Cisco Systems SF300-24P User Manual
Size:
4.91 Mb
Download

ADMINISTRATION

GUIDE

Cisco Small Business 300 Series Managed Switch Administration Guide Release 1.3

Contents

Chapter 1: Getting Started

1

Starting the Web-based Configuration Utility

1

Launching the Configuration Utility

2

HTTP/HTTPS

3

Logging Out

4

Quick Start Device Configuration

5

Interface Naming Conventions

6

Window Navigation

7

Application Header

7

Management Buttons

9

Chapter 2: Status and Statistics

12

Viewing Ethernet Interfaces

12

Viewing Etherlike Statistics

13

Viewing GVRP Statistics

15

Viewing 802.1X EAP Statistics

16

Viewing TCAM Utilization[

17

Managing RMON

18

Viewing RMON Statistics

18

Configuring RMON History

20

Viewing the RMON History Table

21

Defining RMON Events Control

22

Viewing the RMON Events Logs

24

Defining RMON Alarms

24

Chapter 3: Administration: System Log

28

Setting System Log Settings

28

Setting Remote Logging Settings

30

Viewing Memory Logs

31

RAM Memory

32

Flash Memory

32

Cisco Small Business 300 Series Managed Switch Administration Guide

1

 

Contents

 

 

 

 

Chapter 4: Administration: File Management

34

System Files

34

Upgrade/Backup Firmware/Language

37

Upgrade/Backing Firmware or Language File

38

Active Image

41

Download/Backup Configuration/Log

41

Configuration File Backwards Compatibility

42

Downloading or Backing-up a Configuration or Log File

43

Configuration Files Properties

47

Copy/Save Configuration

48

DHCP Auto Configuration

49

DHCP Server Options

50

Auto Configuration Download Protocol (TFTP or SCP)

50

SSH Client Authentication Parameters

51

Auto Configuration Process

51

Configuring DHCP Auto Configuration

53

Chapter 5: Administration: General Information

56

Device Models

56

System Information

58

Displaying the System Summary

58

Configuring the System Settings

60

Console Settings (Autobaud Rate Support)

61

Rebooting the Device

62

Routing Resources

64

Monitoring Fan Status

65

Defining Idle Session Timeout

67

Pinging a Host

67

Traceroute

69

Chapter 6: Administration: Time Settings

72

Cisco Small Business 300 Series Managed Switch Administration Guide

2

 

Contents

 

 

 

 

System Time Options

73

Time

73

Time Zone and Daylight Savings Time (DST)

74

SNTP Modes

74

Configuring System Time

75

Selecting Source of System Time

75

Adding a Unicast SNTP Server

77

Configuring the SNTP Mode

80

Defining SNTP Authentication

80

Time Range

81

Absolute Time Range

82

Recurring Time Range

83

Chapter 7: Administration: Diagnostics

84

Testing Copper Ports

84

Displaying Optical Module Status

86

MSA-compatible SFPs

86

Configuring Port and VLAN Mirroring

87

Viewing CPU Utilization and Secure Core Technology

89

Chapter 8: Administration: Discovery

92

Configuring Bonjour Discovery

92

Bonjour in Layer 2 System Mode

92

Bonjour in Layer 3 System Mode

93

LLDP and CDP

94

Configuring LLDP

95

LLDP Overview

96

Setting LLDP Properties

97

Editing LLDP Port Settings

98

LLDP MED Network Policy

100

Configuring LLDP MED Port Settings

102

Displaying LLDP Port Status

103

Displaying LLDP Local Information

104

Cisco Small Business 300 Series Managed Switch Administration Guide

3

 

Contents

 

 

 

 

Displaying LLDP Neighbors Information

108

Accessing LLDP Statistics

112

LLDP Overloading

113

Configuring CDP

115

Setting CDP Properties

115

Editing CDP Interface Settings

118

Displaying CDP Local Information

119

Displaying CDP Neighbors Information

121

Viewing CDP Statistics

123

Chapter 9: Port Management

124

Configuring Ports

124

Setting Port Configuration

125

Configuring Link Aggregation

128

Link Aggregation Overview

129

Load Balancing

129

Default Settings and Configuration

130

Static and Dynamic LAG Workflow

130

Defining LAG Management

131

Configuring LAG Settings

132

Configuring LACP

134

LACP Priority and Rules

134

LACP With No Link Partner

134

Setting LACP Parameter Settings

135

Configuring Green Ethernet

136

Green Ethernet Overview

136

Power Saving by Disabling Port LEDs

137

802.3az Energy Efficient Ethernet Feature

138

Setting Global Green Ethernet Properties

140

Setting Green Ethernet Properties for Ports

141

Chapter 10: Smartport

144

Overview

145

Cisco Small Business 300 Series Managed Switch Administration Guide

4

 

Contents

 

 

 

 

 

 

What is a Smartport

146

Smartport Types

146

Special Smartport Types

148

Smartport Macros

149

Applying a Smartport Type to an Interface

150

Macro Failure and the Reset Operation

150

How the Smartport Feature Works

151

Auto Smartport

152

Enabling Auto Smartport

152

Identifying Smartport Type

152

Using CDP/LLDP Information to Identify Smartport Types

153

Multiple Devices Attached to the Port

154

Persistent Auto Smartport Interface

155

Error Handling

155

Default Configuration

156

Relationships with Other Features and Backwards Compatibility

156

Common Smartport Tasks

156

Configuring Smartport Using The Web-based Interface

159

Smartport Properties

159

Smartport Type Settings

160

Smartport Interface Settings

161

Built-in Smartport Macros

164

Chapter 11: Port Management: PoE

176

PoE on the Device

176

PoE Features

176

PoE Operation

177

PoE Configuration Considerations

177

Configuring PoE Properties

179

Configuring PoE Settings

180

PoE priority example:

180

Cisco Small Business 300 Series Managed Switch Administration Guide

5

 

Contents

 

 

 

 

Chapter 12: VLAN Management

184

VLANs

184

Configuring Default VLAN Settings

187

Creating VLANs

189

Configuring VLAN Interface Settings

190

Defining VLAN Membership

191

Configuring Port to VLAN

192

Configuring VLAN Membership

193

GVRP Settings

194

Defining GVRP Settings

195

VLAN Groups

195

MAC-based Groups

196

Assigning MAC-based VLAN Groups

196

Mapping VLAN Group to VLAN Per Interface

197

Voice VLAN

198

Voice VLAN Overview

198

Dynamic Voice VLAN Modes

199

Voice End-Points

200

Auto Voice VLAN, Auto Smartports, CDP, and LLDP

200

Voice VLAN QoS

202

Voice VLAN Constraints

203

Voice VLAN Workflows

203

Configuring Voice VLAN

204

Configuring Voice VLAN Properties

205

Displaying Auto Voice VLAN Settings

206

Configuring Telephony OUI

208

Adding OUIs to the Telephony OUI Table

208

Adding Interfaces to Voice VLAN on Basis of OUIs

210

Access Port Multicast TV VLAN

211

IGMP Snooping

212

Differences Between Regular and Multicast TV VLANs

212

Configuration

213

Multicast TV Group to VLAN

213

Port Multicast VLAN Membership

214

Cisco Small Business 300 Series Managed Switch Administration Guide

6

 

Contents

 

 

 

 

Customer Port Multicast TV VLAN

214

Mapping CPE VLANs to Multicast TV VLANs

215

CPE Port Multicast VLAN Membership

216

Chapter 13: Spanning Tree

218

STP Flavors

218

Configuring STP Status and Global Settings

219

Defining Spanning Tree Interface Settings

221

Configuring Rapid Spanning Tree Settings

223

Multiple Spanning Tree

226

Defining MSTP Properties

226

Mapping VLANs to a MSTP Instance

227

Defining MSTP Instance Settings

228

Defining MSTP Interface Settings

229

Chapter 14: Managing MAC Address Tables

232

Types of MAC Addresses

232

Configuring Static MAC Addresses

233

Managing Dynamic MAC Addresses

234

Configuring Dynamic MAC Address Aging Time

234

Querying Dynamic Addresses

234

Defining Reserved MAC Addresses

235

Chapter 15: Multicast

236

Multicast Forwarding

236

Typical Multicast Setup

237

Multicast Address Properties

239

Defining Multicast Properties

239

Adding MAC Group Address

241

Adding IP Multicast Group Addresses

243

Configuring IGMP Snooping

244

Cisco Small Business 300 Series Managed Switch Administration Guide

7

 

Contents

 

 

 

 

 

 

MLD Snooping

247

Querying IGMP/MLD IP Multicast Group

249

Defining Multicast Router Ports

250

Defining Forward All Multicast

251

Defining Unregistered Multicast Settings

252

Chapter 16: IP Configuration

254

Overview

254

Layer 2 IP Addressing

255

Layer 3 IP Addressing

256

IPv4 Management and Interfaces

256

IPv4 Interface

256

Defining an IPv4 Interface in Layer 2 System Mode

257

Defining IPv4 Interface in Layer 3 System Mode

258

IPv4 Routes

260

ARP

261

ARP Proxy

262

UDP Relay/IP Helper

263

DHCPv4 Snooping/Relay

263

DHCPv4 Snooping

263

DHCPv4 Relay

264

Transparent DHCP Relay

264

Option 82

264

Interactions Between DHCPv4 Snooping, DHCPv4 Relay and Option 82

265

DHCP Snooping Binding Database

269

DHCP Trusted Ports

270

How the DHCP Snooping Binding Database is Built

270

DHCP Snooping Along With DHCP Relay

272

DHCP Default Configuration

272

Configuring DHCP Work Flow

272

DHCP Snooping/Relay

273

Properties

273

Interface Settings

274

DHCP Snooping Trusted Interfaces

274

DHCP Snooping Binding Database

275

Cisco Small Business 300 Series Managed Switch Administration Guide

8

 

Contents

 

 

 

 

DHCP Server

276

DHCP Options

276

Dependencies Between Features

278

Default Settings and Configurations

278

DHCPv4 Server

279

Network Pool

279

Excluded Addresses

281

Static Hosts

281

Address Binding

283

IPv6 Management and Interfaces

284

IPv6 Global Configuration

285

IPv6 Interface

285

IPv6 Tunnel

288

Configuring Tunnels

289

Defining IPv6 Addresses

290

IPv6 Default Router List

291

Defining IPv6 Neighbors Information

293

Viewing IPv6 Route Tables

294

DHCPv6 Relay

296

Dependencies with Other Features

296

Global Destinations

296

Interface Settings

297

Domain Name

297

DNS Settings

298

Search List

299

Host Mapping

300

Chapter 17: Security

302

Defining Users

303

Setting User Accounts

303

Setting Password Complexity Rules

305

Configuring TACACS+

306

Accounting Using a TACACS+ Server

307

Defaults

308

Cisco Small Business 300 Series Managed Switch Administration Guide

9

 

Contents

 

 

 

 

Interactions With Other Features

308

Workflow

308

Configuring a TACACS+ Server

308

Configuring RADIUS

311

Accounting Using a RADIUS Server

311

Defaults

311

Interactions With Other Features

312

Radius Workflow

312

Configuring Management Access Authentication

315

Defining Management Access Method

316

Active Access Profile

317

Defining Profile Rules

319

SSL Server

321

SSL Overview

321

Default Settings and Configuration

322

SSL Server Authentication Settings

322

Configuring TCP/UDP Services

324

Defining Storm Control

325

Configuring Port Security

326

Configuring 802.1X

329

802.1X Parameters Workflow

332

Defining 802.1X Properties

332

Defining 802.1X Port Authentication

334

Defining Host and Session Authentication

337

Viewing Authenticated Hosts

339

Defining Time Ranges

339

Denial of Service Prevention

340

Secure Core Technology (SCT)

340

Types of DoS Attacks

340

Defense Against DoS Attacks

341

Dependencies Between Features

342

Cisco Small Business 300 Series Managed Switch Administration Guide

10

Contents

Default Configuration

342

Configuring DoS Prevention

342

Security Suite Settings

342

SYN Protection

344

Martian Addresses

345

SYN Filtering

346

SYN Rate Protection

347

ICMP Filtering

348

IP Fragmented Filtering

348

IP Source Guard

349

Interactions with Other Features

349

Filtering

350

Configuring IP Source Guard Work Flow

350

Enabling IP Source Guard

351

Configuring IP Source Guard on Interfaces

351

Binding Database

352

Dynamic ARP Inspection

353

How ARP Prevents Cache Poisoning

354

Interaction Between ARP Inspection and DHCP Snooping

355

ARP Defaults

355

ARP Inspection Work Flow

356

Defining ARP Inspection Properties

356

Defining Dynamic ARP Inspection Interfaces Settings

357

Defining ARP Inspection Access Control

357

Defining ARP Inspection Access Control Rules

358

Defining ARP Inspection VLAN Settings

358

Chapter 18: Security: Secure Sensitive Data Management

360

Introduction

360

SSD Management

361

SSD Rules

361

Elements of an SSD Rule

362

SSD Rules and User Authentication

365

Default SSD Rules

365

Cisco Small Business 300 Series Managed Switch Administration Guide

11

 

Contents

 

 

 

 

SSD Default Read Mode Session Override

366

SSD Properties

366

Passphrase

367

Default and User-defined Passphrases

367

Local Passphrase

367

Configuration File Passphrase Control

368

Configuration File Integrity Control

368

Read Mode

369

Configuration Files

369

File SSD Indicator

369

SSD Control Block

370

Startup Configuration File

370

Running Configuration File

371

Backup and Mirror Configuration File

372

Sensitive Data Zero-Touch Auto Configuration

373

SSD Management Channels

374

Menu CLI and Password Recovery

375

Configuring SSD

375

SSD Properties

375

SSD Rules

376

Chapter 19: Security: SSH Client

380

Secure Copy (SCP) and SSH

380

Protection Methods

381

Passwords

381

Public/Private Keys

382

Import Keys

382

SSH Server Authentication

383

SSH Client Authentication

384

Supported Algorithms

384

Before You Begin

385

Common Tasks

385

Cisco Small Business 300 Series Managed Switch Administration Guide

12

Contents

SSH Client Configuration Through the GUI

387

SSH User Authentication

387

SSH Server Authentication

388

Modifying the User Password on the SSH Server

388

Chapter 20: Security: SSH Server

390

Overview

390

Common Tasks

391

SSH Server Configuration Pages

392

SSH User Authentication

392

SSH Server Authentication

393

Chapter 21: Access Control

396

Access Control Lists

396

Defining MAC-based ACLs

398

Adding Rules to a MAC-based ACL

399

IPv4-based ACLs

401

Defining an IPv4-based ACL

401

Adding Rules (ACEs) to an IPv4-Based ACL

402

IPv6-Based ACLs

405

Adding Rules (ACEs) for an IPv6-Based ACL

406

Defining ACL Binding

409

Chapter 22: Quality of Service

412

QoS Features and Components

413

QoS Modes

413

QoS Workflow

414

Configuring QoS - General

415

Setting QoS Properties

416

Configuring QoS Queues

417

Mapping CoS/802.1p to a Queue

418

Mapping DSCP to Queue

420

Cisco Small Business 300 Series Managed Switch Administration Guide

13

 

Contents

 

 

 

 

Configuring Bandwidth

423

Configuring Egress Shaping per Queue

425

Configuring VLAN Ingress Rate Limit

425

TCP Congestion Avoidance

427

QoS Basic Mode

427

Workflow to Configure Basic QoS Mode

427

Configuring Global Settings

428

Interface QoS Settings

429

QoS Advanced Mode

429

Workflow to Configure Advanced QoS Mode

431

Configuring Global Settings

431

Configuring Out-of-Profile DSCP Mapping

432

Defining Class Mapping

434

QoS Policers

435

Defining Aggregate Policers

436

Configuring a Policy

437

Policy Class Maps

438

Policy Binding

440

Managing QoS Statistics

440

Policer Statistics

441

Viewing Single Policer Statistics

441

Viewing Aggregated Policer Statistics

442

Viewing Queues Statistics

442

Chapter 23: SNMP

446

SNMP Versions and Workflow

446

SNMPv1 and v2

447

SNMPv3

447

SNMP Workflow

447

Supported MIBs

449

Model OIDs

449

SNMP Engine ID

450

Cisco Small Business 300 Series Managed Switch Administration Guide

14

Contents

Configuring SNMP Views

452

Creating SNMP Groups

453

Managing SNMP Users

455

Defining SNMP Communities

457

Defining Trap Settings

459

Notification Recipients

460

Defining SNMPv1,2 Notification Recipients

460

Defining SNMPv3 Notification Recipients

462

SNMP Notification Filters

463

Cisco Small Business 300 Series Managed Switch Administration Guide

15

Contents

Cisco Small Business 300 Series Managed Switch Administration Guide

16

1

Getting Started

This section provides an introduction to the web-basedconfiguration utility, and covers the following topics:

Starting the Web-based Configuration Utility

Quick Start Device Configuration

Interface Naming Conventions

Window Navigation

Starting the Web-basedConfiguration Utility

This section describes how to navigate the web-basedswitch configuration utility.

If you are using a pop-upblocker, make sure it is disabled.

Browser Restrictions

If you are using older versions of Internet Explorer, you cannot directly use an IPv6 address to access the device. You can, however, use the DNS (Domain Name System) server to create a domain name that contains the IPv6 address, and then use that domain name in the address bar in place of the IPv6 address.

If you have multiple IPv6 interfaces on your management station, use the IPv6 global address instead of the IPv6 link local address to access the device from your browser.

Cisco Small Business 300 Series Managed Switch Administration Guide

1

Getting Started

1

 

Starting the Web-basedConfiguration Utility

 

 

 

 

 

Launching the Configuration Utility

To open the web-basedconfiguration utility:

STEP 1 Open a Web browser.

STEP 2 Enter the IP address of the device you are configuring in the address bar on the browser, and then pressEnter.

NOTE When the device is using the factory default IP address of 192.168.1.254, its power LED flashes continuously. When the device is using a DHCP assigned IP address or anadministrator-configuredstatic IP address, the power LED is on solid.

Logging In

The default username is cisco and the default password iscisco. The first time that you log in with the default username and password, you are required to enter a new password.

NOTE If you have not previously selected a language for the GUI, the language of the Login page is determined by the language(s) requested by your browser and the languages configured on your device. If your browser requests Chinese, for example, and Chinese has been loaded into your device, the Login page is automatically displayed in Chinese. If Chinese has not been loaded into your device, the Login page appears in English.

The languages loaded into the device have a language and country code (en-US,en-GBand so on). For the Login page to be automatically displayed in a particular language, based on the browser request, both the language and country code of the browser request must match those of the language loaded on the device. If the browser request contains only the language code without a country code (for example: fr). The first embedded language with a matching language code is taken (without matching the country code, for example: fr_CA).

To log in to the device configuration utility:

STEP 1 Enter the username/password. The password can contain up to 64 ASCII characters.Password-complexityrules are described in theSetting Password Complexity Rules section of theConfiguring Security chapter.

STEP 2 If you are not using English, select the desired language from theLanguage dropdown menu. To add a new language to the device or update a current one, refer to the Upgrade/Backup Firmware/Language section.

Cisco Small Business 300 Series Managed Switch Administration Guide

2

1

Getting Started

 

 

Starting the Web-basedConfiguration Utility

 

 

 

 

STEP 3 If this is the first time that you logged on with the default user ID (cisco) and the default password (cisco) or your password has expired, the Change Password Page appears. See Password Expiration for additional information.

STEP 4 Choose whether to select Disable Password Complexity Enforcementor not. For more information on password complexity, see the Setting Password Complexity Rules section.

STEP 5 Enter the new password and clickApply.

When the login attempt is successful, the Getting Started page appears.

If you entered an incorrect username or password, an error message appears and the Login page remains displayed on the window. If you are having problems logging in, please see the Launching the Configuration Utility section in the Administration Guide for additional information.

Select Don’t show this page on startup to prevent the Getting Started page from being displayed each time that you log on to the system. If you select this option, the System Summary page is opened instead of the Getting Started page.

HTTP/HTTPS

You can either open an HTTP session (not secured) by clicking Log In, or you can open an HTTPS (secured) session, by clickingSecure Browsing (HTTPS). You are asked to approve the logon with a default RSA key, and an HTTPS session is opened.

NOTE There is no need to input the username/password prior to clicking theSecure Browsing (HTTPS) button.

For information on how to configure HTTPS, see SSL Server.

Password Expiration

The New Password page appears:

The first time you access the device with the default username cisco and passwordcisco. This page forces you to replace the factory default password.

When the password expires, this page forces you to select a new password.

3

Cisco Small Business 300 Series Managed Switch Administration Guide

Getting Started

1

 

Starting the Web-basedConfiguration Utility

 

 

 

 

 

Logging Out

By default, the application logs out after ten minutes of inactivity. You can change this default value as described in the Defining Idle Session Timeout section.

!

CAUTION Unless the Running Configuration is copied to the Startup Configuration, rebooting the device will remove all changes made since the last time the file was saved. Save the Running Configuration to the Startup Configuration before logging off to preserve any changes you made during this session.

A flashing red X icon to the left of the Save application link indicates that Running Configuration changes have not yet been saved to the Startup Configuration file. The flashing can be disabled by clicking on the Disable Save Icon Blinking button on the Copy/Save Configuration page

When the device auto-discoversa device, such as an IP phone (seeWhat is a Smartport), and it configures the port appropriately for the device. These configuration commands are written to the Running Configuration file. This causes the Save icon to begin blinking when the you log on even though you did not make any configuration changes.

When you click Save, the Copy/Save Configuration page appears. Save the Running Configuration file by copying it to the Startup Configuration file. After this save, the red X icon and the Save application link are no longer displayed.

To logout, click Logout in the top right corner of any page. The system logs out of the device.

When a timeout occurs or you intentionally log out of the system, a message appears and the Login page appears, with a message indicating the logged-outstate. After you log in, the application returns to the initial page.

The initial page displayed depends on the “Do not show this page on startup” option in the Getting Started page. If you did not select this option, the initial page is the Getting Started page. If you did select this option, the initial page is the System Summary page.

Cisco Small Business 300 Series Managed Switch Administration Guide

4