Page 1 ADMINISTRATION GUIDE Cisco 500 Series Stackable Managed Switch Administration Guide 10/100 Switches SF500-24, SF500-24P, SF500-48, SF500-48P Gigabit Switches SG500-28, SG500-28P, SG500X-24, SG500X 24P, SG500X-48, SG500X-48P,SG500-52, SG500-52P...
Page 2: Table Of Contents
Upgrade/Backup Firmware/Language Selecting the Active Image Downloading or Backing-up a Configuration or Log Displaying Configuration File Create Date Setting DHCP Auto Configuration Chapter 5: Stack Management Overview Types of Units in Stack Stack Mode Cisco 500 Series Stackable Managed Series Switches...
Page 3 Monitoring the Fan Status and Temperature Defining Idle Session Timeout Pinging a Host Traceroute Chapter 7: System Time System Time Options Configuring System Time Adding a Unicast SNTP Server Adding Multicast Reception/Transmission Defining SNTP Authentication Cisco 500 Series Stackable Managed Series Switches...
Page 4 What is a Smartport Smartport Types Smartport Macros Macro Failure and the Reset Operation How the Smartport Feature Works Auto Smartport Error Handling Default Configuration Relationships with Other Features and Backwards Compatibility Common Smartport Tasks Cisco 500 Series Stackable Managed Series Switches...
Page 5 Configuring STP Status and Global Settings Defining Spanning Tree Interface Settings Configuring Rapid Spanning Tree Settings Multiple Spanning Tree Defining MSTP Properties Mapping VLANs to a MSTP Instance Defining MSTP Instance Settings Defining MSTP Interface Settings Cisco 500 Series Stackable Managed Series Switches...
Page 6 Chapter 17: Configuring IP Information Management and IP Interfaces Defining VRRP Defining IPv4 Routes Defining RIP Access Lists IP Isolation Configuring ARP Enabling ARP Proxy Defining UDP Relay Domain Name Systems Chapter 18: Configuring Security Cisco 500 Series Stackable Managed Series Switches...
Page 7 Option 82 Interactions Between DHCP Snooping, DHCP Relay and Option 82 DHCP Snooping Binding Database DHCP GUI Chapter 20: Access Control Access Control Lists Defining MAC-based ACLs IPv4-based ACLs IPv6-based ACLs Defining ACL Binding Cisco 500 Series Stackable Managed Series Switches...
Page 8 How the RIP Protocol Works How RIP Operates on the Device Configuring RIP With CLI Commands Configuring RIP Through the WEB GUI How to Configure RIP - an Example Chapter 24: VRRP Overview VRRP Features Cisco 500 Series Stackable Managed Series Switches...
Page 9 Configuring VRRP With CLI Commands Configuring VRRP Through Web GUI Chapter 25: Console Menu Interface Connecting By Using a Terminal Emulation Application Connecting By Using Telnet Console Configuration Menu Navigation Console Interface Main Menu Cisco 500 Series Stackable Managed Series Switches...
Page 10: Chapter 1: Getting Started
Advanced. Select the option Raise or lower windows. • If you have multiple IPv6 interfaces on your management station, use the IPv6 global address instead of IPv6 link local address to access the switch from your browser. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 11: Launching The Configuration Utility
IP address, the power LED is on solid. Logging In The default username is cisco and the default password is cisco. The first time that you log in with the default username and password, you are required to enter a new password.
Page 12: Logging Out
Getting Started Starting the Web-based Switch Configuration Utility If this is the first time that you logged on with the default user ID (cisco) and the STEP 3 Change Password default password (cisco) or your password has expired, the Page opens. See Password Expiration for additional information.
Page 13: Quick Start Switch Configuration
Link Name (on the Page) Linked Page System Mode and Stack Initial Setup Change System Mode Management page TCP/UDP Services Change Management page Applications and Services IPv4 Interface Change Device IP Address page Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 14 Configure Port Mirroring page There are two hot links on the Getting Started page that take you to Cisco web pages for more information. Clicking on the Support link takes you to the switch product support page, and clicking on the Forums link takes you to the Small Business Support Community page.
Page 15 Slot Number - The slot number is either 1 or 2. Slot number 1 identifies an SG500 or SG500X device. Slot number 2 identifies an SF500. • Interface Number: Port, LAG, tunnel or VLAN ID Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 16: Window Navigation
Running Configuration. Username Displays the name of the user logged on to the switch. The default username is cisco. (The default password is cisco.) Language Menu Select a language or load a new language file into the switch.
Page 17: Management Buttons
Running Configuration. Click Close to return to the main page. Click Save to display the Copy/Save Configuration page and save the Running Configuration to the Startup Configuration file type on the switch. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 18 Select the entry in the table to be deleted and click Delete to remove entries from a table. The entry is deleted. Details Click to display the details associated with the entry selected on the main page. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 19 2. Click Close to return to the main page. Enter the query filtering criteria and click Go. The results are displayed on the page. Test Click Test to perform the related tests. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 20: Chapter 2: Viewing Statistics
The Interface page displays traffic statistics per port. The refresh rate of the information can be selected. This page is useful for analyzing the amount of traffic that is both sent and received and its dispersion (Unicast, Multicast, and Broadcast). Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 21: Viewing Ethernet Interfaces
Broadcast Packets—Good Broadcast packets transmitted. To clear statistics counters: • Click Clear Interface Counters to clear counters for the interface displayed. • Click Clear All Interface Counters to clear counters for all interfaces. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 22: Viewing Etherlike Statistics
Pause Frames Transmitted—Flow control pause frames transmitted from the selected interface. To clear statistics counters: • Click Clear Interface Counters to clear the selected interface’s counters. • Click Clear All Interface Counters to clear the counters of all interfaces. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 23: Viewing Gvrp Statistics
• Invalid Protocol ID—Invalid protocol ID errors. • Invalid Attribute Type—Invalid attribute ID errors. • Invalid Attribute Value—Invalid attribute value errors. • Invalid Attribute Length—Invalid attribute length errors. • Invalid Event—Invalid events. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 24: Viewing 802.1X Eap Statistics
EAP Response Frames Received—EAP Response frames received by the port (other than Resp/ID frames). • EAP Request/ID Frames Transmitted—EAP Req/ID frames transmitted by the port. • EAP Request Frames Transmitted—EAP Request frames transmitted by the port. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 25: Viewing Tcam Utilization
There is also a listing for the number of Max TCAM Entries. TCAM Rules Table 1 lists all processes that can allocate TCAM rules. Each process has its specific allocation policy. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 26 MAC- based VLANs (two rules per VLAN). VLAN Rate Per port 1 global rule Limiting or switch per VLAN additional rate limit. rule is created for each Permit rule on the interface. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 27: Managing Rmon
Packet length is greater than MRU byte size • Collision event has not been detected • Late collision event has not been detected • Rx error event has not been detected • Packet has a valid CRC Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 28 A Jabber packet is defined as an Ethernet frame that satisfies the following criteria: Packet data length is greater than MRU Packet has an invalid CRC Rx Error Event has not been detected Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 29: Configuring Rmon History
To enter RMON control information: Click Status and Statistics > RMON > History. The History Control Table page is STEP 1 displayed. The fields displayed on this page are defined in the Add RMON History Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 30: Viewing The Rmon History Table
Click History Table to go to the History Table page. STEP 3 From the History Entry No. list, select the entry number to display the samples STEP 4 associated with that history entry. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 31 FCS (Frame Check Sequence) with an integral number of octets (FCS Error) or a bad FCS with a non-integral octet (Alignment Error) number. • Collisions—Collisions received. • Utilization—Percentage of current interface traffic compared to maximum traffic that the interface can handle. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 32: Defining Rmon Events Control
Time—The time of the event. (This is a read-only table in the parent window and cannot be defined). • Owner—Enter the device or user that defined the event. Click Apply. The RMON event is written to the Running Configuration file. STEP 4 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 33: Viewing The Rmon Events Logs
The Alarms page provides the ability to configure alarms and to bind them with events. Alarm counters can be monitored by either absolute values or changes (delta) in the counter values. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 34 Rising is defined by crossing the threshold from a low-value threshold to a higher-value threshold. Rising Alarm—A rising value triggers the rising threshold alarm. Falling Alarm—A falling value triggers the falling threshold alarm. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 35 Interval—Enter the alarm interval time in seconds. • Owner—Enter the name of the user or network management system that receives the alarm. Click Apply. The RMON alarm is written to the Running Configuration file. STEP 4 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 36: Chapter 3: Managing System Logs
(-) on each side (except for Emergency that is indicated by the letter F). For example, the log message "%INIT-I-InitCompleted: … " has a severity level of I, meaning Informational. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 37 The aggregated messages are sent in the order of their arrival. Each message states the number of times it was aggregated. • Max Aggregation Time—Enter the interval of time that SYSLOG messages are aggregated. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 38: Setting Remote Logging Settings
Global—The IPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks. • Link Local Interface—Select the link local interface (if IPv6 Address Type Link Local is selected) from the list. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 39: Viewing Memory Logs
The RAM Memory page displays all messages that were saved in the RAM (cache) in chronological order. Entries are stored in the RAM log according to the configuration in the Log Settings page. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 40: Flash Memory
• Log Index—Log entry number. • Log Time—Time when message was generated. • Severity—Event severity. • Description—Message text describing the event. To clear the messages, click Clear Logs. The messages are cleared. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 41: Chapter 4: Managing System Files
Running Configuration—Contains parameters that are currently being used by the switch to operate. This is the only file type that is modified by you when parameter values are modified, and these changes must be Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 42 Backup Configuration—A manual copy of a configuration file used for protection against system shutdown or for the maintenance of a specific operating state. You can copy the Mirror Configuration, Startup Configuration, or Running Configuration to a Backup Configuration file. The Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 43 Copying Configuration Files section. • Enable automatically uploading a configuration file from a TFTP server to the switch, from a DHCP server, as described in the Setting DHCP Auto Configuration section. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 44: Upgrade/Backup Firmware/Language
Import or upgrade a second language file The following methods for transferring files are supported: • HTTP/HTTPS that uses the facilities provided by the browser • TFTP that requires a TFTP server Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 45 (the old version) until you change the status of the new image to be the active image by using the procedure in the Selecting the Active Image section. Then boot the switch by using the process described in the Rebooting the Switch section. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 46 Link Local Interface—Select the link local interface (if IPv6 is used) from the list. TFTP Server IP Address/Name—Enter the IP address or the domain name of the TFTP server. g. Source File Name—Enter the name of the source file. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 47 STEP 5 Language Files You can remove a second language file from the switch (if a second language file installed). When you open the Language menu, you will see the option Delete Language. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 48: Selecting The Active Image
The Active Image Version Number After Reboot displays the firmware version of the active image that is used after the switch is rebooted. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 49: Downloading Or Backing-Up A Configuration Or Log
Enter the following fields: a. Server Definition—Select whether to specify the TFTP server by IP address or by domain name. b. IP Version—Select whether an IPv4 or an IPv6 address is used. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 50 • Global—The IPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks. c. Link-Local Interface—Select the link local interface from the list. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 51 Files and File Types section.) b. Click Apply. The Download/Backup Configuration/Log window displays. Click Done. The file is upgraded or backed up on the switch (depending upon the STEP 5 file type). Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 52: Displaying Configuration File Create Date
Unless the Running Configuration is copied to the Startup Configuration or another CAUTION configuration file, all changes made since the last time the file was copied are lost when the switch is rebooted. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 53: Setting Dhcp Auto Configuration
DHCP renewal request, and if the switch and the server are configured to do so, the switch transfers a configuration file from the TFTP server identified to the switch by DHCP. This process is known as auto configuration. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 54 TFTP server to be used if no TFTP server IP address was specified in the DHCP message. • Backup Configuration File—Enter the path and file name of the file to be used if no configuration file name was specified in the DHCP message. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 55 DHCP server into the Startup Configuration file, and initiates a reboot. If the values match, no action is taken. Click Apply. The DHCP Auto Configuration feature is updated in the Running STEP 4 Configuration. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 56: Chapter 5: Stack Management
• Stack Topology • Unit ID Assignment • Master Selection Process • Stack Changes and Unit ID Assignment • Unit Failure in Stack • Software Auto Synchronization in Stack • Stack Configuration Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 57: Overview
Network capacity can be expanded or contracted dynamically. By adding a unit, the administrator can dynamically increase the number of ports in the stack while maintaining a single, logically-managed device. Similarly, units can be removed to decrease network capacity. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 58: Types Of Units In Stack
In order for a group of units to function as a stack, there must be a master and/or backup unit. When the master unit fails, the stack continues to function as long as there is a backup unit (the active unit that assumes the master role). Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 59: Stack Mode
Native to mode is not Standalone Startup Layer 3 mode Startup specifically set Configuration is is always Configuration is before reboot, the removed. supported. removed. device is in Layer 2 mode after reboot. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 60: Stack Ports
All the stack ports on a device operates in standalone mode will automatically become regular Ethernet network ports. The stack ports do not support 1G auto negotiation. NOTE Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 61 1G SFP Module MGBT1 1G SFP Module MGBLX1 1G SFP Module MGBBX1 100Mbs SFP 100Mbs Module MFELX1 supported supported supported supported supported 100Mbs SFP 100Mbs Module MFEFX1 supported supported supported supported supported Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 62 According According According According Forced user Forced user Forced user Forced user speed speed speed speed EPROM EPROM EPROM EPROM speed speed speed speed 1G speed 1G speed 1G speed 10G speed Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 63: Stack Topology
This is continued until all units in the stack are connected (except for the first and last one). Figure 2 shows a chain topology: Figure 2 Stack in Chain Topology Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 64: Topology Discovery
Inserting other slave units to the stack, for instance because the units were previously disconnected from the stack, due to failure. This might happen in chain topology if a unit in the middle of the stack fails. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 65 During topology discovery, each unit in a stack exchanges packets, which contain topology information. After the topology discovery process is completed, each unit contains the stack mapping information table of all units in the stack. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 66: Unit Id Assignment
Figure 4 Duplicate Unit Shut Down In the figure above, Unit 1 does not join the stack and is shut down. It did not win the master selection process between the master-enabled units (1 or 2). Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 67 Figure 6 Duplication Between Two Units With Auto Number Unit ID If a new stack has more than the maximum number of units (4), all extra units are shut down. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 68: Master Selection Process
2 after the master selection process. Otherwise, the stack and all its units are partially shut down, not as a complete power-off, but in a condition where the LEDs are still on, but traffic-passing capabilities are halted. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 69 No duplicate unit IDs exist. Units with user-defined IDs retain their unit ID. Units with automatically-assigned IDs retain their unit ID. Factory default units receive unit IDs automatically, beginning from the lowest available ID. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 70 The existing units retain their ID. The new unit receives the lowest available ID. Figure 8 Auto Number Unit Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 71 Unit ID 1 joins a stack that already has a master unit with user-assigned unit ID 1. Unit 1 does not join the stack and is shutdown. Figure 9 User-assigned Master-enabled Unit Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 72: Unit Failure In Stack
This minimizes data traffic interruption in units. After the backup unit has completed the transition to the master state, it starts initializing the slave units one at a time by performing the following operations: Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 73 (unit 2, which was the original backup unit) is rebooted and becomes the backup once again. Note that during master/backup failover, the up time of the backup unit is retained. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 74: Stack Configuration
L3 and L2 mode. Standalone—Device is not part of a stack. Native Stacking—Device is part of a stack. • Stack Topology—Displays which topology is in use with the stack, Chain or Ring. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 75 Auto—The unit ID of the unit is automatically assigned by the master of the stack. 1,2,3,4—The unit ID of the unit is manually assigned to either 1, 2, 3 ,or 4. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 76 Stack Port Speed—The speed of the network ports for connecting to neighbor units in the stack after reboot. Click Apply and Reboot to reboot the device with the new settings. STEP 4 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 77: Chapter 6: General Administrative Information And Operations
(PoE) status, and other items. Displaying the System Summary To view system information, click Status and Statistics > System Summary. The System Summary page opens. System Summary page displays system and hardware information. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 78 If the system is in stack mode, the Firmware Version number NOTE shown on the GUI is based on the version of the master. • Firmware MD5 Checksum (Active Image)—MD5 checksum of the active image. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 79 Port Management > PoE > Properties page. This page shows the PoE power information on a per unit basis. The units in the stack are displayed graphically, along with the following information for each unit: Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 80 When the user defines a login banner from the web interface, it also NOTE activates the banner for the CLI interfaces (Console, Telnet, and SSH). Click Apply to set the values in the Running Configuration file. STEP 3 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 81: Switch Models
SF500-24 SF500-24-K9 24-Port 10/100 Stackable Managed Switch SF500-24P SF500-24P-K9 24-Port 10/100 PoE Stackable 180W Managed Switch SF500-48 SF500-48-K9 48-Port 10/100 Stackable Managed Switch SF500-48P SF500-48P-K9 48-Port 10/100 PoE Stackable 375W Managed Switch Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 82 24-Port Gigabit with 4-Port 10- 375W Gigabit PoE Stackable Managed Switch SG500X-48 SG500X-48-K9 48-Port Gigabit with 4-Port 10- Gigabit Stackable Managed Switch SG500X-48P SG500X-48P-K9 48-Port Gigabit with 4-Port 10- 375W Gigabit PoE Stackable Managed Switch Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 83: Rebooting The Switch
Configuration (for example connect the switch by local terminal and run the appropriate CLI to disable the auto configuration feature) so the switch does not automatically download a configuration from a local server. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 84: Tcam Allocation
On the 500X models, Click Administration > IP TCAM Allocation Settings. appropriate page opens. The following fields are displayed for the SG500X device: • IPv4 Routes—Displays the number of IPv4 routes entries used and available. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 85 TCAM allocation. If it is incorrect, an error message is displayed. If it is correct, the allocation is copied to the Running Configuration file. Click Apply and an automatic reboot is performed using the new settings. STEP 4 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 86: Monitoring The Fan Status And Temperature
Select the timeout for the each session from the corresponding list. The default STEP 2 timeouts are 10 minutes. Click Apply to set the configuration settings on the switch. STEP 3 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 87: Pinging A Host
Choose to use the default or specify your own value. • Number of Pings—The number of times the ping operation will be performed. Choose to use the default or specify your own value. • Status—Displays whether the ping succeeded or failed. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 88: Traceroute
Global—The IPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks. • Link Local Interface—If the IPv6 address type is Link Local, select from where it is received. • Host IP Address/Name—Enter the host address or name. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 89 • Host—Displays a stop along the route to the destination. • Round Trip Time (1-3)—Displays the round trip time in (ms) for the 1-3rd frame and the status of the 1-3rd operation. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 90: Chapter 7: System Time
System time can be set manually by the user, dynamically from an SNTP server, or synchronized from the PC running the GUI. If an SNTP server is chosen, the manual time settings are overwritten when communications with the server are established. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 91 The Time Zone and DST can be set on the switch in the following ways: • Dynamic configuration of the switch through a DHCP server, where: Dynamic DST, when enabled and available, always takes precedence over the manual configuration of DST. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 92: Sntp Modes
The switch supports having all of the above modes active at the same time and selects the best system time received from an SNTP server, according to an algorithm based on the closest stratum (distance from the reference clock). Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 93: Configuring System Time
Manual Settings—Set the date and time manually. The local time is used when there is no alternate source of time, such as an SNTP server: • Date—Enter the system date. • Local Time—Enter the system time. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 94 To—Day and time that DST ends. Selecting Recurring allows different customization of the start and stop of DST: • From—Date when DST begins each year. —Day of the week on which DST begins every year. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 95: Adding A Unicast Sntp Server
The preferred server, or hostname, is chosen according to its stratum level. • Poll Interval—Displays whether polling is enabled or disabled. • Authentication Key ID—Key Identification used to communicate between the SNTP server and switch. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 96 Internet and configured with a DNS server or configured so that a DNS server is identified by using DHCP. (See the Defining DNS Servers section.) • IP Version—Select the version of the IP address: Version 6 or Version 4. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 97 Authentication Key ID—If authentication is enabled, select the value of the key ID. (Create the authentication keys using the SNTP Authentication page.) Click Apply. The STNP server is added, and you are returned to the main page. STEP 5 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 98: Defining Sntp Authentication
The authentication key is created on the SNTP server in a separate process that depends on the type of SNTP server you are using. Consult with the SNTP server system administrator for more detail on this. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 99 Trusted Key—Select to enable the switch to receive synchronization information only from a SNTP server by using this authentication key. Click Apply. The SNTP Authentication parameters are written to the Running STEP 6 Configuration file. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 100: Chapter 8: Managing Device Diagnostics
Copper Test page. Preconditions to Running the Copper Port Test Before running the test, do the following: • (Mandatory) Disable Short Reach mode (see the Port Management > Green Ethernet > Properties page) Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 101 Unknown Test Result—Error has occurred. • Distance to Fault—Distance from the port to the location on the cable where the fault was discovered. • Operational Port Status—Displays whether port is up or down. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 102: Msa-Compatible Sfps
MFELX1: 100BASE-LX SFP transceiver, for single-mode fiber, 1310 nm wavelength, supports up to 10 km. The following GE SFP (1000Mbps) transceivers are supported: • MGBBX1: 1000BASE-BX-20U SFP transceiver, for single-mode fiber, 1310 nm wavelength, supports up to 40 km. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 103: Configuring Port And Vlan Mirroring
A network analyzer connected to the monitoring port processes the data packets for diagnosing, debugging, and performance monitoring. Up to eight sources can be mirrored. This can be any combination of eight individual ports and/or VLANs. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 104 Not Ready—Either source or destination (or both) are down or not forwarding traffic for some reason. Add Port and VLAN Mirroring Click Add to add a port or VLAN to be mirrored. The STEP 2 page opens. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 105: Viewing Cpu Utilization And Secure Core Technology
SCT is enabled by default on the device and cannot be disabled. There are no interactions with other features. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 106 X axis is the sample number. Select the Refresh Rate (time period in seconds) that passes before the statistics STEP 4 are refreshed. A new sample is created for each time period. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 107: Chapter 9: Configuring Discovery
Services configuration on the page. When Bonjour Discovery and IGMP are both enabled, the IP Multicast address of Bonjour is displayed on the Adding IP Multicast Group Address. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 108 If an IP address is changed, that change is advertised. If Bonjour is disabled, the switch does not send Bonjour Discovery advertisements and it does not listen for Bonjour Discovery advertisements sent by other devices. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 109: Lldp And Cdp
Apply). LLDP and CDP LLDP (Link Layer Discovery Protocol) and CDP (Cisco Discovery Protocol) are link layer protocols for directly connected LLDP and CDP capable neighbors to advertise themselves and their capabilities to each other. By default, the switch sends an LLDP/CDP advertisement periodically to all its interfaces and terminates and processes incoming LLDP and CDP packets as required by the protocols.
Page 110: Configuring Lldp
LLDP incapable devices flood the CDP/LLDP packets. Configuring LLDP This section describes how to configure LLDP. It covers the following topics: • LLDP Overview • Setting LLDP Properties • Editing LLDP Port Settings • LLDP MED Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 111: Lldp Overview
2. Configure LLDP per port by using the page On this page, interfaces can be configured to receive/transmit LLDP PDUs, send SNMP notifications, specify which TLVs to advertise, and advertise the switch's management address. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 112: Setting Lldp Properties
Hold Multiplier is 4, then the LLDP packets are discarded after 120 seconds. • Reinitializing Delay—Enter the time interval in seconds that passes between disabling and reinitializing LLDP, following an LLDP enable/disable cycle. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 113: Editing Lldp Port Settings
Administrative Status—Select the LLDP publishing option for the port. The values are: Tx Only—Publishes but does not discover. Rx Only—Discovers but does not publish. Tx & Rx—Publishes and discovers. Disable—Indicates that LLDP is disabled on the port. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 114 802.3 Maximum Frame—Maximum frame size capability of the MAC/ PHY implementation. The following fields relate to the Management Address: • Advertisement Mode—Select one of the following ways to advertise the IP management address of the switch: Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 115: Lldp Med
Voice over Internet Protocol (VoIP), Emergency Call Service (E-911) by using IP Phone location information. • Troubleshooting information. LLDP MED sends alerts to network managers upon: Port speed and duplex mode conflicts QoS policy misconfigurations Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 116 Add LLDP MED Network Policy To define a new policy, click Add and the page STEP 4 opens. Enter the values. STEP 5 • Network Policy Number—Select the number of the policy to be created. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 117: Configuring Lldp Med Port Settings
The message at the top of the page indicates whether the generation of the LLDP STEP 2 MED Network Policy for the voice application is automatic or not (see LLDP Overview). Click on the link to change the mode. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 118 • Location (ECS) ELIN—Enter the Emergency Call Service (ECS) ELIN location to be published by LLDP. Click Apply. The LLDP MED port settings are written to the Running Configuration STEP 5 file. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 119: Displaying Lldp Port Status
• Remote PoE—PoE information advertised by the neighbor. • # of neighbors—Number of neighbors discovered. • Neighbor Capability of 1st Device—Displays the primary functions of the neighbor, for example: Bridge or Router. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 120: Displaying Lldp Local Information
The address consists of the following elements: • Address Subtype—Type of management IP address that is listed in the Management Address field, for example, IPv4. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 121 Low Power Idle (LPI mode). • Remote Tx Echo—Indicates the local link partner’s reflection of the remote link partner’s Tx value. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 122 Software Revision—Software version. • Serial Number—Device serial number. • Manufacturer Name—Device manufacturer name. • Model Name—Device model name. • Asset ID—Asset ID. Location Information • Civic—Street address. • Coordinates—Map coordinates: latitude, longitude, and altitude. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 123: Displaying Lldp Neighbors Information
Chassis ID—Identifier of the 802 LAN neighboring device's chassis. • Port ID Subtype—Type of the port identifier that is shown. • Port ID—Identifier of port. • System Name—Published name of the switch. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 124 Enabled System Capabilities—Primary enabled function(s) of the device. Management Address Table • Address Subtype—Managed address subtype, for example, MAC or IPv4. • Address—Managed address. • Interface Subtype—Port subtype. • Interface Number—Port number. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 125 Aggregation Port ID—Advertised aggregated port ID. 802.3 Energy Efficient Ethernet (EEE) • Remote Tx—Indicates the time (in micro seconds) that the transmitting link partner waits before it starts transmitting data after leaving Low Power Idle (LPI mode). Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 126 • Hardware Revision –Hardware version. • Firmware Revision—Firmware version. • Software Revision—Software version. • Serial Number—Device serial number. • Manufacturer Name—Device manufacturer name. • Model Name—Device model name. • Asset ID—Asset ID. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 127 VLAN ID—VLAN ID for which the network policy is defined. • VLAN Type—VLAN type, Tagged or Untagged, for which the network policy is defined. • User Priority—Network policy user priority. • DSCP—Network policy DSCP. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 128: Accessing Lldp Statistics
PDU size supported by an interface. LLDP Overloading page displays the number of bytes of LLDP/LLDP-MED information, the number of available bytes for additional LLDP information, and the overloading status of every interface. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 129 Size (Bytes) —Total LLDP MED network policies packets byte size. Status —If the LLDP MED network policies packets were sent, or if they were overloaded. • LLDP MED Extended Power via MDI Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 130 —If the LLDP MED inventory packets were sent, or if they were overloaded. • Total (Bytes)—Total number of bytes of LLDP information in each packet • Left to Send (Bytes)—Total number of available bytes left for additional LLDP information in each packet. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 131: Configuring Cdp
• Viewing CDP Statistics Setting CDP Properties Similar to LLDP, CDP (Cisco Discovery Protocol) is a link layer protocol for directly connected neighbors to advertise themselves and their capabilities to each other. Unlike LLDP, CDP is a Cisco proprietary protocol.
Page 132 Source Interface—IP address to be used in the TLV of the frames. The following options are possible: Use Default—Use the IP address of the outgoing interface. User Defined—Use the IP address of the interface (in the Interface field) in the address TLV. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 133: Editing Cdp Interface Settings
CDP Status—CDP publishing option for the port. • Reporting Conflicts with CDP Neighbors—Displays the status of the reporting options that are enabled/disabled in the Edit page (Voice VLAN/ Native VLAN/Duplex). • No. of Neighbors—Number of neighbors detected. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 134 Enter the relevant information, and click Apply. The port settings are written to the STEP 3 Running Configuration. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 135: Displaying Cdp Local Information
• Native VLAN TLV Native VLAN—The native VLAN identifier advertised in the native VLAN TLV. • Full/Half Duplex TLV Duplex—Whether port is half or full duplex advertised in the full/half duplex TLV. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 136 The interface transitions to Down Available Power—Amount of power consumed by port. Management Power Level—Displays the supplier's request to the powered device for its Power Consumption TLV. The device always displays “No Preference” in this field. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 137: Displaying Cdp Neighbors Information
Capabilities—Primary functions of the device. The capabilities are indicated by two octets. Bits 0 through 7 indicate Other, Repeater, Bridge, WLAN AP, Router, Telephone, DOCSIS cable device, and station respectively. Bits 8 through 15 are reserved. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 138: Viewing Cdp Statistics
CDP, and if Auto Smartport is enabled will change all port types to default. Viewing CDP Statistics The CDP Statistics page displays information regarding Cisco Discovery Protocol (CDP) frames that were sent or received from a port. CDP packets are received from devices attached to the switches interfaces, and are used for the Smartport feature.
Page 139 To clear all counters on all interfaces, click Clear All Interface Counters. To clear all counters on an interface, select it and click Clear All Interface Counters. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 140: Chapter 10: Port Management
6. Configure Green Ethernet energy mode and 802.3 Energy Efficient Ethernet per port by using the Port Settings page. 7. If PoE is supported and enabled for the switch, configure the switch as described in Managing Power-over-Ethernet Devices. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 141: Setting Basic Port Configuration
Combo Fiber—SFP Fiber Gigabit Interface Converter Port with the following values: 100M and 1000M (type: ComboF). 10G-Fiber Optics— SFP Fiber takes precedence in Combo ports when both ports are NOTE being used. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 142 The options are: Max Capability—All port speeds and duplex mode settings can be accepted. 10 Half—10 Mbps speed and Half Duplex mode. 10 Full—10 Mbps speed and Full Duplex mode. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 143 LAGs) that share the same VLAN. Packets received from protected ports can be forwarded only to unprotected egress ports. Protected port filtering rules are also applied to packets that are forwarded by software, such as snooping applications. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 144: Configuring Link Aggregation
LACP button will become available for editing. • Dynamic—A LAG is dynamic if LACP is enabled on it. The group of ports assigned to dynamic LAG are candidate ports. LACP determines which Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 145 • When a port is added to a LAG, the configuration of the LAG is applied to the port. When the port is removed from the LAG, its original configuration is reapplied. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 146: Static And Dynamic Lag Workflow
Click Port Management > Link Aggregation > LAG Management. The STEP 1 Management page opens. Select one of the following Load Balance Algorithms: STEP 2 • MAC Address—Perform load balancing by source and destination MAC addresses on all packets. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 147: Configuring Lag Settings
To configure the LAG settings or reactivate a suspended LAG: LAG Settings Click Port Management > Link Aggregation > LAG Settings. The STEP 1 page opens. Edit LAG Settings Select a LAG, and click Edit. The page opens. STEP 2 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 148 • Operational Advertisement—Displays the Administrative Advertisement status. The LAG advertises its capabilities to its neighbor LAG to start the negotiation process. The possible values are those specified in the Administrative Advertisement field. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 149: Configuring Lacp
LAG and which ports are put in hot-standby mode. Port priorities on the other switch (the non-controlling end of the link) are ignored. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 150 LACP Timeout—Select the periodic transmissions of LACP PDUs, which occur at either a long or short transmission speed, depending upon the expressed LACP timeout preference. Click Apply. The Running Configuration file is updated. STEP 5 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 151: Configuring Green Ethernet
EEE is enabled globally by default. On a given port, if EEE is enabled, short reach mode will be disabled. If Short Reach Mode is enabled, EEE will be grayed out. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 152 The 802.3az EEE feature is implemented using a port mode called Low Power Idle (LPI) mode. When there is no traffic and this feature is enabled on the port, the port is placed in the LPI mode, which reduces power consumption dramatically. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 153 The following describe 802.3az EEE interactions with other features: • If auto-negotiation is not enabled on the port, the 802.3az EEE operational status is disabled. The exception to this rule is that if the link speed is Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 154 To display 802.3az EEE information on the remote device, open the Administration STEP 5 > Discovery LLDP > LLDP Neighbor Information pages, and view the information in the 802.3 Energy Efficient Ethernet (EEE) block. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 155: Setting Global Green Ethernet Properties
(This value does not take into consideration the amount of energy saved with the use of EEE). Click Apply. The Port Settings are written to the Running Configuration file. STEP 3 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 156: Setting Green Ethernet Properties For Ports
Reason—If Short-Reach mode is not operational, displays the reason. Cable Length—Displays VCT-returned cable length in meters. Short-reach mode is only supported on RJ45 GE ports; it does not NOTE apply to Combo ports. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 157 (advertisement of EEE capabilities through LLDP) if there are GE ports on the device. Click Apply. The Green Ethernet port settings are written to the Running STEP 7 Configuration file. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 158: Chapter 11: Smartports
The Smartport feature provides a convenient way to save and share common configurations. By applying the same Smartport macro to multiple interfaces, the interfaces share a common set of configurations. A Smartport macro is a script of CLI (Command Line Interface) commands Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 159: What Is A Smartport
The network access and QoS requirements vary if the interface is connected to an IP phone, a printer, or a router and/or Access Point (AP). Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 160: Smartport Types
A Smartport macro can be applied by its Smartport type statically from CLI and GUI, and dynamically by Auto Smartport. Auto Smartport derives the Smartport types of the attached devices based on CDP capabilities, LLDP system capabilities, and/or LLDP-MED capabilities. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 161: Special Smartport Types
The following describe these special Smartport types: • Default An interface that does not (yet) have a Smartport type assigned to it has the Default Smartport status. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 162: Smartport Macros
View Macro Source button on the Smartport Type Settings page. A macro and the corresponding anti-macro are paired together in association with each Smartport type. The macro applies the configuration and the anti-macro removes it. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 163: Applying A Smartport Type To An Interface
Auto Smartport: If the Auto Smartport Global Operational state, the interface Auto Smartport state, and the Persistent Status are all Enable, the Smartport type is set to this dynamic type. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 164: Macro Failure And The Reset Operation
Smartport Interface Settings page, selecting the radio button of the desired interface, and clicking Edit. Then, select the Smartport type you want to assign and adjust the parameters as necessary before clicking Apply. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 165: Auto Smartport
If a device is aged out (no longer receiving advertisements from other devices), the interface configuration is changed according to its Persistent Status. If the Persistent Status is enabled, the interface configuration is retained. If not, the Smartport Type reverts to Default. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 166: Enabling Auto Smartport
Using CDP/LLDP Information to Identify Smartport Types The switch detects the type of device attached to the port, based on the CDP/ LLDP capabilities . Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 167 WLAN Access Point IEEE Std. 802. 1 1 Wireless Access Point Router IETF RFC 1812 Router Telephone IETF RFC 4293 ip_phone DOCSIS cable device IETF RFC 4639 Ignore and IETF RFC 4546 Station Only IETF RFC 4293 Host Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 168: Multiple Devices Attached To The Port
Smartport type is used. • In all other cases the default Smartport type is used. For more information about LLDP/CDP refer to the Configuring LLDP Configuring CDP sections, respectively. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 169: Error Handling
Voice VLAN, relies on both CDP and LLDP to detect attaching device's Smartport type, and detects Smartport type IP phone, IP phone + Desktop, Switch, and Wireless Access Point. See the Voice VLAN section for a description of the voice factory defaults. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 170: Relationships With Other Features And Backwards Compatibility
Smartport > Interface Settings page. Select the interface, and click Edit. STEP 6 Select Auto Smartport in the Smartport Application field. STEP 7 Check or uncheck Persistent Status if desired. STEP 8 Click Apply. STEP 9 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 171 5. In the Edit page, modify the fields. 6. Click Apply to rerun the macro if the parameters were changed, or Restore Defaults to restore default parameter values to built-in macros if required. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 172: Web Gui
The Smartport feature is configured in the Smartport > Properties, Smartport Type Settings and Interface Settings pages. For Voice VLAN configuration, see the Voice VLAN section. For LLDP/CDP configuration, see the Configuring LLDP Configuring CDP sections, respectively. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 173: Smartport Properties
Click Apply. This sets the global Smartport parameters on the switch. STEP 3 Smartport Type Settings Use the Smartport Type Settings page to edit the Smartport Type settings and view the Macro Source. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 174 Pairing of the two macros is done by name and is described in the Smartport Macro section. • Macro Parameters—Displays the following fields for three parameters in the macro: Parameter Name—Name of parameter in macro. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 175: Smartport Interface Settings
You have to be familiar with the current configurations on the switch and the definition of the macro to determine if a reapplication has any impact on the interface. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 176 To assign a Smartport type to an interface or activate Auto Smartport on the interface: Select an interface and click Edit. The Edit Interface Settings page opens. STEP 1 Enter the fields. STEP 2 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 177: Built-In Smartport Macros
The following describes the pair of built-in macros for each Smartport type. For each Smartport type there is a macro to configure the interface and an anti macro to remove the configuration. Macro code for the following Smartport types are provided: • desktop Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 178 Smartports Built-in Smartport Macros • printer • guest • server • host • ip_camera • ip_phone • ip_phone_desktop • switch • router • Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 179 $native_vlan port security max $max_hosts port security mode max-addresses port security discard trap 60 smartport storm-control broadcast level 10 smartport storm-control include-multicast smartport storm-control broadcast enable spanning-tree portfast Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 180 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 181 $native_vlan #single host port security max 1 port security mode max-addresses port security discard trap 60 smartport storm-control broadcast level 10 smartport storm-control include-multicast smartport storm-control broadcast enable spanning-tree portfast Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 182 #macro description No printer no switchport access vlan no switchport mode no port security no port security mode no smartport storm-control broadcast enable no smartport storm-control broadcast level no smartport storm-control include-multicast spanning-tree portfast auto Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 183 $native_vlan #single host port security max 1 port security mode max-addresses port security discard trap 60 smartport storm-control broadcast level 10 smartport storm-control include-multicast smartport storm-control broadcast enable spanning-tree portfast Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 184 #macro description No guest no switchport access vlan no switchport mode no port security no port security mode no smartport storm-control broadcast enable no smartport storm-control broadcast level no smartport storm-control include-multicast spanning-tree portfast auto Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 185 #the default mode is trunk smartport switchport trunk native vlan $native_vlan port security max $max_hosts port security mode max-addresses port security discard trap 60 smartport storm-control broadcast level 10 smartport storm-control broadcast enable spanning-tree portfast Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 186 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 187 $native_vlan port security max $max_hosts port security mode max-addresses port security discard trap 60 smartport storm-control broadcast level 10 smartport storm-control include-multicast smartport storm-control broadcast enable spanning-tree portfast Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 188 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 189 $native_vlan #single host port security max 1 port security mode max-addresses port security discard trap 60 smartport storm-control broadcast level 10 smartport storm-control include-multicast smartport storm-control broadcast enable spanning-tree portfast Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 190 #macro description No ip_camera no switchport access vlan no switchport mode no port security no port security mode no smartport storm-control broadcast enable no smartport storm-control broadcast level no smartport storm-control include-multicast spanning-tree portfast auto Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 191 $native_vlan port security max $max_hosts port security mode max-addresses port security discard trap 60 smartport storm-control broadcast level 10 smartport storm-control include-multicast smartport storm-control broadcast enable spanning-tree portfast Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 192 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 193 $native_vlan port security max $max_hosts port security mode max-addresses port security discard trap 60 smartport storm-control broadcast level 10 smartport storm-control include-multicast smartport storm-control broadcast enable spanning-tree portfast Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 194 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 195 $voice_vlan: The voice VLAN ID #Default Values are #$native_vlan = Default VLAN #$voice_vlan = 1 #the default mode is trunk smartport switchport trunk allowed vlan add all smartport switchport trunk native vlan $native_vlan spanning-tree link-type point-to-point Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 196 [no_switch] #macro description No switch #macro keywords $voice_vlan #macro key description: $voice_vlan: The voice VLAN ID no smartport switchport trunk native vlan smartport switchport trunk allowed vlan remove all no spanning-tree link-type Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 197 #$voice_vlan = 1 #the default mode is trunk smartport switchport trunk allowed vlan add all smartport switchport trunk native vlan $native_vlan smartport storm-control broadcast level 10 smartport storm-control broadcast enable spanning-tree link-type point-to-point Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 198 #macro key description: $voice_vlan: The voice VLAN ID no smartport switchport trunk native vlan smartport switchport trunk allowed vlan remove all no smartport storm-control broadcast enable no smartport storm-control broadcast level no spanning-tree link-type Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 199 $voice_vlan: The voice VLAN ID #Default Values are #$native_vlan = Default VLAN #$voice_vlan = 1 #the default mode is trunk smartport switchport trunk allowed vlan add all smartport switchport trunk native vlan $native_vlan spanning-tree link-type point-to-point Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 200 [no_ap] #macro description No ap #macro keywords $voice_vlan #macro key description: $voice_vlan: The voice VLAN ID no smartport switchport trunk native vlan smartport switchport trunk allowed vlan remove all no spanning-tree link-type Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 201: Chapter 12: Managing Power-Over-Ethernet Devices
Eliminates the need to run 110/220 V AC power to all devices on a wired LAN. • Removes the necessity for placing all network devices next to power sources. • Eliminates the need to deploy double cabling systems in an enterprise significantly decreasing installation costs. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 202: Poe Operation
There are two factors to consider in the PoE feature: • The amount of power that the PSE can supply • The amount of power that the PD is actually attempting to consume Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 203: Configuring Poe Properties
These settings are entered in advance. When the PD actually connects and is consuming power, it might consume much less than the maximum power allowed. Output power is disabled during power-on reboot, initialization, and system configuration to ensure that PDs are not damaged. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 204: Configuring The Poe Power, Priority, And Class
The PoE Settings page displays system PoE information for enabling PoE on the interfaces and monitoring the current power usage and maximum power limit per port. Settings Click Port Management > PoE > Settings. The page opens. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 205 Port Limit Power Mode. The fields are slightly different if the Power Mode is Class Limit. Enter the value for the following field: STEP 3 • Interface—Select the port to configure. • PoE Administrative Status—Enable or disable PoE on the port. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 206 Invalid Signature Counter—Displays the times an invalid signature was received. Signatures are the means by which the powered device identifies itself to the PSE. Signatures are generated during powered device detection, classification, or maintenance. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 207 Managing Power-over-Ethernet Devices Configuring the PoE Power, Priority, and Class Click Apply. The PoE settings for the port are written to the Running Configuration STEP 4 file. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 208: Chapter 13: Vlan Management
VLAN if all packets destined for that port into the VLAN have a VLAN tag. A port can be a member of one untagged VLAN and can be a member of several tagged VLANs. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 209 Ethernet MAC layer. Devices from different VLANs can communicate with each other only through Layer 3 routers. An IP router, for example, is required to route IP traffic between VLANs if each VLAN represents an IP subnet. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 210 An additional benefit of QinQ is that there is no need to configure customers' edge devices. QinQ is enabled in the VLAN Management > Interface Settings page. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 211: Configuring Default Vlan Settings
VLAN. A port is no longer a member of a VLAN if the VLAN is deleted or the port is removed from the VLAN. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 212 Click Save (in the upper-right corner of the window) and save the Running STEP 4 Configuration to the Startup Configuration. The Default VLAN ID After Reset becomes the Current Default VLAN ID after you reboot the switch. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 213: Creating Vlans
VLANs to be created by entering the Starting VID and Ending VID, inclusive. When using the Range function, the maximum number of VLANs you can create at one time is 100. Click Apply to create the VLAN(s). STEP 4 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 214: Configuring Vlan Interface Settings
See QinQ. • Administrative PVID—Enter the Port VLAN ID (PVID) of the VLAN to which incoming untagged and priority tagged frames are classified. The possible values are 1 to 4094. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 215: Defining Vlan Membership
PVID on the ports between the two devices must be the same if the ports are to send and receive untagged packets to and from the VLAN. Otherwise, traffic might leak from one VLAN to another. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 216: Configuring Port To Vlan
PVID—Select to set the PVID of the interface to the VID of the VLAN. PVID is a per-port setting. Click Apply. The interfaces are assigned to the VLAN written to the Running STEP 4 , and Configuration file. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 217: Configuring Vlan Membership
Select a port, and click the Join VLAN button. The Join VLAN page is displayed. STEP 3 Enter the values for the following fields: STEP 4 • Interface—Select a Port or LAG. Select the Unit/Slot on a 500 Series switch. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 218: Gvrp Settings
Generic VLAN Registration Protocol (GVRP). GVRP is based on the Generic Attribute Registration Protocol (GARP) and propagates VLAN information throughout a bridged network. Since GVRP requires support for tagging, the port must be configured in Trunk or General mode. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 219: Defining Gvrp Settings
Dynamic VLAN Creation—Select to enable Dynamic VLAN Creation on this interface. • GVRP Registration—Select to enable VLAN Registration using GVRP on this interface. Click Apply. GVRP settings are modified, and written to the Running Configuration STEP 7 file. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 220: Vlan Groups
VLAN groups cannot contain overlapping ranges of MAC addresses on the same port. Workflow To define a MAC-based VLAN group: MAC-Based Groups 1. Assign a MAC address to a VLAN group ID (using the page). 2. For each required interface: Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 221 Click VLAN Management > VLAN Groups > MAC-Based Groups to VLAN. The STEP 1 MAC-Based Groups to VLAN page is displayed. Add Mapping Group to VLAN Click Add. The opens. STEP 2 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 222 Click VLAN Management > VLAN Groups > Protocol-Based Groups. The STEP 1 Protocol-Based Groups page is displayed. Protocol-Based Groups Page contains the following fields: • Encapsulation—Displays the protocol on which the VLAN group is based. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 223 Add Group to VLAN Mapping page is displayed. Enter the following fields. STEP 3 • Interface—Port or LAG number assigned to VLAN according to protocol- based group.. • Group ID—Protocol group ID. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 224 VLAN Management VLAN Groups • VLAN ID—Attaches the interface to a user-defined VLAN ID. Click Apply. The protocol ports are mapped to VLANs, and written to the Running STEP 4 Configuration file. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 225: Voice Vlan
The following are typical voice deployment scenarios with appropriate configurations: • UC3xx/UC5xx hosted: All Cisco phones and VoIP endpoints support this deployment model. For this model, the UC3xx/UC5xx, Cisco phones and VoIP endpoints reside in the same voice VLAN. The voice VLAN of UC3xx/ UC5xx defaults to VLAN 100.
Page 226 VLAN, manually configured, or learned from external devices such as UC3xx/5xx and from switches that advertise voice VLAN in CDP or VSDP. VSDP is a Cisco defined protocol for voice service discovery. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 227 CDP and/or LLDP-MED. Voice End-Points To have a voice VLAN work properly, the voice devices, such as Cisco phones and VoIP endpoints, must be assigned to the voice VLAN where it sends and receives its voice traffic.
Page 228 VLAN, the voice VLAN from the device with the lowest MAC address is used. If connecting the switch to a Cisco UC device, you may need to NOTE configure the port on the UC device using the switchport voice vlan command to ensure the UC device advertises its voice VLAN in CDP at the port.
Page 229 For Telephony OUI voice streams, the user can override the quality of service and optionally remark the 802. 1 p of the voice streams by specifying the desired CoS/ 802. 1 p values and using the remarking option under Telephony OUI. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 230 Select the Voice VLAN ID. It cannot be set to VLAN ID 1 (this step is not required for STEP 2 dynamic Voice VLAN). Set Dynamic Voice VLAN to Enable Auto Voice VLAN. STEP 3 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 231: Configuring Voice Vlan
Interface page. Configuring Voice VLAN This section describes how to configure voice VLAN. It covers the following topics: • Configuring Voice VLAN Properties • Displaying Auto Voice VLAN Settings • Configuring Telephony OUI Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 232 • Dynamic Voice VLAN—Select this field to disable or enable voice VLAN feature in one of the following ways: Enable Auto Voice VLAN —Enable Dynamic Voice VLAN in Auto Voice VLAN mode. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 233 The Operation Status block on this page shows the information about the current voice VLAN and its source: • Auto Voice VLAN Status—Displays whether Auto Voice VLAN is enabled. • Voice VLAN ID—The identifier of the current voice VLAN Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 234 Static—User-defined voice VLAN configuration defined on the switch. CDP—UC that advertised voice VLAN configuration is running CDP. LLDP—UC that advertised voice VLAN configuration is running LLDP. Voice VLAN ID—The identifier of the advertised or configured voice VLAN Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 235: Configuring Telephony Oui
Auto Membership Aging time can be configured. If the specified time period passes with no telephony activity, the port is removed from the Voice VLAN. Use the Telephony OUI page to view existing OUIs, and add new OUIs. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 236 Enter the values for the following fields: STEP 5 • Telephony OUI—Enter a new OUI. • Description—Enter an OUI name. Click Apply. The OUI is added to the Telephony OUI Table. STEP 6 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 237 All—QoS attributes are applied on all packets that are classified to the Voice VLAN. Telephony Source MAC Address—QoS attributes are applied only on packets from IP phones. Click Apply. The OUI is added. STEP 4 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 238: Access Port Multicast Tv Vlan
(see Configuring VLAN Interface Settings). The Multicast TV VLAN configuration is defined per port. Customer ports are Multicast TV VLAN configured to be member of Multicast TV VLANs using the Page. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 239: Igmp Snooping
VLAN. data VLAN. Group registration All Multicast group Groups must be associated registration is dynamic. to Multicast VLAN statically, but actual registration of station is dynamic. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 240: Multicast Tv Group To Vlan
Click Add to associate a Multicast group to a VLAN. Any VLAN can be selected. STEP 2 When a VLAN is selected, it becomes a Multicast TV VLAN. Click Apply. Multicast TV VLAN settings are modified, and written to the Running STEP 3 Configuration file. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 241: Customer Port Multicast Tv Vlan
Packets from subscribers to the service provider network are forwarded as VLAN tagged frames, in order to distinguish between the service types, which mean that for each service type there is a unique VLAN ID in the CPE box. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 242: Mapping Cpe Vlans To Multicast Tv Vlans
VLAN. CPE (internal) Multicast VLANs must be mapped to the Multicast provider (external) VLANs. After a CPE VLAN is mapped to a Multicast VLAN, it can participate in IGMP snooping. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 243: Cpe Port Multicast Vlan Membership
The ports associated with the Multicast VLANs must be configured as customer ports (see Configuring VLAN Interface Settings). Use the Port Multicast VLAN Membership page to map these ports to Multicast TV VLANs as described in Port Multicast VLAN Membership Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 244: Chapter 14: Configuring The Spanning Tree Protocol
STP provides a tree topology for any arrangement of switches and interconnecting links, by creating a unique path between end stations on a network, and thereby eliminating loops. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 245: Configuring Stp Status And Global Settings
STP Status and Global Settings page contains parameters for enabling STP, RSTP, or MSTP. STP Interface Settings RSTP Interface Settings MSTP Use the page, page, and Properties page to configure each mode, respectively. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 246 • Forward Delay—Set the interval (in seconds) that a bridge remains in a learning state before forwarding packets. For more information, refer to Defining Spanning Tree Interface Settings. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 247: Defining Spanning Tree Interface Settings
Enter the parameters STEP 3 • Interface—Select the Port or LAG on which Spanning Tree is configured. On the 500 series switches, select the Unit/Slot. • STP—Enables or disables STP on the port. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 248 BPDUs are used to transmit spanning tree information. Use Global Settings —Select to use the settings defined in the Status and Global Settings page. Filtering —Filters BPDU packets when Spanning Tree is disabled on an interface. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 249 LAG—Displays the LAG to which the port belongs. If a port is a member of a LAG, the LAG settings override the port settings. Click Apply. The interface settings are written to the Running Configuration file. STEP 4 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 250: Configuring Rapid Spanning Tree Settings
Forwarding mode quickly (usually within 2 seconds). Disable —The port is not considered point-to-point for RSTP purposes, which means that STP works on it at regular speed, as opposed to high speed. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 251 —The port is in Listening mode. The port cannot forward traffic, and cannot learn MAC addresses. Learning —The port is in Learning mode. The port cannot forward traffic, however it can learn new MAC addresses. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 252: Multiple Spanning Tree
3. Decide which MSTP instance will be active in what VLAN, and associate these MSTP instances to VLAN(s) accordingly. 4. Configure the MSTP attributes by: • Defining MSTP Properties • Defining MSTP Instance Settings Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 253: Defining Mstp Properties
STEP 3 • Region Name—Define an MSTP region name. • Revision—Define an unsigned 16-bit number that identifies the revision of the current MST configuration. The field range is from 0 to 65535. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 254: Mapping Vlans To A Mstp Instance
STP mode is MSTP. Up to 16 MST instances can be defined on the Cisco 500 Series switches. For those VLANs that are not explicitly mapped to one of the MST instances, the switch automatically maps them to the CIST (Core and Internal Spanning Tree) instance.
Page 255: Defining Mstp Instance Settings
Root Path Cost—Displays the root path cost of the selected instance. • Bridge ID—Displays the bridge priority and the MAC address of this switch for the selected instance. • Remaining Hops—Displays the number of hops remaining to the next destination. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 256: Defining Mstp Interface Settings
Path Cost—Set the port contribution to the root path cost or use the default value. • Port State—Displays the MSTP status of the specific port on a specific MST instance. The parameters are defined as: Disabled —STP is currently disabled. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 257 • Mode—Displays the current Spanning Tree mode. Classic STP —Classic STP is enabled on the port. Rapid STP —Rapid STP is enabled on the port. MSTP —MSTP is enabled on the port. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 258 Remaining Hops—Displays the hops remaining to the next destination. • Forward Transitions—Displays the number of times the port has changed from the Forwarding state to the Blocking state. Click Apply. The Running Configuration file is updated. STEP 6 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 259: Chapter 15: Managing Mac Address Tables
MAC address that is not found in the tables, they are transmitted/broadcasted to all the ports on the relevant VLAN. Such frames are referred to as unknown Unicast frames. The switch supports a maximum of 16K static and dynamic MAC addresses. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 260: Configuring Static Mac Addresses
Click Apply. A new entry appears in the table. STEP 4 Managing Dynamic MAC Addresses The Dynamic Address Table (bridging table) contains the MAC addresses acquired by monitoring the source addresses of frames entering the switch. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 261: Configuring Dynamic Mac Address Aging Time
The address table can be sorted by VLAN ID, MAC address, or interface. Click Go. The Dynamic MAC Address Table is queried and the results are STEP 3 displayed. To delete all of the dynamic MAC addresses. click Clear Table. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 262: Defining Reserved Mac Addresses
Action—Select one of the following actions to be taken upon receiving a packet that matches the selected criteria: Discard —Delete the packet. Bridge —Forward the packet to all VLAN members. Click Apply. A new MAC address is reserved. STEP 4 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 263: Chapter 16: Configuring Multicast Forwarding
The data is sent only to relevant ports. Forwarding the data only to the relevant ports conserves bandwidth and host resources on links. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 264: Typical Multicast Setup
When the switch is IGMP/MLD-snooping-enabled and receives a frame for a Multicast stream, it forwards the Multicast frame to all the ports that have registered to receive the Multicast stream using IGMP Join messages. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 265 An IGMP Querier is required to facilitate the IGMP protocol on a given subnet. In general, a Multicast router is also an IGMP Querier. When there are multiple IGMP Queriers in a subnet, the queriers elect a single querier as the primary querier. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 266: Defining Multicast Properties
By default, all Multicast frames are flooded to all ports of the VLAN. To selectively forward only to relevant ports and filter (drop) the Multicast on the rest of the ports, enable Bridge Multicast filtering status in the Properties page. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 267 Click Multicast> Properties. The Properties page opens. STEP 1 Enter the parameters. STEP 2 • Bridge Multicast Filtering Status—Select to enable filtering. • VLAN ID—Select the VLAN ID to set its forwarding method. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 268: Adding Mac Group Address
Source Group, use the page. To define and view MAC Multicast groups: MAC Group Address Click Multicast > MAC Group Address. The page opens. STEP 1 Enter the parameters. STEP 2 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 269 • Forbidden—Specifies that this port is not allowed to join this group on this VLAN. • None—Specifies that the port is not currently a member of this Multicast group on this VLAN. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 270: Adding Ip Multicast Group Addresses
Layer 2 mode, the IP Multicast address of Bonjour is displayed. Click Add to add a static IP Multicast Group Address. The Add IP Multicast Group STEP 4 Address page opens. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 271 None—Indicates that the port is not currently a member of this Multicast group on this VLAN. This is selected by default until Static or Forbidden is selected. Click Apply. The Running Configuration file is updated. STEP 9 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 272: Configuring Igmp Snooping
Queries should be sent at a rate that is aligned to the snooping table aging time. If queries are sent at a rate lower than the aging time, the subscriber cannot receive the Multicast packets. This is performed in the IGMP Snooping Edit page. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 273 Operational Query Interval—The time interval in seconds between General Queries sent by the elected querier. • Query Max Response Interval—Enter the delay used to calculate the Maximum Response Code inserted into the periodic General Queries. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 274: Mld Snooping
When IGMP/MLD snooping is enabled in a switch on a VLAN, it analyzes the IGMP/ MLD packets it receives from the VLAN connected to the switch and from the Multicast routers in the network. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 275 This facility enables a switch to conclude the following: • On which ports stations interested in joining a specific Multicast group are located • On which ports Multicast routers sending Multicast frames are located Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 276 Query Interval—Enter the Query Interval value to be used by the switch if the switch cannot derive the value from the messages sent by the elected querier. • Operational Query Interval—The time interval in seconds between General Queries received from the elected querier. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 277: Querying Igmp/Mld Ip Multicast Group
224. 1 . 1 . 1 and 225. 1 . 1 . 1 , both are mapped to the same MAC Multicast MAC Multicast address 01:00:5e:01:01:01. In this case, there is a single entry in the page, but two entries on this page. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 278: Defining Multicast Router Ports
Multicast router port(s) numbers when it forwards the Multicast streams and IGMP/MLD registration messages. This is required so that the Multicast routers can, in turn, forward the Multicast streams and propagate the registration messages to other subnets. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 279: Defining Forward All Multicast
Multicast traffic is flooded to ports in the switch. You can statically (manually) configure a port to Forward All, if the devices connecting to the port do not support IGMP and/or MLD. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 280: Defining Unregistered Multicast Settings
The Unregistered Multicast page enables handling Multicast frames that belong to groups that are not known to the switch (unregistered Multicast groups). Unregistered Multicast frames are usually forwarded to all ports on the VLAN. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 281 Forwarding—Enables forwarding of unregistered Multicast frames to the selected interface. Filtering—Enables filtering (rejecting) of unregistered Multicast frames to the selected interface. Click Apply. The settings are saved, and the Running Configuration file is updated. STEP 3 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 282: Chapter 17: Configuring Ip Information
In Layer 3 mode, the switch has IP routing capabilities as well as Layer 2 mode capabilities. In this mode, a Layer 3 port still retains much of the Layer 2 functionality, such as Spanning Tree Protocol and VLAN membership. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 283 IP address collisions occur when the same IP address is used in the same IP subnet by more than one device. Address collisions require administrative actions on the DHCP server and/or the devices that collide with the switch. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 284 All DHCP-assigned default gateways are stored as default routes. In addition, you can manually define default routes. This is defined in the IPv4 Static Routes page. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 285 Prefix Length—Select and enter the length of the IPv4 address prefix. • Administrative Default Gateway—Select User Defined and enter the default gateway IP address, or select None to remove the selected default gateway IP address from the interface. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 286 The switch software consumes one VLAN ID (VID) for every IP NOTE address configured on a port or LAG. The switch takes the first VID that is not used starting from 4094. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 287 Not Received—Relevant for DHCP Address. When a DCHP Client starts a discovery process, it assigns a dummy IP address 0.0.0.0 before the real address is obtained. This dummy address has the status of “Not Received”. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 288: Managing Ipv6
FE80:0000:0000:0000:0000:9C00:876A:130B. The abbreviated form, in which a group of zeroes can be left out, and replaced with '::', is also acceptable, for example, ::-FE80::9C00:876A:130B. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 289: Defining Ipv6 Global Configuration
An IPv6 interface can be configured on a port, a LAG, VLAN, or ISATAP tunnel interface. The switch supports one IPv6 interface as an IPv6 end device. A tunnel interface is configured with an IPv6 address based on the settings defined in the IPv6 Tunnel page. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 290 • Link local address using EUI-64 format interface ID based on a device’s MAC address • All node link local Multicast addresses (FF02::1) • Solicited-Node Multicast address (format FF02::1:FFXX:XXXX) Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 291: Defining Ipv6 Addresses
Each address must be a valid IPv6 address that is specified in hexadecimal format by using 16-bit values separated by colons. You cannot configure an IPv6 addresses directly on an ISATAP tunnel NOTE interface. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 292 Default Router List. The IPv6 Default Router List page opens. This page displays the following fields for each default router: • Default Router IPv6 Address—Link local IP address of the default router. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 293: Configuring Ipv6 Tunnels
IPv6 packets within IPv4 packets for transmission over IPv4 networks. To configure a tunnel, do the following: • Manually enable and configure an ISATAP tunnel. • Manually define an IPv6 interface for the ISATAP tunnel. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 294 —Automatically selects the lowest IPv4 address from among all of its configured IPv4 interfaces. None —Disable the ISATAP tunnel. Manual —Manually configure an IPv4 address. The IPv4 address configured must be one of the IPv4 addresses at the switch IPv4 interfaces. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 295: Defining Ipv6 Neighbors Information
IPv6 and MAC addresses, the entry type (static or dynamic), and the state of the neighbor. To define IPv6 neighbors: In Layer 2 mode, click Administration > Management Interface > IPv6 STEP 1 Neighbors. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 296 Enter values for the following fields: STEP 4 • Interface—The neighboring IPv6 interface to be added. • IPv6 Address—Enter the IPv6 network address assigned to the interface. The address must be a valid IPv6 address. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 297: Viewing Ipv6 Route Tables
This must be a link local address. • Metric—Value used for comparing this route to other routes with the same destination in the IPv6 router table. All default routes have the same value. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 298: Defining Ipv4 Routes
Destination IP Prefix—Enter the destination IP address prefix. • Mask—Select and enter information for one of the following: Network Mask—The IP route prefix for the destination IP. Prefix Length—The IP route prefix for the destination IP. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 299: Configuring Arp
NOTE the switch to forward the traffic originated by the switch. In Layer 3 mode, the mapping information is used for Layer 3 routing as well as to forward the generated traffic. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 300 For devices in Layer 2 mode, there is only one directly connected IP subnet which is always in the management VLAN. All the static and dynamic addresses in the ARP Table reside in the management VLAN. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 301: Enabling Arp Proxy
Select ARP Proxy to enable the switch to respond to ARP requests for remotely- STEP 2 located nodes with the switch MAC address. Click Apply. The ARP proxy is enabled, and the Running Configuration file is STEP 3 updated. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 302: Defining Udp Relay
The Domain Name System (DNS) translates user-defined domain names into IP addresses for the purpose of locating and addressing these objects. As a DNS client the switch resolves domain names to IP addresses through one or more configured DNS servers. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 303 To add a DNS server, click Add. The Add DNS Server page opens. STEP 4 Enter the parameters. STEP 5 • IP Version—Select Version 6 for IPv6 or Version 4 for IPv4. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 304: Mapping Dns Hosts
Click IP Configuration > Domain Name System > Host Mapping. The Host STEP 1 Mapping page opens. This page displays the following fields: • Host Name—User-defined domain name, up to 158 characters. • IP Address—The host name IP address. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 305 IP Address—Enter an IPv4 address or enter up to four IPv6 host addresses. Addresses 2–4 are backup addresses. Click Apply. The DNS host is written to the Running Configuration file. STEP 4 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 306: Chapter 18: Configuring Security
Access control of end-users to the network through the switch is described in the following sections: • Configuring Management Access Authentication • Defining Access Profiles • Configuring TACACS+ • Configuring RADIUS • Configuring Port Security • Configuring 802.1X Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 307: Defining Users
Dynamic ARP Inspection Defining Users The default username/password is cisco/cisco. The first time that you log in with the default username and password, you are required to enter a new password. Password complexity is enabled by default. If the password that you choose is not complex enough (Password Complexity Settings are enabled in the Password Strength page), you will be prompted to create another password.
Page 308 See the CLI Reference Guide for more information. Read-/Write Management Access (15)—User can access the GUI, and can configure the switch. Click Apply. The user is added to the Running Configuration file of the switch. STEP 4 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 309: Setting Password Complexity Rules
Do not repeat or reverse the manufacturer’s name or any variant reached by changing the case of the characters. If the Password Complexity Settings are enabled, the following parameters may STEP 4 be configured: Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 310: Configuring Tacacs
TACACS+ server. TACACS+ is supported only with IPv4. TACACS+ servers cannot be used as 802. 1 X authentication servers to verify credentials of network users trying to join the networks through the switch. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 311 To add a TACACS+ server, click Add. The Add TACACS+ Server page is STEP 5 displayed. Enter the parameters. STEP 6 • Server IP Address—Select whether to specify the TACACS+ server by IP address or name. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 312: Configuring Radius
Port Based Access Control (802.1X, MAC Based)—Specifies that the RADIUS server is used for 802. 1 x port accounting. • Management Access—Specifies that the RADIUS server is used for user login accounting. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 313 IPv4 or IPv6, to indicate that it will be entered in the selected format. • IPv6 Address Type—Displays that IPv6 address type is Global. • Server IP Address/Name—Select whether to specify the RADIUS server by IP address or name. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 314 All—RADIUS server is used for authenticating user that ask to administer the switch and for 802. 1 X authentication. Click Apply. The RADIUS server definition is added to the Running Configuration STEP 6 file of the switch. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 315: Configuring Management Access Authentication
TACACS+ or RADIUS server. For the RADIUS server to grant access to the web-based switch configuration utility, the RADIUS server must return cisco-avpair = shell:priv-lvl=15. User authentication occurs in the order that the authentication methods are selected.
Page 316: Defining Access Profiles
Access Methods—Methods for accessing and managing the switch: Telnet Secure Telnet (SSH) Hypertext Transfer Protocol (HTTP) Secure HTTP (HTTPS) Simple Network Management Protocol (SNMP) All of the above • Action—Permit or deny access to an interface or source address. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 317: Active Access Profile
This only applies to device types that offer a console port. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 318 Action—Select the action attached to the rule. The options are: Permit—Permits access to the switch if the user matches the settings in the profile. Deny—Denies access to the switch if the user matches the settings in the profile. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 319: Defining Profile Rules
If the incoming packet matches a rule, the action associated with the rule is performed. If no matching rule is found within the active access profile, the packet is dropped. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 320 Secure HTTP (HTTPS)—Users requesting access to the switch who meet the HTTPS access profile criteria, are permitted or denied. SNMP—Users requesting access to the switch who meet the SNMP access profile criteria are permitted or denied. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 321 Prefix Length—Select the Prefix Length and enter the number of bits that comprise the source IP address prefix. Click Apply, and the rule is added to the access profile. STEP 5 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 322: Configuring Tcp/Udp Services
Type—IP protocol the service uses. • Local IP Address—Local IP address through which the switch is offering the service. • Local Port—Local TCP port through which the switch is offering the service. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 323: Defining Storm Control
When a threshold is entered in the system, the port discards traffic after that threshold is reached. The port remains blocked until the traffic rate drops below this threshold. It then resumes normal forwarding. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 324 Multicast & Broadcast—Counts Broadcast and Multicast traffic towards the bandwidth threshold. Broadcast Only—Counts only Broadcast traffic towards the bandwidth threshold. Click Apply. Storm control is modified, and the Running Configuration file is STEP 4 updated. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 325: Configuring Port Security
If you want to use 802. 1 X on a port, it must be in multiple host or multi session NOTE modes. Port security on a port cannot be set if the port is in single mode (see the 802. 1 x, Host and Session Authentication page). Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 326 Forward—Forwards packets from an unknown source without learning the MAC address. Shutdown—Discards packets from any unlearned source, and shuts down the port. The port remains shut down until reactivated, or until the switch is rebooted. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 327: Configuring 802.1X
802. 1 x session and grants permission to use the port to the authorized supplicant. All access by other devices received from the same port are denied until the authorized supplicant is Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 328 MAC-based—The switch can be configured to use this mode to authenticate and authorized devices that do not support 802. 1 x. The switch emulates the supplicant role on behalf of the non 802. 1 x capable devices, Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 329 If a port is Guest-VLAN-enabled, the switch automatically adds the port as untagged member of the Guest VLAN when the port is not authorized, and removes the port from the Guest VLAN when the first supplicant of the port is authorized. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 330: X Parameters Workflow
You can select the Guest VLAN field to have untagged incoming frames go to the guest VLAN. • Define host authentication parameters for each port using the Port Authentication page. • View 802. 1 X authentication history using the Authenticated Hosts page. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 331 If the port state changes from Authorized to Not Authorized, the port is added to the Guest VLAN only after the Guest VLAN timeout has expired. The VLAN Authentication Table displays all VLANs, and indicates whether authentication has been enabled on them. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 332 A port with 802. 1 x defined on it cannot become a member of a LAG. NOTE To define 802. 1 X authentication: Click Security > 802.1X > Port Authentication. The Port Authentication page is STEP 1 displayed. This page displays authentication settings for all ports. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 333 [65] Tunnel-Medium-Type = 802 (type 6) [81] Tunnel-Private-Group-Id = VLAN ID • Guest VLAN—Select to indicate that the usage of a previously-defined Guest VLAN is enabled for the switch. The options are: Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 334 Reauthenticate Now—Select to enable immediate port re-authentication. • Authenticator State—Displays the defined port authorization state. The options are: Force-Authorized—Controlled port state is set to Force-Authorized (forward traffic). Force-Unauthorized—Controlled port state is set to Force-Unauthorized (discard traffic). Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 335: Defining Host And Session Authentication
• Multiple Host (802. 1 X)—Multiple hosts can be attached to a single 802. 1 X- enabled port. Only the first host must be authorized, and then the port is Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 336 Host Authentication—Select one of the modes. These modes are described above in Defining Host and Session Authentication. The following fields are only relevant if you select Single in the Host NOTE Authentication field. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 337: Viewing Authenticated Hosts
Authentication Method—Method by which the last session was authenticated. The options are: None—No authentication is applied; it is automatically authorized. RADIUS—Supplicant was authenticated by a RADIUS server. • MAC Address—Displays the supplicant MAC address. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 338: Defining Time Ranges
Click Security > 802.1X > Time Range. The Time Range page is displayed. STEP 1 Click Add. The Add Time Range page is displayed. STEP 2 Enter the parameters. STEP 3 • Time Range Name—Enter a time range name. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 339 • Recurring Ending Time—Enter the day of the week and time on which the recurring range ends. Click Apply. The recurring range is added to the time range. STEP 4 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 340: Denial Of Service Prevention
Filtering page) • Deny attacks from Stacheldraht Distribution, Invasor Trojan, and Back Orifice Trojan (Security Suite Settings page). The Cisco switch is an advanced switch that handles the following types of traffic, in addition to end-user traffic: • Management traffic •...
Page 341 Click Apply. The Denial of Service prevention Security Suite settings are written to STEP 5 the Running Configuration file. • If Interface-Level Prevention is selected, click the appropriate Edit button to configure the desired prevention. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 342 To add a Martian address click Add. The Add Martian Addresses page is STEP 3 displayed. Enter the parameters. STEP 4 • IP Version—Indicates the supported IP version. Currently, support is only offered for IPv4. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 343 • TCP Port—Select the destination TCP port being filtered: Known Ports—Select a port from the list. User Defined—Enter a port number. All Ports—Select to indicate that all ports are filtered. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 344 IP address prefix. • SYN Rate Limit—Enter the number of SYN packets that be received. Click Apply. The SYN rate protection is defined, and the Running Configuration is STEP 4 updated. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 345 Prefix Length—Select the Prefix Length and enter the number of bits that comprise the source IP address prefix. Click Apply. The ICMP filtering is defined, and the Running Configuration is STEP 4 updated. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 346: Defining Dhcp Snooping
Click Apply. The IP fragmentation is defined, and the Running Configuration file is STEP 4 updated. Defining DHCP Snooping This information can be found in the following location: Chapter 19, “DHCP Snooping and DHCP Relay” Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 347: Ip Source Guard
IP Source Guard address entry. If the number of IP Source Guard entries exceeds the number of available TCAM rules, the extra addresses are inactive. Filtering If IP Source Guard is enabled on a port then: Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 348: Configuring Ip Source Guard Work Flow
Enabling IP Source Guard To enable IP Source Guard globally: Click Security > IP Source Guard > Properties. The Properties page is STEP 1 displayed. Select Enable to enable IP Source Guard globally. STEP 2 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 349: Configuring Ip Source Guard On Interfaces
Entries are deleted when their lease time expires and so inactive entries may be made active. The Binding Database page only displays the entries in the DHCP Snooping NOTE Binding database defined on IP-Source-Guard-enabled ports. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 350 Trusted Port—Port has become trusted. Resource Problem—TCAM resources are exhausted. The entries in the Binding database are displayed. To see a subset of them, enter the relevant search criteria and click Go. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 351: Dynamic Arp Inspection
IP address IA and a MAC address MA. When Host B responds, the switch and Host A populate their ARP caches with a binding for a host with the IP address IB and the MAC address MB. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 352 • If a packet is valid, it is forwarded and the ARP cache is updated. If the ARP Packet Validation option is selected (Properties page), the following additional validation checks are performed: Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 353: Interaction Between Arp Inspection And Dhcp Snooping
Dynamic ARP Inspection Not enabled. ARP Packet Validation Not enabled ARP Inspection Enabled on VLAN Not enabled Log Buffer Interval SYSLOG message generation for dropped packets is enabled at 5 seconds interval Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 354: Arp Inspection Work Flow
Multicast addresses. • Log Buffer Interval—Select one of the following options: Retry Frequency—Enable sending SYSLOG messages for dropped packets. Entered the frequency with which the messages are sent. Never—Disabled SYSLOG dropped packet messages. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 355: Defining Dynamic Arp Inspection Interfaces Settings
To add an entry, click Add. The Add ARP Access Control page is displayed. STEP 2 Enter the fields: STEP 3 • ARP Access Control Name—Enter a user-created name. • MAC Address—MAC address of packet. • IP Address—IP address of packet. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 356: Defining Arp Inspection Access Control Rules
To associate an ARP Access Control group with a VLAN, click Add. Select the STEP 3 VLAN number and select a previously-defined ARP Access Control group. Click Apply. The settings are defined, and the Running Configuration file is updated. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 357: Chapter 19: Configuring Dhcp
An untrusted port is a port that is not allowed to assign DHCP addresses. By default, all ports are considered untrusted until the user declares them trusted (in the DHCP Snooping Interface Settings page). Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 358: Dhcp Relay
DHCP Relay can and does broadcast DHCP messages between DHCP client and DHCP server. Unicast DHCP messages are passed by regular routers and therefore if DHCP Relay is enabled on a VLAN without Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 359: Interactions Between Dhcp Snooping, Dhcp Relay And Option
Option 82 packet Option 82 Bridge – no Bridge – no Bridge – Option 82 will Option 82 will Packet will be be sent be sent sent with the original Option 82 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 360 (if port is trusted, original behaves as if (if port is Option 82 DHCP Snooping trusted, is not enabled) behaves as if DHCP Snooping is not enabled) Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 361 Option 82 Option 82 Bridge – Bridge – Packet will be Bridge – Packet will be sent without Packet will be sent with the Option 82 sent with the Option 82 Option 82 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 362 Option 82 Transparent DHCP Rely For Transparent DHCP Relay where an external DHCP relay agent is being used, do the following: • Enable DHCP Snooping. • Enable Option 82 insertion. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 363: Dhcp Snooping Binding Database
How the DHCP Snooping Binding Database is Built The following describes the switch handles DHCP packets when both the DHCP client and DHCP server are trusted. The DHCP Snooping Binding database is built in this process. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 364 The DHCP Snooping Binding database is stored in non-volatile memory. Table 8 DHCP Packet Handling Packet Type Arriving from Arriving from Trusted Ingress Untrusted Ingress Interface Interface DHCPDISCOVER Forward to trusted Forwarded to trusted interfaces interfaces only. only. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 365 DHCPRELEASE Same as Same as DHCPDECLINE. DHCPDECLINE. DHCPINFORM Forward to trusted Forward to trusted interfaces interfaces only. only. DHCPLEASEQUE Filtered. Forward. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 366 Configure interfaces as trusted or untrusted in the IP Configuration > DHCP > STEP 3 DHCP Snooping Interface page. Optional. Add entries to the DHCP Snooping Binding database in the IP STEP 4 Configuration > DHCP > DHCP Snooping Binding Database page. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 367: Dhcp Gui
To define a DHCP server, click Add. The Add DHCP Server page is displayed. STEP 3 Enter the IP address of the DHCP server and click Apply. The settings are written STEP 4 to the Running Configuration file. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 368 How the DHCP Snooping Binding Database is Built for a description of how dynamic entries are added to the DHCP Snooping Binding database. Note the following points about maintenance of the DHCP Snooping Binding database: Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 369 Lease Time—If the entry is dynamic, enter the amount of time that the entry will be active in the DHCP Database. If there is no Lease Time, check Infinite.) Click Apply. The settings are defined, and the device is updated. STEP 4 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 370: Chapter 20: Access Control
Either a DENY or PERMIT action is applied to frames whose contents match the filter. The switch supports a maximum of 512 ACLs, and a maximum of 512 ACEs. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 371 If a frame matches the filter in an ACL, it is defined as a flow with the name of that ACL. In advanced QoS, these frames can be referred to using this Flow name, and QoS can be applied to these frames (see QoS Advanced Mode). Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 372 Configuring a Policy (Edit). • Delete the class map containing the ACL, by using Defining Class Mapping. Only then can the ACL be modified, as described in the sections of this section. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 373 One is the highest priority. • Action—Select the action taken upon a match. The options are: Permit —Forward packets that meet the ACE criteria. Deny —Drop packets that meet the ACE criteria. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 374 802.1p Mask—Enter the wildcard mask to be applied to the VPT tag. • Ethertype—Enter the frame Ethertype to be matched. Click Apply. The MAC-based ACE is written to the Running Configuration file. STEP 5 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 375: Ipv4-Based Acls
Enter the name of the new ACL in the ACL Name field. The names are STEP 3 case-sensitive. Click Apply. The IPv4-based ACL is written to the Running Configuration file. STEP 4 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 376 —Internet Control Message Protocol IGMP —Internet Group Management Protocol IP in IP —IP in IP encapsulation —Transmission Control Protocol —Exterior Gateway Protocol —Interior Gateway Protocol —User Datagram Protocol —Host Mapping Protocol —Reliable Datagram Protocol. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 377 1's). You need to translate the 1's to a decimal integer and you write 0 for each four zeros. In this example since 1111 1111 = 255, the mask would be written: as 0.0.0.255. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 378 ICMP—If the IP protocol of the ACL is ICMP, select the ICMP message type used for filtering purposes. Either select the message type by name or enter the message type number: Any—All message types are accepted. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 379: Ipv6-Based Acls
Defining an IPv6-based ACL To define an IPv6-based ACL: Click Access Control > IPv6-Based ACL. The IPv6-Based ACL page is STEP 1 displayed. This window displays the list of defined ACLs and their contents Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 380 TCP guarantees packet delivery, and guarantees that packets are transmitted and received in the order they were sent. UDP—User Datagram Protocol. Transmits packets but does not guarantee their delivery. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 381 Set—Match if the flag is SET. Unset—Match if the flag is Not SET. Don’t care—Ignore the TCP flag. • Type of Service—The service type of the IP packet. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 382: Defining Acl Binding
STEP 2 Click Go. The list of ports/LAGs is displayed. For each type of interface selected, STEP 3 all interfaces of that type are displayed with a list of their current ACLs: Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 383 Click Apply. The ACL binding is modified, and the Running Configuration file is STEP 7 updated. If no ACL is selected, the ACL(s) that is previously bound to the NOTE interface is unbound. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 384: Chapter 21: Configuring Quality Of Service
This section covers the following topics: • QoS Features and Components • Configuring QoS - General • QoS Basic Mode • QoS Advanced Mode • Managing QoS Statistics Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 385: Qos Features And Components
Code Point (DSCP) value for IPv4 or Traffic Class (TC) value for IPv6 in Layer 3. When operating in Basic Mode, the switch trusts this external assigned QoS value. The external assigned QoS value of a packet determines its traffic class and QoS. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 386: Qos Workflow
The following steps in the workflow, assume that you have chosen to enable QoS. QoS Properties Assign each interface a default CoS priority by using the page. STEP 2 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 387 Configure the selected mode by performing one of the following: STEP 8 a. Configure Basic mode, as described in Workflow to Configure Basic QoS Mode b. Configure Advanced mode, as described in Workflow to Configure Advanced QoS Mode. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 388: Configuring Qos - General
STEP 4 To set QoS on an interface, select it, and click Edit. The Edit Interface CoS Configuration page is displayed. Enter the parameters. STEP 1 • Interface—Select the port or LAG. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 389: Configuring Qos Queues
WRR queues. Only after the strict priority queues have been emptied is traffic from the WRR queues forwarded. (The relative portion from each WRR queue depends on its weight). Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 390 802. 1 p priority will be the default CoS/802. 1 p priority assigned to the ingress ports. Default Mapping Queues 802.1p Queue Queue Notes Values (4 queues 1- (2 queues: (0-7, 7 being 4, 4 being the Normal and the highest) highest High) priority) Normal Background Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 391 Enter the parameters. STEP 2 • 802.1p—Displays the 802. 1 p priority tag values to be assigned to an egress queue, where 0 is the lowest and 7 is the highest priority. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 392: Mapping Dscp To Queue
Select the Output Queue (traffic forwarding queue) to which the DSCP value is STEP 2 mapped. Click Apply. The Running Configuration file is updated. STEP 3 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 393: Configuring Bandwidth
The two Ingress Rate Limit fields do not appear when the interface NOTE type is LAG. • Egress Shaping Rate—Select to enable egress shaping on the interface. • Committed Information Rate (CIR)—Enter the maximum bandwidth for the egress interface. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 394: Configuring Egress Shaping Per Queue
This page enables shaping the egress for up to four queues on each interface. Select the Interface. STEP 4 For each queue that is required, enter the following fields: STEP 5 • Enable Shaping—Select to enable egress shaping on this queue Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 395: Configuring Vlan Rate Limit
To define the VLAN ingress rate limit: VLAN Ingress Click Quality of Service > General > VLAN Ingress Rate Limit. The STEP 1 Rate Limit page is displayed. This page displays the VLAN Ingress Rate Limit Table. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 396: Tcp Congestion Avoidance
To configure TCP congestion avoidance: Click Quality of Service > General > TCP Congestion Avoidance. The TCP STEP 1 Congestion Avoidance page is displayed. Click Enable to enable TCP congestion avoidance, and click Apply. STEP 2 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 397: Qos Basic Mode
It is recommended that you disable the trusted mode at the ports where the CoS/802. 1 p and/or DSCP values in the incoming packets are not trustworthy. Otherwise, it might negatively affect the performance of your network Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 398: Configuring Global Settings
DSCP In displays the DSCP value of the incoming packet that needs to be re- marked to an alternative value. Select the DSCP Out value to indicate the outgoing value is mapped. STEP 5 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 399: Interface Qos Settings
Frames that match an ACL and were permitted entrance are implicitly labeled with the name of the ACL that permitted their entrance. Advanced mode QoS actions can then be applied to these flows. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 400 • Definition of the actions to be applied to frames in each flow that match the rules. • Binding the combinations of rules and action to one or more interfaces. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 401: Workflow To Configure Advanced Qos Mode
Select the Trust Mode while the switch is in Advanced mode. If a packet CoS level STEP 2 and DSCP tag are mapped to separate queues, the Trust mode determines the queue to which the packet is assigned: Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 402 QoS-specified limits. The portion of the traffic that causes the flow to exceed its QoS limit is referred to as out-of-profile packets. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 403 Select the DSCP Out value to where the incoming value is mapped. STEP 2 Click Apply. The Running Configuration file is updated with the new DSCP STEP 3 Mapping table. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 404: Defining Class Mapping
—A packet must match either the IP based ACL or the MAC based ACL in the class map. • IP—Select the IPv4 based ACL or the IPv6 based ACL for the class map. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 405: Qos Policers
Aggregate Policer page An aggregate policer is defined if the policer is to be shared with more than one class. Policers on a port cannot be shared with other policers in another device. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 406: Defining Aggregate Policers
STEP 3 • Aggregate Policer Name—Enter the name of the Aggregate Policer. • Ingress Committed Information Rate (CIR)—Enter the maximum bandwidth allowed in bits per second. See description in the Bandwidth page Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 407: Configuring A Policy
Click Policy Class Map Table to display the Policy Class Maps page. STEP 2 Click Add to open the Add Policy Table page. Enter the name of the new policy in the New Policy Name field. STEP 3 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 408: Policy Class Maps
CoS/802. 1 p value and the CoS/802. 1 p to Queue Table. —If this option is selected, use the value entered in the New Value box to determine the egress queue of the matching packets as follows: Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 409 Drop—Packets exceeding the defined CIR value are dropped. Out of Profile DSCP—IP packets exceeding the defined CIR are forwarding with a new DSCP derived from the Out Of Profile DSCP Mapping Table. Click Apply. STEP 5 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 410: Policy Binding
Viewing Policer Statistics A Single Policer is bound to a class map from a single policy. An Aggregate Policer is bound to one or more class maps from one or more policies. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 411 Click Quality of Service > QoS Statistics > Aggregate Policer Statistics. The STEP 1 Aggregate Policer Statistics page is displayed. This page displays the following fields: • Aggregate Policer Name—Policer on which statistics are based. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 412: Viewing Queues Statistics
Set 1—Displays the statistics for Set 1 that contains all interfaces and queues with a high DP (Drop Precedence). Set 2—Displays the statistics for Set 2 that contains all interfaces and queues with a low DP. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 413 Queue—Select the queue for which statistics are displayed. • Drop Precedence—Enter drop precedence that indicates the probability of being dropped. Click Apply. The Queue Statistics counter is added, and the Running Configuration STEP 4 file is updated. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 414: Chapter 22: Configuring Snmp
To control access to the system, a list of community entries is defined. Each community entry consists of a community string and its access privilege. The system will respond only to SNMP messages specifying the community which has the correct permissions and correct operation. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 415: Snmp Workflow
For security reasons, SNMP is disabled by default. Before you can NOTE Security >TCP/ manage the switch via SNMP, you must turn on SNMP on the UDP Services page The following is the recommended series of actions for configuring SNMP: Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 416: Snmp Engine Id
If the SNMP Engine ID is not set, then users may not be created. Trap Settings Optionally, enable or disable traps by using the page STEP 5 Notification Filter Optionally, define a notification filter(s) by using the page STEP 6 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 417: Supported Mibs
Define a notification recipient(s) by using the STEP 7 page. Supported MIBs For a list of supported MIBs, visit the following URL and navigate to the download area listed as Cisco MIBS: www.cisco.com/cisco/software/navigator.html Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 418: Model Oids
24-Port Gigabit with 4-Port 10-Gigabit PoE Stackable Managed Switch SG500X-48 9.6. 1 .85.48. 1 48-Port Gigabit with 4-Port 10-Gigabit Stackable Managed Switch SG500X-48P 9.6. 1 .85.48.2 48-Port Gigabit with 4-Port 10-Gigabit PoE Stackable Managed Switch Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 419: Snmp Engine Id
• User Defined—Enter the local device engine ID. The field value is a hexadecimal string (range: 10 - 64). Each byte in the hexadecimal character strings is represented by two hexadecimal digits. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 420: Configuring Snmp Views
User Defined—Enter an OID not offered in the Select from list option. Select or deselect Include in view. If this is selected, the selected MIBs are STEP 4 included in the view, otherwise they are excluded. Click Apply. STEP 5 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 421: Creating Snmp Groups
It becomes operational when it is associated with an SNMP user or community. Views To associate a non-default view with a group, first create the view in the NOTE page. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 422 MIBs except those that control SNMP itself. Write—Management access is write for the selected view. Otherwise, a user or a community associated with this group is able to write all MIBs except those that control SNMP itself. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 423: Managing Snmp Users
To display SNMP users and define new ones: Click SNMP > Users. The Users page is displayed. STEP 1 This page displays existing users. Click Add. The Add User page is displayed. STEP 2 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 424 Authentication Password—If authentication is accomplished by either a MD5 or a SHA password, enter the local user password. Local user passwords are compared to the local database and can contain up to 32 ASCII characters. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 425: Defining Snmp Communities
Click SNMP > Communities. The page is displayed. STEP 1 This page displays a table of configured SNMP communities and their properties. Click Add. The Add SNMP Community page is displayed. STEP 2 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 426 SNMP Admin is equivalent to Read Write for all MIBs except for the SNMP MIBs. SNMP Admin is required for access to the SNMP MIBs. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 427: Defining Trap Settings
The system can generate traps defined in the MIB that it supports. Trap receivers (aka Notification Recipients) are network nodes where the trap messages are sent by the switch. A list of notification recipients are defined as the targets of trap messages. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 428 If a link local address exists on the interface, this entry replaces the address in the configuration. Global—The IPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 429: Defining Snmpv3 Notification Recipients
Click SNMP > Notification Recipients SNMPv3. The STEP 1 SNMPv3 page is displayed. This page displays recipients for SNMPv3. Add SNMP Notification Recipient Click Add. The page is displayed. STEP 2 Enter the parameters. STEP 3 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 430 Authentication and Privacy on the User page, the security level on this screen can be either No Authentication, or Authentication Only, or Authentication and Privacy. The options are: No Authentication —Indicates the packet is neither authenticated nor encrypted. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 431: Snmp Notification Filters
Filter Name. Add Notification Filter Click Add. The page is displayed. STEP 2 Enter the parameters. STEP 3 • Filter Name—Enter a name between 0-30 characters. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 432 Select or deselect Include in filter. If this is selected, the selected MIBs are STEP 4 included in the filter, otherwise they are excluded. Click Apply. The SNMP views are defined and the running configuration is STEP 5 updated. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 433: Chapter 23: Rip
Management and IP Interface > IPv4 interface page on the 500X models. The IP Routing control is available on the 500X models only. The switch supports RIP version 2, which is based on the following standards: • RFC2453 RIP Version 2, November 1998 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 434: How Rip Operates On The Device
In this way, the relative cost of the interfaces can be adjusted as desired. It is the responsibility of the user to set the offset for each interface (1 by default). Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 435: Passive Mode
In this case, the router is passive, and only receives the updated RIP information on this interface. By default, transmission of routing updates on an IP interface is enabled. RIP Settings on an IP Interface for more information. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 436 Causes RIP to use the predefined default metric value for the propagated static route configuration. • Transparent (default) Causes RIP to use the routing table metric as the RIP metric for the propagated static route configuration. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 437 The static route configuration of router rB, can be propagated to router rC using either the default metric or transparent system. A static route is redistributed either with the static route's metric (transparent metric) or with the metric defined by the default-metric command. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 438 RIP Peers Database The user can monitor the RIP peers database per IP interface. See Displaying the RIP Peers Database for a description of these counters. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 439: Configuring Rip Through The Web Gui
Select the following options as required: STEP 2 • RIP—Select to enable RIP. Disabling RIP deletes the RIP configuration on the system. • Redistribute Static Route—Select to enable this feature (described in Redistributing Static Route Configuration. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 440 • Authentication—RIP authentication state (enable/disable) on a specified IP interface. The following options are available: None—There is no authentication performed. Text—The key password entered below is used for authentication. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 441 To view the RIP statistical counters for each IP address: Click IP Configuration > RIPv2 > RIPv2 Statistics. The RIPv2 Statistics page is STEP 1 displayed. The following fields are displayed: • IP Interface—IP interface defined on the Layer 2 interface. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 442 0 or greater than 16 • Last Updated—Indicates the last time RIP received RIP routes from the remote IP address. To clear all counters, click Clear All Interface Counters. STEP 2 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 443: Configuring Access Lists
Action—Select an action for the access list. The following options are available: Permit—Permit entry of packets from the IP address(es) in the access list. Deny—Reject entry of packets from the IP address(es) in the access list. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 444: Key Management
To create a key chain, do the following: Create a key chain with a single key in it, using the Key Chain Settings page. STEP 1 Add additional keys, using the Key Settings page. STEP 2 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 445 End Time—Specifies the last date that the key-identifier is valid. Select one of the following options. Infinite—No limit to the life of the key-identifier. Duration—Life of the key-identifier is limited. If this option, is selected enter values in the following fields. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 446 • Start Date—Enter the earliest date that the key-identifier is valid. • Start Time—Enter the earliest time that the key-identifier is valid on the Start Date. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 447 Days—Number of days that the key-identifier is valid. Hours—Number of hours that the key-identifier is valid. Minutes—Number of minutes that the key-identifier is valid. Seconds—Number of seconds that the key-identifier is valid. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 448: Chapter 24: Vrrp
VRRP also enables load sharing of traffic. Traffic can be shared equitably among available routers by configuring VRRP in such a way that traffic to and from LAN clients are shared by multiple routers. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 449 The VRRP router that is the IP address owner will respond/process packets whose NOTE destination is to the IP address. The VRRP router that is the virtual router master, but not the IP address owner, will not respond/process those packets. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 450 IP address 192. 1 68.2. 1 and is the virtual router master, and rB is the virtual router backup to rA. Clients 1 and 2 are configured with the default gateway IP address of 192. 1 68.2. 1 . Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 451 For virtual router 2, rB is the owner of IP address 192. 1 68.2.2 and virtual router master, and rA is the virtual router backup to rB. Clients 3 and 4 are configured with the default gateway IP address of 192. 1 68.2.2. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 452 VRRP router to operate in VRRPv3. • All the existing VRRP routers of the virtual router operate in VRRPv2, then you should configure your new VRRP router to operate in VRRPv2. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 453 The VRRP routers that are non owner must be configured with an IP interface on the same IP subnet as the IP addresses of the virtual router. The corresponding IP subnets must be configured manually in the VRRP router, not DHCP assigned. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 454: Vrrp Router Priority And Preemption
If both have the same priority, the one with the higher IP address value is selected to become the virtual router master. By default, a preemptive feature is enabled, which functions as follows: Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 455: Vrrp Advertisements
STEP 3 • Interface—Interface on which virtual router is defined. • Virtual Router Identifier—User-defined number identifying virtual router. • Description—User-defined string identifying virtual router. • Status—Select to enable VRRP on the device. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 456 Virtual Router MAC Address—The virtual MAC address of the virtual router • Virtual Router IP Address Table—IP addresses associated with this virtual router. • Description—The virtual router name. • Version—The virtual router version. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 457 Advertisement Interval—The advertisement interval of the virtual router. • Source IP Address—IP address used as source IP address in VRRP messages. Click Apply. The settings are written to the Running Configuration file. STEP 6 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 458: Chapter 25: Console Menu Interface
HyperTerminal - Connection Description window displays. Enter a name for this connection, and optionally select an icon for the application STEP 3 shortcut that is created. Click OK. The Connect To window displays. STEP 4 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 459 Enter the command debug-mode, then press Enter, then enter the command STEP 7 menu. The Login displays. Press Ctrl-R to refresh the Menu CLI Login or to jump to the Menu CLI Login from any other window. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 460 Use these options to create and save a new password. See “Change User Password” page 593. The Switch Main Menu displays. Continue to the Console Interface Main Menu section. STEP 8 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 461: Connecting By Using Telnet
STEP 3 c:\>telnet 192. 1 68. 1 . 1 14 Press Enter. STEP 4 Enter username/password. The default username and password is cisco/cisco. STEP 5 Enter the command debug-mode, then press Enter, then enter the command STEP 6 menu. The Login displays. Press Ctrl-R to refresh the Menu CLI Login or to jump to the Menu CLI Login from any other window.
Page 462: Console Configuration Menu Navigation
Press Esc to navigate from the options list to the action list. The available actions are listed at the bottom of each screen. If you Quit without saving the changes, the changes to the parameter values made in this session are ignored. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 463: Console Interface Main Menu
• Management Settings • Username & Password Settings • Security Settings • VLAN Management • IP Configuration • File Management • Delete Startup Configuration • Reboot to Factory Defaults • Reboot System Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 464: Management Settings
The Management Settings menu provides the following options: • Serial Port Configuration • Telnet Configuration • SSH Configuration • SNMP Configuration Serial Port Configuration Path: Switch Main Menu > System Configuration Menu > Management Settings Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 465 Path: Switch Main Menu > System Configuration Menu > Management Settings > SSH Server Status Use SSH Server Status to view the SSH server status, the RSA and DSA key status, and any open SSH sessions. Select Refresh to update the screen. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 466 Use Username & Password Settings to configure the user names and passwords of those accessing the switch. Up to five users can be added. The factory default username is cisco. The factory default password is cisco. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 467: Security Settings
VLAN Management Path: Switch Main Menu > System Configuration Menu Use the VLAN Management menu to set the default VLAN. Changes to the default VLAN take effect only after you reboot the switch. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 468 Default Gateway—Enter the default gateway address for the switch (IPv4 Address Settings). • Management VLAN—Enter the management VLAN ID (IPv4 Address Settings). • DHCP Client—Use the Spacebar to enable or disable the DHCP client. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 469: Ipv6 Address Configuration
The device supports a maximum of 128 addresses at the interface. Each address must be a valid IPv6 address that is specified in hexadecimal format by using 16-bit values separated by colons. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 470 Path: Switch Main Menu > System Configuration Menu > IP Configuration > HTTP Configuration Use the HTTP Configuration option to enable or disable the HTTP server, and set the HTTP Server port number. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 471: Network Configuration
Use the Ping IPv6 option to enter the IPv6 address, interface type (VLAN, LAG, FE, GE), and interface ID number that you want to test. Select Execute to begin the test. The ping results are displayed in the Status and Statistics fields. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 472 IPv4 Default Route (Layer 3 devices only) Path: Switch Main Menu > System Configuration Menu > IP Configuration > IPv4 Default Route Use IPv4 Default Route to set the Next Hop IP Address for the switch. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 473: File Management
Path: Switch Main Menu > System Configuration Menu > File Management > Upgrade/Backup <IPv6> Use Upgrade/Backup <IPv6> to upload or download files, such as the startup configuration, boot, or image file via a TFTP server. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 474 Reboot to Factory Defaults will delete the Startup Configuration and reboot the switch. Any settings that are not saved to a file are lost after this action is selected. If there is a configuration on a TFTP server, the switch downloads the configuration. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 475: Port Status
Path: Switch Main Menu > Port Status > PoE Status PoE Status displays the status of the PoE ports. Port Configuration Path: Switch Main Menu > Port Configuration Use the Port Configuration Menu to change Port Configuration and PoE configuration. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 476: System Mode
Path: Switch Main Menu > Help Select Help to view information on how to navigate the options in the console interface. Logout Path: Switch Main Menu > Logout Select Logout to end the current console session. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 477 Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners.

This manual is also suitable for:

Sf500-24p Sg500-28p Sf500-48 Sg500x-24 Sg500x 24p Sg500x-48 ... Show all

Cisco SF500-24 Administration Manual

Chapter 1: Getting Started

Chapter 2: Viewing Statistics

Chapter 3: Managing System Logs

Chapter 4: Managing System Files

Chapter 5: Stack Management

Chapter 6: General Administrative Information and Operations

Chapter 7: System Time

Chapter 8: Managing Device Diagnostics

Chapter 9: Configuring Discovery

Chapter 10: Port Management

Chapter 11: Smartports

Chapter 12: Managing Power-Over-Ethernet Devices

Chapter 13: VLAN Management

Chapter 14: Configuring the Spanning Tree Protocol

Chapter 15: Managing MAC Address Tables

Chapter 16: Configuring Multicast Forwarding

Chapter 17: Configuring IP Information

Chapter 18: Configuring Security

Chapter 19: Configuring DHCP

Chapter 20: Access Control

Chapter 21: Configuring Quality of Service

Chapter 22: Configuring SNMP

Chapter 23: RIP

Chapter 24: VRRP

Chapter 25: Console Menu Interface

Quick Links

Related Manuals for Cisco SF500-24

Summary of Contents for Cisco SF500-24