How it Works
Cisco
Loading...
550XG series
Administration Manual
625 pgs8.6 Mb0
Table of contents
Loading...

Cisco 350XG series, 550XG series Administration Manual

Download
Page 1
ADMINISTRATION
GUIDE
Cisco 350XG and 550XG Series 10G Stackable Managed Switches
Page 2
Contents
Chapter 1: Getting Started 10
Basic or Advanced Display Mode 15
Quick Start Device Configuration 15
Interface Naming Conventions 16
Window Navigation 17
Chapter 2: Cisco 350XG & 550XG Series 10G Stackable Managed Switches Dashboard 21
Overview 21
Grid Management 22
System Health 22
Resource Utilization 23
Identification 24
Latest Logs 25
Suspended Interfaces 25
Stack Topology 26
Chapter 3: Configuration Wizards 27
Getting Started Wizard 27
VLAN Configuration Wizard 29
Chapter 4: Status and Statistics 31
System Summary 32
CPU Utilization 33
Interfaces 34
Etherlike 35
GVRP 36
802.1X EAP 37
Cisco 350XG and 550XG Series 10G Stackable Managed Switches Administration Guide 1
Page 3
Contents
ACL 39
TCAM Utilization 39
Health 41
Port and VLAN Mirroring 43
Diagnostics 45
RMON 48
View Logs 56
Chapter 5: Administration 58
Device Models 58
System Settings 59
Console Settings (Autobaud Rate Support) 60
User Accounts 61
Idle Session Timeout 62
System Log 63
Reboot 67
Routing Resources 68
Ping 72
Traceroute 74
Chapter 6: Administration: File Management 75
System Files 75
Firmware Operations 77
File Operations 81
File Directory 89
DHCP Auto Configuration/Image Update 90
Chapter 7: Administration: Stack Management 100
Overview 100
Types of Units in Stack 102
Cisco 350XG and 550XG Series 10G Stackable Managed Switches Administration Guide 2
Page 4
Contents
Stack Topology 103
Unit ID Assignment 104
Master Selection Process 105
Stack Changes 105
Unit Failure in Stack 106
Stack Ports 109
Stack Management 111
Chapter 8: Administration: Time Settings 113
System Time Configuration 114
SNTP Modes 115
System Time 116
SNTP Unicast 118
SNTP Multicast/Anycast 121
SNTP Authentication 122
Time Range 123
Recurring Time Range 124
Chapter 9: Administration: Discovery 126
Bonjour 126
Configuring LLDP 129
Configuring CDP 149
CDP Statistics 157
Chapter 10: Port Management 159
Workflow 159
Port Settings 160
Error Recovery Settings 164
Cisco 350XG and 550XG Series 10G Stackable Managed Switches Administration Guide 3
Page 5
Contents
Loopback Detection Settings 165
Link Aggregation 167
UDLD 175
Green Ethernet 183
Chapter 11: Smartport 191
Overview 192
How the Smartport Feature Works 197
Auto Smartport 198
Error Handling 202
Default Configuration 202
Relationships with Other Features 202
Common Smartport Tasks 202
Configuring Smartport Using The Web-based Interface 205
Built-in Smartport Macros 210
Chapter 12: VLAN Management 221
Overview 221
Regular VLANs 228
Private VLAN Settings 236
GVRP Settings 237
VLAN Groups 238
Voice VLAN 242
Customer Port Multicast TV VLAN 259
Chapter 13: Spanning Tree 262
STP Flavors 262
STP Status and Global Settings 263
STP Interface Settings 265
Cisco 350XG and 550XG Series 10G Stackable Managed Switches Administration Guide 4
Page 6
Contents
RSTP Interface Settings 268
Multiple Spanning Tree Overview 270
MSTP Properties 271
VLANs to a MSTP Instance 272
MSTP Instance Settings 273
MSTP Interface Settings 274
Chapter 14: Managing MAC Address Tables 277
Static Addresses 278
Dynamic Addresses 279
Reserved MAC Addresses 280
Chapter 15: Multicast 281
Multicast Forwarding 281
Multicast Properties 287
MAC Group Address 287
IP Multicast Group Addresses 289
IPv4 Multicast Configuration 291
IPv6 Multicast Configuration 297
IGMP/MLD Snooping IP Multicast Group 303
Multicast Router Ports 304
Forward All 305
Unregistered Multicast 306
Chapter 16: IP Configuration 307
Overview 307
IPv4 Management and Interfaces 309
IPv6 Management and Interfaces 337
Domain Name System 360
Cisco 350XG and 550XG Series 10G Stackable Managed Switches Administration Guide 5
Page 7
Contents
Chapter 17: IP Configuration: RIPv2 366
Overview 366
How Rip Operates on the Device 367
Configuring RIP 370
Access Lists 375
Chapter 18: IP Configuration: VRRP 378
Overview 378
VRRP Topology 379
Configuring VRRP 384
Chapter 19: Security 388
Configuring TACACS+ 389
Password Strength 398
Key Management 400
Management Access Method 403
Management Access Authentication 408
SSL Server 409
TCP/UDP Services 412
Port Security 416
IP Source Guard 419
ARP Inspection 423
Denial of Service Prevention 428
Chapter 20: Security: 802.1X Authentication 439
Overview 439
Properties 453
Cisco 350XG and 550XG Series 10G Stackable Managed Switches Administration Guide 6
Page 8
Contents
Port Authentication 455
Host and Session Authentication 458
Authenticated Hosts 459
Locked Clients 460
Web Authentication Customization 460
Chapter 21: Security: Secure Sensitive Data Management 464
Introduction 464
SSD Management 465
SSD Rules 465
SSD Properties 471
Configuration Files 473
SSD Management Channels 478
Menu CLI and Password Recovery 479
Configuring SSD 479
Chapter 22: Security: SSH Server 483
Overview 483
Common Tasks 484
SSH User Authentication 485
SSH Server Authentication 487
Chapter 23: Security: SSH Client 488
Overview 488
SSH User Authentication 494
SSH Server Authentication 496
Change User Password on the SSH Server 497
Chapter 24: Security: IPv6 First Hop Security 499
IPv6 First Hop Security Overview 500
Cisco 350XG and 550XG Series 10G Stackable Managed Switches Administration Guide 7
Page 9
Contents
Router Advertisement Guard 502
Neighbor Discovery Inspection 503
DHCPv6 Guard 504
Neighbor Binding Integrity 504
Attack Protection 508
Policies, Global Parameters and System Defaults 510
Common Tasks 511
Default Settings and Configuration 514
Before You Start 515
Configuring IPv6 First Hop Security through Web GUI 515
Chapter 25: Access Control 535
Overview 535
MAC-Based ACLs Creation 539
IPv4-based ACL Creation 541
IPv6-Based ACL Creation 546
ACL Binding 550
Chapter 26: Quality of Service 553
QoS Features and Components 554
General 557
QoS Basic Mode 569
QoS Advanced Mode 572
Managing QoS Statistics 583
Chapter 27: SNMP 587
Overview 587
Views 593
Cisco 350XG and 550XG Series 10G Stackable Managed Switches Administration Guide 8
Page 10
Contents
Groups 594
Users 596
Communities 598
Trap Settings 600
Notification Recipients 600
Notification Filter 605
Cisco 350XG and 550XG Series 10G Stackable Managed Switches Administration Guide 9
Page 11

Getting Started

This section provides an introduction to the web-based configuration utility, and covers the following topics:
Starting the Web-based Configuration Utility
Out-Of-Band Port
Basic or Advanced Display Mode
1
Quick Start Device Configuration
Interface Naming Conventions
Window Navigation

Starting the Web-based Configuration Utility

This section describes how to navigate the web-based switch configuration utility.
If you are using a pop-up blocker, make sure it is disabled.

Browser Restrictions

If you are using IPv6 interfaces on your management station, use the IPv6 global address and not the IPv6 link local address to access the device from your browser.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 10
Page 12
Getting Started
Starting the Web-based Configuration Utility

Launching the Configuration Utility

To open the web-based configuration utility:
STEP 1 Open a Web browser.
STEP 2 Enter the IP address of the device you are configuring in the address bar on the
browser, and then press Enter.
NOTE When the device is using the factory default IP address of 192.168.1.254, its system
LED flashes continuously. When the device is using a DHCP-assigned IP address or an administrator-configured static IP address, the system LED is on solid.
By factory default, the device has DHCP enabled on all ports, including the Out of Band (OOB) port, and the default IP address 192.168.1.254 is configured to the OOB port of the device. To access the device with the IP address configured on the OOB port, make sure the OOB port is connected to your network or PC.
1

Logging In

The default username/password is cisco/cisco. The first time that you log in with the default username and password, you are required to enter a new password.
NOTE If you have not previously selected a language for the GUI, the language of the Login
page is determined by the language(s) requested by your browser and the languages configured on your device. If your browser requests Chinese, for example, and Chinese has been loaded into your device, the Login page is automatically displayed in Chinese. If Chinese has not been loaded into your device, the Login page appears in English.
The languages loaded into the device have a language and country code (en-US, en-GB and so on). For the Login page to be automatically displayed in a particular language, based on the browser request, both the language and country code of the browser request must match those of the language loaded on the device. If the browser request contains only the language code without a country code (for example: fr). The first embedded language with a matching language code is taken (without matching the country code, for example: fr_CA).
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 11
Page 13
1
Getting Started
Starting the Web-based Configuration Utility
To log in to the device configuration utility:
STEP 1 Enter the username/password. The password can contain up to 64 ASCII
characters. Password-complexity rules are described in Password Strength.
STEP 2 If you are not using English, select the desired language from the Language drop-
down menu. To add a new language to the device or update a current one, see the description of the Language Menu described in Application Header.
STEP 3 If this is the first time that you logged on with the default user ID (cisco) and the
default password (cisco) or your password has expired, the Change Password Page appears. See Password Expiration for additional information.
STEP 4 Choose whether to select Password Complexity Settings in the Password
Strength page.
STEP 5 Enter the new password and click Apply.
When the login attempt is successful, the Getting Started page appears.
If you entered an incorrect username or password, an error message appears and the Login page remains displayed on the window.
Select Don't show this page on startup to prevent the Getting Started page from being displayed each time that you log on to the system. If you select this option, the System Summary page is opened instead of the Getting Started page.

HTTP/HTTPS

You can either open an HTTP session (not secured) by clicking Log In, or you can open an HTTPS (secured) session, by clicking Secure Browsing (HTTPS). You are asked to approve the logon with a default RSA key, and an HTTPS session is opened.
NOTE There is no need to input the username/password prior to clicking the Secure
Browsing (HTTPS) button.
For information on how to configure HTTPS, see SSL Server.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 12
Page 14
Getting Started
!
Starting the Web-based Configuration Utility

Password Expiration

The New Password page is displayed in the following cases:
The first time that you access the device with the default username cisco
and password cisco. This page forces you to replace the factory default password.
When the password expires, this page forces you to select a new
password.

Logging Out

By default, the application logs out after ten minutes of inactivity. You can change this default value as described in the Defining Idle Session Timeout section.
1
CAUTION Unless the Running Configuration is copied to the Startup Configuration, rebooting
the device removes all changes made since the last time the file was saved. Save the Running Configuration to the Startup Configuration before logging off to preserve any changes you made during this session.
A flashing red X icon to the left of the Save application link indicates that Running Configuration changes have not yet been saved to the Startup Configuration file. The flashing can be disabled by clicking on the Disable Save Icon Blinking button on the Copy/Save Configuration page
When the device auto-discovers a connected device, such as an IP phone (see
What is a Smartport), and it configures the port appropriately for the device.
These configuration commands are written to the Running Configuration file. This causes the Save icon to begin blinking when the you log on, even though you did not make any configuration changes.
When you click Save, the Copy/Save Configuration page appears. Save the Running Configuration file by copying it to the Startup Configuration file. After this save, the red X icon and the Save application link are no longer displayed.
To logout, click Logout in the top right corner of any page. The system logs out of the device.
When a timeout occurs or you intentionally log out of the system, a message is displayed and the Login page appears, with a message indicating the logged-out state. After you log in, the application returns to the initial page.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 13
Page 15
1
The initial page displayed depends on the “Do not show this page on startup” option in the Getting Started page. If you did not select this option, the initial page is the Getting Started page. If you did select this option, the initial page is the
System Summary page.

Out-Of-Band Port

The switch supports an Out-of-Band (OOB) port. This port is used for the management network. The out-of-band and the in-band ports share the same IP routing table, therefore you cannot use the same subnet on both in-band and out­of-band interfaces.
The IP address assigned to this port cannot be assigned to the in-band ports at the same time. In addition, the IP address assigned to the OOB port must not belong to any IP subnet configured at the in-band interfaces of the devices.
Getting Started
Out-Of-Band Port
By default, the OOB port is configured with the default IP address 192.168.1.254. This default IP address is used when no other address was assigned (dynamically or statically). This sub net is a reserved one and cannot be assigned on the in­band interfaces.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 14
Page 16
Getting Started

Basic or Advanced Display Mode

Basic or Advanced Display Mode
The device supports the following display modes:
Basic—Basic subset of configuration options are available. If you are
missing some configuration option, select the Advanced mode in the device header.
Advanced—Full set of configuration options are available.

Quick Start Device Configuration

For quick initial setup, you can use the configuration wizards described in VLAN
Configuration Wizard or use the links on the Getting Started page, as described
below:.
1
Category Link Name (on the Page) Linked Page
Initial Setup
Device Status System Summary System Summary
Quick Access Change Device Password User Accounts
Manage Stack Stack Management
Change Management Applications and Services
Change Device IP Address IPv4 Interface
Create VLAN VLAN Settings
Configure Port Settings Port Settings
Port Statistics Interfaces
RMON Statistics Statistics
View Log RAM Memory
Upgrade Device Software Firmware Operations
Backup Device Configuration File Operations
TCP/UDP Services
Create MAC-Based ACL MAC-Based ACLs Creation
Create IP-Based ACL IPv4-based ACL Creation
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 15
Page 17
1
Category Link Name (on the Page) Linked Page
Configure QoS QoS Properties
Configure Port Mirroring Port and VLAN Mirroring
There are two hot links on the Getting Started page that take you to Cisco web pages for more information. Clicking on the Support link takes you to the device product support page, and clicking on the Forums link takes you to the Support Community page.

Interface Naming Conventions

Within the GUI, interfaces are denoted by concatenating the following elements:
Getting Started
Interface Naming Conventions
Type of interface: The following types of interfaces are found on the
various types of devices:
- Ten Gigabit Ethernet ports (1000/10,000 Mbps)—The se are
displayed as XG.
- Out-of-Band Port—This is displayed as OOB.
- LAG (Port Channel)—These are displayed as LAG.
- VLAN—These are displayed as VLAN.
- Tunnel —These are displayed as Tunnel.
Unit Number—Number of the unit in the stack.
Slot Number—The slot number is always 0.
Interface Number: Port, LAG, tunnel, or VLAN ID.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 16
Page 18
Getting Started

Window Navigation

Window Navigation
This section describes the features of the web-based switch configuration utility.

Application Header

The Application Header appears on every page. It provides the following application links:
1
Application Link Name
Username Displays the name of the user logged on to the device. The
Description
A flashing red X icon displayed to the left of the Save application link indicates that Running Configuration changes have been made that have not yet been saved to the Startup Configuration file. The flashing of the red X can be disabled on the Copy/Save Configuration page.
Click Save to display the Copy/Save Configuration page. Save the Running Configuration file by copying it to the Startup Configuration file type on the device. After this save, the red X icon and the Save application link are no longer displayed. When the device is rebooted, it copies the Startup Configuration file type to the Running Configuration and sets the device parameters according to the data in the Running Configuration.
default username is cisco. (The default password is cisco).
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 17
Page 19
1
Getting Started
Window Navigation
Application Link Name
Language Menu This menu provides the following options:
Description
Select a language: Select one of the languages that
appear in the menu. This language will be the web­based configuration utility language.
Download Language: Add a new language to the
device.
Delete Language: Deletes the second language on
the device. The first language (English) cannot be deleted.
Debug: Used for translation purposes. If you select
this option, all web-based configuration utility labels disappear and in their place are the IDs of the strings that correspond to the IDs in the language file.
NOTE To upgrade a language file, use the Upgrade/
Backup Firmware/Language page.
Logout Click to log out of the web-based switch configuration
utility.
About Click to display the device name and device version
number.
Help Click to display the online help.
The SYSLOG Alert Status icon appears when a SYSLOG message, above the critical severity level, is logged. Click the icon to open the RAM Memory page. After you access this page, the SYSLOG Alert Status icon is no longer displayed. To display the page when there is not an active SYSLOG message, Click Status and Statistics > View Log > RAM Memory.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 18
Page 20
Getting Started
Window Navigation
1

Management Buttons

The following table describes the commonly-used buttons that appear on various pages in the system.
Button Name Description
Use the pull-down menu to configure the number of entries per page.
Indicates a mandatory field.
Add Click to display the related Add page and add an entry to a
table. Enter the information and click Apply to save it to the Running Configuration. Click Close to return to the main page. Click Save to display the Copy/Save Configuration page and save the Running Configuration to the Startup Configuration file type on the device.
Apply Click to apply changes to the Running Configuration on the
device. If the device is rebooted, the Running Configuration is lost, unless it is saved to the Startup Configuration file type or another file type. Click Save to display the Copy/Save Configuration page and save the Running Configuration to the Startup Configuration file type on the device.
Cancel Click to reset changes made on the page.
Clear Filter Click to clear filter to select information displayed.
Clear All Interfaces Counters
Clear Interface Counters
Clear Logs Clears log files.
Clear Table Clears table entries.
Close Returns to main page. If any changes were not applied to
Click to clear the statistic counters for all interfaces.
Click to clear the statistic counters for the selected interface.
the Running Configuration, a message appears.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 19
Page 21
1
Getting Started
Window Navigation
Button Name Description
Copy Settings A table typically contains one or more entries containing
configuration settings. Instead of modifying each entry individually, it is possible to modify one entry and then copy the selected entry to multiple entries, as described below:
1. Select the entry to be copied. Click Copy Settings to display the popup.
2. Enter the destination entry numbers in the to field.
3. Click Apply to save the changes and click Close to return to the main page.
Delete After selecting an entry in the table, click Delete to
remove.
Details Click to display the details associated with the entry
selected.
Edit Select the entry and click Edit. The Edit page appears,
and the entry can be modified.
1. C li ck Apply to save the changes to the Running Configuration.
2. Click Close to return to the main page.
Go Enter the query filtering criteria and click Go. The results
are displayed on the page.
Refresh Click Refresh to refresh the counter values.
Te st Click Te st to perform the related tests.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 20
Page 22
2

Cisco 350XG & 550XG Series 10G Stackable Managed Switches Dashboard

This section describes the device dashboard.
The dashboard consists of the following sections:
Overview
System Health
Resource Utilization
Identification
Latest Logs
Suspended Interfaces
Stack Topology
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 21
Page 23
Cisco 350XG & 550XG Series 10G Stackable Managed Switches Dashboard

Overview

Overview
The dashboard is a collection of 8 squares, initially empty, that can be populated by various types of information., as shown below (only 4 of the 8 squares are shown in the screen capture below):
2
You can select a number of modules from the available modules and place them in this grid. You can also customize settings of the currently-displayed modules.
When the dashboard loads, the modules you selected for the dashboard are loaded in their locations in the grid. The data in the modules is updated periodically, in intervals depending on the module type. These intervals are configurable for some modules.

Grid Management

Customize the contents of the grid by clicking on Customize on the right of the screen., as shown below:
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 22
Page 24
Cisco 350XG & 550XG Series 10G Stackable Managed Switches Dashboard
Grid Management
When opening the panel, the regular view of the modules in the screen is replaced by a wire frame view of the grid., as shown below (only 2 squares shown in the following screen capture):
You can add modules to the grid by selecting a module from the list of modules on the right and dragging and dropping it in any space in the grid.
2
Small Modules are modules that take up a single square while Large Modules
take up two squares.
If the space selected for the module is currently occupied, the module occupying the space is replaced by the new one.
You can re-arrange the placement of the modules in the grid by dragging a module from one occupied grid position to another position. The module can be dropped in an unoccupied spot, or in a spot occupied by a module of the same size. If the selected spot is occupied, the modules switch places.
The following is a possible configuration of the dashboard.:
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 23
Page 25
Cisco 350XG & 550XG Series 10G Stackable Managed Switches Dashboard

System Health

When you click Done (in the right-hand corner), the modules are populated by the relevant information., as shown below:
The title bar of each module in the dashboard displays the title of the module and three buttons:
These button perform the following:
2
System Health
Pencil — Opens configuration options.
Refresh — Refresh the information.
X — Remove the module from the dashboard.
This module displays graphic information for a standalone device or each device in the stack..
The following icons are shown:
Fan Icon—Green if the fan is operational; Red if the fan is faulty.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 24
Page 26
Cisco 350XG & 550XG Series 10G Stackable Managed Switches Dashboard

Resource Utilization

Thermometer Icon
- Temperature is OK—Green with a nearly empty thermometer.
- Temperature generates a warning—Yellow with a half full thermometer.
- Temperature is critical—Red with a full thermometer.
The following configuration options (right-hand corner) are available:
Refresh Time—Green if the fan is operational; Red if the fan is faulty.
- No Refresh—Information is not refreshed.
- 1 minute—Information is refreshed every minute.
System Health—Click to open the Health page.
2
Resource Utilization
This module displays the utilization status in terms of a percentage of the various system resources as a bar chart..
The resources monitored are:
Multicast Groups—Percentage of Multicast groups that exist out of the
maximum possible number that are permitted to be defined.
MAC Address Table—Percentage of MAC Address table in use.
Router TCAM—Usage in percentage of router TCAM.
TCAM—Usage in percentage of all TCAM entries.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 25
Page 27
Cisco 350XG & 550XG Series 10G Stackable Managed Switches Dashboard

Identification

CPU—Percentage of CPU being used.
Each bar becomes red if the resource utilization is higher than 80 percent.
Hovering over a bar displays a tooltip displaying the numeric utilization information (used resources/max available).
The following configuration options (right-hand corner) are available:
Refresh Time—Green if the fan is operational; Red if the fan is faulty.
- No Refresh—Information is not refreshed.
- 30 seconds —Information is refreshed every 30 seconds.
- 1 minute—Information is refreshed every minute.
MAC Address Table—Click to open Dynamic Addresses.
2
Identification
TCAM Utilization Information—Click to open TCAM Utilization.
CPU Utilization Information—Click to open CPU Utilization.
This module displays basic information regarding the device and stack.:
It displays the following fields:
System Description—Displays description of the device.
Host Name—Entered in the System Settings page or default is used. Also
can be added in the Getting Started Wizard.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 26
Page 28
Cisco 350XG & 550XG Series 10G Stackable Managed Switches Dashboard

Latest Logs

Firmware Version—Current firmware version running on device.
MAC Address (master unit)—MAC address of the unit.
Serial Number (master unit)—Serial number of the unit.
System Location (if configured)—Entered in the Getting Started Wizard.
System Contact (if configured)—Entered in the Getting Started Wizard.
The following configuration options (right-hand corner) are available:
Refresh Time—Green if the fan is operational; Red if the fan is faulty.
- No Refresh—Information is not refreshed.
- 1 minute—Information is refreshed every minute.
System Settings—Click to open System Settings.
2
Latest Logs
System Summary—Click to open System Summary.
This module contains information about the five latest events logged by the system as SYSLOGs..
The following configuration options (right-hand corner) are available:
Severity Threshold—Described in Log Settings.
Refresh Time—Green if the fan is operational; Red if the fan is faulty.
- No Refresh—Information is not refreshed.
- 1 minute—Information is refreshed every minute.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 27
Page 29
Cisco 350XG & 550XG Series 10G Stackable Managed Switches Dashboard

Suspended Interfaces

View Logs—Click to open RAM Memory.
Suspended Interfaces
This module displays interfaces that have been suspended:.
2
When units are connected in a stack, a drop-down selector enables the user to select the device to be viewed. All suspended ports in the device are shown as red.
Hovering over a suspended port displays a tooltip with the following information:
Port name.
If the port is a member of a LAG, the LAG identity of the port.
The suspension reason if it is suspended.
The following configuration options (right-hand corner) are available:
Display Mode—The following options are available:
- Device View—Information is displayed as shown above.
- Table View—Information is displayed in table form. as shown below:
In table view there is no need to select a specific stack unit.
- Interface—Port or LAG that was suspended
- Suspension Reason—Reason interface was suspended
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 28
Page 30
Cisco 350XG & 550XG Series 10G Stackable Managed Switches Dashboard

Stack Topology

- Auto-recovery current status—Has auto recovery been enable for the
feature that caused the suspension.
Refresh Time—Green if the fan is operational; Red if the fan is faulty.
- No Refresh—Information is not refreshed.
- 30 seconds —Information is refreshed every 30 seconds.
- 1 minute—Information is refreshed every minute.
Error Recovery Settings—Click to open Error Recovery Settings.
Stack Topology
This module is a graphic representation of the stack topology and is identical in behavior to the Stack Topology View section in the Stack Management screen.
2
Hovering over a unit in the module displays a tooltip identifying the unit and providing basic information on its stacking ports.
Hovering over a stack connection in the module displays a tooltip detailing the connected units and the stacking ports generating the connection.
The following configuration options (right-hand corner) are available:
Refresh Time—Green if the fan is operational; Red if the fan is faulty.
- No Refresh—Information is not refreshed.
- 1 minute—Information is refreshed every minute.
Stack Management—Click to open Stack Management.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 29
Page 31

Configuration Wizards

This section describes the following configuration wizards:
It covers the following topics:
Getting Started Wizard
VLAN Configuration Wizard
3

Getting Started Wizard

This wizard assists in the initial configuration of the device.
STEP 1 Click Configuration Wizards > Getting Started Wizard.
STEP 2 Click Launch Wizard and Next.
STEP 3 Enter the fields:
System Location—Enter the physical location of the device.
System Contact—Enter the name of a contact person.
Host Name—Select the host name of this device. This is used in the prompt
of CLI commands:
- Use Default—The default hostname (System Name) of these switches is:
switch123456, where 123456 represents the last three bytes of the device MAC address in hex format.
- User Defined—Enter the hostname. Use only letters, digits, and hyphens.
Host names cannot begin or end with a hyphen. No other symbols, punctuation characters, or blank spaces are permitted (as specified in RFC1033, 1034, 1035).
STEP 4 Click Next.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches, Firmware Release 1.0.0.x 27
Page 32
Configuration Wizards
Getting Started Wizard
STEP 5 Enter the fields:
3
Interface—Select the IP interface for the system.
IP Interface Source—Select one of the following options:
- DHCP—Select for the device to receive its IP address from a DHCP
server.
- Static—Select to enter the IP address of the device manually.
If you selected Static as the IP address type, enter the following fields:
IP Address—IP address of the interface.
Network Mask—IP mask for this address.
Default Gateway—Enter the default gateway IP address.
DNS Server—Enter the IP address of the DNS server.
STEP 6 Click Next
STEP 7 Enter the fields:
Username—Enter a new user name between 0 and 20 characters. UTF-8
characters are not permitted.
Password—Enter a password (UTF-8 characters are not permitted). If the
password strength and complexity is defined, the user password must comply with the policy configured in Password Strength.
Confirm Password—Enter the password again.
Password Strength—Displays the strength of password. The policy for
password strength and complexity are configured in the Password
Strength page.
Keep current username and password—Select to keep current username
and password.
STEP 8 Click Next
STEP 9 Enter the fields:
Clock Source—Select one of the following:
- Manual Settings—Select to enter the device system time. If this is
selected, enter the Date and Time.
- Default SNTP Servers—Select to use the default SNTP servers.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches, Firmware Release 1.0.0.x 28
Page 33
Configuration Wizards

VLAN Configuration Wizard

NOTE The default SNTP servers are defined by name, thus DNS must be
configured and operational (DNS server configured and reachable). This is done in DNS Settings.
- Manual SNTP Server—Select and enter the IP address of an SNTP
server.
STEP 10 Click Next to view a summary of configuration that you entered.
STEP 11 Click Apply to save the configuration data.
VLAN Configuration Wizard
3
This wizard assists in configuring VLANs. Each time you run this wizard, you can configure ports membership in a single VLAN. The first steps are for Trunk port mode (where you configure trunk ports tagged and untagged ports), and then you configure Access port mode.
STEP 1 Click Configuration Wizards > VLAN Configuration Wizard.
STEP 2 Click Launch Wizard and Next.
STEP 3 Click Next.
STEP 4 Select the ports that are to be configured as trunk port (by clicking with mouse on
the required ports in the graphical display). Ports that are already configured as Trunk ports are pre-selected.
STEP 5 Click Next.
STEP 6 Enter the fields:
VLAN ID—Select the VLAN you want to configure. You can select either an
existing VLAN or New VLAN.
New VLAN ID—Enter the VLAN ID of a new VLAN.
VLAN Name—Optionally, enter VLAN name.
STEP 7 Select the trunk ports that are to be configured as untagged members of the
VLAN (by clicking with mouse on the required ports in the graphical display). The trunk ports that are not selected in this step becomes tagged members of the VLAN.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches, Firmware Release 1.0.0.x 29
Page 34
Configuration Wizards
VLAN Configuration Wizard
STEP 8 Click Next.
STEP 9 Select the ports are that to be the access ports of the VLAN. Access ports of a
STEP 10 Click Next to see the summary of the information that you entered.
STEP 11 Click Apply.
3
VLAN is untagged member of the VLAN. (by clicking with mouse on the required ports in the graphical display).
Cisco 350XG & 550XG Series 10G Stackable Managed Switches, Firmware Release 1.0.0.x 30
Page 35

Status and Statistics

This section describes how to view device statistics.
It covers the following topics:
System Summary
CPU Utilization
Interfaces
4
Etherlike
GVRP
802.1X EAP
ACL
TCAM Utilization
Health
Port and VLAN Mirroring
Diagnostics
RMON
View Logs
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 31
Page 36
Status and Statistics

System Summary

System Summary
The System Summary page provides a graphic view of the device, and displays device status, hardware information, firmware version information, general PoE status, and other items.
To view system information, click Status and Statistics > System Summary.
System Information:
System Description—A description of the system.
System Location—Physical location of the device. Click Edit to go the
System Contact—Name of a contact person. Click Edit to go the System
4
System Settings page to enter this value.
Settings page to enter this value.
Host Name—Name of the device. Click Edit to go the System Settings
page to enter this value. By default, the device hostname is composed of the word switch concatenated with the three least significant bytes of the device MAC address (the six furthest right hexadecimal digits).
System Object ID—Unique vendor identification of the network
management subsystem contained in the entity (used in SNMP).
System Uptime—Time that has elapsed since the last reboot.
Current Time—Current system time.
Base MAC Address—Device MAC address. If there are several units in the
stack, the base MAC address of the master unit is displayed.
Jumbo Frames—Jumbo frame support status. This support can be
enabled or disabled by using the Port Settings page.
NOTE Jumbo frames support takes effect only after it is enabled, and after
the device is rebooted.
Software Information:
Firmware Version (Active Image)—Firmware version number of the active
image.
NOTE In a stack, the Firmware Version number shown is based on the
version of the master.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 32
Page 37
Status and Statistics

CPU Utilization

4
Firmware MD5 Checksum (Active Image)—MD5 checksum of the active
image.
Firmware Version (Non-active)—Firmware version number of the non-
active image. If the system is in a stack, the version of the master unit is displayed.
Firmware MD5 Checksum (Non-active)—MD5 checksum of the non-
active image.
Locale—Locale of the first language. (This is always English.)
Language Version—Language package version of the first or English
language.
Language MD5 Checksum—MD5 checksum of the language file.
TCP/UDP Services Status:
CPU Utilization
To reset the following fields, click Edit to open the TCP/UDP Services page.
HTTP Service—Whether HTTP is enabled/disabled.
HTTPS Service—Whether HTTPS is enabled/disabled.
SNMP Service—Whether SNMP is enabled/disabled.
Tel ne t S er vi c e—Whether Telnet is enabled/disabled.
SSH Service—Whether SSH is enabled/disabled.
The device CPU handles the following types of traffic, in addition to end-user traffic handling the management interface:
Management traffic
Protocol traffic
Snooping traffic
Excessive traffic burdens the CPU, and might prevent normal device operation. The device uses the Secure Core Technology (SCT) feature to ensure that the device receives and processes management and protocol traffic, no matter how much total traffic is received be disabled.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 33
. SCT is enabled by default on the device and cannot
Page 38
Status and Statistics

Interfaces

STEP 1 Click Status and Statistics > CPU Utilization.
STEP 2 Ensure that the CPU Utilization checkbox is enabled.
STEP 3 Select the Refresh Rate (time period in seconds) that passes before the statistics
STEP 4 Click Apply.
4
There are no interactions with other features.
To display CPU utilization:
The CPU Input Rate field displays the rate of input frames to the CPU per second.
The window contains a graph of the CPU utilization. The Y axis is percentage of usage, and the X axis is the sample number.
are refreshed. A new sample is created for each time period.
Interfaces
STEP 1 Click Status and Statistics > Interface.
STEP 2 Enter the parameters.
The Interface page displays traffic statistics per port. The refresh rate of the information can be selected.
This page is useful for analyzing the amount of traffic that is both sent and received and its dispersion (Unicast, Multicast, and Broadcast).
To display Ethernet statistics and/or set the refresh rate:
Interface—Select the interface for which Ethernet statistics are to be
displayed.
Refresh Rate—Select the time period that passes before the interface
Ethernet statistics are refreshed.
The Receive Statistics area displays information about incoming packets.
Tot al By te s (O c te ts ) —Octets received, including bad packets and FCS
octets, but excluding framing bits.
Unicast Packets—Good Unicast packets received.
Multicast Packets—Good Multicast packets received.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 34
Page 39
Status and Statistics

Etherlike

STEP 3 To clear or view statistics counters:
4
Broadcast Packets—Good Broadcast packets received.
Packets with Errors—Packets with errors received.
The Transmit Statistics area displays information about outgoing packets.
Tot al By te s (O c te ts ) —Octets transmitted, including bad packets and FCS
octets, but excluding framing bits.
Unicast Packets—Good Unicast packets transmitted.
Multicast Packets—Good Multicast packets transmitted.
Broadcast Packets—Good Broadcast packets transmitted.
Click Clear Interface Counters to clear counters for the interface displayed.
Etherlike
Click View All Interfaces Statistics to see all ports on a single page.
The Etherlike page displays statistics per port according to the Etherlike MIB standard definition. The refresh rate of the information can be selected. This page provides more detailed information regarding errors in the physical layer (Layer 1) that might disrupt traffic.
To view Etherlike Statistics and/or set the refresh rate:
STEP 1 Click Status and Statistics > Etherlike.
STEP 2 Enter the parameters.
Interface—Select the specific interface for which Ethernet statistics are to
be displayed.
Refresh Rate—Select the amount of time that passes before the Etherlike
statistics are refreshed.
The fields are displayed for the selected interface.
Frame Check Sequence (FCS) Errors—Received frames that failed the
CRC (cyclic redundancy checks).
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 35
Page 40
Status and Statistics

GVRP

4
Single Collision Frames—Frames that were involved in a single collision,
but were successfully transmitted.
Late Collisions—Collisions that have been detected after the first 512 bits
of data.
Excessive Collisions—Transmissions rejected due to excessive collisions.
Oversize Packets—Packets greater than 2000 octets received.
Internal MAC Receive Errors—Frames rejected because of receiver errors.
Pause Frames Received—Received flow control pause frames. This field is
only supported for XG ports. When the port speed is 1G, the received pause frames counter is not operational.
Pause Frames Transmitted—Flow control pause frames transmitted from
the selected interface.
GVRP
STEP 3 To clear statistics counters:
Click Clear Interface Counters to clear the selected interfaces counters.
Click View All Interfaces Statistics to see all ports on a single page.
The GVRP page displays information regarding GARP VLAN Registration Protocol (GVRP) frames that were sent or received from a port. GVRP is a standards-based Layer 2 network protocol, for automatic configuration of VLAN information on switches. It is defined in the 802.1ak amendment to 802.1Q-2005.
GVRP statistics for a port are only displayed if GVRP is enabled globally and on the port. See the GVRP Settings page.
To view GVRP statistics and/or set the refresh rate:
STEP 1 Click Status and Statistics > GVRP.
STEP 2 Enter the parameters.
Interface—Select the specific interface for which GVRP statistics are to be
displayed.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 36
Page 41
Status and Statistics

802.1X EAP

4
Refresh Rate—Select the time period that passes before the GVRP page is
refreshed.
The Attribute Counter block displays the counters for various types of packets per interface.
Join Empty—GVRP Join Empty packets received/transmitted.
Empty—GVRP empty packets received/transmitted.
Leave Empty—GVRP Leave Empty packets received/transmitted.
Join In—GVRP Join In packets received/transmitted.
Leave In—GVRP Leave In packets received/transmitted.
Leave All—GVRP Leave All packets received/transmitted.
The GVRP Error Statistics section displays the GVRP error counters.
STEP 3 To clear statistics counters:
802.1X EAP
Invalid Protocol ID—Invalid protocol ID errors.
Invalid Attribute Type—Invalid attribute ID errors.
Invalid Attribute Value—Invalid attribute value errors.
Invalid Attribute Length—Invalid attribute length errors.
Invalid Event—Invalid events.
Click Clear Interface Counters to clear the selected counters.
Click View All Interfaces Statistics to see all ports on a single page.
The 802.1x EAP page displays detailed information regarding the EAP (Extensible Authentication Protocol) frames that were sent or received. To configure the
802.1X feature, see the Properties page.
To view the EAP Statistics and/or set the refresh rate:
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 37
Page 42
Status and Statistics
802.1X EAP
STEP 1 Click Status and Statistics > 802.1x EAP.
STEP 2 Select the Interface that is polled for statistics.
STEP 3 Select the Refresh Rate (time period) that passes before the EAP statistics are
4
refreshed.
The values are displayed for the selected interface.
EAPOL Frames Received—Valid EAPOL frames received on the port.
EAPOL Frames Transmitted—Valid EAPOL frames transmitted by the port.
EAPOL Start Frames Received—EAPOL Start frames received on the port.
EAPOL Logoff Frames Received—EAPOL Logoff frames received on the
port.
EAP Response/ID Frames Received—EAP Resp/ID frames received on the
port.
EAP Response Frames Received—EAP Response frames received by the
port (other than Resp/ID frames).
EAP Request/ID Frames Transmitted—EAP Req/ID frames transmitted by
the port.
EAP Request Frames Transmitted—EAP Request frames transmitted by
the port.
Invalid EAPOL Frames Received—Unrecognized EAPOL frames received
on this port.
EAP Length Error Frames Received—EAPOL frames with an invalid Packet
Body Length received on this port.
Last EAPOL Frame Version—Protocol version number attached to the most
recently received EAPOL frame.
Last EAPOL Frame Source—Source MAC address attached to the most
recently received EAPOL frame.
STEP 4 To clear statistics counters:
Click Clear Interface Counters to clear the selected interfaces counters.
Click View All Interfaces Statistics to clear the counters of all interfaces.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 38
Page 43
Status and Statistics
ACL
ACL
STEP 1 Click Status and Statistics > ACL.
STEP 2 Select the Refresh Rate (time period in seconds) that passes before the page is
4
When the ACL logging feature is enabled, an informational SYSLOG message is generated for packets that match ACL rules.
To view the interfaces on which packets were forward or rejected based on ACLs:
refreshed. A new group of interfaces is created for each time period.
The following information is displayed:
Global Trapped Packet Counter—Number of packets trapped globally due
to lack of resources.
STEP 3 To manage statistics counters:

TCAM Utilization

TCAM holds the rules produced by applications, such as ACLs (Access Control Lists), Quality of Service (QoS), while Router TCAM holds the rules for IP Routing and user-created rules.
Some applications allocate rules upon their initiation. Additionally, processes that initialize during system boot use some of their rules during the startup process.
Tra pp ed P ac ke ts - Por t/L AG Bas ed—The interfaces on which packets were
forwarded or rejected based on ACL rules.
Trapped Packets - VLAN Based—The VLANs on which packets were
forwarded or rejected based on ACL rules.
Click Clear Counters to clear the counters of all interfaces.
To view TCAM utilization, click Status and Statistics > TCAM Utilization.
The TCAM Utilization page shows the following fields:
Unit No—Unit in stack for which TCAM utilization appears. This is not
displayed when the device is in not part of a stack.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 39
Page 44
Status and Statistics
TCAM Utilization
4
Maximum TCAM Entries for Routing and Multicast Routing—Maximum
router TCAM entries available for routing and Multicast Routing.
IPv4 Routing
- In Use—Number of router TCAM entries used for IPv4 routing.
- Maximum—Number of available router TCAM entries that can be used
for IPv4 routing.
IPv4 Multicast Routing
- In Use—Number of router TCAM entries used for IPv4 Multicast routing.
- Maximum—Number of available router TCAM entries that can be used
for IPv4 Multicast routing.
IPv6 Routing
- In Use—Number of router TCAM entries used for IPv6 Multicast routing.
- Maximum—Number of available router TCAM entries that can be used
for IPv6 Multicast routing.
IPv6 Multicast Routing—Number of router TCAM entries used for IPv6
routing.
- In Use—Number of Router TCAM entries used for IPv6 routing.
- Maximum—Number of available Router TCAM entries that can be used
for IPv6 routing.
Maximum TCAM Entries for Non-IP Rules—Maximum TCAM entries
available for non-IP rules.
Non-IP Rules
- In Use—Number of TCAM entries used for non-IP rules.
- Maximum—Number of available TCAM entries that can be used for non-
IP rules.
To view how the allocation among various processes can be changed, see the
Routing Resources section.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 40
Page 45
Status and Statistics

Health

Health
4
The Health page monitors the temperature status, power supply status and fan status on all devices with fans. Depending on the model, there are one or more fans on a device. Some models have no fans at all.
Some devices have a temperature sensor to protect its hardware from overheating. In this case, the following actions are performed by the device if it overheats and during the cool down period after overheating:
Event Action
At least one temperature sensor exceeds the Warning threshold
At least one temperature sensor exceeds the Critical threshold
The following are generated:
SYSLOG message
SNMP trap
The following are generated:
SYSLOG message
SNMP trap
The following actions are performed:
System LED is set to solid amber (if hardware
supports this).
Disable Ports — When the Critical
temperature has been exceeded for two minutes, all ports will be shut down.
(On devices that support PoE) Disable the
PoE circuitry so that less power is consumed and less heat is emitted.
Cool down period after the Critical threshold was exceeded (all sensors are lower than the Warning threshold - 2 °C).
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 41
After all the sensors cool down to Warning Threshold minus 2 degree C, the PHY will be re­enabled, and all ports brought back up.
If FAN status is OK, the ports are enabled.
(On devices that support PoE) the PoE circuitry is enabled.
Page 46
Status and Statistics
Health
4
To view the device health parameters, click Status and Statistics > Health.
The Health page displays the following fields:
Unit No.—Displays the unit number.
Fan Status—The following values are possible:
- OK—Fan is operating normally.
- Failure—Fan is not operating correctly.
- N/A—Fan ID is not applicable for the specific model.
Redundant Fan Status—(Only supported on 550 family) The following
values are possible:
- Ready—Redundant fan is operational but not required.
- Active—One of the main fans is not working and this fan is replacing it.
- Failure—Redundant fan is not operating correctly.
Te mp e rat ur e—The options are :
- OK—The temperature is below the warning threshold.
- Warning—The temperature is between the warning threshold to the
critical threshold.
- Critical—Temperature is above the critical threshold.
- N/A—Not relevant.
Power Supply Status—The options are:
- Main—Displays one of the following:
Active—Power supply is being used.
Failure—Main power has failed.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 42
Page 47
Status and Statistics

Port and VL AN Mirroring

- Redundant—Provides the status of the redundant power supply.
Displays one of the following:
Active—Redundant Power Supply (RPS) supply is being used.
Available—RPS is connected but is not being used.
Not Available—RPS is connected but is already providing power to other devices.
Not Connected—The RPS is not connected.
Present—The RPS is connected.
Port and VLAN Mirroring
4
Port mirroring is used on a network device to send a copy of network packets seen on a single device port, multiple device ports, or an entire VLAN to a network monitoring connection on another port on the device. This is commonly used for network appliances that require monitoring of network traffic, such as an intrusion­detection system. A network analyzer connected to the monitoring port processes the data packets for diagnosing, debugging, and performance monitoring.
Up to eight sources can be mirrored. This can be any combination of eight individual ports and/or VLANs.
A packet that is received on a network port assigned to a VLAN that is subject to mirroring is mirrored to the analyzer port even if the packet was eventually trapped or discarded. Packets sent by the device are mirrored when Transmit (Tx) mirroring is activated.
Mirroring does not guarantee that all traffic from the source port(s) is received on the analyzer (destination) port. If more data is sent to the analyzer port than it can support, some data might be lost.
VLAN mirroring is not active on a VLAN that was not manually created. For example, if VLAN 23 was created by GVRP, and you manually created VLAN 34, and you create port mirroring that includes VLAN 23, VLAN 34, or both, and later on delete VLAN 34, the status in port mirroring is set to Not Ready, because the VLAN34 is no longer in the database and VLAN23 was not created manually.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 43
Page 48
Status and Statistics
Port and VL AN Mirroring
STEP 1 Click Status and Statistics > Port and VLAN Mirroring.
4
Only one instance of mirroring is supported system-wide. The analyzer port (or target port for VLAN mirroring or port mirroring) is the same for all the mirrored VLANs or ports.
To enable mirroring:
The following fields are displayed:
Destination Port—Port to which traffic is to be copied; the analyzer port.
Source Interface—Interface, port, or VLAN from which traffic is sent to the
analyzer port.
Type—Type of monitoring: incoming to the port (Rx), outgoing from the port
(Tx), or both.
Status— Displays one of the following values:
- Active—Both source and destination interfaces are up and forwarding
traffic.
- Not Ready—Either source or destination (or both) are down or not
forwarding traffic for some reason.
STEP 2 Click Add to add a port or VLAN to be mirrored.
STEP 3 Enter the parameters:
Destination Port—Select the analyzer port to where packets are copied. A
network analyzer, such as a PC running Wireshark, is connected to this port. If a port is identified as an analyzer destination port, it remains the analyzer destination port until all entries are removed.
Source Interface—Select the source port or source VLAN from where
traffic is to be mirrored.
Type—Select whether incoming, outgoing, or both types of traffic are
mirrored to the analyzer port. If Port is selected, the options are:
- Rx Only—Port mirroring on incoming packets.
- Tx Onl y—Port mirroring on outgoing packets.
- Tx an d Rx—Port mirroring on both incoming and outgoing packets.
STEP 4 Click Apply. Port mirroring is added to the Running Configuration.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 44
Page 49
Status and Statistics

Diagnostics

Diagnostics
4
This section contains information for configuring port mirroring, running cable tests, and viewing device operational information.
It covers the following topics:
Copper Ports Tests
Displaying Optical Module Status

Copper Ports Tests

The Copper Test page displays the results of integrated cable tests performed on copper cables by the Virtual Cable Tester (VCT).
VCT performs two types of tests:
Time Domain Reflectometry (TDR) technology tests the quality and
characteristics of a copper cable attached to a port. Cables of up to 140 meters long can be tested. These results are displayed in the Test Results block of the Copper Test page.
DSP-based tests are performed on active XG links to measure cable length.
These results are displayed in the Advanced Information block of the Copper Test page. This test can run only when the link speed is 10G.
Preconditions to Running the Copper Port Test
Before running the test, do the following:
(Mandatory) Disable Short Reach mode (see the Properties page)
(Optional) Disable EEE (see the Properties page)
Use a CAT6a data cable when testing cables using (VCT).
Accuracy of the test results can have an error range of +/- 10 for Advanced Testing and +/- 2 for basic testing.
CAUTION When a port is tested, it is set to the Down state and communications are
interrupted. After the test, the port returns to the Up state. It is not recommended that you run the copper port test on a port you are using to run the web-based switch configuration utility, because communications with that device are disrupted.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 45
Page 50
Status and Statistics
Diagnostics
STEP 1 Click Status and Statistics > Diagnostics > Copper Test.
STEP 2 Select the port on which to run the test.
STEP 3 Click Copper Test.
STEP 4 When the message appears, click OK to confirm that the link can go down or
4
To test copper cables attached to ports:
Cancel to abort the test.
The following fields are displayed in the Test Results block:
Last Update—Time of the last test conducted on the port.
Test Results—Cable test results. Possible values are:
- OK—Cable passed the test.
- No Cable—Cable is not connected to the port.
- Open Cable—Cable is connected on only one side.
- Short Cable—Short circuit has occurred in the cable.
- Unknown Test Result—Error has occurred.
Distance to Fault—Distance from the port to the location on the cable where
the fault was discovered.
Operational Port Status—Displays whether port is up or down.
The Advanced Information block contains the following information, which is refreshed each time you enter the page:
Cable Length: Provides an estimate for the length.
Pair—Cable wire pair being tested.
Status—Wire pair status. Red indicates fault and Green indicates status OK.
Channel—Cable channel indicating whether the wires are straight or cross-
over.
Polarity—Indicates if automatic polarity detection and correction has been
activated for the wire pair.
Pair Skew—Difference in delay between wire pairs.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 46
Page 51
Status and Statistics
Diagnostics
4

Displaying Optical Module Status

The Optical Module Status page displays the operating conditions reported by the SFP (Small Form-factor Pluggable) transceiver.
The following GE SFP (1000Mbps) transceivers are supported:
MGBBX1: 1000BASE-BX-20U SFP transceiver, for single-mode fiber, 1310
nm wavelength, supports up to 40 km.
MGBLH1: 1000BASE-LH SFP transceiver, for single-mode fiber, 1310 nm
wavelength, supports up to 40 km.
MGBLX1: 1000BASE-LX SFP transceiver, for single-mode fiber, 1310 nm
wavelength, supports up to 10 km.
MGBSX1:1000BASE-SX SFP transceiver, for multimode fiber, 850 nm
wavelength, supports up to 550 m.
MGBT1: 1000BASE-T SFP transceiver for category 5 copper wire, supports
up to 100 m.
The following XG SFP+ (10,000Mbps) transceivers are supported:
Cisco SFP-10GSR
Cisco SFP-10GLRM
Cisco SFP-10GLR
The following XG passive cables (Twinax/DAC) are supported:
Cisco SFP-H10GCU1m
Cisco SFP-H10GCU3m
Cisco SFP-H10GCU5m
To view the results of optical tests, click Status and Statistics > Diagnostics > Optical Module Status.
This page displays the following fields:
Port—Port number on which the SFP is connected.
Description—Description of optical transceiver.
Serial Number—Serial number of optical transceiver.
PID—VLAN ID.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 47
Page 52
Status and Statistics

RMON

4
VID—ID of optical transceiver.
Te mp e rat ur e—Temperature (Celsius) at which the SFP is operating.
Voltage—SFP's operating voltage.
Current—SFP's current consumption.
Output Power—Transmitted optical power.
Input Power—Received optical power.
Transmitter Fault—Remote SFP reports signal loss. Values are True, False,
and No Signal (N/S).
Loss of Signal—Local SFP reports signal loss. Values are True and False.
Data Ready—SFP is operational. Values are True and False
RMON
RMON (Remote Networking Monitoring) enables an SNMP agent in the device to proactively monitor traffic statistics over a given period and send traps to an SNMP manager. The local SNMP agent compares actual, real-time counters against predefined thresholds and generates alarms, without the need for polling by a central SNMP management platform. This is an effective mechanism for proactive management, provided that you have set the correct thresholds relative to your network’s base line.
RMON decreases the traffic between the manager and the device since the SNMP manager does not have to poll the device frequently for information, and enables the manager to get timely status reports, since the device reports events as they occur.
With this feature, you can perform the following actions:
View the current statistics (from the time that the counter values were
cleared). You can also collect the values of these counters over a period of time, and then view the table of collected data, where each collected set is a single line of the History tab.
Define interesting changes in counter values, such as “reached a certain
number of late collisions” (defines the alarm), and then specify what action to perform when this event occurs (log, trap, or log and trap).
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 48
Page 53
Status and Statistics
RMON
4

Statistics

The Statistics page displays detailed information regarding packet sizes and information regarding physical layer errors. The information is displayed according to the RMON standard. An oversized packet is defined as an Ethernet frame with the following criteria:
Packet length is greater than MRU byte size.
Collision event has not been detected.
Late collision event has not been detected.
Received (Rx) error event has not been detected.
Packet has a valid CRC.
To view RMON statistics and/or set the refresh rate:
STEP 1 Click Status and Statistics > RMON > Statistics.
STEP 2 Select the Interface for which Ethernet statistics are to be displayed.
STEP 3 Select the Refresh Rate, which is the time period that passes before the interface
statistics are refreshed.
The following statistics are displayed for the selected interface.
Bytes Received—Octets received, including bad packets and FCS octets,
but excluding framing bits.
Drop Events—Packets dropped.
Packets Received—Good packets received, including Multicast and
Broadcast packets.
Broadcast Packets Received—Good Broadcast packets received. This
number does not include Multicast packets.
Multicast Packets Received—Good Multicast packets received.
CRC & Align Errors—CRC and Align errors that have occurred.
Undersize Packets—Undersized packets (less than 64 octets) received.
Oversize Packets—Oversized packets (over 2000 octets) received.
Fragments—Fragments (packets with less than 64 octets, excluding
framing bits, but including FCS octets) received.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 49
Page 54
Status and Statistics
RMON
4
Jabbers—Received packets that were longer than 1632 octets. This
number excludes frame bits, but includes FCS octets that had either a bad FCS (Frame Check Sequence) with an integral number of octets (FCS Error) or a bad FCS with a non-integral octet (Alignment Error) number. A Jabber packet is defined as an Ethernet frame that satisfies the following criteria:
- Packet data length is greater than MRU.
- Packet has an invalid CRC.
- Received (Rx) Error Event has not been detected.
Collisions—Collisions received. If Jumbo frames are enabled, the threshold
of Jabber frames is raised to the maximum size of Jumbo frames.
Frames of 64 Bytes—Frames, containing 64 bytes that were received.
Frames of 65 to 127 Bytes—Frames, containing 65-127 bytes that were
received.
Frames of 128 to 255 Bytes—Frames, containing 128-255 bytes that were
received.
Frames of 256 to 511 Bytes—Frames, containing 256-511 bytes that were
received.
Frames of 512 to 1023 Bytes—Frames, containing 512-1023 bytes that
were received.
Frames of 1024 Bytes or More—Frames, containing 1024-2000 bytes, and
Jumbo Frames, that were received.
STEP 4 To clear statistics counters:
Click Clear Interface Counters to clear the selected interfaces counters.
Click View All Interfaces Statistics to see all ports on a single page.

RMON History

The RMON feature enables monitoring statistics per interface.
The History page the port from which to gather the data.
After the data is sampled and stored, it appears in the History Table page that can be viewed by clicking History Table.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 50
defines the sampling frequency, amount of samples to store and
Page 55
Status and Statistics
RMON
STEP 1 Click Status and Statistics > RMON > History. The fields displayed on this page
STEP 2 Click Add.
STEP 3 Enter the parameters.
4
To enter RMON control information:
are defined in the Add RMON History page, below. The only field is that is on this page and not defined in the Add page is:
Current Number of Samples—RMON is allowed by the standard to not
grant all requested samples, but rather to limit the number of samples per request. Therefore, this field represents the sample number actually granted to the request that is equal or less than the requested value.
New History Entry—Displays the number of the new History table entry.
Source Interface—Select the type of interface from which the history
samples are to be taken.
Max No. of Samples to Keep—Enter the number of samples to store.
Sampling Interval—Enter the time in seconds that samples are collected
from the ports. The field range is 1-3600.
Owner—Enter the RMON station or user that requested the RMON
information.
STEP 4 Click Apply. The entry is added to the History Control Table page
Configuration file is updated.
STEP 5 Click History Table (described below) to view the actual statistics.

RMON History Table

The History page displays interface-specific statistical network samplings. The samples were configured in the History Control table described above.
To view RMON history statistics:
STEP 1 Click Status and Statistics > RMON > History.
,
and the Running
STEP 2 Click History Table.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 51
Page 56
Status and Statistics
RMON
STEP 3 From the History Entry No. drop down menu, optionally select the entry number
4
of the sample to display.
The fields are displayed for the selected sample.
Owner—History table entry owner.
Sample No.—Statistics were taken from this sample.
Drop Events—Dropped packets due to lack of network resources during the
sampling interval. This may not represent the exact number of dropped packets, but rather the number of times dropped packets were detected.
Bytes Received—Octets received including bad packets and FCS octets,
but excluding framing bits.
Packets Received—Packets received, including bad packets, Multicast,
and Broadcast packets.
Broadcast Packets—Good Broadcast packets excluding Multicast packets.
Multicast Packets—Good Multicast packets received.
CRC Align Errors—CRC and Align errors that have occurred.
Undersize Packets—Undersized packets (less than 64 octets) received.
Oversize Packets—Oversized packets (over 2000 octets) received.
Fragments—Fragments (packets with less than 64 octets) received,
excluding framing bits, but including FCS octets.
Jabbers—Total number of received packets that were longer than 2000
octets. This number excludes frame bits, but includes FCS octets that had either a bad FCS (Frame Check Sequence) with an integral number of octets (FCS Error) or a bad FCS with a non-integral octet (Alignment Error) number.
Collisions—Collisions received.
Utilization—Percentage of current interface traffic compared to maximum
traffic that the interface can handle.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 52
Page 57
Status and Statistics
RMON
STEP 1 Click Status and Statistics > RMON > Events.
4

RMON Events Control

You can control the occurrences that trigger an alarm and the type of notification that occurs. This is performed as follows:
Events Page—Configures what happens when an alarm is triggered. This
can be any combination of logs and traps.
Alarms Page—Configures the occurrences that trigger an alarm.
To define RMON events:
This page displays previously defined events.
The fields on this page are defined by the Add RMON Events dialog box except for the Time field.
Time—Displays the time of the event. (This is a read-only table in the parent
window and cannot be defined).
STEP 2 Click Add.
STEP 3 Enter the parameters.
Event Entry—Displays the event entry index number for the new entry.
Community—Enter the SNMP community string to be included when traps
are sent (optional). Note that the community must be defined using the
Notification Recipients pages for the trap to reach the Network
Management Station.
Description—Enter a name for the event. This name is used in the Add
RMON Alarm page to attach an alarm to an event.
Notification Type—Select the type of action that results from this event.
Values are:
- None—No action occurs when the alarm goes off.
- Log (Event Log Table)—Add a log entry to the Event Log table when the
alarm is triggered.
- Trap (SNMP Manager and SYSLOG Server)—Send a trap to the remote
log server when the alarm goes off.
- Log and Trap—Add a log entry to the Event Log table and send a trap to
the remote log server when the alarm goes off.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 53
Page 58
Status and Statistics
RMON
STEP 4 Click Apply. The RMON event is saved to the Running Configuration file.
STEP 5 Click Event Log Table to display the log of alarms that have occurred and that have
4
Owner—Enter the device or user that defined the event.
been logged (see description below).

RMON Events Logs

The Events page displays the log of events (actions) that occurred. Two types of events can be logged: Log or Log and Trap. The action in the event is performed when the event is bound to an alarm (see the RMON Alarms page) and the conditions of the alarm have occurred.
STEP 1 Click Status and Statistics > RMON > Events.
STEP 2 Click Event Log Table.
This page displays the following fields:
Event Entry No.—Event’s log entry number.
Log No.—Log number (within the event).
Log Time—Time that the log entry was entered.
Description—Description of event that triggered the alarm.

RMON Alarms

RMON alarms provide a mechanism for setting thresholds and sampling intervals to generate exception events on counters or any other SNMP object counter maintained by the agent. Both the rising and falling thresholds must be configured in the alarm. After a rising threshold is crossed, no rising events are generated until the companion falling threshold is crossed. After a falling alarm is issued, the next alarm is issued when a rising threshold is crossed.
One or more alarms are bound to an event, which indicates the action to be taken when the alarm occurs.
Alarm counters can be monitored by either absolute values or changes (delta) in the counter values.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 54
Page 59
Status and Statistics
RMON
STEP 1 Click Status and Statistics > RMON > Alarms.
STEP 2 Click Add.
STEP 3 Enter the parameters.
4
To enter RMON alarms:
All previously-defined alarms are displayed. The fields are described in the Add RMON Alarm page below. In addition to those fields, the following field appears:
Counter Value—Displays the value of the statistic during the last sampling
period.
Alarm Entry—Displays the alarm entry number.
Interface—Select the type of interface for which RMON statistics are
displayed.
Counter Name—Select the MIB variable that indicates the type of
occurrence measured.
Counter Value—Number of occurrences.
Sample Type—Select the sampling method to generate an alarm. The
options are:
- Absolute—If the threshold is crossed, an alarm is generated.
- Delta—Subtracts the last sampled value from the current value. The
difference in the values is compared to the threshold. If the threshold was crossed, an alarm is generated.
Rising Threshold—Enter the value that triggers the rising threshold alarm.
Rising Event—Select an event to be performed when a rising event is
triggered. Events are configured in the RMON Events Control page.
Falling Threshold—Enter the value that triggers the falling threshold alarm.
Falling Event—Select an event to be performed when a falling event is
triggered.
Startup Alarm—Select the first event from which to start generation of
alarms. Rising is defined by crossing the threshold from a low-value threshold to a higher-value threshold.
- Rising Alarm—A rising value triggers the rising threshold alarm.
- Falling Alarm—A falling value triggers the falling threshold alarm.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 55
Page 60
Status and Statistics

View Logs

STEP 4 Click Apply. The RMON alarm is saved to the Running Configuration file.
View Logs
4
- Rising and Falling—Both rising and falling values trigger the alarm.
Interval—Enter the alarm interval time in seconds.
Owner—Enter the name of the user or network management system that
receives the alarm.
The device can write to the following logs:
Log in RAM (cleared during reboot).
Log in Flash memory (cleared only upon user command).
You can configure the messages that are written to each log by severity, and a message can go to more than one log, including logs that reside on external SYSLOG servers.

RAM Memory

The RAM Memory page displays all messages that were saved in the RAM (cache) in chronological order. Entries are stored in the RAM log according to the configuration in the Log Settings page.
To view log entries, click Status and Statistics > View Log > RAM Memory.
The following are displayed at the top of the page:
Alert Icon Blinking—Toggles between disable and enable.
Current Logging Threshold—Specifies the levels of logging that are
generated. This can be changed by clicking Edit by the field’s name.
This page contains the following fields for every log file:
Log Index—Log entry number.
Log Time—Time when message was generated.
Severity—Event severity.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 56
Page 61
Status and Statistics
View Logs
4
Description—Message text describing the event.
To clear the log messages, click Clear Logs. The messages are cleared.

Flash Memory

The Flash Memory page displays the messages that were stored in the Flash memory, in chronological order. The minimum severity for logging is configured in the Log Settings page. Flash logs remain when the device is rebooted. You can clear the logs manually.
To view the Flash logs, click Status and Statistics > View Log > Flash Memory.
The Current Logging Threshold specifies the levels of logging that are generated. This can be changed by clicking Edit by the field’s name.
This page contains the following fields for each log file:
Log Index—Log entry number.
Log Time—Time when message was generated.
Severity—Event severity.
Description—Message text describing the event.
To clear the messages, click Clear Logs. The messages are cleared.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 57
Page 62

Administration

This section describes how to view system information and configure various options on the device.
It covers the following topics:
Device Models
System Settings
5
Console Settings (Autobaud Rate Support)
Stack Management
User Accounts
Idle Session Timeout
Time Settings
System Log
File Management
Reboot
Discovery - Bonjour
Discovery - LLDP
Discovery - CDP
Ping
Traceroute
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 58
Page 63
Administration

Device Models

Device Models
NOTE See Interface Naming Conventions for port naming conventions.
5
All models can be fully managed through the web-based switch configuration utility.
The following table describes the various models, the number and type of ports on them and their PoE information.
The following are the models in the 550 family.
Model Name Description of Ports on Device
SG550XG-8F8T 16-port Ten Gigabit Stackable
Switch with RPS Support
SG550XG-24T 24-port 10GBase-T Stackable
Switch(2 combo) with RPS support
SG550XG-48T 48-port 10GBase-T Stackable
Switch (2 combo) with RPS support
SG550XG-24F 24-port SFP+ Ten Gigabit
Stackable Switch (2 combo) with RPS support
The following are the models in the 350 family.
Model Name Description of Ports on Device
SG350XG-24F 24-port SFP+ Ten Gigabit Stackable Switch
(2 combo)
SG350XG-24T 24-port 10GBase-T Stackable Switch (2
combo)
SG350XG-48T 48-port 10GBase-T Stackable Switch (2
combo)
SG350XG-2F10 12-port 10GBase-T Stackable Switch (2
SFP ports)
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 59
Page 64
Administration

System Settings

System Settings
To enter system settings:
STEP 1 Click Administration > System Settings.
STEP 2 View or modify the system settings.
5
System Description—Displays a description of the device.
System Location—Enter the physical location of the device.
System Contact—Enter the name of a contact person.
Host Name—Select the host name of this device. This is used in the prompt
of CLI commands:
- Use Default—The default hostname (System Name) of these switches is:
switch123456, where 123456 represents the last three bytes of the device MAC address in hex format.
- User Defined—Enter the hostname. Use only letters, digits, and hyphens.
Host names cannot begin or end with a hyphen. No other symbols, punctuation characters, or blank spaces are permitted (as specified in RFC1033, 1034, 1035).
Custom Banner Settings—The following banners can be set:
- Login Banner—Enter text to display on the Login page before login. Click
Preview to view the results.
- Welcome Banner—Enter text to display on the Login page after login.
Click Preview to view the results.
NOTE When you define a login banner from the web-based configuration
utility, it also activates the banner for the CLI interfaces (Console, Telnet, and SSH).
STEP 3 Click Apply to save the values in the Running Configuration file.

Console Settings (Autobaud Rate Support)

The console port speed can be set to one of the following speeds: 4800, 9600, 19200, 38400, 57600, and 115200 or to Auto Detection.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 60
Page 65
Administration

Stack Management

5
If Auto Detection is selected, the device detects console speed automatically.
When Auto Detection is not enabled, the console port speed is automatically set to the last speed that was set manually at (115,200 by default).
When Auto Detection is enabled but the console baud-rate has not yet been discovered, the system uses speed 115,200 for displaying text (for example, the boot-up information).
After Auto Detection is enabled in the Console Settings page, it can be activated by connecting the console to the device and pressing the Enter key twice. The device detects the baud rate automatically.
To enable Auto Detection or to manually set the baud rate of the console:
STEP 1 Click Administration > Console Settings.
STEP 2 Select one of the following options in the Console Port Baud Rate field:
Auto Detection—The console baud rate is detected automatically.
Static—Select one of the available speeds.
Stack Management
See Administration: Stack Management.

User Accounts

The User Accounts page enables entering additional users that are permitted to access to the device (read-only or read-write) or changing the passwords of existing users.
After adding a level 15 user (as described below), the default user is removed from the system.
NOTE It is not permitted to delete all users. If all users are selected, the Delete button is
disabled.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 61
Page 66
Administration
User Accounts
5
To add a new user:
STEP 1 Click Administration > User Accounts.
This page displays the users defined in the system and their user privilege level.
STEP 2 Select Password Recovery Service to enable this feature. When this is enabled, an
end user, with physical access to the console port of the device, can enter the boot menu and trigger the password recovery process. When the boot system process ends, you are allowed to login to the device without password authentication. Entering the device is allowed only via the console and only when the console is connected to the device with physical access.
When password recovery mechanism is disabled, accessing the boot menu is still allowed and you can trigger the password recovery process. The difference is that in this case, all configuration and user files are removed during the system boot process, and a suitable log message is generated to the terminal.
STEP 3 Click Add to add a new user or click Edit to modify a user.
STEP 4 Enter the parameters.
User Name—Enter a new username between 0 and 20 characters. UTF-8
characters are not permitted.
Password—Enter a password (UTF-8 characters are not permitted). If the
password strength and complexity is defined, the user password must comply with the policy configured in Password Strength.
Confirm Password—Enter the password again.
Password Strength Meter—Displays the strength of password. The policy
for password strength and complexity are configured in the Password
Strength page.
User Level—Select the privilege level of the user being added/edited.
- Read-Only CLI Access (1)—User cannot access the GUI, and can only
access CLI commands that do not change the device configuration.
- Read/Limited Write CLI Access (7)—User cannot access the GUI, and
can only access some CLI commands that change the device configuration. See the CLI Reference Guide for more information.
- Read/Write Management Access (15)—User can access the GUI, and
can configure the device.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 62
Page 67
Administration

Idle Session Timeout

STEP 5 Click Apply. The user is added to the Running Configuration file of the device.
Idle Session Timeout
The Idle Session Timeout configures the time intervals that the management sessions can remain idle before they timeout and you must log in again to reestablish one of the following sessions:
HTTP Session Timeout
HTTPS Session Timeout
Console Session Timeout
5
STEP 1 Click Administration > Idle Session Timeout.
STEP 2 Select the timeout for the each session from the corresponding list. The default
STEP 3 Click Apply to set the configuration settings on the device.

Time Settings

Telnet Session Timeout
SSH Session Timeout
To set the idle session timeout for various types of sessions:
timeout value is 10 minutes.
See Administration: Time Settings.

System Log

This section describes the system logging, which enables the device to generate multiple independent logs. Each log is a set of messages describing system events.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 63
Page 68
Administration
System Log
5
The device generates the following local logs:
Log sent to the console interface.
Log written into a cyclical list of logged events in the RAM and erased when
the device reboots.
Log written to a cyclical log-file saved to the Flash memory and persists
across reboots.
In addition, you can send messages to remote SYSLOG servers in the form of SNMP traps and SYSLOG messages.
This section covers the following sections:
Log Settings
Remote Logging Settings

Log Settings

You can select the events to be logged by severity level. Each log message has a severity level marked with the first letter of the severity level concatenated with a dash (-) on each side (except for Emergency that is indicated by the letter F). For example, the log message "%INIT-I-InitCompleted: … " has a severity level of I, meaning Informational.
The event severity levels are listed from the highest severity to the lowest severity, as follows:
Emergency—System is not usable.
Alert—Action is needed.
Critical—System is in a critical condition.
Error—System is in error condition.
Warning—System warning has occurred.
Notice—System is functioning properly, but a system notice has occurred.
Informational—Device information.
Debug—Detailed information about an event.
You can select different severity levels for RAM and Flash logs. These logs are displayed in the RAM Memory page and Flash Memory page, respectively.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 64
Page 69
Administration
System Log
5
Selecting a severity level to be stored in a log causes all of the higher severity events to be automatically stored in the log. Lower severity events are not stored in the log.
For example, if Warning is selected, all severity levels that are Warning and higher are stored in the log (Emergency, Alert, Critical, Error, and Warning). No events with severity level below Warning are stored (Notice, Informational, and Debug).
To set global log parameters:
STEP 1 Click Administration > System Log > Log Settings.
STEP 2 Enter the parameters.
Logging—Select to enable message logging.
Syslog Aggregator—Select to enable the aggregation of SYSLOG
messages and traps. If enabled, identical and contiguous SYSLOG messages and traps are aggregated over the specified Max. Aggregation Time and sent in a single message. The aggregated messages are sent in the order of their arrival. Each message states the number of times it was aggregated.
Max. Aggregation Time—Enter the interval of time that SYSLOG messages
are aggregated.
Originator Identifier—Enables adding an origin identifier to SYSLOG
messages. The options are:
- None—Do not include the origin identifier in SYSLOG messages.
- Hostname—Include the system host name in SYSLOG messages.
- IPv4 Address—Include the IPv4 address of the sending interface in
SYSLOG messages.
- IPv6 Address—Include the IPv6 address of the sending interface in
SYSLOG messages.
- User Defined—Enter a description to be included in SYSLOG messages.
RAM Memory Logging—Select the severity levels of the messages to be
logged to the RAM.
Flash Memory Logging—Select the severity levels of the messages to be
logged to the Flash memory.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 65
Page 70
Administration
System Log
5
STEP 3 Click Apply. The Running Configuration file is updated.

Remote Logging Settings

The Remote Log Servers page enables defining remote SYSLOG servers to which log messages are sent. For each server, you can configure the severity of the messages that it receives.
To d ef in e S YS LO G s er v e r s :
STEP 1 Click Administration > System Log > Remote Log Servers.
STEP 2 Enter the following fields:
IPv4 Source Interface—Select the source interface whose IPv4 address
will be used as the source IPv4 address of SYSLOG messages sent to SYSLOG servers.
IPv6 Source Interface—Select the source interface whose IPv6 address
will be used as the source IPv6 address of SYSLOG messages sent to SYSLOG servers.
NOTE If the Auto option is selected, the system takes the source IP address
from the IP address defined on the outgoing interface.
Information is described for each previously-configured log server. The fields are described below in the Add page.
STEP 3 Click Add.
STEP 4 Enter the parameters.
Server Definition—Select whether to identify the remote log server by IP
address or name.
IP Version—Select the supported IP format.
IPv6 Address Type—Select the IPv6 address type (if IPv6 is used). The
options are:
- Link Local—The IPv6 address uniquely identifies hosts on a single
network link. A link local address has a prefix of FE80::/10, is not routable, and can be used for communication only on the local network. Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 66
Page 71
Administration

File Management

5
- Global—The IPv6 address is a global Unicast IPV6 type that is visible and
reachable from other networks.
Link Local Interface—Select the link local interface (if IPv6 Address Type
Link Local is selected) from the list.
Log Server IP Address/Name—Enter the IP address or domain name of the
log server.
UDP Port—Enter the UDP port to which the log messages are sent.
Facility—Select a facility value from which system logs are sent to the
remote server. Only one facility value can be assigned to a server. If a second facility code is assigned, the first facility value is overridden.
Description—Enter a server description.
Minimum Severity—Select the minimum level of system log messages to
be sent to the server.
STEP 5 Click Apply. The Add Remote Log Server page
added, and the Running Configuration file is updated.
File Management
See Administration: File Management.

Reboot

Some configuration changes, such as enabling jumbo frame support, require the system to be rebooted before they take effect. However, rebooting the device deletes the Running Configuration, so it is critical that the Running Configuration is saved to the Startup Configuration before the device is rebooted. Clicking Apply does not save the configuration to the Startup Configuration. For more information on files and file types, see the System Files section.
closes, the SYSLOG server is
You can back up the device configuration by using the File Operations page or clicking Save at the top of the window. You can also upload the configuration from a remote device in the same page.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 67
Page 72
Administration
Reboot
5
You might want to set the time of the reboot for some time in the future. This could happen, for example, in one of the following cases:
You are performing actions on a remote device, and a mistake in these
actions might create loss of connectivity to the remote device. Pre­scheduling a reboot restores the working configuration and enables restoring the connectivity to the remote device after the specified time expires. If these actions are successful, the delayed reboot can be manually cancelled.
Reloading the device cause loss of connectivity in the network, thus by
using delayed reboot, you can schedule the reboot to a time that is more convenient for the users (e.g. late night).
To reboot the device:
STEP 1 Click Administration > Reboot.
STEP 2 Click the Reboot button to reboot the device.
Reboot—Reboots the device. Since any unsaved information in the Running
Configuration is discarded when the device is rebooted, you must click Save in the upper-right corner of any window to preserve current configuration across the boot process. If the Save option is not displayed, the Running Configuration matches the Startup Configuration and no action is necessary.
The following options are available:
- Immediate—Reboot immediately.
- Date—Enter the date (month/day) and time (hour and minutes) of the
schedule reboot. This schedules a reload of the software to take place at the specified time (using a 24-hour clock). If you specify the month and day, the reload is scheduled to take place at the specified time and date. If you do not specify the month and day, the reload takes place at the specified time on the current day (if the specified time is later than the current time) or on the next day (if the specified time is earlier than the current time). Specifying 00:00 schedules the reload for midnight. The reload must take place within 24 days.
NOTE This option can only be used if the system time has either been set
manually or by SNTP.
- In—Reboot within the specified number of hours and minutes. The
maximum amount of time that can pass is 24 days.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 68
Page 73
Administration

Routing Resources

Restore to Factory Defaults—Reboots the device by using the factory
Clear Startup Configuration File—Check to clear the startup configuration
Routing Resources
5
default configuration. This process erases all the files that are stored on the device except the image files and the language file (e.g. the Startup Configuration file and the backup configuration file).
The stack unit ID is set to auto.
The mirror configuration file is not deleted when restoring to factory defaults.
on the device for the next time it boots up.
TCAM entries are divided into the following groups:
IP Entries—Router TCAM entries reserved for IP static routes, IP interfaces,
and IP hosts.
Non-IP Entries—TCAM entries reserved for other applications, such as
ACL rules, CoS policers, and VLAN rate limits.
The following table describes the number of TCAM entries used by the various features:
Logical Entity IPv4 IPv6 (PCL
TCAM)
IP Neighbor 1 entry 1 entry 4 Entries
IP Address on an interface 2 entries 2 entries 8 entries
IP Remote Route 1 entry 1 entry 4 Entries
On-Link-Prefix 1 Entry 4 Entries
The Routing Resources page enables you to adjust the Router TCAM allocation.
IPv6 (Router TCAM)
If you change the router TCAM allocation incorrectly, an error message is displayed. If your router TCAM allocation is feasible, a message is displayed that an automatic reboot will be performed with the new settings. Routing resources can be modified incorrectly, in one of the following ways:
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 69
Page 74
Administration
Routing Resources
5
The number of router TCAM entries you allocate is less than the number
currently in use.
The number of router TCAM entries that you allocate is greater than the
maximum available for that category (maximum values are displayed on the page).
To view and modify routing resources:
STEP 1 Click Administration > Routing Resources.
The following fields are displayed for IPv4 Routing Resources:
Neighbors (1 TCAM entry per neighbor)—Count is the number of
neighbors recorded on the device and Router TCAM Entries is the number of router TCAM entries being used for the neighbors.
Interfaces(2 TCAM entries per interface)Count is the number of IP
addresses on interfaces on the device and Router TCAM Entries is the number of router TCAM entries being used for the IP addresses.
Routes (1 TCAM entry per route)—Count is the number of routes recorded
on the device and Router TCAM Entries is the number of router TCAM entries being used for the routes.
To ta l —Displays the number of router TCAM entries which are currently
being used.
Maximum Entries—Select one of the following options:
- Use Default—Use default values.
- User Defined—Enter a value.
IPv4 Multicast Routing Resources
IPv4 Multicast Routes (2 TCAM entries per route)Count is the number
of Multicast routes recorded on the device and TCAM Entries is the number of TCAM entries being used for the Multicast routes.
Maximum Entries—Select one of the following options:
- Use Default—Use default values.
- User Defined—Enter a value.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 70
Page 75
Administration
Routing Resources
5
IPv6 Routing Resources
Neighbors (4 TCAM entries per neighbor)—Count is the number of
neighbors recorded on the device and TCAM Entries is the number of TCAM entries being used for neighbors.
Interfaces (8 TCAM entries per interface)Count is the number of
interfaces on the device and TCAM Entries is the number of TCAM entries being used for the interfaces.
On Link Prefixes (4 TCAM entries per prefix)—Count is the number of on
link prefixes recorded on the device and TCAM Entries is the number of TCAM entries being used for them.
Routes (4 TCAM entries per route)Count is the number of on link prefixes
recorded on the device and TCAM Entries is the number of TCAM entries being used for them.
To ta l —Total number of TCAM entries being used.
Maximum Entries—Select one of the following options:
- Use Default—Use default values.
- User Defined—Enter a value.
IPv6 Multicast Routing Resources
IPv6 Multicast Routes (8 TCAM entries per route)Count is the number
of Multicast routes recorded on the device and TCAM Entries is the number of TCAM entries being used for the Multicast routes.
Maximum Entries—Select one of the following options:
- Use Default—Use default values.
- User Defined—Enter a value.
TCAM Resources Table
The following fields are displayed for each unit:
Maximum TCAM Entries for Routing and Multicast Routing—Number of
TCAM entries available for routing and Multicast routing.
IPv4 Routing
- In Use—Number of TCAM entries utilized for IPv4 routing.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 71
Page 76
Administration

Discovery - Bonjour

5
- Maximum—Maximum number of TCAM entries available for IPv4
Routing.
IPv4 Multicast Routing
- In Use—Number of TCAM entries utilized for IPv4 Multicast routing.
- Maximum—Maximum number of TCAM entries available for IPv4
Multicast routing.
IPv6 Routing
- In Use—Number of TCAM entries utilized for IPv6 routing.
- Maximum—Maximum number of TCAM entries available for IPv6
Routing.
IPv6 Multicast Routing
- In Use—Number of TCAM entries utilized for IPv6 Multicast routing.
- Maximum—Maximum number of TCAM entries available for IPv6
Multicast routing.
Maximum TCAM Entries for Non-IP Rules—Number of TCAM entries
available for non-IP rules.
Non-IP Rules
- In Use—Number of TCAM entries utilized for non-IP rules.
- Maximum—Maximum number of TCAM entries available for non-IP
rules.
STEP 2 Save the new settings by clicking Apply. This checks the feasibility of the routing
resources settings. If it is incorrect, an error message is displayed. If it is correct, the settings are copied to the Running Configuration file.
NOTE A summary of the TCAM entries actually in use and available is displayed at the
bottom of this page. For an explanation of the fields, see TCAM Utilization.
Discovery - Bonjour
See Bonjour.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 72
Page 77
Administration

Discovery - LLDP

Discovery - LLDP
See Configuring LLDP.

Discovery - CDP

See Configuring CDP.

Ping

The Ping utility tests if a remote host can be reached and measures the round-trip time for packets sent from the device to a destination device.
5
Ping operates by sending Internet Control Message Protocol (ICMP) echo request packets to the target host and waiting for an ICMP response, sometimes called a pong. It measures the round-trip time and records any packet loss.
To ping a host:
STEP 1 Click Administration > Ping.
STEP 2 Configure ping by entering the fields:
Host Definition—Select whether to specify the source interface by its IP
address or name. This field influences the interfaces that are displayed in the Source IP field, as described below.
IP Version—If the source interface is identified by its IP address, select
either IPv4 or IPv6 to indicate that it will be entered in the selected format.
Source IP—Select the source interface whose IPv4 address will be used as
the source IPv4 address for communication with the destination. If the Host Definition field was By Name, all IPv4 and IPv6 addresses will be displayed in this drop-down field. If the Host Definition field was By IP Address, only the existing IP addresses of the type specified in the IP Version field will be displayed.
NOTE If the Auto option is selected, the system computes the source
address based on the destination address.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 73
Page 78
Administration
Ping
5
Destination IPv6 Address Type—Select one of the following options:.
- Link Local—The IPv6 address uniquely identifies hosts on a single
network link. A link local address has a prefix of FE80, is not routable, and can be used for communication only on the local network. Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration.
- Global—The IPv6 address is a global Unicast IPV6 type that is visible and
reachable from other networks.
Link Local Interface—If the IPv6 address type is Link Local, select from
where it is received.
Destination IP Address/Name—Address or host name of the device to be
pinged. Whether this is an IP address or host name depends on the Host Definition.
Ping Interval—Length of time the system waits between ping packets. Ping
is repeated the number of times configured in the Number of Pings field, whether the ping succeeds or not. Select to use the default interval or specify your own value.
Number of Pings—The number of times the ping operation is performed.
Select to use the default or specify your own value.
Status—Displays whether the ping succeeded or failed.
STEP 3 Click Activate Ping to ping the host. The ping status appears and a message is
added to the list of messages, indicating the result of the ping operation.
STEP 4 View the results of ping in the Ping Counters and Status section of the page.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 74
Page 79
Administration

Traceroute

Traceroute
STEP 1 Click Administration > Traceroute.
STEP 2 Configure Traceroute by entering information into the following fields:
5
Traceroute discovers the IP routes along which packets were forwarded by sending an IP packet to the target host and back to the device. The Traceroute page shows each hop between the device and a target host, and the round-trip time to each such hop.
Host Definition—Select whether hosts are identified by their IP address or
name.
IP Version—If the host is identified by its IP address, select either IPv4 or
IPv6 to indicate that it will be entered in the selected format.
Source IP—Select the source interface whose IPv4 address will be used as
the source IPv4 address for communication messages. If the Host Definition field was By Name, all IPv4 and IPv6 addresses will be displayed in this drop-down field. If the Host Definition field was By IP Address, only the existing IP addresses of the type specified in the IP Version field will be displayed.
Host IP Address/Name—Enter the host address or name.
TTL—Enter the maximum number of hops that Traceroute permits. This is
used to prevent a case where the sent frame gets into an endless loop. The Traceroute command terminates when the destination is reached or when this value is reached. To use the default value (30), select Use Default.
Timeout—Enter the length of time that the system waits for a frame to return
before declaring it lost, or select Use Default.
STEP 3 Click Activate Traceroute. The operation is performed.
A page appears showing the Round Trip Time (RTT) and status for each trip in the fields:
Index—Displays the number of the hop.
Host—Displays a stop along the route to the destination.
Round Trip Time (1-3)—Displays the round trip Time in (ms) for the first
through third frame and the Status of the first through third operation.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 75
Page 80

Administration: File Management

This section describes how system files are managed.
The following topics are covered:
System Files
Firmware Operations
File Operations
6

System Files

File Directory
DHCP Auto Configuration/Image Update
System files are files that contain information, such as: configuration information or firmware images.
Generally, every file under the flash://system/ folder is a system file.
Various actions can be performed with these files, such as: selecting the firmware file from which the device boots, copying various types of configuration files internally on the device, or copying files to or from an external device, such as an external server.
Configuration files on the device are defined by their type, and contain the settings and parameter values for the device.
Other files on the device include firmware and log files, and are referred to as operational files.
The configuration files are text files and can be edited in a text editor, such as Notepad after they are copied to an external device, such as a PC.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 75
Page 81
Administration: File Management
System Files
Files and File Types
The following are some of the types of files are found on the device:
Running Configuration—Contains the parameters currently being used by
the device to operate. This file is modified when you change parameter values on the device.
If the device is rebooted, the Running Configuration is lost.
To preserve any changes you made to the device, you must save the Running Configuration to the Startup Configuration, or another file type.
Startup Configuration—The parameter values that were saved by copying
another configuration (usually the Running Configuration) to the Startup Configuration.
The Startup Configuration is retained in Flash and is preserved when the device is rebooted. At this time, the Startup Configuration is copied to RAM and identified as the Running Configuration.
6
Mirror Configuration—A copy of the Startup Configuration, created by the
device when the following conditions exist:
- The device has been operating continuously for 24 hours.
- No configuration changes have been made to the Running Configuration
in the previous 24 hours.
- The Startup Configuration is identical to the Running Configuration.
Only the system can copy the Startup Configuration to the Mirror Configuration. However, you can copy from the Mirror Configuration to other file types or to another device.
The option of automatically copying the Running Configuration to the mirror configuration can be disabled in the File Directory page.
Backup Files—Manual copies of a files used for protection against system
shutdown or for the maintenance of a specific operating state. For instance, you can copy the Mirror Configuration, Startup Configuration, or Running Configuration to a Backup file. The Backup exists in Flash or on a PC or USB drive and is preserved if the device is rebooted.
Firmware—The program that controls the operations and functionality of
the device. More commonly referred to as the image.
Language File—The dictionary that enables the web-based configuration
utility windows to be displayed in the selected language.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 76
Page 82
Administration: File Management

Firmware Operations

Logging File—SYSLOG messages stored in Flash memory.
Firmware Operations
The Firmware Operations page can be used to:
Update or backup the firmware image
Swap the active image
The following methods for transferring files are supported:
HTTP/HTTPS that uses the facilities provided by the browser
USB
6
TFTP that requires a TFTP server
Secure Copy Protocol (SCP) that requires an SCP server
The software images of the units in a stack must be identical to ensure proper stack operations. Stack units can be upgraded in any one of the following ways.
You can manually upgrade the firmware of a device prior adding the device
to a stack (recommended).
The stack master will automatically upgrade the firmware of a newly added
unit if the unit does not have identical firmware as the master.
There are two firmware images stored on the device. One of the images is identified as the active image and other image is identified as the inactive image.
When updating the device's firmware, the new firmware is always overwriting the inactive image. After uploading new firmware on the device, the next boot uses the new version. The old version becomes the inactive version after reboot.
To update or backup firmware using HTTP/HTTPS or USB:
STEP 1 Click Administration > File Management > Firmware Operations.
The following fields are displayed:
Active Firmware File—Displays the current, active firmware file.
Active Firmware Version—Displays the version of the current, active
firmware file.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 77
Page 83
Administration: File Management
Firmware Operations
STEP 2 Enter the following fields:
Operation Type—Select Update Firmware or Backup Firmware.
Copy Method—Select HTTP/HTTPS or USB.
File Name—Enter the name of the file to be updated (not relevant for Backup
by HTTP/HTTPS).
STEP 3 Click Apply.
STEP 4 Click Reboot.
To update or backup firmware using TFTP:
STEP 1 Click Administration > File Management > Firmware Operations.
6
The following fields are displayed:
Active Firmware File—Displays the current, active firmware file.
Active Firmware Version—Displays the version of the current, active
firmware file.
STEP 2 Enter the following fields:
Operation Type—Select Update Firmware or Backup Firmware.
Copy Method—Select TFTP.
Server Definition—Select whether to specify the TFTP server By IP
address or By name.
If Server Definition is By Address:
IP Version—(If Ser ver Definition is By Addres s) Select whether an IPv4 or an
IPv6 address for the server is used.
IPv6 Address Type—Select the IPv6 address type (if IPv6 is used). The
options are:
- Link Local—The IPv6 address uniquely identifies hosts on a single
network link. A link local address has a prefix of FE80, is not routable, and can be used for communication only on the local network. Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 78
Page 84
Administration: File Management
Firmware Operations
- Global—The IPv6 address is a global Unicast IPV6 type that is visible and
- Link Local Interface—Select the link local interface (if IPv6 is used) from
Server IP Address/Name—Enter the IP address or the name of the TFTP
server, whichever is relevant.
(Update) Source File Name—Enter the name of the source file.
(Backup) Destination File Name—Enter the name of the backup file.
STEP 3 Click Apply to begin the operation.
To update/backup firmware using SCP:
6
reachable from other networks.
the list.
STEP 1 Click Administration > File Management > Firmware Operations.
The following fields are displayed:
Active Firmware File—Displays the current, active firmware file.
Active Firmware Version—Displays the version of the current, active
firmware file.
STEP 2 Enter the following fields:
Operation Type—Select Update File or Backup File.
Copy Method—Select SCP.
STEP 3 To enable SSH server authentication (which is disabled by default), click Edit by
Remote SSH Server Authentication. This takes you to the SSH Server
Authentication page to configure the SSH server
STEP 4 Return to this page.
STEP 5 Select one of the following methods to perform SSH Client Authentication:
Use SSH Client System Credentials—Sets permanent SSH user
credentials. Click System Credentials to go to the SSH User Authentication page where the user/password can be set once for all future use.
Use SSH Client One-Time Credentials—Enter the following:
- Username—Enter a username for this copy action.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 79
Page 85
Administration: File Management
Firmware Operations
- Password—Enter a password for this copy.
NOTE The username and password for one-time credential will not saved in
configuration file.
STEP 6 Enter the following fields:
Server Definition—Select whether to specify the SCP server by IP address
or by domain name.
If Server Definition is By Address:
- IP Version—Select whether an IPv4 or an IPv6 address is used.
- IPv6 Address Type—Select the IPv6 address type (if used). The options
6
are:
Link Local—The IPv6 address uniquely identifies hosts on a single network link. A link local address has a prefix of FE80, is not routable, and can be used for communication only on the local network. Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration.
Global—The IPv6 address is a global Unicast IPv6 type that is visible and reachable from other networks.
- Link Local Interface—Select the link local interface from the list.
Server IP Address/Name—Enter the IP address or domain name of the
SCP server, whichever is relevant.
(Update) Source File Name—Enter the name of the source file.
(Backup) Destination File Name—Enter the name of the backup file.
STEP 7 Click Apply. If the files, passwords and server addresses are correct, one of the
following may happen:
If SSH server authentication is enabled (in the SSH Server Authentication
page), and the SCP server is trusted, the operation succeeds. If the SCP server is not trusted, the operation fails and an error is displayed.
If SSH server authentication is not enabled, the operation succeeds for any
SCP server.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 80
Page 86
Administration: File Management

File Operations

To swap an image file:
STEP 1 Click Administration > File Management > Firmware Operations.
The following fields are displayed:
Active Firmware File—Displays the current, active firmware file.
Active Firmware Version—Displays the version of the current, active
firmware file.
STEP 2 Enter the following fields are displayed:
Operation Type—Select Swap Image.
Active Image After Reboot—Select the firmware file that you want to be
active after reboot.
6
STEP 3 Click Apply, and after a success message is displayed, click Reboot if you want to
immediately reload with the new firmware.
File Operations
The File Operations page enables:
NOTE If the device is in a stack, the configuration files are taken from the master unit.
When restoring a configuration file to the Running Configuration, the imported file adds any configuration commands that did not exist in the old file and overwrites any parameter values in the existing configuration commands.
Active Image Version Number After Reboot—Displays the version of the
firmware file after reboot.
Backing up configuration files or logs from the device to an external device.
Restoring configuration files from an external device to the device.
Duplicating a configuration file.
When restoring a configuration file to the Startup Configuration, the new file replaces the previous file.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 81
Page 87
Administration: File Management
!
File Operations
When restoring to Startup Configuration, the device must be rebooted for the restored Startup Configuration to be used as the Running Configuration. You can reboot the device by using the process described in the Reboot section.
When you click Apply on any window, changes that you made to the device configuration settings are stored only in the Running Configuration.
CAUTION Unless the Running Configuration is copied to the Startup Configuration or another
configuration file, all changes made since the last time the file was copied are lost when the device is rebooted.
The following combinations of copying internal file types are allowed:
From the Running Configuration to the Startup Configuration or other
backup file.
6
From the Startup Configuration to the Running Configuration or other
backup file.
From a backup file to the Running Configuration or Startup Configuration.
From the Mirror Configuration to the Running Configuration, Startup
Configuration or a backup file.
The following sections describe these operations.
To update a system configuration file using HTTP/HTTPS, USB or Internal Flash:
STEP 1 Click Administration > File Management > File Operations.
STEP 2 Enter the following fields:
Operation Type—Select Update.
Destination File Type—Select one of the configuration file types to update.
Copy Method—Select HTTP/HTTPS, USB or Internal Flash.
File Name—Enter name of file to be updated from (source file).
STEP 3 Click Apply to begin the operation.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 82
Page 88
Administration: File Management
File Operations
To update a system configuration file using TFTP:
STEP 1 Click Administration > File Management > File Operations.
STEP 2 Enter the following fields:
Operation Type—Select Update.
Destination File Type—Select one of the configuration file types to update.
Copy Method—Select TFTP.
Server Definition—Select whether to specify the TFTP server by IP
address or by domain name.
If Server Definition is By Address:
- IP Version—Select whether an IPv4 or an IPv6 address is used.
6
- If the server is selected by name in the Server Definition, there is no need
to select the IP Version related options.
- IPv6 Address Type—Select the IPv6 address type (if used). The options
are:
Link Local—The IPv6 address uniquely identifies hosts on a single network link. A link local address has a prefix of FE80, is not routable, and can be used for communication only on the local network. Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration.
Global—The IPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks.
- Link Local Interface—Select the link local interface from the list.
Server IP Address/Name—Enter the IP address or name of the TFTP
server.
Source File Name—Enter the update file name.
STEP 3 Click Apply to begin the operation.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 83
Page 89
Administration: File Management
File Operations
To update a system configuration file using SCP:
STEP 1 Click Administration > File Management > File Operations.
STEP 2 Enter the following fields:
Operation Type—Select Update.
Destination File Type—Select one of the configuration file types to update.
Copy Method—Select SCP.
STEP 3 To enable SSH server authentication (which is disabled by default), click Edit by
Remote SSH Server Authentication. This takes you to the SSH Server
Authentication page to configure the SSH server
STEP 4 Return to this page.
6
STEP 5 Select one of the following methods to perform SSH Client Authentication:
Use SSH Client System Credentials—Sets permanent SSH user
credentials. Click System Credentials to go to the SSH User Authentication page where the user/password can be set once for all future use.
Use SSH Client One-Time Credentials—Enter the following:
- Username—Enter a username for this copy action.
- Password—Enter a password for this copy.
NOTE The username and password for one-time credential will not saved in
configuration file.
Server Definition—Select whether to specify the SCP server by IP address
or by domain name.
If Server Definition is By Address:
- IP Version—Select whether an IPv4 or an IPv6 address is used.
- IPv6 Address Type—Select the IPv6 address type (if used). The options
are:
Link Local—The IPv6 address uniquely identifies hosts on a single network link. A link local address has a prefix of FE80, is not routable, and can be used for communication only on the local network. Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 84
Page 90
Administration: File Management
File Operations
- Link Local Interface—Select the link local interface from the list.
Server IP Address/Name—Enter the IP address or name of the SCP server.
Source File Name—Enter the name of the source file.
STEP 6 Click Apply to begin the operation.
To backup a system configuration file using HTTP/HTTPS:
STEP 1 Click Administration > File Management > File Operations.
STEP 2 Enter the following fields:
6
Global—The IPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks.
Operation Type—Select Backup.
Source File Type—Select one of the configuration file types to backup.
Copy Method—Select HTTP/HTTPS.
Sensitive Data Handling—Select how sensitive data should be included in
the backup file. The following options are available:
- Exclude—Do not include sensitive data in the backup.
- Encrypt—Include sensitive data in the backup in its encrypted form.
- Plaintext—Include sensitive data in the backup in its plaintext form.
NOTE The available sensitive data options are determined by the current
user SSD rules. For details, refer to the SSD Rules page.
STEP 3 Click Apply to begin the operation.
To backup a system configuration file using USB or Internal Flash:
STEP 1 Click Administration > File Management > File Operations.
STEP 2 Enter the following fields:
Operation Type—Select Backup.
Source File Type—Select one of the configuration file types to backup.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 85
Page 91
Administration: File Management
File Operations
Copy Method—Select USB or Internal Flash.
File Name—Enter name of destination backup file.
Sensitive Data Handling—Select how sensitive data should be included in
the backup file. The following options are available:
- Exclude—Do not include sensitive data in the backup.
- Encrypt—Include sensitive data in the backup in its encrypted form.
- Plaintext—Include sensitive data in the backup in its plaintext form.
NOTE The available sensitive data options are determined by the current
user SSD rules. For details, refer to the SSD Rules page.
STEP 3 Click Apply to begin the operation.
6
To backup a system configuration file using TFTP:
STEP 1 Click Administration > File Management > File Operations.
STEP 2 Enter the following fields:
Operation Type—Select Backup.
Source File Type—Select the type of file to be backed up.
Copy Method—Select TFTP.
Server Definition—Select whether to specify the TFTP server by IP
address or by domain name.
If Server Definition is By Address:
- IP Version—Select whether an IPv4 or an IPv6 address is used.
- If the server is selected by name in the Server Definition, there is no need
to select the IP Version related options.
- IPv6 Address Type—Select the IPv6 address type (if used). The options
are:
Link Local—The IPv6 address uniquely identifies hosts on a single network link. A link local address has a prefix of FE80, is not routable, and can be used for communication only on the local network. Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 86
Page 92
Administration: File Management
File Operations
- Link Local Interface—Select the link local interface from the list.
Server IP Address/Name—Enter the IP address or name of the TFTP
server.
Destination File Name—Enter the backup file name.
Sensitive Data Handling—Select how sensitive data should be included in
the backup file. The following options are available:
- Exclude—Do not include sensitive data in the backup.
- Encrypt—Include sensitive data in the backup in its encrypted form.
- Plaintext—Include sensitive data in the backup in its plaintext form.
6
Global—The IPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks.
NOTE The available sensitive data options are determined by the current
user SSD rules. For details, refer to Secure Sensitive Data Management > SSD Rules page.
STEP 3 Click Apply to begin the operation.
To backup a system configuration file using SCP:
STEP 1 Click Administration > File Management > File Operations.
STEP 2 Enter the following fields:
Operation Type—Select Backup.
Source File Type—Select the type of file to be backed up.
Copy Method—Select SCP.
STEP 3 See SSH User Authentication for instructions. Then enter the following fields:
Remote SSH Server Authentication—To enable SSH server authentication
(it is disabled by default), click Edit, which takes you to the SSH Server
Authentication page to configure this, and return to this page. Use the SSH Server Authentication page to select an SSH user authentication method
(password or public/private key), set a username and password on the device, if the password method is selected, and generate an RSA or DSA key if required.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 87
Page 93
Administration: File Management
File Operations
SSH Client Authentication—Client authentication can be done in one of the following ways:
Use SSH Client System Credentials—Sets permanent SSH user
credentials. Click System Credentials to go to the SSH User Authentication page where the user/password can be set once for all future use.
Use SSH Client One-Time Credentials—Enter the following:
- Username—Enter a username for this copy action.
- Password—Enter a password for this copy.
Server Definition—Select whether to specify the SCP server by IP address
or by domain name.
IP Version—Select whether an IPv4 or an IPv6 address is used.
IPv6 Address Type—Select the IPv6 address type (if used). The options
are:
6
- Link Local—The IPv6 address uniquely identifies hosts on a single
network link. A link local address has a prefix of FE80, is not routable, and can be used for communication only on the local network. Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration.
- Global—The IPv6 address is a global Unicast IPV6 type that is visible and
reachable from other networks.
Link Local Interface—Select the link local interface from the list.
Server IP Address/Name—Enter the IP address or name of the SCP server.
Destination File Name—Enter the name of the backup file.
Sensitive Data Handling—Select how sensitive data should be included in
the backup file. The following options are available:
- Exclude—Do not include sensitive data in the backup.
- Encrypt—Include sensitive data in the backup in its encrypted form.
- Plaintext—Include sensitive data in the backup in its plaintext form.
NOTE The available sensitive data options are determined by the current
user SSD rules. For details, refer to Secure Sensitive Data Management > SSD Rules page.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 88
Page 94
Administration: File Management

File Directory

STEP 4 Click Apply to begin the operation.
To copy a system configuration file to another type of configuration file:
STEP 1 Click Administration > File Management > File Operations.
STEP 2 Enter the following fields:
Operation Type—Select Duplicate.
Source File Type—Select one of the configuration file types to copy.
Destination File Name—Enter name of the destination configuration file.
STEP 3 Click Apply to begin the operation.
6
File Directory
NOTE If there is more than one unit in the stack, the displayed files are taken from the
STEP 1 Click Administration > File Management > File Directory.
STEP 2 If required, enable Auto Mirror Configuration. This enables the automatic creation
STEP 3 Select the drive from which you want to display the files and directories. The
STEP 4 Click Go to display the following fields:
The File Directory page displays the system files existing in the system.
master unit.
of mirror configuration files. When disabling this feature, the mirror configuration file, if it exists, is deleted. See System Files for a description of mirror files and why you might not want to automatically create mirror configuration files.
following options are available:
Flash—Display all files in the root directory of the management station.
USG—Display files on the USB drive.
File Name—Type of system file or actual name of file depending on the file
type.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 89
Page 95
Administration: File Management

DHCP Auto Configuration/Image Update

Permissions—Read/write permissions of the user for the file.
Size—Size of file.
Last Modified—Date and time that file was modified.
Full Path—Path of file.
DHCP Auto Configuration/Image Update
The Auto Configuration/Image Update feature provides a convenient method to automatically configure switches in a network and upgrade their firmware. This process enables the administrator to remotely ensure that the configuration and firmware of these devices in the network are up-to-date.
6
This feature is comprised of the following parts:
Auto Image Update—Automatic downloading a firmware image from a
remote TFTP/SCP server. At the end of the Auto Configuration/Image Update process, the device reboots itself to the firmware image.
Auto Configuration—Automatic downloading a configuration file from a
remote TFTP/SCP server. At the end of the Auto Configuration/Image process, the device reboots itself to the configuration file.
NOTE If both Auto Image Update and Auto Configuration are requested, Auto Image
Update is performed first, then after reboot, Auto Configuration is performed and then a final reboot is performed.
To use this feature, configure a DHCP server in the network with the locations and names of the configuration file and firmware image of your devices. The devices in the network are configured as DHCP clients by default. When the devices are assigned their IP addresses by the DHCP server, they also receive information about the configuration file and firmware image. If the configuration file and/or firmware image are different from the ones currently used on the device, the device reboots itself after downloading the file and/or image. This section describes these processes.
In addition to the ability to keep the devices in the network updated with the latest configuration files and firmware image, Auto-Update/Configuration enables quick installation of new devices on the network, since an out-of-the-box device is configured to retrieve its configuration file and software image from the network
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 90
Page 96
Administration: File Management
DHCP Auto Configuration/Image Update
without any manual intervention by the system administrator. The first time that it applies for its IP address from the DHCP server, the device downloads and reboots itself with the configuration file and/or image specified by the DHCP server.
The Auto Configuration process supports downloading a configuration file that includes sensitive information, such as RADIUS server keys and SSH/SSL keys, by using the Secured Copy Protocol (SCP) and the Secure Sensitive Data (SSD) feature (See SSH Client Authentication and Security: Secure Sensitive Data
Management).

Download Protocols (TFTP or SCP)

Configuration files and firmware images can be downloaded from either a TFTP or an SCP server.
6
The user configures the protocol to be used, as follows:
Auto By File Extension—(Default) If this option is selected, a user-defined
file extension indicates that files with this extension are downloaded using SCP (over SSH), while files with other extensions are downloaded using TFTP. For example, if the file extension specified is.xyz, files with the .xyz extension are downloaded using SCP, and files with the other extensions are downloaded using TFTP. The default extension is .scp.
TFTP Only—The download is done through TFTP, regardless of the file
extension of the configuration file name.
SCP Only—The download is done through SCP (over SSH), regardless of
the file extension of the configuration file name.

SSH Client Authentication

SCP is SSH based. By default, remote SSH server authentication is disabled, so that the device accepts any remote SSH server out of the box. You can enable remote SSH server authentication so that only servers found in the trusted server list can be used.
SSH client authentication parameters are required to access the SSH server by the client (which is the device). The default SSH client authentication parameters are:
SSH authentication method: by username/password
SSH username: anonymous
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 91
Page 97
Administration: File Management
DHCP Auto Configuration/Image Update
SSH password: anonymous
NOTE The SSH client authentication parameters can also be used when downloading a
file manually (meaning, a download that is not performed through the DHCP Auto Configuration/Image Update feature).

Auto Configuration/Image Update Process

DHCP Auto Configuration uses the configuration server name/address and configuration file name/path from the DHCP messages received (f any). In addition, DHCP Image Update uses the indirect file name of the firmware, if any, in the messages. This information is specified as DHCP options in the Offer message coming from the DHCPv4 servers and in the Information Reply messages coming from DHCPv6 servers.
If this information is not found in the DHCP server messages, backup information that has been configured in the DHCP Auto Configuration/Image Update page is used.
6
When the Auto Configuration/Image Update process is triggered (see Auto
Configuration/Image Update Trigger), the sequence of events described below
occurs.
Auto Image Update Starts:
The switch uses the indirect file name from option 125 (DHCPv4) and option
60 (DHCPv6) if any, from the DHCP message received.
If the DHCP server did not send the indirect file name of the firmware image
file, the Backup Indirect Image File Name (from the DHCP Auto
Configuration/Image Update page) is used.
The switch downloads the Indirect Image File and extracts from it the name
of the image file on the TFTP/SCP server.
The switch compares the version of the TFTP server's image file with the
version of the switch active image.
If the two versions are different, the new version is loaded into the non-
active image, a reboot is performed and the non-active image becomes the active image.
When using the SCP protocol, a SYSLOG message is generated informing
that reboot is about to start.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 92
Page 98
Administration: File Management
DHCP Auto Configuration/Image Update
When using the SCP protocol, a SYSLOG message is generated
acknowledging that the Auto Update process is completed.
When using the TFTP protocol, SYSLOG messages are generated by the
copy process.
Auto Configuration Starts:
The device uses the TFTP/SCP server name/address and configuration file
name/path (DHCPv4 options: 66,150, and 67, DHCPv6 options: 59 and 60), if any, from the DHCP message received.
If the information is not sent by the DHCP server, the Backup Server IP
Address/Name and the Backup Configuration File Name (from the DHCP
Auto Configuration/Image Update) is used.
The new configuration file is used if its name is different than the name of
the configuration file previously used on the device or if the device has never been configured.
6
The device is rebooted with the new configuration file, at the end of the
Auto Configuration/Image Update Process.
SYSLOG messages are generated by the copy process.
Missing Options
If the DHCP server did not send the TFTP/SCP server address in a DHCP
option and the backup TFTP/SCP server address parameter has not been configured, then:
- SCP—The Auto Configuration process is halted.
- TFTP—The device sends TFTP Request messages to a limited
Broadcast address (for IPv4) or ALL NODES address (for IPv6) on its IP interfaces and continues the process of Auto Configuration/Image Update with the first answering TFTP server.
Download Protocol Selection
The copy protocol (SCP/TFTP) is selected, as described in Download Protocols (TFTP or SCP).
SCP
When downloading using SCP, the device accepts any specified SCP/SSH
server (without authentication) if either of the following is true:
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 93
Page 99
Administration: File Management
DHCP Auto Configuration/Image Update
- The SSH server authentication process is disabled. By default the SSH
- The SSH Server is configured in the SSH Trusted Servers list.
If the SSH server authentication process is enabled, and the SSH server is not found in the SSH Trusted Servers list, the Auto Configuration process is halted.
If the information is available, the SCP server is accessed to download the
configuration file or image from it.

Auto Configuration/Image Update Trigger

6
server authentication is disabled in order to allow downloading configuration file for devices with factory default configuration (for example out-of-box devices).
Auto Configuration/Image Update via DHCPv4 is triggered when the following conditions are fulfilled:
The IP address of the device is dynamically assigned/renewed at reboot, or
explicitly renewed by administrative action, or automatically renewed due to an expiring lease. Explicit renewal can be activated in the IPv4 Interface page.
If Auto Image Update is enabled, the Auto Image Update process is
triggered when an indirect image file name is received from a DHCP server or a backup indirect image file name has been configured. Indirect means that this is not the image itself, but rather a file that holds the path name to the image.
If Auto Configuration is enabled, the Auto Configuration process is triggered
when the configuration file name is received from a DHCP server or a backup configuration file name has been configured.
Auto Configuration/Image Update via DHCPv6 is triggered when the following conditions are fulfilled:
When a DHCPv6 server sends information to the device. This occurs in the
following cases:
- When an IPv6-enabled interface is defined as a DHCPv6 stateless
configuration client.
- When DHCPv6 messages are received from the server (for example,
when you press the Restart button on IPv6 Interfaces page,
- When DHCPv6 information is refreshed by the device.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 94
Page 100
Administration: File Management

DHCP Auto Configuration/Image Update

- After rebooting the device when stateless DHCPv6 client is enabled.
When the DHCPv6 server packets contain the configuration filename
option.
The Auto Image Update process is triggered when an indirect image file
name is provided by the DHCP server or a backup indirect image file name has been configured. Indirect means that this is not the image itself, but rather a file that holds the path name to the image.

Auto Configuration Image Update in a Stack

The current master of a stack is responsible for the Auto Configuration/Image Update of the whole stack.
For auto configuration, the new configuration file is downloaded to the master unit and synchronized to backup before reload.
6
For auto image update, the new image is copied and saved to the inactive-image of the master unit. As the part of the copy process the master unit synchronizes the image to all the units in the stack before the reload.
A configuration file that is placed on the TFTP/SCP server must match the form and format requirements of the supported configuration file. The form and format of the file are checked, but the validity of the configuration parameters is not checked prior to loading it to the Startup Configuration.
DHCP Auto Configuration/Image Update
The DHCP Auto Configuration/Image Update page is used to configure the device as a DHCP client.
The following defaults exist on the system:
Auto Configuration is enabled.
Auto Image Update is enabled.
The device is enabled as a DHCP client.
Remote SSH server authentication is disabled.
Cisco 350XG & 550XG Series 10G Stackable Managed Switches 95
Loading...
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use