How it Works
Cisco
Loading...
SF250
Table of contents
Loading...

Cisco SF250 Service Manual

Download
ADMINISTRATION
GUIDE
Cisco Sx250 Series Managed Switches, Firmware Release
2.2.5.x
Contents
Chapter 1: Getting Started 8
Chapter 2: Dashboard 20
Grid Management 20 System Health 22 Resource Utilization 23 Identification 24 Port Utilization 25 PoE Utilization 26 Latest Logs 27 Suspended Interfaces 27 Traffic Errors 28
Chapter 3: Configuration Wizards 30
Getting Started Wizard 30 VLAN Configuration Wizard 32
Chapter 4: Status and Statistics 34
System Summary 34 CPU Utilization 36 Interface 37 Etherlike 38 Port Utilization 39
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 1
Contents
802.1X EAP 40 Health and Power 41 Switched Port Analyzer (SPAN) 45 Diagnostics 47 RMON 51 View Logs 59
Chapter 5: Administration 61
Device Models 61 System Settings 62 User Accounts 63 Idle Session Timeout 64 Time Settings 64 System Log 65 File Management 68 Reboot 68 Discovery - Bonjour 70 Discovery - LLDP 70 Discovery - CDP 70 Ping 70
Chapter 6: Administration: File Management 73
System Files 73 Firmware Operations 75 File Operations 78 File Directory 86 DHCP Auto Configuration/Image Update 86
Chapter 7: Administration: Time Settings 96
System Time Configuration 97
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 2
Contents
SNTP Modes 98 System Time 99 SNTP Unicast 101 SNTP Multicast/Anycast 103 SNTP Authentication 104
Chapter 8: Administration: Discovery 106
Bonjour 106 LLDP and CDP 107 Discover - LLDP 109 Discovery - CDP 129
Chapter 9: Port Management 140
Workflow 140 Port Settings 141 Error Recovery Settings 144 Loopback Detection Settings 145 Link Aggregation 147 PoE 155 Green Ethernet 164
Chapter 10: Smartport 172
Overview 172 How the Smartport Feature Works 177 Auto Smartport 177 Error Handling 181 Default Configuration 181 Relationships with Other Features 182 Common Smartport Tasks 182 Configuring Smartport Using The Web-based Interface 184
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 3
Contents
Built-in Smartport Macros 189
Chapter 11: VLAN Management 200
Overview 200 Regular VLANs 202 Voice VLAN 209
Chapter 12: Spanning Tree 222
STP Flavors 222 STP Status and Global Settings 223 STP Interface Settings 225 RSTP Interface Settings 227 Multiple Spanning Tree Overview 229 MSTP Properties 229 VLANs to a MSTP Instance 230 MSTP Instance Settings 231 MSTP Interface Settings 232
Chapter 13: Managing MAC Address Tables 235
Static Addresses 236 Dynamic Addresses 237
Chapter 14: Multicast 238
Multicast Forwarding Overview 238 Properties 243 MAC Group Address 244 IP Multicast Group Address 245 IPv4 Multicast Configuration 247 IPv6 Multicast Configuration 250 IGMP/MLD Snooping IP Multicast Group 253
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 4
Contents
Multicast Router Port 254 Forward All 254 Unregistered Multicast 255
Chapter 15: IP Configuration 258
Overview 258 IPv4 Management and Interfaces 260 IPv6 Management and Interfaces 264 Domain Name System 275
Chapter 16: Security 281
RADIUS 282 Password Strength 285 Management Access Method 287 Management Access Authentication 291 SSL Server 293 SSH Client 295 TCP/UDP Services 295 Storm Control 296 Port Security 300
802.1X Authentication 302 Denial of Service Prevention 302
Chapter 17: Security: 802.1X Authentication 306
Overview 306 Properties 313 Port Authentication 314 Host and Session Authentication 316 Authenticated Hosts 317
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 5
Contents
Chapter 18: Security: Secure Sensitive Data Management 318
Introduction 318 SSD Management 319 SSD Rules 319 SSD Properties 324 Configuration Files 327 SSD Management Channels 331 Menu CLI and Password Recovery 332 Configuring SSD 332
Chapter 19: Security: SSH Client 336
Overview 336 SSH User Authentication 342 SSH Server Authentication 343 Change User Password on the SSH Server 345
Chapter 20: Quality of Service 346
QoS Features and Components 347 General 348 QoS Statistics 356
Chapter 21: SNMP 358
Overview 358 Engine ID 361 Views 363 Groups 364 Users 365 Communities 367 Trap Settings 369 Notification Recipients 370
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 6
Contents
Notification Filter 374
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 7

Getting Started

This section provides an introduction to the web-based configuration utility, and covers the following topics:
1
Starting the Web-based Configuration Utility
USB Port
Basic or Advanced Display Mode
Quick Start Device Configuration
Interface Naming Conventions
Window Navigation
Search Facility

Starting the Web-based Configuration Utility

This section describes how to navigate the web-based switch configuration utility. If you are using a pop-up blocker, make sure it is disabled.

Browser Restrictions

If you are using IPv6 interfaces on your management station, use the IPv6 global address and not the IPv6 link local address to access the device from your browser.
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 8
1
Getting Started
Starting the Web-based Configuration Utility

Launching the Configuration Utility

To open the web-based configuration utility:
STEP 1 Open a Web browser. STEP 2 Enter the IP address of the device you are configuring in the address bar on the browser, and
then press Enter.
NOTE When the device is using the factory default IP address of 192.168.1.254, its system LED
flashes continuously. When the device is using a DHCP-assigned IP address or an administrator-configured static IP address, the system LED is on solid.
The default IP address 192.168.1.254 is configured on the default VLAN (VLAN 1).

Logging In

The default username/password is cisco/cisco. The first time that you log in with the default username and password, you are required to enter a new password.
NOTE If you have not previously selected a language for the GUI, the language of the Login page is
determined by the language(s) requested by your browser and the lang uages configured on your device. If your browser requests Chinese, for example, and Chinese has been loaded into your device, the Login page is automatically displayed in Chinese. If Chinese has not been loaded into your device, the Login page appears in English.
The languages loaded into the device have a language and country code (en-US, en-GB and so on). For the Login page to be automatically displayed in a particular language, based on the browser request, both the language and country code of the browser request must match those of the language loaded on the device. If the browser request contains only the language code without a country code (for example: fr). The first embedded language with a matching language code is taken (without matching the country code, for example: fr_CA).
To log in to the device configuration utility:
STEP 1 Enter the username/password. The password can contain up to 64 ASCII characters.
Password-complexity rules are described in Password Strength.
STEP 2 If you are not using English, select the desired langu age from the Lang uage drop -down menu.
To add a new language to the device or update a current one, see the description of the Language Menu described in Application Header.
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 9
Getting Started
Starting the Web-based Configuration Utility
STEP 3 If this is the first time that you logged on with the default user ID (cisco) and the default
password (cisco) or your password has expired, the Change Password Page appears. See
Password Expiration for additional information.
STEP 4 Choose whether to select Password Complexity Settings in the Password Strength page. STEP 5 Enter the new password and click Apply.
When the login attempt is successful, the Getting Started page appears. If you entered an incorrect username or password, an error message appears and the Login
page remains displayed on the window. Select Don't show this page on startup to prevent the Getting Started page from being
displayed each time that you log on to the system. If you select this option, the System
Summary page is opened instead of the Getting Started page.
1

HTTP/HTTPS

You can either open an HTTP session (not secured) by clicking Log In, or you can open an HTTPS (secured) session, by clicking Secure Browsing (HTTPS). You are asked to approve the logon with a default RSA key, and an HTTPS session is opened.
NOTE There is no need to input the username/password prior to clicking the Secure Browsing
(HTTPS) button. For information on how to configure HTTPS, see SSL Server.

Password Expiration

The New Password page is displayed in the following cases:
The first time that you access the device with the default username cisco and password
cisco. This page forces you to replace the factory default password.
When the password expires, this page forces you to select a new password.

Logging Out

By default, the application logs out after ten minutes of inactivity. You can change this default value as described in the Defining Idle Session Timeout section.
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 10
1
Getting Started
Starting the Web-based Configuration Utility
!
CAUTION Unless the Running Configuration is copied to the Startup Configuration, rebooting the device
removes all changes made since the last time the file was saved. Save the Running Configuration to the Startup Configuration before log ging off to preserve any changes you made during this session.
A flashing red X icon to the left of the Save application link indicates that Running Configuration changes have not yet been saved to the Startup Configuration file. The flashing can be disabled by clicking on the Disable Save Icon Blinking button on the Copy/Save Configuration page
When the device auto-discovers a connected device, such as an IP phone (see What is a
Smartport), and it configures the port appropriately for the device. These configuration
commands are written to the Running Configuration file. This causes the Save icon to begin blinking when the you log on, even though you did not make any configuration changes.
When you click Save, the Copy/Save Configuration page appears. Save the Running Configuration file by copying it to the Startup Configuration file. After this save, the red X icon and the Save application link are no longer displayed.
To logout, click Logout in the top right corner of any page. The system logs out of the device. When a timeout occurs or you intentionally log out of the system, a message is displayed and
the Login page appears, with a message indicating the logged-out state. After you log in, the application returns to the initial page.
The initial page displayed depends on the “Do not show this page on startup” option in the Getting Started page. If you did not select this option, the initial page is the Getting Started page. If you did select this option, the initial page is the System Summary page.

Layer 2 Applications

The following Layer 2 applications are supported on the OOB port, however functionality may differ from functionality on inband ports:
802.1x
LLDP
CDP
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 11
Getting Started

USB Port

USB Port
1
The USB port can be used for connecting external storage (disk-on-key) devices. It can hold configuration, SYSLOG and image files. The USB port fully supports the FAT32 file system, and provides partial support (read only) for the NTFS file system.
Both relative path or fully qualified paths can be used. The system supports the following user actions on the USB port through the GUI:
Display the USB contents
Copy files to/from USB (the same as with TFTP)
Delete, rename and display the contents of USB files

Basic or Advanced Display Mode

The product supports many features, and therefore the WEB GUI includes hundreds of configuration and display pages. These pages are divided into the following display modes:
Basic—Basic subset of configuration options are available. If you are missing some
configuration option, select the Advanced mode in the device header.
Advanced—Full set of configuration options are available.
Navigate from one mode to another, as shown below:
When the user switches from basic to advanced, the browser reloads the page. However, after reload, the user stays on the same page.
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 12
1
Getting Started
Basic or Advanced Display Mode
When the user switches from advanced to basic, the browser reloads the page. If the page exists also on the basic mode, the user stays on the same page. If the page does not exist in the basic mode, the browser will load the first page of the folder which was used by the user . If the folder does not exist, the Getting Started page will be displayed.
If there is advanced configuration, and the page is loaded in basic mode, a page-level message will be displayed to the user (e.g. there are 2 radius server configured but in basic mode only a single server can be displayed, or there is 802.1X port authentication with time range configured but time range is not visible in basic mode).
When switching from one mode to another, any configuration which was made on the page (without Apply) is deleted.
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 13
Getting Started

Quick Start Device Configuration

Quick Start Device Configuration
For quick initial setup, you can use the configuration wizards described in VLAN
Configuration Wizard or use the links on the Getting Started page, as described below:
Category Link Name (on the Page) Linked Page
1
Initial Setup
Device Status System Summary System Summary
Quick Access Change Device Password User Accounts
Change Management Applicatio ns and Services
Change Device IP Address IPv4 Interface Create VLAN VLAN Settings Configure Port Settings Port Settings
Port Statistics Interface RMON Statistics Statistics Vi ew Log RAM Memory
Upgrade Device Software Firmware Operations Backup Device Configuration File Operations Configure QoS QoS Properties Configure SPAN Switched Port Analyzer (SPAN)
TCP/UDP Services
There are two hot links on the Getting Started page that take you to Cisco web pages for more information. Clicking on the Support link takes you to the device product support page, and clicking on the Forums link takes you to the Support Community page.

Interface Naming Conventions

Within the GUI, interfaces are denoted by concatenating the following elements:
Type of interface: The following types of interfaces are found on the various types of
devices:
- Fast Ethernet (10/100 bits)—These are displayed as FE.
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 14
1
Getting Started
Interface Naming Conventions
- Gigabit Ethernet ports (10/100/1000 bits)—These are displayed as GE.
- Out-of-Band Port—This is displayed as OOB.
- LAG (Port Channel)—These are displayed as LAG.
- VLAN—These are displayed as VLAN.
- Tunnel —These are displayed as Tunnel.
Interface Number: Port, LAG, Tunnel, or VLAN ID.
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 15
Getting Started

Window Navigation

Window Navigation
This section describes the features of the web-based switch configuration utility.

Application Header

The Application Header appears on every page. It provides the following application links:
1
Application Link Name
Username Displays the name of the user logged on to the device. The default
Description
A flashing red X icon displayed to the left of the Save application link indicates that Running Configuration changes have been made that have not yet been saved to the Startup Configuration file. The flashing of the red X can be disabled on the Copy/Save Configuration page.
Click Save to display the Copy/Save Configuration page. Save the Running Configuration file by copying it to the Startup Configuration file type on the device. After this save, the red X icon and the Save application link are no longer displayed. When the device is rebooted, it copies the Startup Configuration file type to the Running Configuration and sets the device parameters according to the data in the Running Configuration.
username is cisco. (The default password is cisco).
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 16
1
Getting Started
Window Navigation
Application Link Name
Language Menu This menu provides the following options:
Logout Click to log out of the web-based switch configuration utility.
Description
Select a language: Select one of the languages that appear
in the menu. This language will be the web-based configuration utility language.
Download Language: Add a new language to the device.
Delete Language: Deletes the second language on the
device. The first language (English) cannot be deleted.
Debug: Used for translation purposes. If you select this
option, all web-based configuration utility labels disappear and in their place are the IDs of the strings that correspond to the IDs in the language file.
NOTE T o upgrad e a language file, use the Upgrade/Backup
Firmware/Language page.
About Click to display the device name and device version number. Help Click to display the online help.
The SYSLOG Alert Status icon appears when a SYSLOG message, above the critical severity level, is logged. Click the icon to open the RAM Memory page. After you access this page, the SYSLOG Alert Status icon is no longer displayed. To display the page when there is not an active SYSLOG message, Click Status and Statistics > View Log > RAM Memory.
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 17
Getting Started
Window Navigation
1

Management Buttons

The following table describes the commonly-used buttons that appear on various pages in the system.
Button Name Description
Use the pull-down menu to configure the number of entries per page.
Indicates a mandatory field.
Add Click to display the related Add page and add an entry to a table.
Enter the information and click Apply to save it to the Running Configuration. Click Close to return to the main page. Click Save to display the Copy/Save Configuration page and save the Running Configuration to the Startup Configuration file type on the device.
Apply Click to apply changes to the Running Configuration on the device.
If the device is rebooted, the Running Configuration is lost, unless it is saved to the Startup Configuration file type or another file type. Click Save to display the Copy/Save Configuration page and save the Running Configuration to the Startup Configuration file type on the device.
Cancel Click to reset changes made on the page. Clear Filter Click to clear filter to select information displayed. Clear All Interfaces
Counters Clear Interface
Counters Clear Logs Clears log files. Clear Table Clears table entries. Close Returns to main page. If any changes were not applied to the
Click to clear the statistic counters for all interfaces.
Click to clear the statistic counters for the selected interface.
Running Configuration, a message appears.
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 18
1
Getting Started

Search Facility

Button Name Description
Copy Settings A table typically contains one or more entries containing
configuration settings. Instead of modifying each entry individually, it is possible to modify one entry and then copy the selected entry to multiple entries, as described below:
1. Select the entry to be copied. Click Copy Settings to display the
popup.
2. Enter the destination entry numbers in the to field.
3. Click Apply to save the changes and click Close to return to the
main page.
Delete After selecting an entry in the table, click Delete to remove. Details Click to display the details associated with the entry selected.
Search Facility
Edit Select the entry and click Edit. The Edit page appears, and the
entry can be modified.
1. Click Apply to save the changes to the Running Configuration.
2. Click Close to return to the main page.
Go Enter the query filtering criteria and click Go. The results are
displayed on the page.
Refresh Click Refresh to refresh the counter values. Test Click Test to perform the related tests. Restore Defaults Click Restore Defaults to restore factory defaults.
The search function helps the user to locate relevant GUI pages. The search result for a keyword includes links to the relevant pages, and also links to the
relevant help pages. To access the search function, enter a key word and click on the magnifyi ng glass icon.
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 19

Dashboard

2
The dashboard is a collection of 8 squares, initially empty, that can be populated by various types of information
You can select a number of modules from the available modules and place them in this grid. You can also customize settings of the currently-displayed modules.
When the dashboard loads, the modules you selected for the dashboard are loaded in their locations in the grid. The data in the modules is updated periodically , in intervals depending on the module type. These intervals are configurable for some modules.
This following topics are covered in this chapter:
Grid Management

Grid Management

System Health
Resource Utilization
Identification
Port Utilization
PoE Utilization
Latest Logs
Suspended Interfaces
Traffic Errors
The dashboard consists of multiple modules, but only a subset of the modules can be viewed at the same time.
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 20
2
Dashboard
Grid Management
When you open the dashboard, a wire frame view of the grid is displayed, as shown below (only 2 squares are shown in the following screen capture):
To display modules that are not currently being displayed, click on Customize on the upper- right of the dashboard, as shown below:
Add modules to the grid by selecting a module from the list of modules on the right and dragging and dropping it to any space in the grid.
The modules are divided into the following groups:
Small Modules are modules that take up a single square
Large Modules take up two squares.
If you drag a module into a space currently occupied, the new module replaces the previous one.
You can re-arrange the placement of the modules in the grid by dragging a module from one occupied grid position to another position. The module can be dropped in an unoccupied spot, or in a spot occupied by a module of the same size. If the selected spot is occupied, the modules switch places.
Only when you click Done (in the right-hand corner), are the modules populated by the relevant informationThe title bar of each module in the dashboard displays the title of the module and three buttons:
21 Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x
Dashboard

System Health

System Health
2
These button perform the following:
Pencil — Opens configuration options (depending on the module).
Refresh — Refreshes the information.
X — Removes the module from the dashboard.
This module displays information about device temperature (when such information is available) for a device, as shown below:
The following icons are shown:
Fan Status—Yellow if one fan failed and is backed up by the redundant fan; Green if
the fan is operational; Red if the fan is faulty.
Thermometer Status
- Temperature is OK—Green with a nearly empty thermometer.
- Temperature generates a warning—Yellow with a half full thermometer.
- Temperature is critical—Red with a full thermometer.
The following configuration options (pencil icon in upper right-hand corner) are available:
Refresh Time—Select one of the options displayed.
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 22
2

Resource Utilization

This module displays the utilization status in terms of a percentage of the various system resources as a bar chart, The resources monitored are:
Each bar becomes red if the resource utilization is higher than 80 percent.
Dashboard
Resource Utilization
Multicast Groups—Percentage of Multicast groups that exist out of the maximum
possible number that are permitted to be defined.
MAC Address T able—Percentage of MAC Address table in use.
Router TCAM—Usage in percentage of router TCAM.
TCAM—Usage in percentage of all non-IP TCAM entries.
CPU—Percentage of CPU being used.
Hovering over a bar displays a tooltip displaying the numeric utilization information (used resources/max available).
The following configuration options (right-hand corner) are available:
Refresh Time—Select one of the options displayed.
Multicast Groups—Click to open MAC Group Address
MAC Address T able—Click to open Dynamic Addresses.
23 Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x
Dashboard

Identification

Identification
2
CPU Utilization Information—Click to open CPU Utilization.
This module displays basic information regarding the device, as shown below:
It displays the following fields:
System Description—Displays description of the device.
Host Name—Entered in the System Settings page or default is used. Also can be
added in the Getting Started Wizard.
Firmware Version—Current firmware version running on device.
MAC Address—MAC address of the device.
Serial Number—Serial number of the device.
System Location—Enter the physical location of the device.
System Contact—Enter the name of a contact person.
T otal Available Power—Amount of power available to the device.
Current Power Consumption—Amount of power consumed by the device.
The following configuration options (right-hand corner) are available:
Refresh Time—Select one of the options displayed.
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 24
2

Port Utilization

Dashboard
Port Utilization
System Settings—Click to open System Settings.
System Summary—Click to open System Summary.
This modules displays the ports on the device in either device or chart view. The view is selected in the configuration options (pencil icon in upper-right corner).
Display Mode—Device View
Displays the device. Hovering over a port displays information about it.
Display Mode—Chart View
A list of ports is displayed. The port utilization is displayed in bar format:
For each port, the following port utilization information is displayed: Tx% (green) Rx% (blue)
25 Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x
Dashboard

PoE Utilization

PoE Utilization
2
Refresh Time—Select one of the displayed options.
Interface Statistics—Lick to link to the Status and Statistics -> Interface page.
This module displays a graphic representation of the PoE utilization status., as shown below:
For a standalone unit, this module displays a gauge with a dial of values from 0-100. The section of the dial from the traps threshold to 100 is red. In the middle of the gauge, the actual PoE utilization value is shown in watts.
Each bar represents the PoE utilization percentage value of the device on a scale of 0 to 100. If the PoE utilization is higher than the traps threshold, the bar is red. Otherwise the bar is green.
When hovering on a bar, a tooltip appears showing the actual PoE utilization of the unit in watts.
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 26
2

Latest Logs

Dashboard
Latest Logs
This module contains information about the five latest events logged by the system as SYSLOGs, as shown below:
The following configuration options (right-hand corner) are available:
Severity Threshold—Described in Log Settings.
Refresh Time—Select one of the options displayed.
View Logs—Click to open RAM Memory.
NOTE See View Logs for more information.

Suspended Interfaces

This module displays interfaces that have been suspended in either device or table view. The view is selected in the configuration options (pencil icon in upper-right corner).
Device View
In this view, the device is displayed This is shown below:
All suspended ports in the device are shown as red. Hovering over a suspended port displays a tooltip with the following information:
- Port name.
27 Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x
Dashboard

Traffic Errors

2
- If the port is a member of a LAG, the LAG identity of the port.
- The suspension reason if it is suspended.
Table V iew
Information is displayed in table form, as shown below:
The following fields are displayed:
- Interface—Port or LAG that was suspended
Traffic Errors
- Suspension Reason—Reason interface was suspended
- Auto-recovery current status—Has auto recovery been enable for the feature that
caused the suspension.
The following configuration options (right-hand corner) are available:
Display Mode—Select either Device View or Table View.
Refresh Time—Select one of the options displayed.
Error Recovery Settings—Click to open Error Recovery Settings.
Refresh Time—Select one of the options displayed.
This modules displays the number of error packets of various types that are counted on the RMON statistics. The view is selected in the configuration options (pencil icon in upper-right corner).
The following can be selected in from the pencil icon:
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 28
2
Dashboard
Traffic Errors
Display Mode - Device View
The device module mode displays a diagram of the device, as shown below:
All suspended ports in the device are shown as red. Hovering over a suspended port displays a tooltip with the following information:
- Port name.
- If the port is a member of a LAG, the LAG identity of the port.
- Details of the last error logged on the port.
Display Mode - Table View
- Interface—Name of port
- Last traffic error—Traffic error that occurred on a port and the last time the error
occurred.
Refresh Time—Select one of the refresh rates.
Traffic Error Information—Click to link to the Statistics page.
29 Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x

Configuration Wizards

This section describes the following configuration wizards: It covers the following topics:
Getting Started Wizard
VLAN Configuration Wizard
3

Getting Started Wizard

This wizard assists in the initial configuration of the device.
STEP 1 Click Configuration Wizards > Getting Started W izard. STEP 2 Click Launch Wizard and Next. STEP 3 Enter the fields:
System Location—Enter the physical location of the device.
System Contact—Enter the name of a contact person.
Host Name—Select the host name of this device. This is used in the prompt of CLI
commands:
- Use Default—The default hostname (System Name) of these switches is:
switch123456, where 123456 represents the last three bytes of the device MAC address in hex format.
- User Defined—Enter the hostname. Use only letters, digits, and hyphens. Host
names cannot begin or end with a hyphen. No other symbols, punctuation characters, or blank spaces are permitted (as specified in RFC1033, 1034, 1035).
STEP 4 Click Next.
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 30
3
Configuration Wizards
Getting Started Wizard
STEP 5 Enter the fields:
Interface—Select the IP interface for the system.
IP Interface Source—Select one of the following options:
- DHCP—Select for the device to receive its IP address from a DHCP server.
- Static—Select to enter the IP address of the device manually.
If you selected Static as the IP address type, enter the following fields:
IP Addr ess—IP address of the interface.
Network Mask—IP mask for this address.
Administrative Default Gateway—Enter the default gateway IP address.
DNS Server—Enter the IP address of the DNS server.
STEP 6 Click Next STEP 7 Enter the fields:
Username—Enter a new user name between 0 and 20 characters. UTF-8 characters are
not permitted.
Password—Enter a password (UTF-8 characters are not permitted). If the password
strength and complexity is defined, the user password must comply with the policy configured in Password Strength.
Confirm Password—Enter the password again.
Password Strength—Displays the strength of password. The policy for password
strength and complexity are configured in the Password Strength page.
Keep current username and password—Select to keep current username and
password.
STEP 8 Click Next STEP 9 Enter the fields:
Clock Source—Select one of the following:
- Manual Settings—Select to enter the device system time. If this is selected, enter the
Date and Time.
- Default SNTP Servers—Select to use the default SNTP servers.
31 Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x
Configuration Wizards

VLAN Configuration Wizard

NOTE The default SNTP servers are defined by name, thus DNS must be configured
and operational (DNS server configured and reachable). This is done in DNS Settings.
- Manual SNTP Server—Select and enter the IP address of an SNTP server.
STEP 10 Click Next to view a summary of configuration that you entered. STEP 11 Click Apply to save the configuration data.
VLAN Configuration Wizard
This wizard assists in configuring VLANs. Each time you run this wizard, you can configure ports membership in a single VLAN. The first steps are for Trunk port mode (where you configure trunk ports tagged and untagged ports), and then you configure Access port mode.
3
STEP 1 Click Configuration Wizards > VLAN Configuration Wizard. STEP 2 Click Launch Wizard and Next. STEP 3 Select the ports that are to be configured as trunk port (by clicking with mouse on the required
ports in the graphical display). Ports that are already configured as Trunk ports are pre­selected.
STEP 4 Click Next. STEP 5 Enter the fields:
VLAN ID—Select the VLAN you want to configure. You can select either an existing
VLAN or New VLAN.
New VLAN ID—Enter the VLAN ID of a new VLAN.
VLAN Name—Optionally, enter VLAN name.
STEP 6 Select the trunk ports that are to be configured as untagged members of the VLAN (by
clicking with mouse on the required ports in the graphical display). T he trunk ports that are no t selected in this step becomes tagged members of the VLAN.
STEP 7 Click Next. STEP 8 Select the ports are that to be the access ports of the VLAN. Access ports of a VLAN is
untagged member of the VLAN. (by clicking with mouse on the required ports in the graphical display).
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 32
3
Configuration Wizards
VLAN Configuration Wizard
STEP 9 Click Next to see the summary of the information that you entered. STEP 10 Click Apply.
33 Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x

Status and Statistics

This section describes how to view device statistics. It covers the following topics:
•System Summary
CPU Utilization
Interface
4

System Summary

•Etherlike
Port Utilization
802.1X EAP
Health and Power
Switched Port Analyzer (SPAN)
Diagnostics
•RMON
•View Logs
The System Summary page provides a graphic view of the device, and displays device status, hardware information, firmware version information, general PoE status, and other items.
To view system information, click Status and Statistics > System Summary.
System Information:
System Description—A description of the system.
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 34
4
Status and Statistics
System Summary
System Location—Physical location of the device. Click Edit to go the System Settings page to enter this value.
System Contact—Name of a contact person. Click Edit to go the System Settings
page to enter this value.
Host Name—Name of the device. Click Edit to go the System Settings page to enter
this value. By default, the device host name is composed of the word switch concatenated with the three least significant bytes of the device MAC address (the six furthest right hexadecimal digits).
System Object ID—Unique vendor identification of the network management
subsystem contained in the entity (used in SNMP).
System Uptime—Time that has elapsed since the last reboot.
Current Time—Current system time.
Base MAC Address—Device MAC address.
Jumbo Frames—Jumbo frame support status. This support can be enabled or disabled
by using the Port Settings page.
NOTE Jumbo frames support takes effect only after it is enabled, and after the device is
rebooted.
Software Information:
Firmware Version—Firmware version number of the active image.
Firmware MD5 Checksum—MD5 checksum of the active image.
Locale—Locale of the first language. (This is always English.)
Language Version—Language package version of the first or English language.
Language MD5 Checksum—MD5 checksum of the language file.
TCP/UDP Services Status:
To reset the following fields, click Edit to open the TCP/UDP Services page.
HTTP Service—Whether HTTP is enabled/disabled.
HTTPS Service—Whether HTTPS is enabled/disabled.
SNMP Service—Whether SNMP is enabled/disabled.
35 Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x
Status and Statistics

CPU Utilization

4
PoE Power Information: (on devices supporting PoE)
PoE Power Information—Click on Detail to link you directly to the Overview page.
This page shows the PoE power information.
Maximum Available PoE Power (W)—Maximum available power that can be
delivered by the switch.
Total PoE Power Consumption (W)—Total PoE power delivered to connected PoE
devices.
PoE Power Mode—Port Limit or Class Limit.
The unit is displayed graphically., as shown below:
CPU Utilization
Hovering on a port displays its name. The following information is displayed for each unit:
Serial Number—Serial number.
PID VID—Part number and version ID.
The device CPU handles the following types of traffic, in addition to end-user traffic handling the management interface:
Management traffic
Protocol traffic
Snooping traffic
Excessive traffic burdens the CPU, and might prevent normal device operation. The device uses the Secure Core Technology (SCT) feature to ensure that the device receives and processes management and protocol traffic, no matter how much total traffic is received is enabled by default on the device and cannot be disabled.
. SCT
There are no interactions with other features.
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 36
4
Status and Statistics

Interface

To display CPU utilization:
STEP 1 Click Status and Statistics > CPU Utilization.
The CPU Input Rate field displays the rate of input frames to the CPU per second. The window contains a graph displaying CPU utilization on the device. The Y axis is
percentage of usage, and the X axis is the sample number.
STEP 2 Ensure that the CPU Utilization check box is enabled. STEP 3 Select the Refresh Rate (time period in seconds) that passes before the statistics are refreshed.
A new sample is created for each time period. The window containing a graph displaying CPU utilization on the device is displayed.
Interface
The Interface page displays traffic statistics per port. The refresh rate of the information can be selected.
This page is useful for analyzing the amount of traffic that is both sent and received and its dispersion (Unicast, Multicast, and Broadcast).
To display Ethernet statistics and/or set the refresh rate:
STEP 1 Click Status and Statistics > Interface. STEP 2 Enter the parameters.
Interface—Select the interface for which Ethernet statistics are to be displayed.
Refresh Rate—Select the time period that passes before the interface Ethernet statistics
are refreshed.
The Receive Statistics area displays information about incoming packets.
Total Bytes (Octets)—Octets received, including bad packets and FCS octets, but
excluding framing bits.
Unicast Packets—Good Unicast packets received.
Multicast Packets—Good Multicast packets received.
Broadcast Packets—Good Broadcast packets received.
37 Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x
Status and Statistics

Etherlike

STEP 3 To view statistics counters in table view or graphic view:
4
Packets with Errors—Packets with errors received.
The Transmit Statistics area displays information about outgoing packets.
Total Bytes (Octets)—Octets transmitted, including bad packets and FCS octets, but
excluding framing bits.
Unicast Packets—Good Unicast packets transmitted.
Multicast Packets—Good Multicast packets transmitted.
Broadcast Packets—Good Broadcast packets transmitted.
Click View All Interfaces Statistics to see all ports in table view.
Click View Interface History Graph to display these results in graphic form. In this
view, you can select the T ime Span for which the results will be displayed and the type of statistic to be displayed. For example, if you select Last 5 Minutes and Unicast Packets, you will see how many Unicast packets received in the last 5 minutes.
Etherlike
The Etherlike page displays statistics per port according to the Etherlike MIB standard definition. The refresh rate of the information can be selected. This page provides more detailed information regarding errors in the physical layer (Layer 1) that might disrupt traffic.
To view Etherlike Statistics and/or set the refresh rate:
STEP 1 Click Status and Statistics > Etherlike. STEP 2 Enter the parameters.
Interface—Select the specific interface for which Ethernet statistics are to be
displayed.
Refresh Rate—Select the amount of time that passes before the Etherlike statistics are
refreshed.
The fields are displayed for the selected interface.
NOTE If one of the following fiel ds shows a number of errors (not 0), a Last Update time is displayed.
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 38
4
Status and Statistics

Port Utilization

Frame Check Sequence (FCS) Errors—Received frames that failed the CRC (cyclic
redundancy checks).
Single Collision Frames—Frames that involved in a single collision, but successfully
transmitted.
Late Collisions—Collisions that have been detected after the first 512 bits of data.
Excessive Collisions—Transmissions rejected due to excessive collisions.
Oversize Packets—Packets greater than 2000 octets received.
Internal MAC Receive Errors—Frames rejected because of receiver errors.
Pause Frames Received—Received flow control pause frames. This field is only
supported for XG ports. When the port speed is 1G, the received pause frames counte r is not operational.
Pause Frames T ransmitted—Flow control pause frames transmitted from the selected
interface.
STEP 3 To view statistics counters in table view:
Port Utilization
STEP 1 Click Status and Statistics > Port Utilization. STEP 2 Enter the Refresh Rate, which is the time period that passes before the interface Ethernet
Click View All Interfaces Statistics to see all ports in table view.
The Port Utilization page displays utilization of broadband (both incoming and outgoing) per port.
To display port utilization:
statistics are refreshed. The following fields are displayed for each port:
Interface—Name of port.
Tx Utilization—Amount of bandwidth used by outgoing packets.
Rx Utilization—Amount of bandwidth used by incoming packets.
39 Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x
Status and Statistics

802.1X EAP

802.1X EAP
4
To view a graph of historical utilization over time on the port, select a port and click the click View Interface History Graph. In addition to the above, the following field is displayed:
Time Span—Select a unit of time. The graph displays the port utilization over this unit
of time.
The 802.1x EAP page displays detailed information regarding the EAP (Extensible Authentication Protocol) frames that sent or received. To configure the 802.1X feature, see the Properties page.
To view the EAP Statistics and/or set the refresh rate:
STEP 1 Click Status and Statistics > 802.1x EAP. STEP 2 Select the Interface that is polled for statistics. STEP 3 Select the Refresh Rate (time period) that passes before the EAP statistics are refreshed.
The values are displayed for the selected interface.
EAPOL Frames Received—Valid EAPOL frames received on the port.
EAPOL Frames Transmitted—Valid EAPOL frames transmitted by the port.
EAPOL Start Frames Received—EAPOL Start frames received on the port.
EAPOL Logoff Frames Received—EAPOL Logoff frames received on the port.
EAP Response/ID Frames Received—EAP Resp/ID frames received on the port.
EAP Response Frames Received—EAP Response frames received by the port (other
than Resp/ID frames).
EAP Request/ID Frames Transmitted—EAP Req/ID frames transmitted by the port.
EAP Request Frames Transmitted—EAP Request frames transmitted by the port.
Invalid EAPOL Frames Received—Unrecognized EAPOL frames received on this
port.
EAP Length Error Frames Received—EAPOL frames with an invalid Packet Body
Length received on this port.
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 40
4
STEP 4 To clear statistics counters:

Health and Power

Status and Statistics
Health and Power
Last EAPOL Frame Version—Protocol version number attached to the most recently
received EAPOL frame.
Last EAPOL Frame Source—Source MAC address attached to the most recently
received EAPOL frame.
Click View All Interfaces Statistics to view the counters of all interfaces.
Click Clear Interface Counters to clear the counters of all interfaces.
The Health and Power page monitors the temperature status, power supply status and fan status on all relevant devices. Depending on the model, there are one or more fans on a device. Some models have no fans at all.
Fans
In some devices the fans are mandatory for the device operation since without them the device becomes too hot and automatically shut-down. Since a fan is a moving part, it is subject to failures. A redundant fan is installed on the system. This fan is not operational unless one or more of the system fans fails. In this case, the redundant fan becomes part of the environment monitoring of the device.
It is recommended to let the redundant fan work for at least 1 minute once a day. Some devices have a temperature sensor to protect its hardware from overheating. In this case,
the following actions are performed by the device if it overheats and during the cool down period after overheating:
Event Action
At least one temperature sensor exceeds the Warning threshold
The following are generated:
SYSLOG message
SNMP trap
41 Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x
Status and Statistics
Health and Power
4
Event Action
At least one temperature sensor exceeds the Critical threshold
Cool down period after the Critical threshold was exceeded (all sensors are lower than the Warning threshold - 2 °C).
The following are generated:
SYSLOG message
SNMP trap
The following actions are performed:
System LED is set to solid amber (if hardware
supports this).
Disable Ports — When the Critical temperature
has been exceeded for two minutes, all ports will be shut down.
(On devices that support PoE) Disable the PoE
circuitry so that less power is consumed and less heat is emitted.
After all the sensors cool down to Warning Threshold minus 2 degree C, the PHY will be re-enabled, and all ports brought back up.
If fan status is OK, the ports are enabled. (On devices that support PoE) the PoE circuitry is
enabled.
To view the device health parameters, click Status and Statistics > Health.
NOTE Only fields that are relevant to the device are displayed.
This section displays the power saved by the device due to the Green Ethernet and Led Disable features, as well as due to ports being down (physically or due to time range settings).
The PoE savings displays the total power saved by using the PoE time range feature that shuts down PoE to ports at specific times (usually when the PoE network element is not in use).
The following information is displayed (the order of the fields may be different depending on the device):
Power Savings
Current Green Ethernet and Port Power Savings—Current amount of the power
savings on all the ports.
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 42
4
Status and Statistics
Health and Power
Cumulative Green Ethernet and Port Power Savings—Accumulative amount of the
power savings on all the ports since the device was powered up.
Projected Annual Green Ethernet and Port Power Savings—Projection of the
amount of the power that will be saved on the device during one week. This value is calculated based on the savings that occurred during the previous week.
Current PoE Power Savings—Current amount of the PoE power saved on ports that
have PDs connected to them and on which PoE is not operational due to the Time Range feature.
Cumulative PoE Power Savings—Cumulative amount of the PoE power, since the
device was powered up, saved on ports which have PDs connected to them and to which PoE is not operational due to the Time Range feature.
Projected Annual PoE Power Savings—Yearly projected amount of PoE power,
since device was powered up, saved on ports that have PDs connected to them and to which PoE is not operational due to the Time Range feature. The projection is based on the savings during the previous week.
To schedule power operations for a specific time range, click the blue links in the following sentence on the page: “Power Savings can be increased by using a Time Range to schedule
data and PoE operations.” The following pages are displayed:
Time Range—The Administration > Time Settings > Time Range page is
displayed. Set the time range for the power operations.
Data—The Port Management > Port Settings page is displayed. Connect the time
range to one or more ports.
PoE—The Port Management > PoE > Settings page is displayed. Connect the time
range to the PoE operations on one or more ports.
The Health and Power page displays the following fields: Environmental Status
Fan Status—The following values are possible:
- OK—Fan is operating normally.
- Failure—More than one fan is not operating correctly.
- N/A—Fan is not applicable for the specific model.
Temperature—The options are:
- OK—The temperature is below the warning threshold.
43 Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x
Status and Statistics
Health and Power
4
- Warning—The temperature is between the warning threshold to the critical
threshold.
- Critical—Temperature is above the critical threshold.
- N/A—Not relevant.
Main Power Status (these fields are found on device that are PD devices and in devices that support RPS)
- Main Power Supply Status—Displays one of the following for the main power
supply:
Active—Power supply is being used. Failure—Main power has failed.
- Main Power Supply Budget—Amount of power that can be can be allocated for
device PSE operation by the main power supply.
Power Supply Over Ethernet Status (there can be up to 2 PDs)
- PD Port 1 ID—Port number of PD port1
- PD Port 1 Status—Connected or not connected
- PD Port 1 Type—Type of PD
- PD Port 1 Budget—Maximum amount of power that can be can be allocated for
device PSE operation
- PD Port 2 ID—Port number of PD port1
- PD Port 2 Status—Connected or not connected
- PD Port 2 Type—Type of PD
- PD Port 2 Budget—Maximum amount of power that can be can be allocated for
device PSE operation
Ethernet Power Supply Table (displayed only if the device supports PD ports). The following fields are displayed:
Port Name—Number of port.
PD Status—Displays one of the following values:
- Connected—The PD port is connected to a PSE device that is providing power.
- Not Connected—The PD port is not connected to a PSE device.
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 44
4
Negotiation Mode—One of the following values.
- Auto—CDP or LLDP negotiation is used to determine power level.
- Force 802.3AF—Both sides use the AF power standard.
- Force 802.3AT—Both sides use the AT power standard.
- Force 60W—Both sides use the 60W power.
Power Budget—Amount of power actually allocated to the port.

Switched Port Analyzer (SPAN)

Status and Statistics
Switched Port Analyzer (SPAN)
The SPAN feature, which is sometimes called port mirroring or port monitoring, selects network traffic for analysis by a network analyzer. The network analyzer can be a Cisco SwitchProbe device or other Remote Monitoring (RMON) probes.
Port mirroring is used on a network device to send a copy of network packets, seen on a single device port, multiple device ports, or an entire VLAN, to a network monitoring connection on another port on the device. This is commonly used when monitoring of network traffic, such as for an intrusion-detection system, is required. A network analyzer, connected to the monitoring port, processes the data packets.
The device can mirror up to four interfaces per session. A packet, which is received on a network port and assigned to a VLAN that is subject to
mirroring, is mirrored to the analyzer port even if the packet was eventually trapped or discarded. Packets sent by the device are mirrored when Transmit (Tx) mirroring is activated.
Mirroring does not guarantee that all traffic from the source port(s) is received on the analyzer (destination) port. If more data is sent to the analyzer port than it can support, some data might be lost.
45 Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x
Status and Statistics
Switched Port Analyzer (SPAN)
STEP 1 Click Status and Statistics > SPAN > Session Destinations.
STEP 2 Click Add. STEP 3 Enter the following fields:
4

SPAN Session Destinations

A monitoring session consists of one or more source ports and a single destination ports. To add a destination port:
The previously-defined destinations are displayed.
Session ID—Select a session ID. This must match the session IDs of the source ports.
Port—Select the the port number to which traffic is to be copied.
This is the analyzer port. A network analyzer, such as a PC running Wireshark, is connected to this port.
Network T raffic—Select to enable that traffic other than monitored traffic is possible
on the port.
STEP 4 Click Apply.

SPAN Session Sources

One or more SPAN sources must be configured on the device. To configure the source ports to be mirrored:
STEP 1 Click Status and Statistics > SPAN > Session Sources. STEP 2 Click Add. STEP 3 Select the session number from Session ID. This must be the same for all sou rce ports an d the
destination port.
STEP 4 Select the unit and port or VLAN from which traffic is sent to the analyzer port (Source
Interface)
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 46
4

Diagnostics

Status and Statistics
Diagnostics
STEP 5 In the Monitor Type field, select whether incoming, outgoing, or both types of traffic are
mirrored.
- Rx and Tx—Port mirroring on both incoming and outgoing packets.
- Rx—Port mirroring on incoming packets.
- Tx—Port mirroring on outgoing packets.
STEP 6 Click Apply. The source interface for the mirroring is configured.
This section contains information for configuring port mirroring, running cab le tests, and viewing device operational information.
It covers the following topics:
Copper Ports Tests
Optical Module Status
Tech-Support Information

Copper Ports Tests

The Copper Test page displays the results of integrated cable tests performed on copper cables by the Virtual Cable Tester (VCT).
VCT performs two types of tests:
Time Domain Reflectometry (TDR) technology tests the quality and characteristics of
a copper cable attached to a port. Cables of up to 140 meters long can be tested. These results are displayed in the Test Results block of the Copper Test page.
DSP-based tests are performed on active XG links to measure cable length. These
results are displayed in the Advanced Information block of the Copper Test page. This test can run only when the link speed is 10G.
Preconditions to Running the Copper Port Test
Before running the test, do the following:
(Mandatory) Disable Short Reach mode (see the Properties page)
47 Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x
Status and Statistics
Diagnostics
CAUTION When a port is tested, it is set to the Down state and communications are interrupted. After the
STEP 1 Click Status and Statistics > Diagnostics > Copper Test.
4
(Optional) Disable EEE (see the Properties page)
Use a CAT6a data cable when testing cables using (VCT). The test results have an accuracy within an error range of +/- 10 for advanced Testing and +/-
2 for basic testing.
test, the port returns to the Up state. It is not recommended that you run the copper port test on a port you are using to run the web-based switch configuration utility, because communications with that device are disrupted.
To test copper cables attached to ports:
STEP 2 Select the port on which to run the test. STEP 3 Click Copper Test. STEP 4 When the message appears, click OK to confirm that the link can go down or Cancel to abort
the test. The following fields are displayed in the Test Results block:
Last Update—Time of the last test conducted on the port.
Test Results—Cable test results. Possible values are:
- OK—Cable passed the test.
- No Cable—Cable is not connected to the port.
- Open Cable—Cable is connected on only one side.
- Short Cable—Short circuit has occurred in the cable.
- Unknown Test Result—Error has occurred.
Distance to Fault—Distance from the port to the location on the cable where the fault
was discovered.
Operational Port Status—Displays whether port is up or down.
The Advanced Information block contains the following information, which is refreshed each time you enter the page:
Cable Length: Provides an estimate for the length.
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 48
4
Status and Statistics
Diagnostics
Pair—Cable wire pair being tested.
Status—Wire pair status. Red indicates fault and Green indicates status OK.
Channel—Cable channel indicating whether the wires are straight or cross-over.
Polarity—Indicates if automatic polarity detection and correction has been activated
for the wire pair.
Pair Skew—Difference in delay between wire pairs.

Optical Module Status

The Optical Module Status page displays the operating conditions reported by the SFP (Small Form-factor Pluggable) transceiver.
The following GE SFP (1000Mbps) transceivers are supported:
MGBBX1: 1000BASE-BX-20U SFP transceiver, for single-mode fiber, 1310 nm
wavelength, supports up to 40 km.
MGBLH1: 1000BASE-LH SFP transceiver, for single-mode fiber, 1310 nm
wavelength, supports up to 40 km.
MGBLX1: 1000BASE-LX SFP transceiver, for single-mode fiber, 1310 nm
wavelength, supports up to 10 km.
MGBSX1:1000BASE-SX SFP transceiver, for multimode fiber, 850 nm wavelength,
supports up to 550 m.
MGBT1: 1000BASE-T SFP transceiver for category 5 copper wire, supports up to
100 m.
The following XG SFP+ (10,000Mbps) transceivers are supported:
Cisco SFP-10GSR
Cisco SFP-10GLRM
Cisco SFP-10GLR
The following XG passive cables (Twinax/DAC) are supported:
Cisco SFP-H10GCU1m
Cisco SFP-H10GCU3m
Cisco SFP-H10GCU5m
49 Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x
Status and Statistics
Diagnostics
4
To view the results of optical tests, click Status and Statistics > Diagnostics > Optical Module Status.
This page displays the following fields:
Port—Port number on which the SFP is connected.
Description—Description of optical transceiver.
Serial Number—Serial number of optical transceiver.
PID—VLAN ID.
VID—ID of optical transceiver.
Temperature—Temperature (Celsius) at which the SFP is operating.
Voltage—SFPs operating voltage.
Current—SFPs current consumption.
Output Power—Transmitted optical power.
Input Power—Received optical power.
Transmitter Fault—Remote SFP reports signal loss. Values are True, False, and No
Signal (N/S).
Loss of Signal—Local SFP reports signal loss. Values are True and False.
Data Ready—SFP is operational. Values are True and False.

Tech-Support Information

This page provides a detailed log of the device status. This is valuable when the technical support are trying to help a user with a problem, since it gives the output of many show commands (including debug command) in a single command.
To view technical support information useful for debugging purposes:
STEP 1 Click Status and Statistics > Diagnostics > Tech-Support Information. STEP 2 Click Generate.
Information from a variety of show CLI commands is displayed.
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 50
4

RMON

Status and Statistics
RMON
NOTE Generation of output from this command may take some time. When the information is
generated, you can copy it from the text box in the screen.
RMON (Remote Networking Monitoring) enables an SNMP agent in the device to proactively monitor traffic statistics over a given period and send traps to an SNMP manager. The local SNMP agent compares actual, real-time counters against predefined thresholds and generates alarms, without the need for polling by a central SNMP management platform. This is an effective mechanism for proactive management, provided that you have set the correct thresholds relative to your network’s base line.
RMON decreases the traffic between the manager and the device since the SNMP manager does not have to poll the device frequently for information, and enables the manager to get timely status reports, since the device reports events as they occur.
With this feature, you can perform the following actions:
V iew the current statistics (from the time that the counter values cleared). You can also
collect the values of these counters over a period of time, and then view the table of collected data, where each collected set is a single line of the History tab.
Define interesting changes in counter values, such as “reached a certain number of late
collisions” (defines the alarm), and then specify what action to perform when this event occurs (log, trap, or log and trap).

Statistics

The Statistics page displays detailed information regarding packet sizes and information regarding physical layer errors. The information is displayed according to the RMON standard. An oversized packet is defined as an Ethernet frame with the following criteria:
Packet length is greater than MRU byte size.
Collision event has not been detected.
Late collision event has not been detected.
Received (Rx) error event has not been detected.
Packet has a valid CRC.
51 Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x
Status and Statistics
RMON
STEP 1 Click Status and Statistics > RMON > Statistics. STEP 2 Select the Interface for which Ethernet statistics are to be displayed. STEP 3 Select the Refresh Rate, which is the time period that passes before the interface statistics are
4
To view RMON statistics and/or set the refresh rate:
refreshed. The following statistics are displayed for the selected interface.
NOTE If one of the following fiel ds shows a number of errors (not 0), a Last Update time is displayed.
Bytes Received—Octets received, including bad packets and FCS octets, but excluding
framing bits.
Drop Events—Packets dropped.
Packets Received—Good packets received, including Multicast and Broadcast
packets.
Broadcast Packets Received—Good Broadcast packets received. This number does
not include Multicast packets.
Multicast Packets Received—Good Multicast packets received.
CRC & Align Errors—CRC and Align errors that have occurred.
Undersize Packets—Undersized packets (less than 64 octets) received.
Oversize Packets—Oversized packets (over 2000 octets) received.
Fragments—Fragments (packets with less than 64 octets, excluding framing bits, but
including FCS octets) received.
Jabbers—Received packets that longer than 1632 octets. This number excludes frame
bits, but includes FCS octets that had either a bad FCS (Frame Check Sequence) with an integral number of octets (FCS Error) or a bad FCS with a non-integral octet (Alignment Error) number. A Jabber packet is defined as an Ethernet frame that satisfies the following criteria:
- Packet data length is greater than MRU.
- Packet has an invalid CRC.
- Received (Rx) Error Event has not been detected.
Collisions—Collisions received. If Jumbo frames are enabled, the threshold of Jabber
frames is raised to the maximum size of Jumbo frames.
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 52
4
Status and Statistics
RMON
Frames of 64 Bytes—Frames, containing 64 bytes that were sent or received.
Frames of 65 to 127 Bytes—Frames, containing 65-127 bytes that were sent or
received.
Frames of 128 to 255 Bytes—Frames, containing 128-255 bytes that were sent or
received.
Frames of 256 to 511 Bytes—Frames, containing 256-511 bytes that were sent or
received.
Frames of 512 to 1023 Bytes—Frames, containing 512-1023 bytes that were sent or
received.
Frames of 1024 Bytes or More—Frames, containing 1024-2000 bytes, and Jumbo
Frames, that were sent or received.
STEP 4 To view counters in table view or graphic view:
Click View All Interfaces Statistics to see all ports in table view.
Click Graphic View to display these results in graphic form. In this view, you can select
the Time Span for which the results will be displayed and the type of statistic to be displayed.

RMON History

The RMON feature enables monitoring statistics per interface. The History page defines the sampling frequency, amount of samples to store and the port
from which to gather the data. After the data is sampled and stored, it appears in the History Table page that can be viewed by
clicking History Table. To enter RMON control information:
STEP 1 Click Status and Statistics > RMON > History. The field s displayed on this page are defined
in the Add RMON History page, below. The only field is that is on this page and not defined in the Add page is:
Current Number of Samples—RMON is allowed by the standard to not grant all
requested samples, but rather to limit the number of samples per request. Therefore, this field represents the sample number actually granted to the request that is equal or less than the requested value.
53 Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x
Status and Statistics
RMON
STEP 2 Click Add. STEP 3 Enter the parameters.
STEP 4 Click Apply. The entry is added to the History Control Table page, and the Running
4
New History Entry—Displays the number of the new History table entry.
Source Interface—Select the type of interface from which the history samples are to
be taken.
Max No. of Samples to Keep—Enter the number of samples to store.
Sampling Interval—Enter the time in seconds that samples are collected from the
ports. The field range is 1-3600.
Owner—Enter the RMON station or user that requested the RMON information.
Configuration file is updated.
STEP 5 Click History Table (described below) to view the actual statistics.

RMON History Table

The History page displays interface-specific statistical network samplings. The samples configured in the History Control table described above.
To view RMON history statistics:
STEP 1 Click Status and Statistics > RMON > History. STEP 2 Click History Table. STEP 3 From the History Entry No. drop down menu, optionally select the entry number of the
sample to display. The fields are displayed for the selected sample.
Owner—History table entry owner.
Sample No.—Statistics taken from this sample.
Drop Events—Dropped packets due to lack of network resources during the sampling
interval. This may not represent the exact number of dropped packets, but rather the number of times dropped packets detected.
Bytes Received—Octets received including bad packets and FCS octets, but excluding
framing bits.
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 54
4
Status and Statistics
RMON
Packets Received—Packets received, including bad packets, Multicast, and Broadcast
packets.
Broadcast Packets—Good Broadcast packets excluding Multicast packets.
Multicast Packets—Good Multicast packets received.
CRC Align Errors—CRC and Align errors that have occurred.
Undersize Packets—Undersized packets (less than 64 octets) received.
Oversize Packets—Oversized packets (over 2000 octets) received.
Fragments—Fragments (packets with less than 64 octets) received, excluding framing
bits, but including FCS octets.
Jabbers—T otal number of received packets that longer than 2000 octets. This number
excludes frame bits, but includes FCS octets that had either a bad FCS (Frame Check Sequence) with an integral number of octets (FCS Error) or a bad FCS with a non­integral octet (Alignment Error) number.
Collisions—Collisions received.
Utilization—Percentage of current interface traffic compared to maximum traffic that
the interface can handle.

RMON Events Control

You can control the occurrences that trigger an alarm and the type of notification that occurs. This is performed as follows:
Events Page—Configures what happens when an alarm is triggered. This can be any
combination of logs and traps.
Alarms Page—Configures the occurrences that trigger an alarm.
55 Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x
Status and Statistics
RMON
STEP 1 Click Status and Statistics > RMON > Events.
STEP 2 Click Add. STEP 3 Enter the parameters.
4
To define RMON events:
This page displays previously defined events. The fields on this page are defined by the Add RMON Events dialog box except for the Time
field.
Time—Displays the time of the event. (This is a read-only table in the parent window
and cannot be defined).
Event Entry—Displays the event entry index number for the new entry.
Community—Enter the SNMP community string to be included when traps are sent
(optional). Note that the community must be defined using the Notification Recipients pages for the trap to reach the Network Management Station.
Description—Enter a name for the event. This name is used in the Add RMON Alarm
page to attach an alarm to an event.
Notification Type—Select the type of action that results from this event. Values are:
- None—No action occurs when the alarm goes off.
- Log (Event Log Table)—Add a log entry to the Event Log table when the alarm is
triggered.
- Trap (SNMP Manager and Syslog Server)—Send a trap to the remote log server
when the alarm goes off.
- Log and Trap—Add a log entry to the Event Log table and send a trap to the remote
log server when the alarm goes off.
Owner—Enter the device or user that defined the event.
STEP 4 Click Apply. The RMON event is saved to the Running Configuration file. STEP 5 Click Event Log Table to display the log of alarms that have occurred and that have been
logged (see description below).
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 56
4
Status and Statistics
RMON

RMON Events Logs

The Events page displays the log of events (actions) that occurred. Two types of events can be logged: Log or Log and Trap. The action in the event is performed when the event is bound to an alarm (see the RMON Alarms page) and the conditions of the alarm have occurred.
STEP 1 Click Status and Statistics > RMON > Events. STEP 2 Click Event Log Table.
This page displays the following fields:
Event Entry No.—Event’s log entry number.
Log No.—Log number (within the event).
Log Time—Time that the log entry was entered.
Description—Description of event that triggered the alarm.

RMON Alarms

RMON alarms provide a mechanism for setting thresholds and sampling intervals to generate exception events on counters or any other SNMP object count er maintained by the agent. Both the rising and falling thresholds must be configured in the alarm. After a rising threshold is crossed, no rising events are generated until the companion falling threshold is crossed. After a falling alarm is issued, the next alarm is issued when a rising threshold is crossed.
One or more alarms are bound to an event, which indicates the action to be taken when the alarm occurs.
Alarm counters can be monitored by either absolute values or changes (delta) in the counter values.
To enter RMON alarms:
STEP 1 Click Status and Statistics > RMON > Alarms.
All previously-defined alarms are displayed. The fields are described in the Add RMON Alarm page below. In addition to those fields, the following field appears:
Counter Value—Displays the value of the statistic during the last sampling period.
STEP 2 Click Add.
57 Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x
Status and Statistics
RMON
STEP 3 Enter the parameters.
4
Alarm Entry—Displays the alarm entry number.
Interface—Select the type of interface for which RMON statistics are displayed.
Counter Name—Select the MIB variable that indicates the type of occurrence
measured.
Sample Type—Select the sampling method to generate an alarm. The options are:
- Absolute—If the threshold is crossed, an alarm is generated.
- Delta—Subtracts the last sampled value from the current value. The difference in
the values is compared to the threshold. If the threshold was crossed, an alarm is generated.
Rising Threshold—Enter the value that triggers the rising threshold alarm.
Rising Event—Select an event to be performed when a rising ev ent is triggered. Events
are configured in the RMON Events Control page.
Falling Threshold—Enter the value that triggers the falling threshold alarm.
Falling Event—Select an event to be performed when a falling event is triggered.
Startup Alarm—Select the first event from which to start generation of alarms. Rising
is defined by crossing the threshold from a low-value threshold to a highe r-value threshold.
- Rising Alarm—A rising value triggers the rising threshold alarm.
- Falling Alarm—A falling value triggers the falling threshold alarm.
- Rising and Falling—Both rising and falling values trigger the alarm.
Interval—Enter the alarm interval time in seconds.
Owner—Enter the name of the user or network management system that receives the
alarm.
STEP 4 Click Apply. The RMON alarm is saved to the Running Configuration file.
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 58
4

View Logs

Status and Statistics
View Logs
The device can write to the following logs:
Log in RAM (cleared during reboot).
Log in Flash memory (cleared only upon user command).
You can configure the messages that are written to each log by severity, and a message can go to more than one log, including logs that reside on external SYSLOG servers.

RAM Memory

The RAM Memory page displays all messages that saved in the RAM (cache) in chronological order. Entries are stored in the RAM log according to the configuration in the
Log Settings page.
Pop-Up SYSLOG Notifications
When a new SYSLOG message is written to the RAM log file, a notification is displayed in the web GUI showing its contents.
The web GUI will poll the RAM log every 10 seconds. Notifications pop-ups for all SYSLOGs created in the last 10 seconds will appear at the bottom right of the screen.
The notification pop-up displays as follows:
To view log entries, click Status and Statistics > View Log > RAM Memory. The following are displayed at the top of the page:
Alert Icon Blinking—Toggles between disable and enable.
Log Pop-Up—Enables receiving pop-up SYSLOGs as described above.
59 Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x
Status and Statistics
View Logs
4
Current Logging Threshold—Specifies the levels of logging that are generated. This
can be changed by clicking Edit by the field’s name.
This page contains the following fields for every log file:
Log Index—Log entry number.
Log Time—Time when message was generated.
Severity—Event severity.
Description—Message text describing the event.
To clear the log messages, click Clear Logs. The messages are cleared.

Flash Memory

The Flash Memory page displays the messages that stored in the Flash memory, in chronological order . The minimum severity for l ogging is configured in the Log Settings page. Flash logs remain when the device is rebooted. You can clear the logs manually.
To view the Flash logs, click Status and Statistics > View Log > Flash Memory. The Current Logging Threshold specifies the levels of logging that are generated. This can
be changed by clicking Edit by the field’s name. This page contains the following fields for each log file:
Log Index—Log entry number.
Log Time—Time when message was generated.
Severity—Event severity.
Description—Message text describing the event.
To clear the messages, click Clear Logs. The messages are cleared.
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 60

Administration

This section describes how to view system information and configure various options on the device.
It covers the following topics:
5
Device Models
System Settings

Device Models

User Accounts
Idle Session Timeout
Time Settings
•System Log
File Management
•Reboot
Discovery - Bonjour
Discovery - LLDP
Discovery - CDP
•Ping
All models can be fully managed through the web-based switch configuration utility.
NOTE See Interface Naming Conventions for port naming conventions.
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 61
Administration

System Settings

5
The following table describes the various models, the number and type of ports on them and their PoE information.
The following are the supported device models.
SKU Name Description Number of
Fans
SF250-48 SF250-48 48-Port 10/100 Smart Switch 0 2
SF250-48HP SF250-48HP 48-Port 10/100 PoE
Smart Switch
SG250-10P SG250-10P 8-Port Gigabit PoE Smart
Switch
SG250-26 SG250-26 26-Port Gigabit Smart
Switch
SG250-26HP SG250-26HP 26-Port Gigabit PoE
Smart Switch
SG250-26P SG250-26P 26-Port Gigabit PoE Smart
Switch
2
0
22
Redundant Fans Quantity
System Settings
Temperature Sensor
To enter system settings:
STEP 1 Click Administration > System Settings. STEP 2 View or modify the system settings.
System Description—Displays a description of the device.
System Location—Enter the physical location of the device.
System Contact—Enter the name of a contact person.
Host Name—Select the host name of this device. This is used in the prompt of CLI
commands:
- Use Default—The default hostname (System Name) of these switches is:
switch123456, where 123456 represents the last three bytes of the device MAC address in hex format.
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 62
5
Administration

User Accounts

- User Defined—Enter the hostname. Use only letters, digits, and hyphens. Host
names cannot begin or end with a hyphen. No other symbols, punctuation characters, or blank spaces are permitted (as specified in RFC1033, 1034, 1035).
Custom Banner Settings—The following banners can be set:
- Login Banner—Enter text to display on the Login page before login. Click Preview
to view the results.
- Welcome Banner—Enter text to display on the Login page after login. Click
Preview to view the results.
NOTE When you define a login banner from the web-based configuration utility , it also
activates the banner for the CLI interfaces (Console, Telnet, and SSH).
STEP 3 Click Apply to save the values in the Running Configuration file.
User Accounts
NOTE It is not permitted to delete all users. If all users are selected, the Delete button is disabled.
STEP 1 Click Administration > User Accounts.
STEP 2 Select Password Recovery Service to enable this feature. When this is enabled, an end user,
The User Accounts page enables entering additional users that are permitted to access to the device (read-only or read-write) or changing the passwords of existing users.
After adding a level 15 user (as described below), the default user is removed from the system.
To add a new user:
This page displays the users defined in the system and their user privilege level.
with physical access to the console port of the device, can enter the boot menu and trigger the password recovery process. When the boot system process ends, you are allowed to login to the device without password authentication. Entering the device is allowed only via the console and only when the console is connected to the device with physical access.
When password recovery mechanism is disabled, accessing the boot menu is still allowed and you can trigger the password recovery process. The difference is that in this case, all configuration and user files are removed during the system boot process, and a suitable log message is generated to the terminal.
STEP 3 Click Add to add a new user or click Edit to modify a user.
63 Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x
Administration

Idle Session Timeout

5
STEP 4 Enter the parameters.
User Name—Enter a new username between 0 and 20 characters. UTF-8 characters are
not permitted.
Password—Enter a password (UTF-8 characters are not permitted). If the password
strength and complexity is defined, the user password must comply with the policy configured in Password Strength.
Confirm Password—Enter the password again.
Password Strength Meter—Displays the strength of password. The policy for
password strength and complexity are configured in the Password Strength page.
STEP 5 Click Apply. The user is added to the Running Configuration file of the device.
Idle Session Timeout
The Idle Session Timeout configures the time intervals that the management sessions can remain idle before they timeout and you must log in again to reestablish one of the following sessions:
HTTP Session Timeout
HTTPS Session Timeout
To set the idle session timeout for various types of sessions:
STEP 1 Click Administration > Idle Session Timeout. STEP 2 Select the timeout for the each type of session from the corresponding list. The default timeout
value is 10 minutes.
STEP 3 Click Apply to set the configuration settings on the device.

Time Settings

See Administration: Time Settings.
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 64
5

System Log

Administration
System Log
This section describes the system logging, which enables the device to generate multiple independent logs. Each log is a set of messages describing system events.
The device generates the following local logs:
Log sent to the console interface.
Log written into a cyclical list of logged events in the RAM and erased when the
device reboots.
Log written to a cyclical log-file saved to the Flash memory and persists across
reboots.
In addition, you can send messages to remote SYSLOG servers in the form of SNMP traps and SYSLOG messages.
This section covers the following sections:
Log Settings
Remote Logging Settings

Log Settings

You can select the events to be logged by severity level. Each log message has a severity level marked with the first letter of the severity level concatenated with a dash (-) on each side (except for Emergency that is indicated by the letter F). For example, the log message "%INIT­I-InitCompleted: … " has a severity level of I, meaning Informational.
The event severity levels are listed from the highest severity to the lowest severity, as follows:
Emergency—System is not usable.
Alert—Action is needed.
Critical—System is in a critical condition.
Error—System is in error condition.
Warning—System warning has occurred.
Notice—System is functioning properly, but a system notice has occurred.
Informational—Device information.
Debug—Detailed information about an event.
65 Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x
Administration
System Log
5
You can select different severity levels for RAM and Flash logs. These logs are displayed in the RAM Memory page and Flash Memory page, respectively.
Selecting a severity level to be stored in a log causes all of the higher severity events to be automatically stored in the log. Lower severity events are not stored in the log.
For example, if Warning is selected, all severity levels that are Warning and higher are stored in the log (Emergency, Alert, Critical, Error, and Warning). No events with severity level below Warning are stored (Notice, Informational, and Debug).
To set global log parameters:
STEP 1 Click Administration > System Log > Log Settings. STEP 2 Enter the parameters.
Logging—Select to enable message logging.
Syslog Aggregator—Select to enable the aggregation of SYSLOG messages and traps.
If enabled, identical and contiguous SYSLOG messages and traps are aggregated over the specified Max. Aggregation Time and sent in a single message. The aggregated messages are sent in the order of their arrival. Each message states the number of times it was aggregated.
Max. Aggregation Time—Enter the interval of time that SYSLOG messages are
aggregated.
Originator Identifier—Enables adding an origin identifier to SYSLOG messages. The
options are:
- None—Do not include the origin identifier in SYSLOG messages.
- Hostname—Include the system host name in SYSLOG messages.
- IPv4 Address—Include the IPv4 address of the sending interface in SYSLOG
messages.
- IPv6 Address—Include the IPv6 address of the sending interface in SYSLOG
messages.
- User Defined—Enter a description to be included in SYSLOG messages.
RAM Memory Logging—Select the severity levels of the messages to be logged to the
RAM.
Flash Memory Logging—Select the severity levels of the messages to be logged to the
Flash memory.
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 66
5
Administration
System Log
Click Apply. The Running Configuration file is updated.

Remote Logging Settings

The Remote Log Servers page enables defining remote SYSLOG servers to which log messages are sent. For each server, you can configure the severity of the messages that it receives.
To define SYSLOG servers:
STEP 1 Click Administration > System Log > Remote Log Servers. STEP 2 Enter the following fields:
IPv4 Source Interface—Select the source interface whose IPv4 address will be used as
the source IPv4 address of SYSLOG messages sent to SYSLOG servers.
IPv6 Source Interface—Select the source interface whose IPv6 address will be used as
the source IPv6 address of SYSLOG messages sent to SYSLOG servers.
NOTE If the Auto option is selected, the system takes the source IP address from the IP
address defined on the outgoing interface.
Information is described for each previously-configured log server. Th e fields are described below in the Add page.
STEP 3 Click Add. STEP 4 Enter the parameters.
Server Definition—Select whether to identify the remote log server by IP address or
name.
IP Version—Select the supported IP format.
IPv6 Address Type—Select the IPv6 address type (if IPv6 is used). The options are:
- Link Local—The IPv6 address uniquely identifies hosts on a single network link. A
link local address has a prefix of FE80::/10, is not routable, and can be used for communication only on the local network. Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration.
- Global—The IPv6 address is a global Unicast IPV6 type that is visible and
reachable from other networks.
67 Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x
Administration

File Management

5
Link Local Interface—Select the link local interface (if IPv6 Address T ype Link Local
is selected) from the list.
Log Server IP Addr ess/Name—Enter the IP address or domain name of the log server .
UDP Port—Enter the UDP port to which the log messages are sent.
Facility—Select a facility value from which system logs are sent to the remote server.
Only one facility value can be assigned to a server. If a second facility code is assigned, the first facility value is overridden.
Description—Enter a server description.
Minimum Severity—Select the minimum level of system log messages to be sent to
the server.
STEP 5 Click Apply. The Add Remote Log Server page closes, the SYSLOG server is added, and the
Running Configuration file is updated.
File Management

Reboot

See Administration: File Management.
Some configuration changes, such as enabling jumbo frame support, require the system to be rebooted before they take effect. However, rebooting the device deletes the Running Configuration, so it is critical that the Running Configuration is saved to the Startup Configuration before the device is rebooted. Clicking Apply does not save the configuration to the Startup Configuration. For more information on files and file types, see the System Files section.
You can back up the device configuration by using the File Operations page or clicking Save at the top of the window. You can also upload the configuration from a remote device in the same page.
You might want to set the time of the reboot for some time in the future. This could happen, for example, in one of the following cases:
You are performing actions on a remote device, and a mistake in these actions might
create loss of connectivity to the remote device. Pre-scheduling a reboot restores the
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 68
5
Administration
Reboot
working configuration and enables restoring the connectivity to the remote device after the specified time expires. If these actions are successful, the delayed reboot can be manually cancelled.
Reloading the device cause loss of connectivity in the network, thus by using delayed
reboot, you can schedule the reboot to a time that is more convenient for the users (e.g. late night).
To reboot the device:
STEP 1 Click Administration > Reboot. STEP 2 Click the Reboot button to reboot the device.
Reboot—Reboots the device. Since any unsaved information in the Running
Configuration is discarded when the device is rebooted, you must click Save in the upper-right corner of any window to preserve current configuration across the boot process. If the Save option is not displayed, the Running Configuration matches the Startup Configuration and no action is necessary.
The following options are available:
- Immediate—Reboot immediately.
- Date—Enter the date (month/day) and time (hour and minutes) of the schedule
reboot. This schedules a reload of the software to take place at the specified time (using a 24-hour clock). If you specify the month and day, the reload is scheduled to take place at the specified time and date. If you do not specify the month and day , the reload takes place at the specified time on the current day (if the specified time is later than the current time) or on the next day (if the specified time is earlier than the current time). Specifying 00:00 schedules the reload for midnight. The reload must take place within 24 days.
NOTE This option can only be used if the system time has either been set manually or
by SNTP.
- In—Reboot within the specified number of hours and minutes. The maximum
amount of time that can pass is 24 days.
Restore to Factory Defaults—Reboots the device by using the factory default
configuration. This process erases all except for the Active Image, Mirror configuration, and Localization files.
Clear Startup Configuration File—Check to clear the startup configuration on the
device for the next time it boots up.
69 Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x
Administration

Discovery - Bonjour

Discovery - Bonjour
See Bonjour.

Discovery - LLDP

See Discover - LLDP.

Discovery - CDP

See Discovery - CDP.
5

Ping

The Ping utility tests if a remote host can be reached and measures the round-trip time for packets sent from the device to a destination device.
Ping operates by sending Internet Control Message Protocol (ICMP) echo request packets to the target host and waiting for an ICMP response, sometimes called a pong. It measures the round-trip time and records any packet loss.
To ping a host:
STEP 1 Click Administration > Ping. STEP 2 Configure ping by entering the fields:
Host Definition—Select whether to specify the source interface by its IP address or
name. This field influences the interfaces that are displayed in the Source IP field, as described below.
IP Version—If the source interface is identified by its IP address, select either IPv4 or
IPv6 to indicate that it will be entered in the selected format.
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 70
5
Administration
Ping
Source IP—Select the source interface whose IPv4 address will be used as the source
IPv4 address for communication with the destination. If the Host Definition field was By Name, all IPv4 and IPv6 addresses will be displayed in this drop-down field. If the Host Definition field was By IP Address, only the existing IP addresses of the type specified in the IP Version field will be displayed.
NOTE If the Auto option is selected, the system computes the source address based on
the destination address.
Destination IPv6 Address Type—Select one of the following options:.
- Link Local—The IPv6 address uniquely identifies hosts on a single network link. A
link local address has a prefix of FE80, is not routable, and can be used for communication only on the local network. Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration.
- Global—The IPv6 address is a global Unicast IPV6 type that is visible and
reachable from other networks.
Link Local Interface—If the IPv6 address type is Link Local, select from where it is
received.
Destination IP Address/Name—Address or host name of the device to be pinged.
Whether this is an IP address or host name depends on the Host Definition.
Ping Interval—Length of time the system waits between ping packets. Ping is repeated
the number of times configured in the Number of Pings field, whether the ping succeeds or not. Select to use the default interval or specify your own value.
Number of Pings—The number of times the ping operation is performed. Select to use
the default or specify your own value.
Status—Displays whether the ping succeeded or failed.
STEP 3 Click Activate Ping to ping the host. The ping status appears and a message is added to the list
of messages, indicating the result of the ping operation.
STEP 4 View the results of ping in the Ping Counters and Status section of the page:
Number of Sent Packets—Number of packets sent by ping
Number of Received Packets—Number of packets received by ping
Packets Lost—Percentage of packets lost in ping process
Minimum Round Trip Time—Shortest time for packet to return
Maximum Round Trip T ime —Longest time for packet to return
71 Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x
Administration
Ping
5
A verage Round Trip Time—Average time for packet to return
Status—Fail or succeed
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 72

Administration: File Management

This section describes how system files are managed. The following topics are covered:
System Files
Firmware Operations
File Operations
6

System Files

File Directory
DHCP Auto Configuration/Image Update
System files are files that contain information, such as: configuration information or firmware images.
Generally, every file under the flash://system/ folder is a system file. Various actions can be performed with these files, such as: selecting the firmware file from
which the device boots, copying various types of configuration files internally on the device, or copying files to or from an external device, such as an external server.
Configuration files on the device are defined by their type, and contain the settings and parameter values for the device.
Other files on the device include firmware and log files, and are referred to as operational files.
The configuration files are text files and can be edited in a text editor, such as Notepad after they are copied to an external device, such as a PC.
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 73
Administration: File Management
System Files
Files and File Types
The following are some of the types of files are found on the device:
6
Running Configuration—Contains the parameters currently being used by the device
to operate. This file is modified when you change parameter values on the device. If the device is rebooted, the Running Configuration is lost. To preserve any changes you made to the device, you must save the Running
Configuration to the Startup Configuration, or another file type.
Startup Configuration—The parameter values that saved by copying another
configuration (usually the Running Configuration) to the Startup Configuration. The Startup Configuration is retained in Flash and is preserved when the device is
rebooted. At this time, the Startup Configuration is copied to RAM and identified as the Running Configuration.
Mirror Configuration—A copy of the Startup Configuration, created by the device
when the following conditions exist:
- The device has been operating continuously for 24 hours.
- No configuration changes have been made to the Running Configuration in the
previous 24 hours.
- The Startup Configuration is identical to the Running Configuration.
Only the system can copy the Startup Configuration to the Mirror Configuration. However, you can copy from the Mirror Configuration to other file types or to another device.
The option of automatically copying the Running Configuration to the mirror configuration can be disabled in the File Directory page.
Backup Files—Manual copies of a files used for protection against system shutdown
or for the maintenance of a specific operating state. For instance, you can copy the Mirror Configuration, Startup Configuration, or Running Configuration to a Backup file. The Backup exists in Flash or on a PC or USB drive and is preserved if the device is rebooted.
Firmware—The program that controls the operations and functionality of the device.
More commonly referred to as the image.
Language File—The dictionary that enables the web-based configuration utility
windows to be displayed in the selected language.
Logging File—SYSLOG messages stored in Flash memory.
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 74
6

Firmware Operations

The Firmware Operations page can be used to:
Update or backup the firmware image
The following methods for transferring files are supported:
HTTP/HTTPS that uses the facilities provided by the browser
USB
TFTP that requires a TFTP server
Secure Copy Protocol (SCP) that requires an SCP server
A single firmware image is stored on the device. After new firmware has been successfully loaded into the device, the device must be rebooted prior to the new firmware taking effect. The Summary page continues to show the previous image as the active one prior to the reboot.
Administration: File Management
Firmware Operations
To update or backup firmware using HTTP/HTTPS or USB:
STEP 1 Click Administration > File Management > Firmware Operations.
The following fields are displayed:
Active Firmware File—Displays the current, active firmware file.
Active Firmware Version—Displays the version of the current, active firmware file.
STEP 2 Enter the following fields:
Operation Type—Select Update Firmware or Backup Firmware.
Copy Method—Select HTTP/HTTPS or USB.
File Name—Enter the name of the file to be updated (not relevant for Backup by HTTP/
HTTPS).
STEP 3 Click Apply. STEP 4 Click Reboot.
75 Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x
Administration: File Management
Firmware Operations
To update or backup firmware using TFTP:
STEP 1 Click Administration > File Management > Firmware Operations.
The following fields are displayed:
STEP 2 Enter the following fields:
6
Active Firmware File—Displays the current, active firmware file.
Active Firmware Version—Displays the version of the current, active firmware file.
Operation T ype—Select Update Firmware or Backup Firmware.
Copy Method—Select TFTP.
Server Definition—Select whether to specify the TFTP server By IP address or By
name.
If Server Definition is By Address:
IP Version—(If Server Definition is By Address) Select whether an IPv4 or an IPv6
address for the server is used.
IPv6 Address Type—Select the IPv6 address type (if IPv6 is used). The options are:
- Link Local—The IPv6 address uniquely identifies hosts on a single network link. A
link local address has a prefix of FE80, is not routable, and can be used for communication only on the local network. Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration.
- Global—The IPv6 address is a global Unicast IPV6 type that is visible and
reachable from other networks.
Link Local Interface—Select the link local interface (if IPv6 is used) from the list.
Server IP Address/Name—Enter the IP address or the name of the TFTP server,
whichever is relevant.
(Update) Source—Enter the name of the source file.
(Backup) Destination—Enter the name of the backup file.
STEP 3 Click Apply to begin the operation.
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 76
6
Administration: File Management
Firmware Operations
To update/backup firmware using SCP:
STEP 1 Click Administration > File Management > Firmware Operations.
The following fields are displayed:
Active Firmware File—Displays the current, active firmware file.
Active Firmware Version—Displays the version of the current, active firmware file.
STEP 2 Enter the following fields:
Operation Type—Select Update Firmware or Backup Firmware.
Copy Method—Select SCP.
STEP 3 To enable SSH server authentication (which is disabled by default), click Edit by Remote
SSH Server Authentication. This takes you to the SSH Server Authentication page to configure the SSH server
STEP 4 Return to this page. STEP 5 Select one of the following methods to perform SSH Client Authentication:
Use SSH Client System Credentials—Sets permanent SSH user credentials. Click
System Credentials to go to the SSH User Authentication page where the user/ password can be set once for all future use.
Use SSH Client One-Time Credentials—Enter the following:
- Username—Enter a username for this copy action.
- Password—Enter a password for this copy.
NOTE The username and password for one-time credential will not saved in
configuration file.
STEP 6 Enter the following fields:
Server Definition—Select whether to specify the SCP server by IP address or by
domain name.
If Server Definition is By Address:
- IP Version—Select whether an IPv4 or an IPv6 address is used.
- IPv6 Address Type—Select the IPv6 address type (if used). The options are:
77 Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x
Administration: File Management

File Operations

6
Link Local—The IPv6 address uniquely identifies hosts on a single network link. A link local address has a prefix of FE80, is not routable, and can be used for communication only on the local network. Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration.
Global—The IPv6 address is a global Unicast IPv6 type that is visible and reachable from other networks.
- Link Local Interface—Select the link local interface from the list.
Server IP Address/Name—Enter the IP address or domain name of the SCP server,
whichever is relevant.
(Update) Source—Enter the name of the source file.
(Backup) Destination—Enter the name of the backup file.
STEP 7 Click Apply. If the files, passwords and server addresses are correct, one of the following may
File Operations
happen:
If SSH server authentication is enabled (in the SSH Server Authentication page), and
the SCP server is trusted, the operation succeeds. If the SCP server is not trusted, the operation fails and an error is displayed.
If SSH server authentication is not enabled, the operation succeeds for any SCP server.
The File Operations page enables:
Backing up configuration files or logs from the device to an external device.
Restoring configuration files from an external device to the device.
Duplicating a configuration file.
When restoring a configuration file to the Running Configuration, the imported file adds any configuration commands that did not exist in the old file and overwrites any parameter values in the existing configuration commands.
When restoring a configuration file to the Startup Configuration, the new file replaces the previous file.
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 78
6
Administration: File Management
File Operations
When restoring to Startup Configuration, the device must be rebooted for the restored Startup Configuration to be used as the Running Configuration . You can reboot the device by using the process described in the Reboot section.
When you click Apply on any window, changes that you made to the device configuration settings are stored only in the Running Configuration.
!
CAUTION Unless the Running Configuration is copied to the Startup Configuration or another
configuration file, all changes made since the last time the file was copied are lost when the device is rebooted.
The following combinations of copying internal file types are allowed:
From the Running Configuration to the Startup Configuration or other backup file.
From the Startup Configuration to the Running Configuration or other backup file.
From a backup file to the Running Configuration or Startup Configuration.
From the Mirror Configuration to the Running Configuration, Startup Configuration or
a backup file.
The following sections describe these operations.
To update a system configuration file using HTTP/HTTPS, USB or Internal Flash:
STEP 1 Click Administration > File Management > File Operations. STEP 2 Enter the following fields:
Operation Type—Select Update File.
Destination File Type—Select one of the configuration file types to update.
Copy Method—Select HTTP/HTTPS, USB or Internal Flash.
File Name—Enter name of file to be updated from (source file).
STEP 3 Click Apply to begin the operation.
79 Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x
Administration: File Management
File Operations
To update a system configuration file using TFTP:
STEP 1 Click Administration > File Management > File Operations. STEP 2 Enter the following fields:
6
Operation T ype—Select Update File.
Destination File Type—Select one of the configuration file types to update.
Copy Method—Select TFTP.
Server Definition—Select whether to specify the TFTP server by IP address or by
domain name. If Server Definition is By Address:
- IP Version—Select whether an IPv4 or an IPv6 address is used.
- If the server is selected by name in the Server Definition, there is no need to select
the IP Version related options.
- IPv6 Address Type—Select the IPv6 address type (if used). The options are:
Link Local—The IPv6 address uniquely identifies hosts on a single network link. A link local address has a prefix of FE80, is not routable, and can be used for communication only on the local network. Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration.
Global—The IPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks.
- Link Local Interface—Select the link local interface from the list.
Server IP Address/Name—Enter the IP address or name of the TFTP server.
Source—Enter the update file name.
STEP 3 Click Apply to begin the operation.
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 80
6
Administration: File Management
File Operations
To update a system configuration file using SCP:
STEP 1 Click Administration > File Management > File Operations. STEP 2 Enter the following fields:
Operation Type—Select Update File.
Destination File Type—Select one of the configuration file types to update.
Copy Method—Select SCP.
STEP 3 To enable SSH server authentication (which is disabled by default), click Edit by Remote
SSH Server Authentication. This takes you to the SSH Server Authentication page to configure the SSH server
STEP 4 Return to this page. STEP 5 Select one of the following methods to perform SSH Client Authentication:
Use SSH Client System Credentials—Sets permanent SSH user credentials. Click
System Credentials to go to the SSH User Authentication page where the user/ password can be set once for all future use.
Use SSH Client One-Time Credentials—Enter the following:
- Username—Enter a username for this copy action.
- Password—Enter a password for this copy.
NOTE The username and password for one-time credential will not saved in
configuration file.
Server Definition—Select whether to specify the SCP server by IP address or by
domain name. If Server Definition is By Address:
- IP Version—Select whether an IPv4 or an IPv6 address is used.
- IPv6 Address Type—Select the IPv6 address type (if used). The options are:
Link Local—The IPv6 address uniquely identifies hosts on a single network link. A link local address has a prefix of FE80, is not routable, and can be used for communication only on the local network. Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration.
Global—The IPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks.
81 Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x
Administration: File Management
File Operations
STEP 6 Click Apply to begin the operation.
To backup a system configuration file using HTTP/HTTPS:
STEP 1 Click Administration > File Management > File Operations. STEP 2 Enter the following fields:
6
- Link Local Interface—Select the link local interface from the list.
Server IP Address/Name—Enter the IP address or name of the SCP server.
Source—Enter the name of the source file.
Operation T ype—Select Backup File.
Source File Type—Select one of the configuration file types to backup.
Copy Method—Select HTTP/HTTPS.
Sensitive Data Handling—Select how sensitive data should be included in the backup
file. The following options are available:
- Exclude—Do not include sensitive data in the backup.
- Encrypt—Include sensitive data in the backup in its encrypted form.
- Plaintext—Include sensitive data in the backup in its plaintext form.
NOTE The available sensitive data options are determined by the current user SSD
rules. For details, refer to the SSD Rules page.
STEP 3 Click Apply to begin the operation.
To backup a system configuration file using USB or Internal Flash:
STEP 1 Click Administration > File Management > File Operations. STEP 2 Enter the following fields:
Operation T ype—Select Backup File.
Source File Type—Select one of the configuration file types to backup.
Copy Method—Select USB or Internal Flash.
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 82
6
Administration: File Management
File Operations
File Name—Enter name of destination backup file.
Sensitive Data Handling—Select how sensitive data should be included in the backup
file. The following options are available:
- Exclude—Do not include sensitive data in the backup.
- Encrypt—Include sensitive data in the backup in its encrypted form.
- Plaintext—Include sensitive data in the backup in its plaintext form.
NOTE The available sensitive data options are determined by the current user SSD
rules. For details, refer to the SSD Rules page.
STEP 3 Click Apply to begin the operation.
To backup a system configuration file using TFTP:
STEP 1 Click Administration > File Management > File Operations. STEP 2 Enter the following fields:
Operation Type—Select Backup File.
Source File Type—Select the type of file to be backed up.
Copy Method—Select TFTP.
Server Definition—Select whether to specify the TFTP server by IP address or by
domain name. If Server Definition is By Address:
- IP Version—Select whether an IPv4 or an IPv6 address is used.
- If the server is selected by name in the Server Definition, there is no need to select
the IP Version related options.
- IPv6 Address Type—Select the IPv6 address type (if used). The options are:
Link Local—The IPv6 address uniquely identifies hosts on a single network link. A link local address has a prefix of FE80, is not routable, and can be used for communication only on the local network. Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration.
Global—The IPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks.
83 Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x
Administration: File Management
File Operations
STEP 3 Click Apply to begin the operation.
6
- Link Local Interface—Select the link local interface from the list.
Server IP Address/Name—Enter the IP address or name of the TFTP server.
Destination—Enter the backup file name.
Sensitive Data Handling—Select how sensitive data should be included in the backup
file. The following options are available:
- Exclude—Do not include sensitive data in the backup.
- Encrypt—Include sensitive data in the backup in its encrypted form.
- Plaintext—Include sensitive data in the backup in its plaintext form.
NOTE The available sensitive data options are determined by the current user SSD
rules. For details, refer to Secure Sensitive Data Management > SSD Rules page.
To backup a system configuration file using SCP:
STEP 1 Click Administration > File Management > File Operations. STEP 2 Enter the following fields:
Operation T ype—Select Backup File.
Source File Type—Select the type of file to be backed up.
Copy Method—Select SCP.
STEP 3 See SSH User Authentication for instructions. Then enter the following fields:
Remote SSH Server Authentication—To enable SSH server authentication (it is
disabled by default), click Edit, which takes you to the SSH Server Authentication page to configure this, and return to this page. Use the SSH Server Authentication page to select an SSH user authentication method (password or public/private key), set a username and password on the device, if the password method is selected, and generate an RSA or DSA key if required.
SSH Client Authentication—Client authentication can be done in one of the following ways:
Use SSH Client System Credentials—Sets permanent SSH user credentials. Click
System Credentials to go to the SSH User Authentication page where the user/ password can be set once for all future use.
Use SSH Client One-Time Credentials—Enter the following:
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 84
6
Administration: File Management
File Operations
- Username—Enter a username for this copy action.
- Password—Enter a password for this copy.
Server Definition—Select whether to specify the SCP server by IP address or by
domain name.
IP Version—Select whether an IPv4 or an IPv6 address is used.
IPv6 Address Type—Select the IPv6 address type (if used). The options are:
- Link Local—The IPv6 address uniquely identifies hosts on a single network link. A
link local address has a prefix of FE80, is not routable, and can be used for communication only on the local network. Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration.
- Global—The IPv6 address is a global Unicast IPV6 type that is visible and
reachable from other networks.
Link Local Interface—Select the link local interface from the list.
Server IP Address/Name—Enter the IP address or name of the SCP server.
Destination—Enter the name of the backup file.
Sensitive Data Handling—Select how sensitive data should be included in the backup
file. The following options are available:
- Exclude—Do not include sensitive data in the backup.
- Encrypt—Include sensitive data in the backup in its encrypted form.
- Plaintext—Include sensitive data in the backup in its plaintext form.
NOTE The available sensitive data options are determined by the current user SSD
rules. For details, refer to Secure Sensitive Data Management > SSD Rules page.
STEP 4 Click Apply to begin the operation.
To copy a system configuration file to another type of configuration file:
STEP 1 Click Administration > File Management > File Operations. STEP 2 Enter the following fields:
Operation Type—Select Duplicate.
85 Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x
Administration: File Management

File Directory

STEP 3 Click Apply to begin the operation.
File Directory
The File Directory page displays the system files existing in the system.
STEP 1 Click Administration > File Management > File Directory. STEP 2 If required, enable Auto Mirror Configuration. This enables the automatic creation of mirror
configuration files. When disabling this feature, the mirror configuration file, if it exists, is deleted. See System Files for a description of mirror files and why you might not want to automatically create mirror configuration files.
6
Source File Name—Select one of the configuration file types to copy.
Destination File Name—Enter name of the destination configuration file.
STEP 3 Select the drive from which you want to display the files and directories. The following
options are available:
Flash—Display all files in the root directory of the management station.
USB—Display files on the USB drive.
STEP 4 Click Go to display the following fields:
File Name—Type of system file or actual name of file depending on the file type.
Permissions—Read/write permissions of the user for the file.
Size—Size of file.
Last Modified—Date and time that file was modified.
Full Path—Path of file.

DHCP Auto Configuration/Image Update

The Auto Config uration/Image Update feature provides a convenient meth od to automatically configure switches in a network and upgrade their firmware. This process enables the administrator to remotely ensure that the configuration and firmware of these devices in the network are up-to-date.
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 86
6
Administration: File Management
DHCP Auto Configuration/Image Update
This feature is comprised of the following parts:
Auto Image Update—Automatic downloading a firmware image from a remote
TFTP/SCP server. At the end of the Auto Configuration/Image Update process, the device reboots itself to the firmware image.
Auto Configuration—Automatic downloading a configuration file from a remote
TFTP/SCP server. At the end of the Auto Configuration/Image process, the device reboots itself to the configuration file.
NOTE If both Auto Image Update and Auto Configuration are requested, Auto Image Update is
performed first, then after reboot, Auto Configuration is performed and then a final reboot is performed.
To use this feature, configure a DHCP server in the network with the locations and names of the configuration file and firmware image of your devices. The devices in the network are configured as DHCP clients by default. When the devices are assigned their IP addresses by the DHCP server, they also receive information about the configuration file and firmware image. If the configuration file and/or firmware image are different from the ones currently used on the device, the device reboots itself after downloading the file and/or image. This section describes these processes.
In addition to the ability to keep the devices in the network updated with the latest configuration files and firmware image, Auto-Update/Configuration enables quick installation of new devices on the network, since an out-of-the-box device is configured to retrieve its configuration file and software image from the network without any manual intervention by the system administrator. The first time that it applies for its IP address from the DHCP server, the device downloads and reboots itself with the configuration file and/or image specified by the DHCP server.
The Auto Configuration process supports downloading a configuration file that includes sensitive information, such as RADIUS server keys and SSH/SSL keys, by using the Secured Copy Protocol (SCP) and the Secure Sensitive Data (SSD) feature (See SSH Client
Authentication and Security: Secure Sensitive Data Management).

Download Protocols (TFTP or SCP)

Configuration files and firmware images can be downloaded from either a TFTP or an SCP server.
The user configures the protocol to be used, as follows:
Auto By File Extension—(Default) If this option is selected, a user-defined file
extension indicates that files with this extension are downloaded using SCP (over SSH), while files with other extensions are downloaded using TFTP. For example, if the file extension specified is.xyz, files with the .xyz extension are downloaded using
87 Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x
Administration: File Management
DHCP Auto Configuration/Image Update
TFTP Only—The download is done through TFTP, regardless of the file extension of
SCP Only—The download is done through SCP (over SSH), regardless of the file

SSH Client Authentication

SCP is SSH based. By default, remote SSH server authentication is disabled, so that the device accepts any remote SSH server out of the box. You can enable remote SSH server authentication so that only servers found in the trusted server list can be used.
SSH client authentication parameters are required to access the SSH server by the client (which is the device). The default SSH client authentication parameters are:
6
SCP, and files with the other extensions are downloaded using TFTP. The default extension is .scp.
the configuration file name.
extension of the configuration file name.
SSH authentication method: by username/password
SSH username: anonymous
SSH password: anonymous
NOTE The SSH client authentication parameters can also be us ed wh en do wnlo ading a file manu all y
(meaning, a download that is not performed through the DHCP Auto Configuration/Image Update feature).

Auto Configuration/Image Update Process

DHCP Auto Configuration uses the configuration server name/address and configuration file name/path from the DHCP messages received (if any). In addition, DHCP Image Update uses the indirect file name of the firmware, if any, in the messages. This information is specified as DHCP options in the Offer message coming from the DHCPv4 servers and in the Information Reply messages coming from DHCPv6 servers.
If this information is not found in the DHCP server messages, backup information that has been configured in the DHCP Auto Configuration/Image Update page is used.
When the Auto Configuration/Image Update process is triggered (see Auto Configuration/
Image Update Trigger), the sequence of events described below occurs.
Auto Image Update Starts:
The switch uses the indirect file name from option 125 (DHCPv4) and option 60
(DHCPv6) if any, from the DHCP message received.
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 88
6
Administration: File Management
DHCP Auto Configuration/Image Update
If the DHCP server did not send the indirect file name of the firmware image file, the
Backup Indirect Image File Name (from the DHCP Auto Configuration/Image Update page) is used.
The switch downloads the Indirect Image File and extracts from it the name of the
image file on the TFTP/SCP server.
The switch compares the version of the TFTP server's image file with the version of
the switch active image.
If the two versions are different, the new version is loaded into the non-active image, a
reboot is performed and the non-active image becomes the active image.
When using the SCP protocol, a SYSLOG message is generated informing that reboot
is about to start.
When using the SCP protocol, a SYSLOG message is generated acknowledging that
the Auto Update process is completed.
When using the TFTP protocol, SYSLOG messages are generated by the copy process.
Auto Configuration Starts
The device uses the TFTP/SCP server name/address and configuration file name/path
(DHCPv4 options: 66,150, and 67, DHCPv6 options: 59 and 60), if any, from the DHCP message received.
If the information is not sent by the DHCP server , the Backup Server IP Address/Name
and the Backup Configuration File Name (from the DHCP Auto Configuration/Image
Update) is used.
The new configuration file is used if its name is different than the name of the
configuration file previously used on the device or if the device has never been configured.
The device is rebooted with the new configuration file, at the end of the Auto
Configuration/Image Update Process.
SYSLOG messages are generated by the copy process.
Missing Options
If the DHCP server did not send the TFTP/SCP server address in a DHCP option and
the backup TFTP/SCP server address parameter has not been configured, then:
- SCP—The Auto Configuration process is halted.
89 Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x
Administration: File Management
DHCP Auto Configuration/Image Update
Download Protocol Selection
The copy protocol (SCP/TFTP) is selected, as described in Download Protocols (TFTP
SCP
When downloading using SCP, the device accepts any specified SCP/SSH server
6
- TFTP—The device sends TFTP Request messages to a limited Broadcast address
(for IPv4) or ALL NODES address (for IPv6) on its IP interfaces and continues the process of Auto Configuration/Image Update with the fir st answering TFTP server.
or SCP).
(without authentication) if either of the following is true:
- The SSH server authentication process is disabled. By default the SSH server
authentication is disabled in order to allow downloading configuration file for devices with factory default configuration (for example out-of-box devices).
- The SSH Server is configured in the SSH Trusted Servers list.
If the SSH server authentication process is enabled, and the SSH server is not found in the SSH Trusted Servers list, the Auto Configuration process is halted.
If the information is available, the SCP server is accessed to download the
configuration file or image from it.

Auto Configuration/Image Update Trigger

Auto Configuration/Image Update via DHCPv4 is triggered when the following conditions are fulfilled:
The IP address of the device is dynamically assigned/renewed at reboot, or explicitly
renewed by administrative action, or automatically renewed due to an expiring lease. Explicit renewal can be activated in the IPv4 Interface page.
If Auto Image Update is enabled, the Auto Image Update process is triggered when an
indirect image file name is received from a DHCP server or a backup indirect image file name has been configured. Indirect means that this is not the image itself, but rather a file that holds the path name to the image.
If Auto Configuration is enabled, the Auto Configuration process is triggered when the
configuration file name is received from a DHCP server or a backup configuration file name has been configured.
Auto Configuration/Image Update via DHCPv6 is triggered when the following conditions are fulfilled:
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 90
6
Administration: File Management

DHCP Auto Configuration/Image Update

When a DHCPv6 server sends information to the device. This occurs in the following
cases:
- When an IPv6-enabled interface is defined as a DHCPv6 stateless configuration
client.
- When DHCPv6 messages are received from the server (for example, when you
press the Restart button on IPv6 Interfaces page,
- When DHCPv6 information is refreshed by the device.
- After rebooting the device when stateless DHCPv6 client is enabled.
When the DHCPv6 server packets contain the configuration filename option.
The Auto Image Update process is triggered when an indirect image file name is
provided by the DHCP server or a backup indirect image file name has been configured. Indirect means that this is not the image itself, but rather a file that holds the path name to the image.
DHCP Auto Configuration/Image Update
The DHCP Auto Configuration/Image Update page is used to configure the device as a DHCP client.
The following defaults exist on the system:
Auto Configuration is enabled.
Auto Image Update is enabled.
The device is enabled as a DHCP client.
Remote SSH server authentication is disabled.
Before You Start
T o use this feature, the device must either be configured as a DHCPv4 or DHCPv6 client. The type of DHCP client defined on the device is in correlation with the type of interfaces defined on the device.
Auto Configuration Preparations
To prepare the DHCP and TFTP/SCP servers, do the following:
91 Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x
Administration: File Management
DHCP Auto Configuration/Image Update
TFTP/SCP Server
Place a configuration file in the working directory. This file can be created by copying
DHCP Server Configure the DHCP server with the following options:
DHCPv4:
DHCPv6
6
a configuration file from a device. When the device is booted, this becomes the Running Configuration file.
- 66 (single server address) or 150 (list of server addresses)
- 67 (name of configuration file)
- Option 59 (server address)
- Options 60 (name of configuration file plus indirect image file name, separated by
a comma)
Auto Image Update Preparations
To prepare the DHCP and TFTP/SCP servers do the following: TFTP/SCP Server
1. Create a sub directory in the main directory. Place a software image file in it.
2. Create an indirect file that contains a path and the name of the firmware version (for example indirect-cisco.txt that contains cisco\cisco-version.ros).
3. Copy this indirect file to the TFTP/SCP server’s main directory
DHCP Server Configure the DHCP server with the following options
DHCPv4—Option 125 (indirect file name)
DHCPv6—Options 60 (name of configuration file plus indirect image file name,
separated by a comma)
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 92
6
Administration: File Management
DHCP Auto Configuration/Image Update
DHCP Client Work Flow
STEP 1 Configure Auto Configuration and/or Auto Image Update parameters in the DHCP Auto
Configuration/Image Update page.
STEP 2 Set the IP Address Type to Dynamic in the IP Configuration > IPv4 Interface page.Set the IP
Address Type to Dynamic in the IPv4 Interface pages, and/or define the device as a stateless DHCPv6 client in the IPv6 Interfaces page.
Web Configuration
To configure Auto Configuration and/or Auto Update:
STEP 1 Click Administration > File Management > DHCP Auto Configuration/Image Update. STEP 2 Enter the values.
Auto Configuration Via DHCP—Select this field to enable DHCP Auto
Configuration. This feature is enabled by default, but can be disabled here.
Download Protocol—Select one of the following options:
- Auto by File Extension—Select to indicate that Auto Configuration uses the TFTP
or SCP protocol depending on the extension of the configuration file. If this option is selected, the extension of the configuration file does not necessarily have to be given. If it is not given, the default extension is used (as indicated below).
- File Extension for SCP—If Auto By File Extension is selected, you can indicate a
file extension here. Any file with this extension is downloaded using SCP. If no extension is entered, the default file extension .scp is used.
- TFTP Only—Select to indicate that only the TFTP protocol is to be used for auto
configuration.
- SCP Only—Select to indicate that only the SCP protocol is to be used for auto
configuration.
Image Auto Update Via DHCP—Select this field to enable update of the firmware
image from the DHCP server. This feature is enabled by default, but can be disabled here.
93 Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x
Administration: File Management
DHCP Auto Configuration/Image Update
Download Protocol—Select one of the following options:
SSH Settings for SCP—When using SCP for downloading the configuration files,
6
- Auto By File Extension—Select to indicate that auto update uses the TFTP or SCP
protocol depending on the extension of the image file. If this option is selected, the extension of the image file does not necessarily have to be given. If it is not given, the default extension is used (as indicated below).
- File Extension for SCP—If Auto By File Extension is selected, you can indicate a
file extension here. Any file with this extension is downloaded using SCP. If no extension is entered, the default file extension .scp is used.
- TFTP Only—Select to indicate that only the TFTP protocol is to be used for auto
update.
- SCP Only—Select to indicate that only the SCP protocol is to be used for auto
update.
select one of the following options:
Remote SSH Server Authentication—Click on the Enable/Disable link to navigate
to the SSH Server Authentication page. There you can enable authentication of the SSH server to be used for the download and enter the trusted SSH server if required.
SSH Client Authentication—Click on the System Credentials link to enter user
credentials in the SSH User Authentication page.
Backup Server Definition—Select whether the backup server will be configured By
IP address or By name.
STEP 3 If Server Definition is By Address:
IP Version—Select whether an IPv4 or an IPv6 address is used.
IPv6 Address Type—Select the IPv6 address type (if IPv6 is used). The options are:
- Link Local—The IPv6 address uniquely identifies hosts on a single network link. A
link local address has a prefix of FE80, is not routable, and can be used for communication only on the local network. Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration.
- Global—The IPv6 address is a global Unicast IPV6 type that is visible and
reachable from other networks.
Link Local Interface—Select the link local interface (if IPv6 is used) from the list.
STEP 4 Enter the following optional information that is used if the DHCP server did not provide the
required information.
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 94
6
Administration: File Management
DHCP Auto Configuration/Image Update
Backup Server IP Address/Name—Enter either the backup server IP address or name.
Backup Configuration File Name—Enter the backup configuration file name.
Backup Indirect Image File Name—Enter the indirect image file name to be used.
This is name is: indirect-cisco.scp. This file contains the path and name of the firmware image.
The following fields are displayed:
Last Auto Configuration/Image Server IP Address—Address of the last backup
server.
Last Auto Configuration File Name—Name of the last configuration file name.
STEP 5 Click Apply. The parameters are copied to the Running Configuration file.
a file that holds the path to the image. An example of an indirect image file
95 Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x

Administration: Time Settings

Synchronized system clocks provide a frame of reference between all devices on the network. Network time synchronization is critical because every aspect of managing, securing, planning, and debugging a network involves determining when events occu r. Without synchronized clocks, accurately correlating log files between devices when tracking security breaches or network usage is impossible.
Synchronized time also reduces confusion in shared file systems, as it is important for the modification times to be consistent, regardless of the machine on which the file systems reside.
7
For these reasons, it is important that the time configured on all of the devices on the network is accurate.
NOTE The device supports Simple Network Time Protocol (SNTP) and when enabled, the device
dynamically synchronizes the device time with time from an SNTP server . The device operates only as an SNTP client, and cannot provide time services to other devices.
This section describes the options for configuring the system time, time zone, and Daylight Savings Time (DST). It covers the following topics:
System Time Configuration
•SNTP Modes
System Time
SNTP Unicast
SNTP Multicast/Anycast
SNTP Authentication
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 96
7

System Time Configuration

System time can be set manually by the user, dynamically from an SNTP server, or synchronized from the PC running the GUI. If an SNTP server is chosen, the manual time settings are overwritten when communications with the server are established.
As part of the boot process, the device always configures the time, time zone, and DST. These parameters are obtained from the PC running the GUI, SNTP, values set manually , or if all else fails, from the factory defaults.

Time

The following methods are available for setting the system time on the device:
Manual—User must manually set the time.
From PC—Time can be received from the PC by using browser information.
Administration: Time Settings
System Time Configuration
The configuration of time from the computer is saved to the Running Configuration file. You must copy the Running Configuration to the Startup Configuration to enable the device to use the time from the computer after reboot. The time after reboot is set during the first WEB login to the device.
When you configure this feature for the first time, if the time was not already set, the device sets the time from the PC.
This method of setting time works with both HTTP and HTTPS connections.
SNTP—Time can be received from SNTP time servers. SNTP ensures accurate
network time synchronization of the device up to the millisecond by using an SNTP server for the clock source. When specifying an SNTP server, if choosing to identify it by hostname, three suggestions are given in the GUI:
- time-a.timefreq.bldrdoc.gov
- time-b.timefreq.bldrdoc.gov
- time-c.timefreq.bldrdoc.gov
After the time has been set by any of the above sources, it is not set again by the browser.
NOTE SNTP is the recommended method for time setting.
97 Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x
Administration: Time Settings

SNTP Modes

7

Time Zone and Daylight Savings Time (DST)

The Time Zone and DST can be set on the device in the following ways:
Dynamic configuration of the device through a DHCP server, where:
- Dynamic DST, when enabled and available, always takes precedence over the
manual configuration of DST.
- If the server supplying the source parameters fails, or dynamic configuration is
disabled by the user, the manual settings are used.
- Dynamic configuration of the time zone and DST continues after the IP address
lease time has expired.
Manual configuration of the time zone and DST becomes the Operational time zone
and DST, only if the dynamic configuration is disabled or fails.
SNTP Modes
NOTE The DHCP server must supply DHCP option 100 in order for dynamic time zone
configuration to take place.
The device can receive system time from an SNTP server in one of the following ways:
Client Broadcast Reception (passive mode)—SNTP servers broadcast the time, and
the device listens to these broadcasts. When the device is in this mode, there is no need to define a Unicast SNTP server.
Client Broadcast Transmission (active mode)—The device, as an SNTP client,
periodically requests SNTP time updates. This mode works in either of the following ways:
- SNTP Anycast Client Mode—The device broadcasts time request packets to all
SNTP servers in the subnet, and waits for a response.
- Unicast SNTP Server Mode—The device sends Unicast queries to a list of
manually-configured SNTP servers, and waits for a response.
The device supports having all of the above modes active at the same time and selects the best system time received from an SNTP server, according to an algorithm based on the closest stratum (distance from the reference clock).
Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x 98
7

System Time

CAUTION If the system time is set manually and the device is rebooted, the manual time settings must be
STEP 1 Click Administration > Time Settings > System Time.
Administration: Time Settings
System Time
Use the System Time page to select the system time source. If the source is manual, you can enter the time here.
!
reentered.
To define system time:
The following fields are displayed:
Actual Time (Static)—System time on the device. This shows the DHCP time zone or
the acronym for the user-defined time zone if these defined.
Last Synchronized Server—Address, stratum and type of the SNTP server from which
system time was last taken.
STEP 2 Enter the following parameters:
Clock Source Settings—Select the source used to set the system clock.
- Main Clock Source (SNTP Servers)—If this is enabled, the system time is
obtained from an SNTP server. To use this feature, you must also configure a connection to an SNTP server in the SNTP Multicast/Anycast page. Optionally, enforce authentication of the SNTP sessions by using the SNTP Authentication page.
- Alternate Clock Source (PC via active HTTP/HTTPS sessions)—Select to set
the date and time from the configuring computer using the HTTP protocol.
NOTE The Clock Source Setting needs to be set to either of the above in order for RIP
MD5 authentication to work.
Manual Settings—Set the date and time manually . The local time is used when there is
no alternate source of time, such as an SNTP server:
- Date—Enter the system date.
- Local Time—Enter the system time.
Time Zone Settings—The local time is used via the DHCP server or T ime Zone of fset.
99 Cisco Sx250 Series Managed Switches, Firmware Release 2.2.5.x
Loading...
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use