Cisco SRW2024PK9NA - Manuals

Cisco Small Business 300 Series Managed Switch Administration Guide 7 Contents Customer Port Multicast TV VLAN 214 Mapping CPE VLANs to Multicast TV VLANs 215 CPE Port Multicast VLAN Membership 216 Chapter 13: Spanning Tree 218 STP Flavors 218 Configuring STP Status and Global Settings 219 Defining ...

Cisco Small Business 300 Series Managed Switch Administration Guide 9 Contents DHCP Server 276 DHCP Options 276 Dependencies Between Features 278 Default Settings and Configurations 278 DHCPv4 Server 279 Network Pool 279 Excluded Addresses 281 Static Hosts 281 Address Binding 283 IPv6 Management and...

Cisco Small Business 300 Series Managed Switch Administration Guide 11 Contents Default Configuration 342 Configuring DoS Prevention 342 Security Suite Settings 342 SYN Protection 344 Martian Addresses 345 SYN Filtering 346 SYN Rate Protection 347 ICMP Filtering 348 IP Fragmented Filtering 348 IP So...

1 Cisco Small Business 300 Series Managed Switch Administration Guide 1 Getting Started This section provides an introduction to the web-based configuration utility, and covers the following topics: • Starting the Web-based Configuration Utility • Quick Start Device Configuration • Interface Naming ...

Getting Started Starting the Web-based Configuration Utility Cisco Small Business 300 Series Managed Switch Administration Guide 2 1 Launching the Configuration Utility To open the web-based configuration utility: STEP 1 Open a Web browser. STEP 2 Enter the IP address of the device you are configuri...

Getting Started Starting the Web-based Configuration Utility 3 Cisco Small Business 300 Series Managed Switch Administration Guide 1 STEP 3 If this is the first time that you logged on with the default user ID ( cisco ) and the default password ( cisco ) or your password has expired, the Change Pass...

Getting Started Starting the Web-based Configuration Utility Cisco Small Business 300 Series Managed Switch Administration Guide 4 1 Logging Out By default, the application logs out after ten minutes of inactivity. You can change this default value as described in the Defining Idle Session Timeout s...

Getting Started Quick Start Device Configuration 5 Cisco Small Business 300 Series Managed Switch Administration Guide 1 Quick Start Device Configuration To simplify device configuration through quick navigation, the Getting Started page provides links to the most commonly used pages. There are two ...

Getting Started Interface Naming Conventions Cisco Small Business 300 Series Managed Switch Administration Guide 6 1 Interface Naming Conventions Within the GUI, interfaces are denoted by concatenating the following elements: • Type of interface: The following types of interfaces are found on the va...

Getting Started Window Navigation 7 Cisco Small Business 300 Series Managed Switch Administration Guide 1 Window Navigation This section describes the features of the web-based switch configuration utility. Application Header The Application Header appears on every page. It provides the following ap...

Getting Started Window Navigation Cisco Small Business 300 Series Managed Switch Administration Guide 8 1 Language Menu This menu provides the following options: • Select a language: Select one of the languages that appear in the menu. This language will be the web-based configuration utility langua...

Getting Started Window Navigation 9 Cisco Small Business 300 Series Managed Switch Administration Guide 1 Management Buttons The following table describes the commonly-used buttons that appear on various pages in the system. Management Buttons Button Name Description Use the pull-down menu to config...

Getting Started Window Navigation Cisco Small Business 300 Series Managed Switch Administration Guide 10 1 Copy Settings A table typically contains one or more entries containing configuration settings. Instead of modifying each entry individually, it is possible to modify one entry and then copy th...

2 Cisco Small Business 300 Series Managed Switch Administration Guide 12 Status and Statistics This section describes how to view device statistics. It covers the following topics: • Viewing Ethernet Interfaces • Viewing Etherlike Statistics • Viewing GVRP Statistics • Viewing 802.1X EAP Statistics ...

Status and Statistics Viewing Etherlike Statistics 13 Cisco Small Business 300 Series Managed Switch Administration Guide 2 - 15 Sec —Statistics are refreshed every 15 seconds. - 30 Sec —Statistics are refreshed every 30 seconds. - 60 Sec —Statistics are refreshed every 60 seconds. The Receive Stati...

Status and Statistics Viewing GVRP Statistics 15 Cisco Small Business 300 Series Managed Switch Administration Guide 2 Viewing GVRP Statistics The GVRP page displays information regarding GARP VLAN Registration Protocol (GVRP) frames that were sent or received from a port. GVRP is a standards-based ...

Status and Statistics Viewing 802.1X EAP Statistics Cisco Small Business 300 Series Managed Switch Administration Guide 16 2 To clear statistics counters: • Click Clear Interface Counters to clear the selected counters. • Click View All Interfaces Statistics to see all ports on a single page. Viewin...

Status and Statistics Viewing TCAM Utilization[ 17 Cisco Small Business 300 Series Managed Switch Administration Guide 2 • Invalid EAPOL Frames Received —Unrecognized EAPOL frames received on this port. • EAP Length Error Frames Received —EAPOL frames with an invalid Packet Body Length received on t...

Status and Statistics Managing RMON Cisco Small Business 300 Series Managed Switch Administration Guide 18 2 • Non-IP Rules - In Use —Number of TCAM entries used for non-IP rules. - Maximum —Number of available TCAM entries that can be used for non- IP rules. Managing RMON RMON (Remote Networking Mo...

Status and Statistics Managing RMON Cisco Small Business 300 Series Managed Switch Administration Guide 20 2 - Packet has an invalid CRC. - Received (Rx) Error Event has not been detected. • Collisions —Number of collisions received. If Jumbo Frames are enabled, the threshold of Jabber Frames is rai...

Status and Statistics Managing RMON 21 Cisco Small Business 300 Series Managed Switch Administration Guide 2 To enter RMON control information: STEP 1 Click Status and Statistics > RMON > History . The fields displayed on this page are defined in the Add RMON History page, below . The only fie...

Status and Statistics Managing RMON Cisco Small Business 300 Series Managed Switch Administration Guide 22 2 The fields are displayed for the selected sample. • Owner —History table entry owner. • Sample No. —Statistics were taken from this sample. • Drop Events —Dropped packets due to lack of netwo...

Status and Statistics Managing RMON Cisco Small Business 300 Series Managed Switch Administration Guide 24 2 Viewing the RMON Events Logs The Event Log Table page displays the log of events (actions) that occurred. Two types of events can be logged: Log or Log and Trap . The action in the event is p...

Status and Statistics Managing RMON Cisco Small Business 300 Series Managed Switch Administration Guide 26 2 • Interval —Enter the alarm interval time in seconds. • Owner —Enter the name of the user or network management system that receives the alarm. STEP 4 Click Apply . The RMON alarm is saved to...

3 Cisco Small Business 300 Series Managed Switch Administration Guide 28 Administration: System Log This section describes the System Log feature, which enables the device to generate several independent logs. Each log is a set of messages describing system events. The device generates the following...

Administration: System Log Setting Remote Logging Settings Cisco Small Business 300 Series Managed Switch Administration Guide 30 3 • Originator Identifier —Enables adding an origin identifier to SYSLOG messages. The options are: - None —Do not include the origin identifier in SYSLOG messages. - Hos...

Administration: System Log Viewing Memory Logs 31 Cisco Small Business 300 Series Managed Switch Administration Guide 3 - Link Local —The IPv6 address uniquely identifies hosts on a single network link. A link local address has a prefix of FE80 , is not routable, and can be used for communication on...

4 Cisco Small Business 300 Series Managed Switch Administration Guide 34 Administration: File Management This section describes how system files are managed. The following topics are covered: • System Files • Upgrade/Backup Firmware/Language • Active Image • Download/Backup Configuration/Log • Confi...

Administration: File Management System Files 35 Cisco Small Business 300 Series Managed Switch Administration Guide 4 Configuration files on the device are defined by their type , and contain the settings and parameter values for the device. When a configuration is referenced on the device, it is re...

Administration: File Management System Files Cisco Small Business 300 Series Managed Switch Administration Guide 36 4 Only the system can copy the Startup Configuration to the Mirror Configuration. However, you can copy from the Mirror Configuration to other file types or to another device. The opti...

Administration: File Management Upgrade/Backup Firmware/Language Cisco Small Business 300 Series Managed Switch Administration Guide 38 4 Upgrade/Backing Firmware or Language File To upgrade or backup a software image or language file: STEP 1 Click Administration > File Management > Upgrade/Ba...

Administration: File Management Upgrade/Backup Firmware/Language 39 Cisco Small Business 300 Series Managed Switch Administration Guide 4 • Link Local Interface —Select the link local interface (if IPv6 is used) from the list. • TFTP Server IP Address/Name —Enter the IP address or the domain name of...

Administration: File Management Active Image 41 Cisco Small Business 300 Series Managed Switch Administration Guide 4 • If SSH server authentication is not enabled, the operation succeeds for any SCP server. Active Image There are two firmware images stored on the device. One of the images is identi...

Administration: File Management Download/Backup Configuration/Log Cisco Small Business 300 Series Managed Switch Administration Guide 42 4 • Restoring configuration files from an external device to the device. When restoring a configuration file to the Running Configuration, the imported file adds a...

Administration: File Management Download/Backup Configuration/Log 43 Cisco Small Business 300 Series Managed Switch Administration Guide 4 Downloading or Backing-up a Configuration or Log File To backup or restore the system configuration file: STEP 1 Click Administration > File Management > D...

Administration: File Management Configuration Files Properties 47 Cisco Small Business 300 Series Managed Switch Administration Guide 4 If Save Action is Backup (copying a file to another device), enter the following fields (in addition to those fields listed above): • Source File Type —Select the c...

Administration: File Management Copy/Save Configuration Cisco Small Business 300 Series Managed Switch Administration Guide 48 4 STEP 3 If required, select either the Startup Configuration, Backup Configuration or both and click Clear Files to delete these files. This page provides the following fie...

Administration: File Management DHCP Auto Configuration 49 Cisco Small Business 300 Series Managed Switch Administration Guide 4 STEP 3 Select the Destination File Name to be overwritten by the source file. • If you are backing up a configuration file, select one of the following formats for the bac...

Administration: File Management DHCP Auto Configuration Cisco Small Business 300 Series Managed Switch Administration Guide 50 4 • After reboot when an IP address is allocated or renewed dynamically (using DHCPv4). • Upon an explicit DHCPv4 renewal request and if the device and the server are config...

Administration: File Management DHCP Auto Configuration 51 Cisco Small Business 300 Series Managed Switch Administration Guide 4 extension are downloaded using SCP, and files with the other extensions are downloaded using TFTP. • TFTP Only—The download is done through TFTP regardless of the file ext...

Administration: File Management DHCP Auto Configuration Cisco Small Business 300 Series Managed Switch Administration Guide 52 4 • If the DHCP server did not send these options and the backup TFTP/SCP server address parameter is empty then: - For DHCPv4: SCP —The Auto Configuration process is halted...

Administration: File Management DHCP Auto Configuration 53 Cisco Small Business 300 Series Managed Switch Administration Guide 4 Configuring DHCP Auto Configuration Workflow To configure DHCP Auto Configuration. 1. Configure the DHCPv4 and/or DHCPv6 servers to send the required options. this process...

Administration: File Management DHCP Auto Configuration 55 Cisco Small Business 300 Series Managed Switch Administration Guide 4 - Global—The IPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks. • Link Local Interface —Select the link local interface (if IPv6...

5 Cisco Small Business 300 Series Managed Switch Administration Guide 56 Administration: General Information This section describes how to view system information and configure various options on the device. It covers the following topics: • Device Models • System Information • Console Settings (Aut...

Administration: General Information Device Models 57 Cisco Small Business 300 Series Managed Switch Administration Guide 5 • FE is used for Fast Ethernet (10/100) ports. The following table describes the various models, the number and type of ports on them and their PoE information. Managed Switch M...

Administration: General Information System Information Cisco Small Business 300 Series Managed Switch Administration Guide 58 5 System Information The System Summary page provides a graphic view of the device, and displays device status, hardware information, firmware version information, general Po...

Administration: General Information System Information Cisco Small Business 300 Series Managed Switch Administration Guide 60 5 • Firmware Version (Active Image) —Firmware version number of the active image. • Firmware MD5 Checksum (Active Image) —MD5 checksum of the active image. • Firmware Version...

Administration: General Information Routing Resources Cisco Small Business 300 Series Managed Switch Administration Guide 64 5 Routing Resources Use the Router Resources page to display TCAM allocation and modify total TCAM size. TCAM entries are divided into the following groups: • IP Entries —TCAM...

Administration: General Information Monitoring Fan Status 65 Cisco Small Business 300 Series Managed Switch Administration Guide 5 You must save your current configuration before changing the TCAM Allocation Settings. NOTE A summary of the TCAM entries actually in use and available is displayed at t...

Administration: General Information Defining Idle Session Timeout 67 Cisco Small Business 300 Series Managed Switch Administration Guide 5 Defining Idle Session Timeout The Idle Session Timeout configures the time intervals that the management sessions can remain idle before they timeout and you mus...

Administration: General Information Traceroute 69 Cisco Small Business 300 Series Managed Switch Administration Guide 5 Traceroute Traceroute discovers the IP routes along which packets were forwarded by sending an IP packet to the target host and back to the device. The Traceroute page shows each h...

Administration: General Information Traceroute Cisco Small Business 300 Series Managed Switch Administration Guide 70 5 A page appears showing the Round Trip Time (RTT) and status for each trip in the fields: • Index —Displays the number of the hop. • Host —Displays a stop along the route to the des...

6 Cisco Small Business 300 Series Managed Switch Administration Guide 72 Administration: Time Settings Synchronized system clocks provide a frame of reference between all devices on the network. Network time synchronization is critical because every aspect of managing, securing, planning, and debugg...

Administration: Time Settings System Time Options 73 Cisco Small Business 300 Series Managed Switch Administration Guide 6 System Time Options System time can be set manually by the user, dynamically from an SNTP server, or synchronized from the PC running the GUI. If an SNTP server is chosen, the m...

Administration: Time Settings SNTP Modes Cisco Small Business 300 Series Managed Switch Administration Guide 74 6 Time Zone and Daylight Savings Time (DST ) The Time Zone and DST can be set on the device in the following ways: • Dynamic configuration of the device through a DHCP server, where: - Dyn...

Administration: Time Settings Configuring System Time 75 Cisco Small Business 300 Series Managed Switch Administration Guide 6 Configuring System Time Selecting Source of System Time Use the System Time page to select the system time source. If the source is manual, you can enter the time here. ! CA...

Administration: Time Settings Configuring System Time Cisco Small Business 300 Series Managed Switch Administration Guide 76 6 Manual Settings —Set the date and time manually. The local time is used when there is no alternate source of time, such as an SNTP server: • Date —Enter the system date. • L...

Administration: Time Settings Configuring System Time 77 Cisco Small Business 300 Series Managed Switch Administration Guide 6 - From —Day and time that DST starts. - To —Day and time that DST ends. Selecting Recurring allows different customization of the start and stop of DST: • From —Date when DS...

Administration: Time Settings Configuring System Time Cisco Small Business 300 Series Managed Switch Administration Guide 78 6 • Poll Interval —Displays whether polling is enabled or disabled. • Authentication Key ID —Key Identification used to communicate between the SNTP server and device. • Strat...

Administration: Time Settings Configuring System Time Cisco Small Business 300 Series Managed Switch Administration Guide 80 6 Configuring the SNTP Mode The device can be in active and/or passive mode (see SNTP Modes for more information). To enable receiving SNTP packets from all servers on the sub...

Administration: Time Settings Configuring System Time 81 Cisco Small Business 300 Series Managed Switch Administration Guide 6 The authentication key is created on the SNTP server in a separate process that depends on the type of SNTP server you are using. Consult with the SNTP server system adminis...

Administration: Time Settings Configuring System Time Cisco Small Business 300 Series Managed Switch Administration Guide 82 6 • 8021X Port Authentication • Port Stat • Time-Based PoE There are two types of time ranges: • Absolute —This type of time range begins on a specific date or immediately and...

Administration: Time Settings Configuring System Time 83 Cisco Small Business 300 Series Managed Switch Administration Guide 6 • Time Range Name—Enter a new time range name. • Absolute Starting Time—To define the start time, enter the following: - Immediate —Select for the time range to start immedi...

7 Cisco Small Business 300 Series Managed Switch Administration Guide 84 Administration: Diagnostics This section contains information for configuring port mirroring, running cable tests, and viewing device operational information. It covers the following topics: • Testing Copper Ports • Displaying ...

Administration: Diagnostics Displaying Optical Module Status Cisco Small Business 300 Series Managed Switch Administration Guide 86 7 If the port being tested is a Giga port, the Advanced Information block contains the following information, which is refreshed each time you enter the page: • Cable L...

Administration: Diagnostics Configuring Port and VL AN Mirroring 87 Cisco Small Business 300 Series Managed Switch Administration Guide 7 • MGBLH1: 1000BASE-LH SFP transceiver, for single-mode fiber, 1310 nm wavelength, supports up to 40 km. • MGBLX1: 1000BASE-LX SFP transceiver, for single-mode fib...

Administration: Diagnostics Viewing CPU Utilization and Secure Core Technology 89 Cisco Small Business 300 Series Managed Switch Administration Guide 7 • Destination Port —Select the analyzer port to where packets are copied. A network analyzer, such as a PC running Wireshark, is connected to this p...

Administration: Diagnostics Viewing CPU Utilization and Secure Core Technology Cisco Small Business 300 Series Managed Switch Administration Guide 90 7 STEP 1 Click Administration > Diagnostics > CPU Utilization . The CPU Utilization page appears. The CPU Input Rate field displays the rate of ...

8 Cisco Small Business 300 Series Managed Switch Administration Guide 92 Administration: Discovery This section provides information for configuring Discovery. It covers the following topics: • Configuring Bonjour Discovery • LLDP and CDP • Configuring LLDP • Configuring CDP Configuring Bonjour Disc...

Administration: Discovery Configuring Bonjour Discovery 93 Cisco Small Business 300 Series Managed Switch Administration Guide 8 When Bonjour Discovery is disabled, the device stops any service type advertisements and does not respond to requests for service from network management applications. To ...

Administration: Discovery LLDP and CDP Cisco Small Business 300 Series Managed Switch Administration Guide 94 8 STEP 3 Click Apply to update the Running Configuration file. STEP 4 To enable Bonjour on an interface, click Add. STEP 5 Select the interface, and click Apply . NOTE Click Delete to disabl...

Administration: Discovery Configuring LLDP 95 Cisco Small Business 300 Series Managed Switch Administration Guide 8 • CDP and LLDP end devices, such as IP phones, learn the voice VLAN configuration from CDP and LLDP advertisements. By default, the device is enabled to send out CDP and LLDP advertise...

Administration: Discovery Configuring LLDP Cisco Small Business 300 Series Managed Switch Administration Guide 96 8 • Displaying LLDP Local Information • Displaying LLDP Neighbors Information • Accessing LLDP Statistics • LLDP Overloading LLDP Overview LLDP is a protocol that enables network manager...

Administration: Discovery Configuring LLDP 97 Cisco Small Business 300 Series Managed Switch Administration Guide 8 4. Associate LLDP MED network policies and the optional LLDP-MED TLVs to the desired interfaces by using the LLDP MED Port Settings page. 5. If Auto Smartport is to detect the capabili...

Administration: Discovery Configuring LLDP Cisco Small Business 300 Series Managed Switch Administration Guide 98 8 STEP 3 In the Fast Start Repeat Count field, enter the number of times LLDP packets are sent when the LLDP-MED Fast Start mechanism is initialized. This occurs when a new endpoint devi...

Administration: Discovery Configuring LLDP 99 Cisco Small Business 300 Series Managed Switch Administration Guide 8 The time interval between notifications is entered in the Topology Change SNMP Notification Interval field in the LLDP Properties page. Define SNMP Notification Recipients by using the...

Administration: Discovery Configuring LLDP Cisco Small Business 300 Series Managed Switch Administration Guide 100 8 lowest IP address among the dynamic IP addresses. If there are no dynamic addresses, the software chooses the lowest IP address among the static IP addresses. - None —Do not advertise...

Administration: Discovery Configuring LLDP 101 Cisco Small Business 300 Series Managed Switch Administration Guide 8 Setting LLDP MED Network Policy An LLDP-MED network policy is a related set of configuration settings for a specific real-time application such as voice, or video. A network policy, i...

Administration: Discovery Configuring LLDP Cisco Small Business 300 Series Managed Switch Administration Guide 102 8 • VLAN Tag —Select whether the traffic is Tagged or Untagged. • User Priority —Select the traffic priority applied to traffic defined by this network policy. This is the CoS value. • ...

Administration: Discovery Configuring LLDP 103 Cisco Small Business 300 Series Managed Switch Administration Guide 8 • SNMP Notification —Select whether SNMP notification is sent on a per-port basis when an end station that supports MED is discovered; for example a SNMP managing system, when there i...

Administration: Discovery Configuring LLDP Cisco Small Business 300 Series Managed Switch Administration Guide 104 8 • Chassis ID Subtype —Type of chassis ID (for example, MAC address). • Chassis ID —Identifier of chassis. Where the chassis ID subtype is a MAC address, the MAC address of the device ...

Administration: Discovery Configuring LLDP 105 Cisco Small Business 300 Series Managed Switch Administration Guide 8 This page provides the following fields: Global • Chassis ID Subtype —Type of chassis ID. (For example, the MAC address.) • Chassis ID —Identifier of chassis. Where the chassis ID sub...

Administration: Discovery Configuring LLDP Cisco Small Business 300 Series Managed Switch Administration Guide 106 8 • Auto-Negotiation Advertised Capabilities —Port speed auto-negotiation capabilities; for example, 1000BASE-T half duplex mode, 100BASE-TX full duplex mode. • Operational MAU Type —Me...

Administration: Discovery Configuring LLDP 107 Cisco Small Business 300 Series Managed Switch Administration Guide 8 - Endpoint Class 1 —Indicates a generic endpoint class, offering basic LLDP services. - Endpoint Class 2 —Indicates a media endpoint class, offering media streaming capabilities, as w...

Administration: Discovery Configuring LLDP Cisco Small Business 300 Series Managed Switch Administration Guide 108 8 - Untagged —Indicates the network policy is defined for untagged VLANs. • User Priority —Network policy user priority. • DSCP —Network policy DSCP. Displaying LLDP Neighbors Informati...

Administration: Discovery Configuring LLDP 109 Cisco Small Business 300 Series Managed Switch Administration Guide 8 Basic Details • Chassis ID Subtype —Type of chassis ID (for example, MAC address). • Chassis ID —Identifier of the 802 LAN neighboring device chassis. • Port ID Subtype —Type of the p...

Administration: Discovery Configuring LLDP 111 Cisco Small Business 300 Series Managed Switch Administration Guide 8 MED Details • Capabilities Supported —MED capabilities enabled on the port. • Current Capabilities —MED TLVs advertised by the port. • Device Class —LLDP-MED endpoint device class. Th...

Administration: Discovery Configuring LLDP Cisco Small Business 300 Series Managed Switch Administration Guide 112 8 • Enabled —Enabled Port and Protocol VLAN IDs. VL AN IDs • VID —Port and Protocol VLAN ID. • VLAN Names —Advertised VLAN names. Protocol IDs • Protocol ID Table —Advertised protocol I...

Administration: Discovery Configuring LLDP 113 Cisco Small Business 300 Series Managed Switch Administration Guide 8 STEP 1 Click Administration > Discovery - LLDP > LLDP Statistics . For each port, the fields are displayed: • Interface —Identifier of interface. • Tx Frames Total —Number of tr...

Administration: Discovery Configuring LLDP Cisco Small Business 300 Series Managed Switch Administration Guide 114 8 • Left to Send (Bytes) —Total number of available bytes left for additional LLDP information in each packet. • Status —Whether TLVs are being transmitted or if they are overloaded. ST...

Administration: Discovery Configuring CDP 115 Cisco Small Business 300 Series Managed Switch Administration Guide 8 • LLDP Optional TLVs - Size (Bytes) —Total LLDP MED optional TLVs packets byte size. - Status —If the LLDP MED optional TLVs packets were sent, or if they were overloaded. • LLDP MED I...

Administration: Discovery Configuring CDP Cisco Small Business 300 Series Managed Switch Administration Guide 116 8 CDP Configuration Workflow The followings is sample workflow in configuring CDP on the device. You can also find additional CDP configuration guidelines in the LLDP/CDP section. STEP 1...

Administration: Discovery Configuring CDP Cisco Small Business 300 Series Managed Switch Administration Guide 118 8 Editing CDP Interface Settings The Interface Settings page enables administrators to enable/disable CDP per port. Notifications can also be triggered when there are conflicts with CDP ...

Administration: Discovery Configuring CDP 119 Cisco Small Business 300 Series Managed Switch Administration Guide 8 • Syslog Voice VLAN Mismatch —Select to enable the option of sending a SYSLOG message when a voice VLAN mismatch is detected This means that the voice VLAN information in the incoming ...

Administration: Discovery Configuring CDP 121 Cisco Small Business 300 Series Managed Switch Administration Guide 8 - Request ID—Last power request ID received echoes the Request-ID field last received in a Power Requested TLV. It is 0 if no Power Requested TLV was received since the interface last ...

Administration: Discovery Configuring CDP 123 Cisco Small Business 300 Series Managed Switch Administration Guide 8 Viewing CDP Statistics The CDP Statistics page displays information regarding Cisco Discovery Protocol (CDP) frames that were sent or received from a port. CDP packets are received fro...

9 Cisco Small Business 300 Series Managed Switch Administration Guide 124 Port Management This section describes port configuration, link aggregation, and the Green Ethernet feature. It covers the following topics: • Configuring Ports • Setting Port Configuration • Configuring Link Aggregation • Con...

Port Management Setting Port Configuration 125 Cisco Small Business 300 Series Managed Switch Administration Guide 9 Setting Port Configuration The Port Settings page displays the global and per port setting of all the ports. This page enables you to select and configure the desired ports from the E...

Port Management Configuring Link Aggregation Cisco Small Business 300 Series Managed Switch Administration Guide 128 9 - Protected Ports provide Layer 2 isolation between interfaces (Ethernet ports and LAGs) that share the same VLAN. - Packets received from protected ports can be forwarded only to u...

Port Management Configuring Link Aggregation 129 Cisco Small Business 300 Series Managed Switch Administration Guide 9 Link Aggregation Overview Link Aggregation Control Protocol (LACP) is part of the IEEE specification (802.3az) that enables you to bundle several physical ports together to form a s...

Port Management Configuring Link Aggregation Cisco Small Business 300 Series Managed Switch Administration Guide 130 9 Every LAG has the following characteristics: • All ports in a LAG must be of the same media type. • To add a port to the LAG, it cannot belong to any VLAN except the default VLAN. •...

Port Management Configuring Link Aggregation 131 Cisco Small Business 300 Series Managed Switch Administration Guide 9 To configure a dynamic LAG, perform the following actions: 1. Enable LACP on the LAG. Assign up to 16 candidates ports to the dynamic LAG by selecting and moving the ports from the ...

Port Management Configuring Link Aggregation Cisco Small Business 300 Series Managed Switch Administration Guide 132 9 • Port List —Move those ports that are to be assigned to the LAG from the Port List to the LAG Members list. Up to eight ports per static LAG can be assigned, and 16 ports can be as...

Port Management Configuring Link Aggregation 133 Cisco Small Business 300 Series Managed Switch Administration Guide 9 • Administrative Auto Negotiation —Enables or disable auto-negotiation on the LAG. Auto-negotiation is a protocol between two link partners that enables a LAG to advertise its trans...

Port Management Configuring Link Aggregation Cisco Small Business 300 Series Managed Switch Administration Guide 134 9 Configuring LACP A dynamic LAG is LACP-enabled, and LACP is run on every candidate port defined in the LAG. LACP Priority and Rules LACP system priority and LACP port priority are b...

Port Management Configuring Link Aggregation 135 Cisco Small Business 300 Series Managed Switch Administration Guide 9 However, there are cases when one link partner is temporarily not configured for LACP. One example for such case is when the link partner is on a device, which is in the process of ...

Port Management Configuring Green Ethernet Cisco Small Business 300 Series Managed Switch Administration Guide 136 9 STEP 5 Click Apply . The Running Configuration file is updated. Configuring Green Ethernet This section describes the Green Ethernet feature that is designed to save power on the devi...

Port Management Configuring Green Ethernet 137 Cisco Small Business 300 Series Managed Switch Administration Guide 9 In addition to the above Green Ethernet features, the 802.3az Energy Efficient Ethernet (EEE) is found on devices supporting GE ports. EEE reduces power consumption when there is no t...

Port Management Configuring Green Ethernet Cisco Small Business 300 Series Managed Switch Administration Guide 138 9 802.3az Energy Efficient Ethernet Feature This section describes the 802.3az Energy Efficient Ethernet (EEE) feature. It covers the following topics: • 802.3az EEE Overview • Advertis...

Port Management Configuring Green Ethernet Cisco Small Business 300 Series Managed Switch Administration Guide 140 9 802.3az EEE Configuration Workflow This section describes how to configure the 802.3az EEE feature and view its counters. STEP 1 Ensure that auto-negotiation is enabled on the port by...

Port Management Configuring Green Ethernet 141 Cisco Small Business 300 Series Managed Switch Administration Guide 9 • Energy Detect Mode —Disabled by default. Click the checkbox to enable. • Short Reach —Globally enable or disable Short Reach mode if there are GE ports on the device. NOTE If Short ...

10 Cisco Small Business 300 Series Managed Switch Administration Guide 144 Smartport This document describes the Smartports feature. It contains the following topics: • Overview • What is a Smartport • Smartport Types • Smartport Macros • Macro Failure and the Reset Operation • How the Smartport Fea...

Smartport Overview 145 Cisco Small Business 300 Series Managed Switch Administration Guide 10 Overview The Smartport feature provides a convenient way to save and share common configurations. By applying the same Smartport macro to multiple interfaces, the interfaces share a common set of configurat...

Smartport What is a Smartport Cisco Small Business 300 Series Managed Switch Administration Guide 146 10 What is a Smartport A Smartport is an interface to which a built-in (or user-defined) macro may be applied. These macros are designed to provide a means of quickly configuring the device to suppo...

Smartport Smartport Types 147 Cisco Small Business 300 Series Managed Switch Administration Guide 10 • Statically from a Smartport macro by name only from the CLI. A Smartport macro can be applied by its Smartport type statically from CLI and GUI, and dynamically by Auto Smartport. Auto Smartport de...

Smartport Smartport Types Cisco Small Business 300 Series Managed Switch Administration Guide 148 10 Special Smartport Types There are two special Smartport types; default and unknown . These two types are not associated with macros, but they exist to signify the state of the interface regarding Sma...

Smartport Smartport Macros 149 Cisco Small Business 300 Series Managed Switch Administration Guide 10 Smartport Macros A Smartport macro is a script of CLI commands that configure an interface appropriately for a particular network device. Smartport macros should not be confused with global macros. ...

Smartport Macro Failure and the Reset Operation Cisco Small Business 300 Series Managed Switch Administration Guide 150 10 Applying a Smartport Type to an Interface When Smartport types are applied to interfaces, the Smartport types and configuration in the associated Smartport macros are saved in t...

Smartport How the Smartport Feature Works 151 Cisco Small Business 300 Series Managed Switch Administration Guide 10 After the source of the problem is determined and the existing configuration or Smartport macro is corrected, you must perform a reset operation to reset the interface before it can b...

Smartport Auto Smartport Cisco Small Business 300 Series Managed Switch Administration Guide 152 10 Auto Smartport In order for Auto Smartport to automatically assign Smartport types to interfaces, the Auto Smartport feature must be enabled globally and on the relevant interfaces which Auto Smartpor...

Smartport Auto Smartport 153 Cisco Small Business 300 Series Managed Switch Administration Guide 10 If, for example, an IP phone is attached to a port, it transmits CDP or LLDP packets that advertise its capabilities. After reception of these CDP and/or LLDP packets, the device derives the appropria...

Smartport Auto Smartport Cisco Small Business 300 Series Managed Switch Administration Guide 154 10 NOTE If only the IP Phone and Host bits are set, then the Smartport type is ip_phone_desktop. Multiple Devices Attached to the Port The device derives the Smartport type of a connected device via the ...

Smartport Error Handling 155 Cisco Small Business 300 Series Managed Switch Administration Guide 10 • If all devices on an interface advertise the same capability (there is no conflict) the matching Smartport type is applied to the interface. • If one of the devices is a switch, the Switch Smartport...

Smartport Default Configuration Cisco Small Business 300 Series Managed Switch Administration Guide 156 10 Default Configuration Smartport is always available. By default, Auto Smartport is enabled by Auto Voice VLAN, relies on both CDP and LLDP to detect attaching device's Smartport type, and detec...

Smartport Common Smartport Tasks Cisco Small Business 300 Series Managed Switch Administration Guide 158 10 3. Click View Macro Source to view the current Smartport macro that is associated with the selected Smartport Type. 4. Click Edit to open a new window in which you can bind user-defined macros...

Smartport Configuring Smartport Using The Web-based Interface 159 Cisco Small Business 300 Series Managed Switch Administration Guide 10 Configuring Smartport Using The Web-based Interface The Smartport feature is configured in the Smartport > Properties, Smartport Type Settings and Interface Set...

Smartport Configuring Smartport Using The Web-based Interface Cisco Small Business 300 Series Managed Switch Administration Guide 160 10 STEP 3 Click Apply . This sets the global Smartport parameters on the device. Smartport Type Settings Use the Smartport Type Settings page to edit the Smartport Ty...

Smartport Configuring Smartport Using The Web-based Interface 161 Cisco Small Business 300 Series Managed Switch Administration Guide 10 • User Defined Macro—If desired, select the user-defined macro that is to be associated with the selected Smartport type. The macro must have already been paired w...

Smartport Configuring Smartport Using The Web-based Interface Cisco Small Business 300 Series Managed Switch Administration Guide 162 10 corrections have been made prior to clicking Reapply . See the workflow area in Common Smartport Tasks section for troubleshooting tips. • Reapply a Smartport macr...

Smartport Built-in Smartport Macros Cisco Small Business 300 Series Managed Switch Administration Guide 164 10 Built-in Smartport Macros The following describes the pair of built-in macros for each Smartport type. For each Smartport type there is a macro to configure the interface and an anti macro ...

Smartport Built-in Smartport Macros 165 Cisco Small Business 300 Series Managed Switch Administration Guide 10 port security mode max-addresses port security discard trap 60 # smartport storm-control broadcast level 10 smartport storm-control include-multicast smartport storm-control broadcast enabl...

Smartport Built-in Smartport Macros Cisco Small Business 300 Series Managed Switch Administration Guide 166 10 # smartport storm-control broadcast level 10 smartport storm-control include-multicast smartport storm-control broadcast enable # spanning-tree portfast # @ no_printer [no_printer] #macro d...

Smartport Built-in Smartport Macros 167 Cisco Small Business 300 Series Managed Switch Administration Guide 10 smartport storm-control broadcast enable # spanning-tree portfast # @ no_guest] ] [no_guest] #macro description No guest # no switchport access vlan no switchport mode # no port security no...

Smartport Built-in Smartport Macros Cisco Small Business 300 Series Managed Switch Administration Guide 168 10 spanning-tree portfast # @ no_server [no_server] #macro description No server # no smartport switchport trunk native vlan smartport switchport trunk allowed vlan remove all # no port securi...

Smartport Built-in Smartport Macros Cisco Small Business 300 Series Managed Switch Administration Guide 172 10 smartport storm-control broadcast enable # spanning-tree portfast # @ no_ip_phone_desktop [no_ip_phone_desktop] #macro description no ip_phone_desktop #macro keywords $voice_vlan # #macro k...

Smartport Built-in Smartport Macros 173 Cisco Small Business 300 Series Managed Switch Administration Guide 10 # @ no_switch [no_switch] #macro description No switch #macro keywords $voice_vlan # #macro key description: $voice_vlan: The voice VLAN ID # no smartport switchport trunk native vlan smart...

Smartport Built-in Smartport Macros Cisco Small Business 300 Series Managed Switch Administration Guide 174 10 #macro keywords $voice_vlan # #macro key description: $voice_vlan: The voice VLAN ID # no smartport switchport trunk native vlan smartport switchport trunk allowed vlan remove all # no smar...

11 Cisco Small Business 300 Series Managed Switch Administration Guide 176 Port Management: PoE The Power over Ethernet (PoE) feature is only available on PoE-based devices. For a list of PoE-based devices, refer to the Device Models section. This section describes how to use the PoE feature. It cov...

Port Management: PoE PoE on the Device 177 Cisco Small Business 300 Series Managed Switch Administration Guide 11 Power over Ethernet can be used in any enterprise network that deploys relatively low-powered devices connected to the Ethernet LAN, such as: • IP phones • Wireless access points • IP ga...

Port Management: PoE Configuring PoE Properties 179 Cisco Small Business 300 Series Managed Switch Administration Guide 11 may not be able to properly supply power to its attaching PDs. To prevent false detection, you should disable PoE on the ports on the PoE switches that are used to connect to PS...

Port Management: PoE Configuring PoE Settings Cisco Small Business 300 Series Managed Switch Administration Guide 180 11 The following counters are displayed for each device: • Nominal Power—The total amount of power the device can supply to all the connected PDs. • Consumed Power—Amount of power cu...

Port Management: PoE Configuring PoE Settings Cisco Small Business 300 Series Managed Switch Administration Guide 182 11 • Class—This field appears only if the Power Mode set in the PoE Properties page is Class Limit. The class determines the power level: • Power Consumption—Displays the amount of p...

12 Cisco Small Business 300 Series Managed Switch Administration Guide 184 VLAN Management This section covers the following topics: • VLANs • Configuring Default VLAN Settings • Creating VLANs • Configuring VLAN Interface Settings • Defining VLAN Membership • GVRP Settings • VLAN Groups • Voice VLA...

VLAN Management VL ANs 185 Cisco Small Business 300 Series Managed Switch Administration Guide 12 VL AN Description Each VLAN is configured with a unique VID (VLAN ID) with a value from 1 to 4094. A port on a device in a bridged network is a member of a VLAN if it can send data to and receive data f...

VLAN Management VL ANs Cisco Small Business 300 Series Managed Switch Administration Guide 186 12 VL AN Roles VLANs function at Layer 2. All VLAN traffic (Unicast/Broadcast/Multicast) remains within its VLAN. Devices attached to different VLANs do not have direct connectivity to each other over the ...

VLAN Management Configuring Default VL AN Settings 187 Cisco Small Business 300 Series Managed Switch Administration Guide 12 Customer traffic is encapsulated with an S-tag with TPID 0x8100, regardless of whether it was originally c-tagged or untagged. The S-tag allows this traffic to be treated as ...

VLAN Management Creating VL ANs 189 Cisco Small Business 300 Series Managed Switch Administration Guide 12 Creating VLANs You can create a VLAN, but this has no effect until the VLAN is attached to at least one port, either manually or dynamically. Ports must always belong to one or more VLANs. The ...

VLAN Management Configuring VL AN Interface Settings Cisco Small Business 300 Series Managed Switch Administration Guide 190 12 Configuring VLAN Interface Settings The Interface Settings page displays and enables configuration of VLAN-related parameters for all interfaces To configure the VLAN setti...

VLAN Management Defining VL AN Membership 191 Cisco Small Business 300 Series Managed Switch Administration Guide 12 - Admit Tagged Only —The interface accepts only tagged frames. - Admit Untagged Only —The interface accepts only untagged and priority frames. • Ingress Filtering —(Available only in ...

VLAN Management Defining VL AN Membership Cisco Small Business 300 Series Managed Switch Administration Guide 192 12 Configuring Port to VLAN Use the Port to VLAN page to display and configure the ports within a specific VLAN. To map ports or LAGs to a VLAN: STEP 1 Click VLAN Management > Port to...

VLAN Management Defining VL AN Membership 193 Cisco Small Business 300 Series Managed Switch Administration Guide 12 Configuring VLAN Membership The Port VLAN Membership page displays all ports on the device along with a list of VLANs to which each port belongs. If the port-based authentication meth...

VLAN Management GVRP Settings Cisco Small Business 300 Series Managed Switch Administration Guide 194 12 - Forbidden —The interface is not allowed to join the VLAN even from GVRP registration. When a port is not a member of any other VLAN, enabling this option on the port makes the port part of inte...

VLAN Management VL AN Groups 195 Cisco Small Business 300 Series Managed Switch Administration Guide 12 GVRP must be activated globally as well as on each port. When it is activated, it transmits and receives GARP Packet Data Units (GPDUs). VLANs that are defined but not active are not propagated. T...

VLAN Management VL AN Groups Cisco Small Business 300 Series Managed Switch Administration Guide 196 12 If several classifications schemes are defined, packets are assigned to a VLAN in the following order: • TAG: If the packet is tagged, the VLAN is taken from the tag. • MAC-Based VLAN: If a MAC-ba...

VLAN Management VL AN Groups 197 Cisco Small Business 300 Series Managed Switch Administration Guide 12 NOTE This MAC address cannot be assigned to any other VLAN group. • Prefix Mask —Enter one of the following: - Host —Source host of the MAC address - Length — Prefix of the MAC address • Group ID ...

VLAN Management Voice VL AN Cisco Small Business 300 Series Managed Switch Administration Guide 198 12 Voice VLAN In a LAN, voice devices, such as IP phones, VoIP endpoints, and voice systems are placed into the same VLAN. This VLAN is referred as the voice VLAN. If the voice devices are in differen...

VLAN Management Voice VL AN 199 Cisco Small Business 300 Series Managed Switch Administration Guide 12 From a VLAN perspective, the above models operate in both VLAN-aware and VLAN-unaware environments. In the VLAN-aware environment, the voice VLAN is one of the many VLANs configured in an installat...

VLAN Management Voice VL AN Cisco Small Business 300 Series Managed Switch Administration Guide 200 12 Unlike Telephony OUI mode that detects voice devices based on telephony OUI, Auto Voice VLAN mode depends on Auto Smartport to dynamically add the ports to the voice VLAN. Auto Smartport, if enable...

VLAN Management Voice VL AN 201 Cisco Small Business 300 Series Managed Switch Administration Guide 12 When Auto Smartport is enabled, depending on Auto Voice VLAN mode, Auto Smartport is enabled when Auto Voice VLAN becomes operational. If desired, you can make Auto Smartport independent of Auto Vo...

VLAN Management Voice VL AN Cisco Small Business 300 Series Managed Switch Administration Guide 202 12 • When a new voice VLAN is configured/discovered, the device automatically creates it, and replaces all the port memberships of the existing voice VLAN to the new voice VLAN. This may interrupt or ...

VLAN Management Voice VL AN 203 Cisco Small Business 300 Series Managed Switch Administration Guide 12 Voice VLAN Constraints The following constraints exist: • Only one Voice VLAN is supported. • A VLAN that is defined as a Voice VLAN cannot be removed In addition the following constraints are appl...

VLAN Management Voice VL AN Cisco Small Business 300 Series Managed Switch Administration Guide 204 12 STEP 4 Select the Auto Voice VLAN Activation method. NOTE If the device is currently in Telephony OUI mode, you must disable it before you can configure Auto Voice Vlan STEP 5 Click Apply. STEP 6 C...

VLAN Management Voice VL AN 205 Cisco Small Business 300 Series Managed Switch Administration Guide 12 Configuring Voice VLAN Properties Use the Voice VLAN Properties page for the following: • View how voice VLAN is currently configured. • Configure the VLAN ID of the Voice VLAN. • Configure voice V...

VLAN Management Voice VL AN Cisco Small Business 300 Series Managed Switch Administration Guide 206 12 - Enable Telephony OUI —Enable Dynamic Voice VLAN in Telephony OUI mode. - Disable —Disable Auto Voice Vlan or Telephony OUI. • Auto Voice VLAN Activation —If Auto Voice VLAN was enabled, select on...

VLAN Management Voice VL AN Cisco Small Business 300 Series Managed Switch Administration Guide 208 12 • Voice VLAN ID —The identifier of the current voice VLAN. • CoS/802.1p —The advertised or configured CoS/802.1p values that are used by the LLDP-MED as a voice network policy. • DSCP —The advertis...

VLAN Management Voice VL AN Cisco Small Business 300 Series Managed Switch Administration Guide 210 12 Adding Interfaces to Voice VLAN on Basis of OUIs The QoS attributes can be assigned per port to the voice packets in one of the following modes: • All —Quality of Service (QoS) values configured to...

VLAN Management Access Port Multicast TV VL AN 211 Cisco Small Business 300 Series Managed Switch Administration Guide 12 Access Port Multicast T V VLAN Multicast TV VLANs enable Multicast transmissions to subscribers who are not on the same data VLAN (Layer 2-isolated), without replicating the Mult...

VLAN Management Access Port Multicast TV VL AN Cisco Small Business 300 Series Managed Switch Administration Guide 212 12 IGMP Snooping Multicast TV VLAN relies on IGMP snooping, which means that: • Subscribers use IGMP messages to join or leave a Multicast group. • Device performs IGMP snooping and...

VLAN Management Access Port Multicast TV VL AN 213 Cisco Small Business 300 Series Managed Switch Administration Guide 12 Configuration Workflow Configure TV VLAN with the following steps: 1. Define a TV VLAN by associating a Multicast group to a VLAN (using the Multicast Group to VLAN page). 2. Spe...

VLAN Management Customer Port Multicast TV VL AN Cisco Small Business 300 Series Managed Switch Administration Guide 214 12 Port Multicast VLAN Membership To define the Multicast TV VLAN configuration: STEP 1 Click VLAN Management > Access Port Multicast TV VLAN > Port Multicast VLAN Membershi...

VLAN Management Customer Port Multicast TV VL AN 215 Cisco Small Business 300 Series Managed Switch Administration Guide 12 All packets from the subscriber to the service provider network are encapsulated by the access device with the subscriber ’s VLAN configured as customer VLAN (Outer tag or S-VI...

VLAN Management Customer Port Multicast TV VL AN Cisco Small Business 300 Series Managed Switch Administration Guide 216 12 To map CPE VLANs: STEP 1 Click VLAN Management > Customer Port Multicast TV VLAN > CPE VLAN to VLAN. STEP 2 Click Add. STEP 3 Enter the following fields: • CPE VLAN—Enter...

13 Cisco Small Business 300 Series Managed Switch Administration Guide 218 Spanning Tree This section describes the Spanning Tree Protocol (STP) (IEEE802.1D and IEEE802.1Q) and covers the following topics: • STP Flavors • Configuring STP Status and Global Settings • Defining Spanning Tree Interface ...

Spanning Tree Configuring STP Status and Global Settings 219 Cisco Small Business 300 Series Managed Switch Administration Guide 13 The device supports the following Spanning Tree Protocol versions: • Classic STP – Provides a single path between any two end stations, avoiding and eliminating loops. ...

Spanning Tree Configuring STP Status and Global Settings Cisco Small Business 300 Series Managed Switch Administration Guide 220 13 • BPDU Handling —Select how Bridge Protocol Data Unit (BPDU) packets are managed when STP is disabled on the port or the device. BPDUs are used to transmit spanning tre...

Spanning Tree Configuring Rapid Spanning Tree Settings 223 Cisco Small Business 300 Series Managed Switch Administration Guide 13 - Blocking —The port is currently blocked, and cannot forward traffic (with the exception of BPDU data) or learn MAC addresses. - Listening —The port is in Listening mode...

Spanning Tree Configuring Rapid Spanning Tree Settings 225 Cisco Small Business 300 Series Managed Switch Administration Guide 13 - Designated —The interface through which the bridge is connected to the LAN, which provides the lowest cost path from the LAN to the Root Bridge. - Alternate —Provides a...

Spanning Tree Multiple Spanning Tree Cisco Small Business 300 Series Managed Switch Administration Guide 226 13 Multiple Spanning Tree Multiple Spanning Tree Protocol (MSTP) is used to separate the STP port state between various domains (on different VLANs). For example, while port A is blocked in o...

Spanning Tree Mapping VL ANs to a MSTP Instance 227 Cisco Small Business 300 Series Managed Switch Administration Guide 13 Switches intended to be in the same MST region are never separated by switches from another MST region. If they are separated, the region becomes two separate regions. This mapp...

Spanning Tree Defining MSTP Instance Settings Cisco Small Business 300 Series Managed Switch Administration Guide 228 13 For those VLANs that are not explicitly mapped to one of the MST instances, the device automatically maps them to the CIST (Core and Internal Spanning Tree) instance. The CIST ins...

Spanning Tree Defining MSTP Interface Settings 229 Cisco Small Business 300 Series Managed Switch Administration Guide 13 • Included VLAN —Displays the VLANs mapped to the selected instance. The default mapping is that all VLANs are mapped to the common and internal spanning tree (CIST) instance 0)....

Spanning Tree Defining MSTP Interface Settings Cisco Small Business 300 Series Managed Switch Administration Guide 230 13 STEP 5 Enter the parameters. • Instance ID —Select the MST instance to be configured. • Interface —Select the interface for which the MSTI settings are to be defined. • Interface...

14 Cisco Small Business 300 Series Managed Switch Administration Guide 232 Managing MAC Address Tables This section describe how to add MAC addresses to the system. It covers the following topics: • Configuring Static MAC Addresses • Managing Dynamic MAC Addresses • Defining Reserved MAC Addresses T...

Managing MAC Address Tables Configuring Static MAC Addresses 233 Cisco Small Business 300 Series Managed Switch Administration Guide 14 Configuring Static MAC Addresses Static MAC addresses are assigned to a specific physical interface and VLAN on the device. If that address is detected on another i...

Managing MAC Address Tables Managing Dynamic MAC Addresses Cisco Small Business 300 Series Managed Switch Administration Guide 234 14 Managing Dynamic MAC Addresses The Dynamic Address Table (bridging table) contains the MAC addresses acquired by monitoring the source addresses of frames entering th...

Managing MAC Address Tables Defining Reserved MAC Addresses 235 Cisco Small Business 300 Series Managed Switch Administration Guide 14 Defining Reserved MAC Addresses When the device receives a frame with a Destination MAC address that belongs to a reserved range (per the IEEE standard), the frame c...

15 Cisco Small Business 300 Series Managed Switch Administration Guide 236 Multicast This section describes the Multicast Forwarding feature, and covers the following topics: • Multicast Forwarding • Defining Multicast Properties • Adding MAC Group Address • Adding IP Multicast Group Addresses • Con...

Multicast Defining Multicast Properties 239 Cisco Small Business 300 Series Managed Switch Administration Guide 15 If the device is enabled as an IGMP Querier, it starts after 60 seconds have passed with no IGMP traffic (queries) detected from a Multicast router. In the presence of other IGMP Querie...

Multicast Adding MAC Group Address 241 Cisco Small Business 300 Series Managed Switch Administration Guide 15 STEP 3 Click Apply . The Running Configuration file is updated. Adding MAC Group Address The device supports forwarding incoming Multicast traffic based on the Multicast group information. T...

Multicast Adding IP Multicast Group Addresses 243 Cisco Small Business 300 Series Managed Switch Administration Guide 15 Adding IP Multicast Group Addresses The IP Multicast Group Address page is similar to the MAC Group Address page except that Multicast groups are identified by IP addresses. The I...

Multicast Configuring IGMP Snooping Cisco Small Business 300 Series Managed Switch Administration Guide 244 15 • IP Source Address —Defines the source address to be included. STEP 6 Click Apply . The IP Multicast group is added, and the device is updated. STEP 7 To configure and display the registra...

Multicast MLD Snooping 247 Cisco Small Business 300 Series Managed Switch Administration Guide 15 • Operational Last Member Query Interval —Displays the Last Member Query Interval sent by the elected querier. • Immediate Leave —Enable Immediate Leave to decrease the time it takes to block a Multicas...

Multicast Querying IGMP/MLD IP Multicast Group 249 Cisco Small Business 300 Series Managed Switch Administration Guide 15 • Operational Query Robustness—Displays the robustness variable sent by the elected querier. • Query Interval —Enter the Query Interval value to be used by the device if the devi...

Multicast Defining Multicast Router Ports Cisco Small Business 300 Series Managed Switch Administration Guide 250 15 There might be a difference between information on this page and, for example, information displayed in the MAC Group Address page . Assuming that the system is in MAC-based groups an...

Multicast Defining Forward All Multicast 251 Cisco Small Business 300 Series Managed Switch Administration Guide 15 To statically configure or see dynamically-detected ports connected to the Multicast router: STEP 1 Click Multicast > Multicast Router Port . STEP 2 Enter some or all of following q...

Multicast Defining Unregistered Multicast Settings Cisco Small Business 300 Series Managed Switch Administration Guide 252 15 IGMP or MLD messages are not forwarded to ports defined as For ward All . NOTE The configuration affects only the ports that are members of the selected VLAN. To define Forwa...

Multicast Defining Unregistered Multicast Settings 253 Cisco Small Business 300 Series Managed Switch Administration Guide 15 You can select a port to receive or filter unregistered Multicast streams. The configuration is valid for any VLAN of which it is a member (or will be a member). This feature...

16 Cisco Small Business 300 Series Managed Switch Administration Guide 254 IP Configuration IP interface addresses can be configured manually by the user, or automatically configured by a DHCP server. This section provides information for defining the device IP addresses, either manually or by makin...

IP Configuration Overview 255 Cisco Small Business 300 Series Managed Switch Administration Guide 16 Layer 2 IP Addressing In Layer 2 system mode, the device has up to one IPv4 address and up to two IPv6 interfaces (either “native” interface or Tunnel) in the management VLAN. This IP address and the...

IP Configuration IPv4 Management and Interfaces Cisco Small Business 300 Series Managed Switch Administration Guide 256 16 • The system status LED changes to solid green when a new unique IP address is received from the DHCP server. If a static IP address has been set, the system status LED also cha...

IP Configuration IPv4 Management and Interfaces 257 Cisco Small Business 300 Series Managed Switch Administration Guide 16 Defining an IPv4 Interface in Layer 2 System Mode To manage the device by using the web-based configuration utility, the IPv4 device management IP address must be defined and kn...

IP Configuration IPv4 Management and Interfaces Cisco Small Business 300 Series Managed Switch Administration Guide 258 16 If a dynamic IP address is retrieved from the DHCP server, select those of the following fields that are enabled: • Renew IP Address Now —The device dynamic IP address can be re...

IP Configuration IPv4 Management and Interfaces 259 Cisco Small Business 300 Series Managed Switch Administration Guide 16 • IP Address —Configured IP address for the interface. • Mask —Configured IP address mask. • Status —Results of the IP address duplication check. - Tentative —There is no final ...

IP Configuration IPv4 Management and Interfaces Cisco Small Business 300 Series Managed Switch Administration Guide 260 16 IPv4 Routes When the device is in Layer 3 system mode, this page enables configuring and viewing IPv4 static routes on the device. When routing traffic, the next hop is decided ...

IP Configuration IPv4 Management and Interfaces 261 Cisco Small Business 300 Series Managed Switch Administration Guide 16 ARP The device maintains an ARP (Address Resolution Protocol) table for all known devices that reside in the IP subnets directly connected to it. A directly-connected IP subnet ...

IP Configuration IPv4 Management and Interfaces Cisco Small Business 300 Series Managed Switch Administration Guide 262 16 • Status —Whether the entry was manually entered or dynamically learned. STEP 4 Click Add . STEP 5 Enter the parameters: • IP Version —The IP address format supported by the hos...

IP Configuration IPv4 Management and Interfaces 263 Cisco Small Business 300 Series Managed Switch Administration Guide 16 STEP 3 Click Apply . The ARP proxy is enabled, and the Running Configuration file is updated. UDP Relay/IP Helper The UDP Relay/IP Helper feature is only available when the devi...

IP Configuration IPv4 Management and Interfaces Cisco Small Business 300 Series Managed Switch Administration Guide 264 16 A trusted port is a port that is connected to a DHCP server and is allowed to assign DHCP addresses. DHCP messages received on trusted ports are allowed to pass through the devi...

IP Configuration IPv4 Management and Interfaces 265 Cisco Small Business 300 Series Managed Switch Administration Guide 16 The following Option 82 options are available on the device: • DHCP Insertion - Add Option 82 information to packets that do not have foreign Option 82 information. • DHCP Passt...

IP Configuration IPv4 Management and Interfaces 269 Cisco Small Business 300 Series Managed Switch Administration Guide 16 The following describes how DHCP reply packets are handled when both DHCP Snooping and DHCP Relay are enabled DHCP Snooping Binding Database DHCP Snooping builds a database (kno...

IP Configuration IPv4 Management and Interfaces Cisco Small Business 300 Series Managed Switch Administration Guide 270 16 The DHCP Snooping Binding database is also used by IP Source Guard and Dynamic ARP Inspection features to determine legitimate packet sources. DHCP Trusted Ports Ports can be ei...

IP Configuration IPv4 Management and Interfaces 271 Cisco Small Business 300 Series Managed Switch Administration Guide 16 STEP 6 Device forwards DHCPOFFER, DHCPACK, or DHCPNAK. The following summarizes how DHCP packets are handled from both trusted and untrusted ports. The DHCP Snooping Binding dat...

IP Configuration IPv4 Management and Interfaces Cisco Small Business 300 Series Managed Switch Administration Guide 272 16 DHCP Snooping Along With DHCP Relay If both DHCP Snooping and DHCP Relay are globally enabled, then if DHCP Snooping is enabled on the client's VLAN, DHCP Snooping rules contain...

IP Configuration IPv4 Management and Interfaces 273 Cisco Small Business 300 Series Managed Switch Administration Guide 16 STEP 1 Enable DHCP Snooping and/or DHCP Relay in the IP Configuration > DHCP > Properties page or in the Security > DHCP Snooping > Properties page. STEP 2 Define th...

IP Configuration IPv4 Management and Interfaces Cisco Small Business 300 Series Managed Switch Administration Guide 274 16 STEP 2 Click Apply. The settings are written to the Running Configuration file. STEP 3 To define a DHCP server, click Add . STEP 4 Enter the IP address of the DHCP server and cl...

IP Configuration IPv4 Management and Interfaces 275 Cisco Small Business 300 Series Managed Switch Administration Guide 16 DHCP Snooping Binding Database See How the DHCP Snooping Binding Database is Built for a description of how dynamic entries are added to the DHCP Snooping Binding database. Note...

IP Configuration DHCP Server Cisco Small Business 300 Series Managed Switch Administration Guide 276 16 STEP 4 Click Apply. The settings are defined, and the device is updated. DHCP Server The DHCPv4 Server feature enables you to configure the device as a DHCPv4 server. A DHCPv4 server is used to as...

IP Configuration DHCP Server 277 Cisco Small Business 300 Series Managed Switch Administration Guide 16 The following options can be set with the generic DHCP option CLI command: • Integer type: 2, 13, 22, 26, 24, 25, 35, 38 • ASCII type: 14, 17, 18, 40, 43, 47, 64 • IP Address type: 16, 28, 32 • IP...

IP Configuration DHCP Server Cisco Small Business 300 Series Managed Switch Administration Guide 278 16 Dependencies Between Features • A single interface cannot be configured as both a DHCPv4 client and DHCPv4 server at the same time. • If DHCPv4 Relay is enabled, the device cannot be configured as...

IP Configuration DHCP Server 279 Cisco Small Business 300 Series Managed Switch Administration Guide 16 STEP 5 View the allocated IP addresses using the Address Binding page. IP addresses can be deleted in this page. DHCPv4 Server To configure the device as a DHCPv4 server: STEP 1 Click IP Configura...

IP Configuration DHCP Server Cisco Small Business 300 Series Managed Switch Administration Guide 280 16 • Pool Name—Enter the pool name. • Subnet IP Address—Enter the subnet in which the network pool resides. • Mask—Enter one of following: - Network Mask—Check and enter the pool’s network mask. - Pr...

IP Configuration DHCP Server 281 Cisco Small Business 300 Series Managed Switch Administration Guide 16 - Mixed —A combination of b-node and p-node communications is used to register and resolve NetBIOS names. M-node first uses b-node; then, if necessary, p-node. M-node is typically not the best cho...

IP Configuration DHCP Server 283 Cisco Small Business 300 Series Managed Switch Administration Guide 16 - Hybrid —A hybrid combination of b-node and p-node is used. When configured to use h-node, a computer always tries p-node first and uses b-node only if p-node fails. This is the default. - Mixed ...

IP Configuration IPv6 Management and Interfaces Cisco Small Business 300 Series Managed Switch Administration Guide 284 16 • Lease Expiration—The lease expiration date and time of the host’s IP address or Infinite is such was the lease duration defined. • Type—The manner in which the IP address was ...

IP Configuration IPv6 Management and Interfaces 285 Cisco Small Business 300 Series Managed Switch Administration Guide 16 IPv6 Global Configuration To define IPv6 global parameters and DHCPv6 client settings: STEP 1 In Layer 2 system mode, click Administration > Management Interface > IPv6 Gl...

IP Configuration IPv6 Management and Interfaces 287 Cisco Small Business 300 Series Managed Switch Administration Guide 16 • Send ICMPv6 Messages —Enable generating unreachable destination messages. STEP 6 Click Apply to enable IPv6 processing on the selected interface. Regular IPv6 interfaces have ...

IP Configuration IPv6 Management and Interfaces Cisco Small Business 300 Series Managed Switch Administration Guide 288 16 • Received Information Refresh Time —Refresh time received from DHCPv6 server. • Remaining Information Refresh Time —Remaining time until next refresh. • DNS Servers —List of DN...

IP Configuration IPv6 Management and Interfaces 289 Cisco Small Business 300 Series Managed Switch Administration Guide 16 Configuring Tunnels NOTE To configure a tunnel, first configure an IPv6 interface as a tunnel in the IPv6 Interfaces page. To configure an IPv6 tunnel: STEP 1 In Layer 2 system ...

IP Configuration IPv6 Management and Interfaces 291 Cisco Small Business 300 Series Managed Switch Administration Guide 16 is specified in hexadecimal format by using 16-bit values separated by colons.You cannot configure an IPv6 addresses directly on an ISATAP tunnel interface. • Prefix Length —The...

IP Configuration IPv6 Management and Interfaces Cisco Small Business 300 Series Managed Switch Administration Guide 292 16 In Layer 3 system mode, click IP Configuration > IPv6 Management and Interfaces > IPv6 Default Router List . This page displays the following fields for each default route...

IP Configuration IPv6 Management and Interfaces 293 Cisco Small Business 300 Series Managed Switch Administration Guide 16 Defining IPv6 Neighbors Information The IPv6 Neighbors page enables configuring and viewing the list of IPv6 neighbors on the IPv6 interface. The IPv6 Neighbor Table (also known...

IP Configuration IPv6 Management and Interfaces Cisco Small Business 300 Series Managed Switch Administration Guide 294 16 - Stale —Previously-known neighbor is unreachable. No action is taken to verify its reachability until traffic must be sent. - Delay —Previously-known neighbor is unreachable. T...

IP Configuration IPv6 Management and Interfaces 295 Cisco Small Business 300 Series Managed Switch Administration Guide 16 STEP 1 Click Administration > Management Interface > IPv6 Routes . -or To view IPv6 routing entries in Layer 3 system mode: Click IP Configuration > IPv6 Management and...

IP Configuration IPv6 Management and Interfaces Cisco Small Business 300 Series Managed Switch Administration Guide 296 16 - Static —The entry was manually configured by a user. DHCPv6 Relay DHCPv6 Relay is used for relaying DHCPv6 messages to DHCPv6 servers. It is defined in RFC 3315. When the DHCP...

IP Configuration Domain Name 297 Cisco Small Business 300 Series Managed Switch Administration Guide 16 • DHCPv6 Server IP Address —Enter the address of the DHCPv6 server to which packets are forwarded. • IPv6 Interface —Enter the interface on which packets are transmitted when the address type of t...

IP Configuration Domain Name 299 Cisco Small Business 300 Series Managed Switch Administration Guide 16 • Preference —Each server has a preference value, a lower value means a higher chance of being used. • Source —Source of the server ’s IP address (static or DHCPv4 or DHCPv6) • Interface —Interfac...

IP Configuration Domain Name Cisco Small Business 300 Series Managed Switch Administration Guide 300 16 • Source —Source of the server ’s IP address (static or DHCPv4 or DHCPv6) for this domain. • Interface —Interface of the server ’s IP address for this domain. • Preference—This is the order in whi...

17 Cisco Small Business 300 Series Managed Switch Administration Guide 302 Security This section describes device security and access control. The system handles various types of security. The following list of topics describes the various types of security features described in this section. Some f...

Security Defining Users 303 Cisco Small Business 300 Series Managed Switch Administration Guide 17 • Configuring RADIUS • Configuring Port Security • Configuring 802.1X • Defining Time Ranges Protection from other network users is described in the following sections. These are attacks that pass thro...

Security Defining Users Cisco Small Business 300 Series Managed Switch Administration Guide 304 17 STEP 1 Click Administration > User Accounts . This page displays the users defined in the system and their user privilege level. STEP 2 Select Password Recovery Service to enable this feature. When ...

Security Defining Users 305 Cisco Small Business 300 Series Managed Switch Administration Guide 17 STEP 5 Click Apply . The user is added to the Running Configuration file of the device. Setting Password Complexity Rules Passwords are used to authenticate users accessing the device. Simple passwords...

Security Configuring TACACS+ 307 Cisco Small Business 300 Series Managed Switch Administration Guide 17 • Accounting—Enable accounting of login sessions using the TACACS+ server. This enables a system administrator to generate accounting reports from the TACACS+ server. In addition to providing auth...

Security Configuring TACACS+ Cisco Small Business 300 Series Managed Switch Administration Guide 308 17 Defaults The following defaults are relevant to this feature: • No default TACACS+ server is defined by default. • If you configure a TACACS+ server, the accounting feature is disabled by default....

Security Configuring TACACS+ 309 Cisco Small Business 300 Series Managed Switch Administration Guide 17 STEP 1 Click Security > TACACS+ . STEP 2 Enable TACACS+ Accounting if required. See explanation in the Accounting Using a TACACS+ Server section. STEP 3 Enter the following default parameters: ...

Security Configuring RADIUS 311 Cisco Small Business 300 Series Managed Switch Administration Guide 17 Configuring RADIUS Remote Authorization Dial-In User Service (RADIUS) servers provide a centralized 802.1X or MAC-based network access control. The device is a RADIUS client that can use a RADIUS s...

Security Configuring RADIUS Cisco Small Business 300 Series Managed Switch Administration Guide 312 17 Interactions With Other Features You cannot enable accounting on both a RADIUS and TACACS+ server. Radius Workflow To user a RADIUS server, do the following: STEP 1 Open an account for the device o...

Security Configuring Management Access Authentication 315 Cisco Small Business 300 Series Managed Switch Administration Guide 17 STEP 6 To display sensitive data in plaintext form in the configuration file, click Display Sensitive Data As Plaintext . STEP 7 Click Apply . The RADIUS server definition...

Security Defining Management Access Method Cisco Small Business 300 Series Managed Switch Administration Guide 316 17 • Local —Username and password are checked against the data stored on the local device. These username and password pairs are defined in the User Accounts page. NOTE The Local or Non...

Security Defining Management Access Method 317 Cisco Small Business 300 Series Managed Switch Administration Guide 17 • Source IP Address —IP addresses or subnets. Access to management methods might differ among user groups. For example, one user group might be able to access the device module only ...

Security SSL Server 321 Cisco Small Business 300 Series Managed Switch Administration Guide 17 • Interface —Enter the interface number. • Applies to Source IP Address —Select the type of source IP address to which the access profile applies. The Source IP Address field is valid for a subnetwork. Sel...

Security SSL Server Cisco Small Business 300 Series Managed Switch Administration Guide 322 17 To open an HTTPS session with a user-created certificate, perform the following actions: 1. Generate a certificate. 2. Request that the certificate be certified by a CA. 3. Import the signed certificate in...

Security Configuring TCP/UDP Services Cisco Small Business 300 Series Managed Switch Administration Guide 324 17 Configuring TCP/UDP Services The TCP/UDP Services page enables TCP or UDP-based services on the device, usually for security reasons. The device offers the following TCP/UDP services: • H...

Security Defining Storm Control 325 Cisco Small Business 300 Series Managed Switch Administration Guide 17 • Remote IP Address —IP address of the remote device that is requesting the service. • Remote Port —TCP port of the remote device that is requesting the service. • State —Status of the service....

Security Configuring 802.1X 329 Cisco Small Business 300 Series Managed Switch Administration Guide 17 • Trap —Select to enable traps when a packet is received on a locked port. This is relevant for lock violations. For Classic Lock, this is any new address received. For Limited Dynamic Lock, this i...

Security Configuring 802.1X 331 Cisco Small Business 300 Series Managed Switch Administration Guide 17 delimiting characters (for example: aaccbb55ccff). To use MAC-based authentication at a port: - A Guest VLAN must be defined - The port must be Guest VLAN enabled. - The packets from the first supp...

Security Configuring 802.1X Cisco Small Business 300 Series Managed Switch Administration Guide 334 17 Configuring Unauthenticated VL ANs When a port is 802.1x-enabled, unauthorized ports or devices are not allowed to access a VLAN unless the VLAN is a Guest VLAN or an unauthenticated VLAN. You can ...

Security Configuring 802.1X 337 Cisco Small Business 300 Series Managed Switch Administration Guide 17 • Resending EAP —Enter the number of seconds that the device waits for a response to an Extensible Authentication Protocol (EAP) request/identity frame from the supplicant (client) before resending...

Security Defining Time Ranges 339 Cisco Small Business 300 Series Managed Switch Administration Guide 17 - Shutdown —Discards the packets and shuts down the port. The ports remains shut down until reactivated, or until the device is rebooted. • Traps (on single host violation)—Select to enable traps...

Security Denial of Service Prevention Cisco Small Business 300 Series Managed Switch Administration Guide 340 17 Denial of Service Prevention A Denial of Service (DoS) attack is a hacker attempt to make a device unavailable to its users. DoS attacks saturate the device with external communication re...

Security Denial of Service Prevention 341 Cisco Small Business 300 Series Managed Switch Administration Guide 17 • Martian Addresses—Martian addresses are illegal from the point of view of the IP protocol. See Martian Addresses for more details. • ICMP Attack—Sending malformed ICMP packets or overwh...

Security Denial of Service Prevention Cisco Small Business 300 Series Managed Switch Administration Guide 342 17 • Prevent TCP connections from a specific interface (SYN Filtering page) and rate limit the packets (SYN Rate Protection page) • Configure the blocking of certain ICMP packets (ICMP Filte...

Security Denial of Service Prevention Cisco Small Business 300 Series Managed Switch Administration Guide 344 17 SYN Protection The network ports might be used by hackers to attack the device in a SYN attack, which consumes TCP resources (buffers) and CPU power. Since the CPU is protected using SCT,...

Security Denial of Service Prevention Cisco Small Business 300 Series Managed Switch Administration Guide 346 17 STEP 3 To add a Martian address click Add . STEP 4 Enter the parameters. • IP Version —Indicates the supported IP version. Currently, support is only offered for IPv4. • IP Address —Enter...

Security Denial of Service Prevention 347 Cisco Small Business 300 Series Managed Switch Administration Guide 17 - User Defined —Enter a port number. - All Por ts —Select to indicate that all ports are filtered. STEP 4 Click Apply . The SYN filter is defined, and the Running Configuration file is up...

Security Denial of Service Prevention Cisco Small Business 300 Series Managed Switch Administration Guide 348 17 STEP 4 Click Apply . The SYN rate protection is defined, and the Running Configuration is updated. ICMP Filtering The ICMP Filtering page enables the blocking of ICMP packets from certain...

Security IP Source Guard 349 Cisco Small Business 300 Series Managed Switch Administration Guide 17 • Interface —Select the interface on which the IP fragmentation is being defined. • IP Address —Enter an IP network from which the fragmented IP packets is filtered or select All Addresses to block IP...

Security IP Source Guard Cisco Small Business 300 Series Managed Switch Administration Guide 350 17 - The interface is DHCP untrusted. All packets on trusted ports are forwarded. • If a port is DHCP trusted, filtering of static IP addresses can be configured, even though IP Source Guard is not activ...

Security IP Source Guard 351 Cisco Small Business 300 Series Managed Switch Administration Guide 17 STEP 5 Enable IP Source Guard on the untrusted interfaces as required in the Security > IP Source Guard > Interface Settings page. STEP 6 View entries to the Binding database in the Security >...

Security IP Source Guard Cisco Small Business 300 Series Managed Switch Administration Guide 352 17 Binding Database IP Source Guard uses the DHCP Snooping Binding database to check packets from untrusted ports. If the device attempts to write too many entries to the DHCP Snooping Binding database, ...

Security Dynamic ARP Inspection 353 Cisco Small Business 300 Series Managed Switch Administration Guide 17 - No Snoop VL AN —DHCP Snooping is not enabled on the VLAN. - Trusted Por t —Port has become trusted. - Resource Problem —TCAM resources are exhausted. To see a subset of these entries, enter t...

Security Dynamic ARP Inspection Cisco Small Business 300 Series Managed Switch Administration Guide 354 17 Hosts A, B, and C are connected to the switch on interfaces A, B and C, all of which are on the same subnet. Their IP, MAC addresses are shown in parentheses; for example, Host A uses IP addres...

Security Dynamic ARP Inspection 355 Cisco Small Business 300 Series Managed Switch Administration Guide 17 • If a packet is valid, it is forwarded and the ARP cache is updated. If the ARP Packet Validation option is selected (Properties page), the following additional validation checks are performed...

Security Dynamic ARP Inspection Cisco Small Business 300 Series Managed Switch Administration Guide 356 17 ARP Inspection Work Flow To configure ARP Inspection: STEP 1 Enable ARP Inspection and configure various options in the Security > ARP Inspection > Properties page. STEP 2 Configure inter...

Security Dynamic ARP Inspection 357 Cisco Small Business 300 Series Managed Switch Administration Guide 17 - Never —Disabled SYSLOG dropped packet messages. STEP 2 Click Apply. The settings are defined, and the Running Configuration file is updated. Defining Dynamic ARP Inspection Interfaces Setting...

Security Dynamic ARP Inspection Cisco Small Business 300 Series Managed Switch Administration Guide 358 17 STEP 4 Click Apply. The settings are defined, and the Running Configuration file is updated. Defining ARP Inspection Access Control Rules To add more rules to a previously-created ARP Access Co...

18 Cisco Small Business 300 Series Managed Switch Administration Guide 360 Security: Secure Sensitive Data Management Secure Sensitive Data (SSD) is an architecture that facilitates the protection of sensitive data on a device, such as passwords and keys. The facility makes use of passphrases, encry...

Security: Secure Sensitive Data Management SSD Rules 361 Cisco Small Business 300 Series Managed Switch Administration Guide 18 SSD grants read permission to sensitive data only to authenticated and authorized users, and according to SSD rules. A device authenticates and authorizes management access...

Security: Secure Sensitive Data Management SSD Rules Cisco Small Business 300 Series Managed Switch Administration Guide 362 18 NOTE A device may not support all the channels defined by SSD. Elements of an SSD Rule An SSD rule includes the following elements: • User type—The user types supported in ...

Security: Secure Sensitive Data Management SSD Rules Cisco Small Business 300 Series Managed Switch Administration Guide 364 18 * The Read mode of a session can be temporarily changed in the SSD Properties page if the new read mode does not violate the read permission. NOTE Note the following: • The...

Security: Secure Sensitive Data Management SSD Rules 365 Cisco Small Business 300 Series Managed Switch Administration Guide 18 NOTE When doing a file transfer initiated by an XML or SNMP command, the underlying protocol used is TFTP. Therefore, the SSD rule for insecure channel will apply. SSD Rule...

Security: Secure Sensitive Data Management SSD Properties Cisco Small Business 300 Series Managed Switch Administration Guide 366 18 The default rules can be modified, but they cannot be deleted. If the SSD default rules have been changed, they can be restored. SSD Default Read Mode Session Override...

Security: Secure Sensitive Data Management SSD Properties 367 Cisco Small Business 300 Series Managed Switch Administration Guide 18 Passphrase A passphrase is the basis of the security mechanism in the SSD feature, and is used to generate the key for the encryption and decryption of sensitive data....

Security: Secure Sensitive Data Management SSD Properties Cisco Small Business 300 Series Managed Switch Administration Guide 368 18 automatically changed to the passphrase in the startup configuration file, when the startup configuration becomes the running configuration of the device. When a devic...

Security: Secure Sensitive Data Management Configuration Files 369 Cisco Small Business 300 Series Managed Switch Administration Guide 18 A device determines whether the integrity of a configuration file is protected by examining the File Integrity Control command in the file's SSD Control block. If...

Security: Secure Sensitive Data Management Configuration Files Cisco Small Business 300 Series Managed Switch Administration Guide 370 18 • A text-based configuration that does not include an SSD indicator is considered not to contain sensitive data. • The SSD indicator is used to enforce SSD read p...

Security: Secure Sensitive Data Management Configuration Files 371 Cisco Small Business 300 Series Managed Switch Administration Guide 18 • If there is a passphrase in the SSD control block of the source configuration file, the device will reject the source file, and the copy fails if there is encry...

Security: Secure Sensitive Data Management Configuration Files Cisco Small Business 300 Series Managed Switch Administration Guide 372 18 • When copied from a source file, the copy will fail if the passphrase in the source file is in plaintext. If the passphrase is encrypted, it is ignored. • When d...

Security: Secure Sensitive Data Management Configuration Files 373 Cisco Small Business 300 Series Managed Switch Administration Guide 18 • A user with Exclude permission cannot access mirror and backup configuration files with their file SSD indicator showing either encrypted or plaintext sensitive...

Security: Secure Sensitive Data Management SSD Management Channels Cisco Small Business 300 Series Managed Switch Administration Guide 374 18 If the device creating the configuration file is in Unrestricted passphrase control mode, the device includes the passphrase in the file. As a result, the use...

Security: Secure Sensitive Data Management Menu CLI and Password Recovery 375 Cisco Small Business 300 Series Managed Switch Administration Guide 18 Menu CLI and Password Recovery The Menu CLI interface is only allowed to users if their read permissions are Both or Plaintext Only. Other users are re...

Security: Secure Sensitive Data Management Configuring SSD 377 Cisco Small Business 300 Series Managed Switch Administration Guide 18 - Level 15— Indicates that this rule applies to all users with privilege level 15. - All— Indicates that this rule applies to all users. • Channel —This defines the s...

Security: Secure Sensitive Data Management Configuring SSD Cisco Small Business 300 Series Managed Switch Administration Guide 378 18 • Restore All Rules to Default— Restore all user-modified default rules to the default rule and remove all user-defined rules.

Security: SSH Client Protection Methods 381 Cisco Small Business 300 Series Managed Switch Administration Guide 19 When files are downloaded via TFTP or HTTP, the data transfer is unsecured. When files are downloaded via SCP, the information is downloaded from the SCP server to the device via a secu...

Security: SSH Client Protection Methods Cisco Small Business 300 Series Managed Switch Administration Guide 382 19 The username/password must then be created on the device. When data is transferred from the server to the device, the username/password supplied by the device must match the username/pa...

Security: SSH Client SSH Server Authentication 383 Cisco Small Business 300 Series Managed Switch Administration Guide 19 When a private key is created on a device, it is also possible to create an associated passphrase . This passphrase is used to encrypt the private key and to import it into the r...

Security: SSH Client SSH Client Authentication Cisco Small Business 300 Series Managed Switch Administration Guide 384 19 SSH Client Authentication SSH client authentication by password is enabled by default, with the username/password being “anonymous”. The user must configure the following informa...

Security: SSH Client Before You Begin 385 Cisco Small Business 300 Series Managed Switch Administration Guide 19 Before You Begin The following actions must be performed before using the SCP feature: • When using the password authentication method, a username/password must be set up on the SSH serve...

Security: SSH Client Common Tasks Cisco Small Business 300 Series Managed Switch Administration Guide 386 19 STEP 4 If the public/private key method is being used, perform the following steps: a. Select whether to use an RSA or DSA key, create a username and then generate the public/private keys. b....

Security: SSH Client SSH Client Configuration Through the GUI 387 Cisco Small Business 300 Series Managed Switch Administration Guide 19 SSH Client Configuration Through the GUI This section describes the pages used to configure the SSH Client feature. SSH User Authentication Use this page to select...

Security: SSH Client SSH Client Configuration Through the GUI Cisco Small Business 300 Series Managed Switch Administration Guide 388 19 • Key Source —Auto Generated or User Defined. • Fingerprint —Fingerprint generated from the key. STEP 6 To handle an RSA or DSA key, select either RSA or DSA and p...

Security: SSH Server Common Tasks 391 Cisco Small Business 300 Series Managed Switch Administration Guide 20 Common Tasks This section describes some common tasks performed using the SSH Server feature. Workflow1: To logon to the device over S SH using the device’s automatically-created (default) ke...

Security: SSH Server SSH Server Configuration Pages Cisco Small Business 300 Series Managed Switch Administration Guide 392 20 SSH Server Configuration Pages This section describes the pages used to configure the SSH Server feature. SSH User Authentication Use the SSH User Authentication page to ena...

Security: SSH Server SSH Server Configuration Pages Cisco Small Business 300 Series Managed Switch Administration Guide 394 20 STEP 3 You can perform any of the following actions: • Generate —Generates a key of the selected type. • Edit —Enables you to copy in a key from another device. • Delete —En...

21 Cisco Small Business 300 Series Managed Switch Administration Guide 396 Access Control The Access Control List (ACL) feature is part of the security mechanism. ACL definitions serve as one of the mechanisms to define traffic flows that are given a specific Quality of Service (QoS). For more infor...

Access Control Access Control Lists 397 Cisco Small Business 300 Series Managed Switch Administration Guide 21 When a packet matches an ACE filter, the ACE action is taken and that ACL processing is stopped. If the packet does not match the ACE filter, the next ACE is processed. If all ACEs of an AC...

Access Control Defining MAC-based ACLs Cisco Small Business 300 Series Managed Switch Administration Guide 398 21 Creating ACLs Workflow To create ACLs and associate them with an interface, perform the following: 1. Create one or more of the following types of ACLs: a. MAC-based ACL by using the MAC...

Access Control Defining MAC-based ACLs 399 Cisco Small Business 300 Series Managed Switch Administration Guide 21 MAC-based ACLs are defined in the MAC Based ACL page. The rules are defined in the MAC Based ACE page . To define a MAC-based ACL: STEP 1 Click Access Control > MAC-Based ACL . This p...

Access Control IPv4-based ACLs 401 Cisco Small Business 300 Series Managed Switch Administration Guide 21 IPv4-based ACLs IPv4-based ACLs are used to check IPv4 packets, while other types of frames, such as ARPs, are not checked. The following fields can be matched: • IP protocol (by name for well-k...

Access Control IPv4-based ACLs 403 Cisco Small Business 300 Series Managed Switch Administration Guide 21 - UDP —User Datagram Protocol - HMP —Host Mapping Protocol - RDP —Reliable Datagram Protocol. - IDPR —Inter-Domain Policy Routing Protocol - IPV6 —IPv6 over IPv4 tunneling - IPV6:ROUT —Matches p...

Access Control IPv6-Based ACLs 405 Cisco Small Business 300 Series Managed Switch Administration Guide 21 - IP Precedence to M atch —IP precedence is a model of TOS (type of service) that the network uses to help provide the appropriate QoS commitments. This model uses the 3 most significant bits of...

Access Control IPv6-Based ACLs Cisco Small Business 300 Series Managed Switch Administration Guide 406 21 NOTE ACLs are also used as the building elements of flow definitions for per-flow QoS handling (see QoS Advanced Mode ). Defining an IPv6-based ACL To define an IPv6-based ACL: STEP 1 Click Acce...

Access Control Defining ACL Binding 409 Cisco Small Business 300 Series Managed Switch Administration Guide 21 Defining ACL Binding When an ACL is bound to an interface, its ACE rules are applied to packets arriving at that interface. Packets that do not match any of the ACEs in the ACL are matched ...

Access Control Defining ACL Binding Cisco Small Business 300 Series Managed Switch Administration Guide 410 21 • Permit Any —Select one of the following options: - . Disable (Deny Any) —If packet does not match an ACL, it is denied (dropped). - Enable —If packet does not match an ACL, it is permitte...

22 Cisco Small Business 300 Series Managed Switch Administration Guide 412 Quality of Service The Quality of Service feature is applied throughout the network to ensure that network traffic is prioritized according to required criteria and the desired traffic receives preferential treatment. This se...

Quality of Service QoS Features and Components 413 Cisco Small Business 300 Series Managed Switch Administration Guide 22 QoS Features and Components The QoS feature is used to optimize network performance. QoS provides the following: • Classification of incoming traffic to traffic classes, based on...

Quality of Service QoS Features and Components Cisco Small Business 300 Series Managed Switch Administration Guide 414 22 The header field to be trusted is entered in the Global Settings page. For every value of that field, an egress queue is assigned where the frame is sent in the CoS/802.1p to Que...

Quality of Service Configuring QoS - General 415 Cisco Small Business 300 Series Managed Switch Administration Guide 22 STEP 3 Assign the schedule method (Strict Priority or WRR) and bandwidth allocation for WRR to the egress queues by using the Queue page. STEP 4 Designate an egress queue to each I...

Quality of Service Configuring QoS - General Cisco Small Business 300 Series Managed Switch Administration Guide 416 22 Setting QoS Properties To select the QoS mode: STEP 1 Click Quality of Service > General > QoS Properties . STEP 2 Set the QoS mode. The following options are available: • Di...

Quality of Service Configuring QoS - General 417 Cisco Small Business 300 Series Managed Switch Administration Guide 22 Configuring QoS Queues The device supports either 4 or 8 queues for each interface (selected in the System Mode and Stack Management page). Queue number four or eight is the highes...

Quality of Service Configuring QoS - General 419 Cisco Small Business 300 Series Managed Switch Administration Guide 22 Default Mapping for 8 Queues By changing the CoS/802.1p to Queue mapping (CoS/802.1p to Queue) and the Queue schedule method and bandwidth allocation (Queue page), it is possible t...

Quality of Service Configuring QoS - General Cisco Small Business 300 Series Managed Switch Administration Guide 420 22 • The device is in QoS Basic mode and CoS/802.1p trusted mode • The device is in QoS Advanced mode and the packets belong to flows that are CoS/802.1p trusted Queue 1 has the lowes...

Quality of Service Configuring QoS - General 423 Cisco Small Business 300 Series Managed Switch Administration Guide 22 To map DSCP to queues: STEP 1 Click Quality of Service > General > DSCP to Queue . The DSCP to Queue page contains Ingress DSCP . It displays the DSCP value in the incoming p...

Quality of Service Configuring QoS - General 425 Cisco Small Business 300 Series Managed Switch Administration Guide 22 Configuring Egress Shaping per Queue In addition to limiting transmission rate per port, which is done in the Bandwidth page, the device can limit the transmission rate of selected...

Quality of Service QoS Basic Mode 427 Cisco Small Business 300 Series Managed Switch Administration Guide 22 TCP Congestion Avoidance The TCP Congestion Avoidance page enables activating a TCP congestion avoidance algorithm. The algorithm breaks up or avoids TCP global synchronization in a congested...

Quality of Service QoS Basic Mode Cisco Small Business 300 Series Managed Switch Administration Guide 428 22 Configuring Global Settings The Global Settings page contains information for enabling Trust on the device (see the Trust Mode field below). This configuration is active when the QoS mode is ...

Quality of Service QoS Advanced Mode 429 Cisco Small Business 300 Series Managed Switch Administration Guide 22 Interface QoS Settings The Interface Settings page enables configuring QoS on each port of the device, as follows: QoS State Disabled on an Interface —All inbound traffic on the port is ma...

Quality of Service QoS Advanced Mode 431 Cisco Small Business 300 Series Managed Switch Administration Guide 22 Workflow to Configure Advanced QoS Mode To configure Advanced QoS mode, perform the following: 1. Select Advanced mode for the system by using the QoS Properties page . Select the Trust Mo...

Quality of Service QoS Advanced Mode Cisco Small Business 300 Series Managed Switch Administration Guide 432 22 • CoS/802.1p —Traffic is mapped to queues based on the VPT field in the VLAN tag, or based on the per-port default CoS/802.1p value (if there is no VLAN tag on the incoming packet), the ac...

Quality of Service QoS Advanced Mode 433 Cisco Small Business 300 Series Managed Switch Administration Guide 22 If the exceed action is Out of Profile DSCP, the device remaps the original DSCP value of the out-of-profile IP packets with a new value based on the Out of Profile DSCP Mapping Table. The...

Quality of Service QoS Advanced Mode 435 Cisco Small Business 300 Series Managed Switch Administration Guide 22 • MAC —Select the MAC based ACL for the class map. • Preferred ACL —Select whether packets are first matched to an IP-based ACL or a MAC-based ACL. STEP 4 Click Apply . The Running Configu...

Quality of Service QoS Advanced Mode Cisco Small Business 300 Series Managed Switch Administration Guide 436 22 Each policer is defined with its own QoS specification with a combination of the following parameters: • A maximum allowed rate, called a Committed Information Rate (CIR), measured in Kbps...

Quality of Service QoS Advanced Mode Cisco Small Business 300 Series Managed Switch Administration Guide 438 22 STEP 4 Click Apply . The QoS policy profile is added, and the Running Configuration file is updated. Policy Class Maps One or more class maps can be added to a policy. A class map defines ...

Quality of Service Managing QoS Statistics Cisco Small Business 300 Series Managed Switch Administration Guide 440 22 Policy Binding The Policy Binding page shows which policy profile is bound and to which port. When a policy profile is bound to a specific port, it is active on that port. Only one p...

Quality of Service Managing QoS Statistics 441 Cisco Small Business 300 Series Managed Switch Administration Guide 22 Policer Statistics A Single Policer is bound to a class map from a single policy. An Aggregate Policer is bound to one or more class maps from one or more policies. Viewing Single Po...

Quality of Service Managing QoS Statistics Cisco Small Business 300 Series Managed Switch Administration Guide 442 22 Viewing Aggregated Policer Statistics To view aggregated policer statistics: STEP 1 Click Quality of Service > QoS Statistics > Aggregate Policer Statistics . This page display...

23 Cisco Small Business 300 Series Managed Switch Administration Guide 446 SNMP This section describes the Simple Network Management Protocol (SNMP) feature that provides a method for managing network devices. It covers the following topics: • SNMP Versions and Workflow • Model OIDs • SNMP Engine ID...

SNMP SNMP Versions and Workflow 447 Cisco Small Business 300 Series Managed Switch Administration Guide 23 SNMPv1 and v2 To control access to the system, a list of community entries is defined. Each community entry consists of a community strin g and its access privilege. The system responds only to...

SNMP SNMP Versions and Workflow Cisco Small Business 300 Series Managed Switch Administration Guide 448 23 If you decide to use SNMPv1 or v2: STEP 1 Navigate to the SNMP -> Communities page and click Add. The community can be associated with access rights and a view in Basic mode or with a group ...

SNMP Model OIDs 449 Cisco Small Business 300 Series Managed Switch Administration Guide 23 STEP 7 Define a notification recipient(s) by using the Notification Recipients SNMPv3 page. Supported MIBs For a list of supported MIBs, visit the following URL and navigate to the download area listed as Cisc...

SNMP SNMP Engine ID Cisco Small Business 300 Series Managed Switch Administration Guide 450 23 The private Object IDs are placed under: enterprises(1).cisco(9).otherEnterprises(6).ciscosb(1).switch001(101). SNMP Engine ID The Engine ID is used by SNMPv3 entities to uniquely identify them. An SNMP ag...

SNMP Configuring SNMP Views Cisco Small Business 300 Series Managed Switch Administration Guide 452 23 - Link Local —The IPv6 address uniquely identifies hosts on a single network link. A link local address has a prefix of FE80 , is not routable, and can be used for communication only on the local n...

SNMP Creating SNMP Groups 453 Cisco Small Business 300 Series Managed Switch Administration Guide 23 • Object ID Subtree —Select the node in the MIB tree that is included or excluded in the selected SNMP view. The options to select the object are as follows: - Select from list —Enables you to naviga...

SNMP Creating SNMP Groups Cisco Small Business 300 Series Managed Switch Administration Guide 454 23 • Privacy—SNMP frames can carry encrypted data. Thus, in SNMPv3, there are three levels of security: • No security (No authentication and no privacy) • Authentication (Authentication and no privacy) ...

SNMP Managing SNMP Users 455 Cisco Small Business 300 Series Managed Switch Administration Guide 23 - Authentication and Privacy —Authenticates SNMP messages, and encrypts them. • View —Associating a view with the read, write, and notify access privileges of the group limits the scope of the MIB tre...

SNMP Defining SNMP Communities 457 Cisco Small Business 300 Series Managed Switch Administration Guide 23 • Authentication Password —If authentication is accomplished by either a MD5 or a SHA password, enter the local user password in either Encrypted or Plaintext. Local user passwords are compared ...

SNMP Defining Trap Settings 459 Cisco Small Business 300 Series Managed Switch Administration Guide 23 Read Write—Management access is read-write. Changes can be made to the device configuration, but not to the community. SNMP Admin—User has access to all device configuration options, as well as per...

SNMP Notification Recipients Cisco Small Business 300 Series Managed Switch Administration Guide 460 23 Notification Recipients Trap messages are generated to report system events, as defined in RFC 1215. The system can generate traps defined in the MIB that it supports. Trap receivers (aka Notifica...

SNMP Notification Recipients Cisco Small Business 300 Series Managed Switch Administration Guide 462 23 Defining SNMPv3 Notification Recipients To define a recipient in SNMPv3: STEP 1 Click SNMP > Notification Recipients SNMPv3 . This page contains recipients for SNMPv3. STEP 2 Click Add. STEP 3 ...

SNMP SNMP Notification Filters 463 Cisco Small Business 300 Series Managed Switch Administration Guide 23 • User Name—Select from the drop-down list the user to whom SNMP notifications are sent. In order to receive notifications, this user must be defined on the SNMP User page, and its engine ID mus...