Cisco Small Business 200 Series Smart Switch Administration Guide 5 • Reboot —Reboots the device. Since any unsaved information in the Running Configuration is discarded when the device is rebooted, you must click Save in the upper-right co...

Administration: General Information Monitoring Fan Status Cisco Small Business 200 Series Smart Switch Administration Guide 60 5 Monitoring Fan Status The Health page displays the fan status on all devices with fans. Depending on the model, there are one or more fans on a device. Some models have no...

Administration: General Information Defining Idle Session Timeout 61 Cisco Small Business 200 Series Smart Switch Administration Guide 5 To view the device health parameters, click Status and Statistics > Health . The Health page displays the following fields: • Fan Status —Fan status. The follow...

Administration: General Information Pinging a Host Cisco Small Business 200 Series Smart Switch Administration Guide 62 5 Pinging a Host Ping is a utility used to test if a remote host can be reached and to measure the round-trip time for packets sent from the device to a destination device. Ping op...

Administration: General Information Pinging a Host 63 Cisco Small Business 200 Series Smart Switch Administration Guide 5 • Status —Displays whether the ping succeeded or failed. STEP 3 Click Activate Ping to ping the host. The ping status appears and another message is added to the list of messages...

6 Cisco Small Business 200 Series Smart Switch Administration Guide 64 Administration: Time Settings Synchronized system clocks provide a frame of reference between all devices on the network. Network time synchronization is critical because every aspect of managing, securing, planning, and debuggin...

Administration: Time Settings System Time Options 65 Cisco Small Business 200 Series Smart Switch Administration Guide 6 System Time Options System time can be set manually by the user, dynamically from an SNTP server, or synchronized from the PC running the GUI. If an SNTP server is chosen, the man...

Administration: Time Settings SNTP Modes Cisco Small Business 200 Series Smart Switch Administration Guide 66 6 Time Zone and Daylight Savings Time (DST ) The Time Zone and DST can be set on the device in the following ways: • Dynamic configuration of the device through a DHCP server, where: - Dynam...

Administration: Time Settings Configuring System Time 67 Cisco Small Business 200 Series Smart Switch Administration Guide 6 Configuring System Time Selecting Source of System Time Use the System Time page to select the system time source. If the source is manual, you can enter the time here. ! CAUT...

Administration: Time Settings Configuring System Time Cisco Small Business 200 Series Smart Switch Administration Guide 68 6 Manual Settings —Set the date and time manually. The local time is used when there is no alternate source of time, such as an SNTP server: • Date —Enter the system date. • Loc...

Administration: Time Settings Configuring System Time 69 Cisco Small Business 200 Series Smart Switch Administration Guide 6 - From —Day and time that DST starts. - To —Day and time that DST ends. Selecting Recurring allows different customization of the start and stop of DST: • From —Date when DST ...

Administration: Time Settings Configuring System Time Cisco Small Business 200 Series Smart Switch Administration Guide 70 6 • Poll Interval —Displays whether polling is enabled or disabled. • Authentication Key ID —Key Identification used to communicate between the SNTP server and device. • Stratum...

Administration: Time Settings Configuring System Time Cisco Small Business 200 Series Smart Switch Administration Guide 72 6 Configuring the SNTP Mode The device can be in active and/or passive mode (see SNTP Modes for more information). To enable receiving SNTP packets from all servers on the subne...

7 Cisco Small Business 200 Series Smart Switch Administration Guide 74 Administration: Diagnostics This section contains information for configuring port mirroring, running cable tests, and viewing device operational information. It covers the following topics: • Testing Copper Ports • Displaying Op...

Administration: Diagnostics Displaying Optical Module Status Cisco Small Business 200 Series Smart Switch Administration Guide 76 7 If the port being tested is a Giga port, the Advanced Information block contains the following information, which is refreshed each time you enter the page: • Cable Len...

Administration: Diagnostics Configuring Port and VL AN Mirroring 77 Cisco Small Business 200 Series Smart Switch Administration Guide 7 • MGBLH1: 1000BASE-LH SFP transceiver, for single-mode fiber, 1310 nm wavelength, supports up to 40 km. • MGBLX1: 1000BASE-LX SFP transceiver, for single-mode fiber...

Administration: Diagnostics Viewing CPU Utilization and Secure Core Technology 79 Cisco Small Business 200 Series Smart Switch Administration Guide 7 - Rx Only —Port mirroring on incoming packets. - Tx Only —Port mirroring on outgoing packets. - Tx and Rx —Port mirroring on both incoming and outgoin...

8 Cisco Small Business 200 Series Smart Switch Administration Guide 80 Administration: Discovery This section provides information for configuring Discovery. It covers the following topics: • Configuring Bonjour Discovery • LLDP and CDP • Configuring LLDP • Configuring CDP Configuring Bonjour Discov...

Administration: Discovery LLDP and CDP 81 Cisco Small Business 200 Series Smart Switch Administration Guide 8 By default, Bonjour is enabled on all interfaces that are members of the Management VLAN. To globally enable Bonjour: STEP 1 Click Administration > Discovery - Bonjour . STEP 2 Select Ena...

Administration: Discovery Configuring LLDP Cisco Small Business 200 Series Smart Switch Administration Guide 82 8 • Auto Smartport requires CDP and/or LLDP to be enabled. Auto Smartport automatically configures an interface based on the CDP/LLDP advertisement received from the interface. • CDP and L...

Administration: Discovery Configuring LLDP 83 Cisco Small Business 200 Series Smart Switch Administration Guide 8 • Configuring LLDP MED Port Settings • Displaying LLDP Port Status • Displaying LLDP Local Information • Displaying LLDP Neighbors Information • Accessing LLDP Statistics • LLDP Overload...

Administration: Discovery Configuring LLDP Cisco Small Business 200 Series Smart Switch Administration Guide 84 8 3. Create LLDP MED network policies by using the LLDP MED Network Policy page. 4. Associate LLDP MED network policies and the optional LLDP-MED TLVs to the desired interfaces by using th...

Administration: Discovery Configuring LLDP 85 Cisco Small Business 200 Series Smart Switch Administration Guide 8 • Transmit Delay —Enter the amount of time in seconds that passes between successive LLDP frame transmissions due to changes in the LLDP local systems MIB. STEP 3 In the Fast Start Repea...

Administration: Discovery Configuring LLDP Cisco Small Business 200 Series Smart Switch Administration Guide 86 8 The time interval between notifications is entered in the Topology Change SNMP Notification Interval field in the LLDP Properties page. Define SNMP Notification Recipients by using the S...

Administration: Discovery Configuring LLDP 87 Cisco Small Business 200 Series Smart Switch Administration Guide 8 lowest IP address among the dynamic IP addresses. If there are no dynamic addresses, the software chooses the lowest IP address among the static IP addresses. - None —Do not advertise th...

Administration: Discovery Configuring LLDP Cisco Small Business 200 Series Smart Switch Administration Guide 88 8 Setting LLDP MED Network Policy An LLDP-MED network policy is a related set of configuration settings for a specific real-time application such as voice, or video. A network policy, if c...

Administration: Discovery Configuring LLDP 89 Cisco Small Business 200 Series Smart Switch Administration Guide 8 • VLAN Tag —Select whether the traffic is Tagged or Untagged. • User Priority —Select the traffic priority applied to traffic defined by this network policy. This is the CoS value. • DSC...

Administration: Discovery Configuring LLDP Cisco Small Business 200 Series Smart Switch Administration Guide 90 8 • SNMP Notification —Select whether SNMP notification is sent on a per-port basis when an end station that supports MED is discovered; for example a SNMP managing system, when there is a...

Administration: Discovery Configuring LLDP 91 Cisco Small Business 200 Series Smart Switch Administration Guide 8 • Chassis ID Subtype —Type of chassis ID (for example, MAC address). • Chassis ID —Identifier of chassis. Where the chassis ID subtype is a MAC address, the MAC address of the device app...

Administration: Discovery Configuring LLDP 93 Cisco Small Business 200 Series Smart Switch Administration Guide 8 • Auto-Negotiation Advertised Capabilities —Port speed auto-negotiation capabilities; for example, 1000BASE-T half duplex mode, 100BASE-TX full duplex mode. • Operational MAU Type —Mediu...

Administration: Discovery Configuring LLDP Cisco Small Business 200 Series Smart Switch Administration Guide 94 8 - Endpoint Class 1 —Indicates a generic endpoint class, offering basic LLDP services. - Endpoint Class 2 —Indicates a media endpoint class, offering media streaming capabilities, as well...

Administration: Discovery Configuring LLDP 95 Cisco Small Business 200 Series Smart Switch Administration Guide 8 - Untagged —Indicates the network policy is defined for untagged VLANs. • User Priority —Network policy user priority. • DSCP —Network policy DSCP. Displaying LLDP Neighbors Information ...

Administration: Discovery Configuring LLDP Cisco Small Business 200 Series Smart Switch Administration Guide 96 8 Basic Details • Chassis ID Subtype —Type of chassis ID (for example, MAC address). • Chassis ID —Identifier of the 802 LAN neighboring device chassis. • Port ID Subtype —Type of the port...

Administration: Discovery Configuring LLDP Cisco Small Business 200 Series Smart Switch Administration Guide 98 8 MED Details • Capabilities Supported —MED capabilities enabled on the port. • Current Capabilities —MED TLVs advertised by the port. • Device Class —LLDP-MED endpoint device class. The p...

Administration: Discovery Configuring LLDP 99 Cisco Small Business 200 Series Smart Switch Administration Guide 8 • Enabled —Enabled Port and Protocol VLAN IDs. VL AN IDs • VID —Port and Protocol VLAN ID. • VLAN Names —Advertised VLAN names. Protocol IDs • Protocol ID Table —Advertised protocol IDs....

Administration: Discovery Configuring LLDP Cisco Small Business 200 Series Smart Switch Administration Guide 100 8 STEP 1 Click Administration > Discovery - LLDP > LLDP Statistics . For each port, the fields are displayed: • Interface —Identifier of interface. • Tx Frames Total —Number of tran...

Administration: Discovery Configuring CDP Cisco Small Business 200 Series Smart Switch Administration Guide 102 8 • LLDP Optional TLVs - Size (Bytes) —Total LLDP MED optional TLVs packets byte size. - Status —If the LLDP MED optional TLVs packets were sent, or if they were overloaded. • LLDP MED Inv...

Administration: Discovery Configuring CDP 103 Cisco Small Business 200 Series Smart Switch Administration Guide 8 CDP Configuration Workflow The followings is sample workflow in configuring CDP on the device. You can also find additional CDP configuration guidelines in the LLDP/CDP section. STEP 1 E...

Administration: Discovery Configuring CDP 105 Cisco Small Business 200 Series Smart Switch Administration Guide 8 Editing CDP Interface Settings Use the Interface Settings page to activate LLDP and remote log server notification per port, and to select the TLVs included in LLDP PDUs. By setting thes...

Administration: Discovery Configuring CDP Cisco Small Business 200 Series Smart Switch Administration Guide 106 8 • Syslog Voice VLAN Mismatch —Select to enable the option of sending a SYSLOG message when a voice VLAN mismatch is detected This means that the voice VLAN information in the incoming fr...

Administration: Discovery Configuring CDP Cisco Small Business 200 Series Smart Switch Administration Guide 108 8 - Request ID—Last power request ID received echoes the Request-ID field last received in a Power Requested TLV. It is 0 if no Power Requested TLV was received since the interface last tr...

Administration: Discovery Configuring CDP Cisco Small Business 200 Series Smart Switch Administration Guide 110 8 Viewing CDP Statistics The CDP Statistics page displays information regarding Cisco Discovery Protocol (CDP) frames that were sent or received from a port. CDP packets are received from ...

9 Cisco Small Business 200 Series Smart Switch Administration Guide 112 Port Management This section describes port configuration, link aggregation, and the Green Ethernet feature. It covers the following topics: • Configuring Ports • Setting Port Configuration • Configuring Link Aggregation • Confi...

Port Management Setting Port Configuration 113 Cisco Small Business 200 Series Smart Switch Administration Guide 9 Setting Port Configuration The Port Settings page displays the global and per port setting of all the ports. This page enables you to select and configure the desired ports from the Edi...

Port Management Setting Port Configuration 115 Cisco Small Business 200 Series Smart Switch Administration Guide 9 - 1000 Full —1000 Mbps speed and Full Duplex mode. • Operational Advertisement —Displays the capabilities currently published to the ports neighbor. The possible options are those speci...

Port Management Configuring Link Aggregation Cisco Small Business 200 Series Smart Switch Administration Guide 116 9 Configuring Link Aggregation This section describes how to configure LAGs. It covers the following topics: • Link Aggregation Overview • Static and Dynamic LAG Workflow • Defining LAG...

Port Management Configuring Link Aggregation 117 Cisco Small Business 200 Series Smart Switch Administration Guide 9 The device supports two modes of load balancing: • By MAC Addresses—Based on the destination and source MAC addresses of all packets. • By IP and MAC Addresses—Based on the destinatio...

Port Management Configuring Link Aggregation Cisco Small Business 200 Series Smart Switch Administration Guide 118 9 Static and Dynamic LAG Workflow After a LAG has been manually created, LACP cannot be added or removed until the LAG is edited and a member is removed. Only then the LACP button becom...

Port Management Configuring Link Aggregation 119 Cisco Small Business 200 Series Smart Switch Administration Guide 9 STEP 3 Click Apply . The Load Balance Algorithm is saved to the Running Configuration file. To define the member or candidate ports in a LAG. STEP 1 Select the LAG to be configured, a...

Port Management Configuring Link Aggregation 121 Cisco Small Business 200 Series Smart Switch Administration Guide 9 Configuring LACP A dynamic LAG is LACP-enabled, and LACP is run on every candidate port defined in the LAG. LACP Priority and Rules LACP system priority and LACP port priority are bot...

Port Management Configuring Link Aggregation Cisco Small Business 200 Series Smart Switch Administration Guide 122 9 However, there are cases when one link partner is temporarily not configured for LACP. One example for such case is when the link partner is on a device, which is in the process of re...

Port Management Configuring Green Ethernet 123 Cisco Small Business 200 Series Smart Switch Administration Guide 9 STEP 5 Click Apply . The Running Configuration file is updated. Configuring Green Ethernet This section describes the Green Ethernet feature that is designed to save power on the device...

Port Management Configuring Green Ethernet Cisco Small Business 200 Series Smart Switch Administration Guide 124 9 In addition to the above Green Ethernet features, the 802.3az Energy Efficient Ethernet (EEE) is found on devices supporting GE ports. EEE reduces power consumption when there is no tra...

Port Management Configuring Green Ethernet 125 Cisco Small Business 200 Series Smart Switch Administration Guide 9 802.3az Energy Efficient Ethernet Feature This section describes the 802.3az Energy Efficient Ethernet (EEE) feature. It covers the following topics: • 802.3az EEE Overview • Advertise ...

Port Management Configuring Green Ethernet 127 Cisco Small Business 200 Series Smart Switch Administration Guide 9 802.3az EEE Configuration Workflow This section describes how to configure the 802.3az EEE feature and view its counters. STEP 1 Ensure that auto-negotiation is enabled on the port by o...

Port Management Configuring Green Ethernet Cisco Small Business 200 Series Smart Switch Administration Guide 128 9 • Energy Detect Mode —Disabled by default. Click the checkbox to enable. • Short Reach —Globally enable or disable Short Reach mode if there are GE ports on the device. NOTE If Short Re...

10 Cisco Small Business 200 Series Smart Switch Administration Guide 132 Smartport This document describes the Smartports feature. It contains the following topics: • Overview • What is a Smartport • Smartport Types • Smartport Macros • Macro Failure and the Reset Operation • How the Smartport Featu...

Smartport What is a Smartport 133 Cisco Small Business 200 Series Smart Switch Administration Guide 10 There are two ways to apply a Smartport macro by Smartport type to an interface: • Static Smartport —You manually assign a Smartport type to an interface. The result is the corresponding Smartport ...

Smartport Smartport Types Cisco Small Business 200 Series Smart Switch Administration Guide 134 10 • Desktop • Guest • Server • Host • IP Camera • IP phone • IP Phone+Desktop • Switch • Router • Wireless Access Point Smartport types are named so that they describe the type of device connected to an ...

Smartport Smartport Types 135 Cisco Small Business 200 Series Smart Switch Administration Guide 10 Special Smartport Types There are two special Smartport types; default and unknown . These two types are not associated with macros, but they exist to signify the state of the interface regarding Smart...

Smartport Smartport Macros Cisco Small Business 200 Series Smart Switch Administration Guide 136 10 NOTE Throughout this section, the term “aged out” is used to describe the LLDP and CDP messages via their TTL. If Auto Smartport is enabled, and persistent status is disabled, and no more CDP or LLDP ...

Smartport Macro Failure and the Reset Operation 137 Cisco Small Business 200 Series Smart Switch Administration Guide 10 • If the Startup Configuration File specifies a static Smartport type, the Smartport type of the interface is set to this static type. • If the Startup Configuration File specifie...

Smartport How the Smartport Feature Works Cisco Small Business 200 Series Smart Switch Administration Guide 138 10 How the Smartport Feature Works You can apply a Smartport macro to an interface by the Smartport type associated with the macro. Because support is provided for Smartport types which co...

Smartport Auto Smartport 139 Cisco Small Business 200 Series Smart Switch Administration Guide 10 • If a device is aged out (no longer receiving advertisements from other devices), the interface configuration is changed according to its Persistent Status. If the Persistent Status is enabled, the int...

Smartport Auto Smartport 141 Cisco Small Business 200 Series Smart Switch Administration Guide 10 NOTE If only the IP Phone and Host bits are set, then the Smartport type is ip_phone_desktop. Multiple Devices Attached to the Port The device derives the Smartport type of a connected device via the ca...

Smartport Error Handling Cisco Small Business 200 Series Smart Switch Administration Guide 142 10 For more information about LLDP/CDP refer to the Configuring LLDP and Configuring CDP sections, respectively. Persistent Auto Smartport Interface If the Persistent status of an interface is enabled, its...

Smartport Relationships with Other Features and Backwards Compatibility 143 Cisco Small Business 200 Series Smart Switch Administration Guide 10 Relationships with Other Features and Backwards Compatibility Auto Smartport is enabled by default and may be disabled. Telephony OUI cannot function concu...

Smartport Common Smartport Tasks Cisco Small Business 200 Series Smart Switch Administration Guide 144 10 Workflow2: To configure an interface as a static Smar tpor t, perform the following steps: STEP 1 To enable the Smartport feature on the interface, open the Smartport > Interface Settings pag...

Smartport Configuring Smartport Using The Web-based Interface 145 Cisco Small Business 200 Series Smart Switch Administration Guide 10 Workflow4: To rerun a Smar tpor t macro after it has failed, perform the following steps: STEP 1 In the Interface Settings page, select an interface with Smartport t...

Smartport Configuring Smartport Using The Web-based Interface Cisco Small Business 200 Series Smart Switch Administration Guide 146 10 Smartport Properties To configure the Smartport feature globally: STEP 1 Click Smartport > Properties . STEP 2 Enter the parameters. • Administrative Auto Smartpo...

Smartport Configuring Smartport Using The Web-based Interface 147 Cisco Small Business 200 Series Smart Switch Administration Guide 10 Smartport Type Settings Use the Smartport Type Settings page to edit the Smartport Type settings and view the Macro Source. By default, each Smartport type is associ...

Smartport Configuring Smartport Using The Web-based Interface Cisco Small Business 200 Series Smart Switch Administration Guide 148 10 currently assigned with the Smartport type by Auto Smartport. Auto Smartport does not apply the changes to interfaces that were statically assigned a Smartport type....

Smartport Built-in Smartport Macros Cisco Small Business 200 Series Smart Switch Administration Guide 150 10 • Smartport Type —Displays the Smartport type currently assigned to the port/LAG. • Smartport Application —Select the Smartport type from the Smartport Application pull-down. • Smartport Appl...

Smartport Built-in Smartport Macros Cisco Small Business 200 Series Smart Switch Administration Guide 152 10 [no_desktop] #macro description No Desktop # no smartport switchport trunk native vlan smartport switchport trunk allowed vlan remove all # no port security no port security mode no port secu...

Smartport Built-in Smartport Macros 153 Cisco Small Business 200 Series Smart Switch Administration Guide 10 # no switchport access vlan no switchport mode # no port security no port security mode # no smartport storm-control broadcast enable no smartport storm-control broadcast level no smartport s...

Smartport Built-in Smartport Macros Cisco Small Business 200 Series Smart Switch Administration Guide 154 10 # no port security no port security mode # no smartport storm-control broadcast enable no smartport storm-control broadcast level no smartport storm-control include-multicast # spanning-tree ...

Smartport Built-in Smartport Macros 155 Cisco Small Business 200 Series Smart Switch Administration Guide 10 no port security mode no port security max # no smartport storm-control broadcast enable no smartport storm-control broadcast level # spanning-tree portfast auto # @ host [host] #macro descri...

Smartport Built-in Smartport Macros 159 Cisco Small Business 200 Series Smart Switch Administration Guide 10 #macro key description: $voice_vlan: The voice VLAN ID # #Default Values are #$voice_vlan = 1 # smartport switchport trunk allowed vlan remove $voice_vlan no smartport switchport trunk native...

Smartport Built-in Smartport Macros Cisco Small Business 200 Series Smart Switch Administration Guide 160 10 smartport switchport trunk allowed vlan remove all # no spanning-tree link-type # @ router [router] #macro description router #macro keywords $native_vlan $voice_vlan # #macro key description...

Smartport Built-in Smartport Macros 161 Cisco Small Business 200 Series Smart Switch Administration Guide 10 no smartport storm-control broadcast level # no spanning-tree link-type # @ ap [ap] #macro description ap #macro keywords $native_vlan $voice_vlan # #macro key description: $native_vlan: The ...

11 Cisco Small Business 200 Series Smart Switch Administration Guide 162 Port Management: PoE The Power over Ethernet (PoE) feature is only available on PoE-based devices. For a list of PoE-based devices, refer to the Device Models section. This section describes how to use the PoE feature. It cover...

Port Management: PoE PoE on the Device 163 Cisco Small Business 200 Series Smart Switch Administration Guide 11 Power over Ethernet can be used in any enterprise network that deploys relatively low-powered devices connected to the Ethernet LAN, such as: • IP phones • Wireless access points • IP gate...

Port Management: PoE Configuring PoE Properties 165 Cisco Small Business 200 Series Smart Switch Administration Guide 11 may not be able to properly supply power to its attaching PDs. To prevent false detection, you should disable PoE on the ports on the PoE switches that are used to connect to PSEs...

Port Management: PoE Configuring PoE Settings Cisco Small Business 200 Series Smart Switch Administration Guide 166 11 The following counters are displayed for each device: • Nominal Power—The total amount of power the device can supply to all the connected PDs. • Consumed Power—Amount of power curr...

Port Management: PoE Configuring PoE Settings 167 Cisco Small Business 200 Series Smart Switch Administration Guide 11 The administrator sets the priority for each port, allocating how much power it can be given. These priorities are entered in the PoE Settings page. See Device Models for a descript...

12 Cisco Small Business 200 Series Smart Switch Administration Guide 170 VLAN Management This section covers the following topics: • VLANs • Configuring Default VLAN Settings • Creating VLANs • Configuring VLAN Interface Settings • Defining VLAN Membership • Voice VLAN VLANs A VLAN is a logical grou...

VLAN Management VL ANs 171 Cisco Small Business 200 Series Smart Switch Administration Guide 12 VLANs address security and scalability issues. Traffic from a VLAN stays within the VLAN, and terminates at devices in the VLAN. It also eases network configuration by logically connecting devices without...

VLAN Management VL ANs Cisco Small Business 200 Series Smart Switch Administration Guide 172 12 • Management VLAN: For more information refer to the Configuring IP Information section. QinQ QinQ provides isolation between service provider networks and customers' networks. The device is a provider br...

VLAN Management Configuring Default VL AN Settings 173 Cisco Small Business 200 Series Smart Switch Administration Guide 12 Configuring Default VLAN Settings When using factory default settings, the device automatically creates VLAN 1 as the default VLAN, the default interface status of all ports is...

VLAN Management Creating VL ANs Cisco Small Business 200 Series Smart Switch Administration Guide 174 12 STEP 3 Click Apply . STEP 4 Click Save (in the upper-right corner of the window) and save the Running Configuration to the Startup Configuration. The Default VLAN ID After Reset becomes the Curre...

VLAN Management Configuring VL AN Interface Settings 175 Cisco Small Business 200 Series Smart Switch Administration Guide 12 To create a range of VLANs, select the Range radio button, and specify the range of VLANs to be created by entering the Starting VID and Ending VID, inclusive. When using the...

VLAN Management Defining VL AN Membership Cisco Small Business 200 Series Smart Switch Administration Guide 176 12 • Administrative PVID —Enter the Port VLAN ID (PVID) of the VLAN to which incoming untagged and priority tagged frames are classified. The possible values are 1 to 4094. • Frame Type —S...

VLAN Management Defining VL AN Membership 177 Cisco Small Business 200 Series Smart Switch Administration Guide 12 Frames that are VLAN-tagged can pass through other network devices that are VLAN-aware or VLAN-unaware. If a destination end node is VLAN-unaware, but is to receive traffic from a VLAN,...

VLAN Management Defining VL AN Membership Cisco Small Business 200 Series Smart Switch Administration Guide 178 12 Configuring VLAN Membership The Port VLAN Membership page displays all ports on the device along with a list of VLANs to which each port belongs. If the port-based authentication method...

VLAN Management Voice VL AN 179 Cisco Small Business 200 Series Smart Switch Administration Guide 12 - Forbidden —The interface is not allowed to join the VLAN. When a port is not a member of any other VLAN, enabling this option on the port makes the port part of internal VLAN 4095 (a reserved VID)....

VLAN Management Voice VL AN Cisco Small Business 200 Series Smart Switch Administration Guide 180 12 • Voice VLAN QoS • Voice VLAN Constraints • Voice VLAN Workflows The following are typical voice deployment scenarios with appropriate configurations: • UC3xx/UC5xx hosted: All Cisco phones and VoIP ...

VLAN Management Voice VL AN 181 Cisco Small Business 200 Series Smart Switch Administration Guide 12 The device supports a single voice VLAN. By default, the voice VLAN is VLAN 1. The voice VLAN is defaulted to VLAN 1. A different voice VLAN can be manually configured. It can also be dynamically lea...

VLAN Management Voice VL AN Cisco Small Business 200 Series Smart Switch Administration Guide 182 12 Voice End-Points To have a voice VLAN work properly, the voice devices, such as Cisco phones and VoIP endpoints, must be assigned to the voice VLAN where it sends and receives its voice traffic. Some...

VLAN Management Voice VL AN 183 Cisco Small Business 200 Series Smart Switch Administration Guide 12 NOTE The default configuration list here applies to switches whose firmware version supports Auto Voice VLAN out of the box. It also applies to unconfigured switches that have been upgraded to the fi...

VLAN Management Voice VL AN 185 Cisco Small Business 200 Series Smart Switch Administration Guide 12 • The Voice VLAN cannot be Smartport enabled. • The Voice VLAN QoS decision has priority over any other QoS decision, except for the Policy decision. • A new VLAN ID can be configured for the Voice V...

VLAN Management Voice VL AN Cisco Small Business 200 Series Smart Switch Administration Guide 186 12 NOTE Step 7 and Step 8 are optional as they are enabled by default. Workflow2: To configure the Telephony OUI Method STEP 1 Open the VLAN Management > Voice VLAN > Properties page. Set Dynamic ...

VLAN Management Voice VL AN Cisco Small Business 200 Series Smart Switch Administration Guide 188 12 NOTE Manually re-configuring the voice VLAN ID, CoS/802.1p, and/or DSCP from their default values results in a static voice VLAN, which has higher priority than auto voice VLAN that was learned from ...

VLAN Management Voice VL AN Cisco Small Business 200 Series Smart Switch Administration Guide 190 12 - Yes —The device uses this voice VLAN to synchronize with other Auto Voice VLAN-enabled switches. This voice VLAN is the voice VLAN for the network unless a voice VLAN from a higher priority source ...

VLAN Management Voice VL AN 191 Cisco Small Business 200 Series Smart Switch Administration Guide 12 • Remark CoS/802.1p —Select whether to remark egress traffic. • Auto Membership Aging Time—Enter the time delay to remove a port from the voice VLAN after all of the MAC addresses of the phones detec...

13 Cisco Small Business 200 Series Smart Switch Administration Guide 194 Spanning Tree This section describes the Spanning Tree Protocol (STP) (IEEE802.1D and IEEE802.1Q) and covers the following topics: • STP Flavors • Configuring STP Status and Global Settings • Defining Spanning Tree Interface Se...

Spanning Tree Configuring STP Status and Global Settings 195 Cisco Small Business 200 Series Smart Switch Administration Guide 13 topology is naturally tree-structured, and therefore faster convergence might be possible. RSTP is enabled by default. NOTE The 200 series switches do not support MSTP. C...

Spanning Tree Configuring STP Status and Global Settings Cisco Small Business 200 Series Smart Switch Administration Guide 196 13 Bridge Settings: • Priority —Sets the bridge priority value. After exchanging BPDUs, the device with the lowest priority becomes the Root Bridge. In the case that all bri...

Spanning Tree Defining Spanning Tree Interface Settings Cisco Small Business 200 Series Smart Switch Administration Guide 198 13 • BPDU Guard —Enables or disables the Bridge Protocol Data Unit (BPDU) Guard feature on the port. The BPDU Guard enables you to enforce the STP domain borders and keep the...

Spanning Tree Configuring Rapid Spanning Tree Settings 199 Cisco Small Business 200 Series Smart Switch Administration Guide 13 • Designated Bridge ID —Displays the bridge priority and the MAC address of the designated bridge. • Designated Port ID —Displays the priority and interface of the selected...

Spanning Tree Configuring Rapid Spanning Tree Settings 201 Cisco Small Business 200 Series Smart Switch Administration Guide 13 • Fast Link Operational Status —Displays whether the Fast Link (Edge Port) is enabled, disabled, or automatic for the interface. The values are: - Enabled —Fast Link is ena...

14 Cisco Small Business 200 Series Smart Switch Administration Guide 202 Managing MAC Address Tables This section describe how to add MAC addresses to the system. It covers the following topics: • Configuring Static MAC Addresses • Managing Dynamic MAC Addresses • Types of MAC Addresses There are tw...

Managing MAC Address Tables Configuring Static MAC Addresses 203 Cisco Small Business 200 Series Smart Switch Administration Guide 14 Configuring Static MAC Addresses Static MAC addresses are assigned to a specific physical interface and VLAN on the device. If that address is detected on another int...

Managing MAC Address Tables Managing Dynamic MAC Addresses Cisco Small Business 200 Series Smart Switch Administration Guide 204 14 Managing Dynamic MAC Addresses The Dynamic Address Table (bridging table) contains the MAC addresses acquired by monitoring the source addresses of frames entering the ...

Managing MAC Address Tables Managing Dynamic MAC Addresses 205 Cisco Small Business 200 Series Smart Switch Administration Guide 14 To delete all of the dynamic MAC addresses. click Clear Table .

15 Cisco Small Business 200 Series Smart Switch Administration Guide 206 Multicast This section describes the Multicast Forwarding feature, and covers the following topics: • Multicast Forwarding • Defining Multicast Properties • Adding MAC Group Address • Adding IP Multicast Group Addresses • Confi...

Multicast Multicast Forwarding 207 Cisco Small Business 200 Series Smart Switch Administration Guide 15 For Multicast forwarding to work across IP subnets, nodes, and routers must be Multicast-capable. A Multicast-capable node must be able to: • Send and receive Multicast packets. • Register the Mul...

Multicast Multicast Forwarding Cisco Small Business 200 Series Smart Switch Administration Guide 208 15 The device can forward Multicast streams based on one of the following options: • Multicast MAC Group Address • IP Multicast Group Address (G) • A combination of the source IP address (S) and the ...

Multicast Defining Multicast Properties 209 Cisco Small Business 200 Series Smart Switch Administration Guide 15 • To map an IP Multicast group address to an Layer 2 Multicast address: - For IPv4, this is mapped by taking the 23 low-order bits from the IPv4 address, and adding them to the 01:00:5e p...

Multicast Adding MAC Group Address Cisco Small Business 200 Series Smart Switch Administration Guide 210 15 • IP Group Address —Based on the destination IP address of the IP packet (*,G). • Source Specific IP Group Address —Based on both the destination IP address and the source IP address of the IP...

Multicast Adding IP Multicast Group Addresses Cisco Small Business 200 Series Smart Switch Administration Guide 212 15 To configure and display the registration for the interfaces within the group, select an address, and click Details. The page contains: • VLAN ID —The VLAN ID of the Multicast group...

Multicast Configuring IGMP Snooping Cisco Small Business 200 Series Smart Switch Administration Guide 214 15 STEP 8 For each interface, select its association type. The options are as follows: • Static—Attaches the interface to the Multicast group as a static member. • Forbidden—Specifies that this ...

Multicast MLD Snooping Cisco Small Business 200 Series Smart Switch Administration Guide 216 15 • Last Member Query Counter —Enter the number of IGMP Group-Specific Queries sent before the device assumes there are no more members for the group, if the device is the elected querier. • Operational Las...

Multicast Querying IGMP/MLD IP Multicast Group Cisco Small Business 200 Series Smart Switch Administration Guide 218 15 • Operational Query Robustness—Displays the robustness variable sent by the elected querier. • Query Interval —Enter the Query Interval value to be used by the device if the device...

Multicast Defining Multicast Router Ports 219 Cisco Small Business 200 Series Smart Switch Administration Guide 15 There might be a difference between information on this page and, for example, information displayed in the MAC Group Address page . Assuming that the system is in MAC-based groups and ...

Multicast Defining Forward All Multicast Cisco Small Business 200 Series Smart Switch Administration Guide 220 15 To statically configure or see dynamically-detected ports connected to the Multicast router: STEP 1 Click Multicast > Multicast Router Port . STEP 2 Enter some or all of following que...

Multicast Defining Unregistered Multicast Settings 221 Cisco Small Business 200 Series Smart Switch Administration Guide 15 IGMP or MLD messages are not forwarded to ports defined as For ward All . NOTE The configuration affects only the ports that are members of the selected VLAN. To define Forward...

Multicast Defining Unregistered Multicast Settings Cisco Small Business 200 Series Smart Switch Administration Guide 222 15 You can select a port to receive or filter unregistered Multicast streams. The configuration is valid for any VLAN of which it is a member (or will be a member). This feature e...

16 Cisco Small Business 200 Series Smart Switch Administration Guide 224 IP Configuration IP interface addresses can be configured manually by the user, or automatically configured by a DHCP server. This section provides information for defining the device IP addresses, either manually or by making ...

IP Configuration IPv4 Management and Interfaces 225 Cisco Small Business 200 Series Smart Switch Administration Guide 16 If the device does not receive a DHCPv4 response in 60 seconds, it continues to send DHCPDISCOVER queries, and adopts the default IPv4 address: 192.168.1.254/24. IP address collis...

IP Configuration IPv4 Management and Interfaces Cisco Small Business 200 Series Smart Switch Administration Guide 226 16 To configure the IPv4 device IP address: STEP 1 Click Administration > Management Interface > IPv4 Interface . STEP 2 Enter values for the following fields: • Management VLA...

IP Configuration IPv4 Management and Interfaces 227 Cisco Small Business 200 Series Smart Switch Administration Guide 16 If a dynamic IP address is retrieved from the DHCP server, select those of the following fields that are enabled: • Renew IP Address Now —The device dynamic IP address can be rene...

IP Configuration IPv4 Management and Interfaces 229 Cisco Small Business 200 Series Smart Switch Administration Guide 16 IPv6 Global Configuration To define IPv6 global parameters and DHCPv6 client settings: STEP 1 Click Administration > Management Interface > IPv6 Global Configuration . STEP ...

IP Configuration IPv4 Management and Interfaces 231 Cisco Small Business 200 Series Smart Switch Administration Guide 16 • Send ICMPv6 Messages —Enable generating unreachable destination messages. STEP 6 Click Apply to enable IPv6 processing on the selected interface. Regular IPv6 interfaces have th...

IP Configuration IPv4 Management and Interfaces Cisco Small Business 200 Series Smart Switch Administration Guide 232 16 • Received Information Refresh Time —Refresh time received from DHCPv6 server. • Remaining Information Refresh Time —Remaining time until next refresh. • DNS Servers —List of DNS ...

IP Configuration IPv4 Management and Interfaces 233 Cisco Small Business 200 Series Smart Switch Administration Guide 16 Configuring Tunnels NOTE To configure a tunnel, first configure an IPv6 interface as a tunnel in the IPv6 Interfaces page. To configure an IPv6 tunnel: STEP 1 Click Administration...

IP Configuration IPv4 Management and Interfaces 235 Cisco Small Business 200 Series Smart Switch Administration Guide 16 To define prefixes to be advertised on the interfaces of the device: STEP 5 IPv6 Default Router List The IPv6 Default Router List page enables configuring and viewing the default ...

IP Configuration IPv4 Management and Interfaces Cisco Small Business 200 Series Smart Switch Administration Guide 236 16 - Unreachable —Positive confirmation was not received within the Reachable Time. - Stale —Previously-known neighboring network is unreachable, and no action is taken to verify its...

IP Configuration IPv4 Management and Interfaces 237 Cisco Small Business 200 Series Smart Switch Administration Guide 16 To define IPv6 neighbors: STEP 1 Click Administration > Management Interface > IPv6 Neighbors STEP 1 STEP 2 You can select a Clear Table option to clear some or all of IPv6 ...

IP Configuration IPv4 Management and Interfaces Cisco Small Business 200 Series Smart Switch Administration Guide 238 16 • IPv6 Address —Enter the IPv6 network address assigned to the interface. The address must be a valid IPv6 address. • MAC Address —Enter the MAC address mapped to the specified IP...

IP Configuration Domain Name 239 Cisco Small Business 200 Series Smart Switch Administration Guide 16 network. Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration. - Global —An IPv6 address that is a global U...

IP Configuration Domain Name 241 Cisco Small Business 200 Series Smart Switch Administration Guide 16 • Source —Source of the server ’s IP address (static or DHCPv4 or DHCPv6) • Interface —Interface of the server ’s IP address. STEP 4 Up to eight DNS servers can be defined. To add a DNS server, clic...

IP Configuration Domain Name Cisco Small Business 200 Series Smart Switch Administration Guide 242 16 • Interface —Interface of the server ’s IP address for this domain. • Preference—This is the order in which the domains are used (from low to high). This effectively determines the order in which un...

17 Cisco Small Business 200 Series Smart Switch Administration Guide 244 Security This section describes device security and access control. The system handles various types of security. The following list of topics describes the various types of security features described in this section. Some fea...

Security Defining Users 245 Cisco Small Business 200 Series Smart Switch Administration Guide 17 Protection from other network users is described in the following sections. These are attacks that pass through, but are not directed at, the device. • Denial of Service Prevention • SSL Server • Definin...

Security Defining Users Cisco Small Business 200 Series Smart Switch Administration Guide 246 17 When password recovery mechanism is disabled, accessing the boot menu is still allowed and you can trigger the password recovery process. The difference is that in this case, all configuration and user f...

Security Configuring RADIUS Cisco Small Business 200 Series Smart Switch Administration Guide 248 17 Configuring RADIUS Remote Authorization Dial-In User Service (RADIUS) servers provide a centralized 802.1X or MAC-based network access control. The device is a RADIUS client that can use a RADIUS ser...

Security Configuring RADIUS 249 Cisco Small Business 200 Series Smart Switch Administration Guide 17 Interactions With Other Features You cannot enable accounting on both a RADIUS and TACACS+ server. Radius Workflow To user a RADIUS server, do the following: STEP 1 Open an account for the device on ...

Security Configuring Management Access Authentication 251 Cisco Small Business 200 Series Smart Switch Administration Guide 17 • Authentication Port —Enter the UDP port number of the RADIUS server port for authentication requests. • Retries —Enter the number of requests that are sent to the RADIUS s...

Security Defining Management Access Method Cisco Small Business 200 Series Smart Switch Administration Guide 252 17 If an authentication method fails or the user has insufficient privilege level, the user is denied access to the device. In other words, if authentication fails at an authentication me...

Security Defining Management Access Method 253 Cisco Small Business 200 Series Smart Switch Administration Guide 17 Access profiles consist of one or more rules. The rules are executed in order of their priority within the access profile (top to bottom). Rules are composed of filters that include th...

Security Defining Management Access Method 255 Cisco Small Business 200 Series Smart Switch Administration Guide 17 • Applies to Source IP Address —Select the type of source IP address to which the access profile applies. The Source IP Address field is valid for a subnetwork. Select one of the follo...

Security SSL Server 257 Cisco Small Business 200 Series Smart Switch Administration Guide 17 • IP Version —Select the supported IP version of the source address: IPv6 or IPv4. • IP Address —Enter the source IP address. • Mask —Select the format for the subnet mask for the source IP address, and ente...

Security SSL Server Cisco Small Business 200 Series Smart Switch Administration Guide 258 17 Default Settings and Configuration By default, the device contains a certificate that can be modified. HTTPS is enabled by default. SSL Server Authentication Settings It may be required to generate a new cer...

Security Configuring TCP/UDP Services 259 Cisco Small Business 200 Series Smart Switch Administration Guide 17 - Duration— Specifies the number of days a certification is valid. • Generate Certificate Request— Generate a certificate request to be signed by a CA. - Enter the fields for the certificat...

Security Defining Storm Control 261 Cisco Small Business 200 Series Smart Switch Administration Guide 17 • Type —IP protocol the service uses. • Local IP Address —Local IP address through which the device is offering the service. • Local Port —Local UDP port through which the device is offering the ...

Security Configuring 802.1X Cisco Small Business 200 Series Smart Switch Administration Guide 266 17 • (Optional) Define one or more static VLANs as unauthenticated VLANs as described in the Defining 802.1X Properties section. 802.1x authorized and unauthorized devices or ports can always send or re...

Security Configuring 802.1X 267 Cisco Small Business 200 Series Smart Switch Administration Guide 17 STEP 3 Click Apply . The 802.1X properties are written to the Running Configuration file. Defining 802.1X Port Authentication The Port Authentication page enables configuration of 802.1X parameters f...

Security Configuring 802.1X 269 Cisco Small Business 200 Series Smart Switch Administration Guide 17 Defining Host and Session Authentication The Host and Session Authentication page enables defining the mode in which 802.1X operates on the port and the action to perform if a violation has been dete...

Security Configuring 802.1X Cisco Small Business 200 Series Smart Switch Administration Guide 270 17 STEP 2 Select a port, and click Edit. STEP 3 Enter the parameters. • Interface —Enter a port number for which host authentication is enabled. • Host Authentication —Select one of the modes. These mod...

Security Denial of Service Prevention 271 Cisco Small Business 200 Series Smart Switch Administration Guide 17 • Authentication Method —Method by which the last session was authenticated. The options are: - None —No authentication is applied; it is automatically authorized. - RADIUS —Supplicant was ...

Security Denial of Service Prevention Cisco Small Business 200 Series Smart Switch Administration Guide 272 17 address (response to the ACK Packet). However, because the sender address is false, the response never comes. These half-open connections saturate the number of available connections the de...

Security Denial of Service Prevention 273 Cisco Small Business 200 Series Smart Switch Administration Guide 17 • All other DoS Prevention features are disabled by default. Configuring DoS Prevention The following pages are used to configure this feature. Security Suite Settings To configure DoS Prev...

Security: SSH Client Protection Methods 277 Cisco Small Business 200 Series Smart Switch Administration Guide 18 When files are downloaded via TFTP or HTTP, the data transfer is unsecured. When files are downloaded via SCP, the information is downloaded from the SCP server to the device via a secure...

Security: SSH Client Protection Methods Cisco Small Business 200 Series Smart Switch Administration Guide 278 18 The username/password must then be created on the device. When data is transferred from the server to the device, the username/password supplied by the device must match the username/pass...

Security: SSH Client SSH Server Authentication 279 Cisco Small Business 200 Series Smart Switch Administration Guide 18 When a private key is created on a device, it is also possible to create an associated passphrase . This passphrase is used to encrypt the private key and to import it into the rem...

Security: SSH Client SSH Client Authentication Cisco Small Business 200 Series Smart Switch Administration Guide 280 18 SSH Client Authentication SSH client authentication by password is enabled by default, with the username/password being “anonymous”. The user must configure the following informati...

Security: SSH Client Before You Begin 281 Cisco Small Business 200 Series Smart Switch Administration Guide 18 Before You Begin The following actions must be performed before using the SCP feature: • When using the password authentication method, a username/password must be set up on the SSH server....

Security: SSH Client Common Tasks Cisco Small Business 200 Series Smart Switch Administration Guide 282 18 STEP 4 If the public/private key method is being used, perform the following steps: a. Select whether to use an RSA or DSA key, create a username and then generate the public/private keys. b. V...

Security: SSH Client SSH Client Configuration Through the GUI 283 Cisco Small Business 200 Series Smart Switch Administration Guide 18 SSH Client Configuration Through the GUI This section describes the pages used to configure the SSH Client feature. SSH User Authentication Use this page to select a...

Security: SSH Client SSH Client Configuration Through the GUI Cisco Small Business 200 Series Smart Switch Administration Guide 284 18 • Key Source —Auto Generated or User Defined. • Fingerprint —Fingerprint generated from the key. STEP 6 To handle an RSA or DSA key, select either RSA or DSA and per...

19 Cisco Small Business 200 Series Smart Switch Administration Guide 286 Security: Secure Sensitive Data Management Secure Sensitive Data (SSD) is an architecture that facilitates the protection of sensitive data on a device, such as passwords and keys. The facility makes use of passphrases, encrypt...

Security: Secure Sensitive Data Management SSD Rules 287 Cisco Small Business 200 Series Smart Switch Administration Guide 19 SSD grants read permission to sensitive data only to authenticated and authorized users, and according to SSD rules. A device authenticates and authorizes management access t...

Security: Secure Sensitive Data Management SSD Rules Cisco Small Business 200 Series Smart Switch Administration Guide 288 19 NOTE A device may not support all the channels defined by SSD. Elements of an SSD Rule An SSD rule includes the following elements: • User type—The user types supported in or...

Security: Secure Sensitive Data Management SSD Rules Cisco Small Business 200 Series Smart Switch Administration Guide 290 19 * The Read mode of a session can be temporarily changed in the SSD Properties page if the new read mode does not violate the read permission. NOTE Note the following: • The d...

Security: Secure Sensitive Data Management SSD Rules 291 Cisco Small Business 200 Series Smart Switch Administration Guide 19 NOTE When doing a file transfer initiated by an XML or SNMP command, the underlying protocol used is TFTP. Therefore, the SSD rule for insecure channel will apply. SSD Rules ...

Security: Secure Sensitive Data Management SSD Properties Cisco Small Business 200 Series Smart Switch Administration Guide 292 19 The default rules can be modified, but they cannot be deleted. If the SSD default rules have been changed, they can be restored. SSD Default Read Mode Session Override T...

Security: Secure Sensitive Data Management SSD Properties 293 Cisco Small Business 200 Series Smart Switch Administration Guide 19 Passphrase A passphrase is the basis of the security mechanism in the SSD feature, and is used to generate the key for the encryption and decryption of sensitive data. S...

Security: Secure Sensitive Data Management SSD Properties Cisco Small Business 200 Series Smart Switch Administration Guide 294 19 automatically changed to the passphrase in the startup configuration file, when the startup configuration becomes the running configuration of the device. When a device ...

Security: Secure Sensitive Data Management Configuration Files 295 Cisco Small Business 200 Series Smart Switch Administration Guide 19 A device determines whether the integrity of a configuration file is protected by examining the File Integrity Control command in the file's SSD Control block. If a...

Security: Secure Sensitive Data Management Configuration Files Cisco Small Business 200 Series Smart Switch Administration Guide 296 19 • A text-based configuration that does not include an SSD indicator is considered not to contain sensitive data. • The SSD indicator is used to enforce SSD read per...

Security: Secure Sensitive Data Management Configuration Files 297 Cisco Small Business 200 Series Smart Switch Administration Guide 19 • If there is a passphrase in the SSD control block of the source configuration file, the device will reject the source file, and the copy fails if there is encrypt...

Security: Secure Sensitive Data Management Configuration Files Cisco Small Business 200 Series Smart Switch Administration Guide 298 19 • When copied from a source file, the copy will fail if the passphrase in the source file is in plaintext. If the passphrase is encrypted, it is ignored. • When dir...

Security: Secure Sensitive Data Management Configuration Files 299 Cisco Small Business 200 Series Smart Switch Administration Guide 19 • A user with Exclude permission cannot access mirror and backup configuration files with their file SSD indicator showing either encrypted or plaintext sensitive d...

Security: Secure Sensitive Data Management SSD Management Channels Cisco Small Business 200 Series Smart Switch Administration Guide 300 19 If the device creating the configuration file is in Unrestricted passphrase control mode, the device includes the passphrase in the file. As a result, the user ...

Security: Secure Sensitive Data Management Menu CLI and Password Recovery 301 Cisco Small Business 200 Series Smart Switch Administration Guide 19 Menu CLI and Password Recovery The Menu CLI interface is only allowed to users if their read permissions are Both or Plaintext Only. Other users are reje...

Security: Secure Sensitive Data Management Configuring SSD 303 Cisco Small Business 200 Series Smart Switch Administration Guide 19 - Secure— Indicates that this rule applies only to secure channels (console, SCP, SSH and HTTPS), not including the SNMP and XML channels. - Insecure —Indicates that th...

20 Cisco Small Business 200 Series Smart Switch Administration Guide 304 Quality of Service The Quality of Service feature is applied throughout the network to ensure that network traffic is prioritized according to required criteria and the desired traffic receives preferential treatment. This sect...

Quality of Service QoS Features and Components 305 Cisco Small Business 200 Series Smart Switch Administration Guide 20 QoS Features and Components The QoS feature is used to optimize network performance. QoS provides the following: • Classification of incoming traffic to traffic classes, based on a...

Quality of Service Configuring QoS - General Cisco Small Business 200 Series Smart Switch Administration Guide 306 20 QoS Workflow To configure general QoS parameters, perform the following: STEP 1 Enable QoS by using the QoS Properties page to select the trust mode. Then enable QoS on ports by usin...

Quality of Service Configuring QoS - General Cisco Small Business 200 Series Smart Switch Administration Guide 308 20 Interface QoS Settings The Interface Settings page enables configuring QoS on each port of the device, as follows: QoS State Disabled on an Interface —All inbound traffic on the port...

Quality of Service Configuring QoS - General 309 Cisco Small Business 200 Series Smart Switch Administration Guide 20 • Weighted Round Robin (WRR) —In WRR mode the number of packets sent from the queue is proportional to the weight of the queue (the higher the weight the more frames are sent). For e...

Quality of Service Configuring QoS - General 311 Cisco Small Business 200 Series Smart Switch Administration Guide 20 Default Mapping for 8 Queues By changing the CoS/802.1p to Queue mapping (CoS/802.1p to Queue) and the Queue schedule method and bandwidth allocation (Queue page), it is possible to ...

Quality of Service Configuring QoS - General Cisco Small Business 200 Series Smart Switch Administration Guide 312 20 • Output Queue —Select the egress queue to which the 802.1p priority is mapped. Either four or eight egress queues are supported, where Queue 4 or Queue 8 is the highest priority egr...

Quality of Service Configuring QoS - General 315 Cisco Small Business 200 Series Smart Switch Administration Guide 20 To map DSCP to queues: STEP 1 Click Quality of Service > General > DSCP to Queue . The DSCP to Queue page contains Ingress DSCP . It displays the DSCP value in the incoming pac...

Quality of Service Configuring QoS - General Cisco Small Business 200 Series Smart Switch Administration Guide 316 20 • Ingress Rate Limit —Select to enable the ingress rate limit, which is defined in the field below. • Ingress Rate Limit —Enter the maximum amount of bandwidth allowed on the interfa...

Quality of Service Managing QoS Statistics 317 Cisco Small Business 200 Series Smart Switch Administration Guide 20 To define egress shaping per queue: STEP 1 Click Quality of Service > General > Egress Shaping per Queue . The Egress Shaping Per Queue page displays the rate limit and burst siz...

21 Cisco Small Business 200 Series Smart Switch Administration Guide 320 SNMP This section describes the Simple Network Management Protocol (SNMP) feature that provides a method for managing network devices. It covers the following topics: • SNMP Versions and Workflow • Model OIDs • SNMP Engine ID •...

SNMP SNMP Versions and Workflow 321 Cisco Small Business 200 Series Smart Switch Administration Guide 21 SNMPv1 and v2 To control access to the system, a list of community entries is defined. Each community entry consists of a community strin g and its access privilege. The system responds only to S...

SNMP SNMP Versions and Workflow Cisco Small Business 200 Series Smart Switch Administration Guide 322 21 If you decide to use SNMPv1 or v2: STEP 1 Navigate to the SNMP -> Communities page and click Add. The community can be associated with access rights and a view in Basic mode or with a group in...

SNMP Model OIDs 323 Cisco Small Business 200 Series Smart Switch Administration Guide 21 STEP 7 Define a notification recipient(s) by using the Notification Recipients SNMPv3 page. Supported MIBs For a list of supported MIBs, visit the following URL and navigate to the download area listed as Cisco ...

SNMP SNMP Engine ID Cisco Small Business 200 Series Smart Switch Administration Guide 324 21 The private Object IDs are placed under: enterprises(1).cisco(9).otherEnterprises(6).ciscosb(1).switch001(101). SNMP Engine ID The Engine ID is used by SNMPv3 entities to uniquely identify them. An SNMP agen...

SNMP Configuring SNMP Views 325 Cisco Small Business 200 Series Smart Switch Administration Guide 21 All remote engine IDs and their IP addresses are displayed in the Remote Engine ID table. STEP 3 Click Apply . The Running Configuration file is updated. The Remote Engine ID table shows the mapping ...

SNMP Creating SNMP Groups 327 Cisco Small Business 200 Series Smart Switch Administration Guide 21 • Object ID Subtree View Type —Displays whether the defined subtree is included or excluded in the selected SNMP view. Creating SNMP Groups In SNMPv1 and SNMPv2, a community string is sent along with t...

SNMP Creating SNMP Groups Cisco Small Business 200 Series Smart Switch Administration Guide 328 21 • Security Model —Select the SNMP version attached to the group, SNMPv1, v2, or v3. Three types of views with various security levels can be defined. For each security level, select the views for Read,...

SNMP Managing SNMP Users 329 Cisco Small Business 200 Series Smart Switch Administration Guide 21 Managing SNMP Users An SNMP user is defined by the login credentials (username, passwords, and authentication method) and by the context and scope in which it operates by association with a group and an...

SNMP Defining SNMP Communities 331 Cisco Small Business 200 Series Smart Switch Administration Guide 21 Defining SNMP Communities Access rights in SNMPv1 and SNMPv2 are managed by defining communities in the Communities page. The community name is a type of shared password between the SNMP managemen...

SNMP Defining Trap Settings 333 Cisco Small Business 200 Series Smart Switch Administration Guide 21 Defining Trap Settings The Trap Settings page enables configuring whether SNMP notifications are sent from the device, and for which cases. The recipients of the SNMP notifications can be configured ...

SNMP Notification Recipients 335 Cisco Small Business 200 Series Smart Switch Administration Guide 21 • Retries—Enter the number of times that the device resends an inform request. • Community String—Select from the pull-down the community string of the trap manager. Community String names are gener...

SNMP Notification Recipients Cisco Small Business 200 Series Smart Switch Administration Guide 336 21 - Link Local —The IPv6 address uniquely identifies hosts on a single network link. A link local address has a prefix of FE80 , is not routable, and can be used for communication only on the local ne...

SNMP SNMP Notification Filters 337 Cisco Small Business 200 Series Smart Switch Administration Guide 21 • Notification Filter —Select to enable filtering the type of SNMP notifications sent to the management station. The filters are created in the Notification Filter page. • Filter Name —Select the ...

SNMP SNMP Notification Filters Cisco Small Business 200 Series Smart Switch Administration Guide 338 21 - If Object ID is used, the entered object identifier is included in the view if the Include in filter option is selected. STEP 4 Select or deselect Include in filter. If this is selected, the sel...