Cisco Systems SF300-24P User Manual

Size:
4.91 Mb
Download

ADMINISTRATION

GUIDE

Cisco Small Business 300 Series Managed Switch Administration Guide Release 1.3

Contents

Chapter 1: Getting Started

1

Starting the Web-based Configuration Utility

1

Launching the Configuration Utility

2

HTTP/HTTPS

3

Logging Out

4

Quick Start Device Configuration

5

Interface Naming Conventions

6

Window Navigation

7

Application Header

7

Management Buttons

9

Chapter 2: Status and Statistics

12

Viewing Ethernet Interfaces

12

Viewing Etherlike Statistics

13

Viewing GVRP Statistics

15

Viewing 802.1X EAP Statistics

16

Viewing TCAM Utilization[

17

Managing RMON

18

Viewing RMON Statistics

18

Configuring RMON History

20

Viewing the RMON History Table

21

Defining RMON Events Control

22

Viewing the RMON Events Logs

24

Defining RMON Alarms

24

Chapter 3: Administration: System Log

28

Setting System Log Settings

28

Setting Remote Logging Settings

30

Viewing Memory Logs

31

RAM Memory

32

Flash Memory

32

Cisco Small Business 300 Series Managed Switch Administration Guide

1

 

Contents

 

 

 

 

Chapter 4: Administration: File Management

34

System Files

34

Upgrade/Backup Firmware/Language

37

Upgrade/Backing Firmware or Language File

38

Active Image

41

Download/Backup Configuration/Log

41

Configuration File Backwards Compatibility

42

Downloading or Backing-up a Configuration or Log File

43

Configuration Files Properties

47

Copy/Save Configuration

48

DHCP Auto Configuration

49

DHCP Server Options

50

Auto Configuration Download Protocol (TFTP or SCP)

50

SSH Client Authentication Parameters

51

Auto Configuration Process

51

Configuring DHCP Auto Configuration

53

Chapter 5: Administration: General Information

56

Device Models

56

System Information

58

Displaying the System Summary

58

Configuring the System Settings

60

Console Settings (Autobaud Rate Support)

61

Rebooting the Device

62

Routing Resources

64

Monitoring Fan Status

65

Defining Idle Session Timeout

67

Pinging a Host

67

Traceroute

69

Chapter 6: Administration: Time Settings

72

Cisco Small Business 300 Series Managed Switch Administration Guide

2

 

Contents

 

 

 

 

System Time Options

73

Time

73

Time Zone and Daylight Savings Time (DST)

74

SNTP Modes

74

Configuring System Time

75

Selecting Source of System Time

75

Adding a Unicast SNTP Server

77

Configuring the SNTP Mode

80

Defining SNTP Authentication

80

Time Range

81

Absolute Time Range

82

Recurring Time Range

83

Chapter 7: Administration: Diagnostics

84

Testing Copper Ports

84

Displaying Optical Module Status

86

MSA-compatible SFPs

86

Configuring Port and VLAN Mirroring

87

Viewing CPU Utilization and Secure Core Technology

89

Chapter 8: Administration: Discovery

92

Configuring Bonjour Discovery

92

Bonjour in Layer 2 System Mode

92

Bonjour in Layer 3 System Mode

93

LLDP and CDP

94

Configuring LLDP

95

LLDP Overview

96

Setting LLDP Properties

97

Editing LLDP Port Settings

98

LLDP MED Network Policy

100

Configuring LLDP MED Port Settings

102

Displaying LLDP Port Status

103

Displaying LLDP Local Information

104

Cisco Small Business 300 Series Managed Switch Administration Guide

3

 

Contents

 

 

 

 

Displaying LLDP Neighbors Information

108

Accessing LLDP Statistics

112

LLDP Overloading

113

Configuring CDP

115

Setting CDP Properties

115

Editing CDP Interface Settings

118

Displaying CDP Local Information

119

Displaying CDP Neighbors Information

121

Viewing CDP Statistics

123

Chapter 9: Port Management

124

Configuring Ports

124

Setting Port Configuration

125

Configuring Link Aggregation

128

Link Aggregation Overview

129

Load Balancing

129

Default Settings and Configuration

130

Static and Dynamic LAG Workflow

130

Defining LAG Management

131

Configuring LAG Settings

132

Configuring LACP

134

LACP Priority and Rules

134

LACP With No Link Partner

134

Setting LACP Parameter Settings

135

Configuring Green Ethernet

136

Green Ethernet Overview

136

Power Saving by Disabling Port LEDs

137

802.3az Energy Efficient Ethernet Feature

138

Setting Global Green Ethernet Properties

140

Setting Green Ethernet Properties for Ports

141

Chapter 10: Smartport

144

Overview

145

Cisco Small Business 300 Series Managed Switch Administration Guide

4

 

Contents

 

 

 

 

 

 

What is a Smartport

146

Smartport Types

146

Special Smartport Types

148

Smartport Macros

149

Applying a Smartport Type to an Interface

150

Macro Failure and the Reset Operation

150

How the Smartport Feature Works

151

Auto Smartport

152

Enabling Auto Smartport

152

Identifying Smartport Type

152

Using CDP/LLDP Information to Identify Smartport Types

153

Multiple Devices Attached to the Port

154

Persistent Auto Smartport Interface

155

Error Handling

155

Default Configuration

156

Relationships with Other Features and Backwards Compatibility

156

Common Smartport Tasks

156

Configuring Smartport Using The Web-based Interface

159

Smartport Properties

159

Smartport Type Settings

160

Smartport Interface Settings

161

Built-in Smartport Macros

164

Chapter 11: Port Management: PoE

176

PoE on the Device

176

PoE Features

176

PoE Operation

177

PoE Configuration Considerations

177

Configuring PoE Properties

179

Configuring PoE Settings

180

PoE priority example:

180

Cisco Small Business 300 Series Managed Switch Administration Guide

5

 

Contents

 

 

 

 

Chapter 12: VLAN Management

184

VLANs

184

Configuring Default VLAN Settings

187

Creating VLANs

189

Configuring VLAN Interface Settings

190

Defining VLAN Membership

191

Configuring Port to VLAN

192

Configuring VLAN Membership

193

GVRP Settings

194

Defining GVRP Settings

195

VLAN Groups

195

MAC-based Groups

196

Assigning MAC-based VLAN Groups

196

Mapping VLAN Group to VLAN Per Interface

197

Voice VLAN

198

Voice VLAN Overview

198

Dynamic Voice VLAN Modes

199

Voice End-Points

200

Auto Voice VLAN, Auto Smartports, CDP, and LLDP

200

Voice VLAN QoS

202

Voice VLAN Constraints

203

Voice VLAN Workflows

203

Configuring Voice VLAN

204

Configuring Voice VLAN Properties

205

Displaying Auto Voice VLAN Settings

206

Configuring Telephony OUI

208

Adding OUIs to the Telephony OUI Table

208

Adding Interfaces to Voice VLAN on Basis of OUIs

210

Access Port Multicast TV VLAN

211

IGMP Snooping

212

Differences Between Regular and Multicast TV VLANs

212

Configuration

213

Multicast TV Group to VLAN

213

Port Multicast VLAN Membership

214

Cisco Small Business 300 Series Managed Switch Administration Guide

6

 

Contents

 

 

 

 

Customer Port Multicast TV VLAN

214

Mapping CPE VLANs to Multicast TV VLANs

215

CPE Port Multicast VLAN Membership

216

Chapter 13: Spanning Tree

218

STP Flavors

218

Configuring STP Status and Global Settings

219

Defining Spanning Tree Interface Settings

221

Configuring Rapid Spanning Tree Settings

223

Multiple Spanning Tree

226

Defining MSTP Properties

226

Mapping VLANs to a MSTP Instance

227

Defining MSTP Instance Settings

228

Defining MSTP Interface Settings

229

Chapter 14: Managing MAC Address Tables

232

Types of MAC Addresses

232

Configuring Static MAC Addresses

233

Managing Dynamic MAC Addresses

234

Configuring Dynamic MAC Address Aging Time

234

Querying Dynamic Addresses

234

Defining Reserved MAC Addresses

235

Chapter 15: Multicast

236

Multicast Forwarding

236

Typical Multicast Setup

237

Multicast Address Properties

239

Defining Multicast Properties

239

Adding MAC Group Address

241

Adding IP Multicast Group Addresses

243

Configuring IGMP Snooping

244

Cisco Small Business 300 Series Managed Switch Administration Guide

7

 

Contents

 

 

 

 

 

 

MLD Snooping

247

Querying IGMP/MLD IP Multicast Group

249

Defining Multicast Router Ports

250

Defining Forward All Multicast

251

Defining Unregistered Multicast Settings

252

Chapter 16: IP Configuration

254

Overview

254

Layer 2 IP Addressing

255

Layer 3 IP Addressing

256

IPv4 Management and Interfaces

256

IPv4 Interface

256

Defining an IPv4 Interface in Layer 2 System Mode

257

Defining IPv4 Interface in Layer 3 System Mode

258

IPv4 Routes

260

ARP

261

ARP Proxy

262

UDP Relay/IP Helper

263

DHCPv4 Snooping/Relay

263

DHCPv4 Snooping

263

DHCPv4 Relay

264

Transparent DHCP Relay

264

Option 82

264

Interactions Between DHCPv4 Snooping, DHCPv4 Relay and Option 82

265

DHCP Snooping Binding Database

269

DHCP Trusted Ports

270

How the DHCP Snooping Binding Database is Built

270

DHCP Snooping Along With DHCP Relay

272

DHCP Default Configuration

272

Configuring DHCP Work Flow

272

DHCP Snooping/Relay

273

Properties

273

Interface Settings

274

DHCP Snooping Trusted Interfaces

274

DHCP Snooping Binding Database

275

Cisco Small Business 300 Series Managed Switch Administration Guide

8

 

Contents

 

 

 

 

DHCP Server

276

DHCP Options

276

Dependencies Between Features

278

Default Settings and Configurations

278

DHCPv4 Server

279

Network Pool

279

Excluded Addresses

281

Static Hosts

281

Address Binding

283

IPv6 Management and Interfaces

284

IPv6 Global Configuration

285

IPv6 Interface

285

IPv6 Tunnel

288

Configuring Tunnels

289

Defining IPv6 Addresses

290

IPv6 Default Router List

291

Defining IPv6 Neighbors Information

293

Viewing IPv6 Route Tables

294

DHCPv6 Relay

296

Dependencies with Other Features

296

Global Destinations

296

Interface Settings

297

Domain Name

297

DNS Settings

298

Search List

299

Host Mapping

300

Chapter 17: Security

302

Defining Users

303

Setting User Accounts

303

Setting Password Complexity Rules

305

Configuring TACACS+

306

Accounting Using a TACACS+ Server

307

Defaults

308

Cisco Small Business 300 Series Managed Switch Administration Guide

9

 

Contents

 

 

 

 

Interactions With Other Features

308

Workflow

308

Configuring a TACACS+ Server

308

Configuring RADIUS

311

Accounting Using a RADIUS Server

311

Defaults

311

Interactions With Other Features

312

Radius Workflow

312

Configuring Management Access Authentication

315

Defining Management Access Method

316

Active Access Profile

317

Defining Profile Rules

319

SSL Server

321

SSL Overview

321

Default Settings and Configuration

322

SSL Server Authentication Settings

322

Configuring TCP/UDP Services

324

Defining Storm Control

325

Configuring Port Security

326

Configuring 802.1X

329

802.1X Parameters Workflow

332

Defining 802.1X Properties

332

Defining 802.1X Port Authentication

334

Defining Host and Session Authentication

337

Viewing Authenticated Hosts

339

Defining Time Ranges

339

Denial of Service Prevention

340

Secure Core Technology (SCT)

340

Types of DoS Attacks

340

Defense Against DoS Attacks

341

Dependencies Between Features

342

Cisco Small Business 300 Series Managed Switch Administration Guide

10

Contents

Default Configuration

342

Configuring DoS Prevention

342

Security Suite Settings

342

SYN Protection

344

Martian Addresses

345

SYN Filtering

346

SYN Rate Protection

347

ICMP Filtering

348

IP Fragmented Filtering

348

IP Source Guard

349

Interactions with Other Features

349

Filtering

350

Configuring IP Source Guard Work Flow

350

Enabling IP Source Guard

351

Configuring IP Source Guard on Interfaces

351

Binding Database

352

Dynamic ARP Inspection

353

How ARP Prevents Cache Poisoning

354

Interaction Between ARP Inspection and DHCP Snooping

355

ARP Defaults

355

ARP Inspection Work Flow

356

Defining ARP Inspection Properties

356

Defining Dynamic ARP Inspection Interfaces Settings

357

Defining ARP Inspection Access Control

357

Defining ARP Inspection Access Control Rules

358

Defining ARP Inspection VLAN Settings

358

Chapter 18: Security: Secure Sensitive Data Management

360

Introduction

360

SSD Management

361

SSD Rules

361

Elements of an SSD Rule

362

SSD Rules and User Authentication

365

Default SSD Rules

365

Cisco Small Business 300 Series Managed Switch Administration Guide

11

 

Contents

 

 

 

 

SSD Default Read Mode Session Override

366

SSD Properties

366

Passphrase

367

Default and User-defined Passphrases

367

Local Passphrase

367

Configuration File Passphrase Control

368

Configuration File Integrity Control

368

Read Mode

369

Configuration Files

369

File SSD Indicator

369

SSD Control Block

370

Startup Configuration File

370

Running Configuration File

371

Backup and Mirror Configuration File

372

Sensitive Data Zero-Touch Auto Configuration

373

SSD Management Channels

374

Menu CLI and Password Recovery

375

Configuring SSD

375

SSD Properties

375

SSD Rules

376

Chapter 19: Security: SSH Client

380

Secure Copy (SCP) and SSH

380

Protection Methods

381

Passwords

381

Public/Private Keys

382

Import Keys

382

SSH Server Authentication

383

SSH Client Authentication

384

Supported Algorithms

384

Before You Begin

385

Common Tasks

385

Cisco Small Business 300 Series Managed Switch Administration Guide

12

Contents

SSH Client Configuration Through the GUI

387

SSH User Authentication

387

SSH Server Authentication

388

Modifying the User Password on the SSH Server

388

Chapter 20: Security: SSH Server

390

Overview

390

Common Tasks

391

SSH Server Configuration Pages

392

SSH User Authentication

392

SSH Server Authentication

393

Chapter 21: Access Control

396

Access Control Lists

396

Defining MAC-based ACLs

398

Adding Rules to a MAC-based ACL

399

IPv4-based ACLs

401

Defining an IPv4-based ACL

401

Adding Rules (ACEs) to an IPv4-Based ACL

402

IPv6-Based ACLs

405

Adding Rules (ACEs) for an IPv6-Based ACL

406

Defining ACL Binding

409

Chapter 22: Quality of Service

412

QoS Features and Components

413

QoS Modes

413

QoS Workflow

414

Configuring QoS - General

415

Setting QoS Properties

416

Configuring QoS Queues

417

Mapping CoS/802.1p to a Queue

418

Mapping DSCP to Queue

420

Cisco Small Business 300 Series Managed Switch Administration Guide

13

 

Contents

 

 

 

 

Configuring Bandwidth

423

Configuring Egress Shaping per Queue

425

Configuring VLAN Ingress Rate Limit

425

TCP Congestion Avoidance

427

QoS Basic Mode

427

Workflow to Configure Basic QoS Mode

427

Configuring Global Settings

428

Interface QoS Settings

429

QoS Advanced Mode

429

Workflow to Configure Advanced QoS Mode

431

Configuring Global Settings

431

Configuring Out-of-Profile DSCP Mapping

432

Defining Class Mapping

434

QoS Policers

435

Defining Aggregate Policers

436

Configuring a Policy

437

Policy Class Maps

438

Policy Binding

440

Managing QoS Statistics

440

Policer Statistics

441

Viewing Single Policer Statistics

441

Viewing Aggregated Policer Statistics

442

Viewing Queues Statistics

442

Chapter 23: SNMP

446

SNMP Versions and Workflow

446

SNMPv1 and v2

447

SNMPv3

447

SNMP Workflow

447

Supported MIBs

449

Model OIDs

449

SNMP Engine ID

450

Cisco Small Business 300 Series Managed Switch Administration Guide

14

Contents

Configuring SNMP Views

452

Creating SNMP Groups

453

Managing SNMP Users

455

Defining SNMP Communities

457

Defining Trap Settings

459

Notification Recipients

460

Defining SNMPv1,2 Notification Recipients

460

Defining SNMPv3 Notification Recipients

462

SNMP Notification Filters

463

Cisco Small Business 300 Series Managed Switch Administration Guide

15

Contents

Cisco Small Business 300 Series Managed Switch Administration Guide

16

1

Getting Started

This section provides an introduction to the web-basedconfiguration utility, and covers the following topics:

Starting the Web-based Configuration Utility

Quick Start Device Configuration

Interface Naming Conventions

Window Navigation

Starting the Web-basedConfiguration Utility

This section describes how to navigate the web-basedswitch configuration utility.

If you are using a pop-upblocker, make sure it is disabled.

Browser Restrictions

If you are using older versions of Internet Explorer, you cannot directly use an IPv6 address to access the device. You can, however, use the DNS (Domain Name System) server to create a domain name that contains the IPv6 address, and then use that domain name in the address bar in place of the IPv6 address.

If you have multiple IPv6 interfaces on your management station, use the IPv6 global address instead of the IPv6 link local address to access the device from your browser.

Cisco Small Business 300 Series Managed Switch Administration Guide

1

Getting Started

1

 

Starting the Web-basedConfiguration Utility

 

 

 

 

 

Launching the Configuration Utility

To open the web-basedconfiguration utility:

STEP 1 Open a Web browser.

STEP 2 Enter the IP address of the device you are configuring in the address bar on the browser, and then pressEnter.

NOTE When the device is using the factory default IP address of 192.168.1.254, its power LED flashes continuously. When the device is using a DHCP assigned IP address or anadministrator-configuredstatic IP address, the power LED is on solid.

Logging In

The default username is cisco and the default password iscisco. The first time that you log in with the default username and password, you are required to enter a new password.

NOTE If you have not previously selected a language for the GUI, the language of the Login page is determined by the language(s) requested by your browser and the languages configured on your device. If your browser requests Chinese, for example, and Chinese has been loaded into your device, the Login page is automatically displayed in Chinese. If Chinese has not been loaded into your device, the Login page appears in English.

The languages loaded into the device have a language and country code (en-US,en-GBand so on). For the Login page to be automatically displayed in a particular language, based on the browser request, both the language and country code of the browser request must match those of the language loaded on the device. If the browser request contains only the language code without a country code (for example: fr). The first embedded language with a matching language code is taken (without matching the country code, for example: fr_CA).

To log in to the device configuration utility:

STEP 1 Enter the username/password. The password can contain up to 64 ASCII characters.Password-complexityrules are described in theSetting Password Complexity Rules section of theConfiguring Security chapter.

STEP 2 If you are not using English, select the desired language from theLanguage dropdown menu. To add a new language to the device or update a current one, refer to the Upgrade/Backup Firmware/Language section.

Cisco Small Business 300 Series Managed Switch Administration Guide

2

1

Getting Started

 

 

Starting the Web-basedConfiguration Utility

 

 

 

 

STEP 3 If this is the first time that you logged on with the default user ID (cisco) and the default password (cisco) or your password has expired, the Change Password Page appears. See Password Expiration for additional information.

STEP 4 Choose whether to select Disable Password Complexity Enforcementor not. For more information on password complexity, see the Setting Password Complexity Rules section.

STEP 5 Enter the new password and clickApply.

When the login attempt is successful, the Getting Started page appears.

If you entered an incorrect username or password, an error message appears and the Login page remains displayed on the window. If you are having problems logging in, please see the Launching the Configuration Utility section in the Administration Guide for additional information.

Select Don’t show this page on startup to prevent the Getting Started page from being displayed each time that you log on to the system. If you select this option, the System Summary page is opened instead of the Getting Started page.

HTTP/HTTPS

You can either open an HTTP session (not secured) by clicking Log In, or you can open an HTTPS (secured) session, by clickingSecure Browsing (HTTPS). You are asked to approve the logon with a default RSA key, and an HTTPS session is opened.

NOTE There is no need to input the username/password prior to clicking theSecure Browsing (HTTPS) button.

For information on how to configure HTTPS, see SSL Server.

Password Expiration

The New Password page appears:

The first time you access the device with the default username cisco and passwordcisco. This page forces you to replace the factory default password.

When the password expires, this page forces you to select a new password.

3

Cisco Small Business 300 Series Managed Switch Administration Guide

Getting Started

1

 

Starting the Web-basedConfiguration Utility

 

 

 

 

 

Logging Out

By default, the application logs out after ten minutes of inactivity. You can change this default value as described in the Defining Idle Session Timeout section.

!

CAUTION Unless the Running Configuration is copied to the Startup Configuration, rebooting the device will remove all changes made since the last time the file was saved. Save the Running Configuration to the Startup Configuration before logging off to preserve any changes you made during this session.

A flashing red X icon to the left of the Save application link indicates that Running Configuration changes have not yet been saved to the Startup Configuration file. The flashing can be disabled by clicking on the Disable Save Icon Blinking button on the Copy/Save Configuration page

When the device auto-discoversa device, such as an IP phone (seeWhat is a Smartport), and it configures the port appropriately for the device. These configuration commands are written to the Running Configuration file. This causes the Save icon to begin blinking when the you log on even though you did not make any configuration changes.

When you click Save, the Copy/Save Configuration page appears. Save the Running Configuration file by copying it to the Startup Configuration file. After this save, the red X icon and the Save application link are no longer displayed.

To logout, click Logout in the top right corner of any page. The system logs out of the device.

When a timeout occurs or you intentionally log out of the system, a message appears and the Login page appears, with a message indicating the logged-outstate. After you log in, the application returns to the initial page.

The initial page displayed depends on the “Do not show this page on startup” option in the Getting Started page. If you did not select this option, the initial page is the Getting Started page. If you did select this option, the initial page is the System Summary page.

Cisco Small Business 300 Series Managed Switch Administration Guide

4

1

Getting Started

 

 

Quick Start Device Configuration

 

 

 

 

Quick Start Device Configuration

To simplify device configuration through quick navigation, the Getting Started page provides links to the most commonly used pages.

Links on the Getting Started page

Category

Link Name (on the Page)

Linked Page

 

 

 

 

Change Management

TCP/UDP Services page

 

Applications and Services

 

 

 

 

 

Change Device IP Address

IPv4 Interface page

 

 

 

 

Create VLAN

Create VLAN page

 

 

 

 

Configure Port Settings

Port Setting page

 

 

 

Device Status

System Summary

System Summary page

 

 

 

 

Port Statistics

Interface page

 

 

 

 

RMON Statistics

Statistics page

 

 

 

 

View Log

RAM Memory page

 

 

 

Quick Access

Change Device Password

User Accounts page

 

 

 

 

Upgrade Device Software

Upgrade/Backup Firmware/

 

 

Language page

 

 

 

 

Backup Device Configuration

Download/Backup

 

 

Configuration/Log page

 

 

 

 

Create MAC Based ACL

MAC Based ACL page

 

 

 

 

Create IP Based ACL

IPv4 Based ACL page

 

 

 

 

Configure QoS

QoS Properties page

 

 

 

 

Configure Port Mirroring

Port and VLAN Mirroring page

 

 

 

There are two hot links on the Getting Started page that take you to Cisco web pages for more information. Clicking on the Support link takes you to the device product support page, and clicking on the Forums link takes you to the Small Business Support Community page.

5

Cisco Small Business 300 Series Managed Switch Administration Guide

Getting Started

1

 

Interface Naming Conventions

 

 

 

 

 

Interface Naming Conventions

Within the GUI, interfaces are denoted by concatenating the following elements:

Type of interface: The following types of interfaces are found on the various types of devices:

-Fast Ethernet (10/100 bits)—These are displayed as FE.

-Gigabit Ethernet ports (10/100/1000 bits)—These are displayed as GE.

-LAG (Port Channel)—Theseare displayed asLAG.

-VLAN—Theseare displayed asVLAN.

-Tunnel —Theseare displayed asTunnel.

Interface Number: Port, LAG, tunnel or VLAN ID

Cisco Small Business 300 Series Managed Switch Administration Guide

6

1

Getting Started

 

 

Window Navigation

 

 

 

 

Window Navigation

This section describes the features of the web-basedswitch configuration utility.

Application Header

The Application Header appears on every page. It provides the following application links:

Application Links

Application Link

Description

Name

 

 

 

 

A flashing red X icon displayed to the left of the Save

 

application link indicates that Running Configuration

 

changes have been made that have not yet been saved to

 

the Startup Configuration file. The flashing of the red X can

 

be disabled on the Copy/Save Configuration page.

 

Click Save to display the Copy/Save Configuration page.

 

Save the Running Configuration file by copying it to the

 

Startup Configuration file type on the device. After this

 

save, the red X icon and the Save application link are no

 

longer displayed. When the device is rebooted, it copies

 

the Startup Configuration file type to the Running

 

Configuration and sets the device parameters according

 

to the data in the Running Configuration.

 

 

Username

Displays the name of the user logged on to the device. The

 

default username is cisco. (The default password iscisco).

 

 

7

Cisco Small Business 300 Series Managed Switch Administration Guide

Getting Started

1

 

Window Navigation

 

 

 

 

 

Application Links (Continued)

Application Link

Description

Name

 

 

 

 

Language Menu

This menu provides the following options:

 

Select a language: Select one of the languages that

 

 

appear in the menu. This language will be the web-

 

 

based configuration utility language.

 

Download Language: Add a new language to the

 

 

device.

 

Delete Language: Deletes the second language on

 

 

the device. The first language (English) cannot be

 

 

deleted.

 

Debug: Used for translation purposes. If you select

 

 

this option, all web-basedconfiguration utility labels

 

 

disappear and in their place are the IDs of the

 

 

strings that correspond to the IDs in the language

 

 

file.

 

 

NOTE To upgrade a language file, use the Upgrade/

 

 

Backup Firmware/Language page.

 

 

Logout

Click to log out of the web-basedswitch configuration

 

utility.

 

 

About

Click to display the device name and device version

 

number.

 

 

Help

Click to display the online help.

 

 

 

The SYSLOG Alert Status icon appears when a SYSLOG

 

message, above the critical severity level, is logged. Click

 

the icon to open the RAM Memory page. After you access

 

this page, the SYSLOG Alert Status icon is no longer

 

displayed. To display the page when there is not an active

 

SYSLOG message, Click Status and Statistics> View

 

Log > RAM Memory.

 

 

 

Cisco Small Business 300 Series Managed Switch Administration Guide

8

1

Getting Started

 

 

Window Navigation

 

 

 

 

Management Buttons

The following table describes the commonly-usedbuttons that appear on various pages in the system.

Management Buttons

Button Name

Description

 

 

 

Use the pull-downmenu to configure the number of

 

entries per page.

 

 

 

Indicates a mandatory field.

 

 

Add

Click to display the related Add page and add an entry to a

 

table. Enter the information and click Apply to save it to the

 

Running Configuration. Click Close to return to the main

 

page. Click Save to display the Copy/Save Configuration

 

page and save the Running Configuration to the Startup

 

Configuration file type on the device.

 

 

Apply

Click to apply changes to the Running Configuration on the

 

device. If the device is rebooted, the Running

 

Configuration is lost, unless it is saved to the Startup

 

Configuration file type or another file type. Click Save to

 

display the Copy/Save Configuration page and save the

 

Running Configuration to the Startup Configuration file

 

type on the device.

 

 

Cancel

Click to reset changes made on the page.

 

 

Clear All

Click to clear the statistic counters for all interfaces.

Interfaces

 

Counters

 

 

 

Clear Interface

Click to clear the statistic counters for the selected

Counters

interface.

 

 

Clear Logs

Clears log files.

 

 

Clear Table

Clears table entries.

 

 

Close

Returns to main page. If any changes were not applied to

 

the Running Configuration, a message appears.

 

 

9

Cisco Small Business 300 Series Managed Switch Administration Guide

Getting Started

1

 

Window Navigation

 

 

 

 

 

Management Buttons (Continued)

Button Name

Description

 

 

Copy Settings

A table typically contains one or more entries containing

 

configuration settings. Instead of modifying each entry

 

individually, it is possible to modify one entry and then

 

copy the selected entry to multiple entries, as described

 

below:

 

1.

Select the entry to be copied. Click Copy Settings to

 

 

display the popup.

 

2.

Enter the destination entry numbers in the to field.

 

3.

Click Apply to save the changes and clickClose to

 

 

return to the main page.

 

 

Delete

After selecting an entry in the table, click Delete to

 

remove.

 

 

Details

Click to display the details associated with the entry

 

selected.

 

 

Edit

Select the entry and click Edit. The Edit page appears,

 

and the entry can be modified.

 

1.

Click Apply to save the changes to the Running

 

 

Configuration.

 

2.

Click Close to return to the main page.

 

 

Go

Enter the query filtering criteria and click Go. The results

 

are displayed on the page.

 

 

Test

Click Test to perform the related tests.

 

 

 

Cisco Small Business 300 Series Managed Switch Administration Guide

10

1

Getting Started

 

 

Window Navigation

 

 

 

 

11

Cisco Small Business 300 Series Managed Switch Administration Guide

2

Status and Statistics

This section describes how to view device statistics.

It covers the following topics:

Viewing Ethernet Interfaces

Viewing Etherlike Statistics

Viewing GVRP Statistics

Viewing 802.1X EAP Statistics

Viewing TCAM Utilization[

Managing RMON

Viewing Ethernet Interfaces

The Interface page displays traffic statistics per port. The refresh rate of the information can be selected.

This page is useful for analyzing the amount of traffic that is both sent and received and its dispersion (Unicast, Multicast, and Broadcast).

To display Ethernet statistics and/or set the refresh rate:

STEP 1 Click Status and Statistics> Interface.

STEP 2 Enter the parameters.

Interface—Selectthe type of interface and specific interface for which Ethernet statistics are to be displayed.

Refresh Rate—Selectthe time period that passes before the interface Ethernet statistics are refreshed. The available options are:

- No Refresh—Statisticsare not refreshed.

Cisco Small Business 300 Series Managed Switch Administration Guide

12

2

Status and Statistics

 

 

Viewing Etherlike Statistics

 

 

 

 

-15 Sec—Statisticsare refreshed every 15 seconds.

-30 Sec—Statisticsare refreshed every 30 seconds.

-60 Sec—Statisticsare refreshed every 60 seconds.

The Receive Statistics area displays information about incoming packets.

Total Bytes (Octets)—Octetsreceived, including bad packets and FCS octets, but excluding framing bits.

Unicast Packets—GoodUnicast packets received.

Multicast Packets—GoodMulticast packets received.

Broadcast Packets—GoodBroadcast packets received.

Packets with Errors—Packetswith errors received.

The Transmit Statistics area displays information about outgoing packets.

Total Bytes (Octets)—Octetstransmitted, including bad packets and FCS octets, but excluding framing bits.

Unicast Packets—GoodUnicast packets transmitted.

Multicast Packets—GoodMulticast packets transmitted.

Broadcast Packets—GoodBroadcast packets transmitted. To clear statistics counters:

Click Clear Interface Counters to clear counters for the interface displayed.

Click View All Interfaces Statistics to see all ports on a single page.

Viewing Etherlike Statistics

The Etherlike page displays statistics per port according to the Etherlike MIB standard definition. The refresh rate of the information can be selected. This page provides more detailed information regarding errors in the physical layer (Layer 1), which might disrupt traffic.

To view Etherlike Statistics and/or set the refresh rate:

13

Cisco Small Business 300 Series Managed Switch Administration Guide

Status and Statistics

2

 

Viewing Etherlike Statistics

 

 

 

 

 

 

 

 

 

 

STEP 1 Click Status and Statistics> Etherlike.

STEP 2 Enter the parameters.

Interface—Selectthe type of interface and specific interface for which Ethernet statistics are to be displayed.

Refresh Rate—Selectthe amount of time that passes before the Etherlike statistics are refreshed.

The fields are displayed for the selected interface.

Frame Check Sequence (FCS) Errors—Received frames that failed the CRC (cyclic redundancy checks).

Single Collision Frames—Framesthat were involved in a single collision, but were successfully transmitted.

Late Collisions—Collisionsthat have been detected after the first 512 bits of data.

Excessive Collisions—Numberof transmissions rejected due to excessive collisions.

Oversize Packets—Packetsgreater than 2000 octets received.

Internal MAC Receive Errors—Framesrejected because of receiver errors.

Pause Frames Received—Receivedflow control pause frames.

Pause Frames Transmitted—Flowcontrol pause frames transmitted from the selected interface.

To clear statistics counters:

Click Clear Interface Counters to clear the selected interfaces counters.

Click View All Interfaces Statistics to see all ports on a single page.

Cisco Small Business 300 Series Managed Switch Administration Guide

14

2

Status and Statistics

 

 

Viewing GVRP Statistics

 

 

 

 

Viewing GVRP Statistics

The GVRP page displays information regarding GARP VLAN Registration Protocol (GVRP) frames that were sent or received from a port. GVRP is a standards-basedLayer 2 network protocol, for automatic configuration of VLAN information on switches. It was defined in the 802.1ak amendment to802.1Q-2005.

GVRP statistics for a port are only displayed if GVRP is enabled globally and on the port. See the GVRP page.

To view GVRP statistics and/or set the refresh rate:

STEP 1 Click Status and Statistics> GVRP.

STEP 2 Enter the parameters.

Interface—Selectthe specific interface for which GVRP statistics are to be displayed.

Refresh Rate—Selectthe time period that passes before the GVRP statistics page is refreshed.

The Attribute Counter block displays the counters for various types of packets per interface.

Join Empty—Numberof GVRP Join Empty packets received/transmitted.

Empty—Numberof GVRP empty packets received/transmitted.

Leave Empty—Numberof GVRP Leave Empty packets received/ transmitted.

Join In—Numberof GVRP Join In packets received/transmitted.

Leave In—Numberof GVRP Leave In packets received/transmitted.

Leave All—Numberof GVRP Leave All packets received/transmitted. The GVRP Error Statistics section displays the GVRP error counters.

Invalid Protocol ID—Invalidprotocol ID errors.

Invalid Attribute Type—Invalidattribute ID errors.

Invalid Attribute Value—Invalidattribute value errors.

Invalid Attribute Length—Invalidattribute length errors.

Invalid Event—Invalidevents.

15

Cisco Small Business 300 Series Managed Switch Administration Guide

STEP 1

Status and Statistics

2

 

Viewing 802.1X EAP Statistics

 

 

 

 

 

To clear statistics counters:

Click Clear Interface Counters to clear the selected counters.

Click View All Interfaces Statistics to see all ports on a single page.

Viewing 802.1X EAP Statistics

The 802.1x EAP page displays detailed information regarding the EAP (Extensible Authentication Protocol) frames that were sent or received. To configure the 802.1X feature, see the 802.1X Properties page.

To view the EAP Statistics and/or set the refresh rate:

Click Status and Statistics> 802.1x EAP.

STEP 2 Select theInterface that is polled for statistics.

STEP 3 Select the time period (Refresh Rate) that passes before the EAP statistics are refreshed.

The values are displayed for the selected interface.

EAPOL Frames Received—ValidEAPOL frames received on the port.

EAPOL Frames Transmitted—ValidEAPOL frames transmitted by the port.

EAPOL Start Frames Received—EAPOLStart frames received on the port.

EAPOL Logoff Frames Received—EAPOLLogoff frames received on the port.

EAP Response/ID Frames Received—EAPResp/ID frames received on the port.

EAP Response Frames Received—EAPResponse frames received by the port (other than Resp/ID frames).

EAP Request/ID Frames Transmitted—EAPReq/ID frames transmitted by the port.

EAP Request Frames Transmitted—EAPRequest frames transmitted by the port.

Cisco Small Business 300 Series Managed Switch Administration Guide

16

2

Status and Statistics

 

 

Viewing TCAM Utilization[

 

 

 

 

Invalid EAPOL Frames Received—UnrecognizedEAPOL frames received on this port.

EAP Length Error Frames Received—EAPOL frames with an invalid Packet Body Length received on this port.

Last EAPOL Frame Version—Protocolversion number attached to the most recently received EAPOL frame.

Last EAPOL Frame Source—SourceMAC address attached to the most recently received EAPOL frame.

To clear statistics counters:

Click Clear Interface Counters to clear the selected interfaces counters.

Click Clear All Interface Counters to clear the counters of all interfaces.

Viewing TCAM Utilization[

The device architecture uses a TCAM (Ternary Content Addressable Memory) to support packet actions in wire speed.

TCAM holds the rules produced by applications, such as ACLs (Access Control Lists), Quality of Service (QoS), IP Routing and user-createdrules. The maximum number of TCAM rules that can be allocated by all applications on the device is 512.

Some applications allocate rules upon their initiation. Additionally, processes that initialize during system boot use some of their rules during the startup process.

To view TCAM utilization, click Status and Statistics> TCAM Utilization.

The TCAM Utilization page shows the following fields:

Maximum TCAM Entries for IPv4 and Non-IP(Rules)—Maximum TCAM Entries available.

IPv4 Routing

-In Use—Numberof TCAM entries used for IPv4 routing.

-Maximum—Numberof available TCAM entries that can be used for IPv4 routing.

17

Cisco Small Business 300 Series Managed Switch Administration Guide

Status and Statistics

2

 

Managing RMON

 

 

 

 

 

Non-IPRules

-In Use—Numberof TCAM entries used fornon-IPrules.

-Maximum—Numberof available TCAM entries that can be used for nonIP rules.

Managing RMON

RMON (Remote Networking Monitoring) is an SNMP specification that enables an SNMP agent in the device to proactively monitor traffic statistics over a given period and send traps to an SNMP manager. The local SNMP agent compares actual, real-timecounters against predefined thresholds and generates alarms, without the need for polling by a central SNMP management platform. This is an effective mechanism for proactive management, provided that you have the correct thresholds set relative to your network’s base line.

RMON decreases the traffic between the manager and the device because the SNMP manager does not have to poll the device frequently for information, and enables the manager to get timely status reports, because the device reports events as they occur.

With this feature, you can perform the following actions:

View the current statistics (since the counter values were cleared). You can also collect the values of these counters over a period of time, and then view the table of collected data, where each collected set is a single line of the History tab.

Define interesting changes in counter values, such as “reached a certain number of late collisions” (defines the alarm), and then specify what action to perform when this event occurs (log, trap, or log and trap).

Viewing RMON Statistics

The Statistics page displays detailed information regarding packet sizes and information regarding physical layer errors. The information displayed is according to the RMON standard. An oversized packet is defined as an Ethernet frame with the following criteria:

Packet length is greater than MRU byte size.

Collision event has not been detected.

Cisco Small Business 300 Series Managed Switch Administration Guide

18

2

Status and Statistics

 

 

Managing RMON

 

 

 

 

Late collision event has not been detected.

Received (Rx) error event has not been detected.

Packet has a valid CRC.

To view RMON statistics and/or set the refresh rate:

STEP 1 Click Status and Statistics > RMON > Statistics.

STEP 2 Select theInterface for which Ethernet statistics are to be displayed.

STEP 3 Select theRefresh Rate, the time period that passes before the interface statistics are refreshed.

The statistics are displayed for the selected interface.

Bytes Received—Numberof octets received, including bad packets and FCS octets, but excluding framing bits.

Drop Events—Numberof packets dropped.

Packets Received—Numberof good packets received, including Multicast and Broadcast packets.

Broadcast Packets Received—Numberof good Broadcast packets received. This number does not include Multicast packets.

Multicast Packets Received—Numberof good Multicast packets received.

CRC & Align Errors—Numberof CRC and Align errors that have occurred.

Undersize Packets—Numberof undersized packets (less than 64 octets) received.

Oversize Packets—Numberof oversized packets (over 2000 octets) received.

Fragments—Numberof fragments (packets with less than 64 octets, excluding framing bits, but including FCS octets) received.

Jabbers—Totalnumber received packets that were longer than 1632 octets. This number excludes frame bits, but includes FCS octets that had either a bad FCS (Frame Check Sequence) with an integral number of octets (FCS Error) or a bad FCS with anon-integraloctet (Alignment Error) number. A Jabber packet is defined as an Ethernet frame that satisfies the following criteria:

- Packet data length is greater than MRU.

19

Cisco Small Business 300 Series Managed Switch Administration Guide

Status and Statistics

2

 

Managing RMON

 

 

 

 

 

-Packet has an invalid CRC.

-Received (Rx) Error Event has not been detected.

Collisions—Numberof collisions received. If Jumbo Frames are enabled, the threshold of Jabber Frames is raised to the maximum size of Jumbo Frames.

Frames of 64 Bytes—Numberof frames, containing 64 bytes that were received.

Frames of 65 to 127 Bytes—Numberof frames, containing65-127bytes that were received.

Frames of 128 to 255 Bytes—Numberof frames, containing128-255bytes that were received.

Frames of 256 to 511 Bytes—Numberof frames, containing256-511bytes that were received.

Frames of 512 to 1023 Bytes—Numberof frames, containing512-1023bytes that were received.

Frames greater than 1024 Bytes—Numberof frames, containing 10242000 bytes, and Jumbo Frames, that were received.

To clear statistics counters:

Click Clear Interface Counters to clear the selected interfaces counters.

Click View All Interfaces Statistics to see all ports on a single page.

Configuring RMON History

The RMON feature enables monitoring statistics per interface.

The History Control Table page defines the sampling frequency, amount of samples to store and the port from where to gather the data.

After the data is sampled and stored, it appears in the History Table page that can be viewed by clicking History Table.

Cisco Small Business 300 Series Managed Switch Administration Guide

20

2

Status and Statistics

 

 

Managing RMON

 

 

 

 

To enter RMON control information:

STEP 1 ClickStatus and Statistics > RMON > History. The fields displayed on this page are defined in the Add RMON History page, below. The only field is that is on this page and not defined in the Add page is:

Current Number of Samples—RMONis allowed by standard to not grant all requested samples, but rather to limit the number of samples per request. Therefore, this field represents the sample number actually granted to the request that is equal or less than the requested value.

STEP 2 Click Add.

STEP 3 Enter the parameters.

New History Entry—Displaysthe number of the new History table entry.

Source Interface—Selectthe type of interface from which the history samples are to be taken.

Max No. of Samples to Keep—Enterthe number of samples to store.

Sampling Interval—Enterthe time in seconds that samples are collected from the ports. The field range is1-3600.

Owner—Enterthe RMON station or user that requested the RMON information.

STEP 4 ClickApply. The entry is added to the History Control Table page,and the Running Configuration file is updated.

STEP 5 Click History Table to view the actual statistics.

Viewing the RMON History Table

The History Table page displays interface-specificstatistical network samplings. The samples were configured in the History Control table described above.

To view RMON history statistics:

STEP 1 Click Status and Statistics> RMON> History.

STEP 2 Click History Table.

STEP 3 From theHistory Entry No. list, select the entry number of the sample to display.

21

Cisco Small Business 300 Series Managed Switch Administration Guide

Status and Statistics

2

 

Managing RMON

 

 

 

 

 

The fields are displayed for the selected sample.

Owner—Historytable entry owner.

Sample No.—Statisticswere taken from this sample.

Drop Events—Droppedpackets due to lack of network resources during the sampling interval. This may not represent the exact number of dropped packets, but rather the number of times dropped packets were detected.

Bytes Received—Octetsreceived including bad packets and FCS octets, but excluding framing bits.

Packets Received—Packetsreceived, including bad packets, Multicast, and Broadcast packets.

Broadcast Packets—GoodBroadcast packets excluding Multicast packets.

Multicast Packets—GoodMulticast packets received.

CRC Align Errors—CRCand Align errors that have occurred.

Undersize Packets—Undersizedpackets (less than 64 octets) received.

Oversize Packets—Oversizedpackets (over 2000 octets) received.

Fragments—Fragments(packets with less than 64 octets) received, excluding framing bits, but including FCS octets.

Jabbers—Totalnumber of received packets that were longer than 2000 octets. This number excludes frame bits, but includes FCS octets that had either a bad FCS (Frame Check Sequence) with an integral number of octets (FCS Error) or a bad FCS with anon-integraloctet (Alignment Error) number.

Collisions—Collisionsreceived.

Utilization—Percentageof current interface traffic compared to maximum traffic that the interface can handle.

Defining RMON Events Control

You can control the occurrences that trigger an alarm and the type of notification that occurs. This is performed as follows:

Events Page—Configureswhat happens when an alarm is triggered. This can be any combination of logs and traps.

Cisco Small Business 300 Series Managed Switch Administration Guide

22

2

Status and Statistics

 

 

Managing RMON

 

 

 

 

 

AlarmsPage—Configuresthe occurrences that trigger an alarm.

 

To define RMON events:

 

 

STEP 1

Click Status and Statistics > RMON> Events.

 

This page displays previously defined events.

STEP 2

Click Add.

STEP 3

Enter the parameters.

 

Event Entry—Displaysthe event entry index number for the new entry.

 

Community—Enterthe SNMP community string to be included when traps

 

are sent (optional).

 

Description—Entera name for the event. This name is used in the Add

 

RMON Alarm page to attach an alarm to an event.

 

Notification Type—Selectthe type of action that results from this event.

 

Values are:

 

- None—Noaction occurs when the alarm goes off.

 

- Log (Event Log Table)—Adda log entry to the Event Log table when the

 

alarm is triggered.

 

- Trap (SNMP Manager and SYSLOGServer)—Send a trap to the remote

 

log server when the alarm goes off.

 

- Log and Trap—Adda log entry to the Event Log table and send a trap to

 

the remote log server when the alarm goes off.

 

Time—Thetime of the event. (This is aread-onlytable in the parent window

 

and cannot be defined).

 

Owner—Enterthe device or user that defined the event.

STEP 4

Click Apply. The RMON event is saved to the Running Configuration file.

STEP 5

Click Event Log Table to display the log of alarms that have occurred and that have

 

been logged (see description below).

 

 

23

Cisco Small Business 300 Series Managed Switch Administration Guide

Status and Statistics

2

 

Managing RMON

 

 

 

 

 

Viewing the RMON Events Logs

The Event Log Table page displays the log of events (actions) that occurred. Two types of events can be logged: Log orLog and Trap. The action in the event is performed when the event is bound to an alarm (see the Alarms page) and the conditions of the alarm have occurred.

STEP 1 Click Status and Statistics > RMON> Events.

STEP 2 Click Event Log Table.

This page displays the following fields:

Event Entry No.—Event’slog entry number.

Log No.—Lognumber (within the event).

Log Time—Timethat the log entry was entered.

Description—Descriptionof event that triggered the alarm.

Defining RMON Alarms

RMON alarms provide a mechanism for setting thresholds and sampling intervals to generate exception events on any counter or any other SNMP object counter maintained by the agent. Both the rising and falling thresholds must be configured in the alarm. After a rising threshold is crossed, no rising events are generated until the companion falling threshold is crossed. After a falling alarm is issued, the next alarm is issued when a rising threshold is crossed.

One or more alarms are bound to an event, which indicates the action to be taken when the alarm occurs.

The Alarms page provides the ability to configure alarms and to bind them with events. Alarm counters can be monitored by either absolute values or changes (delta) in the counter values.

Cisco Small Business 300 Series Managed Switch Administration Guide

24

2

Status and Statistics

 

 

Managing RMON

 

 

 

 

To enter RMON alarms:

STEP 1 ClickStatus and Statistics > RMON >Alarms. Allpreviously-definedalarms are displayed. The fields are described in the Add RMON Alarm page below. In addition to those fields, the following field appears:

Counter Value—Displaysthe value of the statistic during the last sampling period.

STEP 2 Click Add.

STEP 3 Enter the parameters.

Alarm Entry—Displaysthe alarm entry number.

Interface—Selectthe type of interface for which RMON statistics are displayed.

Counter Name—Selectthe MIB variable that indicates the type of occurrence measured.

Sample Type—Selectthe sampling method to generate an alarm. The options are:

-Absolute—Ifthe threshold is crossed, an alarm is generated.

-Delta—Subtractsthe last sampled value from the current value. The difference in the values is compared to the threshold. If the threshold was crossed, an alarm is generated.

Rising Threshold—Enterthe value that triggers the rising threshold alarm.

Rising Event—Selectan event to be performed when a rising event is triggered. Events are created in the Events page.

Falling Threshold—Enterthe value that triggers the falling threshold alarm.

Falling Event—Selectan event to be performed when a falling event is triggered.

Startup Alarm—Selectthe first event from which to start generation of alarms. Rising is defined by crossing the threshold from alow-valuethreshold to ahigher-valuethreshold.

-Rising Alarm—Arising value triggers the rising threshold alarm.

-Falling Alarm—Afalling value triggers the falling threshold alarm.

-Rising and Falling—Bothrising and falling values trigger the alarm.

25

Cisco Small Business 300 Series Managed Switch Administration Guide

Status and Statistics

2

 

Managing RMON

 

 

 

 

 

Interval—Enterthe alarm interval time in seconds.

Owner—Enterthe name of the user or network management system that receives the alarm.

STEP 4 ClickApply. The RMON alarm is saved to the Running Configuration file.

Cisco Small Business 300 Series Managed Switch Administration Guide

26

2

Status and Statistics

 

 

Managing RMON

 

 

 

 

27

Cisco Small Business 300 Series Managed Switch Administration Guide

3

Administration: System Log

This section describes the System Log feature, which enables the device to generate several independent logs. Each log is a set of messages describing system events.

The device generates the following local logs:

Log sent to the console interface.

Log written into a cyclical list of logged events in the RAM and erased when the device reboots.

Log written to a cyclical log-filesaved to the Flash memory and persists across reboots.

In addition, you can send messages to remote SYSLOG servers in the form of

SNMP traps and SYSLOG messages.

This section covers the following sections:

Setting System Log Settings

Setting Remote Logging Settings

Viewing Memory Logs

Setting System Log Settings

You can enable or disable logging on the Log Settings page, and select whether to aggregate log messages.

You can select the events by severity level. Each log message has a severity level marked with the first letter of the severity level concatenated with a dash (-)on each side (except forEmergency that is indicated by the letter F). For example, the log message"%INIT-I-InitCompleted:… " has a severity level ofI, meaning

Informational.

Cisco Small Business 300 Series Managed Switch Administration Guide

28

3

Administration: System Log

 

 

Setting System Log Settings

 

 

 

 

The event severity levels are listed from the highest severity to the lowest severity, as follows:

Emergency—Systemis not usable.

Alert—Actionis needed.

Critical—Systemis in a critical condition.

Error—Systemis in error condition.

Warning—Systemwarning has occurred.

Notice—Systemis functioning properly, but a system notice has occurred.

Informational—Deviceinformation.

Debug—Detailedinformation about an event.

You can select different severity levels for RAM and Flash logs. These logs are displayed in the RAM Memory page and Flash Memory page, respectively.

Selecting a severity level to be stored in a log causes all of the higher severity events to be automatically stored in the log. Lower severity events are not stored in the log.

For example, if Warning is selected, all severity levels that areWarning and higher are stored in the log (Emergency, Alert, Critical, Error, and Warning). No events with severity level belowWarning are stored (Notice, Informational, and Debug).

To set global log parameters:

STEP 1 Click Administration> System Log> Log Settings.

STEP 2 Enter the parameters.

Logging—Selectto enable message logging.

Syslog Aggregator—Selectto enable the aggregation of SYSLOG messages and traps. If enabled, identical and contiguous SYSLOG messages and traps are aggregated over the specified Max Aggregation Time and sent in a single message. The aggregated messages are sent in the order of their arrival. Each message states the number of times it was aggregated.

Max Aggregation Time—Enterthe interval of time that SYSLOG messages are aggregated.

29

Cisco Small Business 300 Series Managed Switch Administration Guide

Administration: System Log

3

 

Setting Remote Logging Settings

 

 

 

 

 

Originator Identifier—Enablesadding an origin identifier to SYSLOG messages. The options are:

-None—Donot include the origin identifier in SYSLOG messages.

-Hostname—Includethe system hostname in SYSLOG messages.

-IPv4 Address—Includethe IPv4 address of the sending interface in SYSLOG messages.

-IPv6 Address—Includethe IPv6 address of the sending interface in SYSLOG messages.

-User Defined—Entera description to be included in SYSLOG messages.

RAM Memory Logging—Selectthe severity levels of the messages to be logged to the RAM.

Flash Memory Logging—Selectthe severity levels of the messages to be logged to the Flash memory.

STEP 3 ClickApply. The Running Configuration file is updated.

Setting Remote Logging Settings

The Remote Log Servers page enables defining remote SYSLOG servers where log messages are sent (using the SYSLOG protocol). For each server, you can configure the severity of the messages that it receives.

To define SYSLOG servers:

STEP 1 Click Administration> System Log> Remote Log Servers.

STEP 2 Click Add.

STEP 3 Enter the parameters.

Server Definition—Selectwhether to identify the remote log server by IP address or name.

IP Version—Selectthe supported IP format.

IPv6 Address Type—Selectthe IPv6 address type (if IPv6 is used). The options are:

Cisco Small Business 300 Series Managed Switch Administration Guide

30

3

Administration: System Log

 

 

Viewing Memory Logs

 

 

 

 

-Link Local—TheIPv6 address uniquely identifies hosts on a single network link. A link local address has a prefix ofFE80, is not routable, and can be used for communication only on the local network. Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration.

-Global—TheIPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks.

Link Local Interface—Selectthe link local interface (if IPv6 Address Type Link Local is selected) from the list.

Log Server IP Address/Name—Enterthe IP address or domain name of the log server.

UDP Port—Enterthe UDP port to which the log messages are sent.

Facility—Selecta facility value from which system logs are sent to the remote server. Only one facility value can be assigned to a server. If a second facility code is assigned, the first facility value is overridden.

Description—Entera server description.

Minimum Severity—Selectthe minimum level of system log messages to be sent to the server.

STEP 4 ClickApply. The Add Remote Log Server page closes, the SYSLOG server is added, and the Running Configuration file is updated.

Viewing Memory Logs

The device can write to the following logs:

Log in RAM (cleared during reboot).

Log in Flash memory (cleared only upon user command).

You can configure the messages that are written to each log by severity, and a message can go to more than one log, including logs that reside on external SYSLOG servers.

31

Cisco Small Business 300 Series Managed Switch Administration Guide

Administration: System Log

3

 

Viewing Memory Logs

 

 

 

 

 

RAM Memory

The RAM Memory page displays all messages that were saved in the RAM (cache) in chronological order. Entries are stored in the RAM log according to the configuration in the Log Settings page.

To view log entries, click Status and Statistics> View Log> RAM Memory.

The top of the page has a button that allows you to Disable Alert Icon Blinking.

Click to toggle between disable and enable.

This page contains the following fields:

Log Index—Logentry number.

Log Time—Timewhen message was generated.

Severity—Eventseverity.

Description—Messagetext describing the event.

To clear the log messages, click Clear Logs. The messages are cleared.

Flash Memory

The Flash Memory page displays the messages that were stored in the Flash memory, in chronological order. The minimum severity for logging is configured in the Log Settings page. Flash logs remain when the device is rebooted. You can clear the logs manually.

To view the Flash logs, click Status and Statistics> View Log> Flash Memory.

This page contains the following fields:

Log Index—Logentry number.

Log Time—Timewhen message was generated.

Severity—Eventseverity.

Description—Messagetext describing the event.

To clear the messages, click Clear Logs. The messages are cleared.

Cisco Small Business 300 Series Managed Switch Administration Guide

32

3

Administration: System Log

 

 

Viewing Memory Logs

 

 

 

 

33

Cisco Small Business 300 Series Managed Switch Administration Guide

4

Administration: File Management

This section describes how system files are managed.

The following topics are covered:

System Files

Upgrade/Backup Firmware/Language

Active Image

Download/Backup Configuration/Log

Configuration Files Properties

Copy/Save Configuration

DHCP Auto Configuration

System Files

System files are files that contain configuration information, firmware images or boot code.

Various actions can be performed with these files, such as: selecting the firmware file from which the device boots, copying various types of configuration files internally on the device, or copying files to or from an external device, such as an external server.

The possible methods of file transfer are:

Internal copy.

HTTP/HTTPS that uses the facilities that the browser provides.

TFTF/SCP client, requiring a TFTP/SCP server.

Cisco Small Business 300 Series Managed Switch Administration Guide

34

4

Administration: File Management

 

 

System Files

 

 

 

 

Configuration files on the device are defined by their type, and contain the settings and parameter values for the device.

When a configuration is referenced on the device, it is referenced by its configuration file type (such as Startup Configuration or Running Configuration), as opposed to a file name that can be modified by the user.

Content can be copied from one configuration file type to another, but the names of the file types cannot be changed by the user.

Other files on the device include firmware, boot code, and log files, and are referred to as operational files.

The configuration files are text files and can be edited in a text editor, such as

Notepad after they are copied to an external device, such as a PC.

Files and File Types

The following types of configuration and operational files are found on the device:

Running Configuration—Containsthe parameters currently being used by the device to operate. This is the only file type that is modified when you change parameter values on the device.

If the device is rebooted, the Running Configuration is lost. The Startup Configuration, stored in Flash, overwrites the Running Configuration, stored in RAM.

To preserve any changes you made to the device, you must save the Running Configuration to the Startup Configuration, or another file type.

Startup Configuration—Theparameter values that were saved by copying another configuration (usually the Running Configuration) to the Startup Configuration.

The Startup Configuration is retained in Flash and is preserved when the device is rebooted. At this time, the Startup Configuration is copied to RAM and identified as the Running Configuration.

Mirror Configuration—Acopy of the Startup Configuration, created by the device when the following conditions exist:

-The device has been operating continuously for 24 hours.

-No configuration changes have been made to the Running Configuration in the previous 24 hours.

-The Startup Configuration is identical to the Running Configuration.

35

Cisco Small Business 300 Series Managed Switch Administration Guide

Administration: File Management

4

 

System Files

 

 

 

 

 

Only the system can copy the Startup Configuration to the Mirror Configuration. However, you can copy from the Mirror Configuration to other file types or to another device.

The option of automatically copying the Running Configuration to the mirror configuration can be disabled in the Configuration Files Properties page.

Backup Configuration—Amanual copy of a configuration file used for protection against system shutdown or for the maintenance of a specific operating state. You can copy the Mirror Configuration, Startup Configuration, or Running Configuration to a Backup Configuration file. The Backup Configuration exists in Flash and is preserved if the device is rebooted.

Firmware—Theprogram that controls the operations and functionality of the device. More commonly referred to as theimage.

Boot Code—Controlsthe basic system startup and launches the firmware image.

Language File—Thedictionary that enables theweb-basedconfiguration utility windows to be displayed in the selected language.

Flash Log—SYSLOGmessages stored in Flash memory.

File Actions

The following actions can be performed to manage firmware and configuration files:

Upgrade the firmware or boot code, or replace a second language, as described in Upgrade/Backup Firmware/Language section.

View the firmware image currently in use or select the image to be used in the next reboot as described in the Active Image section.

Save configuration files on the device to a location on another device as described in the Download/Backup Configuration/Log section.

Clear the Startup Configuration or Backup Configuration file types as described in the Configuration Files Properties section.

Copy one configuration file type to another configuration file type as described in the Copy/Save Configuration section.

Enable automatically uploading a configuration file from a DHCP server to the device, as described in the DHCP Auto Configuration section.

Cisco Small Business 300 Series Managed Switch Administration Guide

36

4

Administration: File Management

 

 

Upgrade/Backup Firmware/Language

 

 

 

 

This section covers the following topics:

Upgrade/Backup Firmware/Language

Active Image

Download/Backup Configuration/Log

Configuration Files Properties

Copy/Save Configuration

DHCP Auto Configuration

Upgrade/Backup Firmware/Language

The Upgrade/Backup Firmware/Languageprocess can be used to:

Upgrade or backup the firmware image.

Upgrade or backup the boot code.

Import or upgrade a second language file.

The following methods for transferring files are supported:

HTTP/HTTPS that uses the facilities provided by the browser

TFTP that requires a TFTP server

Secure Copy Protocol (SCP) that requires an SCP server

If a new language file was loaded onto the device, the new language can be selected from the drop-downmenu. (It is not necessary to reboot the device).

There are two firmware images stored on the device. One of the images is identified as the active image and other image is identified as theinactive image.

When you upgrade the firmware, the new image always replaces the image identified as the inactive image.

Even after uploading new firmware on the device, the device continues to boot by using the active image (the old version) until you change the status of the new image to be the active image by using the procedure in the Active Image section. Then boot the device.

37

Cisco Small Business 300 Series Managed Switch Administration Guide

Administration: File Management

4

 

Upgrade/Backup Firmware/Language

 

 

 

 

 

Upgrade/Backing Firmware or Language File

To upgrade or backup a software image or language file:

STEP 1 Click Administration> File Management> Upgrade/Backup Firmware/ Language.

STEP 2 Click the Transfer Method. Proceed as follows:

If you selected TFTP, go to STEP 3.

If you selected via HTTP/HTTPS, go to STEP 4.

If you selected via SCP, go to STEP 5.

STEP 3 If you selected via TFTP, enter the parameters as described in this step. Otherwise, skip toSTEP 4.

Select one of the following Save Actions:

Upgrade—Specifiesthat the file type on the device is to be replaced with a new version of that file type located on a TFTP server.

Backup—Specifiesthat a copy of the file type is to be saved to a file on another device.

Enter the following fields:

File Type—Selectthe destination file type. Only valid file types are shown. (The file types are described in theFiles and File Types section).

TFTP Server Definition—Selectwhether to specify the TFTP server by IP address or domain name.

IP Version—Selectwhether an IPv4 or an IPv6 address is used.

IPv6 Address Type—Selectthe IPv6 address type (if IPv6 is used). The options are:

-Link Local—TheIPv6 address uniquely identifies hosts on a single network link. A link local address has a prefix of FE80, is not routable, and can be used for communication only on the local network. Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration.

-Global—TheIPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks.

Cisco Small Business 300 Series Managed Switch Administration Guide

38

4

Administration: File Management

 

 

Upgrade/Backup Firmware/Language

 

 

 

 

Link Local Interface—Selectthe link local interface (if IPv6 is used) from the list.

TFTP Server IP Address/Name—Enterthe IP address or the domain name of the TFTP server.

(For Upgrade) Source File Name—Enterthe name of the source file.

(For Backup) Destination File Name—Enterthe name of the backup file.

STEP 4 If you selected viaHTTP/HTTPS, you can only Upgrade. Enter the parameters as described in this step.

File Type—Selectone of the following file types:

-Firmware Image—Selectthis to upgrade the firmware image.

-Language—Selectthis to upgrade the language file.

File Name—ClickBrowse to select a file or enter the path and source file name to be used in the transfer.

STEP 5 If you selected viaSCP (Over SSH), seeSSH Client Authentication for instructions. Then, enter the following fields: (only unique fields are described, fornon-uniquefields, see the descriptions above)

Remote SSH Server Authentication—Toenable SSH server authentication (which is disabled by default), click Edit. This takes you to theSSH Server Authentication page to configure the SSH server, and return to this page.

Use the SSH Server Authentication page to select an SSH user authentication method (password or public/private key), set a username and password on the device (if the password method is selected), and generate an RSA or DSA key if required.

SSH Client Authentication—Clientauthentication can be done in one of the following ways:

Use SSH Client System Credentials—Sets permanent SSH user credentials. Click System Credentialsto go to the SSH User Authentication page where the user/password can be set once for all future use.

Use SSH Client One-TimeCredentials—Enter the following:

-Username—Entera username for this copy action.

-Password—Entera password for this copy.

NOTE The username and password forone-timecredential will not saved in configuration file.

39

Cisco Small Business 300 Series Managed Switch Administration Guide

Administration: File Management

4

 

Upgrade/Backup Firmware/Language

 

 

 

 

 

Select one of the following Save Actions:

Upgrade—Specifiesthat the file type on the device is to be replaced with a new version of that file type located on a TFTP server.

Backup—Specifiesthat a copy of the file type is to be saved to a file on another device.

Enter the following fields:

File Type—Selectthe destination file type. Only valid file types are shown. (The file types are described in theFiles and File Types section).

SCP Server Definition—Selectwhether to specify the SCP server by IP address or by domain name.

IP Version—Selectwhether an IPv4 or an IPv6 address is used.

IPv6 Address Type—Selectthe IPv6 address type (if used). The options are:

-Link Local—TheIPv6 address uniquely identifies hosts on a single network link. A link local address has a prefix ofFE80, is not routable, and can be used for communication only on the local network. Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration.

-Global—TheIPv6 address is a global Unicast IPv6 type that is visible and reachable from other networks.

Link-Local Interface—Selectthe link local interface from the list.

SCP Server IP Address/Name—Enterthe IP address or domain name of the SCP server.

(For Upgrade) Source File Name—Enterthe name of the source file.

(For Backup) Destination File Name—Enter the name of the backup file.

STEP 6 ClickApply. If the files, passwords and server addresses are correct, one of the following may happen:

If SSH server authentication is enabled (in the SSH Server Authentication page), and the SCP server is trusted, the operation succeeds. If the SCP server is not trusted, the operation fails and an error is displayed.

Cisco Small Business 300 Series Managed Switch Administration Guide

40

4

Administration: File Management

 

 

Active Image

 

 

 

 

If SSH server authentication is not enabled, the operation succeeds for any SCP server.

Active Image

There are two firmware images stored on the device. One of the images is identified as the active image and other image is identified as theinactive image. The device boots from the image you set as theactive image. You can change the image identified as theinactive image to theactive image. (You can reboot the device by using the process described in theRebooting the Device section).

To select the active image:

STEP 1 Click Administration> File Management> Active Image.

The page displays the following:

Active Image—Displaysthe image file that is currently active on the device.

Active Image Version Number—Displaysthe firmware version of the active image.

Active Image After Reboot—Displaysthe image that is active after reboot.

Active Image Version Number After Reboot—Displays the firmware version of the active image as it be after reboot.

STEP 2 Select the image from theActive Image After Reboot menu to identify the firmware image that is used as the active image after the device is rebooted. The

Active Image Version Number After Reboot displays the firmware version of the active image that is used after the device is rebooted.

STEP 3 ClickApply. The active image selection is updated.

Download/Backup Configuration/Log

The Download/Backup Configuration/Log page enables:

Backing up configuration files or logs from the device to an external device.

41

Cisco Small Business 300 Series Managed Switch Administration Guide

Administration: File Management

4

 

Download/Backup Configuration/Log

 

 

 

 

 

Restoring configuration files from an external device to the device.

When restoring a configuration file to the Running Configuration, the imported file adds any configuration commands that did not exist in the old file andoverwrites any parameter values in the existing configuration commands.

When restoring a configuration file to the Startup Configuration or a backup configuration file, the new file replaces the previous file.

When restoring to Startup Configuration, the device must be rebooted for the restored Startup Configuration to be used as the Running Configuration. You can reboot the device by using the process described in the Rebooting the Device section.

Configuration File Backwards Compatibility

When restoring configuration files from an external device to the device, the following compatibility issues might arise:

Change Queues Mode from 4 to 8—Queue-relatedconfigurations must be examined and adjusted to meet QoS objectives with the new Queues mode. See theCLI Reference Guide for a listing of these QoS commands.

Change Queues Mode from 8 to 4—Queue-related configuration commands that conflict with the new Queues mode are rejected, meaning that the download of the configuration file fails. Use the System Mode and Stack Management page to change the Queues mode.

Change the System Mode—Ifthe System mode is contained in a configuration file that is downloaded to the device, and the file's System mode matches the current System mode, this information is ignored. Otherwise, if the System mode is changed, the following cases are possible:

-If the configuration file is downloaded onto the device (using the Download/Backup Configuration/Log page), the operation is aborted, and a message is displayed indicating that the System mode must be changed in the System Mode and Stack Management page.

-If the configuration file is downloaded during an automatic configuration process, the Startup Configuration file is deleted and the device reboots automatically in the new System mode. The device is configured with an empty configuration file. See DHCP Auto Configuration.

See Configuration After Reboot for a description of what happens when the stacking modes are changed.

Cisco Small Business 300 Series Managed Switch Administration Guide

42

4

Administration: File Management

 

 

Download/Backup Configuration/Log

 

 

 

 

Downloading or Backing-upa Configuration or Log File

To backup or restore the system configuration file:

STEP 1 Click Administration> File Management> Download/Backup Configuration/ Log.

STEP 2 Select the Transfer Method.

STEP 3 If you selectedvia TFTP, enter the parameters. Otherwise, skip toSTEP 4.

Select either Download or Backup as the Save Action.

Download Save Action—Specifiesthat the file on another device replaces a file type on the device. Enter the following fields:

a.Server Definition—Selectwhether to specify the TFTP server by IP address or by domain name.

b.IP Version—Selectwhether an IPv4 or an IPv6 address is used.

NOTE If the server is selected by name in the Server Definition, there is no need to select the IP Version related options.

c.IPv6 Address Type—Selectthe IPv6 address type (if used). The options are:

-Link Local—TheIPv6 address uniquely identifies hosts on a single network link. A link local address has a prefix ofFE80, is not routable, and can be used for communication only on the local network. Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration.

-Global—TheIPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks.

d.Link-Local Interface—Selectthe link local interface from the list.

e.TFTP Server—Enterthe IP address of the TFTP server.

f.Source File Name—Enterthe source file name. File names cannot contain slashes (\ or /), cannot start with a period (.), and must include between 1 and 160 characters. (Valid characters:A-Z,a-z,0-9,“.”,“-”,“_”).

g.Destination File Type—Enterthe destination configuration file type. Only valid file types are displayed. (The file types are described in theFiles and File Types section).

43

Cisco Small Business 300 Series Managed Switch Administration Guide

Administration: File Management

4

 

Download/Backup Configuration/Log

 

 

 

 

 

Backup Save Action—Specifiesthat a file type is to be copied to a file on another device. Enter the following fields:

a.Server Definition—Selectwhether to specify the TFTP server by IP address or by domain name.

b.IP Version—Selectwhether an IPv4 or an IPv6 address is used.

c.IPv6 Address Type—Selectthe IPv6 address type (if used). The options are:

Link Local—TheIPv6 address uniquely identifies hosts on a single network link. A link local address has a prefix ofFE80, is not routable, and can be used for communication only on the local network. Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration.

Global—TheIPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks.

d.Link-Local Interface—Selectthe link local interface from the list.

e.TFTP Server IP Address/Name—Enterthe IP address or domain name of the TFTP server.

f.Source File Type—Enterthe source configuration file type. Only valid file types are displayed. (The file types are described in theFiles and File Types section).

g.Sensitive Data—Selecthow sensitive data should be included in the backup file. The following options are available:

-Exclude—Donot include sensitive data in the backup.

-Encrypted—Includesensitive data in the backup in its encrypted form.

-Plaintext—Includesensitive data in the backup in its plaintext form.

NOTE The available sensitive data options are determined by the current user SSD rules. For details, refer to Secure Sensitive Data Management > SSD Rules page.

h.Destination File Name—Enterthe destination file name. File names cannot contain slashes (\ or /), the leading letter of the file name must not be a period (.), and the file name must be between 1 and 160 characters. (Valid characters:A-Z,a-z,0-9,“.”,“-”,“_”).

i.Click Apply. The file is upgraded or backed up.

Cisco Small Business 300 Series Managed Switch Administration Guide

44

4

Administration: File Management

 

 

Download/Backup Configuration/Log

 

 

 

 

STEP 4 If you selected via HTTP/HTTPS, enter the parameters as described in this step.

Select the Save Action.

If Save Action isDownload (replacing the file on the device with a new version from another device), do the following. Otherwise, go to the next procedure in this step.

a.Source File Name—ClickBrowse to select a file or enter the path and source file name to be used in the transfer.

b.Destination File Type—Selectthe configuration file type. Only valid file types are displayed. (The file types are described in theFiles and File Types section).

c.Click Apply. The file is transferred from the other device to the device.

If Save Action isBackup (copying a file to another device), do the following:

a.Source File Type—Selectthe configuration file type. Only valid file types are displayed. (The file types are described in theFiles and File Types section).

b.Sensitive Data—Selecthow sensitive data should be included in the backup file. The following options are available:

-Exclude—Donot include sensitive data in the backup.

-Encrypted—Includesensitive data in the backup in its encrypted form.

-Plaintext—Includesensitive data in the backup in its plaintext form.

NOTE The available sensitive data options are determined by the current user SSD rules. For details, refer to Secure Sensitive Data Management > SSD Rules page.

c. Click Apply. The file is upgraded or backed up.

STEP 5 If you selected via SCP (Over SSH), see SSH Client Configuration Through the GUI for instructions. Then enter the following fields:

Remote SSH Server Authentication—Toenable SSH server authentication (it is disabled by default), click Edit, which takes you to theSSH Server Authentication page to configure this, and return to this page. Use theSSH Server Authentication page to select an SSH user authentication method (password or public/private key), set a username and password on the device, if the password method is selected, and generate an RSA or DSA key if required.

45

Cisco Small Business 300 Series Managed Switch Administration Guide

Administration: File Management

4

 

Download/Backup Configuration/Log

 

 

 

 

 

SSH Client Authentication—Clientauthentication can be done in one of the following ways:

Use SSH Client—Setspermanent SSH user credentials. ClickSystem Credentials to go to the SSH User Authentication page where the user/ password can be set once for all future use.

Use SSH Client One-TimeCredentials—Enterthe following:

-Username—Entera username for this copy action.

-Password—Entera password for this copy.

SCP Server Definition—Selectwhether to specify the TFTP server by IP address or by domain name.

IP Version—Selectwhether an IPv4 or an IPv6 address is used.

IPv6 Address Type—Selectthe IPv6 address type (if used). The options are:

-Link Local—TheIPv6 address uniquely identifies hosts on a single network link. A link local address has a prefix ofFE80, is not routable, and can be used for communication only on the local network. Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration.

-Global—TheIPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks.

Link-Local Interface—Selectthe link local interface from the list.

SCP Server IP Address/Name—Enterthe IP address or domain name of the TFTP server.

If Save Action isDownload (replacing the file on the device with a new version from another device), enter the following fields.

Source File Name—Enterthe name of the source file.

Destination File Type—Selectthe configuration file type. Only valid file types are displayed. (The file types are described in theFiles and File Types section).

Cisco Small Business 300 Series Managed Switch Administration Guide

46

4

Administration: File Management

 

 

Configuration Files Properties

 

 

 

 

If Save Action isBackup (copying a file to another device), enter the following fields (in addition to those fields listed above):

Source File Type—Selectthe configuration file type. Only valid file types are displayed. (The file types are described in theFiles and File Types section).

Sensitive Data—Selecthow sensitive data should be included in the backup file. The following options are available:

-Exclude—Donot include sensitive data in the backup.

-Encrypted—Includesensitive data in the backup in its encrypted form.

-Plaintext—Includesensitive data in the backup in its plaintext form.

NOTE The available sensitive data options are determined by the current user SSD rules. For details, refer to Secure Sensitive Data Management > SSD Rules page.

Destination File Name—Nameof file being copied to.

STEP 6 ClickApply. The file is upgraded or backed up.

Configuration Files Properties

The Configuration Files Properties page allows you to see when various system configuration files were created. It also enables deleting the Startup Configuration and Backup Configuration files. You cannot delete the other configuration file types.

ITo set whether mirror configuration files will be created, clear configuration files and see when configuration files were created:

STEP 1 Click Administration> File Management> Configuration Files Properties.

STEP 2 If required, disableAuto Mirror Configuration. This disables the automatic creation of mirror configuration files. When disabling this feature, the mirror configuration file, if it exists, is deleted. SeeSystem Files for a description of mirror files and why you might not want to automatically create mirror configuration files.

47

Cisco Small Business 300 Series Managed Switch Administration Guide

Administration: File Management

4

 

Copy/Save Configuration

 

 

 

 

 

STEP 3 If required, select either the Startup Configuration, Backup Configuration or both and clickClear Files to delete these files.

This page provides the following fields:

Configuration File Name—Displaysthe type of file.

Creation Time—Displaysthe date and time that file was modified.

Copy/Save Configuration

When you click Apply on any window, changes that you made to the device configuration settings are storedonly in the Running Configuration. To preserve the parameters in the Running Configuration, the Running Configuration must be copied to another configuration type or saved on another device.

!

CAUTION Unless the Running Configuration is copied to the Startup Configuration or another configuration file, all changes made since the last time the file was copied are lost when the device is rebooted.

The following combinations of copying internal file types are allowed:

From the Running Configuration to the Startup Configuration or Backup Configuration.

From the Startup Configuration to the Running Configuration, Startup Configuration or Backup Configuration.

From the Backup Configuration to the Running Configuration, Startup Configuration or Backup Configuration.

From the Mirror Configuration to the Running Configuration, Startup Configuration or Backup Configuration.

To copy one type of configuration file to another type of configuration file:

STEP 1 Click Administration> File Management> Copy/Save Configuration.

STEP 2 Select theSource File Name to be copied. Only valid file types are displayed (described in theFiles and File Types section).

Cisco Small Business 300 Series Managed Switch Administration Guide

48

4

Administration: File Management

 

 

DHCP Auto Configuration

 

 

 

 

STEP 3 Select theDestination File Name to be overwritten by the source file.

If you are backing up a configuration file, select one of the following formats for the backup file.

-Exclude—Sensitivedata is not included in the backup file.

-Encrypted—Sensitivedata is included in the backup file in encrypted form.

-Plaintext—Sensitivedata is included in the backup file in plain text.

NOTE The available sensitive data options are determined by the current user SSD rules. For details, refer to Secure Sensitive Data Management > SSD Rules page.

STEP 4 The Save Icon Blinking field indicates whether an icon blinks when there is unsaved data. To disable/enable this feature, click Disable/Enable Save Icon Blinking.

STEP 5 ClickApply. The file is copied.

DHCP Auto Configuration

Auto configuration enables passing configuration information to hosts on a TCP/IP network. Based on this protocol, the Auto Configuration feature enables a device to download configuration files from a TFTP/SCP server.

The device can be configured as a DHCPv4 client in which auto configuration from a DHCPv4 server is supported and/or a DHCPv6 client in which auto configuration from a DHCPv6 server is supported.

By default, the device is enabled as a DHCP client when the Auto Configuration feature is enabled.

The Auto Configuration process also supports downloading a configuration file that includes sensitive information, such as RADIUS server keys and SSH/SSL keys, by using the Secured Copy Protocol (SCP) and the Secure Sensitive Data (SSD) feature (See Security: Secure Sensitive Data Management).

DHCPv4 Auto Configuration is triggered in the following cases:

49

Cisco Small Business 300 Series Managed Switch Administration Guide

Administration: File Management

4

 

DHCP Auto Configuration

 

 

 

 

 

After reboot when an IP address is allocated or renewed dynamically (using DHCPv4).

Upon an explicit DHCPv4 renewal request and if the device and the server are configured to do so.

Upon automatic renewal of the DHCPv4 lease.

DHCPv6 Auto Configuration is triggered when the following conditions are fulfilled:

When a DHCPv6 server sends information to the device. This occurs in the following cases:

-When an interface, which is IPv6 enabled, is defined as a DHCPv6 stateless configuration client.

-When DHCPv6 messages are received from the server (for example, when you press the Restart button on IPv6 Interfaces page,

-When DHCPv6 information is refreshed by the device.

-After rebooting the device when stateless DHCPv6 client is enabled.

When the DHCPv6 server packets contain the configuration filename option.

DHCP Server Options

DHCP messages might contain the configuration server name/address and the configuration file name/path (these are optional options). These options are found in the Offer message coming from the DHCPv4 servers and in theInformation Reply messages coming from DHCPv6 servers.

Backup information (configuration server name/address and configuration file name/path) can be configured in the Auto Configuration page. This information is used when the DHCPv4 message does not contain this information (but it is not used by DHCPv6).

Auto Configuration Download Protocol (TFTP or SCP)

The Auto Configuration download protocol can be configured, as follows:

Auto By File Extension—(Default)If this option is selected, auser-definedfile extension indicates that files with this extension are downloaded using SCP (over SSH), while files with other extensions are downloaded using TFTP. For example, if the file extension specified is.xyz, files with the.xyz

Cisco Small Business 300 Series Managed Switch Administration Guide

50

4

Administration: File Management

 

 

DHCP Auto Configuration

 

 

 

 

extension are downloaded using SCP, and files with the other extensions are downloaded using TFTP.

TFTP Only—Thedownload is done through TFTP regardless of the file extension of the configuration file name.

SCP Only—Thedownload is done through SCP (over SSH) regardless of the file extension of the configuration file name.

SSH Client Authentication Parameters

By default, remote SSH server authentication is disabled, so that the device accepts any remote SSH server out of the box. You can enable remote SSH server authentication to only allow connections from servers found in the trusted server list.

SSH Client Authentication parameters are required to access the SSH server by the client (which is the device). The default SSH Client authentication parameters are:

SSH Authentication method: by username/password

SSH username: anonymous

SSH password: anonymous

NOTE The SSH Client authentication parameters can also be used when downloading a file for manual download (a download that is not performed through the DHCP Auto Configuration feature).

Auto Configuration Process

When the Auto Configuration process is triggered, the following sequence of events occurs:

The DHCP server is accessed to acquire the TFTP/SCP server name/ address and configuration file name/path (DHCPv4 options: 66,150, and 67, DHCPv6 options: 59 and 60).

If a server and configuration file options were not supplied by the DHCP server, then:

-For DHCPv4: Theuser-defined,backup configuration file name is used.

-For DHCPv6: The process is halted.

51

Cisco Small Business 300 Series Managed Switch Administration Guide

Administration: File Management

4

 

DHCP Auto Configuration

 

 

 

 

 

If the DHCP server did not send these options and the backup TFTP/SCP server address parameter is empty then:

-For DHCPv4:

SCP—TheAuto Configuration process is halted.

TFTP—Thedevice sends TFTP Request messages to a limited Broadcast address (for IPv4) or ALL NODES address (for IPv6) on its IP interfaces and continues the process of Auto Configuration with the first answering TFTP server.

-For DHCPv6: The Auto Configuration process is halted.

If the configuration filename was supplied by the DHCP server (DHCPv4: option 67, DHCPv6: option 60), then the copy protocol (SCP/TFTP) is selected as described in Auto Configuration Download Protocol (TFTP or SCP).

When downloading using SCP, the device accepts any specified SCP/SSH server (without authentication) if either of the following is true:

-The SSH server authentication process is disabled. Note that by default the SSH server authentication is disabled in order to allow downloading configuration file for devices with factory default configuration (for example out-of-boxdevices).

-The SSH Server is configured in the SSH Trusted Servers list.

If the SSH server authentication process is enabled, and the SSH server is not found in the SSH Trusted Servers list, the Auto Configuration process is halted.

If the information is available, the TFTP/SCP server is accessed to download the file from it.

The download process is done only if the new configuration filename is different from the current configuration filename (even if the current configuration file is empty).

A SYSLOG message is generated acknowledging that the Auto Configuration process is completed.

Cisco Small Business 300 Series Managed Switch Administration Guide

52

4

Administration: File Management

 

 

DHCP Auto Configuration

 

 

 

 

Configuring DHCP Auto Configuration

Workflow

To configure DHCP Auto Configuration.

1.Configure the DHCPv4 and/or DHCPv6 servers to send the required options. this process is not described in this guide.

2.Configure Auto Configuration parameters.

3.Define the device as a DHCPv4 client in the Defining an IPv4 Interface in Layer 2 System Mode orDefining IPv4 Interface in Layer 3 System Mode pages, and/or define the device as a DHCPv6 client in theIPv6 Interface page.

Web Configuration

The DHCP Auto Configuration page is used to perform the following actions when the information is not provided in a DHCP message:

Enable the DHCP auto configuration feature.

Specify the download protocol.

Configure the device to receive configuration information from a specific file on a specific server.

Note the following regarding the DHCP auto configuration process:

A configuration file that is placed on the TFTP/SCP server must match the form and format requirements of the supported configuration file. The form and format of the file are checked, but the validity of the configuration parameters is not checked prior to loading it to the Startup Configuration.

In IPv4, to ensure that the device configuration functions as intended, due to allocation of different IP addresses with each DHCP renew cycle, it is recommended that IP addresses be bound to MAC addresses in the DHCP server table. This ensures that each device has its own reserved IP address and other relevant information.

To configure auto configuration:

STEP 1 Click Administration> File Management> DHCP Auto Configuration.

STEP 2 Enter the values.

Auto Configuration Via DHCP—Selectthis field to enable DHCP Auto Configuration. This feature is enabled by default, but can be disabled here.

53

Cisco Small Business 300 Series Managed Switch Administration Guide

Administration: File Management

4

 

DHCP Auto Configuration

 

 

 

 

 

Download Protocol—Selectone of the following options:

-Auto By File Extension—Selectto indicate that auto configuration uses the TFTP or SCP protocol depending on the extension of the configuration file. If this option is selected, the extension of the configuration file does not necessarily have to be given. If it is not given, the default extension is used (as indicated below).

-File Extension for SCP—IfAuto By File Extension is selected, you can indicate a file extension here. Any file with this extension is downloaded using SCP. If no extension is entered, the default file extension.scp is used.

-TFTP Only—Selectto indicate that only the TFTP protocol is to be used for auto configuration.

-SCP Only—Selectto indicate that only the SCP protocol is to be used for auto configuration.

SSH Settings for SCP—Whenusing SCP for downloading the configuration files, select one of the following options:

-Remote SSH Server Authentication—Clickon the Enable/Disable link to navigate to the SSH Server Authentication page. There you can enable authentication of the SSH server to be used for the download and enter the trusted SSH server if required.

-SSH Client Authentication—Clickon the System Credentials link to enter user credentials in the SSH User Authentication page.

STEP 3 Enter the following optional information to be used if no configuration file name was received from the DHCP server.

Backup Server Definition—Select By IP addressor By nameto configure the server.

IP Version—Selectwhether an IPv4 or an IPv6 address is used.

IPv6 Address Type—Selectthe IPv6 address type (if IPv6 is used). The options are:

-Link Local—TheIPv6 address uniquely identifies hosts on a single network link. A link local address has a prefix of FE80, is not routable, and can be used for communication only on the local network. Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration.

Cisco Small Business 300 Series Managed Switch Administration Guide

54

4

Administration: File Management

 

 

DHCP Auto Configuration

 

 

 

 

-Global—TheIPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks.

Link Local Interface—Selectthe link local interface (if IPv6 is used) from the list.

Backup Server IP Address/Name—Enterthe IP address or the name of the server to be used if no server IP address was specified in the DHCP message.

Backup Configuration File Name—Enterthe path and file name of the file to be used if no configuration file name was specified in the DHCP message.

STEP 4 ClickApply. The parameters are copied to the Running Configuration file.

55

Cisco Small Business 300 Series Managed Switch Administration Guide

5

Administration: General Information

This section describes how to view system information and configure various options on the device.

It covers the following topics:

Device Models

System Information

Console Settings (Autobaud Rate Support)Rebootingthe Device

Routing Resources

Monitoring Fan Status

Defining Idle Session Timeout

Pinging a Host

Traceroute

Device Models

All models can be fully managed through the web-basedswitch configuration utility.

In Layer 2 system mode, the device forwards packets as a VLAN-awarebridge. In Layer 3 system mode, the device performs both IPv4 routing andVLAN-awarebridging.

When the device operates in Layer 3 system mode, the VLAN Rate Limit, and QoS policers are not operational. Other QoS Advanced mode features are operational.

NOTE The following port conventions are used:

GE is used for Gigabit Ethernet (10/100/1000) ports.

Cisco Small Business 300 Series Managed Switch Administration Guide

56

5

Administration: General Information

 

 

Device Models

 

 

 

 

FE is used for Fast Ethernet (10/100) ports.

The following table describes the various models, the number and type of ports on them and their PoE information.

Managed Switch Models

Model

Product ID

Description of Ports on Device

Power

No. of

Name

(PID)

 

Dedicated

Portsthat

 

 

 

to PoE

Support

 

 

 

 

PoE

 

 

 

 

 

SG300-10

SRW2008-K9

8 GE ports, and 2 special-purposecombo ports

 

 

 

 

(GE/SFP)

 

 

 

 

 

 

 

SG300-

SRW2008MP

8 GE ports, and 2 special-purposecombo ports

124W

8

10MP

-K9

(GE/SFP)

 

 

 

 

 

 

 

SG300-

SRW2008P-

8 GE ports, and 2 special-purposecombo ports

62W

8

10P

K9

(GE/SFP)

 

 

 

 

 

 

 

SG300-20

SRW2016-K9

16 GE ports, and 4 special purpose ports - 2

N/A

N/A

 

 

uplinks and 2 combo ports

 

 

 

 

 

 

 

SG300-28

SRW2024-K9

24 GE ports, and 4 special-purposeports - 2

N/A

N/A

 

 

uplinks and 2 combo-ports

 

 

 

 

 

 

 

SG300-

SRW2024P-

24 GE ports, and 4 special-purposeports - 2

180W

24

28P

K9

uplinks and 2 combo-ports.

 

 

 

 

 

 

 

SG300-52

SRW2048-K9

48 GE ports, and 4 special-purposeports - 2

N/A

N/A

 

 

uplinks and 2 combo-ports

 

 

 

 

 

 

 

SF300-08

SRW208-K9

8 FE ports.

N/A

N/A

 

 

 

 

 

SF302-08

SRW208G-

8 FE ports plus 2 GE ports

N/A

N/A

 

K9

 

 

 

 

 

 

 

 

SF302-

SRW208MP-

8 FE ports plus 2 GE ports

124W

8

08MP

K9

 

 

 

 

 

 

 

 

SF302-

SRW208P-K9

8 FE ports plus 2 GE ports

62W

8

08P

 

 

 

 

 

 

 

 

 

SF300-24

SRW224G4-

24 FE ports plus 4 GE special-purposeports - 2

N/A

N/A

 

K9

uplinks and 2 combo-ports.

 

 

 

 

 

 

 

SF300-

SRW224G4P

24 FE ports plus 4 GE special-purposeports - 2

180W

24

24P

-K9

uplinks and 2 combo-ports.

 

 

 

 

 

 

 

57

Cisco Small Business 300 Series Managed Switch Administration Guide

Administration: General Information

5

 

System Information

 

 

 

 

 

Managed Switch Models (Continued)

Model

Product ID

Description of Ports on Device

Power

No. of

Name

(PID)

 

Dedicated

Portsthat

 

 

 

to PoE

Support

 

 

 

 

PoE

 

 

 

 

 

SF300-48

SRW248G4-

48 FE ports plus 4 GE special-purposeports - 2

N/A

N/A

 

K9

uplinks and 2 combo-ports

 

 

 

 

 

 

 

SF300-

SRW248G4P

48 FE ports plus 4 GE special-purposeports - 2

375W

48

48P

-K9

uplinks and 2 combo-ports

 

 

 

 

 

 

 

SG300-

SG300-

52-PortGigabit PoE Managed Switch

740W

48

52MP

52MP-K9

 

 

 

 

 

 

 

 

SG300-

SG300-

10-PortGigabit Managed SFP Switch

N/A

N/A

10SFP

10SFP-K9

 

 

 

 

 

 

 

 

ESW2-

ESW2-350G-

52-PortGigabit Managed Switch

N/A

N/A

350G-52

52-K9

 

 

 

 

 

 

 

 

ESW2-

ESW2-350G-

52-PortGigabit Managed Switch

N/A

N/A

350G-

52DC-K9

 

 

 

52DC

 

 

 

 

 

 

 

 

 

SF300-

SF300-24M-

24-Port10/100 PoE Managed Switch

375W

24

24MP

K9

 

 

 

 

 

 

 

 

SG300-

SRW2024P-

28-PortGigabit PoE Managed Switch

375W

24

28MP

K9

 

 

 

 

 

 

 

 

System Information

The System Summary page provides a graphic view of the device, and displays device status, hardware information, firmware version information, general PoE status, and other items.

Displaying the System Summary

To view system information, click Status and Statistics >System Summary.

The System Summary page contains system and hardware information.

Cisco Small Business 300 Series Managed Switch Administration Guide

58

5

Administration: General Information

 

 

System Information

 

 

 

 

System Information:

System Description—Adescription of the system.

System Location—Physicallocation of the device. ClickEdit to go the System Settings page to enter this value.

System Contact—Nameof a contact person. ClickEdit to go the System Settings page to enter this value.

Host Name—Nameof the device. ClickEdit to go the System Settings page to enter this value. By default, the device hostname is composed of the worddevice concatenated with the three least significant bytes of the device MAC address (the six furthest right hexadecimal digits).

System Uptime—Timethat has elapsed since the last reboot.

Current Time—Currentsystem time.

Base MAC Address—DeviceMAC address.

Jumbo Frames—Jumboframe support status. This support can be enabled or disabled by using the Port Settings page of the Port Management menu.

NOTE Jumbo frames support takes effect only after it is enabled, and after the device is rebooted.

TCP/UDP Services Status:

HTTP Service—Displayswhether HTTP is enabled/disabled.

HTTPS Service—Displayswhether HTTPS is enabled/disabled.

SNMP Service—Displayswhether SNMP is enabled/disabled.

Telnet Service—Displayswhether Telnet is enabled/disabled.

SSH Service—Displayswhether SSH is enabled/disabled.

Other Summary Information:

Model Description—Devicemodel description.

Serial Number—Serialnumber.

PID VID—Partnumber and version ID.

59

Cisco Small Business 300 Series Managed Switch Administration Guide

Administration: General Information

5

 

System Information

 

 

 

 

 

Firmware Version (Active Image)—Firmwareversion number of the active image.

Firmware MD5 Checksum (Active Image)—MD5 checksum of the active image.

Firmware Version (Non-activeImage)—Firmware version number of the non-active image.

Firmware MD5 Checksum (Non-activeImage)—MD5 checksum of the non-active image.

Boot Version—Bootversion number.

Boot MD5 Checksum—MD5checksum of the boot version.

Locale—Localeof the first language. (This is always English).

Language Version—Languagepackage version of the first or English language.

Language MD5 Checksum—MD5checksum of the language file.

PoE Power Information:

Maximum Available PoE Power (W)—Maximumavailable power that can be delivered by the PoE.

Total PoE Power Consumption (W)—Total PoE power delivered to connected PoE devices.

PoE Power Mode—PortLimit or Class Limit.

Configuring the System Settings

To enter system settings:

STEP 1 Click Administration> System Settings.

STEP 2 View or modify the system settings.

System Description—Displaysa description of the device.

System Location—Enterthe location where the device is physically located.

System Contact—Enterthe name of a contact person.

Cisco Small Business 300 Series Managed Switch Administration Guide

60

5

Administration: General Information

 

 

Console Settings (Autobaud Rate Support)

 

 

 

 

Host Name—Selectthe host name of this device. This is used in the prompt of CLI commands:

-Use Default—Thedefault hostname (System Name) of these switches is:switch123456, where 123456 represents the last three bytes of the device MAC address in hex format.

-User Defined—Enterthe hostname. Use only letters, digits, and hyphens. Host names cannot begin or end with a hyphen. No other symbols, punctuation characters, or blank spaces are permitted (as specified in RFC1033, 1034, 1035).

System Mode—Selectthe system mode of this device.

NOTE If you change the system mode after clickingApply, the system will require a reboot, and the startup configuration file will be gone after the boot.

-L2—Selectto place the device in Layer 2 system mode.

-L3—Selectto place the device in Layer 3 system mode.

Custom Login Screen Settings—Todisplay text on the Login page, enter the text in theLogin Banner text box. ClickPreview to view the results.

NOTE When you define a login banner from theweb-basedconfiguration utility, it also activates the banner for the CLI interfaces (Console, Telnet, and SSH).

STEP 3 ClickApply to save the values in the Running Configuration file.

Console Settings (Autobaud Rate Support)

The console port speed can be set to one of the following speeds: 4800, 9600, 19200, 38400, 57600, and 115200 or to Auto Detection.

Auto Detection enables the device to detect your console speed automatically, so that you are not required to set it explicitly.

When Auto Detection is not enabled, the console port speed is automatically set to the last speed that was set manually at (115,200 by default).

When Auto Detection is enabled but the console baud-ratewas not yet discovered, the system uses speed 115,200 for displaying text (for example, theboot-upinformation).

61

Cisco Small Business 300 Series Managed Switch Administration Guide

Administration: General Information

5

 

Rebooting the Device

 

 

 

 

 

After Auto Detection is enabled in the Console Settings page, it can be activated by connecting the console to the device and press the Enter key twice. The device detects the baud rate automatically.

To enable Auto Detection or to manually set the baud rate of the console:

STEP 1 Click Administration> Console Settings.

STEP 2 Select one of the following:

Auto Detection—Theconsole baud rate is detected automatically.

Static—Selectone of the available speeds.

Rebooting the Device

Some configuration changes, such as enabling jumbo frame support, require the system to be rebooted before they take effect. However, rebooting the device deletes the Running Configuration, so it is critical that the Running Configuration is saved to the Startup Configuration before the device is rebooted. Clicking Apply does not save the configuration to the Startup Configuration. For more information on files and file types, see theSystem Files section.

You can back up the configuration by using Administration > File Management > Copy/Save Configuration or clickingSave at the top of the window. You can also upload the configuration from a remote device. See theDownload/Backup Configuration/Log section.

There are cases when you might prefer to set the time of the reboot for some time in the future. This could happen for example in one of the following cases:

You are performing actions on a remote device, and these actions might create loss of connectivity to the remote device. Pre-schedulinga reboot restores the working configuration and enables restoring the connectivity to the remote device. If these actions are successful, the delayed reboot can be cancelled.

Reloading the device cause loss of connectivity in the network, thus by using delayed reboot, you can schedule the reboot to a time that is more convenient for the users (e.g. late night).

Cisco Small Business 300 Series Managed Switch Administration Guide

62

5

Administration: General Information

 

 

Rebooting the Device

 

 

 

 

To reboot the device:

STEP 1 Click Administration> Reboot.

STEP 2 Click one of the Reboot buttons to reboot the device.

Reboot—Rebootsthe device. Since any unsaved information in the Running Configuration is discarded when the device is rebooted, you must clickSave in theupper-rightcorner of any window to preserve current configuration across the boot process. If the Save option is not displayed, the Running Configuration matches the Startup Configuration and no action is necessary.

The following options are available:

-Immediate—Rebootimmediately.

-Date—Enterthe date (month/day) and time (hour and minutes) of the schedule reboot. This schedules a reload of the software to take place at the specified time (using a24-hourclock). If you specify the month and day, the reload is scheduled to take place at the specified time and date. If you do not specify the month and day, the reload takes place at the specified time on the current day (if the specified time is later than the current time) or on the next day (if the specified time is earlier than the current time). Specifying 00:00 schedules the reload for midnight. The reload must take place within 24 days.

NOTE This option can only be used if the system time has either been set manually or by SNTP.

-In—Rebootwithin the specified number of hours and minutes. The maximum amount of time that can pass is 24 days.

Reboot to Factory Defaults—Rebootsthe device by using the factory default configuration. This process erases the Startup Configuration file and the backup configuration file.

The mirror configuration file is not deleted when restoring to factory defaults.

Clear Startup Configuration File—Checkto clear the startup configuration on the device for the next time it boots up.

NOTE Clearing the Startup Configuration File and Rebooting is not the same as Rebooting to Factory Defaults. Rebooting to Factory Defaults is more intrusive.

63

Cisco Small Business 300 Series Managed Switch Administration Guide

Administration: General Information

5

 

Routing Resources

 

 

 

 

 

Routing Resources

Use the Router Resources page to display TCAM allocation and modify total

TCAM size. TCAM entries are divided into the following groups:

IP Entries—TCAMentries reserved for IP static routes, IP addresses on the device, and IP hosts. Each type generates the following number of TCAM entries:

-IPv4 static routes—Oneentry per route

-IP Addresses—Twoentries per IP address

-IP Hosts—Oneentry per host

Non-IP Entries—TCAMentries reserved for other applications, such as ACL rules, CoS policers, and VLAN rate limits.

To view and modify router resources:

STEP 1 Click Administration> Router Resources.

The following fields are displayed:

NeighborsCount is the number of neighbors recorded on the device andTCAM Entries is the total number of TCAM entries being used for neighbors.

InterfacesCount is the number of IP addresses on interfaces on the device andTCAM Entries is the total number of TCAM entries being used for the IP addresses.

RoutesCount is the number of routes recorded on the device andTCAM Entries is the total number of TCAM entries being used for the routes.

Total—Displaysthe number of TCAM entries which are currently being used.

Maximum Entries—Selectone of the following options:

-Use Default—Thenumber of TCAM entries available for IP entries is 25% of the TCAM size (128).

-User Defined—Entera value up to 512 entries.

Cisco Small Business 300 Series Managed Switch Administration Guide

64

5

Administration: General Information

 

 

Monitoring Fan Status

 

 

 

 

You must save your current configuration before changing the TCAM Allocation

Settings.

NOTE A summary of the TCAM entries actually in use and available is displayed at the bottom of this page. For an explanation of the fields, see

Viewing TCAM Utilization[.

STEP 2 Save the new settings by clickingApply. This checks the feasibility of the TCAM allocation. If it is incorrect, an error message is displayed. If it is correct, the allocation is saved to the Running Configuration file and a reboot is performed.

Monitoring Fan Status

The Health page displays the fan status on all devices with fans. Depending on the model, there are one or more fans on a device. Some models have no fans at all.

On devices on which a temperature sensor is assembled, for protecting the device hardware in case it overheats, the following actions are performed by the device if it overheats and during the cool down period after overheating:

Event

Action

 

 

At least one temperature

The following are generated:

sensor exceeds the

SYSLOG message

Warning threshold

 

 

 

SNMP trap

 

 

 

65

Cisco Small Business 300 Series Managed Switch Administration Guide

Administration: General Information

5

 

Monitoring Fan Status

 

 

 

 

 

Event

Action

 

 

At least one temperature

The following are generated:

sensor exceeds the Critical

SYSLOG message

threshold

 

 

 

SNMP trap

 

The following actions are performed:

 

System LED is set to solid amber (if hardware

 

 

supports this).

 

Disable Ports — When the Critical

 

 

temperature has been exceeded for two

 

 

minutes, all ports will be shut down.

 

(On devices that support PoE) Disable the

 

 

PoE circuitry so that less power is consumed

 

 

and less heat is emitted.

 

 

Cool down period after the

After all the sensors cool down to Warning

Critical threshold was

Threshold minus 2 degree C, the PHY will be re-

exceeded (all sensors are

enabled, and all ports brought back up.

lower than the Warning

If FAN status is OK, the ports are enabled.

threshold - 2 °C).

 

 

 

(On devices that support PoE) the PoE circuitry is

 

enabled.

 

 

 

To view the device health parameters, click Status and Statistics >Health.

The Health page displays the following fields:

Fan Status—Fanstatus. The following values are possible:

-OK—Fanis operating normally.

-Fail—Fanis not operating correctly.

-N/A—FanID is not applicable for the specific model.

Fan Direction—(Onrelevant devices) The direction that the fans are working in (for example: Front to Back).

Cisco Small Business 300 Series Managed Switch Administration Guide

66

5

Administration: General Information

 

 

Defining Idle Session Timeout

 

 

 

 

Defining Idle Session Timeout

The Idle Session Timeout configures the time intervals that the management sessions can remain idle before they timeout and you must log in again to reestablish one of the following sessions:

HTTP Session Timeout

HTTPS Session Timeout

Console Session Timeout

Telnet Session Timeout

SSH Session Timeout

To set the idle session timeout for various types of sessions:

STEP 1 Click Administration> Idle Session Timeout.

STEP 2 Select the timeout for the each session from the corresponding list. The default timeout value is 10 minutes.

STEP 3 ClickApply to set the configuration settings on the device.

Pinging a Host

Ping is a utility used to test if a remote host can be reached and to measure the round-triptime for packets sent from the device to a destination device.

Ping operates by sending Internet Control Message Protocol (ICMP) echo request packets to the target host and waiting for an ICMP response, sometimes called a pong. It measures the round-triptime and records any packet loss.

To ping a host:

STEP 1 Click Administration > Ping.

STEP 2 Configure ping by entering the fields:

Host Definition—Selectwhether to specify hosts by their IP address or name.

67

Cisco Small Business 300 Series Managed Switch Administration Guide

Administration: General Information

5

 

Pinging a Host

 

 

 

 

 

IP Version—Ifthe host is identified by its IP address, select either IPv4 or IPv6 to indicate that it will be entered in the selected format.

IPv6 Address Type—SelectLink Local or Global as the type of IPv6 address to enter.

-Link Local—TheIPv6 address uniquely identifies hosts on a single network link. A link local address has a prefix ofFE80, is not routable, and can be used for communication only on the local network. Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration.

-Global—TheIPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks.

Link Local Interface—Ifthe IPv6 address type is Link Local, select from where it is received.

Host IP Address/Name—Addressor host name of the device to be pinged. Whether this is an IP address or host name depends on the Host Definition.

Ping Interval—Lengthof time the system waits between ping packets. Ping is repeated the number of times configured in the "Number of Pings" field, whether the ping succeeds or not. Choose to use the default interval or specify your own value.

Number of Pings—Thenumber of times the ping operation is performed. Choose to use the default or specify your own value.

Status—Displayswhether the ping succeeded or failed.

STEP 3 ClickActivate Ping to ping the host. The ping status appears and another message is added to the list of messages, indicating the result of the ping operation.

STEP 4 View the results of ping in the Ping Counters and Status section of the page.

Cisco Small Business 300 Series Managed Switch Administration Guide

68

5

Administration: General Information

 

 

Traceroute

 

 

 

 

Traceroute

Traceroute discovers the IP routes along which packets were forwarded by sending an IP packet to the target host and back to the device. The Traceroute page shows each hop between the device and a target host, and the round-triptime to each such hop.

STEP 1 Click Administration > Traceroute.

STEP 2 Configure Traceroute by entering information into the following fields:

Host Definition—Selectwhether hosts are identified by their IP address or name.

IP Version—Ifthe host is identified by its IP address, select either IPv4 or IPv6 to indicate that it will be entered in the selected format.

IPv6 Address Type—SelectLink Local or Global as the type of IPv6 address to enter.

-Link Local—TheIPv6 address uniquely identifies hosts on a single network link. A link local address has a prefix ofFE80, is not routable, and can be used for communication only on the local network. Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration.

-Global—TheIPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks.

Link Local Interface—Ifthe IPv6 address type is Link Local, select from where it is received.

Host IP Address/Name—Enterthe host address or name.

TTL—Enterthe maximum number of hops that Traceroute permits. This is used to prevent a case where the sent frame gets into an endless loop. The Traceroute command terminates when the destination is reached or when this value is reached. To use the default value (30), selectUse Default.

Timeout—Enterthe length of time that the system waits for a frame to return before declaring it lost, or selectUse Default.

STEP 3 ClickActivate Traceroute. The operation is performed.

69

Cisco Small Business 300 Series Managed Switch Administration Guide

Administration: General Information

5

 

Traceroute

 

 

 

 

 

A page appears showing the Round Trip Time (RTT) and status for each trip in the fields:

Index—Displaysthe number of the hop.

Host—Displaysa stop along the route to the destination.

Round Trip Time (1-3)—Displaysthe round trip time in (ms) for the first through third frame and the status of the first through third operation.

Cisco Small Business 300 Series Managed Switch Administration Guide

70

5

Administration: General Information

 

 

Traceroute

 

 

 

 

71

Cisco Small Business 300 Series Managed Switch Administration Guide

6

Administration: Time Settings

Synchronized system clocks provide a frame of reference between all devices on the network. Network time synchronization is critical because every aspect of managing, securing, planning, and debugging a network involves determining when events occur. Without synchronized clocks, accurately correlating log files between devices when tracking security breaches or network usage is impossible.

Synchronized time also reduces confusion in shared file systems, as it is important for the modification times to be consistent, regardless of the machine on which the file systems reside.

For these reasons, it is important that the time configured on all of the devices on the network is accurate.

NOTE The device supports Simple Network Time Protocol (SNTP) and when enabled, the device dynamically synchronizes the device time with time from an SNTP server. The device operates only as an SNTP client, and cannot provide time services to other devices.

This section describes the options for configuring the system time, time zone, and Daylight Savings Time (DST). It covers the following topics:

System Time Options

SNTP Modes

Configuring System Time

Cisco Small Business 300 Series Managed Switch Administration Guide

72

6

Administration: Time Settings

 

 

System Time Options

 

 

 

 

System Time Options

System time can be set manually by the user, dynamically from an SNTP server, or synchronized from the PC running the GUI. If an SNTP server is chosen, the manual time settings are overwritten when communications with the server are established.

As part of the boot process, the device always configures the time, time zone, and DST. These parameters are obtained from the PC running the GUI, SNTP, values set manually, or if all else fails, from the factory defaults.

Time

The following methods are available for setting the system time on the device:

Manual—Youmust manually sets the time.

From PC—Timecan be received from the PC by using browser information.

The configuration of time from the computer is saved to the Running Configuration file. You must copy the Running Configuration to the Startup Configuration in order to enable the device to use the time from the computer after reboot. The time after reboot is set during the first WEB login to the device.

When you configure this feature for the first time, if the time was not already set, the device sets the time from the PC.

This method of setting time works with both HTTP and HTTPS connections.

SNTP—Timecan be received from SNTP time servers. SNTP ensures accurate network time synchronization of the device up to the millisecond by using an SNTP server for the clock source. When specifying an SNTP server, if choosing to identify it by hostname, three suggestions are given in the GUI:

-time-a.timefreq.bldrdoc.gov

-time-b.timefreq.bldrdoc.gov

-time-c.timefreq.bldrdoc.gov

After the time has been set by any of the above sources, it is not set again by the browser.

NOTE SNTP is the recommended method for time setting.

73

Cisco Small Business 300 Series Managed Switch Administration Guide

Administration: Time Settings

6

 

SNTP Modes

 

 

 

 

 

Time Zone and Daylight Savings Time (DST)

The Time Zone and DST can be set on the device in the following ways:

Dynamic configuration of the device through a DHCP server, where:

-Dynamic DST, when enabled and available, always takes precedence over the manual configuration of DST.

-If the server supplying the source parameters fails, or dynamic configuration is disabled by the user, the manual settings are used.

-Dynamic configuration of the time zone and DST continues after the IP address lease time has expired.

Manual configuration of the time zone and DST becomes the Operational time zone and DST, only if the dynamic configuration is disabled or fails.

NOTE The DHCP server must supply DHCP option 100 in order for dynamic time zone configuration to take place.

SNTP Modes

The device can receive the system time from an SNTP server in one of the following ways:

Client Broadcast Reception (passive mode)

SNTP servers broadcast the time, and the device listens to these broadcasts. When the device is in this mode, there is no need to define a Unicast SNTP server.

Client Broadcast Transmission (active mode)—The device, as an SNTP client, periodically requests SNTP time updates. This mode works in either of the following ways:

-SNTP Anycast Client Mode—Thedevice broadcasts time request packets to all SNTP servers in the subnet, and waits for a response.

-Unicast SNTP Server Mode—Thedevice sends Unicast queries to a list ofmanually-configuredSNTP servers, and waits for a response.

The device supports having all of the above modes active at the same time and selects the best system time received from an SNTP server, according to an algorithm based on the closest stratum (distance from the reference clock).

Cisco Small Business 300 Series Managed Switch Administration Guide

74

6

Administration: Time Settings

 

 

Configuring System Time

 

 

 

 

Configuring System Time

Selecting Source of System Time

Use the System Time page to select the system time source. If the source is manual, you can enter the time here.

!

CAUTION If the system time is set manually and the device is rebooted, the manual time settings must be reentered.

To define system time:

STEP 1 Click Administration> Time Settings> System Time.

The following fields are displayed:

Actual Time (Static)—Systemtime on the device. This shows the DHCP time zone or the acronym for theuser-definedtime zone if these were defined.

Last Synchronized Server—Address,stratum and type of the SNTP server from which time was last taken.

STEP 2 Enter these parameters:

Clock Source Settings—Selectthe source used to set the system clock.

Main Clock Source (SNTP Servers)—Ifyou enable this, the system time is obtained from an SNTP server. To use this feature, you must also configure a connection to an SNTP server in the SNTP Interface Settings page.

Optionally, enforce authentication of the SNTP sessions by using the SNTP Authentication page.

Alternate Clock Source (PC via active HTTP/HTTPS sessions)—Select to set the date and time from the configuring computer using the HTTP protocol.

NOTE The Clock Source Setting needs to be set to either of the above in order for RIP MD5 authentication to work. This also helps features that associate with time, for example: Time Based ACL, Port, 802.1 port authentication that are supported on some devices.

75

Cisco Small Business 300 Series Managed Switch Administration Guide

6

Administration: Time Settings

Configuring System Time

Manual Settings—Setthe date and time manually. The local time is used when there is no alternate source of time, such as an SNTP server:

Date—Enterthe system date.

Local Time—Enterthe system time.

Time Zone Settings—Thelocal time is used via the DHCP server or Time Zone offset.

Get Time Zone from DHCP—Selectto enable dynamic configuration of the time zone and the DST from the DHCP server. Whether one or both of these parameters can be configured depends on the information found in the DHCP packet. If this option is enabled,you must also enable DHCP client on the device.

NOTE The DHCP Client supports Option 100 providing dynamic time zone setting.

Time Zone from DHCP—Displaysthe acronym of the time zone configured from the DHCP server. This acronym appears in theActual Time field

Time Zone Offset—Selectthe difference in hours betweenGreenwich Mean Time (GMT) and the local time. For example, the Time Zone Offset for Paris is GMT +1, while the Time Zone Offset for New York is GMT – 5.

Time Zone Acronym—Enterauser-definedname that represents the time zone you have configured. This acronym appears in theActual Time field.

Daylight Savings Settings—Selecthow DST is defined:

Daylight Savings—Selectto enable Daylight Saving Time.

Time Set Offset—Enterthe number of minutes offset from GMT ranging from1—1440.The default is 60.

Daylight Savings Type—Clickone of the following:

-USA—DSTis set according to the dates used in the USA.

-European—DSTis set according to the dates used by the European Union and other countries that use this standard.

-By Dates—DSTis set manually, typically for a country other than the USA or a European country. Enter the following parameters:

-Recurring—DSToccurs on the same date every year.

Selecting By Dates allows customization of the start and stop of DST:

Cisco Small Business 300 Series Managed Switch Administration Guide

76

6

Administration: Time Settings

 

 

Configuring System Time

 

 

 

 

-From—Dayand time that DST starts.

-To—Dayand time that DST ends.

Selecting Recurring allows different customization of the start and stop of

DST:

From—Datewhen DST begins each year.

-Day—Dayof the week on which DST begins every year.

-Week—Weekwithin the month from which DST begins every year.

-Month—Monthof the year in which DST begins every year.

-Time—Thetime at which DST begins every year.

To—Datewhen DST ends each year. For example, DST ends locally every fourth Friday in October at 5:00 am. The parameters are:

-Day—Dayof the week on which DST ends every year.

-Week—Weekwithin the month from which DST ends every year.

-Month—Monthof the year in which DST ends every year.

-Time—Thetime at which DST ends every year.

STEP 3 ClickApply. The system time values are written to the Running Configuration file.

Adding a Unicast SNTP Server

Up to 16 Unicast SNTP servers can be configured.

NOTE To specify a Unicast SNTP server by name, you must first configure DNS server(s) on the device (seeDNS Settings). In order to add a Unicast SNTP server, check the box to enableSNTP Client Unicast.

To add a Unicast SNTP server:

STEP 1 Click Administration> Time Settings> SNTP Unicast.

This page contains the following information for each Unicast SNTP server:

SNTP Server—SNTPserver IP address. The preferred server, or hostname, is chosen according to its stratum level.

77

Cisco Small Business 300 Series Managed Switch Administration Guide

Administration: Time Settings

6

 

Configuring System Time

 

 

 

 

 

Poll Interval—Displayswhether polling is enabled or disabled.

Authentication Key ID—KeyIdentification used to communicate between the SNTP server and device.

Stratum Level—Distancefrom the reference clock expressed as a numerical value. An SNTP server cannot be the primary server (stratum level1) unless polling interval is enabled.

Status—SNTPserver status. The possible values are:

-Up—SNTPserver is currently operating normally.

-Down—SNTPserver is currently not available.

-Unknown—SNTPserver is currently being searched for by the device.

-In Process—Occurswhen the SNTP server has not fully trusted its own time server (i.e. when first booting up the SNTP server).

Last Response—Dateand time of the last time a response was received from this SNTP server.

Offset—Theestimated offset of the server's clock relative to the local clock, in milliseconds. The host determines the value of this offset using the algorithm described in RFC 2030.

Delay—Theestimatedround-tripdelay of the server's clock relative to the local clock over the network path between them, in milliseconds. The host determines the value of this delay using the algorithm described in RFC 2030.

Source—HowSNTP server was defined, for example: manually or from DHCPv6 server.

Interface—Interfaceon which packets are received.

STEP 2 To add a Unicast SNTP server, enableSNTP Client Unicast.

STEP 3 Click Add.

STEP 4 Enter the following parameters:

Server Definition—Selectif the SNTP server is going to be identified by its IP address or if you are going to select awell-knownSNTP server by name from the list.

NOTE To specify awell-knownSNTP server, the device must be connected to the Internet and configured with a DNS server or configured so that a DNS server is identified by using DHCP. (SeeDNS Settings)

Cisco Small Business 300 Series Managed Switch Administration Guide

78

6

Administration: Time Settings

 

 

Configuring System Time

 

 

 

 

IP Version—Selectthe version of the IP address:Version 6 orVersion 4.

IPv6 Address Type—Selectthe IPv6 address type (if IPv6 is used). The options are

-Link Local—TheIPv6 address uniquely identifies hosts on a single network link. A link local address has a prefix ofFE80, is not routable, and can be used for communication only on the local network. Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration.

-Global—TheIPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks.

Link Local Interface—Selectthe link local interface (if IPv6 Address Type Link Local is selected) from the list.

SNTP Server IP Address—Enterthe SNTP server IP address. The format depends on which address type was selected.

SNTP Server—Selectthe name of the SNTP server from a list ofwell-knownNTP servers. Ifother is chosen, enter name of SNTP server in the adjacent field.

Poll Interval—Selectto enable polling of the SNTP server for system time information. All NTP servers that are registered for polling are polled, and the clock is selected from the server with the lowest stratum level (distance from the reference clock) that is reachable. The server with the lowest stratum is considered to be the primary server. The server with the next lowest stratum is a secondary server, and so forth. If the primary server is down, the device polls all servers with the polling setting enabled, and selects a new primary server with the lowest stratum.

Authentication—Selectthe check box to enable authentication.

Authentication Key ID—Ifauthentication is enabled, select the value of the key ID. (Create the authentication keys using the SNTP Authentication page.)

STEP 5 ClickApply. The STNP server is added, and you are returned to the main page.

79

Cisco Small Business 300 Series Managed Switch Administration Guide

Administration: Time Settings

6

 

Configuring System Time

 

 

 

 

 

Configuring the SNTP Mode

The device can be in active and/or passive mode (see SNTP Modes for more information).

To enable receiving SNTP packets from all servers on the subnet and/or to enable transmitting time requests to SNTP servers:

STEP 1 Click Administration> Time Settings> SNTP Multicast/Anycast.

STEP 2 Select from the following options:

SNTP IPv4 Multicast Client Mode (Client Broadcast Reception)—Selectto receive system time IPv4 Multicast transmissions from any SNTP server on the subnet.

SNTP IPv6 Multicast Client Mode (Client Broadcast Reception)—Selectto receive system time IPv6 Multicast transmissions from any SNTP server on the subnet.

SNTP IPv4 Anycast Client Mode (Client Broadcast Transmission)—Selectto transmit SNTP IPv4 synchronization packets requesting system time information. The packets are transmitted to all SNTP servers on the subnet.

SNTP IPv6 Anycast Client Mode (Client Broadcast Transmission)—Selectto transmit SNTP IPv6 synchronization packets requesting system time information. The packets are transmitted to all SNTP servers on the subnet.

STEP 3 If the system is in Layer 3 system mode, clickAdd to enter the interface for SNTP reception/transmission.

Select an interface and select the reception/transmission options.

STEP 4 Click Apply to save the settings to the Running Configuration file.

Defining SNTP Authentication

SNTP clients can authenticate responses by using HMAC-MD5.An SNTP server is associated with a key, which is used as input together with the response itself to the MD5 function; the result of the MD5 is also included in the response packet.

The SNTP Authentication page enables configuration of the authentication keys that are used when communicating with an SNTP server that requires authentication.

Cisco Small Business 300 Series Managed Switch Administration Guide

80

6

Administration: Time Settings

 

 

Configuring System Time

 

 

 

 

The authentication key is created on the SNTP server in a separate process that depends on the type of SNTP server you are using. Consult with the SNTP server system administrator for more information.

Workflow

STEP 1 Enable authentication in the SNTP Authentication page.

STEP 2 Create a key in the SNTP Authentication page.

STEP 3 Associate this key with an SNTP server in the SNTP Unicast page.

To enable SNTP authentication and define keys:

STEP 1 Click Administration> Time Settings> SNTP Authentication.

STEP 2 SelectSNTP Authentication to support authentication of an SNTP session between the device and an SNTP server.

STEP 3 ClickApply to update the device.

STEP 4 Click Add.

STEP 5 Enter the following parameters:

Authentication Key ID—Enterthe number used to identify this SNTP authentication key internally.

Authentication Key—Enterthe key used for authentication (up to eight characters). The SNTP server must send this key for the device to synchronize to it.

Trusted Key—Selectto enable the device to receive synchronization information only from a SNTP server by using this authentication key.

STEP 6 ClickApply. The SNTP Authentication parameters are written to the Running Configuration file.

Time Range

Time ranges can be defined and associated with the following types of commands, so that they are applied only during that time range:

ACLs

81

Cisco Small Business 300 Series Managed Switch Administration Guide

Administration: Time Settings

6

 

Configuring System Time

 

 

 

 

 

8021X Port Authentication

Port Stat

Time-BasedPoE

There are two types of time ranges:

Absolute —Thistype of time range begins on a specific date or immediately and ends on a specific date or extends infinitely. It is created in the Time Range pages. A recurring element can be added to it.

Recurring — This type of time range contains a time range element that is added to an absolute range, and begins and ends on a recurring basis. It is defined in the Recurring Range pages.

If a time range includes both absolute and recurring ranges, the process associated with it is activated only if both absolute start time and the recurring time range have been reached. The process is deactivated when either of the time ranges is reached.

The device supports a maximum of 10 absolute time ranges.

All time specifications are interpreted as local time (Daylight Saving Time does not affect this).

To ensure that the time range entries take effect at the desired times, the system time must be set.

The time-rangefeature can be used for the following:

Limit access of computers to the network during business hours (for example), after which the network ports are locked, and access to the rest of the network is blocked (see Chapter 9, “Configuring Ports” and

Chapter 9, “Configuring LAG Settings”)

Limit PoE operation to a specified period.

Absolute Time Range

To define an absolute time range:

STEP 1 Click Administration > Time Settings > Time Range.

The existing time ranges are displayed.

STEP 2 To add a new time range, click Add.

STEP 3 Enter the following fields:

Cisco Small Business 300 Series Managed Switch Administration Guide

82

STEP 4
STEP 1

6

Administration: Time Settings

 

 

Configuring System Time

 

 

 

 

Time Range Name—Entera new time range name.

Absolute Starting Time—Todefine the start time, enter the following:

-Immediate—Selectfor the time range to start immediately.

-Date, Time—Enterthe date and time that the Time Range begins.

Absolute Ending Time—Todefine the start time, enter the following:

-Infinite—Selectfor the time range to never end.

-Date, Time—Enterthe date and time that the Time Range ends.

To add a recurring time range, click Recurring Range.

Recurring Time Range

A recurring time element can be added to an absolute time range. This limits the operation to certain time periods within the absolute range.

To add a recurring time range element to an absolute time range:

Click Administration > Time Settings > Recurring Range.

The existing recurring time ranges are displayed (filtered per a specific, absolute time range.)

STEP 2 Select the absolute time range to which to add the recurring range.

STEP 3 To add a new recurring time range, click Add.

STEP 4 Enter the following fields:

Recurring Starting Time—Enterthe date and time that the Time Range begins on a recurring basis.

Recurring Ending Time—Enterthe date and time that the Time Range ends on a recurring basis.

83

Cisco Small Business 300 Series Managed Switch Administration Guide

7

Administration: Diagnostics

This section contains information for configuring port mirroring, running cable tests, and viewing device operational information.

It covers the following topics:

Testing Copper Ports

Displaying Optical Module Status

Configuring Port and VLAN Mirroring

Viewing CPU Utilization and Secure Core Technology

Testing Copper Ports

The Copper Test page displays the results of integrated cable tests performed on copper cables by the Virtual Cable Tester (VCT).

VCT performs two types of tests:

Time Domain Reflectometry (TDR) technology tests the quality and characteristics of a copper cable attached to a port. Cables of up to 140 meters long can be tested. These results are displayed in the Test Results block of the Copper Test page.

DSP-basedtests are performed on active GE links to measure cable length. These results are displayed in the Advanced Information block of the Copper Test page.

Preconditions to Running the Copper Port Test

Before running the test, do the following:

(Mandatory) Disable Short Reach mode (see the Port Management > Green Ethernet > Properties page)

Cisco Small Business 300 Series Managed Switch Administration Guide

84

7

Administration: Diagnostics

 

 

Testing Copper Ports

 

 

 

 

(Optional) Disable EEE (see the Port Management > Green Ethernet > Properties page)

Use a CAT5 data cable when testing cables using (VCT).

Accuracy of the test results can have an error range of +/- 10 for Advanced Testing and +/- 2 for basic testing.

!

CAUTION When a port is tested, it is set to the Down state and communications are interrupted. After the test, the port returns to the Up state. It is not recommended that you run the copper port test on a port you are using to run theweb-basedswitch configuration utility, because communications with that device are disrupted.

To test copper cables attached to ports:

STEP 1 Click Administration> Diagnostics> Copper Test.

STEP 2 Select the port on which to run the test.

STEP 3 Click Copper Test.

STEP 4 When the message appears, clickOK to confirm that the link can go down orCancel to abort the test.

The following fields are displayed in the Test Results block:

Last Update—Timeof the last test conducted on the port.

Test Results—Cabletest results. Possible values are:

-OK—Cablepassed the test.

-No Cable—Cableis not connected to the port.

-Open Cable—Cableis connected on only one side.

-Short Cable—Shortcircuit has occurred in the cable.

-Unknown Test Result—Errorhas occurred.

Distance to Fault—Distancefrom the port to the location on the cable where the fault was discovered.

Operational Port Status—Displayswhether port is up or down.

85

Cisco Small Business 300 Series Managed Switch Administration Guide

Administration: Diagnostics

7

 

Displaying Optical Module Status

 

 

 

 

 

If the port being tested is a Giga port, the Advanced Information block contains the following information, which is refreshed each time you enter the page:

Cable Length: Provides an estimate for the length.

Pair—Cablewire pair being tested.

Status—Wirepair status. Red indicates fault and Green indicates status OK.

Channel—Cablechannel indicating whether the wires are straight or crossover.

Polarity—Indicatesif automatic polarity detection and correction has been activated for the wire pair.

Pair Skew—Differencein delay between wire pairs.

NOTE TDR tests cannot be performed when the port speed is 10Mbit/Sec.

Displaying Optical Module Status

The Optical Module Status page displays the operating conditions reported by the SFP (Small Form-factorPluggable) transceiver. Some information might not be available for SFPs that do not support the digital diagnostic monitoring standardSFF-8472.

MSA-compatibleSFPs

The following FE SFP (100Mbps) transceivers are supported:

MFEBX1: 100BASE-BX-20USFP transceiver forsingle-modefiber, 1310 nm wavelength, supports up to 20 km.

MFEFX1: 100BASE-FXSFP transceiver, for multimode fiber, 1310 nm wavelength, supports up to 2 km.

MFELX1: 100BASE-LXSFP transceiver, forsingle-modefiber, 1310 nm wavelength, supports up to 10 km.

The following GE SFP (1000Mbps) transceivers are supported:

MGBBX1: 1000BASE-BX-20USFP transceiver, forsingle-modefiber, 1310 nm wavelength, supports up to 40 km.

Cisco Small Business 300 Series Managed Switch Administration Guide

86

7

Administration: Diagnostics

 

 

Configuring Port and VLAN Mirroring

 

 

 

 

MGBLH1: 1000BASE-LHSFP transceiver, forsingle-modefiber, 1310 nm wavelength, supports up to 40 km.

MGBLX1: 1000BASE-LXSFP transceiver, forsingle-modefiber, 1310 nm wavelength, supports up to 10 km.

MGBSX1:1000BASE-SXSFP transceiver, for multimode fiber, 850 nm wavelength, supports up to 550 m.

MGBT1: 1000BASE-TSFP transceiver for category 5 copper wire, supports up to 100 m.

To view the results of optical tests, click Administration > Diagnostics > Optical

Module Status.

This page contains the following fields:

Port—Portnumber on which the SFP is connected.

Temperature—Temperature(Celsius) at which the SFP is operating.

Voltage—SFP’soperating voltage.

Current—SFP’scurrent consumption.

Output Power—Transmittedoptical power.

Input Power—Receivedoptical power.

Transmitter Fault—RemoteSFP reports signal loss. Values are True, False, and No Signal (N/S).

Loss of Signal—LocalSFP reports signal loss. Values are True and False.

Data Ready—SFPis operational. Values are True and False

Configuring Port and VLAN Mirroring

Port mirroring is used on a network device to send a copy of network packets seen on one device port, multiple device ports, or an entire VLAN to a network monitoring connection on another port on the device. This is commonly used for network appliances that require monitoring of network traffic, such as an intrusiondetection system. A network analyzer connected to the monitoring port processes the data packets for diagnosing, debugging, and performance monitoring. Up to eight sources can be mirrored. This can be any combination of eight individual ports and/or VLANs.

87

Cisco Small Business 300 Series Managed Switch Administration Guide

Administration: Diagnostics

7

 

Configuring Port and VLAN Mirroring

 

 

 

 

 

A packet that is received on a network port assigned to a VLAN that is subject to mirroring is mirrored to the analyzer port even if the packet was eventually trapped or discarded. Packets sent by the device are mirrored when Transmit (Tx) mirroring is activated.

Mirroring does not guarantee that all traffic from the source port(s) is received on the analyzer (destination) port. If more data is sent to the analyzer port than it can support, some data might be lost.

VLAN mirroring is not active on a VLAN that was not manually created. For example, if VLAN 23 was created by GVRP, and you manually created VLAN 34, and you create port mirroring that includes VLAN 23, VLAN 34, or both, and later on delete VLAN 34, the status in port mirroring is set to Not Ready, because the VLAN34 is no longer in the database and VLAN23 was not created manually.

Only one instance of mirroring is supported system-wide.The analyzer port (or target port for VLAN mirroring or port mirroring) is the same for all the mirrored VLANs or ports.

To enable mirroring:

STEP 1 Click Administration> Diagnostics> Port and VLAN Mirroring.

This page contains the following fields:

Destination Port—Portto which traffic is to be copied; the analyzer port.

Source Interface—Interface,port, or VLAN from which traffic is sent to the analyzer port.

Type—Typeof monitoring: incoming to the port (Rx), outgoing from the port (Tx), or both.

Status— Displays one of the following values:

-Active—Bothsource and destination interfaces are up and forwarding traffic.

-Not Ready—Eithersource or destination (or both) are down or not forwarding traffic for some reason.

STEP 2 ClickAdd to add a port or VLAN to be mirrored.

STEP 3 Enter the parameters:

Cisco Small Business 300 Series Managed Switch Administration Guide

88

7

Administration: Diagnostics

 

 

Viewing CPU Utilization and Secure Core Technology

 

 

 

 

Destination Port—Selectthe analyzer port to where packets are copied. A network analyzer, such as a PC running Wireshark, is connected to this port. If a port is identified as an analyzer destination port, it remains the analyzer destination port until all entries are removed.

Source Interface—Selectthe source port or source VLAN from where traffic is to be mirrored.

Type—Selectwhether incoming, outgoing, or both types of traffic are mirrored to the analyzer port. IfPort is selected, the options are:

-Rx Only—Portmirroring on incoming packets.

-Tx Only—Portmirroring on outgoing packets.

-Tx and Rx—Portmirroring on both incoming and outgoing packets.

STEP 4 ClickApply. Port mirroring is added to the Running Configuration.

Viewing CPU Utilization and Secure Core Technology

This section describes the Secure Core Technology (SCT) and how to view CPU usage.

The device handles the following types of traffic, in addition to end-usertraffic:

Management traffic

Protocol traffic

Snooping traffic

Excessive traffic burdens the CPU, and might prevent normal device operation. The device uses the Secure Core Technology (SCT) feature to ensure that the device receives and processes management and protocol traffic, no matter how much total traffic is received. SCT is enabled by default on the device and cannot be disabled.

There are no interactions with other features.

To display CPU utilization:

89

Cisco Small Business 300 Series Managed Switch Administration Guide

Administration: Diagnostics

7

 

Viewing CPU Utilization and Secure Core Technology

 

 

 

 

 

 

 

 

 

 

STEP 1 Click Administration > Diagnostics > CPU Utilization.

The CPU Utilization page appears.

The CPU Input Rate field displays the rate of input frames to the CPU per second.

The window contains a graph of the CPU utilization. The Y axis is percentage of usage, and the X axis is the sample number.

STEP 2 Select theRefresh Rate (time period in seconds) that passes before the statistics are refreshed. A new sample is created for each time period

Cisco Small Business 300 Series Managed Switch Administration Guide

90

7

Administration: Diagnostics

 

 

Viewing CPU Utilization and Secure Core Technology

 

 

 

 

91

Cisco Small Business 300 Series Managed Switch Administration Guide

8

Administration: Discovery

This section provides information for configuring Discovery.

It covers the following topics:

Configuring Bonjour Discovery

LLDP and CDP

Configuring LLDP

Configuring CDP

Configuring Bonjour Discovery

As a Bonjour client, the device periodically broadcasts Bonjour Discovery protocol packets to directly-connectedIP subnet(s), advertising its existence and the services that it provides; for example, HTTP, HTTPs, and Telnet. (Use the Security > TCP/UDP Services page to enable or disable the device services.) The device can be discovered by a network management system or otherthird-partyapplications. By default, Bonjour is enabled on the Management VLAN. The Bonjour console automatically detects the device and displays it.

Bonjour in Layer 2 System Mode

When the device is in Layer 2 system mode, Bonjour Discovery is enabled globally; it cannot be enabled on a per-portorper-VLANbasis. The device advertises all of the services that have been turned on by the administrator based on the configuration on the Services page.

When Bonjour Discovery and IGMP are both enabled, the IP Multicast address of Bonjour appears on the Adding IP Multicast Group Address page.

Cisco Small Business 300 Series Managed Switch Administration Guide

92

8

Administration: Discovery

 

 

Configuring Bonjour Discovery

 

 

 

 

When Bonjour Discovery is disabled, the device stops any service type advertisements and does not respond to requests for service from network management applications.

To globally enable Bonjour when the system is in Layer 2 system mode:

STEP 1 Click Administration> Discovery - Bonjour.

STEP 2 SelectEnable to enable Bonjour Discovery globally on the device.

STEP 3 ClickApply. Bonjour is enabled or disabled on the device according to the selection.

Bonjour in Layer 3 System Mode

In Layer 3 system mode, each interface (VLAN, port, or LAG) can be assigned an IP address. When Bonjour is enabled, the device can send Bonjour Discovery packets on all interfaces that have IP addresses. Bonjour can individually be assigned on a per-portand/orper-VLANbasis. When Bonjour is enabled, the device can send Bonjour Discovery packets to interfaces with IP addresses that have been associated with Bonjour on the Bonjour Discovery Interface Control table. (When the device is operating in Layer 3 system mode, go toIP Configuration >Management and IP Interface >IPv4 Interface to configure an IP address to an interface.)

If an interface, such as a VLAN, is deleted, Goodbye packets are sent to deregister services the device is advertising from the neighboring cache table within the local network. The Bonjour Discovery Interface Control Table shows interfaces with IP addresses that are associated with the Bonjour feature. Any Bonjour advertisement can only be broadcasted to interfaces listed in this table. (See the Bonjour Discovery Interface Control Table on the Administration > Discovery - Bonjour page. If the available services are changed, those changes are advertised, deregistering services that are turned off and registering services that are turned on. If an IP address is changed, that change is advertised.

If Bonjour is disabled, the device does not send Bonjour Discovery advertisements and it does not listen for Bonjour Discovery advertisements sent by other devices.

To configure Bonjour when the device is in Layer 3 system mode:

STEP 1 Click Administration> Discovery - Bonjour.

STEP 2 SelectEnable to enable Bonjour discovery globally.

93

Cisco Small Business 300 Series Managed Switch Administration Guide

Administration: Discovery

8

 

LLDP and CDP

 

 

 

 

 

STEP 3 ClickApply to update the Running Configuration file.

STEP 4 To enable Bonjour on an interface, clickAdd.

STEP 5 Select the interface, and clickApply.

NOTE ClickDelete to disable Bonjour on an interface (this performs the delete operation without any additional operation, such as Apply).

LLDP and CDP

LLDP (Link Layer Discovery Protocol) and CDP (Cisco Discovery Protocol) are link layer protocols for directly-connectedLLDP andCDP-capableneighbors to advertise themselves and their capabilities to each other. By default, the device sends an LLDP/CDP advertisement periodically to all its interfaces and terminates and processes incoming LLDP and CDP packets as required by the protocols. In LLDP and CDP, advertisements are encoded as TLV (Type, Length, Value) in the packet.

The following CDP/LLDP configuration notes apply:

CDP/LLDP can be globally enabled or disabled and enabled/disabled per port. The CDP/LLDP capability of a port is relevant only if CDP/LLDP is globally enabled.

If CDP/LLDP is globally enabled, the device filters out incoming CDP/LLDP packets from ports that are CDP/LLDP-disabled.

If CDP/LLDP is globally disabled, the device can be configured to discard, VLAN-awareflooding, orVLAN-unawareflooding of all incoming CDP/LLDP packets.VLAN-awareflooding floods an incoming CDP/LLDP packet to the VLAN where the packet is received excluding the ingress port. VLANunaware flooding floods an incoming CDP/LLDP packet to all the ports excluding the ingress port. The default is to discard CDP/LLDP packets when CDP/LLDP is globally disabled. You can configure the discard/ flooding of incoming CDP and LLDP packets from the CDP Properties page and the LLDP Properties page respectively.

Auto Smartport requires CDP and/or LLDP to be enabled. Auto Smartport automatically configures an interface based on the CDP/LLDP advertisement received from the interface.

Cisco Small Business 300 Series Managed Switch Administration Guide

94

8

Administration: Discovery

 

 

Configuring LLDP

 

 

 

 

CDP and LLDP end devices, such as IP phones, learn the voice VLAN configuration from CDP and LLDP advertisements. By default, the device is enabled to send out CDP and LLDP advertisement based on the voice VLAN configured at the device. Refer to the Voice VLAN and Auto Voice VLAN sections for details.

NOTE CDP/LLDP does not distinguish if a port is in a LAG. If there are multiple ports in a LAG, CDP/LLDP transmit packets on each port without taking into account the fact that the ports are in a LAG.

The operation of CDP/LLDP is independent of the STP status of an interface.

If 802.1x port access control is enabled at an interface, the device transmits and receives CDP/LLDP packets to and from the interface only if the interface is authenticated and authorized.

If a port is the target of mirroring, then according to CDP/LLDP it is considered down.

NOTE CDP and LLDP are link layer protocols fordirectly-connectedCDP/LLDP capable devices to advertise themselves and their capabilities. In deployments where theCDP/LLDP-capabledevices are not directly connected and are separated withCDP/LLDP-incapabledevices, theCDP/LLDP-capabledevices may be able to receive the advertisement from other device(s) only if theCDP/LLDP-incapabledevices flood the CDP/LLDP packets they receives. If theCDP/LLDP-incapabledevices performVLAN-awareflooding, thenCDP/LLDP-capabledevices can hear each other only if they are in the same VLAN. ACDP/LLDP-capabledevice may receive advertisement from more than one device if theCDP/LLDP-incapabledevices flood the CDP/LLDP packets.

Configuring LLDP

This section describes how to configure LLDP. It covers the following topics:

LLDP Overview

Setting LLDP Properties

Editing LLDP Port Settings

LLDP MED Network Policy

Configuring LLDP MED Port Settings

Displaying LLDP Port Status

95

Cisco Small Business 300 Series Managed Switch Administration Guide

Administration: Discovery

8

 

Configuring LLDP

 

 

 

 

 

Displaying LLDP Local Information

Displaying LLDP Neighbors Information

Accessing LLDP Statistics

LLDP Overloading

LLDP Overview

LLDP is a protocol that enables network managers to troubleshoot and enhance network management in multi-vendorenvironments. LLDP standardizes methods for network devices to advertise themselves to other systems, and to store discovered information.

LLDP enables a device to advertise its identification, configuration, and capabilities to neighboring devices that then store the data in a Management Information Base (MIB). The network management system models the topology of the network by querying these MIB databases.

LLDP is a link layer protocol. By default, the device terminates and processes all incoming LLDP packets as required by the protocol.

The LLDP protocol has an extension called LLDP Media Endpoint Discovery (LLDP-MED),which provides and accepts information from media endpoint devices such as VoIP phones and video phones. For further information aboutLLDP-MED,seeLLDP MED Network Policy.

LLDP Configuration Workflow

Following are examples of actions that can be performed with the LLDP feature and in a suggested order. You can refer to the LLDP/CDP section for additional guidelines on LLDP configuration. LLDP configuration pages are accessible under the Administration > Discovery LLDP menu.

1.Enter LLDP global parameters, such as the time interval for sending LLDP updates using the LLDP Properties page.

2.Configure LLDP per port by using the Port Settings page. On this page, interfaces can be configured to receive/transmit LLDP PDUs, send SNMP notifications, specify which TLVs to advertise, and advertise the device's management address.

3.Create LLDP MED network policies by using the LLDP MED Network Policy page.

Cisco Small Business 300 Series Managed Switch Administration Guide

96

8

Administration: Discovery

 

 

Configuring LLDP

 

 

 

 

4.Associate LLDP MED network policies and the optional LLDP-MEDTLVs to the desired interfaces by using the LLDP MED Port Settings page.

5.If Auto Smartport is to detect the capabilities of LLDP devices, enable LLDP in the Smartport Properties page.

6.Display overloading information by using the LLDP Overloading page.

Setting LLDP Properties

The LLDP Properties page enables entering LLDP general parameters, such as enabling/disabling the feature globally and setting timers.

To enter LLDP properties:

STEP 1 Click Administration> Discovery - LLDP> Properties.

STEP 2 Enter the parameters.

LLDP Status—Selectto enable LLDP on the device (enabled by default).

LLDP Frames Handling—IfLLDP is not enabled, select the action to be taken if a packet that matches the selected criteria is received:

-Filtering—Deletethe packet.

-Flooding—Forwardthe packet to all VLAN members.

TLV Advertise Interval—Enterthe rate in seconds at which LLDP advertisement updates are sent, or use the default.

Topology Change SNMP Notification Interval—Enter the minimum time interval between SNMP notifications.

Hold Multiplier—Enterthe amount of time that LLDP packets are held before the packets are discarded, measured in multiples of the TLV Advertise Interval. For example, if the TLV Advertise Interval is 30 seconds, and the Hold Multiplier is 4, then the LLDP packets are discarded after 120 seconds.

Reinitializing Delay—Enterthe time interval in seconds that passes between disabling and reinitializing LLDP, following an LLDP enable/disable cycle.

Transmit Delay—Enterthe amount of time in seconds that passes between successive LLDP frame transmissions due to changes in the LLDP local systems MIB.

97

Cisco Small Business 300 Series Managed Switch Administration Guide

Administration: Discovery

8

 

Configuring LLDP

 

 

 

 

 

STEP 3 In theFast Start Repeat Count field, enter the number of times LLDP packets are sent when theLLDP-MEDFast Start mechanism is initialized. This occurs when a new endpoint device links to the device. For a description of LLDP MED, refer to the LLDP MED Network Policy section.

STEP 4 ClickApply. The LLDP properties are added to the Running Configuration file.

Editing LLDP Port Settings

The Port Settings page enables activating LLDP and SNMP notification per port, and entering the TLVs that are sent in the LLDP PDU.

The LLDP-MEDTLVs to be advertised can be selected in the LLDP MED Port Settings page, and the management address TLV of the device may be configured.

To define the LLDP port settings:

STEP 1 Click Administration> Discovery - LLDP> Port Settings.

This page contains the port LLDP information.

STEP 2 Select a port and clickEdit.

This page provides the following fields:

Interface—Selectthe port to edit.

Administrative Status—Selectthe LLDP publishing option for the port. The values are:

-Tx Only—Publishesbut does not discover.

-Rx Only—Discoversbut does not publish.

-Tx & Rx—Publishesand discovers.

-Disable—Indicatesthat LLDP is disabled on the port.

SNMP Notification—SelectEnable to send notifications to SNMP notification recipients; for example, an SNMP managing system, when there is a topology change.

Cisco Small Business 300 Series Managed Switch Administration Guide

98

8

Administration: Discovery

 

 

Configuring LLDP

 

 

 

 

The time interval between notifications is entered in the Topology Change SNMP Notification Interval field in the LLDP Properties page. Define SNMP Notification Recipients by using the SNMP > Notification Recipient v1,2 and/or SNMP > Notification Recipient v3 page.

Available Optional TLVs—Selectthe information to be published by the device by moving the TLV to theSelected Optional TLVs list. The available TLVs contain the following information:

-Port Description—Informationabout the port, including manufacturer, product name and hardware/software version.

-System Name—System'sassigned name (inalpha-numericformat). The value equals the sysName object.

-System Description—Descriptionof the network entity (in alphanumeric format). This includes the system's name and versions of the hardware, operating system, and networking software supported by the device. The value equals the sysDescr object.

-System Capabilities—Primaryfunctions of the device, and whether or not these functions are enabled in the device. The capabilities are indicated by two octets. Bits 0 through 7 indicate Other, Repeater, Bridge, WLAN AP, Router, Telephone, DOCSIS cable device, and station respectively. Bits 8 through 15 are reserved.

-802.3 MAC-PHY—Duplexand bit rate capability and the current duplex and bit rate settings of the sending device. It also indicates whether the current settings are due toauto-negotiationor manual configuration.

-802.3 Link Aggregation—Whetherthe link (associated with the port on which the LLDP PDU is transmitted) can be aggregated. It also indicates whether the link is currently aggregated, and if so, provides the aggregated port identifier.

-802.3 Maximum Frame—Maximumframe size capability of the MAC/ PHY implementation.

The following fields relate to the Management Address:

Advertisement Mode—Selectone of the following ways to advertise the IP management address of the device:

-Auto Advertise—Specifiesthat the software would automatically choose a management address to advertise from all the IP addresses of the product. In case of multiple IP addresses the software chooses the

99

Cisco Small Business 300 Series Managed Switch Administration Guide

Administration: Discovery

8

 

Configuring LLDP

 

 

 

 

 

lowest IP address among the dynamic IP addresses. If there are no dynamic addresses, the software chooses the lowest IP address among the static IP addresses.

-None—Donot advertise the management IP address.

-Manual Advertise—Selectthis option and the management IP address to be advertised. We recommend you select this option when the device is in Layer 3 system mode and the device is configured with multiple IP addresses (this is always true onSG500X/ESW2-550Xdevices).

IP Address—IfManual Advertise was selected, select the Management IP address from the addresses provided.

STEP 3 Enter the relevant information, and clickApply. The port settings are written to the Running Configuration file.

LLDP MED Network Policy

LLDP Media Endpoint Discovery (LLDP-MED)is an extension of LLDP that provides the following additional capabilities to support media endpoint devices. Some of the features of the LLDP Med Network Policy are:

Enables the advertisement and discovery of network polices for real-timeapplications such as voice and/or video.

Device location discovery to allow creation of location databases and, in the case of Voice over Internet Protocol (VoIP), Emergency Call Service (E-911)by using IP Phone location information.

Troubleshooting information. LLDP MED sends alerts to network managers upon:

-Port speed and duplex mode conflicts

-QoS policy misconfigurations

Cisco Small Business 300 Series Managed Switch Administration Guide

100

8

Administration: Discovery

 

 

Configuring LLDP

 

 

 

 

Setting LLDP MED Network Policy

An LLDP-MEDnetwork policy is a related set of configuration settings for a specificreal-timeapplication such as voice, or video. A network policy, if configured, can be included in the outgoing LLDP packets to the attached LLDP media endpoint device. The media endpoint device must send its traffic as specified in the network policy it receives. For example, a policy can be created for VoIP traffic that instructs VoIP phone to:

Send voice traffic on VLAN 10 as tagged packet and with 802.1p priority 5.

Send voice traffic with DSCP 46.

Network policies are associated with ports by using the LLDP MED Port Settings page. An administrator can manually configure one or more network policies and the interfaces where the policies are to be sent. It is the administrator's responsibility to manually create the VLANs and their port memberships according to the network policies and their associated interfaces.

In addition, an administrator can instruct the device to automatically generate and advertise a network policy for voice application based on the voice VLAN maintained by the device. Refer the Auto Voice VLAN section for details on how the device maintains its voice VLAN.

To define an LLDP MED network policy:

STEP 1 Click Administration> Discovery - LLDP> LLDP MED Network Policy.

This page contains previously-creatednetwork policies.

STEP 2 Select Auto forLLDP-MEDNetwork Policy for Voice Application if the device is to automatically generate and advertise a network policy for voice application based on the voice VLAN maintained by the device.

NOTE When this box is checked, you may not manually configure a voice network policy.

STEP 3 ClickApply to add this setting to the Running Configuration file.

STEP 4 To define a new policy, clickAdd.

STEP 5 Enter the values:

Network Policy Number—Selectthe number of the policy to be created.

Application—Selectthe type of application (type of traffic) for which the network policy is being defined.

VLAN ID—Enterthe VLAN ID to which the traffic must be sent.

101

Cisco Small Business 300 Series Managed Switch Administration Guide

Administration: Discovery

8

 

Configuring LLDP

 

 

 

 

 

VLAN Tag—Selectwhether the traffic is Tagged or Untagged.

User Priority—Selectthe traffic priority applied to traffic defined by this network policy. This is the CoS value.

DSCP Value—Selectthe DSCP value to associate with application data sent by neighbors. This informs them how they must mark the application traffic they send to the device.

STEP 6 ClickApply. The network policy is defined.

NOTE You must manually configure the interfaces to include the desiredmanually-definednetwork policies for the outgoing LLDP packets using the LLDP MED Port Settings.

Configuring LLDP MED Port Settings

The LLDP MED Port Settings page enables the selection of the LLDP-MEDTLVs and/or the network policies to be included in the outgoing LLDP advertisement for the desired interfaces. Network Policies are configured using the LLDP MED Network Policy page.

NOTE IfLLDP-MEDNetwork Policy for Voice Application(LLDP-MEDNetwork Policy Page) is Auto and Auto Voice VLAN is in operation, then the device automatically generates anLLDP-MEDNetwork Policy for Voice Application for all the ports that areLLDP-MEDenabled and are members of the voice VLAN.

To configure LLDP MED on each port:

STEP 1 Click Administration> Discovery - LLDP> LLDP MED Port Settings.

This page contains LLDP MED settings, including enabled TLVs, for all ports.

STEP 2 The message at the top of the page indicates whether the generation of the LLDP MED Network Policy for the voice application is automatic or not (seeLLDP Overview). Click on the link to change the mode.

STEP 3 To associate additional LLDP MED TLV and/or one or moreuser-definedLLDP MED Network Policies to a port, select it, and clickEdit.

STEP 4 Enter the parameters:

Interface—Selectthe interface to configure.

LLDP MED Status—Enable/disableLLDP MED on this port.

Cisco Small Business 300 Series Managed Switch Administration Guide

102

8

Administration: Discovery

 

 

Configuring LLDP

 

 

 

 

SNMP Notification—Selectwhether SNMP notification is sent on aper-portbasis when an end station that supports MED is discovered; for example a SNMP managing system, when there is a topology change.

Available Optional TLVs—Selectthe TLVs that can be published by the device by moving them to theSelected Optional TLVs list.

Available Network Policies—Selectthe LLDP MED policies to be published by LLDP by moving them to the Selected Network Policies list. These were created in the LLDP MED Network Policy page.To include one or more userdefined network polices in the advertisement, you must also selectNetwork Policy from the Available Optional TLVs.

NOTE The following fields must be entered in hexadecimal characters in the exact data format that is defined in theLLDP-MEDstandard(ANSI-TIA-1057_final_for_publication.pdf):

-Location Coordinate—Enterthe coordinate location to be published by LLDP.

-Location Civic Address—Enterthe civic address to be published by LLDP.

-Location (ECS) ELIN—Enterthe Emergency Call Service (ECS) ELIN location to be published by LLDP.

STEP 5 ClickApply. The LLDP MED port settings are written to the Running Configuration file.

Displaying LLDP Port Status

The LLDP Port Status Table page contains the LLDP global information for every port.

STEP 1 To view the LLDP port status, clickAdministration >Discovery - LLDP >LLDP Port Status.

STEP 2 Click LLDP Local Information Detail to see the details of the LLDP andLLDP-MEDTLVs sent to the neighbor.

STEP 3 Click LLDP Neighbor Information Detail to see the details of the LLDP and LLDPMED TLVs received from the neighbor.

LLDP Port Status Global Information

103

Cisco Small Business 300 Series Managed Switch Administration Guide

Administration: Discovery

8

 

Configuring LLDP

 

 

 

 

 

Chassis ID Subtype—Typeof chassis ID (for example, MAC address).

Chassis ID—Identifierof chassis. Where the chassis ID subtype is a MAC address, the MAC address of the device appears.

System Name—Nameof device.

System Description—Descriptionof the device (inalpha-numericformat).

Supported System Capabilities—Primaryfunctions of the device, such as Bridge, WLAN AP, or Router.

Enabled System Capabilities—Primaryenabled function(s) of the device.

Port ID Subtype—Typeof the port identifier that is shown.

LLDP Port Status Table

Interface—Portidentifier.

LLDP Status—LLDPpublishing option.

LLDP MED Status—Enabledor disabled.

Local PoE—LocalPoE information advertised.

Remote PoE—PoEinformation advertised by the neighbor.

# of neighbors—Numberof neighbors discovered.

Neighbor Capability of 1st Device—Displaysthe primary functions of the neighbor; for example: Bridge or Router.

Displaying LLDP Local Information

To view the LLDP local port status advertised on a port:

STEP 1 Click Administration> Discovery - LLDP> LLDP Local Information.

STEP 2 On the bottom of the page, click LLDP Port Status Table.

Click LLDP Local Information Details to see the details of the LLDP and LLDP MED TLVs sent to the neighbor.

Click LLDP Neighbor Information Details to see the details of the LLDP and LLDPMED TLVs received from the neighbor.

STEP 3 Select the desired port from thePort list.

Cisco Small Business 300 Series Managed Switch Administration Guide

104

8

Administration: Discovery

 

 

Configuring LLDP

 

 

 

 

This page provides the following fields:

Global

Chassis ID Subtype—Typeof chassis ID. (For example, the MAC address.)

Chassis ID—Identifierof chassis. Where the chassis ID subtype is a MAC address, the MAC address of the device appears.

System Name—Nameof device.

System Description—Descriptionof the device (inalpha-numericformat).

Supported System Capabilities—Primaryfunctions of the device, such as Bridge, WLAN AP, or Router.

Enabled System Capabilities—Primaryenabled function(s) of the device.

Port ID Subtype—Typeof the port identifier that is shown.

Port ID—Identifierof port.

Port Description—Informationabout the port, including manufacturer, product name and hardware/software version.

Management Address

Displays the table of addresses of the local LLDP agent. Other remote managers can use this address to obtain information related to the local device. The address consists of the following elements:

Address Subtype—Typeof management IP address that is listed in the Management Address field; for example, IPv4.

Address—Returnedaddress most appropriate for management use,typically a Layer 3 address.

Interface Subtype—Numberingmethod used for defining the interface number.

Interface Number—Specificinterface associated with this management address.

MAC/PHY Details

Auto-Negotiation Supported—Portspeedauto-negotiationsupport status.

Auto-Negotiation Enabled—Portspeedauto-negotiationactive status.

105

Cisco Small Business 300 Series Managed Switch Administration Guide

Administration: Discovery

8

 

Configuring LLDP

 

 

 

 

 

Auto-NegotiationAdvertisedCapabilities—Port speed auto-negotiation capabilities; for example, 1000BASE-T half duplex mode, 100BASE-TX full duplex mode.

Operational MAU Type—MediumAttachment Unit (MAU) type. The MAU performs physical layer functions, including digital data conversion from the Ethernet interfaces’ collision detection and bit injection into the network; for example,100BASE-TXfull duplex mode.

802.3 Details

802.3 Maximum Frame Size—Themaximum supported IEEE 802.3 frame size.

802.3 Link Aggregation

Aggregation Capability—Indicateswhether the interface can be aggregated.

Aggregation Status—Indicateswhether the interface is aggregated.

Aggregation Port ID—Advertisedaggregated interface ID.

802.3 Energy Efficient Ethernet (EEE) (If device supports EEE)

Local Tx—Indicatesthe time (in micro seconds) that the transmitting link partner waits before it starts transmitting data after leaving Low Power Idle (LPI mode).

Local Rx—Indicatesthe time (in micro seconds) that the receiving link partner requests that the transmitting link partner waits before transmission of data following Low Power Idle (LPI mode).

Remote Tx Echo—Indicatesthe local link partner’s reflection of the remote link partner’s Tx value.

Remote Rx Echo—Indicatesthe local link partner’s reflection of the remote link partner’s Rx value.

MED Details

Capabilities Supported—MEDcapabilities supported on the port.

Current Capabilities—MEDcapabilities enabled on the port.

Device Class—LLDP-MEDendpoint device class. The possible device classes are:

Cisco Small Business 300 Series Managed Switch Administration Guide

106

8

Administration: Discovery

 

 

Configuring LLDP

 

 

 

 

-Endpoint Class 1—Indicatesa generic endpoint class, offering basic LLDP services.

-Endpoint Class 2—Indicatesa media endpoint class, offering media streaming capabilities, as well as all Class 1 features.

-Endpoint Class 3—Indicatesa communications device class, offering all Class 1 and Class 2 features plus location, 911, Layer 2 device support, and device information management capabilities.

PoE Device Type—PortPoE type; for example, powered.

PoE Power Source—Portpower source.

PoE Power Priority—Portpower priority.

PoE Power Value—Portpower value.

Hardware Revision—Hardwareversion.

Firmware Revision—Firmwareversion.

Software Revision—Softwareversion.

Serial Number—Deviceserial number.

Manufacturer Name—Devicemanufacturer name.

Model Name—Devicemodel name.

Asset ID—AssetID.

Location Information

Civic—Streetaddress.

Coordinates—Mapcoordinates: latitude, longitude, and altitude.

ECS ELIN—EmergencyCall Service (ECS) Emergency Location Identification Number (ELIN).

Network Policy Table

Application Type—Networkpolicy application type; for example, Voice.

VLAN ID—VLANID for which the network policy is defined.

VLAN Type—VLANtype for which the network policy is defined. The possible field values are:

- Tagged—Indicatesthe network policy is defined for tagged VLANs.

107

Cisco Small Business 300 Series Managed Switch Administration Guide

Administration: Discovery

8

 

Configuring LLDP

 

 

 

 

 

- Untagged—Indicatesthe network policy is defined for untagged VLANs.

User Priority—Networkpolicy user priority.

DSCP—Networkpolicy DSCP.

Displaying LLDP Neighbors Information

The LLDP Neighbors Information page contains information that was received from neighboring devices.

After timeout (based on the value received from the neighbor Time To Live TLV during which no LLDP PDU was received from a neighbor), the information is deleted.

To view the LLDP neighbors information:

STEP 1 Click Administration> Discovery - LLDP> LLDP Neighbors Information.

This page contains the following fields:

Local Port—Numberof the local port to which the neighbor is connected.

Chassis ID Subtype—Typeof chassis ID (for example, MAC address).

Chassis ID—Identifierof the 802 LAN neighboring device's chassis.

Port ID Subtype—Typeof the port identifier that is shown.

Port ID—Identifierof port.

System Name—Publishedname of the device.

Time to Live—Timeinterval (in seconds) after which the information for this neighbor is deleted.

STEP 2 Select a local port, and clickDetails.

This page contains the following fields:

Port Details

Local Port—Portnumber.

MSAP Entry—DeviceMedia Service Access Point (MSAP) entry number.

Cisco Small Business 300 Series Managed Switch Administration Guide

108

8

Administration: Discovery

 

 

Configuring LLDP

 

 

 

 

Basic Details

Chassis ID Subtype—Typeof chassis ID (for example, MAC address).

Chassis ID—Identifierof the 802 LAN neighboring device chassis.

Port ID Subtype—Typeof the port identifier that is shown.

Port ID—Identifierof port.

Port Description—Informationabout the port, including manufacturer, product name and hardware/software version.

System Name—Nameof system that is published.

System Description—Descriptionof the network entity (inalpha-numericformat). This includes the system name and versions of the hardware, operating system, and networking software supported by the device. The value equals the sysDescr object.

Supported System Capabilities—Primaryfunctions of the device. The capabilities are indicated by two octets. Bits 0 through 7 indicate Other, Repeater, Bridge, WLAN AP, Router, Telephone, DOCSIS cable device, and station, respectively. Bits 8 through 15 are reserved.

Enabled System Capabilities—Primaryenabled function(s) of the device.

Management Address Table

Address Subtype—Managedaddress subtype; for example, MAC or IPv4.

Address—Managedaddress.

Interface Subtype—Portsubtype.

Interface Number—Portnumber.

MAC/PHY Details

Auto-Negotiation Supported—Portspeedauto-negotiationsupport status. The possible values are True and False.

Auto-Negotiation Enabled—Portspeedauto-negotiationactive status. The possible values are True and False.

Auto-NegotiationAdvertisedCapabilities—Port speed auto-negotiation capabilities, for example, 1000BASE-T half duplex mode, 100BASE-TX full duplex mode.

109

Cisco Small Business 300 Series Managed Switch Administration Guide

Administration: Discovery

8

 

Configuring LLDP

 

 

 

 

 

Operational MAU Type—MediumAttachment Unit (MAU) type. The MAU performs physical layer functions, including digital data conversion from the Ethernet interfaces’ collision detection and bit injection into the network; for example,100BASE-TXfull duplex mode.

802.3 Power via MDI

MDI Power Support Port Class—Advertisedpower support port class.

PSE MDI Power Support—Indicatesif MDI power is supported on the port.

PSE MDI Power State—Indicatesif MDI power is enabled on the port.

PSE Power Pair Control Ability—Indicatesif power pair control is supported on the port.

PSE Power Pair—Powerpair control type supported on the port.

PSE Power Class—Advertisedpower class of the port.

802.3 Details

802.3 Maximum Frame Size—Advertisedmaximum frame size that is supported on the port.

802.3 Link Aggregation

Aggregation Capability—Indicatesif the port can be aggregated.

Aggregation Status—Indicatesif the port is currently aggregated.

Aggregation Port ID—Advertisedaggregated port ID.

802.3 Energy Efficient Ethernet (EEE)

Remote Tx—Indicatesthe time (in micro seconds) that the transmitting link partner waits before it starts transmitting data after leaving Low Power Idle (LPI mode).

Remote Rx—Indicatesthe time (in micro seconds) that the receiving link partner requests that the transmitting link partner waits before transmission of data following Low Power Idle (LPI mode).

Local Tx Echo—Indicatesthe local link partner’s reflection of the remote link partner’s Tx value.

Local Rx Echo—Indicatesthe local link partner’s reflection of the remote link partner’s Rx value.

Cisco Small Business 300 Series Managed Switch Administration Guide

110

8

Administration: Discovery

 

 

Configuring LLDP

 

 

 

 

MED Details

Capabilities Supported—MEDcapabilities enabled on the port.

Current Capabilities—MEDTLVs advertised by the port.

Device Class—LLDP-MEDendpoint device class. The possible device classes are:

-Endpoint Class 1—Indicatesa generic endpoint class, offering basic LLDP services.

-Endpoint Class 2—Indicatesa media endpoint class, offering media streaming capabilities as well as all Class 1 features.

-Endpoint Class 3—Indicatesa communications device class, offering all Class 1 and Class 2 features plus location, 911, Layer 2 switch support and device information management capabilities.

PoE Device Type—PortPoE type, for example, powered.

PoE Power Source—Port’spower source.

PoE Power Priority—Port’spower priority.

PoE Power Value—Port’spower value.

Hardware Revision –Hardware version.

Firmware Revision—Firmwareversion.

Software Revision—Softwareversion.

Serial Number—Deviceserial number.

Manufacturer Name—Devicemanufacturer name.

Model Name—Devicemodel name.

Asset ID—AssetID.

802.1 VLAN and Protocol

PVID—Advertisedport VLAN ID.

PPVID Table

VID—ProtocolVLAN ID.

Supported—SupportedPort and Protocol VLAN IDs.

111

Cisco Small Business 300 Series Managed Switch Administration Guide

Administration: Discovery

8

 

Configuring LLDP

 

 

 

 

 

Enabled—EnabledPort and Protocol VLAN IDs.

VLAN IDs

VID—Portand Protocol VLAN ID.

VLAN Names—AdvertisedVLAN names.

Protocol IDs

Protocol ID Table—Advertisedprotocol IDs.

Location Information

Enter the following data structures in hexadecimal as described in section 10.2.4 of the ANSI-TIA-1057standard:

Civic—Civicor street address.

Coordinates—Locationmapcoordinates—latitude,longitude, and altitude.

ECS ELIN—Device’sEmergency Call Service (ECS) Emergency Location Identification Number (ELIN).

Unknown—Unknownlocation information.

Network Policies

Application Type—Networkpolicy application type, for example, Voice.

VLAN ID—VLANID for which the network policy is defined.

VLAN Type—VLANtype, Tagged or Untagged, for which the network policy is defined.

User Priority—Networkpolicy user priority.

DSCP—Networkpolicy DSCP.

Accessing LLDP Statistics

The LLDP Statistics page displays LLDP statistical information per port.

To view the LLDP statistics:

Cisco Small Business 300 Series Managed Switch Administration Guide

112

8

 

Administration: Discovery

 

 

 

 

Configuring LLDP

 

 

 

 

 

 

 

 

 

STEP 1 Click Administration> Discovery - LLDP> LLDP Statistics.

For each port, the fields are displayed:

Interface—Identifierof interface.

Tx Frames Total—Numberof transmitted frames.

Rx Frames

-Total—Numberof received frames.

-Discarded—Totalnumber of received frames that were discarded.

-Errors—Totalnumber of received frames with errors.

Rx TLVs

-Discarded—Totalnumber of received TLVs that were discarded.

-Unrecognized—Totalnumber of received TLVs that were unrecognized.

Neighbor’s Information Deletion Count—Number of neighbor ageouts on the interface.

STEP 2 Click Refresh to view the latest statistics.

LLDP Overloading

LLDP adds information as LLDP and LLDP-MEDTLVs into the LLDP packets. LLDP overload occurs when the total amount of information to be included in a LLDP packet exceed the maximum PDU size supported by an interface.

The LLDP Overloading page displays the number of bytes of LLDP/LLDP-MEDinformation, the number of available bytes for additional LLDP information, and the overloading status of every interface.

To view LLDP overloading information:

STEP 1 Click Administration> Discovery - LLDP> LLDP Overloading.

This page contains the following fields for each port:

Interface—Portidentifier.

Total (Bytes)—Totalnumber of bytes of LLDP information in each packet

113

Cisco Small Business 300 Series Managed Switch Administration Guide

Administration: Discovery

8

 

Configuring LLDP

 

 

 

 

 

Left to Send (Bytes)—Totalnumber of available bytes left for additional LLDP information in each packet.

Status—WhetherTLVs are being transmitted or if they are overloaded.

STEP 2 To view the overloading details for a port, select it and clickDetails.

This page contains the following information for each TLV sent on the port:

LLDP Mandatory TLVs

-Size (Bytes)—Totalmandatory TLV byte size.

-Status—Ifthe mandatory TLV group is being transmitted, or if the TLV group was overloaded.

LLDP MED Capabilities

-Size (Bytes)—TotalLLDP MED capabilities packets byte size.

-Status—Ifthe LLDP MED capabilities packets were sent, or if they were overloaded.

LLDP MED Location

-Size (Bytes)—TotalLLDP MED location packets byte size.

-Status—Ifthe LLDP MED locations packets were sent, or if they were overloaded.

LLDP MED Network Policy

-Size (Bytes)—TotalLLDP MED network policies packets byte size.

-Status—Ifthe LLDP MED network policies packets were sent, or if they were overloaded.

LLDP MED Extended Power via MDI

-Size (Bytes)—TotalLLDP MED extended power via MDI packets byte size.

-Status—Ifthe LLDP MED extended power via MDI packets were sent, or if they were overloaded.

802.3 TLVs

-Size (Bytes)—TotalLLDP MED 802.3 TLVs packets byte size.

-Status—Ifthe LLDP MED 802.3 TLVs packets were sent, or if they were overloaded.

Cisco Small Business 300 Series Managed Switch Administration Guide

114

8

Administration: Discovery

 

 

Configuring CDP

 

 

 

 

LLDP Optional TLVs

-Size (Bytes)—TotalLLDP MED optional TLVs packets byte size.

-Status—Ifthe LLDP MED optional TLVs packets were sent, or if they were overloaded.

LLDP MED Inventory

-Size (Bytes)—TotalLLDP MED inventory TLVs packets byte size.

-Status—Ifthe LLDP MED inventory packets were sent, or if they were overloaded.

Total (Bytes)—Totalnumber of bytes of LLDP information in each packet

Left to Send (Bytes)—Totalnumber of available bytes left for additional LLDP information in each packet.

Configuring CDP

This section describes how to configure CDP.

It covers the following topics:

Setting CDP Properties

Editing CDP Interface Settings

Displaying CDP Local Information

Displaying CDP Neighbors Information

Viewing CDP Statistics

Setting CDP Properties

Similar to LLDP, CDP (Cisco Discovery Protocol) is a link layer protocol for directly connected neighbors to advertise themselves and their capabilities to each other. Unlike LLDP, CDP is a Cisco proprietary protocol.

115

Cisco Small Business 300 Series Managed Switch Administration Guide

Administration: Discovery

8

 

Configuring CDP

 

 

 

 

 

CDP Configuration Workflow

The followings is sample workflow in configuring CDP on the device. You can also find additional CDP configuration guidelines in the LLDP/CDP section.

STEP 1 Enter the CDP global parameters using the CDP Properties page

STEP 2 Configure CDP per interface using the Interface Setting page

STEP 3 If Auto Smartport is to detect the capabilities of CDP devices, enable CDP in the Smartport Properties page.

See Identifying Smartport Type for a description of how CDP is used to identify devices for the Smartport feature.

To enter CDP general parameters:

STEP 1 Click Administration> Discovery - CDP> Properties.

STEP 2 Enter the parameters.

CDP Status—Selectto enable CDP on the device.

CDP Frames Handling—IfCDP is not enabled, select the action to be taken if a packet that matches the selected criteria is received:

-Bridging—Forwardthe packet based on the VLAN.

-Filtering—Deletethe packet.

-Flooding—VLANunaware flooding that forwards incoming CDP packets to all the ports excluding the ingress ports.

CDP Voice VLAN Advertisement—Selectto enable the device to advertise the voice VLAN in CDP on all of the ports that are CDP enabled, and are member of the voice VLAN. The voice VLAN is configured in the Voice VLAN Properties page.

CDP Mandatory TLVs Validation—Ifselected, incoming CDP packets not containing the mandatory TLVs are discarded and the invalid error counter is incremented.

CDP Version—Selectthe version of CDP to use.

Cisco Small Business 300 Series Managed Switch Administration Guide

116

8

Administration: Discovery

 

 

Configuring CDP

 

 

 

 

CDP Hold Time—Amountof time that CDP packets are held before the packets are discarded, measured in multiples of the TLV Advertise Interval. For example, if the TLV Advertise Interval is 30 seconds, and the Hold Multiplier is 4, then the LLDP packets are discarded after 120 seconds. The following options are possible:

-Use Default—Usethe default time (180 seconds)

-User Defined—Enterthe time in seconds.

CDP Transmission Rate—Therate in seconds at which CDP advertisement updates are sent. The following options are possible:

-Use Default—Usethe default rate (60 seconds)

-User Defined—Enterthe rate in seconds.

Device ID Format—Selectthe format of the device ID (MAC address or serial number).

Source Interface—IPaddress to be used in the TLV of the frames. The following options are possible:

-Use Default—Usethe IP address of the outgoing interface.

-User Defined—Usethe IP address of the interface (in theInterface field) in the address TLV.

Interface—IFUser Defined was selected forSource Interface, select the interface.

Syslog Voice VLAN Mismatch—Checkto send a SYSLOG message when a voice VLAN mismatch is detected. This means that the voice VLAN information in the incoming frame does not match what the local device is advertising.

Syslog Native VLAN Mismatch—Checkto send a SYSLOG message when a native VLAN mismatch is detected. This means that the native VLAN information in the incoming frame does not match what the local device is advertising.

Syslog Duplex Mismatch—Checkto send a SYSLOG message when duplex information is mismatched. This means that the duplex information in the incoming frame does not match what the local device is advertising.

STEP 3 ClickApply. The LLDP properties are defined.

117

Cisco Small Business 300 Series Managed Switch Administration Guide

Administration: Discovery

8

 

Configuring CDP

 

 

 

 

 

Editing CDP Interface Settings

The Interface Settings page enables administrators to enable/disable CDP per port. Notifications can also be triggered when there are conflicts with CDP neighbors. The conflict can be Voice VLAN data, Native VLAN, or Duplex.

By setting these properties it is possible to select the types of information to be provided to devices that support the LLDP protocol.

The LLDP-MEDTLVs to be advertised can be selected in the LLDP MED Interface Settings page.

To define the CDP interface settings:

STEP 1 Click Administration> Discovery - CDP> Interface Settings.

This page contains the following CDP information for each interface.

CDP Status—CDPpublishing option for the port.

Reporting Conflicts with CDP Neighbors—Displays the status of the reporting options that are enabled/disabled in the Editpage (Voice VLAN/ Native VLAN/Duplex).

No. of Neighbors—Numberof neighbors detected. The bottom of the page has four buttons:

Copy Settings—Selectto copy a configuration from one port to another.

Edit—Fieldsexplained in Step 2 below.

CDP Local Information Details—Takesyou to the Administration > Discovery - CDP > CDP Local Information page.

CDP Neighbor Information Details—Takesyou to the Administration > Discovery - CDP > CDP Neighbor Information page.

STEP 2 Select a port and clickEdit.

This page provides the following fields:

Interface—Selectthe interface to be defined.

CDP Status—Selectto enable/disable the CDP publishing option for the port.

NOTE The next three fields are operational when the device has been set up to send traps to the management station.

Cisco Small Business 300 Series Managed Switch Administration Guide

118

8

Administration: Discovery

 

 

Configuring CDP

 

 

 

 

Syslog Voice VLAN Mismatch—Selectto enable the option of sending a SYSLOG message when a voice VLAN mismatch is detected This means that the voice VLAN information in the incoming frame does not match what the local device is advertising.

Syslog Native VLAN Mismatch—Selectto enable the option of sending a SYSLOG message when a native VLAN mismatch is detected. This means that the native VLAN information in the incoming frame does not match what the local device is advertising.

Syslog Duplex Mismatch—Selectto enable the option of sending a SYSLOG message when duplex information mismatch is detected. This means that the duplex information in the incoming frame does not match what the local device is advertising.

STEP 3 Enter the relevant information, and clickApply. The port settings are written to the Running Configuration.

Displaying CDP Local Information

To view information that is advertised by the CDP protocol about the local device:

STEP 1 Click Administration> Discovery - CDP> CDP Local Information.

STEP 2 Select a local port, and the following fields are displayed:

Interface—Numberof the local port.

CDP State—Displayswhether CDP is enabled or not.

Device ID TLV

-Device ID Type—Typeof the device ID advertised in the device ID TLV.

-Device ID—DeviceID advertised in the device ID TLV.

System Name TLV

-System Name—Systemname of the device.

Address TLV

-Address1-3—IPaddresses (advertised in the device address TLV).

Port TLV

119

Cisco Small Business 300 Series Managed Switch Administration Guide

Administration: Discovery

8

 

Configuring CDP

 

 

 

 

 

-Port ID—Identifierof port advertised in the port TLV.

Capabilities TLV

-Capabilities—Capabilitiesadvertised in the port TLV)

Version TLV

-Version—Informationabout the software release on which the device is running.

Platform TLV

-Platform—Identifierof platform advertised in the platform TLV.

Native VLAN TLV

-Native VLAN—Thenative VLAN identifier advertised in the native VLAN TLV.

Full/Half Duplex TLV

-Duplex—Whetherport is half or full duplex advertised in the full/half duplex TLV.

Appliance TLV

-Appliance ID—Typeof device attached to port advertised in the appliance TLV.

-Appliance VLAN ID—VLANon the device used by the appliance, for instance if the appliance is an IP phone, this is the voice VLAN.

Extended Trust TLV

-Extended Trust—Enabledindicates that the port is trusted, meaning that the host/server from which the packet is received is trusted to mark the packets itself. In this case, packets received on such a port are not remarked. Disabled indicates that the port is not trusted in which case, the following field is relevant.

CoS for Untrusted Ports TLV

-CoS for Untrusted Ports—IfExtended Trust is disabled on the port, this fields displays the Layer 2 CoS value, meaning, an 802.1D/802.1p priority value. This is the COS value with which all packets received on an untrusted port are remarked by the device.

Power TLV

Cisco Small Business 300 Series Managed Switch Administration Guide

120

8

Administration: Discovery

 

 

Configuring CDP

 

 

 

 

-Request ID—Lastpower request ID received echoes theRequest-IDfield last received in a Power Requested TLV. It is 0 if no Power Requested TLV was received since the interface last transitioned to Up.

-Power Management ID—Valueincremented by 1 (or 2, to avoid 0) each time any one of the following events occur:

Available-Poweror Management Power Level fields change value

A Power Requested TLV is received with a Request-IDfield which is different from thelast-receivedset (or when the first value is received)

The interface transitions to Down

-Available Power—Amountof power consumed by port.

-Management Power Level—Displaysthe supplier's request to the powered device for its Power Consumption TLV. The device always displays “No Preference” in this field.

Displaying CDP Neighbors Information

The CDP Neighbors Information page displays CDP information received from neighboring devices.

After timeout (based on the value received from the neighbor Time To Live TLV during which no CDP PDU was received from a neighbor), the information is deleted.

To view the CDP neighbors information:

STEP 1 Click Administration> Discovery - CDP> CDP Neighbor Information.

This page contains the following fields for the link partner (neighbor):

Device ID—Neighborsdevice ID.

System name—Neighborssystem name.

Local Interface—Numberof the local port to which the neighbor is connected.

Advertisement Version—CDPprotocol version.

Time to Live (sec)—Timeinterval (in seconds) after which the information for this neighbor is deleted.

121

Cisco Small Business 300 Series Managed Switch Administration Guide

Administration: Discovery

8

 

Configuring CDP

 

 

 

 

 

Capabilities—Capabilitiesadvertised by neighbor.

Platform—Informationfrom Platform TLV of neighbor.

Neighbor Interface—Outgoinginterface of the neighbor.

STEP 2 Select a device, and clickDetails.

This page contains the following fields about the neighbor:

Device ID—Identifierof the neighboring device ID.

Local Interface—Interfacenumber of port through which frame arrived.

Advertisement Version—Versionof CDP.

Time to Live—Timeinterval (in seconds) after which the information for this neighbor is deleted.

Capabilities—Primaryfunctions of the device. The capabilities are indicated by two octets. Bits 0 through 7 indicate Other, Repeater, Bridge, WLAN AP, Router, Telephone, DOCSIS cable device, and station respectively. Bits 8 through 15 are reserved.

Platform—Identifierof the neighbors platform.

Neighbor Interface—Interfacenumber of the neighbor through which frame arrived.

Native VLAN—Neighborsnative VLAN.

Duplex—Whetherneighbors interface is half or full duplex.

Addresses—Neighborsaddresses.

Power Drawn—Amountof power consumed by neighbor on the interface.

Version—Neighborssoftware version.

NOTE Clicking on the Clear Table button disconnect all connected devices if from CDP, and if Auto Smartport is enabled change all port types to default.

Cisco Small Business 300 Series Managed Switch Administration Guide

122

8

Administration: Discovery

 

 

Configuring CDP

 

 

 

 

Viewing CDP Statistics

The CDP Statistics page displays information regarding Cisco Discovery Protocol (CDP) frames that were sent or received from a port. CDP packets are received from devices attached to the switches interfaces, and are used for the Smartport feature. See Configuring CDP for more information.

CDP statistics for a port are only displayed if CDP is enabled globally and on the port. This is done in the CDP Properties page and the CDP Interface Settings page.

To view CDP statistics:

STEP 1 Click Administration > Discovery - CDP > CDP Statistics.

The following fields are displayed for every interface:.

Packets Received/Transmitted:

Version 1—Numberof CDP version 1 packets received/transmitted.

Version 2—Numberof CDP version 2 packets received/transmitted.

Total—Totalnumber of CDP packets received/transmitted. The CDP Error Statistics section displays the CDP error counters.

Illegal Checksum—Numberof packets received with illegal checksum value.

Other Errors—Numberof packets received with errors other than illegal checksums.

Neighbors Over Maximum—Numberof times that packet information could not be stored in cache because of lack of room.

To clear all counters on all interfaces, click Clear All Interface Counters. To clear all counters on an interface, select it and clickClear All Interface Counters.

123

Cisco Small Business 300 Series Managed Switch Administration Guide

9

Port Management

This section describes port configuration, link aggregation, and the Green

Ethernet feature.

It covers the following topics:

Configuring Ports

Setting Port Configuration

Configuring Link Aggregation

Configuring Green Ethernet

Configuring Ports

To configure ports, perform the following actions:

1.Configure port by using the Port Settings page.

2.Enable/disable the Link Aggregation Control (LAG) protocol, and configure the potential member ports to the desired LAGs by using the LAG Management page. By default, all LAGs are empty.

3.Configure the Ethernet parameters, such as speed and auto-negotiationfor the LAGs by using the LAG Settings page.

4.Configure the LACP parameters for the ports that are members or candidates of a dynamic LAG by using the LACP page.

5.Configure Green Ethernet and 802.3 Energy Efficient Ethernet by using the Properties page.

6.Configure Green Ethernet energy mode and 802.3 Energy Efficient Ethernet per port by using the Port Settings page.

7.If PoE is supported and enabled for the device, configure the device as described in Port Management: PoE.

Cisco Small Business 300 Series Managed Switch Administration Guide

124

9

Port Management

 

 

Setting Port Configuration

 

 

 

 

Setting Port Configuration

The Port Settings page displays the global and per port setting of all the ports. This page enables you to select and configure the desired ports from the Edit Port Settings page.

To configure port settings:

STEP 1 Click Port Management> Port Settings.

STEP 2 SelectJumbo Frames to support packets of up to 10 Kb in size. IfJumbo Frames is not enabled (default), the system supports packet size up to 2,000 bytes. For jumbo frames to take effect, the device must be rebooted after the feature is enabled.

STEP 3 ClickApply to update the global setting.

Jumbo frames configuration changes take effect only after the Running Configuration is explicitly saved to the Startup Configuration File using the Copy/ Save Configuration page, and the device is rebooted.

STEP 4 To update the port settings, select the desired port, and clickEdit.

STEP 5 Modify the following parameters:

Interface—Selectthe port number.

Port Type—Displaysthe port type and speed. The possible options are:

-Copper Ports—Regular,not Combo, support the following values: 10M, 100M, and 1000M (type: Copper).

-Combo Ports Copper—Comboport connected with copper CAT5 cable, supports the following values: 10M, 100M, and 1000M (type: ComboC).

-Combo FiberSFPFiber Gigabit Interface Converter Portwith the following values: 100M and 1000M (type: ComboF).

-10G-FiberOptics—Portswith speed of either 1G or 10G.

NOTE SFP Fiber takes precedence in Combo ports when both ports are being used.

Port Description—Enterthe portuser-definedname or comment.

Administrative Status—Selectwhether the port must be Up or Down when the device is rebooted.

125

Cisco Small Business 300 Series Managed Switch Administration Guide

Port Management

9

 

Setting Port Configuration

 

 

 

 

 

Operational Status—Displayswhether the port is currently Up or Down. If the port is down because of an error, the description of the error is displayed.

Time Range—Selectto enable the time range during which the port is in Up state. When the time range is not active, the port is in shutdown. If a time range is configured, it is effective only when the port is administratively Up. If a time range is not yet defined, click Edit to go to the Time Range page.

Time Range Name—Selectthe profile that specifies the time range.

Operational Time-Range State—Displayswhether the time range is currently active or inactive.

Reactivate Suspended Port—Selectto reactivate a port that has been suspended. There are numerous ways that a port can be suspended, such as through the locked port security option, dot1x single host violation, loopback detection, STP loopback guard or Access Control List (ACL) configurations. The reactivate operation brings the port up without regard to why the port was suspended.

Auto-Negotiation—Selectto enableauto-negotiationon the port. Autonegotiation enables a port to advertise its transmission speed, duplex mode, and Flow Control abilities to the port link partner.

Operational Auto-Negotiation—Displaysthe currentauto-negotiationstatus on the port.

Administrative Port Speed—Configurethe speed of the port. The port type determines which the available speeds. You can designateAdministrative Speed only when portauto-negotiationis disabled.

Operational Port Speed—Displaysthe current port speed that is the result of negotiation.

Administrative Duplex Mode—Selectthe port duplex mode. This field is configurable only whenauto-negotiationis disabled, and the port speed is set to 10M or 100M. At port speed of 1G, the mode is always full duplex. The possible options are:

-Full—Theinterface supports transmission between the device and the client in both directions simultaneously.

-Half—Theinterface supports transmission between the device and the client in only one direction at a time.

Operational Duplex Mode—Displaysthe ports current duplex mode.

Cisco Small Business 300 Series Managed Switch Administration Guide

126

9

Port Management

 

 

Setting Port Configuration

 

 

 

 

Auto Advertisement—Selectthe capabilities advertised by autonegotiation when it is enabled. The options are:

-Max Capability—Allport speeds and duplex mode settings can be accepted.

-10 Half—10Mbps speed and Half Duplex mode.

-10 Full—10Mbps speed and Full Duplex mode.

-100 Half—100Mbps speed and Half Duplex mode.

-100 Full—100Mbps speed and Full Duplex mode.

-1000 Full—1000Mbps speed and Full Duplex mode.

Operational Advertisement—Displaysthe capabilities currently published to the ports neighbor. The possible options are those specified in the

Administrative Advertisement field.

Neighbor Advertisement—Displaysthe capabilities advertised by the neighboring device (link partner).

Back Pressure—Selectthe Back Pressure mode on the port (used with Half Duplex mode) to slow down the packet reception speed when the device is congested. It disables the remote port, preventing it from sending packets by jamming the signal.

Flow Control—Enableor disable 802.3x Flow Control, or enable the autonegotiation of Flow Control on the port (only when in Full Duplex mode).

MDI/MDIX—the Media Dependent Interface(MDI)/Media Dependent Interface with Crossover(MDIX) status on the port.

The options are:

-MDIX—Selectto swap the port's transmit and receives pairs.

-MDI—Selectto connect this device to a station by using a straight through cable.

-Auto—Selectto configure this device to automatically detect the correct pinouts for the connection to another device.

Operational MDI/MDIX—Displaysthe current MDI/MDIX setting.

Protected Port—Selectto make this a protected port. (A protected port is also referred as a Private VLAN Edge (PVE).) The features of a protected port are as follows:

127

Cisco Small Business 300 Series Managed Switch Administration Guide

Port Management

9

 

Configuring Link Aggregation

 

 

 

 

 

-Protected Ports provide Layer 2 isolation between interfaces (Ethernet ports and LAGs) that share the same VLAN.

-Packets received from protected ports can be forwarded only to unprotected egress ports. Protected port filtering rules are also applied to packets that are forwarded by software, such as snooping applications.

-Port protection is not subject to VLAN membership. Devices connected to protected ports are not allowed to communicate with each other, even if they are members of the same VLAN.

-Both ports and LAGs can be defined as protected or unprotected. Protected LAGs are described in the Configuring LAG Settings section.

Member in LAG—Ifthe port is a member of a LAG, the LAG number appears; otherwise this field is left blank.

STEP 6 ClickApply. The Port Settings are written to the Running Configuration file.

Configuring Link Aggregation

This section describes how to configure LAGs. It covers the following topics:

Link Aggregation Overview

Static and Dynamic LAG Workflow

Defining LAG Management

Configuring LAG Settings

Configuring LACP

Cisco Small Business 300 Series Managed Switch Administration Guide

128

9

Port Management

 

 

Configuring Link Aggregation

 

 

 

 

Link Aggregation Overview

Link Aggregation Control Protocol (LACP) is part of the IEEE specification (802.3az) that enables you to bundle several physical ports together to form a single logical channel (LAG). LAGs multiply the bandwidth, increase port flexibility, and provide link redundancy between two devices.

Two types of LAGs are supported:

Static—ALAG is static if the LACP is disabled on it. The group of ports assigned to a static LAG are always active members. After a LAG is manually created, the LACP option cannot be added or removed, until the LAG is edited and a member is removed (which can be added prior to applying), then the LACP button become available for editing.

Dynamic—ALAG is dynamic if LACP is enabled on it. The group of ports assigned to dynamic LAG are candidate ports. LACP determines which candidate ports are active member ports. Thenon-activecandidate ports arestandby ports ready to replace any failing active member ports.

Load Balancing

Traffic forwarded to a LAG is load-balancedacross the active member ports, thus achieving an effective bandwidth close to the aggregate bandwidth of all the active member ports of the LAG.

Traffic load balancing over the active member ports of a LAG is managed by a hash-baseddistribution function that distributes Unicast and Multicast traffic based on Layer 2 or Layer 3 packet header information.

The device supports two modes of load balancing:

By MAC Addresses—Basedon the destination and source MAC addresses of all packets.

By IP and MAC Addresses—Basedon the destination and source IP addresses for IP packets, and destination and source MAC addresses fornon-IPpackets.

LAG Management

In general, a LAG is treated by the system as a single logical port. In particular, the LAG has port attributes similar to a regular port, such as state and speed.

The device supports 32 LAGs with up to 8 ports in a LAG group.

129

Cisco Small Business 300 Series Managed Switch Administration Guide

Port Management

9

 

Configuring Link Aggregation

 

 

 

 

 

Every LAG has the following characteristics:

All ports in a LAG must be of the same media type.

To add a port to the LAG, it cannot belong to any VLAN except the default VLAN.

Ports in a LAG must not be assigned to another LAG.

No more than eight ports are assigned to a static LAG and no more than 16 ports can be candidates for a dynamic LAG.

All the ports in a LAG must haveauto-negotiationdisabled, although theLAG can haveauto-negotiationenabled.

When a port is added to a LAG, the configuration of the LAG is applied to the port. When the port is removed from the LAG, its original configuration is reapplied.

Protocols, such as Spanning Tree, consider all the ports in the LAG to be one port.

Default Settings and Configuration

Ports are not members of a LAG and are not candidates to become part of a LAG.

Static and Dynamic LAG Workflow

After a LAG has been manually created, LACP cannot be added or removed until the LAG is edited and a member is removed. Only then the LACP button become available for editing.

To configure a static LAG, perform the following actions:

1.Disable LACP on the LAG to make it static. Assign up to eight member ports to the static LAG by selecting and moving the ports from the Port List to theLAG Members list. Select the load balancing algorithm for the LAG. Perform these actions in the LAG Management page.

2.Configure various aspects of the LAG, such as speed and flow control by using the LAG Settings page.

Cisco Small Business 300 Series Managed Switch Administration Guide

130

9

Port Management

 

 

Configuring Link Aggregation

 

 

 

 

To configure a dynamic LAG, perform the following actions:

1.Enable LACP on the LAG. Assign up to 16 candidates ports to the dynamic LAG by selecting and moving the ports from the Port List to theLAG Members List by using the LAG Management page.

2.Configure various aspects of the LAG, such as speed and flow control by using the LAG Settings page.

3.Set the LACP priority and timeout of the ports in the LAG by using the LACP page.

Defining LAG Management

The LAG Management page displays the global and per LAG settings. The page also enables you to configure the global setting and to select and edit the desired LAG on the Edit LAG Membership page.

To select the load balancing algorithm of the LAG:

STEP 1 Click Port Management> Link Aggregation> LAG Management.

STEP 2 Select one of the followingLoad Balance Algorithms:

MAC Address—Performload balancing by source and destination MAC addresses on all packets.

IP/MAC Address—Performload balancing by the source and destination IP addresses on IP packets, and by the source and destination MAC addresses onnon-IPpackets

STEP 3 ClickApply. The Load Balance Algorithm is saved to the Running Configuration file.

To define the member or candidate ports in a LAG.

STEP 1 Select the LAG to be configured, and clickEdit.

STEP 2 Enter the values for the following fields:

LAG—Selectthe LAG number.

LAG Name—Enterthe LAG name or a comment.

LACP—Selectto enable LACP on the selected LAG. This makes it a dynamic LAG. This field can only be enabled after moving a port to the LAG in the next field.

131

Cisco Small Business 300 Series Managed Switch Administration Guide

Port Management

9

 

Configuring Link Aggregation

 

 

 

 

 

Port List—Movethose ports that are to be assigned to the LAG from thePort List to theLAG Members list. Up to eight ports per static LAG can be assigned, and 16 ports can be assigned to a dynamic LAG.

STEP 3 ClickApply. LAG membership is saved to the Running Configuration file.

 

Configuring LAG Settings

 

The LAG Settings page displays a table of current settings for all LAGs. You can

 

configure the settings of selected LAGs, and reactivate suspended LAGs by

 

launching the Edit LAG Settings page.

 

To configure the LAG settings or reactivate a suspended LAG:

 

 

STEP 1

Click Port Management> Link Aggregation> LAG Settings.

STEP 2

Select a LAG, and click Edit.

STEP 3

Enter the values for the following fields:

 

LAG—Selectthe LAG ID number.

 

Description—Enterthe LAG name or a comment.

 

LAG Type—Displaysthe port type that comprises the LAG.

 

Administrative Status—Setthe selected LAG to be Up or Down.

 

Operational Status—Displayswhether the LAG is currently operating.

 

Time Range—Selectto enable the time range during which the port is in Up

 

state. When the time range is not active, the port is in shutdown. If a time

 

range is configured, it is effective only when the port is administratively Up.

 

If a time range is not yet defined, click Edit to go to the Time Range page.

 

Time Range Name—Selectthe profile that specifies the time range.

 

Operational Time-Range State—Displayswhether the time range is

 

currently active or inactive.

 

Reactivate Suspended LAG—Selectto reactivate a port if the LAG has

 

been disabled through the locked port security option or through ACL

 

configurations.

Cisco Small Business 300 Series Managed Switch Administration Guide

132

9

Port Management

 

 

Configuring Link Aggregation

 

 

 

 

Administrative Auto Negotiation—Enablesor disableauto-negotiationon the LAG.Auto-negotiationis a protocol between two link partners that enables a LAG to advertise its transmission speed and flow control to its partner (the Flow Control default isdisabled). It is recommended to keepauto-negotiationenabled on both sides of an aggregate link, or disabled on both sides, while ensuring that link speeds are identical.

Operational Auto Negotiation—Displaystheauto-negotiationsetting.

Administrative Speed—Selectthe LAG speed.

Operational LAG Speed—Displaysthe current speed at which the LAG is operating.

Administrative Advertisement—Selectthe capabilities to be advertised by the LAG. The options are:

-Max Capability—AllLAG speeds and both duplex modes are available.

-10 Full—TheLAG advertises a 10 Mbps speed and the mode is full duplex.

-100 Full—TheLAG advertises a 100 Mbps speed and the mode is full duplex.

-1000 Full—TheLAG advertises a 1000 Mbps speed and the mode is full duplex.

Operational Advertisement—Displaysthe Administrative Advertisement status. The LAG advertises its capabilities to its neighbor LAG to start the negotiation process. The possible values are those specified in the

Administrative Advertisement field.

Administrative Flow Control—Set Flow Control to either Enableor Disableor enable the Auto-Negotiationof Flow Control on the LAG.

Operational Flow Control—Displaysthe current Flow Control setting.

Protected LAG—Selectto make the LAG a protected port for Layer 2 isolation. See the Port Configuration description inSetting Basic Port Configuration for details regarding protected ports and LAGs.

STEP 4 ClickApply. The Running Configuration file is updated.

133

Cisco Small Business 300 Series Managed Switch Administration Guide

Port Management

9

 

Configuring Link Aggregation

 

 

 

 

 

Configuring LACP

A dynamic LAG is LACP-enabled,and LACP is run on every candidate port defined in the LAG.

LACP Priority and Rules

LACP system priority and LACP port priority are both used to determine which of the candidate ports become active member ports in a dynamic LAG configured with more than eight candidate ports.

The selected candidate ports of the LAG are all connected to the same remote device. Both the local and remote switches have a LACP system priority.

The following algorithm is used to determine whether LACP port priorities are taken from the local or remote device: the local LACP System Priority is compared to the remote LACP System Priority. The device with the lowest priority controls candidate port selection to the LAG. If both priorities are the same, the local and remote MAC addresses are compared. The priority of the device with the lowest MAC address controls candidate port selection to the LAG.

A dynamic LAG can have up to 16 Ethernet ports of the same type. Up to eight ports can be active, and up to eight ports can be in standby mode. When there are more than eight ports in the dynamic LAG, the device on the controlling end of the link uses port priorities to determine which ports are bundled into the LAG and which ports are put in hot-standbymode. Port priorities on the other device (thenon-controllingend of the link) are ignored.

The following are additional rules used to select the active or standby ports in a dynamic LACP:

Any link operating at a different speed from the highest-speedactive member or operating athalf-duplexis made standby. All the active ports in a dynamic LAG operate at the same baud rate.

If the port LACP priority of the link is lower than that of the currently-activelink members, and the number of active members is already at the maximum number, the link is made inactive, and placed in standby mode.

LACP With No Link Partner

In order for LACP to create a LAG, the ports on both link ends should be configured for LACP, meaning that the ports send LACP PDUs and handle received PDUs.

Cisco Small Business 300 Series Managed Switch Administration Guide

134

9

Port Management

 

 

Configuring Link Aggregation

 

 

 

 

However, there are cases when one link partner is temporarily not configured for LACP. One example for such case is when the link partner is on a device, which is in the process of receiving its configuration using the auto-configprotocol. This device's ports are not yet configured to LACP. If the LAG link cannot come up, the device cannot ever become configured. A similar case occurs withdual-NICnetwork-bootcomputers (e.g. PXE), which receive their LAG configuration only after they bootup.

When several LACP-configuredports are configured, and the link comes up in one or more ports but there are no LACP responses from the link partner for those ports, the first port that had link up is added to the LACP LAG and becomes active (the other ports becomenon-candidates).In this way, the neighbor device can, for example, get its IP Address using DHCP and get its configuration using autoconfiguration.

 

Setting LACP Parameter Settings

 

Use the LACP page to configure the candidate ports for the LAG and to configure

 

the LACP parameters per port.

 

With all factors equal, when the LAG is configured with more candidate ports than

 

the maximum number of active ports allowed (8), the device selects ports as

 

active from the dynamic LAG on the device that has the highest priority.

NOTE

The LACP setting is irrelevant on ports that are not members of a dynamic LAG.

 

To define the LACP settings:

 

 

STEP 1

Click Port Management> Link Aggregation> LACP.

STEP 2

Enter the LACP System Priority. See LACP Priority and Rules.

STEP 3

Select a port, and click Edit.

STEP 4

Enter the values for the following fields:

 

Port—Selectthe port number to which timeout and priority values are

 

assigned.

 

LACP Port Priority—Enterthe LACP priority value for the port. SeeSetting

 

LACP Parameter Settings.

 

LACP Timeout—Timeinterval between the sending and receiving of

 

consecutive LACP PDUs. Select the periodic transmissions of LACP PDUs,

 

which occur at either a Long orShort transmission speed, depending upon

 

the expressed LACP timeout preference.

135

Cisco Small Business 300 Series Managed Switch Administration Guide

Port Management

9

 

Configuring Green Ethernet

 

 

 

 

 

STEP 5 ClickApply. The Running Configuration file is updated.

Configuring Green Ethernet

This section describes the Green Ethernet feature that is designed to save power on the device.

It contains the following sections:

Green Ethernet Overview

Setting Global Green Ethernet Properties

Setting Green Ethernet Properties for Ports

Green Ethernet Overview

Green Ethernet is a common name for a set of features that is designed to be environmentally friendly, and to reduce the power consumption of a device. Green Ethernet is different from EEE in that green ethernet energy-detectis enabled on all devices where only the Gigabyte ports are enable with EEE.

The Green Ethernet feature can reduce overall power usage in the following ways:

Energy-Detect Mode—Onan inactive link, the port moves into inactive mode, saving power while keeping the Administrative status of the port Up. Recovery from this mode to full operational mode is fast, transparent, and no frames are lost. This mode is supported on both GE and FE ports.

Short-Reach Mode—Thisfeature provides for power savings on a short length of cable. After cable length is analyzed, the power usage is adjusted for various cable lengths. If the cable is shorter than 50 meters, the device uses less power to send frames over the cable, thus saving energy. This mode is only supported on RJ45 GE ports; it does not apply to Combo ports.

This mode is globally disabled by default. It cannot be enabled if EEE mode is enabled (see below).

Cisco Small Business 300 Series Managed Switch Administration Guide

136

9

Port Management

 

 

Configuring Green Ethernet

 

 

 

 

In addition to the above Green Ethernet features, the 802.3az Energy Efficient Ethernet (EEE) is found on devices supporting GE ports. EEE reduces power consumption when there is no traffic on the port. See802.3az Energy Efficient Ethernet Feature for more information (available on GE models only).

EEE is enabled globally by default. On a given port, if EEE is enabled, short reach mode be disabled. If Short Reach Mode is enabled, EEE be grayed out.

These modes are configured per port, without taking into account the LAG membership of the ports.

The device LEDs are power consumers. Since most of the time the devices are in an unoccupied room, having these LEDs lit is a waste of energy. The Green Ethernet feature enables you to disable the port LEDs (for link, speed, and PoE) when they are not required, and to enable the LEDs if they are needed (debugging, connecting additional devices etc.).

On the System Summary page, the LEDs that are displayed on the device board pictures are not affected by disabling the LEDs.

Power savings, current power consumption and cumulative energy saved can be monitored. The total amount of saved energy can be viewed as a percentage of the power that would have been consumed by the physical interfaces had they not been running in Green Ethernet mode.

The saved energy displayed is only related to Green Ethernet. The amount of energy saved by EEE is not displayed.

Power Saving by Disabling Port LEDs

The Disable Port LEDs feature allows the user to save extra power consumed by device LEDs. Since most of the time the devices are in an unoccupied room, having these LEDs lit is a waste of energy. The Green Ethernet feature enables you to disable the port LEDs (for link, speed, and PoE) when they are not required, and to enable the LEDs if they are needed (debugging, connecting additional devices etc.).

On the System Summary page, the LEDs that are displayed on the device board pictures are not affected by disabling the LEDs.

On the Green Ethernet ->Properties page, the device enables the user to disable the ports LEDs in order to save power.

137

Cisco Small Business 300 Series Managed Switch Administration Guide

Port Management

9

 

Configuring Green Ethernet

 

 

 

 

 

802.3az Energy Efficient Ethernet Feature

This section describes the 802.3az Energy Efficient Ethernet (EEE) feature.

It covers the following topics:

802.3az EEE Overview

Advertise Capabilities Negotiation

Link Level Discovery for 802.3az EEE

Availability of 802.3az EEE

Default Configuration

Interactions Between Features

802.3az EEE Configuration Workflow

802.3az EEE Overview

802.3az EEE is designed to save power when there is no traffic on the link. In Green Ethernet, power is reduced when the port is down. With 802.3az EEE, power is reduced when the port is up, but there is no traffic on it.

802.3az EEE is only supported on devices with GE ports.

When using 802.3az EEE, systems on both sides of the link can disable portions of their functionality and save power during periods of no traffic.

802.3az EEE supports IEEE 802.3 MAC operation at 100 Mbps and 1000 Mbps:

LLDP is used to select the optimal set of parameters for both devices. If LLDP is not supported by the link partner, or is disabled, 802.3az EEE still be operational, but it might not be in the optimal operational mode.

The 802.3az EEE feature is implemented using a port mode called Low Power Idle (LPI) mode. When there is no traffic and this feature is enabled on the port, the port is placed in the LPI mode, which reduces power consumption dramatically.

Both sides of a connection (device port and connecting device) must support 802.3az EEE for it to work. When traffic is absent, both sides send signals indicating that power is about to be reduced. When signals from both sides are received, the Keep Alive signal indicates that the ports are in LPI status (and not in Down status), and power is reduced.

For ports to stay in LPI mode, the Keep Alive signal must be received continuously from both sides.

Cisco Small Business 300 Series Managed Switch Administration Guide

138

9

Port Management

 

 

Configuring Green Ethernet

 

 

 

 

Advertise Capabilities Negotiation

802.3az EEE support is advertised during the Auto-Negotiationstage. AutoNegotiation provides a linked device with the capability to detect the abilities (modes of operation) supported by the device at the other end of the link, determine common abilities, and configure itself for joint operation. AutoNegotiation is performed at the time oflink-up,on command from management, or upon detection of a link error. During the link establishment process, both link partners to exchange their 802.3az EEE capabilities.Auto-Negotiationfunctions automatically without user interaction when it is enabled on the device.

NOTE IfAuto-Negotiationis not enabled on a port, the EEE is disabled. The only exception is if the link speed is 1GB, then EEE still e enabled even thoughAuto-Negotiationis disabled.

Link Level Discovery for 802.3az EEE

In addition to the capabilities described above, 802.3az EEE capabilities and settings are also advertised using frames based on the organizationally-specificTLVs defined in Annex G of IEEE Std 802.1AB protocol (LLDP). LLDP is used to further optimize 802.3az EEE operation afterauto-negotiationis completed. The 802.3az EEE TLV is used to fine tune systemwake-upand refresh durations.

Availability of 802.3az EEE

Please check the release notes for a complete listing of products that support EEE.

Default Configuration

By default, 802.3az EEE and EEE LLDP are enabled globally and per port.

Interactions Between Features

The following describe 802.3az EEE interactions with other features:

If auto-negotiationis not enabled on the port, the 802.3az EEE operational status is disabled. The exception to this rule is that if the link speed is 1gigabyte, EEE still be enabled even thoughAuto-Negotiationis disabled.

If 802.3az EEE is enabled and the port is going Up, it commences to work immediately in accordance with the maximum wake time value of the port.

On the GUI, the EEE field for the port is not available when the Short Reach Mode option on the port is checked.

If the port speed on the GE port is changed to 10Mbit, 802.3az EEE is disabled. This is supported in GE models only.

139

Cisco Small Business 300 Series Managed Switch Administration Guide

Port Management

9

 

Configuring Green Ethernet

 

 

 

 

 

802.3az EEE Configuration Workflow

This section describes how to configure the 802.3az EEE feature and view its counters.

STEP 1 Ensure thatauto-negotiationis enabled on the port by opening the Port

Management > Port Settings page.

a.Select a port and open the Edit Port Setting page.

b.Select Auto Negotiation field to ensure that it is Enabled.

STEP 2 Ensure that 802.3 Energy Efficient Ethernet (EEE) is globally enabled in the Port Management > Green Ethernet > Properties page (it is enabled by default). This page also displays how much energy has been saved.

STEP 3 Ensure that 802.3az EEE is enabled on a port by opening the Green Ethernet > Port Settings page.

a.Select a port, open the Edit Port Setting page.

b.Check the 802.3 Energy Efficient Ethernet (EEE) mode on the port (it is enabled by default).

c.Select whether to enable or disable advertisement of 802.3az EEE capabilities through LLDP in 802.3 Energy Efficient Ethernet (EEE) LLDP (it is enabled by default).

STEP 4 To see 802.3EEE-relatedinformation on the local device, open the Administration > Discovery LLDP >LLDP Local Information page, and view the information in the 802.3 Energy Efficient Ethernet (EEE) block.

STEP 5 To display 802.3az EEE information on the remote device, open the Administration > Discovery LLDP > LLDP Neighbor Information pages, and view the information in the 802.3 Energy Efficient Ethernet (EEE) block.

Setting Global Green Ethernet Properties

The Properties page displays and enables configuration of the Green Ethernet mode for the device. It also displays the current power savings.

To enable Green Ethernet and EEE and view power savings:

STEP 1 Click Port Management> Green Ethernet> Properties.

STEP 2 Enter the values for the following fields:

Cisco Small Business 300 Series Managed Switch Administration Guide

140

9

Port Management

 

 

Configuring Green Ethernet

 

 

 

 

Energy Detect Mode—Disabledby default. Click the checkbox to enable.

Short Reach—Globallyenable or disable Short Reach mode if there are GE ports on the device.

NOTE If Short Reach is enabled, EEE must be disabled.

Power Savings—Displaysthe percentage of power saved by running Green Ethernet and Short Reach. The power savings displayed is only relevant to the power saved by Short Reach and Energy Detect modes. The EEE power savings is dynamic by nature since it is based on port utilization and is therefore not taken into consideration. The power saving calculation is performed by comparing the maximum power consumption without power savings to the current consumption.

Cumulative Energy Saved—Displaysthe amount of energy saved from the last device reboot. This value is updated each time there is an event that affects power saving.

802.3 Energy Efficient Ethernet (EEE)— Globally enable or disable EEE mode.

Port LEDs—Selectto enable the port LEDs. When these are disabled, they do not display link status, activity, etc.

STEP 3 ClickApply. The Green Ethernet Properties are written to the Running

Configuration file.

Setting Green Ethernet Properties for Ports

The Port Settings page displays the current Green Ethernet and EEE modes per port, and enables configuring Green Ethernet on a port using the Edit Port Setting page. For the Green Ethernet modes to operate on a port, the corresponding modes must be activated globally in the Properties page.

Note that EEE settings are only displayed for devices that have GE ports. EEE works only when ports are set to Auto negotiation. The exception is that EEE is still functional even when Auto Negotiation is disabled, but the port is at 1GB or higher.

141

Cisco Small Business 300 Series Managed Switch Administration Guide

Port Management

9

 

Configuring Green Ethernet

 

 

 

 

 

To define per port Green Ethernet settings:

STEP 1 Click Port Management> Green Ethernet> Port Settings.

The Port Settings page displays the following:

Global Parameter Status—Describesthe enabled features. For each port the following fields are described:

Port—Theport number.

Energy Detect—Stateof the port regarding Energy Detect mode:

-Administrative—Displayswhether Energy Detect mode was enabled.

-Operational—Displayswhether Energy Detect mode is currently operating.

-Reason—IfEnergy Detect mode is not operational, displays the reason.

Short Reach—Stateof the port regarding Short Reach mode:

-Administrative—Displayswhether Short Reach mode was enabled.

-Operational—Displayswhether Short Reach mode is currently operating.

-Reason—IfShort-Reachmode is not operational, displays the reason.

-Cable Length—DisplaysVCT-returnedcable length in meters.

NOTE Short-reachmode is only supported on RJ45 GE ports; it does not apply to Combo ports.

802.3 Energy Efficient Ethernet (EEE)—State of the port regarding the EEE feature:

-Administrative—Displayswhether EEE was enabled.

-Operational—Displayswhether EEE is currently operating on the local port. This is a function of whether it has been enabled (Administrative Status), whether it has been enabled on the local port and whether it is operational on the local port.

-LLDP Administrative—Displayswhether advertising EEE counters through LLDP was enabled.

-LLDP Operational—Displayswhether advertising EEE counters through LLDP is currently operating.

Cisco Small Business 300 Series Managed Switch Administration Guide

142

9

Port Management

 

 

Configuring Green Ethernet

 

 

 

 

- EEE Support on Remote—Displayswhether EEE is supported on the link

 

partner. EEE must be supported on both the local and remote link

 

partners.

 

NOTE The window displays the Short Reach, Energy Detect and EEE

 

settings for each port; however, they are not enabled on any port unless they

 

are also enabled globally by using the Properties page. To enable Short

 

Reach and EEE globally, see Setting Global Green Ethernet Properties.

STEP 2

Select a Port and clickEdit.

STEP 3

Select to enable or disable Energy Detect mode on the port.

STEP 4

Select to enable or disable Short Reach mode on the port if there are GE ports on

 

the device.

STEP 5

Select to enable or disable 802.3 Energy Efficient Ethernet (EEE) mode on the port

 

if there are GE ports on the device.

STEP 6

Select to enable or disable 802.3 Energy Efficient Ethernet (EEE) LLDP mode on

 

the port (advertisement of EEE capabilities through LLDP) if there are GE ports on

 

the device.

STEP 7

Click Apply. The Green Ethernet port settings are written to the Running

 

Configuration file.

 

 

143

Cisco Small Business 300 Series Managed Switch Administration Guide

10

Smartport

This document describes the Smartports feature.

It contains the following topics:

Overview

What is a Smartport

Smartport Types

Smartport Macros

Macro Failure and the Reset Operation

How the Smartport Feature Works

Auto Smartport

Error Handling

Default Configuration

Relationships with Other Features and Backwards Compatibility

Common Smartport Tasks

Configuring Smartport Using The Web-based Interface

Built-in Smartport Macros

Cisco Small Business 300 Series Managed Switch Administration Guide

144

10

Smartport

 

 

Overview

 

 

 

 

Overview

The Smartport feature provides a convenient way to save and share common configurations. By applying the same Smartport macro to multiple interfaces, the interfaces share a common set of configurations. A Smartport macro is a script of CLI (Command Line Interface) commands

A Smartport macro can be applied to an interface by the macro name, or by the Smartport type associated with the macro. Applying a Smartport macro by macro name can be done only through CLI. Refer to the CLI guide for details.

There are two ways to apply a Smartport macro by Smartport type to an interface:

Static Smartport—Youmanually assign a Smartport type to an interface. The result is the corresponding Smartport macro is applied to the interface.

Auto Smartport—AutoSmartport waits for a device to be attached to the interface before applying a configuration. When a device is detected from an interface, the Smartport macro (if assigned) that corresponds to the Smartport type of the attaching device is automatically applied.

The Smartport feature consists of various components and works in conjunction with other features on the device. These components and features are described in the following sections:

Smartport, Smartport types and Smartport macros, described in this section.

Voice VLAN and Smartport, described in the Voice VLAN section.

LLDP/CDP for Smartport, described in the Configuring LLDP andConfiguring CDP sections, respectively.

Additionally, typical work flows are described in the Common Smartport Tasks section.

145

Cisco Small Business 300 Series Managed Switch Administration Guide

Smartport

10

 

What is a Smartport

 

 

 

 

 

What is a Smartport

A Smartport is an interface to which a built-in(oruser-defined)macro may be applied. These macros are designed to provide a means of quickly configuring the device to support the communication requirements and utilize the features of various types of network devices. The network access and QoS requirements vary if the interface is connected to an IP phone, a printer, or a router and/or Access Point (AP).

Smartport Types

Smartport types refers to the types of devices attached, or to be attached to

Smartports. The device supports the following Smartport types:

Printer

Desktop

Guest

Server

Host

IP Camera

IP phone

IP Phone+Desktop

Switch

Router

Wireless Access Point

Smartport types are named so that they describe the type of device connected to an interface. Each Smartport type is associated with two Smartport macros. One macro, called "the macro" serves to apply the desired configuration. The other, called "the anti-macro,"serves to undo all configuration performed by "the macro" when that interface happens to become a different Smartport type.

You can apply a Smartport macro by the following methods:

The associated Smartport type.

Cisco Small Business 300 Series Managed Switch Administration Guide

146

10

Smartport

 

 

Smartport Types

 

 

 

 

Statically from a Smartport macro by name only from the CLI.

A Smartport macro can be applied by its Smartport type statically from CLI and GUI, and dynamically by Auto Smartport. Auto Smartport derives the Smartport types of the attached devices based on CDP capabilities, LLDP system capabilities, and/or LLDP-MEDcapabilities.

The following describes the relationship of Smartport types and Auto Smartport

Smartport and Auto Smartport Types

Smartport Type

Supported by Auto

Supported by Auto

 

Smartport

Smartport by default

 

 

 

Unknown

No

No

 

 

 

Default

No

No

 

 

 

Printer

No

No

 

 

 

Desktop

No

No

 

 

 

Guest

No

No

 

 

 

Server

No

No

 

 

 

Host

Yes

No

 

 

 

IP camera

No

No

 

 

 

IP phone

Yes

Yes

 

 

 

IP phone desktop

Yes

Yes

 

 

 

Switch

Yes

Yes

 

 

 

Router

Yes

No

 

 

 

Wireless Access

Yes

Yes

Point

 

 

 

 

 

147

Cisco Small Business 300 Series Managed Switch Administration Guide

Smartport

10

 

Smartport Types

 

 

 

 

 

Special Smartport Types

There are two special Smartport types; default andunknown. These two types are not associated with macros, but they exist to signify the state of the interface regarding Smartport.

The following describe these special Smartport types:

Default

An interface that does not (yet) have a Smartport type assigned to it has the Default Smartport status.

If Auto Smartport assigns a Smartport type to an interface and the interface is not configured to be Auto Smartport Persistent, then its Smartport type is re-initializedto Default in the following cases:

-A link down/up operation is performed on the interface.

-The device is restarted.

-All devices attached to the interface have aged out, which is defined as the absence of CDP and/or LLDP advertisement from the device for a specified time period.

Unknown

If a Smartport macro is applied to an interface and an error occurs, the interface is assigned the Unknown status. In this case, the Smartport and Auto Smartport features do not function on the interface until you correct the error and applies the Reset action (performed in the Interface Settings pages) that resets the Smartport status.

See the workflow area in Common Smartport Tasks section for troubleshooting tips.

NOTE Throughout this section, the term “aged out” is used to describe the LLDP and CDP messages via their TTL. If Auto Smartport is enabled, and persistent status is disabled, and no more CDP or LLDP messages are received on the interface before both TTLs of the most recent CDP and LLDP packets decrease to 0, then the antimacro is run, and the Smartport type returns to default.

Cisco Small Business 300 Series Managed Switch Administration Guide

148

10

Smartport

 

 

Smartport Macros

 

 

 

 

Smartport Macros

A Smartport macro is a script of CLI commands that configure an interface appropriately for a particular network device.

Smartport macros should not be confused with global macros. Global macros configure the device globally, however, the scope of a Smartport macro is limited to the interface on which it is applied.

The macro source may be found by running the show parser macro name [macro_name] command in privileged exec mode of the CLI or by clicking the View Macro Source button on the Smartport Type Settings page.

A macro and the corresponding anti-macroare paired together in association with each Smartport type. The macro applies the configuration and theanti-macroremoves it.

There are two types of Smartport macros:

Built-In—Theseare macros provided by the system. One macro applies the configuration profile and the other removes it. The macro names of the builtin Smartport macros and the Smartport type they are associated with as follows

-macro-name(for example: printer)

-no_macro-name(for example: no_printer)

User-Defined—Theseare macros written by the users. See the CLI Reference Guide for more information about these. To associate a user defined macro to a Smartport type, its anti macro must be defined as well.

-smartport-type-name(for example: my_printer)

-no_smartport-type-name(for example: no_my_printer)

Smartport macros are bound to Smartport types in the Edit Smartport Type

Setting page.

See Built-in Smartport Macros for a listing of thebuilt-inSmartport macros for each device type.

149

Cisco Small Business 300 Series Managed Switch Administration Guide

Smartport

10

 

Macro Failure and the Reset Operation

 

 

 

 

 

Applying a Smartport Type to an Interface

When Smartport types are applied to interfaces, the Smartport types and configuration in the associated Smartport macros are saved in the Running Configuration File. If the administrator saves the Running Configuration File into the Startup Configuration File, the device applies the Smartport types and the Smartport macros to the interfaces after reboot as follows:

If the Startup Configuration File does not specify a Smartport type for an interface, its Smartport type is set to Default.

If the Startup Configuration File specifies a static Smartport type, the Smartport type of the interface is set to this static type.

If the Startup Configuration File specifies a Smartport type that was dynamically assigned by Auto Smartport:

-If the Auto Smartport Global Operational state, the interface Auto Smartport state, and the Persistent Status are all Enable, the Smartport type is set to this dynamic type.

-Else the corresponding anti-macrois applied and the interfaces status is set to Default.

Macro Failure and the Reset Operation

A Smartport macro might fail if there is a conflict between the existing configuration of the interface and a Smartport macro.

When a Smartport macro fails, a SYSLOG message containing the following parameters is sent:

Port number

Smartport type

The line number of the failed CLI command in the macro

When a Smartport macro fails on an interface, the status of the interface is set to Unknown. The reason for the failure can be displayed in the Interface Settings page,Show Diagnostics popup.

Cisco Small Business 300 Series Managed Switch Administration Guide

150

10

Smartport

 

 

How the Smartport Feature Works

 

 

 

 

After the source of the problem is determined and the existing configuration or Smartport macro is corrected, you must perform a reset operation to reset the interface before it can be reapplied with a Smartport type (in the Interface Settings pages). See the workflow area in Common Smartport Tasks section for troubleshooting tips.

How the Smartport Feature Works

You can apply a Smartport macro to an interface by the macro name, or by the Smartport type associated with the macro. Applying a Smartport macro by macro name can be done only through the CLI, you should refer to the CLI guide for details.

Because support is provided for Smartport types which correspond to devices that do not allow themselves to be discovered via CDP and/or LLDP, these Smartport types must be statically assigned to the desired interfaces. This can be done by navigating to the Smartport Interface Settings page, selecting the radio button of the desired interface, and clicking Edit. Then, select the Smartport type you want to assign and adjust the parameters as necessary before clickingApply.

There are two ways to apply a Smartport macro by Smartport type to an interface:

Static Smartport

You manually assign a Smartport type to an interface. The corresponding Smartport macro is applied to the interface. You can manually assign a Smartport type to an interface from the Smartport Interface Settings Page.

Auto Smartport

When a device is detected from an interface, the Smartport macro, if any, that corresponds to the Smartport type of the attaching device is automatically applied. Auto Smartport is enabled by default globally, and at the interface level.

In both cases, the associated anti-macrois run when the Smartport type is removed from the interface, and theanti-macroruns in exactly the same manner, removing all of the interface configuration.

151

Cisco Small Business 300 Series Managed Switch Administration Guide

Smartport

10

 

Auto Smartport

 

 

 

 

 

Auto Smartport

In order for Auto Smartport to automatically assign Smartport types to interfaces, the Auto Smartport feature must be enabled globally and on the relevant interfaces which Auto Smartport should be allowed to configure. By default, Auto Smartport is enabled and allowed to configure all interfaces. The Smartport type assigned to each interface is determined by the CDP and LLDP packets received on the each interface respectively.

If multiple devices are attached to an interface, a configuration profile that is appropriate for all of the devices is applied to the interface if possible.

If a device is aged out (no longer receiving advertisements from other devices), the interface configuration is changed according to its Persistent Status. If the Persistent Status is enabled, the interface configuration is retained. If not, the Smartport Type reverts to Default.

Enabling Auto Smartport

Auto Smartport can be enabled globally in the Properties page in the following ways:

Enabled—Thismanually enables Auto Smartport and places it into operation immediately.

Enable by Auto Voice VLAN—Thisenables Auto Smartport to operate if Auto Voice VLAN is enabled and in operation. Enable by Auto Voice VLAN is the default.

NOTE In addition to enabling Auto Smartport globally, you must enable Auto Smartport at the desired interface as well. By default, Auto Smartport is enabled at all the interfaces.

See Voice VLAN for more information on enabling Auto Voice VLAN

Identifying Smartport Type

If Auto Smartport is globally enabled (in the Properties page), and at an interface (in the Interface Settings page), the device applies a Smartport macro to the interface based on the Smartport type of the attaching device. Auto Smartport derives the Smartport types of attaching devices based on the CDP and/or LLDP the devices advertise.

Cisco Small Business 300 Series Managed Switch Administration Guide

152

10

Smartport

 

 

Auto Smartport

 

 

 

 

If, for example, an IP phone is attached to a port, it transmits CDP or LLDP packets that advertise its capabilities. After reception of these CDP and/or LLDP packets, the device derives the appropriate Smartport type for phone and applies the corresponding Smartport macro to the interface where the IP phone attaches.

Unless Persistent Auto Smartport is enabled on an interface, the Smartport type and resulting configuration applied by Auto Smartport is removed if the attaching device(s) ages out, links down, reboots, or conflicting capabilities are received.

Aging out times are determined by the absence of CDP and/or LLDP advertisements from the device for a specified time period.

Using CDP/LLDP Information to Identify Smartport Types

The device detects the type of device attached to the port, based on the CDP/

LLDP capabilities.

This mapping is shown in the following tables:

CDP Capabilities Mapping to Smartport Type

Capability Name

CDP Bit

Smartport Type

 

 

 

Router

0x01

Router

 

 

 

TB Bridge

0x02

Wireless Access Point

 

 

 

SR Bridge

0x04

Ignore

 

 

 

Switch

0x08

Switch

 

 

 

Host

0x10

Host

 

 

 

IGMP conditional filtering

0x20

Ignore

 

 

 

Repeater

0x40

Ignore

 

 

 

VoIP Phone

0x80

ip_phone

 

 

 

Remotely-ManagedDevice

0x100

Ignore

 

 

 

CAST Phone Port

0x200

Ignore

 

 

 

Two-PortMAC Relay

0x400

Ignore

 

 

 

153

Cisco Small Business 300 Series Managed Switch Administration Guide

Smartport

10

 

Auto Smartport

 

 

 

 

 

LLDP Capabilities Mapping to Smartport Type

Capability Name

LLDP Bit

Smartport Type

 

 

 

Other

1

Ignore

 

 

 

Repeater IETF RFC 2108

2

Ignore

 

 

 

MAC Bridge IEEE Std. 802.1D

3

Switch

 

 

 

WLAN Access Point IEEE Std. 802.11

4

Wireless Access

MIB

 

Point

 

 

 

Router IETF RFC 1812

5

Router

 

 

 

Telephone IETF RFC 4293

6

ip_phone

 

 

 

DOCSIS cable device IETF RFC 4639

7

Ignore

and IETF RFC 4546

 

 

 

 

 

Station Only IETF RFC 4293

8

Host

 

 

 

C-VLANComponent of a VLAN Bridge

9

Switch

IEEE Std. 802.1Q

 

 

 

 

 

S-VLANComponent of a VLAN Bridge

10

Switch

IEEE Std. 802.1Q

 

 

 

 

 

Two-portMAC Relay (TPMR) IEEE Std.

11

Ignore

802.1Q

 

 

 

 

 

Reserved

12-16

Ignore

 

 

 

NOTE If only the IP Phone and Host bits are set, then the Smartport type is ip_phone_desktop.

Multiple Devices Attached to the Port

The device derives the Smartport type of a connected device via the capabilities the device advertises in its CDP and/or LLDP packets.

If multiple devices are connected to the device through one interface, Auto Smartport considers each capability advertisement it receives through that interface in order to assign the correct Smartport type. The assignment is based on the following algorithm:

Cisco Small Business 300 Series Managed Switch Administration Guide

154

10

Smartport

 

 

Error Handling

 

 

 

 

If all devices on an interface advertise the same capability (there is no conflict) the matching Smartport type is applied to the interface.

If one of the devices is a switch, the Switch Smartport type is used.

If one of the devices is an AP, the Wireless Access Point Smartport type is used.

If one of the devices is an IP phone and another device is a host, the ip_phone_desktop Smartport type is used.

If one of the devices is an IP phone desktop and the other is an IP phone or host, the ip_phone_desktop Smartport type is used.

In all other cases the default Smartport type is used.

For more information about LLDP/CDP refer to the Configuring LLDP and

Configuring CDP sections, respectively.

Persistent Auto Smartport Interface

If the Persistent status of an interface is enabled, its Smartport type and the configuration that is already applied dynamically by Auto Smartport remains on the interface even after the attaching device ages out, the interface goes down, and the device is rebooted (assuming the configuration was saved). The Smartport type and the configuration of the interface are not changed unless Auto Smartport detects an attaching device with a different Smartport type. If the Persistent status of an interface is disabled, the interface reverts to the default Smartport type when the attaching device to it ages out, the interface goes down, or the device is rebooted. Enabling Persistent status on an interface eliminates the device detection delay that otherwise occurs.

NOTE The persistence of the Smartport types applied to the interfaces are effective between reboots only if the running configuration with the Smartport type applied at the interfaces is saved to the startup configuration file.

Error Handling

When a smart port macro fails to apply to an interface, you can examine the point of the failure in the Interface Settings page and reset the port and reapply the macro after the error is corrected from the Interface Settings and Interface Settings Edit pages.

155

Cisco Small Business 300 Series Managed Switch Administration Guide

Smartport

10

 

Default Configuration

 

 

 

 

 

Default Configuration

Smartport is always available. By default, Auto Smartport is enabled by Auto Voice VLAN, relies on both CDP and LLDP to detect attaching device's Smartport type, and detects Smartport type IP phone, IP phone + Desktop, Switch, and Wireless Access Point.

See Voice VLAN for a description of the voice factory defaults.

Relationships with Other Features and Backwards Compatibility

Auto Smartport is enabled by default and may be disabled. Telephony OUI cannot function concurrently with Auto Smartport, and Auto Voice VLAN. Auto Smartport must be disabled before enabling Telephony OUI.

NOTE When upgrading from a firmware version that does not support Auto Smartport to a firmware level that supports Auto Smartport, the Auto Voice VLAN is disabled after the upgrade. If Telephony OUI was enabled before the upgrade, then Auto Smartport is disabled after the upgrade, and Telephony OUI remains enabled.

Common Smartport Tasks

This section describes some common tasks to setup Smartport and Auto

Smartport.

Workflow1: To globally enable Auto Smartport on the device, and to configure a port with Auto Smartport, perform the following steps:

STEP 1 To enable the Auto Smartport feature on the device, open the Smartport > Properties page. Set Administrative Auto Smartport toEnable orEnable by Voice VLAN.

STEP 2 Select whether the device is to process CDP and/or LLDP advertisements from connected devices.

STEP 3 Select which type of devices are to be detected in theAuto Smartport Device Detection field.

Cisco Small Business 300 Series Managed Switch Administration Guide

156

10

Smartport

 

 

Common Smartport Tasks

 

 

 

 

STEP 4 Click Apply

STEP 5 To enable the Auto Smartport feature on one or more interfaces, open the Smartport > Interface Settings page.

STEP 6 Select the interface, and click Edit.

STEP 7 Select Auto Smartport in the Smartport Application field.

STEP 8 Check or uncheckPersistent Status if desired.

STEP 9 Click Apply.

Workflow2: To configure an interface as a static Smartport, perform the following steps:

STEP 1 To enable the Smartport feature on the interface, open the Smartport > Interface Settings page.

STEP 2 Select the interface, and click Edit.

STEP 3 Select the Smartport type that is to be assigned to the interface in the Smartport Application field.

STEP 4 Set the macro parameters as required.

STEP 5 Click Apply.

Workflow3: To adjust Smartport macro parameter defaults and/or bind a user-definedmacro pair to a Smartport type, perform the following steps:

Through this procedure you can accomplish the following:

View the macro source.

Change parameter defaults.

Restore the parameter defaults to the factory settings.

Bind a user-definedmacro pair (a macro and its correspondinganti-macro)to a Smartport type.

1.Open the Smartport > Smartport Type Settings page.

2.Select the Smartport Type.

157

Cisco Small Business 300 Series Managed Switch Administration Guide

Smartport

10

 

Common Smartport Tasks

 

 

 

 

 

3.Click View Macro Source to view the current Smartport macro that is associated with the selected Smartport Type.

4.Click Edit to open a new window in which you can bind user-definedmacros to the selected Smartport type and/or modify the default values of the parameters in the macros bound to that Smartport type. These parameter default values are used when Auto Smartport applies the selected Smartport type (if applicable) to an interface.

5.In the Edit page, modify the fields.

6.Click Apply to rerun the macro if the parameters were changed, orRestore Defaults to restore default parameter values tobuilt-inmacros if required.

Workflow4: To rerun a Smartport macro after it has failed, perform the following steps:

STEP 1 In the Interface Settings page, select an interface with Smartport type Unknown.

STEP 2 ClickShow Diagnostics to see the problem.

STEP 3 Troubleshoot, then correct the problem. Consider the troubleshooting tip below.

STEP 4 Click Edit. A new window appears in which you can click Reset to reset the interface.

STEP 5 Return to the main page and reapply the macro using either Reapply (for devices that are not switches, routers or APs) or Reapply Smartport Macro (for switches, routers or APs) to run the Smartport Macro on the interface.

A second method of resetting single or multiple unknown interfaces is:

STEP 1 In the Interface Settings page, select the Port Type equals to checkbox.

STEP 2 SelectUnknown and click Go.

STEP 3 Click Reset All Unknown Smartports. Then reapply the macro as described above.

TIP The reason that the macro failed might be a conflict with a configuration on the interface made prior to applying the macro (most often encountered with security andstorm-controlsettings), a wrong port type, a typo or an incorrect command within theuser-definedmacro, or an invalid parameter setting. Parameters are checked for neither type nor boundary prior to the attempt to apply the macro, therefore, an incorrect or invalid input to a parameter value will almost assuredly cause failure when applying the macro.

Cisco Small Business 300 Series Managed Switch Administration Guide

158

10

Smartport

 

 

Configuring Smartport Using The Web-basedInterface

 

 

 

 

Configuring Smartport Using The Web-basedInterface

The Smartport feature is configured in the Smartport > Properties, Smartport

Type Settings and Interface Settings pages.

For Voice VLAN configuration, see Voice VLAN.

For LLDP/CDP configuration, see the Configuring LLDP andConfiguring CDP sections, respectively.

Smartport Properties

To configure the Smartport feature globally:

STEP 1 Click Smartport > Properties.

STEP 2 Enter the parameters.

Administrative Auto Smartport—Selectto globally enable or disable Auto Smartport. The following options are available:

-Disable—Selectto disable Auto Smartport on the device.

-Enable—Selectto enable Auto Smartport on the device.

-Enable by Auto Voice VLAN—Thisenables Auto Smartport, but puts it in operation only when Auto Voice VLAN is also enabled and in operation. Enable by Auto Voice VLAN is the default.

Auto Smartport Device Detection Method—Select whether incoming CDP, LLDP, or both types of packets are used to detect the Smartport type of the attaching device(s). At least one must be checked in order for Auto Smartport to identify devices.

Operational CDP Status—Displaysthe operational status of CDP. Enable CDP if Auto Smartport is to detect the Smartport type based on CDP advertisement.

Operational LLDP Status—Displaysthe operational status of LLDP. Enable LLDP if Auto Smartport is to detect the Smartport type based on LLDP/LLDP-MEDadvertisement.

Auto Smartport Device Detection—Selecteach type of device for which Auto Smartport can assign Smartport types to interfaces. If unchecked, Auto Smartport does not assign that Smartport type to any interface.

159

Cisco Small Business 300 Series Managed Switch Administration Guide

Smartport

10

 

Configuring Smartport Using The Web-basedInterface

 

 

 

 

 

STEP 3 ClickApply. This sets the global Smartport parameters on the device.

Smartport Type Settings

Use the Smartport Type Settings page to edit the Smartport Type settings and view the Macro Source.

By default, each Smartport type is associated with a pair of built-inSmartport macros. SeeSmartport Types for further information on macro versusanti-macro.Alternatively, you can associate your own pair ofuser-definedmacros with customized configurations to a Smartport type.User-definedmacros can be prepared only through CLI. You should refer to the CLI reference guide for details.

Built-inoruser-definedmacros can have parameters. Thebuilt-inmacros have up to three parameters.

Editing these parameters for the Smartport types applied by Auto Smartport from the Smartport Type Settings page configures the default values for these parameters. These defaults are used by Auto Smartport.

NOTE Changes to Auto Smartport types cause the new settings to be applied to interfaces which have already been assigned that type by Auto Smartport. In this case, binding an invalid macro or setting an invalid default parameter value causes all ports of this Smartport type to become unknown.

STEP 1 Click Smartport > Smartport Type Settings.

STEP 2 To view the Smartport macro associated with a Smartport type, select a Smartport type and click View Macro Source.

STEP 3 To modify the parameters of a macro or assign auser-definedmacro, select a Smartport type and clickEdit.

STEP 4 Enter the fields.

Port Type—Selecta Smartport type.

Macro Name—Displaysthe name of the Smartport macro currently associated with the Smartport type.

Macro Type—Selectwhether the pair of macro andanti-macroassociated with this Smartport type isbuilt-inoruser-defined.

Cisco Small Business 300 Series Managed Switch Administration Guide

160

10

Smartport

 

 

Configuring Smartport Using The Web-basedInterface

 

 

 

 

User Defined Macro—Ifdesired, select theuser-definedmacro that is to be associated with the selected Smartport type. The macro must have already been paired with ananti-macro.

Pairing of the two macros is done by name and is described in the Smartport Macro section.

Macro Parameters—Displaysthe following fields for three parameters in the macro:

-Parameter Name—Nameof parameter in macro.

-Parameter Value—Currentvalue of parameter in macro. This can be changed here.

-Parameter Description—Descriptionof parameter.

You can restore the default parameter values by clicking Restore Defaults.

STEP 5 ClickApply to save the changes to the running configuration. If the Smartport macro and/or its parameter values associated with the Smartport type are modified, Auto Smartport automatically reapplies the macro to the interfaces currently assigned with the Smartport type by Auto Smartport. Auto Smartport does not apply the changes to interfaces that were statically assigned a Smartport type.

NOTE There is no method to validate macro parameters because they do not have a type association. Therefore, any entry is valid at this point. However, invalid parameter values may cause errors to occur when the Smartport type is assigned to an interface, applying the associated macro.

Smartport Interface Settings

Use the Interface Settings page to perform the following tasks:

Statically apply a specific Smartport type to an interface with interface specific values for the macro parameters.

Enable Auto Smartport on an interface.

Diagnose a Smartport macro that failed upon application, and caused the Smartport type to become Unknown.

Reapply a Smartport macro after it fails for one of the following types of interfaces: switch, router and AP. It is expected that the necessary

161

Cisco Small Business 300 Series Managed Switch Administration Guide

Smartport

10

 

Configuring Smartport Using The Web-basedInterface

 

 

 

 

 

corrections have been made prior to clicking Reapply. See the workflow area inCommon Smartport Tasks section for troubleshooting tips.

Reapply a Smartport macro to an interface. In some circumstances, you may want to reapply a Smartport macro so that the configuration at an interface is up to date. For instance, reapplying a switch Smartport macro at a device interface makes the interface a member of the VLANs created since the last macro application. You have to be familiar with the current configurations on the device and the definition of the macro to determine if a reapplication has any impact on the interface.

Reset unknown interfaces. This sets the mode of Unknown interfaces to Default.

To apply a Smartport macro:

STEP 1 Click Smartport > Interface Settings.

Reapply the associated Smartport macro in the following ways:

Select a group of Smartport types (switches, routers or APs) and click Reapply Smartport Macro. The macros are applied to all selected interface types.

Select an interface that is UP and click Reapply to reapply the last macro that was applied to the interface.

The Reapply action also adds the interface to allnewly-createdVLANs.

STEP 2 Smartport Diagnostic.

If a Smartport macro fails, the Smartport Type of the interface is Unknown. Select an interface which is of unknown type and click Show Diagnostic. This displays the command at which application of the macro failed. See the workflow area in Common Smartport Tasks section for troubleshooting tips. Proceed to reapply the macro after correcting the problem.

STEP 3 Resetting all Unknown interfaces to Default type.

Select the Port Type equals to checkbox.

Select Unknown and click Go.

Click Reset All Unknown Smartports. Then reapply the macro as described above. This performs a reset on all interfaces with type Unknown, meaning that all interfaces are returned to the Default type. After correcting the error in the macro or on the current interface configuration or both, a new macro may be applied.

Cisco Small Business 300 Series Managed Switch Administration Guide

162

10

Smartport

 

 

Configuring Smartport Using The Web-basedInterface

 

 

 

 

NOTE Resetting the interface of unknown type does not reset the configuration performed by the macro that failed. This clean up must be done manually.

To assign a Smartport type to an interface or activate Auto Smartport on the interface:

STEP 1 Select an interface and clickEdit.

STEP 2 Enter the fields.

Interface—Selectthe port or LAG.

Smartport Type—Displaysthe Smartport type currently assigned to the port/LAG.

Smartport Application—Selectthe Smartport type from the Smartport Applicationpull-down.

Smartport Application Method— If Auto Smartport is selected, Auto Smartport automatically assigns the Smartport type based on the CDP and/ or LLDP advertisement received from the connecting devices as well as applying the corresponding Smartport macro. To statically assign a Smartport type and apply the corresponding Smartport macro to the interface, select the desired Smartport type.

Persistent Status—Selectto enable the Persistent status. If enabled, the association of a Smartport type to an interface remains even if the interface goes down, or the device is rebooted. Persistent is applicable only if the Smartport Application of the interface is Auto Smartport. Enabling Persistent at an interface eliminates the device detection delay that otherwise occurs.

Macro Parameters—Displaysthe following fields for up to three parameters in the macro:

-Parameter Name—Nameof parameter in macro.

-Parameter Value—Currentvalue of parameter in macro. This can be changed here.

-Parameter Description—Descriptionof parameter.

STEP 3 ClickReset to set an interface to Default if it is in Unknown status (as a result of an unsuccessful macro application). The macro can be reapplied on the main page.

STEP 4 ClickApply to update the changes and assign the Smartport type to the interface.

163

Cisco Small Business 300 Series Managed Switch Administration Guide

Smartport

10

 

Built-inSmartport Macros

 

 

 

 

 

Built-inSmartport Macros

The following describes the pair of built-inmacros for each Smartport type. For each Smartport type there is a macro to configure the interface and an anti macro to remove the configuration.

Macro code for the following Smartport types are provided:

desktop

printer

guest

server

host

ip_camera

ip_phone

ip_phone_desktop

switch

router

ap

desktop

[desktop]

#interface configuration, for increased network security and reliability when connecting a desktop device, such as a PC, to a switch port.

#macro description Desktop

#macro keywords $native_vlan $max_hosts

#

#macro key description: $native_vlan: The untag VLAN which will be configured on the port

# $max_hosts: The maximum number of allowed devices on the port

#Default Values are

#$native_vlan = Default VLAN

#$max_hosts = 10

#

#the port type cannot be detected automatically

#

#the default mode is trunk

smartport switchport trunk native vlan $native_vlan

#

port security max $max_hosts

Cisco Small Business 300 Series Managed Switch Administration Guide

164

10

Smartport

 

 

Built-inSmartport Macros

 

 

 

 

port security mode max-addressesport security discard trap 60

#

smartport storm-controlbroadcast level 10 smartportstorm-controlinclude-multicastsmartportstorm-controlbroadcast enable

#

spanning-treeportfast

#

@

no_desktop

[no_desktop]

#macro description No Desktop

#

no smartport switchport trunk native vlan smartport switchport trunk allowed vlan remove all

#

no port security

no port security mode no port security max

#

no smartport storm-controlbroadcast enable no smartportstorm-controlbroadcast level no smartportstorm-controlinclude-multicast

#

spanning-treeportfast auto

#

@

printer

[printer]

#macro description printer #macro keywords $native_vlan

#

#macro key description: $native_vlan: The untag VLAN which will be configured on the port

#Default Values are

#$native_vlan = Default VLAN

#

#the port type cannot be detected automatically

#

switchport mode access

switchport access vlan $native_vlan

#

#single host

port security max 1

port security mode max-addressesport security discard trap 60

165

Cisco Small Business 300 Series Managed Switch Administration Guide

Smartport

10

 

Built-inSmartport Macros

 

 

 

 

 

#

smartport storm-controlbroadcast level 10 smartportstorm-controlinclude-multicastsmartportstorm-controlbroadcast enable

#

spanning-treeportfast

#

@

no_printer

[no_printer]

#macro description No printer

#

no switchport access vlan no switchport mode

#

no port security

no port security mode

#

no smartport storm-controlbroadcast enable no smartportstorm-controlbroadcast level no smartportstorm-controlinclude-multicast

#

spanning-treeportfast auto

#

@

guest

[guest]

#macro description guest #macro keywords $native_vlan

#

#macro key description: $native_vlan: The untag VLAN which will be configured on the port

#Default Values are

#$native_vlan = Default VLAN

#

#the port type cannot be detected automatically

#

switchport mode access

switchport access vlan $native_vlan

#

#single host

port security max 1

port security mode max-addressesport security discard trap 60

#

smartport storm-controlbroadcast level 10 smartportstorm-controlinclude-multicast

Cisco Small Business 300 Series Managed Switch Administration Guide

166

10

Smartport

 

 

Built-inSmartport Macros

 

 

 

 

smartport storm-controlbroadcast enable

#

spanning-treeportfast

#

@

no_guest]]

[no_guest]

#macro description No guest

#

no switchport access vlan no switchport mode

#

no port security

no port security mode

#

no smartport storm-controlbroadcast enable no smartportstorm-controlbroadcast level no smartportstorm-controlinclude-multicast

#

spanning-treeportfast auto

#

@

server

[server]

#macro description server

#macro keywords $native_vlan $max_hosts

#

$native_vlan: The untag VLAN which will be

#macro key description:

configured on the port

$max_hosts: The maximum number of allowed devices on

#

the port

 

#Default Values are

 

#$native_vlan = Default VLAN

#$max_hosts = 10

#

#the port type cannot be detected automatically

#

#the default mode is trunk

smartport switchport trunk native vlan $native_vlan

#

port security max $max_hosts port security mode max-addressesport security discard trap 60

#

smartport storm-controlbroadcast level 10 smartportstorm-controlbroadcast enable

#

167

Cisco Small Business 300 Series Managed Switch Administration Guide

Smartport

10

 

Built-inSmartport Macros

 

 

 

 

 

spanning-treeportfast

#

@

no_server

[no_server]

#macro description No server

#

no smartport switchport trunk native vlan smartport switchport trunk allowed vlan remove all

#

no port security

no port security mode no port security max

#

no smartport storm-controlbroadcast enable no smartportstorm-controlbroadcast level

#

spanning-treeportfast auto

#

@

host

[host]

#macro description host

#macro keywords $native_vlan $max_hosts

#

#macro key description: $native_vlan: The untag VLAN which will be

configured on the port

$max_hosts: The maximum number of allowed devices on

#

the port

 

#Default Values are

#$native_vlan = Default VLAN

#$max_hosts = 10

#

#the port type cannot be detected automatically

#

#the default mode is trunk

smartport switchport trunk native vlan $native_vlan

#

port security max $max_hosts port security mode max-addressesport security discard trap 60

#

smartport storm-controlbroadcast level 10 smartportstorm-controlinclude-multicastsmartportstorm-controlbroadcast enable

#

spanning-treeportfast

Cisco Small Business 300 Series Managed Switch Administration Guide

168

10

Smartport

 

 

Built-inSmartport Macros

 

 

 

 

#

@

no_host

[no_host]

#macro description No host

#

no smartport switchport trunk native vlan smartport switchport trunk allowed vlan remove all

#

no port security

no port security mode no port security max

#

no smartport storm-controlbroadcast enable no smartportstorm-controlbroadcast level no smartportstorm-controlinclude-multicast

#

spanning-treeportfast auto

#

@

ip_camera

[ip_camera]

#macro description ip_camera #macro keywords $native_vlan

#

#macro key description: $native_vlan: The untag VLAN which will be configured on the port

#Default Values are

#$native_vlan = Default VLAN

#

switchport mode access

switchport access vlan $native_vlan

#

#single host

port security max 1

port security mode max-addressesport security discard trap 60

#

smartport storm-controlbroadcast level 10 smartportstorm-controlinclude-multicastsmartportstorm-controlbroadcast enable

#

spanning-treeportfast

#

@

169

Cisco Small Business 300 Series Managed Switch Administration Guide

Smartport

10

 

Built-inSmartport Macros

 

 

 

 

 

no_ip_camera

[no_ip_camera]

#macro description No ip_camera

#

no switchport access vlan no switchport mode

#

no port security

no port security mode

#

no smartport storm-controlbroadcast enable no smartportstorm-controlbroadcast level no smartportstorm-controlinclude-multicast

#

spanning-treeportfast auto

#

@

ip_phone

[ip_phone]

#macro description ip_phone

#macro keywords $native_vlan $voice_vlan $max_hosts

#

#macro key description: $native_vlan: The untag VLAN which will be configured on the port

#

$voice_vlan: The voice VLAN ID

#

$max_hosts: The maximum number of allowed devices on

the port

 

#Default Values are

#$native_vlan = Default VLAN

#$voice_vlan = 1

#$max_hosts = 10

#

#the default mode is trunk

smartport switchport trunk allowed vlan add $voice_vlan smartport switchport trunk native vlan $native_vlan

#

port security max $max_hosts port security mode max-addressesport security discard trap 60

#

smartport storm-controlbroadcast level 10 smartportstorm-controlinclude-multicastsmartportstorm-controlbroadcast enable

#

spanning-treeportfast

#

@

Cisco Small Business 300 Series Managed Switch Administration Guide

170

10

Smartport

 

 

Built-inSmartport Macros

 

 

 

 

no_ip_phone

[no_ip_phone]

#macro description no ip_phone #macro keywords $voice_vlan

#

#macro key description: $voice_vlan: The voice VLAN ID

#

#Default Values are

#$voice_vlan = 1

#

smartport switchport trunk allowed vlan remove $voice_vlan no smartport switchport trunk native vlan

smartport switchport trunk allowed vlan remove all

#

no port security

no port security mode no port security max

#

no smartport storm-controlbroadcast enable no smartportstorm-controlbroadcast level no smartportstorm-controlinclude-multicast

#

spanning-treeportfast auto

#

@

ip_phone_desktop

[ip_phone_desktop]

#macro description ip_phone_desktop

#macro keywords $native_vlan $voice_vlan $max_hosts

#

#macro key description:

$native_vlan: The untag VLAN which will be

configured on the port

$voice_vlan: The voice VLAN ID

#

#

$max_hosts: The maximum number of allowed devices on

the port

 

#Default Values are

 

#$native_vlan = Default VLAN

#$voice_vlan = 1

#$max_hosts = 10

#

#the default mode is trunk

smartport switchport trunk allowed vlan add $voice_vlan smartport switchport trunk native vlan $native_vlan

#

port security max $max_hosts port security mode max-addressesport security discard trap 60

#

smartport storm-controlbroadcast level 10 smartportstorm-controlinclude-multicast

171

Cisco Small Business 300 Series Managed Switch Administration Guide

Smartport

10

 

Built-inSmartport Macros

 

 

 

 

 

smartport storm-controlbroadcast enable

#

spanning-treeportfast

#

@

no_ip_phone_desktop

[no_ip_phone_desktop]

#macro description no ip_phone_desktop #macro keywords $voice_vlan

#

#macro key description: $voice_vlan: The voice VLAN ID

#

#Default Values are

#$voice_vlan = 1

#

smartport switchport trunk allowed vlan remove $voice_vlan no smartport switchport trunk native vlan

smartport switchport trunk allowed vlan remove all

#

no port security

no port security mode no port security max

#

no smartport storm-controlbroadcast enable no smartportstorm-controlbroadcast level no smartportstorm-controlinclude-multicast

#

spanning-treeportfast auto

#

@

switch

[switch]

#macro description switch

#macro keywords $native_vlan $voice_vlan

#

#macro key description: $native_vlan: The untag VLAN which will be

configured on the port

$voice_vlan: The voice VLAN ID

#

#Default Values are

#$native_vlan = Default VLAN

#$voice_vlan = 1

#

#the default mode is trunk

smartport switchport trunk allowed vlan add all smartport switchport trunk native vlan $native_vlan

#

spanning-treelink-typepoint-to-point

Cisco Small Business 300 Series Managed Switch Administration Guide

172

10

Smartport

 

 

Built-inSmartport Macros

 

 

 

 

#

@

no_switch

[no_switch]

#macro description No switch #macro keywords $voice_vlan

#

#macro key description: $voice_vlan: The voice VLAN ID

#

no smartport switchport trunk native vlan smartport switchport trunk allowed vlan remove all

#

no spanning-treelink-type

#

@

router

[router]

#macro description router

#macro keywords $native_vlan $voice_vlan

#

#macro key description: $native_vlan: The untag VLAN which will be

configured on the port

$voice_vlan: The voice VLAN ID

#

#

#Default Values are

#$native_vlan = Default VLAN

#$voice_vlan = 1

#

#the default mode is trunk

smartport switchport trunk allowed vlan add all smartport switchport trunk native vlan $native_vlan

#

smartport storm-controlbroadcast level 10 smartportstorm-controlbroadcast enable

#

spanning-treelink-typepoint-to-point

#

@

no_router

[no_router]

#macro description No router

173

Cisco Small Business 300 Series Managed Switch Administration Guide

Smartport

10

 

Built-inSmartport Macros

 

 

 

 

 

#macro keywords $voice_vlan

#

#macro key description: $voice_vlan: The voice VLAN ID

#

no smartport switchport trunk native vlan smartport switchport trunk allowed vlan remove all

#

no smartport storm-controlbroadcast enable no smartportstorm-controlbroadcast level

#

no spanning-treelink-type

#

@

ap

[ap]

#macro description ap

#macro keywords $native_vlan $voice_vlan

#

#macro key description: $native_vlan: The untag VLAN which will be configured on the port

Cisco Small Business 300 Series Managed Switch Administration Guide

174

10

Smartport

 

 

Built-inSmartport Macros

 

 

 

 

175

Cisco Small Business 300 Series Managed Switch Administration Guide

11

Port Management: PoE

The Power over Ethernet (PoE) feature is only available on PoE-baseddevices. For a list ofPoE-baseddevices, refer to theDevice Models section.

This section describes how to use the PoE feature.

It covers the following topics:

PoE on the Device

Configuring PoE Properties

Configuring PoE Settings

PoE on the Device

A PoE device is PSE (Power Sourcing Equipment) that delivers electrical power to connected PD (Powered Devices) over existing copper cables without interfering with the network traffic, updating the physical network or modifying the network infrastructure.

See Device Models for information concerning PoE support on various models.

PoE Features

PoE provides the following features:

Eliminates the need to run 110/220 V AC power to all devices on a wired LAN.

Removes the necessity for placing all network devices next to power sources.

Eliminates the need to deploy double cabling systems in an enterprise significantly decreasing installation costs.

Cisco Small Business 300 Series Managed Switch Administration Guide

176

11

Port Management: PoE

 

 

PoE on the Device

 

 

 

 

Power over Ethernet can be used in any enterprise network that deploys relatively low-powereddevices connected to the Ethernet LAN, such as:

IP phones

Wireless access points

IP gateways

Audio and video remote monitoring devices

PoE Operation

PoE implements in the following stages:

Detection—Sendsspecial pulses on the copper cable. When a PoE device is located at the other end, that device responds to these pulses.

Classification—Negotiationbetween the Power Sourcing Equipment (PSE) and the Powered Device (PD) commences after the Detection stage. During negotiation, the PD specifies its class, which is the amount of maximum power that the PD consumes.

Power Consumption—Afterthe classification stage completes, the PSE provides power to the PD. If the PD supports PoE, but without classification, it is assumed to be class 0 (the maximum). If a PD tries to consume more power than permitted by the standard, the PSE stops supplying power to the port.

PoE supports two modes:

Port Limit—Themaximum power the device agrees to supply is limited to the value the system administrator configures, regardless of the Classification result.

Class Power Limit—Themaximum power the device agrees to supply is determined by the results of the Classification stage. This means that it is set as per the Client's request.

PoE Configuration Considerations

There are two factors to consider in the PoE feature:

The amount of power that the PSE can supply

The amount of power that the PD is actually attempting to consume

177

Cisco Small Business 300 Series Managed Switch Administration Guide

Port Management: PoE

11

 

PoE on the Device

 

 

 

 

 

You can decide the following:

Maximum power a PSE is allowed to supply to a PD

During device operation, to change the mode from Class Power Limit to Port Limit and vice versa. The power values per port that were configured for the Port Limit mode are retained.

NOTE Changing the mode from Class Limit to Port limit and vice versa when the device is operational forces the Powered Device to reboot.

Maximum port limit allowed as a per-portnumerical limit in mW (Port Limit mode).

To generate a trap when a PD tries to consume too much and at what percent of the maximum power this trap is generated.

The PoE-specifichardware automatically detects the PD class and its power limit according to the class of the device connected to each specific port (Class Limit mode).

If at any time during the connectivity an attached PD requires more power from the device than the configured allocation allows (no matter if the device is in Class Limit or Port Limit mode), the device does the following:

Maintains the up/down status of the PoE port link

Turns off power delivery to the PoE port

Logs the reason for turning off power

Generates an SNMP trap

!

CAUTION Consider the following when connecting switches capable of supplying PoE:

The PoE models of the Sx200, Sx300, and Sx500 series switches are PSE (Power Sourcing Equipment) that are capable of supplying DC power to attaching PD (Powered Devices). These devices include VoIP phones, IP cameras, and wireless access points. The PoE switches can detect and supply power to pre-standardlegacy PoE Powered Devices. Due to the support of legacy PoE, it is possible that a PoE device acting as a PSE may mistakenly detect and supply power to an attaching PSE, including other PoE switches, as a legacy PD.

Even though Sx200/300/500 PoE switches are PSE, and as such should be powered by AC, they could be powered up as a legacy PD by another PSE due to false detection. When this happens, the PoE device may not operate properly and

Cisco Small Business 300 Series Managed Switch Administration Guide

178

11

Port Management: PoE

 

 

Configuring PoE Properties

 

 

 

 

may not be able to properly supply power to its attaching PDs.

To prevent false detection, you should disable PoE on the ports on the PoE switches that are used to connect to PSEs. You should also first power up a PSE device before connecting it to a PoE device. When a device is being falsely detected as a PD, you should disconnect the device from the PoE port and power recycle the device with AC power before reconnecting its PoE ports.

Configuring PoE Properties

The PoE Properties page enables selecting either the Port Limit or Class Limit PoE mode and specifying the PoE traps to be generated.

These settings are entered in advance. When the PD actually connects and is consuming power, it might consume much less than the maximum power allowed.

Output power is disabled during power-onreboot, initialization, and system configuration to ensure that PDs are not damaged.

To configure PoE on the device and monitor current power usage:

STEP 1 Click Port Management > PoE > Properties.

STEP 2 Enter the values for the following fields:

Power Mode—Selectone of the following options:

-Port Limit—Themaximum power limit per each port is configured by the user.

-Class Limit—Themaximum power limit per port is determined by the class of the device, which results from the Classification stage.

NOTE When you change from Port Limit to Class Limit or vice versa, you must disable PoE ports, and enable them after changing the power configuration.

Traps—Enableor disable traps. If traps are enabled, you must also enable SNMP and configure at least one SNMP Notification Recipient.

Power Trap Threshold—Enterthe usage threshold that is a percentage of the power limit. An alarm is initiated if the power exceeds this value.

179

Cisco Small Business 300 Series Managed Switch Administration Guide

Port Management: PoE

11

 

Configuring PoE Settings

 

 

 

 

 

The following counters are displayed for each device:

Nominal Power—Thetotal amount of power the device can supply to all the connected PDs.

Consumed Power—Amountof power currently being consumed by the PoE ports.

Available Power—Nominalpower minus the amount of consumed power.

STEP 3 Click Apply to save the PoE properties.

Configuring PoE Settings

The PoE Settings page displays system PoE information for enabling PoE on the interfaces and monitoring the current power usage and maximum power limit per port.

NOTE PoE can be configured on the device for a specific period. This feature enables you to define, per port, the days in the week and the hours that PoE is enabled. When the time range is not active, PoE is disabled. To use this feature, a time range must first be defined in theTime Range page.

Click Port Management > PoE > Settings.

This page limits the power per port in two ways depending on the Power Mode:

Port Limit: Power is limited to a specified wattage. For these settings to be active, the system must be in PoE Port Limit mode. That mode is configured in the PoE Properties page.

When the power consumed on the port exceeds the port limit, the port power is turned off.

Class Limit: Power is limited based on the class of the connected PD. For these settings to be active, the system must be in PoE Class Limit mode. That mode is configured in the PoE Properties page.

When the power consumed on the port exceeds the class limit, the port power is turned off.

PoE priority example:

Given: A 48 port device is supplying a total of 375 watts.

Cisco Small Business 300 Series Managed Switch Administration Guide

180

11

Port Management: PoE

 

 

Configuring PoE Settings

 

 

 

 

The administrator configures all ports to allocate up to 30 watts. This results in 48 times 30 ports equaling 1440 watts, which is too much. The device cannot provide enough power to each port, so it provides power according to the priority.

The administrator sets the priority for each port, allocating how much power it can be given.

These priorities are entered in the PoE Settings page.

See Device Models for a description of the device models that support PoE and the maximum power that can be allocated to PoE ports.

To configure PoE port settings:

STEP 1 Click Port Management > PoE > Settings.The list of fields below is for Port Limit Power Mode. The fields are slightly different if the Power Mode is Class Limit.

STEP 2 Select a port and click Edit. The list of fields below is for Port Limit Power Mode. The fields are slightly different if the Power Mode is Class Limit.

STEP 3 Enter the value for the following field:

Interface—Selectthe port to configure.

PoE Administrative Status—Enableor disable PoE on the port.

Time Range—Selectto enabled PoE on the port.

Time Range Name—IfTime Range has been enabled, select the time range to be used. Time ranges are defined in theTime Range page.

Power Priority Level—Selectthe port priority: low, high, or critical, for use when the power supply is low. For example, if the power supply is running at 99% usage and port 1 is prioritized as high, but port 3 is prioritized as low, port 1 receives power and port 3 might be denied power.

Administrative Power Allocation—Thisfield appears only if the Power Mode set in the PoE Properties page is Port Limit. If the Power mode is Power Limit, enter the power in milliwatts allocated to the port.

Max Power Allocation—Displaysthe maximum amount of power permitted on this port.

181

Cisco Small Business 300 Series Managed Switch Administration Guide

Port Management: PoE

11

 

Configuring PoE Settings

 

 

 

 

 

Class—Thisfield appears only if the Power Mode set in the PoE Properties page is Class Limit. The class determines the power level:

Class

Maximum Power Delivered by Device Port

 

 

0

15.4 watt

 

 

1

4.0 watt

 

 

2

7.0 watt

 

 

3

15.4 watt

 

 

4

30.0 watt

 

 

Power Consumption—Displaysthe amount of power in milliwatts assigned to the powered device connected to the selected interface.

Overload Counter—Displaysthe total number of power overload occurrences.

Short Counter—Displaysthe total number of power shortage occurrences.

Denied Counter—Displaysnumber of times the powered device was denied power.

Absent Counter—Displaysthe number of times that power was stopped to the powered device, because the powered device was no longer detected.

Invalid Signature Counter—Displaysthe times an invalid signature was received. Signatures are the means by which the powered device identifies itself to the PSE. Signatures are generated during powered device detection, classification, or maintenance.

STEP 4 Click Apply. The PoE settings for the port are written to the Running Configuration file.

Cisco Small Business 300 Series Managed Switch Administration Guide

182

11

Port Management: PoE

 

 

Configuring PoE Settings

 

 

 

 

183

Cisco Small Business 300 Series Managed Switch Administration Guide

12

VLAN Management

This section covers the following topics:

VLANs

Configuring Default VLAN Settings

Creating VLANs

Configuring VLAN Interface Settings

Defining VLAN Membership

GVRP Settings

VLAN Groups

Voice VLAN

Access Port Multicast TV VLAN

Customer Port Multicast TV VLAN

VLANs

A VLAN is a logical group of ports that enables devices associated with it to communicate with each other over the Ethernet MAC layer, regardless of the physical LAN segment of the bridged network to which they are connected.

Cisco Small Business 300 Series Managed Switch Administration Guide

184

12

VLAN Management

 

 

VLANs

 

 

 

 

VLAN Description

Each VLAN is configured with a unique VID (VLAN ID) with a value from 1 to 4094. A port on a device in a bridged network is a member of a VLAN if it can send data to and receive data from the VLAN. A port is an untagged member of a VLAN if all packets destined for that port into the VLAN have no VLAN tag. A port is a tagged member of a VLAN if all packets destined for that port into the VLAN have a VLAN tag. A port can be a member of one untagged VLAN and can be a member of several tagged VLANs.

A port in VLAN Access mode can be part of only one VLAN. If it is in General or

Trunk mode, the port can be part of one or more VLANs.

VLANs address security and scalability issues. Traffic from a VLAN stays within the VLAN, and terminates at devices in the VLAN. It also eases network configuration by logically connecting devices without physically relocating those devices.

If a frame is VLAN-tagged,afour-byteVLAN tag is added to each Ethernet frame. The tag contains a VLAN ID between 1 and 4094, and a VLAN Priority Tag (VPT) between 0 and 7. SeeQuality of Service for details about VPT.

When a frame enters a VLAN-awaredevice, it is classified as belonging to a VLAN, based on thefour-byteVLAN tag in the frame.

If there is no VLAN tag in the frame or the frame is priority-taggedonly, the frame is classified to the VLAN based on the PVID (Port VLAN Identifier) configured at the ingress port where the frame is received.

The frame is discarded at the ingress port if Ingress Filtering is enabled and the ingress port is not a member of the VLAN to which the packet belongs. A frame is regarded as priority-taggedonly if the VID in its VLAN tag is 0.

Frames belonging to a VLAN remain within the VLAN. This is achieved by sending or forwarding a frame only to egress ports that are members of the target VLAN. An egress port may be a tagged or untagged member of a VLAN.

The egress port:

Adds a VLAN tag to the frame if the egress port is a tagged member of the target VLAN, and the original frame does not have a VLAN tag.

Removes the VLAN tag from the frame if the egress port is an untagged member of the target VLAN, and the original frame has a VLAN tag.

185

Cisco Small Business 300 Series Managed Switch Administration Guide

VLAN Management

12

 

VLANs

 

 

 

 

 

VLAN Roles

VLANs function at Layer 2. All VLAN traffic (Unicast/Broadcast/Multicast) remains within its VLAN. Devices attached to different VLANs do not have direct connectivity to each other over the Ethernet MAC layer. Devices from different VLANs can communicate with each other only through Layer 3 routers. An IP router, for example, is required to route IP traffic between VLANs if each VLAN represents an IP subnet.

The IP router might be a traditional router, where each of its interfaces connects to only one VLAN. Traffic to and from a traditional IP router must be VLAN untagged. The IP router can be a VLAN-awarerouter, where each of its interfaces can connect to one or more VLANs. Traffic to and from aVLAN-awareIP router can be VLAN tagged or untagged.

Adjacent VLAN-awaredevices exchange VLAN information with each other by using Generic VLAN Registration Protocol (GVRP). As a result, VLAN information is propagated through a bridged network.

VLANs on a device can be created statically or dynamically, based on the GVRP information exchanged by devices. A VLAN can be static or dynamic (from GVRP), but not both. For more information about GVRP, refer to the GVRP Settings section.

Some VLANs can have additional roles, including:

Voice VLAN: For more information refer to the Voice VLAN section.

Guest VLAN: Set in the Edit VLAN Authentication page.

Default VLAN: For more information refer to the Configuring Default VLAN Settings section.

Management VLAN (in Layer 2-system-modesystems): For more information refer to the Layer 2 IP Addressing section.

QinQ

QinQ provides isolation between service provider networks and customers' networks. The device is a provider bridge that supports port-basedc-taggedservice interface.

With QinQ, the device adds an ID tag known as Service Tag (S-tag)to forward traffic over the network. TheS-tagis used to segregate traffic between various customers, while preserving the customer VLAN tags.

Cisco Small Business 300 Series Managed Switch Administration Guide

186

12

VLAN Management

 

 

Configuring Default VLAN Settings

 

 

 

 

Customer traffic is encapsulated with an S-tagwith TPID 0x8100, regardless of whether it was originallyc-taggedor untagged. TheS-tagallows this traffic to be treated as an aggregate within a provider bridge network, where the bridging is based on theS-tagVID(S-VID)only.

The S-Tagis preserved while traffic is forwarded through the network service provider's infrastructure, and is later removed by an egress device.

An additional benefit of QinQ is that there is no need to configure customers' edge devices.

QinQ is enabled in the VLAN Management > Interface Settings page.

VLAN Configuration Workflow

To configure VLANs:

1.If required, change the default VLAN by using the Configuring Default VLAN Settings section.

2.Create the required VLANs by using the Creating VLANs section.

3.Set the desired VLAN-relatedconfiguration for ports and enable QinQ on an interface using theConfiguring VLAN Interface Settings section.

4.Assign interfaces to VLANs by using the Configuring Port to VLAN section or theConfiguring VLAN Membership section.

5.View the current VLAN port membership for all the interfaces in the Configuring VLAN Membership section.

Configuring Default VLAN Settings

When using factory default settings, the device automatically creates VLAN 1 as the default VLAN, the default interface status of all ports is Trunk, and all ports are configured as untagged members of the default VLAN.

The default VLAN has the following characteristics:

It is distinct, non-static/non-dynamic,and all ports are untagged members by default.

It cannot be deleted.

It cannot be given a label.

187

Cisco Small Business 300 Series Managed Switch Administration Guide

VLAN Management

12

 

Configuring Default VLAN Settings

 

 

 

 

 

It cannot be used for any special role, such as unauthenticated VLAN or Voice VLAN. This is only relevant for OUI-enabledvoice VLAN.

If a port is no longer a member of any VLAN, the device automatically configures the port as an untagged member of the default VLAN. A port is no longer a member of a VLAN if the VLAN is deleted or the port is removed from the VLAN.

RADIUS servers cannot assign the default VLAN to 802.1x supplicants by using Dynamic VLAN Assignment.

When the VID of the default VLAN is changed, the device performs the following on all the ports in the VLAN, after saving the configuration and rebooting the device:

Removes VLAN membership of the ports from the original default VLAN (possible only after reboot).

Changes the PVID (Port VLAN Identifier) of the ports to the VID of the new default VLAN.

The original default VLAN ID is removed from the device. To be used, it must be recreated.

Adds the ports as untagged VLAN members of the new default VLAN.

To change the default VLAN:

STEP 1 Click VLAN Management> Default VLAN Settings.

STEP 2 Enter the value for the following field:

Current Default VLAN ID—Displaysthe current default VLAN ID.

Default VLAN ID After Reboot—Entera new VLAN ID to replace the default VLAN ID after reboot.

STEP 3 Click Apply.

STEP 4 ClickSave (in theupper-rightcorner of the window) and save the Running Configuration to the Startup Configuration.

The Default VLAN ID After Resetbecomes the Current Default VLAN IDafter you reboot the device.

Cisco Small Business 300 Series Managed Switch Administration Guide

188

12

VLAN Management

 

 

Creating VLANs

 

 

 

 

Creating VLANs

You can create a VLAN, but this has no effect until the VLAN is attached to at least one port, either manually or dynamically. Ports must always belong to one or more VLANs.

The 300 Series device supports up to 4K VLANs, including the default VLAN.

Each VLAN must be configured with a unique VID (VLAN ID) with a value from 1 to 4094. The device reserves VID 4095 as the Discard VLAN. All packets

classified to the Discard VLAN are discarded at ingress, and are not forwarded to a port.

To create a VLAN:

STEP 1 Click VLAN Management> Create VLAN.

The Create VLAN page contains the following fields for all VLANs:

VLAN ID—User-definedVLAN ID.

VLAN Name—User-definedVLAN name.

Type—VLANtype:

-Dynamic—VLANwas dynamically created through Generic VLAN Registration Protocol (GVRP).

-Static—VLANisuser-defined.

-Default—VLANis the default VLAN.

STEP 2 ClickAdd to add a new VLAN or select an existing VLAN and clickEdit to modify the VLAN parameters.

The page enables the creation of either a single VLAN or a range of VLANs.

STEP 3 To create a single VLAN, select theVLAN radio button, enter the VLAN ID (VID), and optionally the VLAN Name.

To create a range of VLANs, select the Range radio button, and specify the range of VLANs to be created by entering the Starting VID and Ending VID, inclusive. When using the Range function, the maximum number of VLANs you can create at one time is 100.

STEP 4 ClickApply to create the VLAN(s).

189

Cisco Small Business 300 Series Managed Switch Administration Guide

VLAN Management

12

 

Configuring VLAN Interface Settings

 

 

 

 

 

Configuring VLAN Interface Settings

The Interface Settings page displays and enables configuration of VLAN-relatedparameters for all interfaces

To configure the VLAN settings:

STEP 1 Click VLAN Management> Interface Settings.

STEP 2 Select an interface type (Port or LAG), and clickGo. Ports or LAGs and their VLAN parameters are displayed.

STEP 3 To configure a Port or LAG, select it and clickEdit.

STEP 4 Enter the values for the following fields:

Interface—Selecta Port/LAG.

Interface VLAN Mode—Selectthe interface mode for the VLAN. The options are:

-General—Theinterface can support all functions as defined in the IEEE 802.1q specification. The interface can be a tagged or untagged member of one or more VLANs.

-Access—Theinterface is an untagged member of a single VLAN. A port configured in this mode is known as an access port.

-Trunk—Theinterface is an untagged member of one VLAN at most, and is a tagged member of zero or more VLANs. A port configured in this mode is known as a trunk port.

-Customer—Selectingthis option places the interface in QinQ mode. This enables you to use your own VLAN arrangements (PVID) across the provider network. The device is inQ-in-Qmode when it has one or more customer ports. SeeQinQ.

Administrative PVID—Enterthe Port VLAN ID (PVID) of the VLAN to which incoming untagged and priority tagged frames are classified. The possible values are 1 to 4094.

Frame Type—Selectthe type of frame that the interface can receive. Frames that are not of the configured frame type are discarded at ingress. These frame types are only available in General mode. Possible values are:

-Admit All—Theinterface accepts all types of frames: untagged frames, tagged frames, and priority tagged frames.

Cisco Small Business 300 Series Managed Switch Administration Guide

190

12

VLAN Management

 

 

Defining VLAN Membership

 

 

 

 

-Admit Tagged Only—Theinterface accepts only tagged frames.

-Admit Untagged Only—Theinterface accepts only untagged and priority frames.

Ingress Filtering—(Availableonly in General mode) Select to enable ingress filtering. When an interface is ingress filtering enabled, the interface discards all incoming frames that are classified as VLANs of which the interface is not a member. Ingress filtering can be disabled or enabled on general ports. It is always enabled on access ports and trunk ports.

STEP 5 ClickApply. The parameters are written to the Running Configuration file.

Defining VLAN Membership

The Port to VLAN and Port VLAN Membership pages display the VLAN memberships of the ports in various presentations. You can use them to add or remove memberships to or from the VLANs.

When a port is forbidden default VLAN membership, that port is not allowed membership in any other VLAN. An internal VID of 4095 is assigned to the port.

To forward the packets properly, intermediate VLAN-awaredevices that carry VLAN traffic along the path between end nodes must either be manually configured or must dynamically learn the VLANs and their port memberships from Generic VLAN Registration Protocol (GVRP).

Untagged port membership between two VLAN-awaredevices with no interveningVLAN-awaredevices, must be to the same VLAN. In other words, the PVID on the ports between the two devices must be the same if the ports are to send and receive untagged packets to and from the VLAN. Otherwise, traffic might leak from one VLAN to another.

Frames that are VLAN-taggedcan pass through other network devices that areVLAN-awareorVLAN-unaware.If a destination end node isVLAN-unaware,but is to receive traffic from a VLAN, then the lastVLAN-awaredevice (if there is one), must send frames of the destination VLAN to the end node untagged.

191

Cisco Small Business 300 Series Managed Switch Administration Guide

VLAN Management

12

 

Defining VLAN Membership

 

 

 

 

 

Configuring Port to VLAN

Use the Port to VLAN page to display and configure the ports within a specific

VLAN.

To map ports or LAGs to a VLAN:

STEP 1 Click VLAN Management> Port to VLAN.

STEP 2 Select a VLAN and the interface type (Port or LAG), and clickGo to display or to change the port characteristic with respect to the VLAN.

The port mode for each port or LAG appears with its current port mode (Access, Trunk or General) configured from the Interface Settings page.

Each port or LAG appears with its current registration to the VLAN.

STEP 3 Change the registration of an interface to the VLAN by selecting the desired option from the following list:

Forbidden—Theinterface is not allowed to join the VLAN even from GVRP registration. When a port is not a member of any other VLAN, enabling this option on the port makes the port part of internal VLAN 4095 (a reserved VID).

Excluded—Theinterface is currently not a member of the VLAN. This is the default for all the ports and LAGs. The port can join the VLAN through GVRP registration.

Tagged—Theinterface is a tagged member of the VLAN.

Untagged—Theinterface is an untagged member of the VLAN. Frames of the VLAN are sent untagged to the interface VLAN.

Multicast TV VLAN—Theinterface used for Digital TV using Multicast IP.

PVID—Selectto set the PVID of the interface to the VID of the VLAN. PVID is aper-portsetting.

STEP 4 ClickApply. The interfaces are assigned to the VLAN, and written to the Running Configuration file.

You can continue to display and/or configure port membership of another VLAN by selecting another VLAN ID.

Cisco Small Business 300 Series Managed Switch Administration Guide

192

12

VLAN Management

 

 

Defining VLAN Membership

 

 

 

 

Configuring VLAN Membership

The Port VLAN Membership page displays all ports on the device along with a list of VLANs to which each port belongs.

If the port-basedauthentication method for an interface is 802.1x and the

Administrative Port Control is Auto, then:

Until the port is authenticated, it is excluded from all VLANs, except guest and unauthenticated ones. In the VLAN to Port page, the port is marked with an upper case P.

When the port is authenticated, it receives membership in the VLAN in which it was configured.

To assign a port to one or more VLANs:

STEP 1 Click VLAN Management> Port VLAN Membership.

STEP 2 Select interface type (Port or LAG), and clickGo. The following fields are displayed for all interfaces of the selected type:

Interface—Port/LAGID.

Mode—InterfaceVLAN mode that was selected in the Interface Settings page.

Administrative VLANs—Drop-downlist that displays all VLANs of which the interface might be a member.

Operational VLANs—Drop-downlist that displays all VLANs of which the interface is currently a member.

LAG—Ifinterface selected is Port, displays the LAG in which it is a member.

STEP 3 Select a port, and click theJoin VLAN button.

STEP 4 Enter the values for the following fields:

Interface—Selecta Port or LAG.

Mode—Displaysthe port VLAN mode that was selected in the Interface Settings page.

Select VLAN—Toassociate a port with a VLAN(s), move the VLAN ID(s) from the left list to the right list by using the arrow buttons. The default VLAN might appear in the right list if it is tagged, but it cannot be selected.

Tagging—Selectone of the following tagging/PVID options:

193

Cisco Small Business 300 Series Managed Switch Administration Guide

VLAN Management

12

 

GVRP Settings

 

 

 

 

 

-Forbidden—Theinterface is not allowed to join the VLAN even from GVRP registration. When a port is not a member of any other VLAN, enabling this option on the port makes the port part of internal VLAN 4095 (a reserved VID).

-Excluded—Theinterface is currently not a member of the VLAN. This is the default for all the ports and LAGs. The port can join the VLAN through GVRP registration

-Tagged—Selectwhether the port is tagged. This is not relevant for Access ports.

-Untagged—Selectwhether port is untagged. This is not relevant for Access ports.

-PVID—PortPVID is set to this VLAN. If the interface is in access mode or trunk mode, the device automatically makes the interface an untagged member of the VLAN. If the interface is in general mode, you must manually configure VLAN membership.

STEP 5 ClickApply. The settings are modified and written to the Running Configuration file.

STEP 6 To see the administrative and operational VLANs on an interface, clickDetails.

GVRP Settings

Adjacent VLAN-awaredevices can exchange VLAN information with each other by using the Generic VLAN Registration Protocol (GVRP). GVRP is based on the Generic Attribute Registration Protocol (GARP) and propagates VLAN information throughout a bridged network.

Since GVRP requires support for tagging, the port must be configured in Trunk or General mode.

When a port joins a VLAN by using GVRP, it is added to the VLAN as a dynamic member, unless this was expressly forbidden in the Port VLAN Membership page. If the VLAN does not exist, it is dynamically created when Dynamic VLAN creation is enabled for this port (in the GVRP Settings page).

Cisco Small Business 300 Series Managed Switch Administration Guide

194

12

VLAN Management

 

 

VLAN Groups

 

 

 

 

GVRP must be activated globally as well as on each port. When it is activated, it transmits and receives GARP Packet Data Units (GPDUs). VLANs that are defined but not active are not propagated. To propagate the VLAN, it must be up on at least one port.

By default, GVRP is disabled globally and on ports.

Defining GVRP Settings

To define GVRP settings for an interface:

STEP 1 Click VLAN Management> GVRP Settings.

STEP 2 SelectGVRP Global Status to enable GVRP globally.

STEP 3 ClickApply to set the global GVRP status.

STEP 4 Select an interface type (Port or LAG), and clickGo to display all interfaces of that type.

STEP 5 To define GVRP settings for a port, select it, and clickEdit.

STEP 6 Enter the values for the following fields:

Interface—Selectthe interface (Port or LAG) to be edited.

GVRP State—Selectto enable GVRP on this interface.

Dynamic VLAN Creation—Selectto enable Dynamic VLAN Creation on this interface.

GVRP Registration—Selectto enable VLAN Registration using GVRP on this interface.

STEP 7 ClickApply. GVRP settings are modified, and written to the Running Configuration file.

VLAN Groups

VLAN groups are used for load balancing of traffic on a Layer 2 network.

Packets are assigned a VLAN according to various classifications that have been configured (such as VLAN groups).

195

Cisco Small Business 300 Series Managed Switch Administration Guide

STEP 1

VLAN Management

12

 

VLAN Groups

 

 

 

 

 

If several classifications schemes are defined, packets are assigned to a VLAN in the following order:

TAG: If the packet is tagged, the VLAN is taken from the tag.

MAC-BasedVLAN: If aMAC-basedVLAN has been defined, the VLAN is taken from the sourceMAC-to-VLANmapping of the ingress interface.

PVID: VLAN is taken from the port default VLAN ID.

MAC-basedGroups

MAC-basedVLAN classification enable packets to be classified according to their source MAC address. You can then defineMAC-to-VLANmapping per interface.

You can define several MAC-basedVLAN groups, which each group containing different MAC addresses.

These MAC-basedgroups can be assigned to specific ports/LAGs.MAC-basedVLAN groups cannot contain overlapping ranges of MAC addresses on the same port.

Workflow

To define a MAC-basedVLAN group:

1.Assign a MAC address to a VLAN group ID (using the MAC-BasedGroups page).

2.For each required interface:

a.Assign the VLAN group to a VLAN (using Mac-BasedGroups to VLAN page). The interfaces must be in General mode.

b.If the interface does not belong to the VLAN, manually assign it to the VLAN using the Port to VLAN page.

Assigning MAC-basedVLAN Groups

To assign a MAC address to a VLAN Group:

Click VLAN Management> VLAN Groups> MAC-BasedGroups.

STEP 2 Click Add.

STEP 3 Enter the values for the following fields:

MAC Address—Entera MAC address to be assigned to a VLAN group.

Cisco Small Business 300 Series Managed Switch Administration Guide

196

12

VLAN Management

 

 

VLAN Groups

 

 

 

 

NOTE This MAC address cannot be assigned to any other VLAN group.

Prefix Mask—Enterone of the following:

-Host—Sourcehost of the MAC address

-LengthPrefix of the MAC address

Group ID—Enterauser-createdVLAN group ID number.

STEP 4 ClickApply. The MAC address is assigned to a VLAN group.

Mapping VLAN Group to VLAN Per Interface

Ports/LAGs must be in General mode.

To assign a MAC-basedVLAN group to a VLAN on an interface:

STEP 1 Click VLAN Management> VLAN Groups> MAC-BasedGroups to VLAN.

STEP 2 Click Add.

STEP 3 Enter the values for the following fields:

Group Type—Displaysthat the group isMAC-Based.

Interface—Entera general interface (port/LAG) through which traffic is received.

Group ID—Selecta VLAN group, defined in theMAC-BasedGroups page.

VLAN ID—Selectthe VLAN to which traffic from the VLAN group is forwarded.

STEP 4 ClickApply to set the mapping of the VLAN group to the VLAN. This mapping does not bind the interface dynamically to the VLAN; the interface must be manually added to the VLAN.)

197

Cisco Small Business 300 Series Managed Switch Administration Guide

VLAN Management

12

 

Voice VLAN

 

 

 

 

 

Voice VLAN

In a LAN, voice devices, such as IP phones, VoIP endpoints, and voice systems are placed into the same VLAN. This VLAN is referred as the voice VLAN. If the voice devices are in different voice VLANs, IP (Layer 3) routers are needed to provide communication.

This section covers the following topics:

Voice VLAN Overview

Configuring Voice VLAN

Voice VLAN Overview

This section covers the following topics:

Dynamic Voice VLAN Modes

Auto Voice VLAN, Auto Smartports, CDP, and LLDP

Voice VLAN QoS

Voice VLAN Constraints

Voice VLAN Workflows

The following are typical voice deployment scenarios with appropriate configurations:

UC3xx/UC5xx hosted: All Cisco phones and VoIP endpoints support this deployment model. For this model, the UC3xx/UC5xx, Cisco phones and VoIP endpoints reside in the same voice VLAN. The voice VLAN of UC3xx/ UC5xx defaults to VLAN 100.

Third-partyIPPBX-hosted:Cisco SBTGCP-79xx,SPA5xx phones and SPA8800 endpoints support this deployment model. In this model, the VLAN used by the phones is determined by the network configuration.

There may or may not be separate voice and data VLANs. The phones and VoIP endpoints register with an on-premiseIP PBX.

IP Centrex/ITSP hosted: Cisco CP-79xx,SPA5xx phones and SPA8800 endpoints support this deployment model. For this model, the VLAN used by the phones is determined by the network configuration. There may or may not be separate voice and data VLANs. The phones and VoIP endpoints register with anoff-premiseSIP proxy in “the cloud”.

Cisco Small Business 300 Series Managed Switch Administration Guide

198

12

VLAN Management

 

 

Voice VLAN

 

 

 

 

From a VLAN perspective, the above models operate in both VLAN-awareandVLAN-unawareenvironments. In theVLAN-awareenvironment, the voice VLAN is one of the many VLANs configured in an installation. TheVLAN-unawarescenario is equivalent to aVLAN-awareenvironment with only one VLAN.

The device always operates as a VLAN-awareswitch.

The device supports a single voice VLAN. By default, the voice VLAN is VLAN 1. The voice VLAN is defaulted to VLAN 1. A different voice VLAN can be manually configured. It can also be dynamically learned when Auto Voice VLAN is enabled.

Ports can be manually added to the voice VLAN by using basic VLAN configuration described in the Configuring VLAN Interface Setting section, or by manually applying voice-relatedSmartport macro to the ports. Alternatively, they can be added dynamically if the device is in Telephony OUI mode, or has Auto Smartports enabled.

Dynamic Voice VLAN Modes

The device supports two dynamic voice VLAN modes: Telephony OUI (Organization Unique Identifier) mode and Auto Voice VLAN mode. The two modes affect how voice VLAN and/or voice VLAN port memberships are configured. The two modes are mutually exclusive to each other.

Telephony OUI

In Telephony OUI mode, the voice VLAN must be a manually-configuredVLAN, and cannot be the default VLAN.

When the device is in Telephony OUI mode and a port is manually configured as a candidate to join the voice VLAN, the device dynamically adds the port to the voice VLAN if it receives a packet with a source MAC address matching to one of the configured telephony OUIs. An OUI is the first three bytes of an Ethernet MAC address. For more information about Telephony OUI, see Configuring Telephony OUI.

Auto Voice VLAN

In Auto Voice VLAN mode, the voice VLAN can be either the default voice VLAN, manually configured, or learned from external devices such as UC3xx/5xx and from switches that advertise voice VLAN in CDP or VSDP. VSDP is a Cisco defined protocol for voice service discovery.

199

Cisco Small Business 300 Series Managed Switch Administration Guide

VLAN Management

12

 

Voice VLAN

 

 

 

 

 

Unlike Telephony OUI mode that detects voice devices based on telephony OUI, Auto Voice VLAN mode depends on Auto Smartport to dynamically add the ports to the voice VLAN. Auto Smartport, if enabled, adds a port to the voice VLAN if it detects an attaching device to the port that advertises itself as a phone or media end points through CDP and/or LLDP-MED.

Voice End-Points

To have a voice VLAN work properly, the voice devices, such as Cisco phones and VoIP endpoints, must be assigned to the voice VLAN where it sends and receives its voice traffic. Some of the possible scenarios are as follows:

A phone/endpoint may be statically configured with the voice VLAN.

A phone/endpoint may obtain the voice VLAN in the boot file it downloads from a TFTP server. A DHCP server may specify the boot file and the TFTP server when it assigns an IP address to the phone.

A phone/endpoint may obtain the voice VLAN information from CDP and LLDP-MEDadvertisements it receives from their neighbor voice systems and switches.

The device expects the attaching voice devices to send voice VLAN, tagged packets. On ports where the voice VLAN is also the native VLAN, voice VLAN untagged packets are possible.

Auto Voice VLAN, Auto Smartports, CDP, and LLDP

Defaults

By factory defaults, CDP, LLDP, and LLDP-MEDon the device are enabled, auto Smartport mode is enabled, Basic QoS with trusted DSCP is enabled, and all ports are members of default VLAN 1, which is also the default Voice VLAN.

In addition, Dynamic Voice VLAN mode is the default to Auto Voice VLAN with enabling based on trigger, and Auto Smartport is the default to be enabled depending on Auto Voice VLAN.

Voice VLAN Triggers

When the Dynamic Voice VLAN mode is Enable Auto Voice VLAN, Auto Voice VLAN becomes operational only if one or more triggers occur. Possible triggers are static voice VLAN configuration, voice VLAN information received in neighbor CDP advertisement, and voice VLAN information received in the Voice VLAN Discovery Protocol (VSDP). If desired, you can activate Auto Voice VLAN immediately without waiting for a trigger.

Cisco Small Business 300 Series Managed Switch Administration Guide

200

12

VLAN Management

 

 

Voice VLAN

 

 

 

 

When Auto Smartport is enabled, depending on Auto Voice VLAN mode, Auto Smartport is enabled when Auto Voice VLAN becomes operational. If desired, you can make Auto Smartport independent of Auto Voice VLAN.

NOTE The default configuration list here applies to switches whose firmware version supports Auto Voice VLAN out of the box. It also applies to unconfigured switches that have been upgraded to the firmware version that supports Auto Voice VLAN.

NOTE The defaults and the voice VLAN triggers are designed to have no effect on any installations without a voice VLAN and on switches that have already been configured. You may manually disable and enable Auto Voice VLAN and/or Auto Smartport to fit your deployment if needed.

Auto Voice VLAN

Auto Voice VLAN is responsible to maintain the voice VLAN, but depends on Auto Smartport to maintain the voice VLAN port memberships. Auto Voice VLAN performs the following functions when it is in operation:

It discovers voice VLAN information in CDP advertisements from directly connected neighbor devices.

If multiple neighbor switches and/or routers, such as Cisco Unified Communication (UC) devices, are advertising their voice VLAN, the voice VLAN from the device with the lowest MAC address is used.

NOTE If connecting the device to a Cisco UC device, you may need to configure the port on the UC device using theswitchport voice vlan command to ensure the UC device advertises its voice VLAN in CDP at the port.

It synchronizes the voice VLAN-relatedparameters with other Auto VoiceVLAN-enabledswitches, using Voice Service Discovery Protocol (VSDP). The device always configures itself with the voice VLAN from the highest priority source it is aware of. The priority is based on the source type and MAC address of the source providing the voice VLAN information. Source type priority from high to low are static VLAN configuration, CDP advertisement, and default configuration based on changed default VLAN, and default voice VLAN. A numeric low MAC address is of higher priority than a numeric high MAC address.

It maintains the voice VLAN until a new voice VLAN from a higher priority source is discovered or until the Auto Voice VLAN is restarted by the user. When restarted, the device resets the voice VLAN to the default voice VLAN and restarts the Auto Voice VLAN discovery.

201

Cisco Small Business 300 Series Managed Switch Administration Guide

VLAN Management

12

 

Voice VLAN

 

 

 

 

 

When a new voice VLAN is configured/discovered, the device automatically creates it, and replaces all the port memberships of the existing voice VLAN to the new voice VLAN. This may interrupt or terminate existing voice sessions, which is expected when network topology is altered.

NOTE If the device is in Layer 2 system mode, it can synchronize with only VSDP capable switches in the same management VLAN. If the device is in Layer 3 system mode, it can synchronize with VSDP capable switches that are in thedirectly-connectedIP subnets configured at the device.

Auto Smartport works with CDP/LLDP to maintain the port memberships of the voice VLAN when voice end-pointsare detected from the ports:

When CDP and LLDP are enabled, the device sends out CDP and LLDP packets periodically to advertise the voice VLAN to the voice endpoints to use.

When a device attaching to a port advertises itself as a voice endpoint through CDP and/or LLDP, the Auto Smartport automatically adds the port to the voice VLAN by applying the corresponding Smartport macro to the port (if there is no other devices from the port advertising a conflicting or superior capability). If a device advertises itself as a phone, the default Smartport macro is phone. If a device advertises itself as a phone and host or phone and bridge, the default Smartport macro is phone+desktop.

Voice VLAN QoS

Voice VLAN can propagate the CoS/802.1p and DSCP settings by using LLDPMED Network policies. The LLDP-MEDis set by default to response with the Voice QoS setting if an appliance sendsLLDP-MEDpackets.MED-supporteddevices must send their voice traffic with the same CoS/802.1p and DSCP values, as received with theLLDP-MEDresponse.

You can disable the automatic update between Voice VLAN and LLDP-MEDand use his own network policies.

Working with the OUI mode, the device can additionally configure the mapping and remarking (CoS/802.1p) of the voice traffic based on the OUI.

By default, all interfaces are CoS/802.1p trusted. The device applies the quality of service based on the CoS/802.1p value found in the voice stream. In Auto Voice VLAN, you can override the value of the voice streams using advanced QoS. For Telephony OUI voice streams, you can override the quality of service and optionally remark the 802.1p of the voice streams by specifying the desired CoS/ 802.1p values and using the remarking option under Telephony OUI.

Cisco Small Business 300 Series Managed Switch Administration Guide

202

12

VLAN Management

 

 

Voice VLAN

 

 

 

 

Voice VLAN Constraints

The following constraints exist:

Only one Voice VLAN is supported.

A VLAN that is defined as a Voice VLAN cannot be removed

In addition the following constraints are applicable for Telephony OUI:

The Voice VLAN cannot be VLAN1 (the default VLAN).

The Voice VLAN cannot be Smartport enabled.

The Voice VLAN cannot support DVA (Dynamic VLAN assignment).

The Voice VLAN cannot be the Guest VLAN if the voice VLAN mode is OUI. If the voice VLAN mode is Auto, then the Voice VLAN can be the Guest VLAN.

The Voice VLAN QoS decision has priority over any other QoS decision, except for the Policy/ACL QoS decision.

A new VLAN ID can be configured for the Voice VLAN only if the current Voice VLAN does not have candidate ports.

The interface VLAN of a candidate port must be in General or Trunk mode.

The Voice VLAN QoS is applied to candidate ports that have joined the Voice VLAN, and to static ports.

The voice flow is accepted if the MAC address can be learned by the Forwarding Database (FDB). (If there is no free space in FDB, no action occurs).

 

Voice VLAN Workflows

 

The device default configuration on Auto Voice VLAN, Auto Smartports, CDP, and

 

LLDP cover most common voice deployment scenarios. This section describes

 

how to deploy voice VLAN when the default configuration does not apply.

 

Workflow1: To configure Auto Voice VLAN:

 

 

STEP 1

Open the VLAN Management > Voice VLAN > Properties page.

STEP 2

Select the Voice VLAN ID. It cannot be set to VLAN ID 1 (this step is not required for

 

dynamic Voice VLAN).

STEP 3

Set Dynamic Voice VLAN to Enable Auto Voice VLAN.

203

Cisco Small Business 300 Series Managed Switch Administration Guide

VLAN Management

12

 

 

Voice VLAN

 

 

 

 

 

 

 

 

STEP 4

Select the Auto Voice VLAN Activation method.

 

NOTE If the device is currently in Telephony OUI mode, you must disable it

 

before you can configure Auto Voice Vlan

STEP 5

Click Apply.

STEP 6

Configure Smartports as described in the Common Smartport Tasks section.

STEP 7

Configure LLDP/CDP as described in the Configuring LLDP andConfiguring

 

CDP sections, respectively.

STEP 8

Enable the Smartport feature on the relevant ports using the Smartport > Interface

 

Settings page.

 

NOTE Step 7 and Step 8 are optional as they are enabled by default.

 

 

 

Workflow2: To configure the Telephony OUI Method

 

 

STEP 1

Open the VLAN Management > Voice VLAN > Properties page. Set Dynamic Voice

 

VLAN to Enable Telephony OUI.

 

NOTE If the device is currently in Auto Voice VLAN mode, you must disable

 

it before you can enable Telephony OUI.

STEP 2

Configure Telephony OUI in the Telephony OUI page.

STEP 3

Configure Telephony OUI VLAN membership for ports in the Telephony OUI

 

Interface page.

 

 

 

Configuring Voice VLAN

 

This section describes how to configure voice VLAN. It covers the following

 

topics:

 

Configuring Voice VLAN Properties

 

Displaying Auto Voice VLAN Settings

 

Configuring Telephony OUI

Cisco Small Business 300 Series Managed Switch Administration Guide

204

12

VLAN Management

 

 

Voice VLAN

 

 

 

 

Configuring Voice VLAN Properties

Use the Voice VLAN Properties page for the following:

View how voice VLAN is currently configured.

Configure the VLAN ID of the Voice VLAN.

Configure voice VLAN QoS settings.

Configure the voice VLAN mode (Telephony OUI or Auto Voice VLAN).

Configure how Auto Voice VLAN is triggered.

To view and configure Voice VLAN properties:

STEP 1 Click VLAN Management> Voice VLAN> Properties.

The voice VLAN settings configured on the device are displayed in the Voice VLAN Settings (Administrative Status) block.

The voice VLAN settings that are actually being applied to the voice VLAN deployment are displayed in the Voice VLAN Settings (Operational Status) block.

STEP 2 Enter values for the following fields:

Voice VLAN ID—Enterthe VLAN that is to be the Voice VLAN.

NOTE Changes in the voice VLAN ID, CoS/802.1p, and/or DSCP cause the device to advertise the administrative voice VLAN as a static voice VLAN. If the optionAuto Voice VLAN Activation triggered by external Voice VLAN is selected, then the default values need to be maintained.

CoS/802.1p —Selecta CoS/802.1p value that to be used byLLDP-MEDas a voice network policy. Refer toAdministration > Discovery > LLDP > LLDP MED Network Policy for additional details.

DSCP—Selectionof DSCP values that to be used by theLLDP-MEDas a voice network policy. Refer toAdministration > Discovery > LLDP > LLDP MED Network Policy for additional details.

Dynamic Voice VLAN—Selectthis field to disable or enable voice VLAN feature in one of the following ways:

-Enable Auto Voice VLAN—EnableDynamic Voice VLAN in Auto Voice VLAN mode.

205

Cisco Small Business 300 Series Managed Switch Administration Guide

VLAN Management

12

 

Voice VLAN

 

 

 

 

 

-Enable Telephony OUI—EnableDynamic Voice VLAN in Telephony OUI mode.

-Disable—DisableAuto Voice Vlan or Telephony OUI.

Auto Voice VLAN Activation—IfAuto Voice VLAN was enabled, select one of the following options to activate Auto Voice VLAN:

-Immediate—AutoVoice VLAN on the device is to be activated and put into operation immediately if enabled.

-By External Voice VLAN Trigger—AutoVoice VLAN on the device is activated and put into operation only if the device detects a device advertising the voice VLAN.

NOTE Manuallyre-configuringthe voice VLAN ID, CoS/802.1p, and/or DSCP from their default values results in a static voice VLAN, which has higher priority than auto voice VLAN that was learned from external sources.

STEP 3 ClickApply. The VLAN properties are written to the Running Configuration file.

Displaying Auto Voice VLAN Settings

If Auto Voice VLAN mode is enabled, use the Auto Voice VLAN page to view the relevant global and interface parameters.

You can also use this page to manually restart Auto Voice VLAN, by clicking Restart Auto Voice VLAN. After a short delay, this resets the voice VLAN to the default voice VLAN and restarts the Auto Voice VLAN discovery and synchronization process on all the switches in the LAN that are Auto Voice VLAN enabled.

NOTE This only resets the voice VLAN to the default voice vlan if the Source Type is in the

Inactive state.

To view Auto Voice VLAN parameters:

STEP 1 Click VLAN Management> Voice VLAN> Auto Voice VLAN.

The Operation Status block on this page shows the information about the current voice VLAN and its source:

Auto Voice VLAN Status—Displayswhether Auto Voice VLAN is enabled.

Voice VLAN ID—Theidentifier of the current voice VLAN

Cisco Small Business 300 Series Managed Switch Administration Guide

206

12

VLAN Management

 

 

Voice VLAN

 

 

 

 

Source Type—Displaysthe type of source where the voice VLAN is discovered by the root device.

CoS/802.1p—DisplaysCoS/802.1p values to be used by theLLDP-MEDas a voice network policy.

DSCP—DisplaysDSCP values to be used by theLLDP-MEDas a voice network policy.

Root Switch MAC Address—TheMAC address of the Auto Voice VLAN root device that discovers or is configured with the voice VLAN from which the voice VLAN is learned.

Switch MAC Address—BaseMAC address of the device. If the device's Switch MAC address is the Root Switch MAC Address, the device is the Auto Voice VLAN root device.

Voice VLAN ID Change Time—Lasttime that voice VLAN was updated.

STEP 2 Click Restart Auto Voice VLAN to reset the voice VLAN to the default voice VLAN and restart Auto Voice VLAN discovery on all theAuto-Voice-VLAN-enabledswitches in the LAN.

The Voice VLAN Local Table displays voice VLAN configured on the device, as well as any voice VLAN configuration advertised by directly-connectedneighbor devices. It contains the following fields:

Interface—Displaysthe interface on which voice VLAN configuration was received or configured. If N/A appears, the configuration was done on the device itself. If an interface appears, a voice configuration was received from a neighbor.

Source MAC Address— MAC address of a UC from which the voice configuration was received.

Source Type— Type of UC from which voice configuration was received. The following options are available:

-Default—Defaultvoice VLAN configuration on the device

-Static—User-definedvoice VLAN configuration defined on the device.

-CDP—UCthat advertised voice VLAN configuration is running CDP.

-LLDP—UCthat advertised voice VLAN configuration is running LLDP.

-Voice VLAN ID—Theidentifier of the advertised or configured voice VLAN

207

Cisco Small Business 300 Series Managed Switch Administration Guide

VLAN Management

12

 

Voice VLAN

 

 

 

 

 

Voice VLAN ID—Theidentifier of the current voice VLAN.

CoS/802.1p—Theadvertised or configured CoS/802.1p values that are used by theLLDP-MEDas a voice network policy.

DSCP—Theadvertised or configured DSCP values that are used by theLLDP-MEDas a voice network policy.

Best Local Source—Displayswhether this voice VLAN was used by the device. The following options are available:

-Yes—Thedevice uses this voice VLAN to synchronize with other Auto VoiceVLAN-enabledswitches. This voice VLAN is the voice VLAN for the network unless a voice VLAN from a higher priority source is discovered. Only one local source is the best local source.

-No—Thisis not the best local source.

STEP 3 ClickRefresh to refresh the information on the page

Configuring Telephony OUI

OUIs are assigned by the Institute of Electrical and Electronics Engineers, Incorporated (IEEE) Registration Authority. Since the number of IP phone manufacturers is limited and well-known,the known OUI values cause the relevant frames, and the port on which they are seen, to be automatically assigned to a Voice VLAN.

The OUI Global table can hold up to 128 OUIs.

This section covers the following topics:

Adding OUIs to the Telephony OUI Table

Adding Interfaces to Voice VLAN on Basis of OUIs

Adding OUIs to the Telephony OUI Table

Use the Telephony OUI page to configure Telephony OUI QoS properties. In addition, the Auto Membership Aging time can be configured. If the specified time period passes with no telephony activity, the port is removed from the Voice VLAN.

Use the Telephony OUI page to view existing OUIs, and add new OUIs.

Cisco Small Business 300 Series Managed Switch Administration Guide

208

12

VLAN Management

 

 

Voice VLAN

 

 

 

 

To configure Telephony OUI and/or add a new Voice VLAN OUI:

STEP 1 Click VLAN Management> Voice VLAN> Telephony OUI.

The Telephony OUI page contains the following fields:

Telephony OUI Operational Status—Displayswhether OUIs are used to identify voice traffic.

CoS/802.1p—Selectthe CoS queue to be assigned to voice traffic.

Remark CoS/802.1p—Selectwhether to remark egress traffic.

Auto Membership Aging Time—Enterthe time delay to remove a port from the voice VLAN after all of the MAC addresses of the phones detected on the ports have aged out.

STEP 2 Click Apply to update the Running Configuration of the device with these values.

The Telephony OUI table appears:

Telephony OUI—Firstsix digits of the MAC address that are reserved for OUIs.

Description—User-assignedOUI description.

STEP 3 ClickRestore OUI Defaults to delete all of theuser-createdOUIs, and leave only the default OUIs in the table.

To delete all the OUIs, select the top checkbox. All the OUIs are selected and can be deleted by clicking Delete. If you then clickRestore, the system recovers the known OUIs.

STEP 4 To add a new OUI, clickAdd.

STEP 5 Enter the values for the following fields:

Telephony OUI—Entera new OUI.

Description—Enteran OUI name.

STEP 6 ClickApply. The OUI is added to the Telephony OUI Table.

209

Cisco Small Business 300 Series Managed Switch Administration Guide

VLAN Management

12

 

Voice VLAN

 

 

 

 

 

Adding Interfaces to Voice VLAN on Basis of OUIs

The QoS attributes can be assigned per port to the voice packets in one of the following modes:

All—Qualityof Service (QoS) values configured to the Voice VLAN are applied to all of the incoming frames that are received on the interface and are classified to the Voice VLAN.

Telephony Source MAC Address (SRC)—The QoS values configured for the Voice VLAN are applied to any incoming frame that is classified to the Voice VLAN and contains an OUI in the source MAC address that matches a configured telephony OUI.

Use the Telephony OUI Interface page to add an interface to the voice VLAN on the basis of the OUI identifier and to configure the OUI QoS mode of voice VLAN.

To configure Telephony OUI on an interface:

STEP 1 Click VLAN Management> Voice VLAN> Telephony OUI Interface.

The Telephony OUI Interface page contains voice VLAN OUI parameters for all interfaces.

STEP 2 To configure an interface to be a candidate port of the telephonyOUI-basedvoice VLAN, clickEdit.

STEP 3 Enter the values for the following fields:

Interface—Selectan interface.

Telephony OUI VLAN Membership—Ifenabled, the interface is a candidate port of the telephony OUI based voice VLAN. When packets that match one of the configured telephony OUI are received, the port is added to the voice VLAN.

Voice VLAN QoS Mode—Selectone of the following options:

-All—QoSattributes are applied on all packets that are classified to the Voice VLAN.

-Telephony Source MAC Address—QoSattributes are applied only on packets from IP phones.

STEP 4 ClickApply. The OUI is added.

Cisco Small Business 300 Series Managed Switch Administration Guide

210

12

VLAN Management

 

 

Access Port Multicast TV VLAN

 

 

 

 

Access Port Multicast TV VLAN

Multicast TV VLANs enable Multicast transmissions to subscribers who are not on the same data VLAN (Layer 2-isolated),without replicating the Multicast transmission frames for each subscriber VLAN.

Subscribers, who are not on the same data VLAN (Layer 2-isolated)and are connected to the device with different VLAN ID membership. can share the same Multicast stream by joining the ports to the same Multicast VLAN ID.

The network port, connected to the Multicast server, is statically configured as a member in the Multicast VLAN ID.

The network ports, which through subscribers communicate with the Multicast server (by sending IGMP messages), receive the Multicast streams from the Multicast server, while including the Multicast TV VLAN in the Multicast packet header. For this reasons, the network ports must be statically configured as the following:

Trunk or general port type (see Configuring VLAN Interface Settings)

Member on the Multicast TV VLAN

The subscriber receiver ports can be associated with the Multicast TV VLAN only if it is defined in one of the two following types:

Access port

Customer port (see Customer Port Multicast TV VLAN)

One or more IP Multicast address groups can be associated with the same

Multicast TV VLAN.

Any VLAN can be configured as a Multicast-TVVLAN. A port assigned to a

Multicast-TVVLAN:

Joins the Multicast-TVVLAN.

Packets passing through egress ports in the Multicast TV VLAN are untagged.

The port’s Frame Type parameter is set to Admit All, allowing untagged packets (see Configuring VLAN Interface Settings).

The Multicast TV VLAN configuration is defined per port. Customer ports are configured to be member of Multicast TV VLANs using the Multicast TV VLAN Page.

211

Cisco Small Business 300 Series Managed Switch Administration Guide

VLAN Management

12

 

Access Port Multicast TV VLAN

 

 

 

 

 

IGMP Snooping

Multicast TV VLAN relies on IGMP snooping, which means that:

Subscribers use IGMP messages to join or leave a Multicast group.

Device performs IGMP snooping and configures the access port according to its Multicast membership on Multicast TV VLAN.

The device decides for each IGMP packet that is received on an access port whether to associate it with the access VLAN or with the Multicast TV VLAN according to the following rules:

If an IGMP message is received on an access port, with destination Multicast IP address that is associated with the port’s Multicast TV VLAN, then the software associates the IGMP packet with the Multicast TV VLAN.

Otherwise the IGMP message is associated to the access VLAN and the IGMP message is only forwarded within that VLAN.

The IGMP message is discarded if:

-The STP/RSTP state on the access port is discard.

-The MSTP state for the access VLAN is discard.

-The MSTP state for the Multicast TV VLAN is discard, and the IGMP message is associated with this Multicast TV VLAN.

Differences Between Regular and Multicast TV VLANs

Characteristics of Regular vs. Multicast TV VLANs

 

Regular VLAN

Multicast TV VLAN

 

 

 

VLAN Membership

Source and all receiver

Source and receiver ports

 

ports must be static

cannot be members in the

 

members in the same

same data VLAN.

 

data VLAN.

 

 

 

 

Group registration

All Multicast group

Groups must be associated

 

registration is dynamic.

to Multicast VLAN statically,

 

 

but actual registration of

 

 

station is dynamic.

 

 

 

Cisco Small Business 300 Series Managed Switch Administration Guide

212

12

VLAN Management

 

 

Access Port Multicast TV VLAN

 

 

 

 

 

Regular VLAN

Multicast TV VLAN

 

 

 

Receiver ports

VLAN can be used to

Multicast VLAN can only be

 

both send and receive

used to receive traffic by the

 

traffic (both Multicast and

stations on the port (only

 

Unicast).

Multicast).

 

 

 

Security and

Receivers of same

Receivers of same multicast

Isolation

multicast stream are on

stream are in different

 

the same data VLAN and

Access VLANs and isolated

 

can communicate with

from each other

 

each other

 

 

 

 

Configuration

Workflow

Configure TV VLAN with the following steps:

1.Define a TV VLAN by associating a Multicast group to a VLAN (using the Multicast Group to VLAN page).

2.Specify the access ports in each Multicast VLAN (using the Port Multicast VLAN Membership page.

Multicast TV Group to VLAN

To define the Multicast TV VLAN configuration:

STEP 1 Click VLAN Management > Access Port Multicast TV VLAN > Multicast Group to VLAN.

The following fields are displayed:

Multicast Group—IPaddress of the Multicast group.

Multicast TV VLAN—VLANto which the Multicast packets are assigned.

STEP 2 Click Add to associate a Multicast group to a VLAN. Any VLAN can be selected. When a VLAN is selected, it becomes a Multicast TV VLAN.

STEP 3 Click Apply. Multicast TV VLAN settings are modified, and written to the Running Configuration file.

213

Cisco Small Business 300 Series Managed Switch Administration Guide

VLAN Management

12

 

Customer Port Multicast TV VLAN

 

 

 

 

 

Port Multicast VLAN Membership

To define the Multicast TV VLAN configuration:

STEP 1 Click VLAN Management > Access Port Multicast TV VLAN > Port Multicast VLAN Membership.

STEP 2 Select a VLAN from the Multicast TV VLAN field.

STEP 3 The Candidate Access Ports list contains all access ports configured on the device. Move the required ports from the Candidate Access Ports field to the Member Access Ports field.

STEP 4 Click Apply. Multicast TV VLAN settings are modified, and written to the Running Configuration file.

Customer Port Multicast TV VLAN

A triple play service provisions three broadband services, over a single broadband connection:

High-speedInternet access

Video

Voice

The triple play service is provisioned for service provider subscribers, while keeping Layer 2-isolationbetween them.

Each subscriber has a CPE MUX box. The MUX has multiple access ports that are connected to the subscriber's devices (PC, telephone and so on), and one network port that is connected to the access device.

The box forwards the packets from the network port to the subscriber's devices based on the VLAN tag of the packet. Each VLAN is mapped to one of the MUX access ports.

Packets from subscribers to the service provider network are forwarded as VLAN tagged frames, in order to distinguish between the service types, which mean that for each service type there is a unique VLAN ID in the CPE box.

Cisco Small Business 300 Series Managed Switch Administration Guide

214

12

VLAN Management

 

 

Customer Port Multicast TV VLAN

 

 

 

 

All packets from the subscriber to the service provider network are encapsulated by the access device with the subscriber’s VLAN configured as customer VLAN (Outer tag or S-VID),except for IGMP snooping messages from the TV receivers, which are associated with the Multicast TV VLAN. VOD information that is also sent from the TV receivers are sent like any other type of traffic.

Packets from the service provider network that received on the network port to the subscriber are sent on the service provider network as double tag packets, while the outer tag (Service Tag or S-Tag)represent one of the two type of VLAN as following:

Subscriber’s VLAN (Includes Internet and IP Phones)

Multicast TV VLAN

The inner VLAN (C-Tag)is the tag that determines the destination in the subscriber’s network (by the CPE MUX).

Workflow

1.Configure an access port as a customer port (using the VLAN Management > Interface Settings page). See QinQ for more information.

2.Configure the network port as a trunk or general port with subscriber and Multicast TV VLAN as tagged VLANS. (using the VLAN Management > Interface Settings page.

3.Create a Multicast TV VLAN with up to 4094 different VLAN(s). (The VLAN creation is done via the regular VLAN management configuration)

4.Associate the customer port to a Multicast TV VLAN, using the Port Multicast VLAN Membership page.

5.Map the CPE VLAN (C-TAG)to the Multicast TV VLAN(S-Tag),using the CPE VLAN to VLAN page.

Mapping CPE VLANs to Multicast TV VLANs

To support the CPE MUX with subscriber’s VLANs, subscribers may require multiple video providers, and each provider is assigned a different external VLAN.

CPE (internal) Multicast VLANs must be mapped to the Multicast provider (external) VLANs.

After a CPE VLAN is mapped to a Multicast VLAN, it can participate in IGMP snooping.

215

Cisco Small Business 300 Series Managed Switch Administration Guide

VLAN Management

12

 

Customer Port Multicast TV VLAN

 

 

 

 

 

To map CPE VLANs:

STEP 1 Click VLAN Management > Customer Port Multicast TV VLAN > CPE VLAN to VLAN.

STEP 2 Click Add.

STEP 3 Enter the following fields:

CPE VLAN—Enterthe VLAN defined on the CPE box.

Multicast TV VLAN—Selectthe Multicast TV VLAN which is mapped to the CPE VLAN.

STEP 4 Click Apply. CPE VLAN Mapping is modified, and written to the Running Configuration file.

CPE Port Multicast VLAN Membership

The ports associated with the Multicast VLANs must be configured as customer ports (see Configuring VLAN Interface Settings).

Use the Port Multicast VLAN Membership page to map these ports to Multicast TV VLANs as described in Port Multicast VLAN Membership

Cisco Small Business 300 Series Managed Switch Administration Guide

216

12

VLAN Management

 

 

Customer Port Multicast TV VLAN

 

 

 

 

217

Cisco Small Business 300 Series Managed Switch Administration Guide

13

Spanning Tree

This section describes the Spanning Tree Protocol (STP) (IEEE802.1D and

IEEE802.1Q) and covers the following topics:

STP Flavors

Configuring STP Status and Global Settings

Defining Spanning Tree Interface Settings

Configuring Rapid Spanning Tree Settings

Multiple Spanning Tree

Defining MSTP Properties

Mapping VLANs to a MSTP Instance

Defining MSTP Instance Settings

Defining MSTP Interface Settings

STP Flavors

STP protects a Layer 2 Broadcast domain from Broadcast storms by selectively setting links to standby mode to prevent loops. In standby mode, these links temporarily stop transferring user data. After the topology changes so that the data transfer is made possible, the links are automatically re-activated.

Loops occur when alternate routes exist between hosts. Loops in an extended network can cause switches to forward traffic indefinitely, resulting in increased traffic load and reduced network efficiency.

STP provides a tree topology for any arrangement of switches and interconnecting links, by creating a unique path between end stations on a network, and thereby eliminating loops.

Cisco Small Business 300 Series Managed Switch Administration Guide

218

13

Spanning Tree

 

 

Configuring STP Status and Global Settings

 

 

 

 

The device supports the following Spanning Tree Protocol versions:

Classic STP – Provides a single path between any two end stations, avoiding and eliminating loops.

Rapid STP (RSTP) – Detects network topologies to provide faster convergence of the spanning tree. This is most effective when the network topology is naturally tree-structured,and therefore faster convergence might be possible. RSTP is enabled by default.

Multiple STP (MSTP) – MSTP is based on RSTP. It detects Layer 2 loops, and attempts to mitigate them by preventing the involved port from transmitting traffic. Since loops exist on a per-Layer2-domainbasis, a situation can occur where there is a loop in VLAN A and no loop in VLAN B. If both VLANs are on Port X, and STP wants to mitigate the loop, it stops traffic on the entire port, including VLAN B traffic.

MSTP solves this problem by enabling several STP instances, so that it is possible to detect and mitigate loops separately in each instance. By associating instances to VLANs, each instance is associated with the Layer 2 domain on which it performs loop detection and mitigation. This enables a port to be stopped in one instance, such as traffic from VLAN A that is causing a loop, while traffic can remain active in another domain where no loop was seen, such as on VLAN B.

Configuring STP Status and Global Settings

The STP Status and Global Settings page contains parameters for enabling STP,

RSTP, or MSTP.

Use the STP Interface Settings page, RSTP Interface Settings page, and MSTP

Properties page to configure each mode, respectively.

To set the STP status and global settings:

STEP 1 Click Spanning Tree> STP Status & Global Settings.

STEP 2 Enter the parameters.

Global Settings:

Spanning Tree State—Enableor disable STP on the device.

STP Operation Mode—Selectan STP mode.

219

Cisco Small Business 300 Series Managed Switch Administration Guide

Spanning Tree

13

 

Configuring STP Status and Global Settings

 

 

 

 

 

BPDU Handling—Selecthow Bridge Protocol Data Unit (BPDU) packets are managed when STP is disabled on the port or the device. BPDUs are used to transmit spanning tree information.

-Filtering—FiltersBPDU packets when Spanning Tree is disabled on an interface.

-Flooding—FloodsBPDU packets when Spanning Tree is disabled on an interface.

Path Cost Default Values—Selectsthe method used to assign default path costs to the STP ports. The default path cost assigned to an interface varies according to the selected method.

-Short—Specifiesthe range 1 through 65,535 for port path costs.

-Long—Specifiesthe range 1 through 200,000,000 for port path costs. Bridge Settings:

Priority—Setsthe bridge priority value. After exchanging BPDUs, the device with the lowest priority becomes the Root Bridge. In the case that all bridges use the same priority, then their MAC addresses are used to determine the Root Bridge. The bridge priority value is provided in increments of 4096. For example, 4096, 8192, 12288, and so on.

Hello Time—Setthe interval (in seconds) that a Root Bridge waits between configuration messages.

Max Age—Setthe interval (in seconds) that the device can wait without receiving a configuration message, before attempting to redefine its own configuration.

Forward Delay—Setthe interval (in seconds) that a bridge remains in a learning state before forwarding packets. For more information, refer to

Defining Spanning Tree Interface Settings.

Designated Root:

Bridge ID—Thebridge priority concatenated with the MAC address of the device.

Root Bridge ID—TheRoot Bridge priority concatenated with the MAC address of the Root Bridge.

Root Port—Theport that offers the lowest cost path from this bridge to the Root Bridge. (This is significant when the bridge is not the root.)

Root Path Cost—Thecost of the path from this bridge to the root.

Cisco Small Business 300 Series Managed Switch Administration Guide

220

13

Spanning Tree

 

 

Defining Spanning Tree Interface Settings

 

 

 

 

Topology Changes Counts—Thetotal number of STP topology changes that have occurred.

Last Topology Change—Thetime interval that elapsed since the last topology change occurred. The time appears in a days/hours/minutes/ seconds format.

STEP 3 ClickApply. The STP Global settings are written to the Running Configuration file.

Defining Spanning Tree Interface Settings

The STP Interface Settings page enables you to configure STP on a per-portbasis, and to view the information learned by the protocol, such as the designated bridge.

The defined configuration entered is valid for all flavors of the STP protocol.

To configure STP on an interface:

STEP 1 Click Spanning Tree> STP Interface Settings.

STEP 2 Select an interface and click Edit.

STEP 3 Enter the parameters

Interface—Selectthe Port or LAG on which Spanning Tree is configured.

STP—Enablesor disables STP on the port.

Edge Port—Enablesor disables Fast Link on the port. If Fast Link mode is

enabled on a port, the port is automatically set to Forwarding state when the port link is up. Fast Link optimizes the STP protocol convergence. The options are:

-Enable—EnablesFast Link immediately.

-Auto—EnablesFast Link a few seconds after the interface becomes active. This allows STP to resolve loops before enabling Fast Link.

-Disable—DisablesFast Link.

NOTE It is recommended to set the value to Auto so that the device sets the port to fast link mode if a host is connected to it, or sets it as a regular STP port if connected to another device. This helps avoid loops.

221

Cisco Small Business 300 Series Managed Switch Administration Guide

Spanning Tree

13

 

Defining Spanning Tree Interface Settings

 

 

 

 

 

Root Guard—Enablesor disables Root Guard on the device. The Root Guard option provides a way to enforce the root bridge placement in the network.

Root Guard ensures that the port on which this feature is enabled is the designated port. Normally, all root bridge ports are designated ports, unless two or more ports of the root bridge are connected. If the bridge receives superior BPDUs on a Root Guard-enabledport, Root Guard moves this port to aroot-inconsistentSTP state. Thisroot-inconsistentstate is effectively equal to a listening state. No traffic is forwarded across this port. In this way, Root Guard enforces the position of the root bridge.

BPDU Guard—Enablesor disables the Bridge Protocol Data Unit (BPDU) Guard feature on the port.

The BPDU Guard enables you to enforce the STP domain borders and keep the active topology predictable. The devices behind the ports that have BPDU Guard enabled cannot influence the STP topology. At the reception of BPDUs, the BPDU guard operation disables the port that has BPDU configured. In this case, a BPDU message is received, and an appropriate SNMP trap is generated.

BPDU Handling—Selecthow BPDU packets are managed when STP is disabled on the port or the device. BPDUs are used to transmit spanning tree information.

-Use Global Settings—Selectto use the settings defined in the STP Status and Global Settings page.

-Filtering—FiltersBPDU packets when Spanning Tree is disabled on an interface.

-Flooding—FloodsBPDU packets when Spanning Tree is disabled on an interface.

Path Cost—Setthe port contribution to the root path cost or use the default cost generated by the system.

Priority—Setthe priority value of the port. The priority value influences the port choice when a bridge has two ports connected in a loop. The priority is a value from 0 to 240, set in increments of 16.

Port State—Displaysthe current STP state of a port.

-Disabled—STPis currently disabled on the port. The port forwards traffic while learning MAC addresses.

Cisco Small Business 300 Series Managed Switch Administration Guide

222

13

Spanning Tree

 

 

Configuring Rapid Spanning Tree Settings

 

 

 

 

-Blocking—Theport is currently blocked, and cannot forward traffic (with the exception of BPDU data) or learn MAC addresses.

-Listening—Theport is in Listening mode. The port cannot forward traffic, and cannot learn MAC addresses.

-Learning—Theport is in Learning mode. The port cannot forward traffic, but it can learn new MAC addresses.

-Forwarding—Theport is in Forwarding mode. The port can forward traffic and learn new MAC addresses.

Designated Bridge ID—Displaysthe bridge priority and the MAC address of the designated bridge.

Designated Port ID—Displaysthe priority and interface of the selected port.

Designated Cost—Displaysthe cost of the port participating in the STP topology. Ports with a lower cost are less likely to be blocked if STP detects loops.

Forward Transitions—Displaysthe number of times the port has changed from theBlocking state toForwarding state.

Speed—Displaysthe speed of the port.

LAG—Displaysthe LAG to which the port belongs. If a port is a member of a LAG, the LAG settings override the port settings.

STEP 4 ClickApply. The interface settings are written to the Running Configuration file.

Configuring Rapid Spanning Tree Settings

Rapid Spanning Tree Protocol (RSTP) enables a faster STP convergence without creating forwarding loops.

The RSTP Interface Settings page enables you to configure RSTP per port. Any configuration that is done on this page is active when the global STP mode is set to RSTP or MSTP.

223

Cisco Small Business 300 Series Managed Switch Administration Guide

Spanning Tree

13

 

Configuring Rapid Spanning Tree Settings

 

 

 

 

 

To enter RSTP settings:

STEP 1 Click Spanning Tree> STP Status and Global Settings. Enable RSTP.

STEP 2 ClickSpanning Tree >RSTP Interface Settings. The RSTP Interface Settings page appears:

STEP 3 Select a port.

NOTE Activate Protocol Migration is only available after selecting the port that is connected to the bridge partner being tested.

STEP 4 If a link partner is discovered by using STP, clickActivate Protocol Migration to run a Protocol Migration test. This discovers whether the link partner using STP still exists, and if so whether it has migrated to RSTP or MSTP. If it still exists as an STP link, the device continues to communicate with it by using STP. Otherwise, if it has been migrated to RSTP or MSTP, the device communicates with it using RSTP or MSTP, respectively.

STEP 5 Select an interface, and click Edit.

STEP 6 Enter the parameters

Interface—Setthe interface, and specify the port or LAG where RSTP is to be configured.

Point to Point Administrative Status—Definethepoint-to-pointlink status. Ports defined as Full Duplex are consideredPoint-to-Pointport links.

-Enable—Thisport is an RSTP edge port when this feature is enabled, and is brought to Forwarding mode quickly (usually within 2 seconds).

-Disable—Theport is not consideredpoint-to-pointfor RSTP purposes, which means that STP works on it at regular speed, as opposed to high speed.

-Auto—Automaticallydetermines the device status by using RSTP BPDUs.

Point to Point Operational Status—DisplaysthePoint-to-Pointoperational status if thePoint to Point Administrative Status is set to Auto.

Role—Displaysthe role of the port that was assigned by STP to provide STP paths. The possible roles are:

-Root—Lowestcost path to forward packets to the Root Bridge.

Cisco Small Business 300 Series Managed Switch Administration Guide

224

13

Spanning Tree

 

 

Configuring Rapid Spanning Tree Settings

 

 

 

 

-Designated—Theinterface through which the bridge is connected to the LAN, which provides the lowest cost path from the LAN to the Root Bridge.

-Alternate—Providesan alternate path to the Root Bridge from the root interface.

-Backup—Providesa backup path to the designated port path toward the Spanning Tree leaves. This provides a configuration in which two ports are connected in a loop by apoint-to-pointlink. Backup ports are also used when a LAN has two or more established connections to a shared segment.

-Disabled—Theport is not participating in Spanning Tree.

Mode—Displaysthe current Spanning Tree mode: Classic STP or RSTP.

Fast Link Operational Status—Displayswhether the Fast Link (Edge Port) is enabled, disabled, or automatic for the interface. The values are:

-Enabled—FastLink is enabled.

-Disabled—FastLink is disabled.

-Auto—FastLink mode is enabled a few seconds after the interface becomes active.

Port Status—Displaysthe RSTP status on the specific port.

-Disabled—STPis currently disabled on the port.

-Blocking—Theport is currently blocked, and it cannot forward traffic or learn MAC addresses.

-Listening—Theport is in Listening mode. The port cannot forward traffic, and cannot learn MAC addresses.

-Learning—Theport is in Learning mode. The port cannot forward traffic, however it can learn new MAC addresses.

-Forwarding—Theport is in Forwarding mode. The port can forward traffic and learn new MAC addresses.

STEP 7 ClickApply. The Running Configuration file is updated.

225

Cisco Small Business 300 Series Managed Switch Administration Guide

Spanning Tree

13

 

Multiple Spanning Tree

 

 

 

 

 

Multiple Spanning Tree

Multiple Spanning Tree Protocol (MSTP) is used to separate the STP port state between various domains (on different VLANs). For example, while port A is blocked in one STP instance due to a loop on VLAN A, the same port can be placed in the Forwarding State in another STP instance. The MSTP Properties page enables you to define the global MSTP settings.

To configure MSTP:

1.Set the STP Operation Mode to MSTP as described in the Configuring STP Status and Global Settings page.

2.Define MSTP instances. Each MSTP instance calculates and builds a loop free topology to bridge packets from the VLANs that map to the instance. Refer to the Mapping VLANs to a MSTP Instance section.

3.Decide which MSTP instance be active in what VLAN, and associate these MSTP instances to VLAN(s) accordingly.

4.Configure the MSTP attributes by:

Defining MSTP Properties

Defining MSTP Instance Settings

Mapping VLANs to a MSTP Instance

Defining MSTP Properties

The global MSTP configures a separate Spanning Tree for each VLAN group and blocks all but one of the possible alternate paths within each spanning tree instance. MSTP enables formation of MST regions that can run multiple MST instances (MSTI). Multiple regions and other STP bridges are interconnected using one single common spanning tree (CST).

MSTP is fully compatible with RSTP bridges, in that an MSTP BPDU can be interpreted by an RSTP bridge as an RSTP BPDU. This not only enables compatibility with RSTP bridges without configuration changes, but also causes any RSTP bridges outside of an MSTP region to see the region as a single RSTP bridge, regardless of the number of MSTP bridges inside the region itself.

For two or more switches to be in the same MST region, they must have the same VLANs to MST instance mapping, the same configuration revision number, and the same region name.

Cisco Small Business 300 Series Managed Switch Administration Guide

226

13

Spanning Tree

 

 

Mapping VLANs to a MSTP Instance

 

 

 

 

Switches intended to be in the same MST region are never separated by switches from another MST region. If they are separated, the region becomes two separate regions.

This mapping can be done in the VLAN to MST Instance page.

Use this page if the system operates in MSTP mode.

To define MSTP:

STEP 1 Click Spanning Tree> STP Status and Global Settings. Enable MSTP.

STEP 2 Click Spanning Tree> MSTP Properties.

STEP 3 Enter the parameters.

Region Name—Definean MSTP region name.

Revision—Definean unsigned16-bitnumber that identifies the revision of the current MST configuration. The field range is from 0 to 65535.

Max Hops—Setthe total number of hops that occur in a specific region before the BPDU is discarded. Once the BPDU is discarded, the port information is aged out. The field range is from 1 to 40.

IST Master—Displaysthe regions master.

STEP 4 ClickApply. The MSTP properties are defined, and the Running Configuration file is updated.

Mapping VLANs to a MSTP Instance

The VLAN to MSTP Instance page enables you to map each VLAN to a Multiple Spanning Tree Instance (MSTI). For devices to be in the same region, they must have the same mapping of VLANs to MSTIs.

NOTE The same MSTI can be mapped to more than one VLAN, but each VLAN can only have one MST Instance attached to it.

Configuration on this page (and all of the MSTP pages) applies if the system STP mode is MSTP.

Up to seven MST instances (predefined from 1-7)can be defined on 300 Series switches, in addition to instance zero.

227

Cisco Small Business 300 Series Managed Switch Administration Guide

Spanning Tree

13

 

Defining MSTP Instance Settings

 

 

 

 

 

For those VLANs that are not explicitly mapped to one of the MST instances, the device automatically maps them to the CIST (Core and Internal Spanning Tree) instance. The CIST instance is MST instance 0.

To map VLANs to MST Instances:

STEP 1 Click Spanning Tree> VLAN to MSTP Instance.

The VLAN to MSTP Instance page contains the following fields:

MST Instance ID—AllMST instances are displayed.

VLANs—AllVLANs belonging to the MST instance are displayed.

STEP 2 To add a VLAN to an MSTP instance, select the MST instance, and clickEdit.

STEP 3 Enter the parameters.

MST Instance ID—Selectthe MST instance.

VLANs—Definethe VLANs being mapped to this MST instance.

Action—Definewhether toadd (map) the VLAN to the MST instance orremove it.

STEP 4 ClickApply. The MSTP VLAN mappings are defined, and the Running

Configuration file is updated.

Defining MSTP Instance Settings

The MSTP Instance Settings page enables you to configure and view parameters per MST instance. This is the per-instanceequivalent to theConfiguring STP Status and Global Settings.

To enter MSTP instance settings:

STEP 1 Click Spanning Tree> MSTP Instance Settings.

STEP 2 Enter the parameters.

Instance ID—Selectan MST instance to be displayed and defined.

Cisco Small Business 300 Series Managed Switch Administration Guide

228

13

Spanning Tree

 

 

Defining MSTP Interface Settings

 

 

 

 

Included VLAN—Displaysthe VLANs mapped to the selected instance. The default mapping is that all VLANs are mapped to the common and internal spanning tree (CIST) instance 0).

Bridge Priority—Setthe priority of this bridge for the selected MST instance.

Designated Root Bridge ID—Displaysthe priority and MAC address of the Root Bridge for the MST instance.

Root Port—Displaysthe root port of the selected instance.

Root Path Cost—Displaysthe root path cost of the selected instance.

Bridge ID—Displaysthe bridge priority and the MAC address of this device for the selected instance.

Remaining Hops—Displaysthe number of hops remaining to the next destination.

STEP 3 ClickApply. The MST Instance configuration is defined, and the Running Configuration file is updated.

Defining MSTP Interface Settings

The MSTP Interface Settings page enables you to configure the port MSTP settings for every MST instance, and to view information that has currently been learned by the protocol, such as the designated bridge per MST instance.

To configure the ports in an MST instance:

STEP 1 Click Spanning Tree> MSTP Interface Settings.

STEP 2 Enter the parameters.

Instance equals To—Selectthe MSTP instance to be configured.

Interface Type equals to—Selectwhether to display the list of ports or LAGs.

STEP 3 Click Go. The MSTP parameters for the interfaces on the instance are displayed.

STEP 4 Select an interface, and clickEdit.

229

Cisco Small Business 300 Series Managed Switch Administration Guide

Spanning Tree

13

 

Defining MSTP Interface Settings

 

 

 

 

 

STEP 5 Enter the parameters.

Instance ID—Selectthe MST instance to be configured.

Interface—Selectthe interface for which the MSTI settings are to be defined.

Interface Priority—Setthe port priority for the specified interface and MST instance.

Path Cost—Setthe port contribution to the root path cost or use the default value.

Port State—Displaysthe MSTP status of the specific port on a specific MST instance. The parameters are defined as:

-Disabled—STPis currently disabled.

-Blocking—Theport on this instance is currently blocked, and cannot forward traffic (with the exception of BPDU data) or learn MAC addresses.

-Listening—Theport on this instance is in Listening mode. The port cannot forward traffic, and cannot learn MAC addresses.

-Learning—Theport on this instance is in Learning mode. The port cannot forward traffic, but it can learn new MAC addresses.

-Forwarding—Theport on this instance is in Forwarding mode. The port can forward traffic and learn new MAC addresses.

-Boundary—Theport on this instance is a boundary port. It inherits its state from instance 0 and can be viewed on the STP Interface Settings page.

Port Role—Displaysthe port or LAG role, per port or LAG per instance, assigned by the MSTP algorithm to provide STP paths:

-Root—Forwardingpackets through this interface provides the lowest cost path for forwarding packets to the root device.

-Designated—Theinterface through which the bridge is connected to the LAN, which provides the lowest root path cost from the LAN to the Root Bridge for the MST instance.

-Alternate—Theinterface provides an alternate path to the root device from the root interface.

Cisco Small Business 300 Series Managed Switch Administration Guide

230

13

Spanning Tree

 

 

Defining MSTP Interface Settings

 

 

 

 

-Backup—Theinterface provides a backup path to the designated port path toward the Spanning Tree leaves. Backup ports occur when two ports are connected in a loop by apoint-to-pointlink. Backup ports also occur when a LAN has two or more established connections to a shared segment.

-Disabled—Theinterface does not participate in the Spanning Tree.

-Boundary—Theport on this instance is a boundary port. It inherits its state from instance 0 and can be viewed on the STP Interface Settings page.

Mode—Displaysthe current Spanning Tree mode.

-Classic STP—ClassicSTP is enabled on the port.

-Rapid STP—RapidSTP is enabled on the port.

-MSTP—MSTPis enabled on the port.

Type—Displaysthe MST type of the port.

-Boundary—ABoundary port attaches MST bridges to a LAN in a remote region. If the port is a boundary port, it also indicates whether the device on the other side of the link is working in RSTP or STP mode.

-Internal—Theport is an internal port.

Designated Bridge ID—Displaysthe ID number of the bridge that connects the link or shared LAN to the root.

Designated Port ID—Displaysthe Port ID number on the designated bridge that connects the link or the shared LAN to the root.

Designated Cost—Displaysthe cost of the port participating in the STP topology. Ports with a lower cost are less likely to be blocked if STP detects loops.

Remaining Hops—Displaysthe hops remaining to the next destination.

Forward Transitions—Displaysthe number of times the port has changed from the Forwarding state to the Blocking state.

STEP 6 ClickApply. The Running Configuration file is updated.

231

Cisco Small Business 300 Series Managed Switch Administration Guide

14

Managing MAC Address Tables

This section describe how to add MAC addresses to the system. It covers the following topics:

Configuring Static MAC Addresses

Managing Dynamic MAC Addresses

Defining Reserved MAC Addresses

Types of MAC Addresses

There are two types of MAC addresses—staticand dynamic. Depending on their type, MAC addresses are either stored in theStatic Address table or in theDynamic Address table, along with VLAN and port information.

Static addresses are configured by the user, and therefore, they do not expire.

A new source MAC address that appears in a frame arriving at the device is added to the Dynamic Address table. This MAC address is retained for a configurable period of time. If another frame with the same source MAC address does not arrive at the device before that time period expires, the MAC entry is aged (deleted) from the table.

When a frame arrives at the device, the device searches for a corresponding/ matching destination MAC address entry in the static or dynamic table. If a match is found, the frame is marked for egress on a the port specified in the table. If frames are sent to a MAC address that is not found in the tables, they are transmitted/broadcasted to all the ports on the relevant VLAN. Such frames are referred to as unknown Unicast frames.

The device supports a maximum of 8K static and dynamic MAC addresses.

Cisco Small Business 300 Series Managed Switch Administration Guide

232

14

Managing MAC Address Tables

 

 

Configuring Static MAC Addresses

 

 

 

 

Configuring Static MAC Addresses

Static MAC addresses are assigned to a specific physical interface and VLAN on the device. If that address is detected on another interface, it is ignored, and is not written to the address table.

To define a static address:

STEP 1 Click MAC Address Tables > Static Addresses.

The Static Addresses page contains the currently defined static addresses.

STEP 2 Click Add.

STEP 3 Enter the parameters.

VLAN ID—Selectthe VLAN ID for the port.

MAC Address—Enterthe interface MAC address.

Interface—Selectan interface (port, or LAG) for the entry.

Status—Selecthow the entry is treated. The options are:

-Permanent—Thesystem never removes this MAC address. If the static MAC address is saved in the Startup Configuration, it is retained after rebooting.

-Delete on reset—Thestatic MAC address is deleted when the device is reset.

-Delete on timeout—TheMAC address is deleted when aging occurs.

-Secure—TheMAC address is secure when the interface is in classic locked mode (seeConfiguring Port Security).

STEP 4 Click Apply. A new entry appears in the table.

233

Cisco Small Business 300 Series Managed Switch Administration Guide