Cisco 500 Series Stackable Managed Switch Administration Guide 2
2
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco
trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use
of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Cisco 500 Series Stackable Managed Switch Administration Guide 1
Contents
Chapter 1: Getting Started10
Starting the Web-based Configuration Utility10
Quick Start Device Configuration14
Interface Naming Conventions 15
Differences Between 500 Devices<500>15
Window Navigation17
Chapter 2: Status and Statistics22
System Summary 22
Ethernet Interfaces22
Etherlike Statistics24
GVRP Statistics25
802.1X EAP Statistics 26
ACL Statistics27
TCAM Utilization28
Health29
RMON29
View Log37
Chapter 3: Administration: System Log38
Setting System Log Settings38
Setting Remote Logging Settings40
Viewing Memory Logs42
Chapter 4: Administration: File Management44
System Files44
Upgrade/Backup Firmware/Language47
Active Image 51
Download/Backup Configuration/Log52
Configuration Files Properties58
Cisco 500 Series Stackable Managed Switch Administration Guide 2
Contents
Copy/Save Configuration59
Auto Configuration/Image Update via DHCP60
70
Chapter 5: Administration: Stack Management71
Overview71
Types of Units in Stack73
Stack Topology74
Unit ID Assignment76
Master Selection Process78
Stack Changes78
Unit Failure in Stack80
Software Auto Synchronization in Stack82
Stack Unit Mode82
Stack Ports86
Default Configuration94
Interactions With Other Features94
System Modes94
Chapter 6: Administration100
Device Models101
System Settings103
Console Settings (Autobaud Rate Support)106
Management Interface107
System Mode and Stack Management107
User Accounts107
Defining Idle Session Timeout 107
Time Settings108
System Log108
File Management108
Cisco 500 Series Stackable Managed Switch Administration Guide 3
Contents
Rebooting the Device 108
Routing Resources110
Health114
Diagnostics116
Discovery - Bonjour116
Discovery - LLDP117
Discovery - CDP117
Ping117
Traceroute119
Chapter 7: Administration: Time Settings122
System Time Options123
SNTP Modes124
Configuring System Time125
Chapter 8: Administration: Diagnostics 136
Copper Ports Tests136
Displaying Optical Module Status138
Configuring Port and VLAN Mirroring140
Viewing CPU Utilization and Secure Core Technology141
Chapter 9: Administration: Discovery144
Bonjour144
LLDP and CDP146
Configuring LLDP147
Configuring CDP168
CDP Statistics176
Chapter 10: Port Management178
Configuring Ports178
Cisco 500 Series Stackable Managed Switch Administration Guide 4
Contents
Loopback Detection184
Link Aggregation186
UDLD194
PoE194
Configuring Green Ethernet194
Chapter 11: Port Management: Unidirectional Link Detection202
UDLD Overview202
UDLD Operation203
Usage Guidelines205
Dependencies On Other Features206
Default Settings and Configuration206
Before You Start207
Common UDLD Tasks207
Configuring UDLD208
Chapter 12: Smartport212
Overview213
What is a Smartport214
Smartport Types214
Smartport Macros216
Macro Failure and the Reset Operation218
How the Smartport Feature Works218
Auto Smartport219
Error Handling223
Default Configuration223
Relationships with Other Features and Backwards Compatibility224
Common Smartport Tasks224
Configuring Smartport Using The Web-based Interface226
Built-in Smartport Macros231
Cisco 500 Series Stackable Managed Switch Administration Guide 5
Contents
Chapter 13: Port Management: PoE 244
PoE on the Device244
PoE Properties247
PoE Settings248
Chapter 14: VLAN Management252
Overview252
Regular VLANs261
Private VLAN Settings269
GVRP Settings270
VLAN Groups271
Voice VLAN276
Access Port Multicast TV VLAN289
Customer Port Multicast TV VLAN292
Chapter 15: Spanning Tree296
STP Flavors296
STP Status and Global Settings297
Spanning Tree Interface Settings299
Rapid Spanning Tree Settings301
Multiple Spanning Tree304
MSTP Properties304
VLANs to a MSTP Instance 305
MSTP Instance Settings306
MSTP Interface Settings307
Chapter 16: Managing MAC Address Tables310
Static MAC Addresses311
Dynamic MAC Addresses312
Reserved MAC Addresses313
Cisco 500 Series Stackable Managed Switch Administration Guide 6
Contents
Chapter 17: Multicast314
Multicast Forwarding314
Multicast Properties320
MAC Group Address320
IP Multicast Group Addresses322
IPv4 Multicast Configuration324
IPv6 Multicast Configuration330
IGMP/MLD Snooping IP Multicast Group336
Multicast Router Ports337
Forward All338
Unregistered Multicast338
Chapter 18: IP Configuration340
Overview340
IPv4 Management and Interfaces344
DHCP Server366
IPv6 Management and Interfaces375
Domain Name398
Chapter 19: IP Configuration: RIPv2403
Overview403
How Rip Operates on the Device404
Configuring RIP409
Chapter 20: IP Configuration: VRRP417
Overview417
Configurable Elements of VRRP421
Configuring VRRP424
Chapter 21: Security428
Cisco 500 Series Stackable Managed Switch Administration Guide 7
Contents
Defining Users429
Configuring TACACS+432
Configuring RADIUS437
Key Management442
Management Access Method445
Management Access Authentication450
Secure Sensitive Data Management452
SSL Server452
SSH Server454
SSH Client455
Configuring TCP/UDP Services455
Defining Storm Control456
Configuring Port Security 457
802.1X460
Denial of Service Prevention 460
DHCP Snooping470
IP Source Guard470
ARP Inspection474
First Hop Security480
Chapter 22: Security: 802.1X Authentication481
Overview of 802.1X481
Authenticator Overview484
Common Tasks494
802.1X Configuration Through the GUI495
Defining Time Ranges507
Authentication Method and Port Mode Support508
Chapter 23: Security: IPv6 First Hop Security511
IPv6 First Hop Security Overview512
Cisco 500 Series Stackable Managed Switch Administration Guide 8
Contents
Router Advertisement Guard516
Neighbor Discovery Inspection516
DHCPv6 Guard517
Neighbor Binding Integrity518
IPv6 Source Guard521
Attack Protection522
Policies, Global Parameters and System Defaults523
Common Tasks525
Default Settings and Configuration527
Before You Start527
Configuring IPv6 First Hop Security through Web GUI528
Chapter 24: Security: SSH Client546
Secure Copy (SCP) and SSH546
Protection Methods547
SSH Server Authentication549
SSH Client Authentication550
Before You Begin551
Common Tasks551
SSH Client Configuration Through the GUI552
Chapter 25: Security: SSH Server557
Overview557
Common Tasks558
SSH Server Configuration Pages559
Chapter 26: Security: Secure Sensitive Data Management562
Introduction 562
SSD Rules563
SSD Properties568
Cisco 500 Series Stackable Managed Switch Administration Guide 9
Contents
Configuration Files571
SSD Management Channels576
Menu CLI and Password Recovery 576
Configuring SSD577
Chapter 27: Access Control580
Access Control Lists580
MAC-based ACLs584
IPv4-based ACLs586
IPv6-Based ACLs591
ACL Binding594
Chapter 28: Quality of Service 598
QoS Features and Components599
Configuring QoS - General602
QoS Basic Mode615
QoS Advanced Mode617
Managing QoS Statistics628
Chapter 29: SNMP632
SNMP Versions and Workflow632
Model OIDs635
SNMP Engine ID636
Configuring SNMP Views638
Creating SNMP Groups 639
Managing SNMP Users641
Defining SNMP Communities643
Defining Trap Settings645
Notification Recipients646
SNMP Notification Filters650
1
Cisco 500 Series Stackable Managed Switch Administration Guide10
Getting Started
This section provides an introduction to the web-based configuration utility, and
covers the following topics:
•Starting the Web-based Configuration Utility
•Quick Start Device Configuration
•Interface Naming Conventions
•Differences Between 500 Devices<500>
•Window Navigation
Starting the Web-based Configuration Utility
This section describes how to navigate the web-based switch configuration utility.
If you are using a pop-up blocker, make sure it is disabled.
Browser Restrictions
If you are using IPv6 interfaces on your management station, use the IPv6 global
address and not the IPv6 link local address to access the device from your
browser.
DateUpdated ByComment
No changes for Nikola 1.4
Getting Started
Starting the Web-based Configuration Utility
11Cisco 500 Series Stackable Managed Switch Administration Guide
1
Launching the Configuration Utility
To open the web-based configuration utility:
STEP1Open a Web browser.
STEP 2Enter the IP address of the device you are configuring in the address bar on the
browser, and then press Enter.
NOTEWhen the device is using the factory default IP address of 192.168.1.254, its power
LED flashes continuously. When the device is using a DHCP-assigned IP address or
an administrator-configured static IP address, the power LED is on solid.
Logging In
The default username is cisco and the default password is cisco. The first time
that you log in with the default username and password, you are required to enter
a new password.
NOTEIf you have not previously selected a language for the GUI, the language of the Login
page is determined by the language(s) requested by your browser and the
languages configured on your device. If your browser requests Chinese, for
example, and Chinese has been loaded into your device, the Login page is
automatically displayed in Chinese. If Chinese has not been loaded into your
device, the Login page appears in English.
The languages loaded into the device have a language and country code (en-US,
en-GB and so on). For the Login page to be automatically displayed in a particular
language, based on the browser request, both the language and country code of
the browser request must match those of the language loaded on the device. If the
browser request contains only the language code without a country code (for
example: fr). The first embedded language with a matching language code is
taken (without matching the country code, for example: fr_CA).
To log in to the device configuration utility:
STEP1Enter the username/password. The password can contain up to 64 ASCII
characters. Password-complexity rules are described in Setting Password
Complexity Rules.
STEP 2If you are not using English, select the desired language from the Language drop-
down menu. To add a new language to the device or update a current one, see
Upgrade/Backup Firmware/Language.
Getting Started
Starting the Web-based Configuration Utility
Cisco 500 Series Stackable Managed Switch Administration Guide12
1
STEP 3If this is the first time that you logged on with the default user ID (cisco) and the
default password (cisco) or your password has expired, the Change Password
Page appears. See Password Expiration for additional information.
STEP 4Choose whether to select Disable Password Complexity Enforcement or not.
For more information on password complexity, see the Setting Password
Complexity Rules section.
STEP 5Enter the new password and click Apply.
When the login attempt is successful, the Getting Startedpage appears.
If you entered an incorrect username or password, an error message appears and
the Loginpageremains displayed on the window. If you are having problems
logging in, please see the Launching the Configuration Utility section in the
Administration Guide for additional information.
Select Don't show this page on startup to prevent the Getting Started page from
being displayed each time that you log on to the system. If you select this option,
the System Summary page is opened instead of the Getting Started page.
HTTP/HTTPS
You can either open an HTTP session (not secured) by clicking Log In, or you can
open an HTTPS (secured) session, by clicking Secure Browsing (HTTPS). You are
asked to approve the logon with a default RSA key, and an HTTPS session is
opened.
NOTEThere is no need to input the username/password prior to clicking the Secure
Browsing (HTTPS) button.
For information on how to configure HTTPS, see SSL Server.
Password Expiration
The New Password page is displayed in the following cases:
•The first time that you access the device with the default username cisco
and password cisco. This page forces you to replace the factory default
password.
•When the password expires, this page forces you to select a new
password.
Getting Started
Starting the Web-based Configuration Utility
13Cisco 500 Series Stackable Managed Switch Administration Guide
1
Logging Out
By default, the application logs out after ten minutes of inactivity. You can change
this default value as described in the Defining Idle Session Timeout section.
!
CAUTIONUnless the Running Configuration is copied to the Startup Configuration, rebooting
the device removes all changes made since the last time the file was saved. Save
the Running Configuration to the Startup Configuration before logging off to
preserve any changes you made during this session.
A flashing red X icon to the left of the Save application link indicates that Running
Configuration changes have not yet been saved to the Startup Configuration file.
The flashing can be disabled by clicking on the Disable Save Icon Blinking button
on the Copy/Save Configuration page
When the device auto-discovers a device, such as an IP phone (see What is a
Smartport), and it configures the port appropriately for the device. These
configuration commands are written to the Running Configuration file. This causes
the Save icon to begin blinking when the you log on, even though you did not make
any configuration changes.
When you click Save, the Copy/Save Configuration page appears. Save the
Running Configuration file by copying it to the Startup Configuration file. After this
save, the red X icon and the Save application link are no longer displayed.
To logout, clickLogout in the top right corner of any page. The system logs out of
the device.
When a timeout occurs or you intentionally log out of the system, a message is
displayed and the Login page appears, with a message indicating the logged-out
state. After you log in, the application returns to the initial page.
The initial page displayed depends on the “Do not show this page on startup”
option in the Getting Started page. If you did not select this option, the initial page
is the Getting Started page. If you did select this option, the initial page is the
System Summary page.
Getting Started
Quick Start Device Configuration
Cisco 500 Series Stackable Managed Switch Administration Guide14
1
Quick Start Device Configuration
To simplify device configuration through quick navigation, the Getting Started
pageprovides links to the most commonly used pages.
There are two hot links on the Getting Started page that take you to Cisco web
pages for more information. Clicking on the Support link takes you to the device
product support page, and clicking on the Forums link takes you to the Support