Manuel d'utilisation / d'entretien du produit SRW224G4K9AR du fabricant Cisco Systems
Aller à la page of 483
Cis c o Sm all Busine s s 300 S erie s Manage d Switch Administration Guide Releas e 1 .3 ADMINISTR A TION GUIDE.
Cisco Small Busine ss 300 Series Mana ged Switch Admin istration Guide 1 Con t en ts Chapter 1: Getting Started 1 Starting the Web-based Configuration Utility 1 Launching the Configuration Utility 2 H.
Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 2 Con te nt s Chapter 4: Administration: File Management 34 System Files 34 Upgrade/Backup Firmware/Language 37 Upgrade/Backing Fi.
Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 3 Con te nt s System Time Options 73 Time 73 Time Zone a nd Daylight Savings Time (DST) 74 SNTP Modes 74 Configuring System Time 7.
Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 4 Con te nt s Displaying LLDP Neighbors Information 108 Accessing LLDP Statistics 112 LLDP Overloading 113 Configuring CDP 115 Set.
Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 5 Con te nt s What is a Smartport 146 Smartport Types 146 Special Smartport Types 148 Smartport Macros 149 Applying a Smartport Ty.
Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 6 Con te nt s Chapter 12: VLAN Management 184 VLANs 184 Configuring De fault VLAN Settings 187 Creating VLANs 189 Configuring VLAN.
Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 7 Con te nt s Customer Port Mu lticast TV VLAN 214 Mapping CPE VLANs to Multicast TV VLANs 215 CPE Port Multicast VLAN Membership .
Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 8 Con te nt s MLD Snooping 247 Querying IGMP/MLD IP Multicast Group 249 Defining Multicast Router Ports 250 Defining Forward All M.
Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 9 Con te nt s DHCP Server 276 DHCP Options 276 Dependencies Between Features 278 Default Settings and Configurations 278 DHCPv4 Se.
Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 10 Con te nt s Interactions With Other Features 308 Workflow 308 Configuring a TACACS+ Server 308 Configuring RADIUS 311 Accountin.
Cisco Small Busine ss 300 Series Mana ged Switch Admin istration Guide 11 Con t en ts Default Configuration 342 Configuring DoS Prevention 342 Security Suite Settings 342 SYN Protection 344 Martian Ad.
Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 12 Con te nt s SSD Default Read Mode Session Override 366 SSD Properties 366 Passphrase 367 Default and User-defined Passphrases 3.
Cisco Small Busine ss 300 Series Mana ged Switch Admin istration Guide 13 Con t en ts SSH Client Configurat ion Through the GUI 387 SSH User Authentication 387 SSH Server Authentication 388 Modifying .
Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 14 Con te nt s Configuring Bandwidth 423 Configuring Egress Shaping per Queue 425 Configuring VLAN Ingress Rate Limit 425 TCP Cong.
Cisco Small Busine ss 300 Series Mana ged Switch Admin istration Guide 15 Con t en ts Configuring SNMP Views 452 Creating SNMP Groups 453 Managing SNMP Users 455 Defining SNMP Communities 457 Defining.
Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 16 Con te nt s.
1 Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 1 Get ting St ar te d This section provides an introduction to the web-bas ed configuration utilit y , and covers the f o llowin.
Get ting Star te d Star ting the Web-b ase d C on figura tion Utilit y Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 2 1 La unching the Configuration Utilit y T o open the web-bas ed configuration utilit y : STEP 1 Open a W eb br owser .
Getting Started Star ting the W eb -bas ed Configur a tion Utilit y 3 Cisco Small Business 300 S eries Ma nage d Swit ch Administration Guide 1 STEP 3 If this is the first time that you logged on with the default us er ID ( cis co ) and the default password ( cisco ) or your pas sword has ex pired, the Change Password Page appears.
Get ting Star te d Star ting the Web-b ase d C on figura tion Utilit y Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 4 1 Logging Out By default, the application logs out after t en minutes of inactivit y . Y ou can change this def ault value as described in the D efining Idle S es sion Time out section.
Getting Started Quick Star t D evice C on figura tion 5 Cisco Small Business 300 S eries Ma nage d Swit ch Administration Guide 1 Quick Star t D evic e C onfiguration T o simplify device configuration throug h quick navigation, the Getting Star ted page provides links t o the most commonly us ed pages .
Get ting Star te d In terface Naming Conventions Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 6 1 Inter face Naming C onven tions W ithin the GUI, int erface s ar e denot ed b.
Getting Started W indow Na vigat ion 7 Cisco Small Business 300 S eries Ma nage d Swit ch Administration Guide 1 Window Na viga tion This se ction describ es the f eatures of the web- base d switch configurati on utility. Applic a tion Header The Application Header a ppears on ev ery page.
Get ting Star te d W indow Naviga tion Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 8 1 Language Menu This menu provides the f ollowing options : • Sele ct a language: Sele ct one of the languages that appear in the menu. This language will be the web - base d configu ration utilit y language.
Getting Started W indow Na vigat ion 9 Cisco Small Business 300 S eries Ma nage d Swit ch Administration Guide 1 Management But tons The f ollowing table de scrib es the commonly-use d but t ons that appear on various pages in the system.
Get ting Star te d W indow Naviga tion Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 10 1 Cop y Sett in gs A table typically c ontains one or mor e entries containing configuration s ett ings.
Getting Started W indow Na vigat ion 11 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 1.
2 Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 12 St a tus and St a tistic s This sect ion describ es how to view device statistic s. It covers the f ollowin g t opics : • Viewing Ethernet Interfac e s • Viewing Etherlik e St a tistics • Viewing G VRP Statistics • Viewing 802.
Status and Statistics V iewing E therlike Sta tistics 13 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 2 - 15 Se c —Statistics are r efr eshed ever y 15 seconds . - 30 Se c —Statistics are r efr eshed ever y 30 seconds . - 60 Se c —Statistics are r efr eshed ever y 60 seconds .
Status and Statistic s V iewing E therlike Sta tist ics Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 14 2 STEP 1 Click Status and Sta tistics > Etherlike . STEP 2 Enter the paramet ers. • Interfac e —Sele ct the t ype of int er face and spe cific interface f or which Ethernet statistics are t o be display ed.
Status and Statistics V iewing G VRP Statis tic s 15 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 2 Viewing G VRP Sta tistic s The GVRP page displa ys inf ormation regarding GARP VLAN Registration Prot ocol (GV R P ) f r am e s th a t w e re s en t or re c e i ve d fro m a p o r t .
Status and Statistic s V iewing 802. 1 X E AP Sta tis tics Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 16 2 T o clear statistics counters: • Click Cle ar Interfac e Counters to clear the selected counters. • Click View All Inter fac es St a tistic s t o see all por ts on a single page.
Status and Statistics V iewing T CAM Utiliz a tion[ 17 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 2 • Invalid EAPOL Frames Re c eived —Un r ecog n i z ed EA POL fra m es r ece iv ed on this por t .
Status and Statistic s Managing RMON Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 18 2 • Non-IP Rule s - In Use —Numb er of T CAM entrie s used f or non-IP rule s. - Maximum —Number of available T CAM entries that can be us ed f or non- IP rules .
Status and Statistics Managing RMON 19 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 2 • Lat e collision event has not been detected.
Status and Statistic s Managing RMON Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 20 2 - Pack et has an in valid CRC. - Received (R x) Error E v ent has not been detected.
Status and Statistics Managing RMON 21 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 2 T o enter RMON control inf ormation: STEP 1 Click Sta tus and Statistics > RMON > Histor y . The fields display ed on this page ar e defined in the Add RMON Hist or y page, below .
Status and Statistic s Managing RMON Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 22 2 The fields are displa yed f or the s elected sample. • Ow n e r —Histor y table entr y owner . • Sam p l e N o . —Statistics wer e tak en fr om this sample.
Status and Statistics Managing RMON 23 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 2 • Alarms Page —Configur es the occurrences that trigger an alarm. T o define RMON events: STEP 1 Click Sta tus and Statistics > RMON > Events .
Status and Statistic s Managing RMON Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 24 2 Viewing the RMON Events Lo gs The Ev ent L og T able page displays the log of events (actions ) that occurred. T wo type s of events can be logged: Lo g or L og and T rap .
Status and Statistics Managing RMON 25 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 2 T o enter RMON alarms: STEP 1 Click Sta tus and Statistics > RMON > Alarms . All previously-defined alarms ar e display ed. The fields are describ ed in the Add RMON Alarm page b elow .
Status and Statistic s Managing RMON Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 26 2 • Inter val —Ent er the alarm interval time in s econds . • Ow n e r —Enter the name of the user or network management system that receives the alarm.
Status and Statistics Managing RMON 27 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 2.
3 Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 28 Administra tion: System Lo g This section de scribes the System L o g f eature, which enables the device to generat e several independent logs . Each log is a set of mes sage s descr ibing syst em events.
Administration: System Log Setting Syst em Log S e ttings 29 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 3 The event severity levels ar e list ed from the highest s everity to the lowest s everity , as f ollows : • Eme r g en cy —Syst em is no t usable.
Administration: System Lo g Setting Remo te L ogging S ettings Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 30 3 • Originator Identifier —Enable s adding an origin identifier to S YSL OG mes sages . The options ar e: - Non e —Do not include the origin identifier in S Y SL OG mes sage s.
Administration: System Log V iewing Memory Logs 31 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 3 - Link L ocal — The IP v6 address uniquely identifie s hosts on a single network link . A link local address has a prefix of FE80 , is not routable, and can be use d f or communication only on the local net work .
Administration: System Lo g Vi e w i n g M e m o r y L o g s Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 32 3 R AM Memor y The R AM Memor y pag e displays all mess ages that were sav ed in the R AM (cache) in chro nological order .
Administration: System Log V iewing Memory Logs 33 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 3.
4 Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 34 Administra tion: F ile Man agement This section de scribe s how syst em files are managed.
Administration: F ile Management Sys tem F iles 35 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 4 Configuration files on the device are defined by their ty p e , and contain the set tings and parameter values f o r the device.
Administration: File Management Syste m Files Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 36 4 Only the syst em can copy the Star tup Configuration to the Mirr or Configuration. However , you can copy fr om the Mirr or Configuration to other file typ es or t o another device.
Administration: F ile Management Upgrade/Backup Firmw are/Language 37 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 4 This se ction covers the f ollowing topics: • Upgrade/B.
Administration: File Management Upgrade/Backup Firm war e/Language Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 38 4 Up grade/B acking Firm ware or Language File T o up grade .
Administration: F ile Management Upgrade/Backup Firmw are/Language 39 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 4 • Link Loc al Interface —S elect the link lo cal int er face (if IP v6 is use d) fr om the list . • TFTP S er ver IP A ddress/Name —Enter the IP address or the domain name of the TFTP s er ver .
Administration: File Management Upgrade/Backup Firm war e/Language Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 40 4 Select one of the f ollowing Save Actions : • Up grade —Sp ecifies that the file type on th e device is t o be replace d with a new version of that file typ e located on a TF TP ser ver .
Administration: F ile Management Active I mage 41 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 4 • If SS H ser ver authentication is not enabled, the operation succee ds f or any SC P s e rv er . Ac tive Im age Ther e ar e two firmware images stor e d on the device.
Administration: File Management Download/B ackup Configur a tion/L og Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 42 4 • Restoring configuration files from an e x ternal device t o the device.
Administration: F ile Management D ownload/Backup Configura tion/Log 43 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 4 D ownlo ading or B acking-up a C onfiguration or Log Fi.
Administration: File Management Download/B ackup Configur a tion/L og Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 44 4 Ba c k u p Sa ve Ac t i on —Specifie s that a file t ype is to be copied t o a file on another device. Enter the f ollowing fields : a.
Administration: F ile Management D ownload/Backup Configura tion/Log 45 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 4 STEP 4 If y ou selected via HTTP /HTTPS , enter the parameters as describe d in this st ep. Sel ect t he Sa ve Act i on .
Administration: File Management Download/B ackup Configur a tion/L og Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 46 4 SSH Client Authentic a tion —Client authentication can be done in one of the fo l l o w i n g w a y s : • Us e S SH Client —Sets permanent S SH user credentials .
Administration: F ile Management Configura t ion Files Proper tie s 47 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 4 If Sa ve Ac t i o n is Bac kup (c opying a file t o anot.
Administration: File Management Cop y /Sav e Con figu r a tion Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 48 4 STEP 3 If r equired, select either the Star tup C o nfiguration, Backup Co nfiguration or both and click Clea r F iles to delet e these file s.
Administration: F ile Management DHCP Auto Configur a tion 49 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 4 STEP 3 Se lec t t he De stin a tion File Name t o be overwrit ten by the sour ce file. • If you ar e backing up a configuration file , select one of the f ollowing f ormats f or the b ackup file.
Administration: File Management DHCP Auto Con figur a tion Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 50 4 • After r eboot when an IP add r es s is allocated or r enewed dynamically (using DHCP v 4) . • Upon an explicit DHCP v 4 renewal request and if the device and the ser ver are configured to do so.
Administration: F ile Management DHCP Auto Configur a tion 51 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 4 extension ar e downlo aded using SC P , and files with the other extensions ar e downloaded using TF TP .
Administration: File Management DHCP Auto Con figur a tion Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 52 4 • If the DHCP ser ver did not send the se options and the backup TF TP /S CP ser ver addr es s paramet er is empty then: - For DHCP v4: SC P — The Auto Configuration proces s is halted.
Administration: F ile Management DHCP Auto Configur a tion 53 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 4 C onfiguring DHCP Auto C onfigura tion Wo rk f l ow T o configure DHCP Aut o Configuration. 1 . Configur e the DHCPv4 and/ or DHCP v6 ser vers to send the r equired options.
Administration: File Management DHCP Auto Con figur a tion Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 54 4 • Downlo ad Protoc ol— Select one of the f ollowing options : .
Administration: F ile Management DHCP Auto Configur a tion 55 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 4 - Global — The IP v6 address is a global Unicast IPV 6 typ e that is visible and reachable from other netw orks.
5 Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 56 Administra tion: General Inf orm a tion This section describ es how to view syst em inf ormation and configure various options on the device.
Administration: General Information Dev i ce Mod e l s 57 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 5 • FE is used f or F ast Ethernet ( 10/ 100) por ts . The f ollowing table de scrib es the various models , the number and t ype of por ts on them and their P oE inf ormation.
Administration: General Informa tion Syst em In f orma tion Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 58 5 System Information The Syst em Summar y page pro vides a graphic .
Administration: General Information Sys tem I n f orma ti on 59 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 5 Sy stem Inf ormation: • Sys te m Descri ptio n —A de scription of the system. • System Lo cation —Ph ysical location of the device.
Administration: General Informa tion Syst em In f orma tion Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 60 5 • Firm ware V ersion (Ac tive Image) —Firm war e version number of the active image. • Firm ware MD5 Checksum (Active Im age) —MD5 checksum of the active image.
Administration: General Information Cons ole Settings (Autobaud Ra te Suppor t) 61 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 5 • Host Name —S elect the ho st name of this device .
Administration: General Informa tion Reb o oti n g t he D e v ic e Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 62 5 Af te r A uto D ete c ti on i s e na b le d in th e C o nsole S et tings page, it can be activat ed by connecting the c onsole to the device and press the Enter k ey twice.
Administration: General Information Reb o ot in g t he D ev ic e 63 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 5 To r e b o o t t h e d e v i c e : STEP 1 Click Adm in ist ra tion > Reboot . STEP 2 Click one of the Reb oo t but t ons to reboot the device.
Administration: General Informa tion Routing R es ource s Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 64 5 Routing Re s ource s Use the Router R esources page to displa y T CAM allocation an d modify total T CAM size.
Administration: General Information Monitori ng F an Sta tus 65 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 5 Y ou must save y our curr ent configuration bef or e changing the T CAM Allo cation Setti ngs. NOTE A summar y of the T CAM entries actually in use and available is display ed at the bot tom of this page.
Administration: General Informa tion Monitori ng F an Sta tus Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 66 5 T o view the device health parameters, click Status and St atistics > He alth . The Health page displays the f ollowing fields : • Fan S t atu s —F an status.
Administration: General Information D e fining Idle Se ssion T ime out 67 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 5 D efining Idle S e s s ion Time out The Idle Ses sion.
Administration: General Informa tion Pinging a Ho st Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 68 5 • IP V e rsion —If the host is identified by its IP addr es s, sele ct either IP v 4 or IP v6 t o indicat e that it will be enter ed in the selected f ormat .
Administration: General Information T r aceroute 69 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 5 T rac eroute T rac er out e discovers the IP r outes along which pack ets wer e f or warded by sending an IP packet t o the target host and back t o the device.
Administration: General Informa tion T raceroute Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 70 5 A page appears showing the Round T rip T ime (RT T ) and status f or each trip in the fields : • Index —Displa ys the number of the hop.
Administration: General Information T r aceroute 71 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 5.
6 Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 72 Administra tion: Time S et tings Synchr onized syst em clocks provide a frame of ref erence bet ween all device s on the network .
Administration: Time Settings Sys tem T ime Op tions 73 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 6 System Time Options Syst em time can be se t manually by the us er , dynamically from an SNTP ser ver , or synchronized fr om the PC running the GUI.
Administ ra tion: Time Set tings SNTP Mode s Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 74 6 Time Zone and Da ylight Savings Time (DST ) The T ime Z one and DST can be set o.
Administration: Time Settings Configuring Syst em T ime 75 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 6 C onfiguring S ystem Time S elec ting S ource of Sy stem Time Use the Syst em T ime page t o select the system time source.
Administ ra tion: Time Set tings Configuring Sys tem T ime Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 76 6 Manual Set tings —Set the date and time manually . The local time is us ed when ther e is no alt ernate sour ce of time, such as an S NTP ser ver : • Date —Ent er the system dat e.
Administration: Time Settings Configuring Syst em T ime 77 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 6 - Fro m —Day and ti me that DST st ar ts. - To —Day and time that DST ends. Sel ecti ng Recurring allows diff erent cust omization of the star t and stop of DS T : • Fro m —Date when DST begins each year .
Administ ra tion: Time Set tings Configuring Sys tem T ime Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 78 6 • Poll Inter val —Displays whether polling is enabled or dis abled. • Authentication K ey ID —Ke y Identification use d t o communicate bet ween the SNTP ser ver and device.
Administration: Time Settings Configuring Syst em T ime 79 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 6 • IP V ersion —S elect the version of the IP address : Ve r s i o n 6 or Ve r s i o n 4 . • IP v 6 Addres s Typ e —Select the IP v 6 addr es s typ e (if IP v6 is used) .
Administ ra tion: Time Set tings Configuring Sys tem T ime Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 80 6 C onfiguring the SNTP Mode The device can be in active and/ or pas sive mode ( see SNTP Mo de s fo r m o re inf o rmation).
Administration: Time Settings Configuring Syst em T ime 81 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 6 The authentication k ey is cr eated on the SNTP se rver i n a sep ara t e p r oces s th at depends on the t ype of S NTP ser ver you ar e using.
Administ ra tion: Time Set tings Configuring Sys tem T ime Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 82 6 • 8021 X Por t Authentication • Por t St a t • Ti m e - B a .
Administration: Time Settings Configuring Syst em T ime 83 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 6 • T ime Range Name —Ent er a new tim e range na me. • Absolute Star ting T ime — T o define the star t tim e, ent er the f ollowing: - Im me d i at e —S elect f or the time range to star t immediately .
7 Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 84 Administra tion: Diagno stic s This section c ontains inf ormation f or configuring por t mirroring, running cable tests, and viewing device op erational inf ormation.
Administration: Diagnostics Te s t i n g C o p p e r P o r t s 85 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 7 • (Optional) Disable EEE (see the Port Management > Green Ethernet > Pr oper ties page) Use a CA T5 data cable when t esting cables using ( VCT ) .
Administration: Diagno stic s Displaying Op tical Mo dule Sta tus Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 86 7 I f t h e p o r t b e i n g te s t e d i s a G i g a p o r .
Administration: Diagnostics Configuring P or t and VL AN Mirroring 87 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 7 • MGBLH 1 : 1000BA SE-LH S FP transc eiver , f or single-mo de fiber , 1310 nm wav elength, suppor ts up to 40 km.
Administration: Diagno stic s Configuring P or t and VL AN Mirroring Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 88 7 A pack et that is r eceived on a net work por t assigne d t o a VLAN that is subject to mirr oring is mirror e d to the analyzer por t even if the packet was eventually trapped or discarded.
Administration: Diagnostics V iewing CP U Utiliza tion and Se cure Cor e T e chnology 89 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 7 • Des t i na ti o n P o rt —S elect the analyzer por t t o wher e packets ar e copie d.
Administration: Diagno stic s V iewing CPU Utiliz a tion and Se cure Core T e chnolog y Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 90 7 STEP 1 Click Administration > Diagnostic s > CPU Utiliza tion . The CPU Utiliz ation page appears.
Administration: Diagnostics V iewing CP U Utiliza tion and Se cure Cor e T e chnology 91 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 7.
8 Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 92 Administra tion: Dis c over y This sect ion pr ovides inf ormation f or configuring Dis cover y .
Administration: Discovery Configuring Bonjour Dis cover y 93 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 8 When Bonjour Discover y is disable d, the device st ops any ser vice t ype advertis ements and does not respond t o requests f or ser vice from network management applications .
Administration: Disc over y LLDP and CDP Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 94 8 STEP 3 Click Apply to updat e the Running Configuration file. STEP 4 T o enable Bonjour on an inter face, click Add. STEP 5 Select the interface, and click Apply .
Administration: Discovery Configuring LLDP 95 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 8 • CDP and LLDP end devices , such as IP phones , learn the voice VLAN configuration from CDP and LLDP adv er tisements .
Administration: Disc over y Configuring LLDP Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 96 8 • Displaying LLDP Loc al Information • Displaying LLDP Neighbors Inform a ti.
Administration: Discovery Configuring LLDP 97 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 8 4. A sso ciate LLDP MED network policies an d the optional LLDP -MED TL Vs t o the desired inter faces by using the LLDP MED Port S ettings page.
Administration: Disc over y Configuring LLDP Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 98 8 STEP 3 In the Fast Star t Repe at Count field, enter the number of times LLDP packets ar e sent when the LLDP -MED F ast Start me chanism is initia lized.
Administration: Discovery Configuring LLDP 99 Cisc o Small Business 300 Se ries Ma naged Switch Administration Guide 8 The time interval b etween notifications is ent ered in the T opo logy Change S NMP Notification Int er val field in the LLDP Proper ties page.
Administration: Disc over y Configuring LLDP Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 100 8 lowest IP addr es s among the dynamic IP addr es ses . If there ar e no dynamic addresse s, the s oft ware chooses the lowe st IP address among the static IP address es .
Administration: Discovery Configuring LLDP 101 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 8 Set ting LLDP MED Net w ork Policy An LLDP -MED net work po licy is a r elat e d set of co nfiguration sett ings f or a spe cific r eal-time application such as voic e, or video.
Administration: Disc over y Configuring LLDP Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 102 8 • VL AN T ag —S elect whether the traffic is T agge d or Untagged. • Us er Pri orit y —Select the tr affic priorit y applied to traffic defined by this network p olicy .
Administration: Discovery Configuring LLDP 103 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 8 • SNMP Notific ation —Select whether S NMP notification is sent on a per - por t basis when an end station that suppor ts MED is di scovered; f or ex ample a SNMP managing system, when ther e is a t opology change.
Administration: Disc over y Configuring LLDP Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 104 8 • Chassi s ID Subt yp e — T yp e of chassis ID (f or e xample, MAC addr es s ). • Chassi s ID —Identifier of chas sis . Where the chassis ID subt ype is a MAC address , the MAC address of the dev ice appe ars.
Administration: Discovery Configuring LLDP 105 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 8 This page pr ovides the f ollowing fields: Glo b al • Chas sis ID Subt ype — T ype of chas sis ID . (F or example, the MA C address .
Administration: Disc over y Configuring LLDP Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 106 8 • Auto-Negoti a tion Adver tis ed Cap abilities —Port spee d aut o-negotiation capabilities ; f or example, 1000BAS E- T half duplex mode, 100BAS E- TX full duplex mode.
Administration: Discovery Configuring LLDP 107 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 8 - Endpoint Clas s 1 —Indicat es a generic endpoint clas s, of f ering basic LLDP ser v ices .
Administration: Disc over y Configuring LLDP Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 108 8 - Untagged —Indicates the network p olicy is defined f or untagged VL ANs. • Us er Pri orit y —Network policy us er priorit y .
Administration: Discovery Configuring LLDP 109 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 8 Ba sic Details • Chas sis ID Subt ype — T ype of chas sis ID (f or e xample, MAC addr es s ). • Chassis ID —Identifier of the 802 LAN neighboring devic e chassis .
Administration: Disc over y Configuring LLDP Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 110 8 • Operational MA U Type —Me dium Attachment Unit (MAU) type.
Administration: Discovery Configuring LLDP 111 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 8 MED Details • Cap abilities Supp or te d —MED capabilities enabled on the por t . • Current Capabilitie s —MED TL V s advertis ed by the por t .
Administration: Disc over y Configuring LLDP Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 112 8 • Enable d —Enabled Port and Prot ocol VL AN IDs . VL AN IDs • VID —Port and Protocol VLAN ID . • VL AN Name s —Advertis ed VLAN names .
Administration: Discovery Configuring LLDP 113 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 8 STEP 1 Click Adm in ist ra tion > Discover y - LLDP > LLDP Statistics . F or each por t , the fiel ds are display ed: • Interfac e —Identifier of int erface.
Administration: Disc over y Configuring LLDP Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 114 8 • Lef t to Send (By tes) — T otal numb er of a vailable by tes left f or ad ditional LLDP inf ormation in each packet . • Status — Whether TL V s ar e being transmitted or if they ar e ove rloaded.
Administration: Discovery Configuring CDP 115 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 8 • LLDP Optional TL V s - Size (By t es) — T otal LLDP MED optional TL Vs pack ets by t e size. - Status —If the LLDP MED optional TL V s packets were sent , or if they wer e overloaded.
Administration: Disc over y Configuring CDP Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 116 8 CDP Config uration W orkflow The f o llowings is sample work flow in configuring CDP on the devic e. Y ou can also find additional CDP configuration gu idelines in the LLDP /CDP section.
Administration: Discovery Configuring CDP 117 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 8 • CDP Hold Time —Amount of time that CDP packets ar e held bef ore the pack ets ar e discarded, measur ed in mu ltiples of the TL V Advertise Inter val.
Administration: Disc over y Configuring CDP Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 118 8 Editing CDP Inter face S et tings The Interface S etting s page enables administrators to enable/ dis able CDP per por t . Notifications can als o be trigge red when there ar e conflicts with CDP neighbors .
Administration: Discovery Configuring CDP 119 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 8 • Sys log V oice V LAN Mi s ma tc h —Select to enable the option of sending a .
Administration: Disc over y Configuring CDP Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 120 8 - Por t ID —I de nt if ie r o f po rt a dv ert is e d in t he po rt T L V .
Administration: Discovery Configuring CDP 121 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 8 - Req ue st ID —La st pow er r eq uest I D r eceiv ed ec ho es t he R equest -ID field last r ec eived in a P ower R equested TL V .
Administration: Disc over y Configuring CDP Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 122 8 • Capabilitie s —Capabilities adv er tised by neighbor . • Platform —Inf ormation fr om Pl atf orm TL V of neighb or . • Neighbor Inter fac e —Outgoing int er face of the neighbor .
Administration: Discovery Configuring CDP 123 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 8 Viewing CDP Statistics The CDP Statistics page displa ys inf ormation regarding Cisco Disc over y Pr otocol (CDP) frames that were sent or received from a por t .
9 Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 124 Por t Man agemen t This section de scribe s por t configurat ion, link aggregation, and the Green Ethernet f eature.
Port Management Setting Por t Configura tion 125 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 9 S et ting Por t C onfiguration The Po r t Set tings page displays the global and per p or t set ting of all the por ts. This page enables you to select and configure the desir ed por ts from the Edit P ort Set tings page.
Por t Management Setting Por t C onfigur a tion Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 126 9 • Operational Status —Displa ys whether the port is curr ently Up or Down. If the por t is down be cause of an error , the des cription of the error is displa yed.
Port Management Setting Por t Configura tion 127 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 9 • Auto Adver tis ement —Select the capabiliti es advertis ed by aut o- negotiation when it is enabled. The options are: - Max Ca p ab il it y —All por t sp eeds and duplex mode s ettings can b e accepted.
Por t Management Configuring Link Aggr egation Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 128 9 - Prot e cted P orts provide Lay er 2 is olation betwe en interfaces (Ethernet por ts and LAGs) th at share the same VLAN. - Pack ets received from pr ot ected por ts can be f or warded only to unprot ected egress p or ts.
Port Management Configuring Link Aggr egation 129 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 9 Link Aggregation O ver view Link Aggr egation Control Prot o col (L ACP) is part of the IEEE spe cification ( 802.3az) that enables you to bundle several physical ports together to f orm a single lo gical channel (LAG) .
Por t Management Configuring Link Aggr egation Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 130 9 Ev er y L AG has the f ollowing characteristics: • All por ts in a LAG must be of the s ame media t ype. • T o add a p or t t o the LAG, it cannot be long to any VLAN ex cept the default VL AN.
Port Management Configuring Link Aggr egation 131 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 9 T o c onfigure a dynamic L AG, per f orm the f ollowing actions : 1.
Por t Management Configuring Link Aggr egation Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 132 9 • Por t List —Move those por ts that ar e to be assigned to the LAG from the Por t List to th e LA G M em be r s list . Up to eight por ts per static LAG can be assigne d, and 16 por ts can be as signed to a dynamic LAG.
Port Management Configuring Link Aggr egation 133 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 9 • Administrative Auto Negoti a tion —Enables or dis able auto-negotiation on the LAG.
Por t Management Configuring Link Aggr egation Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 134 9 C onfiguring LA C P A dynamic LAG is LACP -enabled, and LACP is run on ever y candidate por t defined in the L AG.
Port Management Configuring Link Aggr egation 135 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 9 However , ther e are cases when one link par tner is temporarily not configured f or LACP .
Por t Management Configuring Gr een Etherne t Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 136 9 STEP 5 Click Apply . The Running Co nfiguration file is updated. C onfiguring Green Ethernet This section de scribe s the Gr een Ethernet f eature that is designed to sav e power on the devic e.
Port Management Configuring Gr een Ethernet 137 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 9 In addition t o the above Green Ethernet f eatures, the 802.3az Energy Ef ficient Ethernet (EEE) is f ound on devices suppor ting GE p ort s.
Por t Management Configuring Gr een Etherne t Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 138 9 802.3az Energy Ef ficient Ethernet Feature This section de scribe s the 802.3az Ener gy Efficient Ethernet (EEE) f e atur e. It covers the f o llowing t opics : • 802.
Port Management Configuring Gr een Ethernet 139 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 9 Adver t ise Capabilities Negotiation 802.
Por t Management Configuring Gr een Etherne t Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 140 9 802. 3a z EEE Configura tion Workflow This section des cribes how to configur e the 802.
Port Management Configuring Gr een Ethernet 141 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 9 • Energy Dete ct Mo de —Disable d by default . Click the checkbox t o enable. • Shor t Reach — Globa lly enable or disable Shor t Reach mode if there are GE por ts on the devic e.
Por t Management Configuring Gr een Etherne t Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 142 9 T o def in e pe r port Gr een Et he rne t se tting s: STEP 1 Click Por t Man agement > Green Ethernet > Por t Set tings .
Port Management Configuring Gr een Ethernet 143 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 9 - EEE Suppor t on Remote — Displays whether EEE is suppor ted on the link par tner . EEE must b e suppor ted on both the local and r emote link par tners.
10 Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 144 Smar tp or t This document de scribe s the Smar tp or ts f eature. It contains the f ollowing t opics : • O ver view • .
Smartport Over view 145 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 10 O ver view The Smar tpor t f eature provides a con venient way t o sa ve and shar e c ommon configurations . By applying the s ame Smartp or t macr o to multiple int e r faces , the interfaces share a common s et of configurations .
Smar tp or t Wha t is a Smar tpor t Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 146 10 Wha t is a Smar tp or t A Smar tpor t is an interface to which a built -in (or user - defined) macro ma y be applied.
Smartport Smar tpor t T yp es 147 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 10 • Statically from a Smar tpor t macro by name only from the CLI. A Smar tpor t macro can be applie d by its Smar tpor t t ype stat ically from CLI and GUI, and dynamically by Au t o Smar tpor t .
Smar tp or t Smar tpor t T yp es Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 148 10 Sp e cial Sm ar tp or t Typ e s There ar e t wo spe cial Smar tpor t t ypes ; default and unknown .
Smartport Smar tp or t Macro s 149 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 10 Smar tp or t Macro s A Smar tpor t macr o is a script of CLI commands that configure an i nterface appr opriately f or a par ticular net work device.
Smar tp or t Macro F ailure and t he R es et Opera tion Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 150 10 Applying a Smar tpor t Typ e to an Inter face When Smar tpor t type.
Smartport How the Smar tpor t Fea tur e W orks 151 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 10 After the sour ce of the pr oblem is det erm ined and the e xisting configur.
Smar tp or t Auto Smartp or t Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 152 10 Auto Smar tp or t In or der f or Auto Smartpor t to aut omatically assign Smar tpor t type s .
Smartport Auto Smar tpor t 153 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 10 If , f or example, an IP phone is at tached to a por t , it transmits CDP or LLDP packets that advertise its capabilities .
Smar tp or t Auto Smartp or t Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 154 10 NOTE If only the IP P hone and Host bits are set , then the Smartpor t typ e is ip_phone_desktop.
Smartport Erro r Ha n dl in g 155 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 10 • If all devices on an interface advertis e the same capability (ther e is no conflict) the matching Smartp ort t ype is applie d to the int er face.
Smar tp or t Default Configur a tion Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 156 10 D efault C onfigura tion Smar tpor t is always a vailable.
Smartport Common Smar tp or t T asks 157 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 10 STEP 4 Click Apply STEP 5 T o enable the Aut o Smar tpor t f eatur e on one or mor e int er faces , open the Smar tpor t > Interface Set tings page.
Smar tp or t Common Smar tp or t T asks Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 158 10 3. Click Vi e w M a c r o S o u r c e to view the curr ent Smar tpor t macro that is as sociated with the sele cted Smar tpor t T yp e.
Smartport Configuring Smar tp or t Using The W eb -bas ed Interface 159 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 10 C onfiguring Smar tp or t Using The We b -b as e d Inter face The Smar tpor t f e atur e is configured in the Smartp or t > Propertie s, Smar tp or t T yp e Set tings and Interface S etting s pages .
Smar tp or t Configuring Smartp or t Using The Web-b ase d In terfac e Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 160 10 STEP 3 Click Apply .
Smartport Configuring Smar tp or t Using The W eb -bas ed Interface 161 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 10 • User Defined Macro —If desired, select the user -define d macro that is t o be ass ociated with the sele ct ed Smar tpor t typ e.
Smar tp or t Configuring Smartp or t Using The Web-b ase d In terfac e Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 162 10 corrections hav e been made prior to clicking Re apply . See the work flow area in Common Smar tp or t T asks section f or troubleshooting tips .
Smartport Configuring Smar tp or t Using The W eb -bas ed Interface 163 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 10 NOTE Reset ting the int er face of unknown type do es not reset the configuration per f ormed by the macro that f ailed.
Smar tp or t Built-in Smar tpor t Macros Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 164 10 Built-in Smar tp or t Macros The f ollowing de scribes the pair of built-in macr os f or each Smartp or t type.
Smartport Built-in Smar tpor t Macros 165 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 10 port security mode max-addresses port security discard trap 60 # smartport storm-cont.
Smar tp or t Built-in Smar tpor t Macros Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 166 10 # smartport storm-control broadcast level 10 smartport storm-control include-multi.
Smartport Built-in Smar tpor t Macros 167 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 10 smartport storm-control broadcast enab le # spanning-tree portfast # @ no_gue st] ] [.
Smar tp or t Built-in Smar tpor t Macros Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 168 10 spanning-tree portfast # @ no_ser ver [no_server] #macro description No server # n.
Smartport Built-in Smar tpor t Macros 169 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 10 # @ no_host [no_host] #macro description No host # no smartport switchport trunk nati.
Smar tp or t Built-in Smar tpor t Macros Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 170 10 no_ip_cam era [no_ip_camera] #macro description No ip_camera # no switchport acces.
Smartport Built-in Smar tpor t Macros 171 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 10 no_ip_phone [no_ip_phone] #macro description no ip_phone #macro keywords $voice_vlan .
Smar tp or t Built-in Smar tpor t Macros Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 172 10 smartport storm-control broadcast enable # spanning-tree portfast # @ no_ip_phone_.
Smartport Built-in Smar tpor t Macros 173 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 10 # @ no_switch [no_switch] #macro description No switch #macro keywords $voice_vlan # .
Smar tp or t Built-in Smar tpor t Macros Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 174 10 #macro keywords $voice_vlan # #macro key description: $voice_vlan: The voice VLAN .
Smartport Built-in Smar tpor t Macros 175 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 10.
11 Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 176 Por t Man agemen t : PoE The P ower over Ethernet (P oE) f eature is only a vailable on P oE-b ased devices . F or a list of Po E-base d devices , ref er to the De v i ce M od e l s sect io n.
Port Management: PoE PoE o n t h e D e v ic e 177 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 11 Power ov er Ethernet can be used in any ent erprise net work that deploys re .
Por t Management : PoE PoE on t he D e vi c e Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 178 11 Y ou can decide the f ollowing: • Maximum power a PS E is allowed to supply to a PD • During device operation, to change the mode from Class Power Limit t o Port Limit and vice versa.
Port Management: PoE Configuring PoE Pr op er tie s 179 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 11 may not be able t o pr operly supply power to its attaching PD s. T o prevent false det ection, you should disable PoE on the por ts on the PoE switches that are used to connect to PSEs .
Por t Management : PoE Configuring P oE Settings Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 180 11 The f ollowing c ounters ar e displ a yed f or each device : • Nominal Power — The total amount of power th e devic e can supply to all the connected PD s.
Port Management: PoE Configuring PoE Settings 181 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 11 The administrat or configures all por ts to a llocate up t o 30 wat ts . This r esults in 48 times 30 p ort s equaling 1440 watts , which is too much.
Por t Management : PoE Configuring P oE Settings Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 182 11 • Clas s — This field appears only if the P ower Mode set in the P oE Pr oper ties page is Class Limit .
Port Management: PoE Configuring PoE Settings 183 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 11.
12 Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 184 VL AN Mana gemen t This section c overs the f ollowing topics: • VL ANs • Configuring D e fault VL AN S ettings • Cre.
VLAN Management VL ANs 185 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 12 VL AN Des cription Each VLAN is co nfigur ed with a unique VI D ( VL AN ID) with a value fr om 1 t o 4094. A por t on a device i n a bridged networ k is a member o f a VLAN if it can se nd data to and r e ceive data from the VLAN.
VL AN Management VL ANs Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 186 12 VL AN Roles VLANs function at Layer 2. All VLAN traf fic (Unicast /Broadcast /Multicast) remains within its VLAN. D evices at tached to diff er ent VLANs do not have dir ect connectivit y t o each other over the Ethernet MAC la yer .
VLAN Management Configuring Def ault VL AN S ettings 187 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 12 Cust omer traffic is encapsulated with an S-tag with TPID 0x8100, r egardless of whether it was originally c-tagged or untagge d.
VL AN Management Configuring Def ault VL AN S ettings Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 188 12 • It cannot be use d f or any special role, such as unauthenticat ed VLAN or V oice VL AN. This is only r elevant f or OUI-enabled voice VL AN.
VLAN Management Crea tin g VL ANs 189 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 12 Creating VL ANs Y ou can creat e a VL AN, but this has no eff ect until the VL AN is attache d t o at least one por t , either manually or dynamically .
VL AN Management Configuring VL AN Int er face Settings Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 190 12 C onfiguring VL AN Inter fac e S et tings The Interface Set tings p.
VLAN Management De f i ni n g V L AN M em bers hi p 191 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 12 - Admit T agged Only — The interface acc epts only tagged frames . - Admit Untagged Only — The int erface accepts only untagged and priority frame s.
VL AN Management De fin i ng V L AN Me mbe r s hi p Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 192 12 C onfiguring Por t to VL AN Use the Port to VLAN page t o display and configure the por ts within a spe cific VL AN. T o map p or ts or LAGs to a VLAN: STEP 1 Click VL AN Man agement > Port to VL AN .
VLAN Management De f i ni n g V L AN M em bers hi p 193 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 12 C onfiguring VL AN Memb ership The Port VL AN Membership page displays all por ts on the device along with a list of VLANs to which each por t belongs .
VL AN Management GV R P S e t t i n g s Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 194 12 - Forbidden — The interface is not allowed to join the VLAN even fr om GVRP r e gistration.
VLAN Management VL AN Groups 195 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 12 GVRP must be activat ed glob ally as well as on each por t . When it is activat ed, it transmits and r ec eives GARP P ack et Data Units (GPDUs ) .
VL AN Management VL AN Groups Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 196 12 If several classifications scheme s are defined, pack ets ar e assigne d t o a VLAN in the f ollowing order : • TA G : If the pack et is tagged , the VLAN is taken fr om the tag.
VLAN Management VL AN Groups 197 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 12 NOTE This MAC addr ess cannot b e assigned to any other VLAN group.
VL AN Management Vo i c e V L A N Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 198 12 Vo i c e V L A N In a LAN, voic e devices , such as IP phone s, V oIP endp oints, and voice syst ems ar e placed into the same VLAN. This VLAN is ref erred as the voice VLAN.
VLAN Management Vo i c e V L A N 199 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 12 From a VLAN perspe ctive, the above models operate in both VLAN-awar e and VLAN-unaware en vironments. In the VL AN-awar e en vir onment , the voice VLAN is one of the many VLANs configured in an installation.
VL AN Management Vo i c e V L A N Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 200 12 Unlik e T elephon y OUI mode that dete cts voice devices ba sed on telephon y OU I, Au to Voi c e V L A N m o de de p e nd s o n Auto S ma r t p or t to d yn a mi ca l ly add the por ts to the v oice VL AN.
VLAN Management Vo i c e V L A N 201 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 12 When Aut o Smar tpor t is enabled, dep ending on Aut o V oice VL AN mode, Auto Smar tpor t is enabled when Auto V oic e VLAN become s operational.
VL AN Management Vo i c e V L A N Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 202 12 • When a new voice VLAN is c onfigured/ dis covered, the device automatically cr eat es it , and r eplaces all the p or t memberships of the existing voice VL AN t o the new voice VL AN.
VLAN Management Vo i c e V L A N 203 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 12 V oic e VL AN C onstraints The f ollowing c onstraints exist: • Only one V oice VL AN is suppor ted.
VL AN Management Vo i c e V L A N Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 204 12 STEP 4 Select the Aut o V oice VL AN Activation metho d. NOTE If the device is currently in T elephon y OUI mode, you must disable it bef or e you can configur e Aut o V oice Vlan STEP 5 Click Apply .
VLAN Management Vo i c e V L A N 205 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 12 Co nfiguring V oic e VL AN Proper tie s Use the V oice VL AN Proper ties page f or the f ollowing: • V iew how voice VL AN is curr ently configured.
VL AN Management Vo i c e V L A N Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 206 12 - Enable T elephony OUI —Enable Dynamic V oic e VL AN in T elephony OUI mode.
VLAN Management Vo i c e V L A N 207 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 12 • Sou r ce Ty pe —Displa ys the type of source where the voice VLAN is discovered by the r oot device. • CoS/802. 1 p —Displays CoS/802.
VL AN Management Vo i c e V L A N Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 208 12 • Vo i c e V L A N I D — T he identifier of the curr ent voice VLAN. • CoS/802. 1 p — The adver tised or configured CoS/802. 1 p value s that ar e used by the LLDP -MED as a voice network po licy .
VLAN Management Vo i c e V L A N 209 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 12 T o c onfigure T elephony OUI and/ or add a new V oice VLAN OUI: STEP 1 Click VL AN Management > Vo i c e V L A N > Te l e p h o n y O U I .
VL AN Management Vo i c e V L A N Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 210 12 Adding Interfac es to V oice VL AN on B asis of OUIs The QoS at tribut es can be as signe.
VLAN Management Acces s P ort Mu lti c as t TV V L AN 211 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 12 Ac c e s s Por t Multic ast T V VL AN Multicast T V VL ANs enable Mul.
VL AN Management Acc e ss Po r t Multicast TV VL AN Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 212 12 IGMP Sno oping Multicast T V VL AN re lies on IGMP snooping, which means that : • Subscrib ers use IGMP me ssage s to jo in or leav e a Multicast gr oup.
VLAN Management Acces s P ort Mu lti c as t TV V L AN 213 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 12 C onfigura tion Wo rk f l ow Configure TV VL AN with the f ollowing st eps: 1 . Define a T V VL AN by associatin g a Multicast gr oup to a VLAN (using the Multicast Gr oup to VLAN page).
VL AN Management Cust omer Port Multicast TV VL AN Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 214 12 Por t Multicast VL AN Memb ership T o define the Multicast T V VL AN configuration: STEP 1 Click VLAN Management > Ac ces s Port Multicast T V VLAN > Por t Multicast VLAN Membership .
VLAN Management Cust omer Po r t Multicas t TV VL AN 215 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 12 All pack ets from the subscriber to the ser vice provider network are .
VL AN Management Cust omer Port Multicast TV VL AN Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 216 12 To m a p C P E V L A N s : STEP 1 Click VL AN Management > Customer P ort Multicast T V VLAN > CPE VL AN to VLAN. STEP 2 Click Add .
VLAN Management Cust omer Po r t Multicas t TV VL AN 217 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 12.
13 Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 218 Sp anning T re e This section de scribe s the Spanning T ree Prot o col (STP) (IEEE802.
Spanning Tree Configuring S TP Status and Global Settings 219 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 13 The device suppor ts the f ollowing Spanning T ree Pr otocol versions: • Classic STP – Provides a single path bet ween any two end stations , av oiding and eliminating lo ops .
Sp anning Tree Configuring S TP Sta tus and Global Sett ings Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 220 13 • BPDU Handling —Sele ct how Bridge Pr ot oc ol Da ta Unit (BPDU) pack ets ar e managed when STP is disabled on the por t or the device.
Spanning Tree Defining Spanning T ree Int er face S e ttings 221 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 13 • T op ology Change s Counts — The total number of S TP t opology changes that hav e occurred. • L ast T op ology Change — The time int er val that elapse d since the last topology change occurred.
Sp anning Tree Defining Spannin g T r ee Int er face Settings Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 222 13 • Root Guard —Enables or disable s Root Guar d on the device. The Root Guar d option pr ovides a way t o enf orce the r oot bridge placement in the network .
Spanning Tree Configur ing Rapid Spann ing T ree S etting s 223 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 13 - Blo ck ing — The po r t is curr ently blocked, and cannot f or ward traffic (with the ex c eption of BPDU data) or learn MA C addresse s.
Sp anning Tree Configuring R apid Spanning T r ee S ettings Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 224 13 T o enter RS TP settings : STEP 1 Click Sp anning T r ee > STP Status and Global S et tings . Enable RSTP . STEP 2 Click Sp anning T r ee > RSTP I nt erfa ce Setting s .
Spanning Tree Configur ing Rapid Spann ing T ree S etting s 225 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 13 - Design at ed — The interface through which the bridge is connected t o the LAN, which provides the lowest co st path fr om the LAN to the R oot Bridge.
Sp anning Tree Multiple S panning T ree Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 226 13 Multiple Sp anning T re e Multiple Spanning T ree Prot o col (MSTP) is used to separat e the S TP por t state bet ween various domains (on dif f erent VL ANs ).
Spanning Tree Mapping VL ANs to a MS TP I nstance 227 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 13 Switches int ended to be in the s ame MST r egion are never separated by switches from another MS T r egion. If they are separat ed, the region bec omes t wo separat e re gi on s .
Sp anning Tree De fin ing M S TP I n s tan ce Se tt i n gs Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 228 13 F or those VL ANs that ar e not e xplicitly mapped to one of the MS T instances , the device automatically maps them to the CIS T (C ore and Inte rnal Spanning T ree) instance.
Spanning Tree De f i ni n g MS TP I n te rfa ce Se tt i ng s 229 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 13 • Included VL AN —Displa ys the VLANs mappe d to the select ed instance. The default mapping is that all VLANs are mapped to the common and internal spanning tr ee (CIST ) instance 0) .
Sp anning Tree De fin in g M S TP I n terf ace Se tti ng s Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 230 13 STEP 5 Enter the paramet ers. • Instanc e ID —S elect the MS T instance to be configured. • Interfac e —Sele ct the interface f or which the MS TI set tings ar e t o be defined.
Spanning Tree De f i ni n g MS TP I n te rfa ce Se tt i ng s 231 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 13 - Bac k u p — The interface provides a b ackup path to the designat ed por t path t oward the Spanning T ree le av es .
14 Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 232 Man aging MA C A ddre s s T able s This section de scribe how to add MA C addresse s t o the syst em.
Managing MAC Address Tables Configuring Sta tic MAC Addr ess es 233 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 14 C onfiguring Static MA C A ddres s e s Static MAC a ddresses are assigne d t o a specific physical i nterface and VLAN on the device.
Ma nagi ng M A C Ad d r ess T abl es Managing Dynamic MAC Addr ess es Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 234 14 Managing D yn amic MA C Addre s s e s The Dynamic Addr e ss T able (bridg ing table ) contains the MA C addr ess es acquired by monit oring the source addr es ses of frame s entering the device.
Managing MAC Address Tables Defining Res er ve d MAC Address es 235 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 14 D efining Re s er ve d MA C A ddres s e s When the device receives a frame with a Destination MAC address that belongs to a r eser ved range (per the IEEE standard), the frame can be dis carded or bridged.
15 Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 236 Multic ast This section de scribe s the Multicast F or warding f eature, and covers the f ollowing top ic s : • Multicast.
Multicast Multicast F orwarding 237 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 15 F or Multicast f or warding t o work acr os s IP subnets, node s, and rout ers must be Multicast-capable. A Multicast -capable node must be able to: • Send and r eceive Multicast pack ets .
Multic ast Multicas t Forwar ding Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 238 15 The device can f orward Multicast str eams based on one of the f ollowing options: • Mu.
Multicast Defining Multicas t Pr oper tie s 239 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 15 If the device is enab led as an IGMP Querier , i t star ts after 60 se conds have passed with no IGMP traffic (queries ) det ect ed from a Multicast r outer .
Multic ast Defining Multicas t Proper ties Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 240 15 A common way of r epr esenting Multicast memb ership is the (S,G) notation wher e S is the (single) sour ce sending a Multicast stream of data, and G is the IP v 4 or IP v6 gr oup addr es s.
Multicast Adding MAC Gr oup Addr ess 241 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 15 STEP 3 Click Apply . The Running C onfiguration file is updated. Adding MAC Gr oup Addre s s The device suppor ts f orwarding incoming Multicast traffic base d on the Multicast group inf ormation.
Multic ast Adding MAC Gr oup Address Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 242 15 Entries that were cr eat ed both in this page and in the IP Multicast Group Addr es s page ar e display ed. For those creat ed in the IP Multicast Group Addr es s page, the IP address es are conv er ted t o MAC addr ess es .
Multicast Adding IP M ulticas t Gr oup Addr esse s 243 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 15 Adding IP Multic ast Group Addre s s e s The IP Multicast Group Addr ess page is similar to the MAC Gr oup Addr ess page ex c ept that Multicast gr oups are id entified by IP addresses .
Multic ast Configuring IGMP Sn ooping Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 244 15 • IP Sourc e Addre ss —D efines the source address to be included. STEP 6 Click Apply . The IP Multicast group is added, and the device is up dat ed.
Multicast Configuring IGMP Snooping 245 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 15 When IGMP Snooping is enabled globally or on a VL AN, all IGMP packets ar e f or warded t o the CPU .
Multic ast Configuring IGMP Sn ooping Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 246 15 Ther e can be only one IGMP Querier in a network . The device supp or ts standards-based IGMP Querier election. Some of the values of the operational parameters of this table ar e sent by the elected querier .
Multicast MLD Snooping 247 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 15 • Operational L ast Member Quer y Inter val —Displays the Last Member Quer y Inter val sent by the elected querier .
Multic ast MLD Snooping Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 248 15 In an appr oach similar to IGMP snooping, MLD frames are snooped as they are f or warded by the device from stations t o an upstream Multicast rout er and vice versa.
Multicast Quer ying IGMP /MLD IP Multicas t Group 249 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 15 • Operational Quer y Robustness —Displa ys the robustness variable sent by the elected querier .
Multic ast Defining Mu lticast R outer P orts Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 250 15 There might be a diff er ence bet ween information on this page and, f or example, inf ormation displayed in the MAC Group Addr ess page .
Multicast Defining F orward Al l Multicas t 251 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 15 T o statically c onfigure or see dynamically- detect ed por ts c onnected to the Multicast rout er : STEP 1 Click Multicast > Multic ast Router Por t .
Multic ast Defining Unr egister ed Multicas t Settings Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 252 15 IGMP or MLD mes sages are not f or warded to por ts defined as For w a r d A l l . NOTE The configuration aff ects only the por ts that ar e members of the selected VL AN.
Multicast D e fining Unregist ered Multicast Settings 253 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 15 Y ou can select a p or t to receive or filt er unregister ed Multicast streams. The configuration is valid f or an y VL AN of which it is a member (or will be a member) .
16 Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 254 IP C onfigura tion IP int er face addresse s can be configured manually by the user , or automatically configured by a DHCP se r ver . This se ction provides inf o rmation f or defining the device IP address es , either manually or by making the device a DHCP client .
IP Configuration Over view 255 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 16 L a yer 2 IP Addre ssing In Lay er 2 system mode, the device has up to one IPv 4 address and up to two IP v6 interfaces (either “native” int er face or T unnel) in the management VLAN.
IP Configuration IPv4 Management and In terface s Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 256 16 • The system status LED changes to solid gr een when a new unique IP addr es s is r eceived from the DHC P ser ver . If a static IP address has been set , the system status LED also chang es to solid gr een.
IP Configuration IPv4 Managemen t and In terface s 257 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 16 D efining an IP v4 Inter face in L ayer 2 System Mo de T o manage the device by using the web- b ased c onfiguration utility , the IPv4 device management IP address must b e defined and known.
IP Configuration IPv4 Management and In terface s Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 258 16 If a dynamic IP addr es s is retrieved fr om the DHCP ser ver , s elect t.
IP Configuration IPv4 Managemen t and In terface s 259 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 16 • IP Addres s —Configured IP address f or the int er face. • Mask —Configured IP address mask . • Status —R esults of the IP addr es s duplication check .
IP Configuration IPv4 Management and In terface s Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 260 16 IP v4 Route s When the device is in La yer 3 syst em mode, this page enables configuring and viewing IP v 4 static rout es on the device.
IP Configuration IPv4 Managemen t and In terface s 261 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 16 ARP The device maintains an ARP (A ddr es s Re solution Pro tocol) table f or all known devices that reside in the IP subnets directly connected to it .
IP Configuration IPv4 Management and In terface s Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 262 16 • Status — Whether the entr y was manually enter ed or dynamically learned. STEP 4 Click Add . STEP 5 Enter the paramet ers: • IP V e rsion — T he IP addr es s f o rmat suppor t ed by the host .
IP Configuration IPv4 Managemen t and In terface s 263 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 16 STEP 3 Click Apply . The ARP pro x y is enabled, and the Running Configuration file is updated. UDP Rela y /IP Help er The UDP Rela y /IP Help er f eature is only a vailable when the device is in La yer 3 system mode.
IP Configuration IPv4 Management and In terface s Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 264 16 A trust ed p or t is a por t that is connected to a DHCP ser ver and is allowed to assign DHCP ad dr es ses . DHCP mes sage s r eceived on trusted por ts are allowed t o pas s thr ough the device.
IP Configuration IPv4 Managemen t and In terface s 265 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 16 The f ollowing Option 82 options are a vailable on the device : • DHCP Inser tion - Add Option 82 info rmation to pack ets that do not ha ve f oreign Option 82 inf ormation.
IP Configuration IPv4 Management and In terface s Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 266 16 The f ollowing de scribe s how DHCP request packets are handled when both.
IP Configuration IPv4 Managemen t and In terface s 267 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 16 The f ollowing de scrib es how DHCP Reply pack ets ar e handled when DHC.
IP Configuration IPv4 Management and In terface s Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 268 16 Option 82 inser tion disable d Pac ke t is sen t without Option 82 Pac ke t is sent with the original Option 82 Relay – discards Option 82 Bridge – Pac ket is sent without Option 82 Relay – 1.
IP Configuration IPv4 Managemen t and In terface s 269 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 16 The f ollowing de scrib es how DHCP r eply packets ar e handled when bot.
IP Configuration IPv4 Management and In terface s Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 270 16 The DHCP Snooping Binding databas e is also use d by IP Source Guar d and Dynamic ARP Inspe ction f eatures to det ermine legitimate packet sour ces .
IP Configuration IPv4 Managemen t and In terface s 271 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 16 STEP 6 Device f or wards DHCPOFFER, DHCP A CK , or DHCPNAK . The f ollowing summarize s how DHCP pack ets ar e handled from both trust ed and untrusted por ts.
IP Configuration IPv4 Management and In terface s Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 272 16 DHCP Sno oping Along With DHCP Rela y If both DHCP Snooping and DHCP Rela.
IP Configuration IPv4 Managemen t and In terface s 273 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 16 STEP 1 Enable DHCP Sno oping and/ or DH CP Relay in the IP C onfigura tion > DHCP > Propertie s page or in the Se curit y > DHCP Snooping > Proper ties page.
IP Configuration IPv4 Management and In terface s Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 274 16 STEP 2 Click Apply . The set tings ar e written to the Running Configuration file. STEP 3 T o define a DHCP ser ver , click Add .
IP Configuration IPv4 Managemen t and In terface s 275 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 16 DHCP Sno oping Binding Da tabas e See How the DHCP Snooping Binding Databas e is Built f or a de scription of how dynamic entries are added to the DHCP Snooping Binding database.
IP Configuration DHCP S er ver Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 276 16 STEP 4 Click Apply . The set tings ar e defined, and the device is up dat ed. DHCP S er ver The DHCP v 4 Ser ver f eature enables you t o configure the device as a DHCP v 4 ser ver .
IP Configuration DHCP Ser ver 277 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 16 The f ollowing options can b e set with the generic DHCP option CLI command: • Integer type.
IP Configuration DHCP S er ver Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 278 16 De pe n d e n c ies Betw een Fea tu r es • A single interface cannot be configured as both a DHCP v 4 client and DHCP v 4 ser ver at the s ame time.
IP Configuration DHCP Ser ver 279 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 16 STEP 5 V iew the allocated IP addr ess es using the Address Binding page.
IP Configuration DHCP S er ver Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 280 16 • Po ol N am e — Enter the pool name. • Subnet IP Address —Enter the subnet in which the network p ool resides . • Mask —Ent er one of f ollowing : - Network Mask —Che ck and ente r the pool’s network mask .
IP Configuration DHCP Ser ver 281 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 16 - Mixe d —A combination of b -node and p-node c ommunications is used to regist er and r esolve NetBIO S names . M-node first uses b-node ; then, if nec ess ar y , p-no de.
IP Configuration DHCP S er ver Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 282 16 T o manually allocate a permanent IP address to a specific client : STEP 1 Click IP Configuration > IP v 4 Management and Int er faces > DHCP Ser ver > Static Hosts to displa y the Static Hosts page.
IP Configuration DHCP Ser ver 283 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 16 - Hybrid —A hybrid combination of b -node and p-node is us ed. When configured to use h-node, a computer alwa ys trie s p-node first and uses b- node only if p-node fails.
IP Configuration IPv6 Manag ement and I n ter faces Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 284 16 • Le a s e E x p i r a t i o n — The leas e expiration dat e and time of the host’ s IP addr es s or Infinite is such was the lease duration defined.
IP Configuration IPv6 Management and In terface s 285 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 16 IP v 6 Glob al C onfiguration T o define IPv6 glob al parameters and DHCPv6 client set tings : STEP 1 In La yer 2 syst em mode, click Admini stra tion > Management In terfac e > IP v 6 Global C onfiguration .
IP Configuration IPv6 Manag ement and I n ter faces Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 286 16 T o define an IP v6 inter face: STEP 1 In La yer 2 syst em mode, click Admini str a ti on > Managemen t Interfac e > IP v 6 Interfac e s .
IP Configuration IPv6 Management and In terface s 287 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 16 • Sen d I CM P v6 M essag e s —Enable generating unreachable destination mess ages. STEP 6 Click Apply t o enable IPv6 proce ssing on the se lected int er face.
IP Configuration IPv6 Manag ement and I n ter faces Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 288 16 • Rec eive d Information Refresh Time —Refr esh time r e ceived fr om D HCP v6 ser ver . • Remaining Information Refresh Time —Remaining time until ne xt refresh.
IP Configuration IPv6 Management and In terface s 289 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 16 Co nfiguring T unnels NOTE T o configure a tunnel, first configure an IP v6 interface as a tunnel in the IP v6 Interface s page.
IP Configuration IPv6 Manag ement and I n ter faces Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 290 16 • ISA T AP Robustnes s —Us ed t o calculate the int er val f or the DNS or r out er solicitation queries. The larger the numb er , the more fr equent the queries .
IP Configuration IPv6 Management and In terface s 291 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 16 is spe cified in hexadecimal f ormat b y using 16-bit values s eparat ed by colons .Y ou cannot configure an IP v6 addresse s directly on an ISA T AP tunnel int er face.
IP Configuration IPv6 Manag ement and I n ter faces Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 292 16 In La yer 3 syst em mode, click IP C onfiguration > IP v6 Man agement and Interfac e s > IP v 6 D efault Router List .
IP Configuration IPv6 Management and In terface s 293 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 16 D efining IP v 6 Neighb ors Information The IP v6 Neighbors page enables configuring and viewing the list of IP v6 neighbors on the IP v6 int erfac e.
IP Configuration IPv6 Manag ement and I n ter faces Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 294 16 - Stale —Pr eviously-known neighbor is unreachable. No action is tak en t o verify its reachability until traffic must be sent .
IP Configuration IPv6 Management and In terface s 295 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 16 STEP 1 Click Administra tion > Management Interfac e > IP v 6 Routes . -or T o view IPv6 routing entries in Lay er 3 system mode: Click IP Configuration > IP v 6 Management and Interfac e s > IP v6 Route s .
IP Configuration IPv6 Manag ement and I n ter faces Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 296 16 - Static — The entr y was manually c onfigured by a user . DHCP v 6 Relay DHCP v6 Rela y is used f or r elaying DHCPv6 mes sage s t o DHCP v6 ser vers .
IP Configuration Do m ai n Na me 297 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 16 • DHCP v 6 Ser ver IP Addres s —Enter the addr e ss of the DHCP v6 s er ver t o which pack ets ar e f or warded.
IP Configuration Domain Name Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 298 16 As a DNS client , the device resolves domain nam es to IP addr e s ses through the use of one or mor e configured DNS ser vers.
IP Configuration Do m ai n Na me 299 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 16 • Prefer ence —Each s er ver has a pref erence value, a lowe r value means a higher chance of being us ed.
IP Configuration Domain Name Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 300 16 • Sou rce —Source of the ser ver ’ s IP addr es s ( static or DHCP v 4 or DHCPv6) f or this dom ain. • Interfac e —Interface of the s er ver ’s IP addr e ss fo r this domain.
IP Configuration Do m ai n Na me 301 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 16 • Type —Is this a Dy na m i c or Static entr y to the cache. • Status — Displa ys the results of attempts t o acces s the host - OK —A t t e mpt su cceed ed.
17 Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 302 Sec u r i t y This section de scrib es device s ecurit y and acces s control. The syst em handles various typ es of se curit y . The f ollowing list of topics des cribes the various t ype s of securit y f eatures des cribed in this se ction.
Security De fin i ng Use r s 303 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 • Con fig u r in g RAD I U S • Con fig u ri n g P ort Secu r ity • Configuring 802. 1 X • De fining Time Ranges Pr otection fr om other network us ers is describe d in the f ollowing s ections.
Secu r ity De fin i ng U ser s Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 304 17 STEP 1 Click Admin ist ra tion > User Acc ounts . This page displays the users defined in the system and their user privilege level. STEP 2 Select P a s s w o r d R e c o v e ry S erv i ce to enable this f eature.
Security De fin i ng Use r s 305 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 STEP 5 Click Apply . The us er is added to the Running Configuration file of the device. Set t ing Password Complexit y Rules Pa s swor ds ar e used to authenticat e users acce ssing the device.
Secu r ity Configuring T ACACS+ Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 306 17 STEP 4 If the Password C omplexit y Set ti ngs ar e enabled, the f ollowing parameters ma y be c onfigured: • Minimal Pas sword Length —Enter the minimal number of charact ers r equi r ed f or p a ssw or ds.
Security Configuring T ACACS+ 307 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 • Accoun ting —Enable accounting of lo gin ses sions using the T AC ACS+ ser ver . This enable s a syst em administrat or to generat e ac counting reports from the T ACACS+ ser ver .
Secu r ity Configuring T ACACS+ Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 308 17 Def au l t s The f ollowing defaults are r elevant t o this f eature: • No def ault T ACACS+ ser ver is defined by def ault . • If you configure a T ACACS+ ser ver , the acc ounting f eature is disable d by default .
Security Configuring T ACACS+ 309 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 STEP 1 Click Sec ur i ty > TA C A C S + . STEP 2 Enable T ACACS+ Ac counting if required. Se e e xplanation in the Accou nt ing Using a T AC A CS+ S er ver secti on .
Secu r ity Configuring T ACACS+ Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 310 17 • Serve r IP Add r ess/ N a me —Enter the IP address or name of the T ACA CS+ ser ver . • Priorit y —Ent er the order in which this T A CA CS+ ser ver is used.
Security Configur ing R ADIUS 311 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 C onfiguring R ADIUS Remot e Authorization Dial-In User Ser vic e (R ADIUS) ser vers pr ovide a centralized 802. 1 X or MAC-based net work acces s control.
Secu r ity Configuring RADIUS Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 312 17 Interactions With O ther Features Y ou cannot enable acc ounting on both a R ADIUS and T ACA CS+ s er ver . Radius Workflow T o us er a R ADIUS ser ver , do the f ollowing: STEP 1 Open an acc ount f or the devic e on the R ADIUS ser ver .
Security Configur ing R ADIUS 313 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 • Dea d T i m e —Ent er the numb er of minutes that elapse befor e a non- responsive R ADIUS ser ver is bypas se d f or s er vic e r eque sts.
Secu r ity Configuring RADIUS Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 314 17 • Serve r IP Add r ess/ N a me —Enter the R ADIUS ser ver by IP address or name.
Security Configurin g Manageme nt Acc es s Authentication 315 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 STEP 6 T o display sensitive data in plaint e xt f orm in the configuration file, click Displa y Sen sitive Data As Plaintex t .
Secu r ity Defining Management Acc ess Method Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 316 17 • Lo c a l —Us ername and pas swor d are check ed against the data stor ed on the local device . These username and pas sword pairs ar e defined in the User Acc ounts page.
Security Defining Managemen t Ac ce ss Method 317 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 • Sourc e IP Address —IP addres ses or subnets .
Secu r ity Defining Management Acc ess Method Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 318 17 A caution mes sage displays if you selected any other acces s profile, warning you that , depending on the s elected acces s profile, y ou might be disc onnected from the web- base d configuration utilit y .
Security Defining Managemen t Ac ce ss Method 319 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 - All — A p p l ie s t o a l l po r t s, VL A Ns, an d LA G s. - Us er D ef in e d —Applie s t o selected interfac e. • Interfac e —Ent er the interface numb er if User Define d was sele ct ed.
Secu r ity Defining Management Acc ess Method Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 320 17 STEP 1 Click Secu r i ty > Mgmt Ac c es s Metho d > Profile Rules . STEP 2 Select the Filter field, and an acce ss profile.
Security SSL Serve r 321 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 • Interfac e —Ent er the interface numbe r . • Applies to S ource IP Addres s —Select the t ype of s our ce IP address to which the acces s profile applies.
Secu r ity SSL Serve r Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 322 17 T o op en an HTTPS s ession with a us er -creat ed cer tificate, per f orm the f ollowing actions: 1 . G enerat e a cer tificat e. 2. Request that the cer tificat e be cer tified by a CA .
Security SSL Serve r 323 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 - Org ani z ati on Un it— Spe cifies the organization-unit or depar tment name. - Org ani z ati on Na me — Sp ecifies the organization name. - Lo c a t i o n — Specifie s the lo cation or city name.
Secu r ity Configuring T CP /UDP S er vic es Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 324 17 C onfiguring T CP /UDP S e r vic e s The T CP /UDP S er vice s page enables T CP or UDP -base d ser vices on the device, usually f o r securit y reasons .
Security Defining St orm Cont rol 325 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 • Remote IP Addre ss —IP ad dr es s of the remot e device that is requesting the service. • Remote Por t — T CP por t of the remot e device that is requesting the s er vice.
Secu r ity Configuring P or t S ecurit y Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 326 17 STEP 1 Click Secu r i ty > Storm C ontrol . All the fields on this page ar e describ ed in the Edit St orm Control page e x cept f or the Sto rm C o ntrol Rate T hre sh old (%) .
Security Configuring P or t Se curit y 327 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 • Classic Lo ck —All learne d MAC addr es ses on the p or t are locked, and the por t doe s not learn any new MAC addr ess es . The learned address es are not subject to aging or re-learning.
Secu r ity Configuring P or t S ecurit y Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 328 17 • Interfac e —Sele ct the interface name. • Interfac e Status —Select to lock the por t . • Le arning Mode —S elect the t ype of por t lo cking.
Security Configuring 802. 1 X 329 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 • Tr a p —Select to enable traps when a packet is r eceived on a lo ck ed por t . This is relevant f or lo ck violations . F or Classic L ock , this is any new address received.
Secu r ity Configuring 802. 1 X Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 330 17 - Single se s sion/multiple hosts — This f ollows the 802. 1 x standar d. In this mode, the device as an authenticat or allows an y device to use a port as long as it has been granted permis sion.
Security Configuring 802. 1 X 331 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 delimiting charact ers (f or e xample : aaccbb55 ccf f). T o us e MAC-based authentication at a por t : - A Guest VL AN must be defined - The por t must be Gue st VLAN enable d.
Secu r ity Configuring 802. 1 X Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 332 17 The device als o uses the Gue st VLAN for the authentication proces s at por ts configured with Multiple Se ssion mo de and MAC-based authentication.
Security Configuring 802. 1 X 333 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 • Por t-B ase d Authentication —Enable or disable por t-based, 802. 1 X authentication. • Authentication Method —S elect the us er authentication methods.
Secu r ity Configuring 802. 1 X Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 334 17 Configuring U nauthent icated VL ANs When a por t is 802. 1 x-enabled, unauthori zed por ts or device s are not allowed to acce ss a VL AN unle ss the VL AN is a Guest VL AN or an unauthenticat ed VL AN.
Security Configuring 802. 1 X 335 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 • Curren t Port C ontrol —Displa ys the current por t authorization state. If the stat e is Authorized , the por t is either authenticated or the Administrative Por t Control is Fo rc e A ut h or iz e d .
Secu r ity Configuring 802. 1 X Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 336 17 • Authentication Method —S elect the authentication metho d f or the p or t . The options are: - 802. 1 X Only —802. 1 X authentication is the only authentication method per f orme d on the port .
Security Configuring 802. 1 X 337 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 • Re sending E AP —Enter the number of se conds that the devic e waits f or a response to an Exte nsible Authentica tion Prot o col (E AP) request /identit y frame fr om the supplicant (client) bef ore resending the request .
Secu r ity Configuring 802. 1 X Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 338 17 T o define 802. 1X advanced set tings f or p ort s: STEP 1 Click Secu r i ty > 802. 1 X > Ho st and Se s sion Authentication . 802. 1 X authentication parameters ar e describe d f or all p or ts .
Security Defining T ime R ange s 339 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 - Shutdown —Dis car ds the packets and shuts down the por t . The por ts remains shut down until r eactivated, or until the device is re booted.
Secu r ity Denial of S er vice Preven tion Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 340 17 D enial of S er v ic e Preven tion A Denial of S er vic e (DoS) atta ck is a hacker attempt t o mak e a device unavailable to it s u s e rs .
Security Denial of Ser vice Preven tion 341 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 • Mar tian Addr e ss es —Mar tian addresse s are illegal fr om the point of view of the IP prot ocol. Se e Ma r ti an Add r esses f or more details.
Secu r ity Denial of S er vice Preven tion Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 342 17 • Prev ent T CP connections from a specific interface (SYN F iltering page) an.
Security Denial of Ser vice Preven tion 343 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 STEP 1 Click Sec ur i ty > Denial of S er vic e Prevention > Se curit y Suite Set tings . The Sec u ri t y S u i te Settin g s displays.
Secu r ity Denial of S er vice Preven tion Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 344 17 SYN Protec tion The net work por ts might b e used by hackers to attack the device in a S YN attack , which consumes T CP r esources (buf f ers ) and CPU power .
Security Denial of Ser vice Preven tion 345 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 • Curren t Sta tus —Int erface status . The pos sible values are: - Nor m al —No attack was identified on this int er face. - Blo cke d — T raf fic is not f or warded on this interface.
Secu r ity Denial of S er vice Preven tion Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 346 17 STEP 3 T o ad d a Martian addres s click Add . STEP 4 Enter the paramet ers. • IP V e rsion —Indicat es the suppor ted IP version.
Security Denial of Ser vice Preven tion 347 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 - Us er D ef in e d —Enter a por t number . - All P or ts —S elect to indicat e that all por ts ar e filt er ed. STEP 4 Click Apply .
Secu r ity Denial of S er vice Preven tion Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 348 17 STEP 4 Click Apply . The SYN rate pr otection is defined, and the Running Configuration is updated. ICMP F iltering The ICMP Fi ltering page enables the bl ocking of ICMP packets fr om cer tain sources.
Security IP S ource Guard 349 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 • Interfac e —Select the inte r face on which the IP fragmentation is being defined.
Secu r ity IP S ource Guard Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 350 17 - The int er face is DH CP untrusted. All packets on trust e d por ts ar e fo r w a r d e d .
Security IP S ource Guard 351 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 STEP 5 En a b l e I P S o u rc e G u a rd o n t h e u n t r u s te d i n te r f a c e s a s re q u i re d i n t h e S e c u r i t y > I P Source Guard > Int er face S ettings page.
Secu r ity IP S ource Guard Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 352 17 Binding Da tab as e IP Source Guard uses the DHCP Snoopi ng Binding datab ase to check pack ets from untrust ed por ts .
Security Dyn am ic A RP I nspec t io n 353 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 - No S n o op VL A N —DHCP Snooping is not enable d on the VLAN. - Tr u s t e d Por t —P or t has beco me trust ed. - Res ource Problem — TC AM resources are e xhausted.
Secu r ity Dynamic A RP I nspection Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 354 17 Hosts A , B, and C are connected to the swi tch on int er faces A , B and C, all of which are on the same subnet . Their IP , MAC addr e sse s are s hown in par entheses ; f or ex ample, Host A uses IP address IA and MAC address MA .
Security Dyn am ic A RP I nspec t io n 355 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 • If a pack et is valid, it is f or warded and the ARP cache is updated.
Secu r ity Dynamic A RP I nspection Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 356 17 ARP Insp ec tion W ork Flow T o c onfigur e ARP Inspection: STEP 1 Enable ARP Inspection and configure va rious options in the Security > ARP Inspection > Proper ties page.
Security Dyn am ic A RP I nspec t io n 357 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17 - Never — Dis abled SY SL OG dropped packet messag es. STEP 2 Click Apply . The set tings are defined, and the Running Configuration file is updated.
Secu r ity Dynamic A RP I nspection Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 358 17 STEP 4 Click Apply . The set tings ar e defined, and the Running Configuration file is updated.
Security Dyn am ic A RP I nspec t io n 359 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 17.
18 Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 360 S e curit y : S e cure S ensitive Da ta Man agement Secure Sensitive Data (SS D) is an archit ecture that facilitat es the prot e ction of sensitive data on a dev ice, such as passwo rds and k eys.
Security: Secure Sensitive Data Ma nagement SSD R u les 361 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 18 SSD grants read permission to sensitive data on ly to authenticated and authorized users, and according to S SD rules.
Secu r ity: Sec u r e Sen s it ive Da ta Ma nage m e n t SSD R u les Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 362 18 NOTE A device ma y not suppor t all the channels defined by S SD.
Security: Secure Sensitive Data Ma nagement SSD R u les 363 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 18 - (Higher) Plai ntext O nly —Users are permitted to acces s sensitive data i n plainte x t only . Users will also hav e re ad and writ e permis sion to SS D parameters as well.
Secu r ity: Sec u r e Sen s it ive Da ta Ma nage m e n t SSD R u les Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 364 18 * The Read mode of a ses sion can be temporarily changed in the SS D Prop er t ie s pa ge i f the new read m od e doe s not violat e the r ead permission.
Security: Secure Sensitive Data Ma nagement SSD R u les 365 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 18 NOTE When doing a file transf er initiated by an XM L or SNMP c ommand, the underlying pr otocol used is TF TP . Ther ef ore, the SS D rule f or inse cure channel will apply .
Secu r ity: Sec u r e Sen s it ive Da ta Ma nage m e n t SSD Proper tie s Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 366 18 The default rules can be mo dified, but they cannot be deleted. If the SS D default rules have been changed, they can be rest ored.
Security: Secure Sensitive Data Ma nagement SSD Proper tie s 367 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 18 Pas sphrase A pass phrase is the basis of the securit y mechanism in the S SD f eature, and is used to generat e the ke y f or the encr yption and de cr yption of sensitive data.
Secu r ity: Sec u r e Sen s it ive Da ta Ma nage m e n t SSD Proper tie s Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 368 18 automatically changed t o the passphras e in the star tup configuration file, when the star tup configuration be comes the runnin g configuration of the device.
Security: Secure Sensitive Data Ma nagement Configur a tion Files 369 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 18 A device determines whether th e int egrit y of a confi gurati on file is pr ot ect ed by examining the F il e Int egrit y Control command in the file's SS D Control block .
Secu r ity: Sec u r e Sen s it ive Da ta Ma nage m e n t Configur a tion Files Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 370 18 • A te xt-based configuration that doe s not include an SS D indicator is considered not t o contain sensitive data.
Security: Secure Sensitive Data Ma nagement Configur a tion Files 371 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 18 • If there is a pas sphrase in the SS D co ntrol block .
Secu r ity: Sec u r e Sen s it ive Da ta Ma nage m e n t Configur a tion Files Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 372 18 • Wh en co pi ed f r om a so ur ce fi le, th e co p y will f ail if the passphrase in the source file is in plaint e xt .
Security: Secure Sensitive Data Ma nagement Configur a tion Files 373 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 18 • A user with Ex clude permis sion cannot acces s mirror and backup configuration file s with their file SS D indicat or showing either encr ypted or plainte x t sensitive data.
Secu r ity: Sec u r e Sen s it ive Da ta Ma nage m e n t SSD Management Channels Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 374 18 If the device creating the configuration fi le is in Unrestrict ed pas sphrase control mode, the devic e includes the pas sphrase in the file.
Security: Secure Sensitive Data Ma nagement Menu CLI and Passw ord R ec over y 375 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 18 Menu CLI and Pas sword Rec over y The Menu CLI int er face is only allowed to users if their r ead permissions are Both or Plaint e xt Only .
Secu r ity: Sec u r e Sen s it ive Da ta Ma nage m e n t Configuring SSD Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 376 18 STEP 1 Click Secu r i ty > Secu re Sen s it i ve Da ta M a na ge men t > Proper ties .
Security: Secure Sensitive Data Ma nagement Configuring SSD 377 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 18 - Lev e l 1 5 — Indicat es that this rule applies to all users with privile ge level 15. - All— Indicat e s that this rule applies t o all users.
Secu r ity: Sec u r e Sen s it ive Da ta Ma nage m e n t Configuring SSD Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 378 18 • Restore All Rules to D efault— Restor e all user -modified d efault rules to the defaul t rule and r emove all user -defined rules.
Security: Secure Sensitive Data Ma nagement Configuring SSD 379 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 18.
19 Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 380 S e curit y : S SH Client This section de scrib es the device when it functions as a n SS H client .
Security: SSH Client Pro te c tion Me thods 381 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 19 When files are downloaded via TFTP or HT TP , the data transf er is unsecured. When files are do wnloaded via SCP , the inf ormation is downloaded from the SCP ser ver to the device via a secure channel.
Secu r ity: SS H Cl ien t Pr o t ec tio n Me th ods Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 382 19 The username/pas swor d must then be creat ed on the device. When data is transf erred from the ser ver t o the device, the username/pas sword supplied by the device must match the username/password on the ser ver .
Security: SSH Client SSH S er ver Authen ticat ion 383 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 19 When a privat e ke y is cr eat ed on a device, it is als o pos sible to cr eate an ass ociat ed passphr ase . This passphrase is us ed to encr ypt the privat e k ey and t o impor t it int o the remaining switches.
Secu r ity: SS H Cl ien t SSH Client Authen tica tion Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 384 19 S SH Client Authen tication SS H client authen tication by pass wor d is enabled by default, with the username/ pas swor d being “anonymous ”.
Security: SSH Client Be f ore Y o u Begi n 385 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 19 Be f o r e Y o u Be g i n The f ollowing actions must be per f ormed be f ore using the SCP f eature: • When using the pas swor d authentication method, a username/pas sword must be set up on the S S H ser ver .
Secu r ity: SS H Cl ien t Comm on T asks Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 386 19 STEP 4 If the public/private k ey method is being use d, per f orm the f ollowing steps : a. Select whether to use an RS A or D SA key , create a username and then generate the public/privat e k eys.
Security: SSH Client SSH Client Configur a tion Thr ough the GUI 387 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 19 S SH Client Configuration Thr ough the GUI This se ction describ es the pages us ed to configur e the SS H Client f eature.
Secu r ity: SS H Cl ien t SSH Client Configur a tion Thr ough the GUI Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 388 19 • Ke y S o ur c e —Aut o Generat ed or Us er Defined. • Fin g er p ri nt —Fingerprint generat ed from the k e y .
Security: SSH Client SSH Client Configur a tion Thr ough the GUI 389 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 19 STEP 1 Click Sec ur i ty > SSH C l ie n t > Change User Password on SS H Ser ver .
20 Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 390 S e curit y : S SH S er ver This section de scribe s how to establish an S SH s es sion on the device.
Security: SSH Server Common T asks 391 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 20 C ommon T asks This se ction describ es so me common tasks per f ormed using the S SH S er ver fe a t u r e .
Secu r ity: SS H Serve r SSH Se rver Co n fig ur a t io n P ages Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 392 20 S SH S er ver C onfiguration Pages This section de scribe s the pages used to configure the SSH Serv er fe a t u re .
Security: SSH Server SSH S er ver Configura tion Pages 393 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 20 • SSH Us er Authentication by Password —Select to per form authentication of the SS H client user usin g the username/password configured in the local database (see Def i n i n g U ser s ).
Secu r ity: SS H Serve r SSH Se rver Co n fig ur a t io n P ages Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 394 20 STEP 3 Y ou can per f orm an y of the f ollowing actions : • Generate —Generates a k ey of the selected typ e.
Security: SSH Server SSH S er ver Configura tion Pages 395 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 20.
21 Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 396 Access Co n t r o l The Acce ss C ontr ol List (ACL ) f eature is part of the se curity mechanism. ACL definitions ser ve as one of the mechanisms to define tra ffic f lows that ar e given a specific Quality of Ser vice (QoS) .
Access Control Acces s Co n t r ol Li st s 397 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 21 When a pack et mat ches an ACE filt er , the ACE action is tak en and that ACL proces sing is st opped. If the packet does not mat ch the ACE filt er , the ne xt ACE is pr oces sed .
Acce ss Cont ro l De fin in g MA C -b ased AC L s Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 398 21 Crea ting A C Ls W orkflow T o creat e ACLs and asso ciat e them with an int er face, per f orm the f ollowing : 1 . Cr eat e one or mor e of the f ollowing typ es of ACLs: a.
Access Control De f i ni n g M A C- based A C L s 399 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 21 MAC-base d ACLs ar e defined in the MAC Bas ed ACL page. The rule s are defined in the MAC Base d ACE page . T o define a MAC- based ACL: STEP 1 Click A ccess Co n tr o l > MAC-Bas e d A CL .
Acce ss Cont ro l De fin in g MA C -b ased AC L s Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 400 21 • Time Range Name —If T ime Range is sele ct ed, sele ct the time range to be used. T ime range s are defined in the Time Range secti on.
Access Control IPv4-bas ed ACLs 401 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 21 IP v4-b as e d ACLs IP v 4-b ase d ACLs ar e used to check IP v 4 packets, while other t ype s of frames , such as ARPs, are not checked.
Acce ss Cont ro l IPv4-b ase d A CLs Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 402 21 Adding Rule s (ACEs) to an IP v4-B ase d ACL T o ad d rules (ACEs ) to an IPv 4-base d ACL: STEP 1 Click Acc ess Contr ol > IP v4-B as ed ACE .
Access Control IPv4-bas ed ACLs 403 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 21 - UDP —User Datagram Prot ocol - HMP —Host Mapping Prot oc ol - RDP —Reliable Datagram Pr otocol.
Acce ss Cont ro l IPv4-b ase d A CLs Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 404 21 NOTE Giv en a mask of 0000 0000 0000 0000 0000 0 000 1111 1111 (which means that you mat ch on the bits wher e there is 0 and don't match on the bits wher e ther e ar e 1's).
Access Control IPv 6-B ase d A CLs 405 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 21 - IP Precedence t o M at ch —IP precedenc e is a model of T OS (t ype of ser vic e) that the network uses to help pr ovide the appr opriate QoS commitme nts.
Acce ss Cont ro l IPv6 -B ase d ACLs Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 406 21 NOTE AC Ls are also used as the building elemen ts of flow definitions f or per -flow QoS handling (see QoS Ad va n ced M ode ).
Access Control IPv 6-B ase d A CLs 407 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 21 • Time Range —Select to enable limiting the use of the ACL to a specific time range. • Time Range Name —If T ime Range is sele cted, select the time range t o be use d.
Acce ss Cont ro l IPv6 -B ase d ACLs Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 408 21 - Range —Sele ct a range of T CP /UDP source por ts to which the packet is matched. • Dest in a tio n Po rt —Select one of the a vailable values .
Access Control Defining ACL Bin ding 409 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 21 D efining ACL Binding When an ACL is bound t o an int er face, its ACE rules ar e applied to packets arriving at that int erface.
Acce ss Cont ro l Defining ACL B inding Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 410 21 • Permit Any —Select one of the f ollowing options: - . Dis ab le ( Deny A n y) —If packet does not match an A CL, it is denied (dropped) .
Access Control Defining ACL Bin ding 411 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 21.
22 Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 412 Qualit y of S er vic e The Quality of Ser vice f eatur e is applied throughout the network to ensur e that network traf fic is prioritized according t o required crit eria and the desi r ed traf fic r ece ives pr ef erential tr eatment .
Quality of Service QoS Fea tures and Comp onen ts 413 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 22 Q oS Fe a tures and C omp onents The QoS f eatur e is used to optimiz e network per f ormance.
Qualit y of S er vice QoS Fea tures and Comp onents Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 414 22 The header field t o be trusted is ent ered in the Glo bal Set tings page. F or ever y value of that field, an egress queue is as signed where the frame is sent in the CoS/802.
Quality of Service Configuring QoS - General 415 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 22 STEP 3 Assign the sche dule method (Strict Priority or WRR) and bandwidth allocation f or WRR to the egress queue s by using the Queue page.
Qualit y of S er vice Configuring QoS - General Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 416 22 Se tti n g Qo S P r ope rti es To s e l e c t t h e Q o S m o d e : STEP 1 Click Qualit y of Ser vic e > General > QoS P r opert ies .
Quality of Service Configuring QoS - General 417 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 22 C onfiguring Qo S Queues The device suppor ts either 4 or 8 queues f or each int er face (select ed in the Syst em Mode and Stack Management page) .
Qualit y of S er vice Configuring QoS - General Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 418 22 - Strict Priorit y — T raf fic scheduling for the selected queue and all higher queues is bas ed strictly on the queue priority .
Quality of Service Configuring QoS - General 419 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 22 D efa ult Ma ppin g for 8 Q ueu es By changing the CoS/802.
Qualit y of S er vice Configuring QoS - General Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 420 22 • The device is in Q oS Basic mode and C oS/802. 1 p trusted mode • The device is in Q oS Advanced mode and the packets belong to flows that are CoS/802.
Quality of Service Configuring QoS - General 421 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 22 The f ollowing table s des cribe the default DS CP to queue mapping f o r a 4 .
Qualit y of S er vice Configuring QoS - General Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 422 22 Queue 6 6 7 5 4321 DSCP 61 53 45 37 29 21 13 5 Queue 6 6 7 5 4321 DSCP 60 5.
Quality of Service Configuring QoS - General 423 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 22 To m a p D S C P t o q u e u e s : STEP 1 Click Qualit y of Ser vice > General > DS CP to Queue . The DS CP to Queue page contains Ingr es s DS CP .
Qualit y of S er vice Configuring QoS - General Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 424 22 • Commit te d Burst Size (CB S) is the burst of data that is allowed to be sent , even though it is above the CIR. This is defined in number of by tes of data.
Quality of Service Configuring QoS - General 425 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 22 C onfiguring Egres s Shaping p er Queue In addition t o limiting tra nsmission.
Qualit y of S er vice Configuring QoS - General Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 426 22 Rate limiting per VLAN, per formed in the VLAN Ingres s Rate Limit page, enables traffic limiting on VL ANs . When VLAN ingres s rate limiting is configur ed, it limits aggregat e traffic from all the por ts on the devic e.
Quality of Service QoS Ba s i c M od e 427 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 22 T CP C onge stion A voidanc e The T CP C ongestion A voidance page en ables activating a T CP conge stion av oidance algorithm.
Qualit y of S er vice QoS Ba s i c M od e Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 428 22 C onfiguring Global S et tings The Global Set tings page contains information f or enabling T rust on the devic e (see the T rust Mo de field below) .
Quality of Service QoS A dv a nced Mod e 429 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 22 Inter face Q oS S et tings The Int er face Set tings page enables configuring QoS .
Qualit y of S er vice QoS A dv a n ced M ode Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 430 22 quality of s er vices . Thus , a policy contains one or more flows, each with a user defined QoS. • The QoS of a clas s map (flow) is enf or ced by the asso ciating policer .
Quality of Service QoS A dv a nced Mod e 431 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 22 W orkflow to Co nfigure Advanc e d QoS Mo de T o c onfigure Advanced Q oS mode, pe rform the f ollowing: 1 . Select Advanc ed mode f or the syst em by using the QoS Proper ties page .
Qualit y of S er vice QoS A dv a n ced M ode Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 432 22 • CoS/802. 1 p — T raffic is mapped to queues based on the VPT field in the VLAN tag, or b ased on the p er -p or t default CoS/802.
Quality of Service QoS A dv a nced Mod e 433 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 22 If the ex c eed action is Out of Profile DSCP , the devic e r emaps the original DS CP value of the out-of-pr ofile IP packets with a new value base d on the Out of Pr ofile DS CP Mapping T able.
Qualit y of S er vice QoS A dv a n ced M ode Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 434 22 D efining Clas s Mapping A Clas s Map defines a traf fic flow with ACLs (Acces s Control Lists). A MAC ACL, IP ACL, and IP v6 ACL can be combine d int o a class map.
Quality of Service QoS A dv a nced Mod e 435 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 22 • MAC —Select the MAC based ACL f or the class map. • Preferr ed ACL —Sele ct whether pack ets are first mat che d to an IP -base d ACL o r a MAC-b as ed ACL .
Qualit y of S er vice QoS A dv a n ced M ode Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 436 22 Each polic er is defined with its own Q oS specificat ion with a combination of the f ollowing param et ers : • A maximum allowed rate, called a Committed Inf ormation Rat e (CIR), measured in Kbps.
Quality of Service QoS A dv a nced Mod e 437 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 22 • Ingres s Commit te d Burst Size (CB S) —Ent er the ma ximum burst siz e (ev en if it goe s beyond the CIR) in bytes . See the de scription of this in the Bandwidth page.
Qualit y of S er vice QoS A dv a n ced M ode Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 438 22 STEP 4 Click Apply . The QoS p olicy pr ofile is added, an d the Running Configuration file is updated. Policy Clas s Map s One or mor e class maps can be adde d t o a policy .
Quality of Service QoS A dv a nced Mod e 439 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 22 If the new value (0 ..7) is a CoS/802. 1 p priorit y , us e the priority value and the CoS/802. 1 p to Queue T able to det ermine the e gress queue of all the matching pack ets .
Qualit y of S er vice Managing Q oS Sta tis tics Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 440 22 Policy Binding The Policy Binding page shows which policy profile is bound and t o which por t . When a policy profile is bound to a specific por t , it is active on that por t .
Quality of Service Manag ing QoS Sta tistics 441 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 22 Polic er Statistics A Single Policer is bound to a class map from a single policy . An Aggregate P olicer is bound to one or mo re class maps from one or mor e policies .
Qualit y of S er vice Managing Q oS Sta tis tics Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 442 22 Viewing Aggre ga ted Polic er Statistics T o vi ew aggregat ed pol icer statistic s: STEP 1 Click Qualit y of Ser vic e > QoS Sta ti s t i cs > A gg re gat e Po l ic er S t ati s ti c s .
Quality of Service Manag ing QoS Sta tistics 443 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 22 - 60 Se c —Statistics are r efr eshed ever y 60 seconds . • Counter S et — The options are: - Set 1 —Displays the stati stics f or S et 1 that contains all int erfaces and queues w ith a h igh D P (Dr op Preced ence).
Qualit y of S er vice Managing Q oS Sta tis tics Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 444 22 - Se t 1 —Displays the statistics for Set 1 that contains all inter faces and queues with a high DP (Drop Pr eced ence) .
Quality of Service Manag ing QoS Sta tistics 445 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 22.
23 Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 446 SNMP Thi s sec ti on desc ri bes th e Sim pl e Ne two r k Management Pr otocol (S NMP) f e atur e that pr ovides a method f or managing net work devices .
SNMP SNMP V ersions and W ork flow 447 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 23 SNMP v1 and v2 T o control acces s to the syst em, a list of communit y entries is define d. Each communit y entr y c onsists of a comm unit y strin g and its acce ss privilege.
SNMP SNMP V ersions and Workflow Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 448 23 If you decide to use S NMP v 1 or v 2: STEP 1 Navigat e to the SNMP -> C ommunities page and click Add . The community can be as sociated with acc es s rights and a view in Ba sic mode or with a group in Advanced mode.
SNMP Model OIDs 449 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 23 STEP 7 Define a notification r ecipient(s ) by us ing the Notification Recipients S NMP v3 page. Supp or te d MIBs F or a list of suppor ted MIBs, visit the f ollowing URL and navigat e t o the download ar ea list ed as Cisco MIB S : ww w .
SNMP SNMP Engine ID Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 450 23 The privat e Object IDs are placed under : enterprises ( 1 ).cis co ( 9).otherEnterprises (6). cisco sb( 1 ).switch001 ( 101 ). SNMP Engine ID The Engine ID is used by S NMPv3 entiti es to uniquely identify them.
SNMP SNMP Engine ID 451 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 23 L ocal inf ormation is stor ed in f our MIB va riable s that are r ead-only ( snmpEngineId, snmpEngineBoots , snmpEngineT ime, and snmpEngineMaxMess ageSiz e).
SNMP Configuring SNMP V iews Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 452 23 - Link L o cal — The IP v6 addres s uniquely identifies hosts on a single network link . A link lo cal address has a prefix of FE80 , is not r outable, and can be use d f or c ommunication only on the local net work .
SNMP Crea ting SNMP Groups 453 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 23 • Obje ct ID Subtree —Select the node in the MIB tr e e that is included or ex clude d in the selected SNMP view . The options to select the object are as f ollows : - Se lect from list —Enables you t o navigat e the MIB tree.
SNMP Crea ting SNMP Groups Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 454 23 • Privacy —SNMP frame s can carr y encr ypted data.
SNMP Managing SNMP Users 455 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 23 - Auth en tica ti on a nd P rivac y —Authenticat es SNMP me ssage s, and encr ypts them.
SNMP Managing SNMP Us ers Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 456 23 T o disp la y S NMP users and define new ones : STEP 1 Click SNMP > Us ers . This page contains existing users. STEP 2 Click Add. This page provides inf ormation f or assigning S NMP acc es s control privileges to SNM P use rs.
SNMP Defining SNMP Communit ies 457 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 23 • Authentication Password —If authentication is accomplished by either a MD5 or a SHA pas sword, ent er the local user pas swor d in either Encr ypted or Plain te xt .
SNMP Defining SNMP Communities Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 458 23 T o define S NMP communitie s: STEP 1 Click SNMP > Com m un it ies . This page contains a table of c onfigur ed SNM P communities and their proper ties .
SNMP De f i ni n g T r a p Se ttin gs 459 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 23 Read Writ e—Management acc es s is r ead-writ e.
SNMP Notifi ca tion R ecipients Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 460 23 Notific a tion Re cipients T rap me ssage s ar e generat ed to r epor t syst em events, as defined in RFC 1215. The system can generat e traps defined in the MIB that it supp or ts.
SNMP Notifica tion Recipients 461 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 23 • IP V ersion —S elect either IP v 4 or IPv6. • IP v 6 Addres s Typ e —Select either Link L o cal or Glo ba l . - Link L ocal — The IP v6 address uniquely identifie s hosts on a single network link .
SNMP Notifi ca tion R ecipients Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 462 23 D efining SNMP v3 Notification Recipients T o define a recipient in S NMP v3: STEP 1 Click SNMP > Notific a tion Recipients SNMP v3 . This page contains recipients f or SNMP v3.
SNMP SNMP Notifi ca tion F ilters 463 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 23 • User Name —Sele ct from the dr op-down list the user to whom SNMP notifications ar e sent . In order t o r eceive notifications , this user must be defined on the SN MP User page, and its engine ID must be r emot e.
SNMP SNMP Notification F ilters Cisco Small Busines s 300 Series Mana ged Switch Administration Guide 464 23 T o define a notification filter : STEP 1 Click SNMP > Notific a tion Filter . The Notification Filt er page contains no tification inf o rmation f or each filter .
SNMP SNMP Notifi ca tion F ilters 465 Cisco Small Busines s 300 Series Ma naged Switch Administration Guide 23.
© 2010-2013 Cisc o Syst ems, Inc. All rights reser ved. 78- 19308- 01 Cisco and the Cisco logo are trademarks or registere d trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a li st of Cisco trademarks, go to this URL: www.
Un point important après l'achat de l'appareil (ou même avant l'achat) est de lire le manuel d'utilisation. Nous devons le faire pour quelques raisons simples:
Si vous n'avez pas encore acheté Cisco Systems SRW224G4K9AR c'est un bon moment pour vous familiariser avec les données de base sur le produit. Consulter d'abord les pages initiales du manuel d'utilisation, que vous trouverez ci-dessus. Vous devriez y trouver les données techniques les plus importants du Cisco Systems SRW224G4K9AR - de cette manière, vous pouvez vérifier si l'équipement répond à vos besoins. Explorant les pages suivantes du manuel d'utilisation Cisco Systems SRW224G4K9AR, vous apprendrez toutes les caractéristiques du produit et des informations sur son fonctionnement. Les informations sur le Cisco Systems SRW224G4K9AR va certainement vous aider à prendre une décision concernant l'achat.
Dans une situation où vous avez déjà le Cisco Systems SRW224G4K9AR, mais vous avez pas encore lu le manuel d'utilisation, vous devez le faire pour les raisons décrites ci-dessus,. Vous saurez alors si vous avez correctement utilisé les fonctions disponibles, et si vous avez commis des erreurs qui peuvent réduire la durée de vie du Cisco Systems SRW224G4K9AR.
Cependant, l'un des rôles les plus importants pour l'utilisateur joués par les manuels d'utilisateur est d'aider à résoudre les problèmes concernant le Cisco Systems SRW224G4K9AR. Presque toujours, vous y trouverez Troubleshooting, soit les pannes et les défaillances les plus fréquentes de l'apparei Cisco Systems SRW224G4K9AR ainsi que les instructions sur la façon de les résoudre. Même si vous ne parvenez pas à résoudre le problème, le manuel d‘utilisation va vous montrer le chemin d'une nouvelle procédure – le contact avec le centre de service à la clientèle ou le service le plus proche.