ADMINISTRATION
GUIDE
Cisco Small Business 200 Series Smart Switch
Administration Guide
Table of Contents
1
Table of Contents
Chapter 1: Table of Contents 1
Chapter 2: Getting Started 8
Starting the Web-based Configuration Utility 8
Quick Start Device Configuration 12
Interface Naming Conventions 12
Window Navigation 14
Chapter 3: Status and Statistics 18
System Summary 18
Ethernet Interfaces 18
Etherlike Statistics 19
802.1X EAP Statistics 20
Health 21
RMON 22
View Log 29
Chapter 4: Administration: System Log 30
Setting System Log Settings 30
Setting Remote Logging Settings 32
Viewing Memory Logs 33
Chapter 5: Administration: File Management 35
System Files 35
Upgrade/Backup Firmware/Language 38
Download/Backup Configuration/Log 41
Cisco Small Business 200 Series Smart Switch Administration Guide 1
Table of Contents
1
Configuration Files Properties 46
Copy/Save Configuration 46
Auto Configuration/Image Update via DHCP 48
56
Chapter 6: Administration 57
Device Models 57
System Settings 59
Management Interface 61
User Accounts 61
Defining Idle Session Timeout 61
Time Settings 62
System Log 62
File Management 62
Rebooting the Device 62
Health 64
Diagnostics 65
Discovery - Bonjour 65
Discovery - LLDP 66
Discovery - CDP 66
Ping 66
Chapter 7: Administration: Time Settings 68
System Time Options 68
SNTP Modes 70
Configuring System Time 70
Chapter 8: Administration: Diagnostics 77
Copper Ports Tests 77
Displaying Optical Module Status 79
Cisco Small Business 200 Series Smart Switch Administration Guide 2
Table of Contents
1
Configuring Port and VLAN Mirroring 80
Viewing CPU Utilization and Secure Core Technology 82
Chapter 9: Administration: Discovery 83
Bonjour 83
LLDP and CDP 84
Configuring LLDP 85
Configuring CDP 104
CDP Statistics 111
Chapter 10: Port Management 113
Configuring Ports 113
Loopback Detection 117
Link Aggregation 119
UDLD 126
PoE 126
Configuring Green Ethernet 126
Chapter 11: Port Management: Unidirectional Link Detection 134
UDLD Overview 134
UDLD Operation 135
Usage Guidelines 137
Dependencies On Other Features 137
Default Settings and Configuration 138
Before You Start 138
Common UDLD Tasks 138
Configuring UDLD 139
Chapter 12: Smartport 143
Overview 143
Cisco Small Business 200 Series Smart Switch Administration Guide 3
Table of Contents
What is a Smartport 144
Smartport Types 144
Smartport Macros 146
Macro Failure and the Reset Operation 147
How the Smartport Feature Works 148
Auto Smartport 148
Error Handling 152
Default Configuration 152
Relationships with Other Features and Backwards Compatibility 153
Common Smartport Tasks 153
Configuring Smartport Using The Web-based Interface 155
1
Built-in Smartport Macros 159
Chapter 13: Port Management: PoE 171
PoE on the Device 171
PoE Properties 174
PoE Settings 175
Chapter 14: VLAN Management 177
Overview 177
Regular VLANs 179
186
Voice VLAN 186
Chapter 15: Spanning Tree 198
STP Flavors 198
STP Status and Global Settings 199
Spanning Tree Interface Settings 200
Rapid Spanning Tree Settings 202
Cisco Small Business 200 Series Smart Switch Administration Guide 4
Table of Contents
1
Chapter 16: Managing MAC Address Tables 205
Static MAC Addresses 206
Dynamic MAC Addresses 207
Chapter 17: Multicast 208
Multicast Forwarding 208
Multicast Properties 212
MAC Group Address 213
IP Multicast Group Addresses 214
IPv4 Multicast Configuration 216
IPv6 Multicast Configuration 218
IGMP/MLD Snooping IP Multicast Group 220
Multicast Router Ports 221
Forward All 221
Unregistered Multicast 222
Chapter 18: IP Configuration 224
Overview 224
IPv4 Management and Interfaces 226
Domain Name 239
Chapter 19: Security 243
Defining Users 244
Configuring RADIUS 246
Management Access Method 250
Management Access Authentication 254
Secure Sensitive Data Management 255
SSL Server 256
SSH Client 258
Configuring TCP/UDP Services 258
Cisco Small Business 200 Series Smart Switch Administration Guide 5
Table of Contents
1
Defining Storm Control 259
Configuring Port Security 260
802.1X 262
Denial of Service Prevention 263
Chapter 20: Security: 802.1X Authentication 267
Overview of 802.1X 267
Authenticator Overview 269
Common Tasks 273
802.1X Configuration Through the GUI 274
Chapter 21: Security: SSH Client 280
Secure Copy (SCP) and SSH 280
Protection Methods 281
SSH Server Authentication 282
SSH Client Authentication 283
Before You Begin 284
Common Tasks 284
SSH Client Configuration Through the GUI 286
Chapter 22: Security: Secure Sensitive Data Management 290
Introduction 290
SSD Rules 291
SSD Properties 296
Configuration Files 298
SSD Management Channels 302
Menu CLI and Password Recovery 303
Configuring SSD 303
Chapter 23: Quality of Service 306
Cisco Small Business 200 Series Smart Switch Administration Guide 6
Table of Contents
1
QoS Features and Components 307
Configuring QoS - General 308
Managing QoS Statistics 317
Chapter 24: SNMP 319
SNMP Versions and Workflow 319
Model OIDs 321
SNMP Engine ID 322
Configuring SNMP Views 324
Creating SNMP Groups 325
Managing SNMP Users 327
Defining SNMP Communities 328
Defining Trap Settings 330
Notification Recipients 331
SNMP Notification Filters 335
Cisco Small Business 200 Series Smart Switch Administration Guide 7
2
Getting Started
This section provides an introduction to the web-based configuration utility, and covers the following topics:
• Starting the Web-based Configuration Utility
• Quick Start Device Configuration
• Interface Naming Conventions
• Window Navigation
Starting the Web-based Configuration Utility
This section describes how to navigate the web-based switch configuration utility.
If you are using a pop-up blocker, make sure it is disabled.
Browser Restrictions
If you are using IPv6 interfaces on your management station, use the IPv6 global address and not the IPv6
link local address to access the device from your browser.
Launching the Configuration Utility
To open the web-based configuration utility:
STEP 1 Open a Web browser.
STEP 2 Enter the IP address of the device you are configuring in the address bar on the
browser, and then press Enter.
NOTE When the device is using the factory default IP address of 192.168.1.254, its power
LED flashes continuously. When the device is using a DHCP-assigned IP address or
an administrator-configured static IP address, the power LED is on solid.
Cisco Small Business 200 Series Smart Switch Administration Guide 8
Getting Started
Starting the Web-based Configuration Utility
2
Logging In
The default username is cisco and the default password is cisco. The first time that you log in with the
default username and password, you are required to enter a new password.
NOTE If you have not previously selected a language for the GUI, the language of the Login
page is determined by the language(s) requested by your browser and the
languages configured on your device. If your browser requests Chinese, for
example, and Chinese has been loaded into your device, the Login page is
automatically displayed in Chinese. If Chinese has not been loaded into your
device, the Login page appears in English.
The languages loaded into the device have a language and country code (en-US, en-GB and so on). For the
Login page to be automatically displayed in a particular language, based on the browser request, both the
language and country code of the browser request must match those of the language loaded on the device.
If the browser request contains only the language code without a country code (for example: fr). The first
embedded language with a matching language code is taken (without matching the country code, for
example: fr_CA).
To log in to the device configuration utility:
STEP 1 Enter the username/password. The password can contain up to 64 ASCII
characters. Password-complexity rules are described in Setting Password
Complexity Rules.
STEP 2 If you are not using English, select the desired language from the Language drop-
down menu. To add a new language to the device or update a current one, see
Upgrade/Backup Firmware/Language.
STEP 3 If this is the first time that you logged on with the default user ID (cisco) and the
default password (cisco) or your password has expired, the Change Password
Page appears. See Password Expiration for additional information.
STEP 4 Choose whether to select Disable Password Complexity Enforcement or not.
For more information on password complexity, see the Setting Password
Complexity Rules section.
STEP 5 Enter the new password and click Apply.
When the login attempt is successful, the Getting Started page appears.
If you entered an incorrect username or password, an error message appears and the Login page remains
displayed on the window. If you are having problems logging in, please see the Launching the
Configuration Utility section in the Administration Guide for additional information.
Cisco Small Business 200 Series Smart Switch Administration Guide 9
Getting Started
!
Starting the Web-based Configuration Utility
Select Don't show this page on startup to prevent the Getting Started page from being displayed each
time that you log on to the system. If you select this option, the System Summary page is opened instead of
the Getting Started page.
2
HTTP/HTTPS
You can either open an HTTP session (not secured) by clicking Log In, or you can open an HTTPS (secured)
session, by clicking Secure Browsing (HTTPS). You are asked to approve the logon with a default RSA key,
and an HTTPS session is opened.
NOTE There is no need to input the username/password prior to clicking the Secure
Browsing (HTTPS) button.
For information on how to configure HTTPS, see SSL Server.
Password Expiration
The New Password page is displayed in the following cases:
• The first time that you access the device with the default username cisco and password cisco. This
page forces you to replace the factory default password.
• When the password expires, this page forces you to select a new password.
Logging Out
By default, the application logs out after ten minutes of inactivity. You can change this default value as
described in the Defining Idle Session Timeout section.
CAUTION Unless the Running Configuration is copied to the Startup Configuration, rebooting
the device removes all changes made since the last time the file was saved. Save
the Running Configuration to the Startup Configuration before logging off to
preserve any changes you made during this session.
A flashing red X icon to the left of the Save application link indicates that Running
Configuration changes have not yet been saved to the Startup Configuration file.
The flashing can be disabled by clicking on the Disable Save Icon Blinking button
on the Copy/Save Configuration page
When the device auto-discovers a device, such as an IP phone (see What is a
Smartport), and it configures the port appropriately for the device. These
configuration commands are written to the Running Configuration file. This causes
the Save icon to begin blinking when the you log on, even though you did not make
any configuration changes.
Cisco Small Business 200 Series Smart Switch Administration Guide 10
Getting Started
Starting the Web-based Configuration Utility
When you click Save, the Copy/Save Configuration page appears. Save the
Running Configuration file by copying it to the Startup Configuration file. After this
save, the red X icon and the Save application link are no longer displayed.
To logout, click Logout in the top right corner of any page. The system logs out of the device.
When a timeout occurs or you intentionally log out of the system, a message is displayed and the Login
page appears, with a message indicating the logged-out state. After you log in, the application returns to
the initial page.
The initial page displayed depends on the “Do not show this page on startup” option in the Getting Started
page. If you did not select this option, the initial page is the Getting Started page. If you did select this
option, the initial page is the System Summary page.
2
Cisco Small Business 200 Series Smart Switch Administration Guide 11
Getting Started
Quick Start Device Configuration
2
Quick Start Device Configuration
To simplify device configuration through quick navigation, the Getting Started page provides links to the
most commonly used pages.
Category Link Name (on the Page) Linked Page
Change Management
Applications and Services
Change Device IP Address IPv4 Interface page
Create VLAN Create VLAN page
Configure Port Settings Port Setting page
Device Status System Summary System Summary page
Port Statistics Interface page
RMON Statistics Statistics page
View Log RAM Memory page
Quick Access Change Device Password User Accounts page
Upgrade Device Software Upgrade/Backup Firmware/
Backup Device Configuration Download/Backup
Configure QoS QoS Properties page
TCP/UDP Services page
Language page
Configuration/Log page
Configure Port Mirroring Port and VLAN Mirroring page
There are two hot links on the Getting Started page that take you to Cisco web pages for more information.
Clicking on the Support link takes you to the device product support page, and clicking on the Forums link
takes you to the Small Business Support Community page.
Interface Naming Conventions
Within the GUI, interfaces are denoted by concatenating the following elements:
• Type of interface: The following types of interfaces are found on the various types of devices:
- Fast Ethernet (10/100 bits)—These are displayed as FE.
Cisco Small Business 200 Series Smart Switch Administration Guide 12
Getting Started
Interface Naming Conventions
- Gigabit Ethernet ports (10/100/1000 bits)—These are displayed as GE.
- LAG (Port Channel)—These are displayed as LAG.
- VLAN—These are displayed as VLAN.
- Tunnel —These a re displ ayed as Tunnel.
• Interface Number: Port, LAG, tunnel or VLAN ID
2
Cisco Small Business 200 Series Smart Switch Administration Guide 13
Getting Started
Window Navigation
Window Navigation
This section describes the features of the web-based switch configuration utility.
Application Header
The Application Header appears on every page. It provides the following application links:
2
Application Link
Name
Username Displays the name of the user logged on to the device. The
Description
A flashing red X icon displayed to the left of the Save
application link indicates that Running Configuration
changes have been made that have not yet been saved to
the Startup Configuration file. The flashing of the red X can
be disabled on the Copy/Save Configuration page.
Click Save to display the Copy/Save Configuration page.
Save the Running Configuration file by copying it to the
Startup Configuration file type on the device. After this
save, the red X icon and the Save application link are no
longer displayed. When the device is rebooted, it copies
the Startup Configuration file type to the Running
Configuration and sets the device parameters according
to the data in the Running Configuration.
default username is cisco. (The default password is cisco).
Cisco Small Business 200 Series Smart Switch Administration Guide 14
Getting Started
Window Navigation
2
Application Link
Name
Language Menu This menu provides the following options:
Description
• Select a language: Select one of the languages that
appear in the menu. This language will be the webbased configuration utility language.
• Download Language: Add a new language to the
device.
• Delete Language: Deletes the second language on
the device. The first language (English) cannot be
deleted.
• Debug: Used for translation purposes. If you select
this option, all web-based configuration utility labels
disappear and in their place are the IDs of the
strings that correspond to the IDs in the language
file.
NOTE To upgrade a language file, use the Upgrade/
Backup Firmware/Language page.
Logout Click to log out of the web-based switch configuration
utility.
About Click to display the device name and device version
number.
Help Click to display the online help.
The SYSLOG Alert Status icon appears when a SYSLOG
message, above the critical severity level, is logged. Click
the icon to open the RAM Memory page. After you access
this page, the SYSLOG Alert Status icon is no longer
displayed. To display the page when there is not an active
SYSLOG message, Click Status and Statistics > View
Log > RAM Memory.
Cisco Small Business 200 Series Smart Switch Administration Guide 15
Getting Started
Window Navigation
2
Management Buttons
The following table describes the commonly-used buttons that appear on various pages in the system.
Button Name Description
Use the pull-down menu to configure the number of
entries per page.
Indicates a mandatory field.
Add Click to display the related Add page and add an entry to a
table. Enter the information and click Apply to save it to the
Running Configuration. Click Close to return to the main
page. Click Save to display the Copy/Save Configuration
page and save the Running Configuration to the Startup
Configuration file type on the device.
Apply Click to apply changes to the Running Configuration on the
device. If the device is rebooted, the Running
Configuration is lost, unless it is saved to the Startup
Configuration file type or another file type. Click Save to
display the Copy/Save Configuration page and save the
Running Configuration to the Startup Configuration file
type on the device.
Cancel Click to reset changes made on the page.
Clear All
Interfaces
Counters
Clear Interface
Counters
Clear Logs Clears log files.
Clear Table Clears table entries.
Close Returns to main page. If any changes were not applied to
Click to clear the statistic counters for all interfaces.
Click to clear the statistic counters for the selected
interface.
the Running Configuration, a message appears.
Cisco Small Business 200 Series Smart Switch Administration Guide 16
Getting Started
Window Navigation
Button Name Description
Copy Settings A table typically contains one or more entries containing
configuration settings. Instead of modifying each entry
individually, it is possible to modify one entry and then
copy the selected entry to multiple entries, as described
below:
1. Select the entry to be copied. Click Copy Settings to
display the popup.
2. Enter the destination entry numbers in the to field.
3. Click Apply to save the changes and click Close to
return to the main page.
Delete After selecting an entry in the table, click Delete to
remove.
2
Details Click to display the details associated with the entry
selected.
Edit Select the entry and click Edit. The Edit page appears,
and the entry can be modified.
1. C li ck Apply to save the changes to the Running
Configuration.
2. Click Close to return to the main page.
Go Enter the query filtering criteria and click Go. The results
are displayed on the page.
Refresh Clich Refresh to refresh the counter values.
Te st Click Te s t to perform the related tests.
Cisco Small Business 200 Series Smart Switch Administration Guide 17
Status and Statistics
This section describes how to view device statistics.
It covers the following topics:
• System Summary
• Ethernet Interfaces
• Etherlike Statistics
• 802.1X EAP Statistics
• Health
• RMON
3
• View Log
System Summary
See System Settings.
Ethernet Interfaces
The Interface page displays traffic statistics per port. The refresh rate of the information can be selected.
This page is useful for analyzing the amount of traffic that is both sent and received and its dispersion
(Unicast, Multicast, and Broadcast).
To display Ethernet statistics and/or set the refresh rate:
STEP 1 Click Status and Statistics > Interface.
STEP 2 Enter the parameters.
Cisco Small Business 200 Series Smart Switch Administration Guide 18
Status and Statistics
Etherlike Statistics
• Interface—Select the type of interface and specific interface for which Ethernet statistics are to be
displayed.
• Refresh Rate—Select the time period that passes before the interface Ethernet statistics are
refreshed.
The Receive Statistics area displays information about incoming packets.
• Tot al By te s ( O ct et s) —Octets received, including bad packets and FCS octets, but excluding framing
bits.
• Unicast Packets—Good Unicast packets received.
• Multicast Packets—Good Multicast packets received.
• Broadcast Packets—Good Broadcast packets received.
• Packets with Errors—Packets with errors received.
3
The Transmit Statistics area displays information about outgoing packets.
• Total Bytes (Octets)—Octets transmitted, including bad packets and FCS octets, but excluding
framing bits.
• Unicast Packets—Good Unicast packets transmitted.
• Multicast Packets—Good Multicast packets transmitted.
• Broadcast Packets—Good Broadcast packets transmitted.
To clear or view statistics counters:
• Click Clear Interface Counters to clear counters for the interface displayed.
• Click View All Interfaces Statistics to see all ports on a single page.
Etherlike Statistics
The Etherlike page displays statistics per port according to the Etherlike MIB standard definition. The
refresh rate of the information can be selected. This page provides more detailed information regarding
errors in the physical layer (Layer 1) that might disrupt traffic.
To view Etherlike Statistics and/or set the refresh rate:
Cisco Small Business 200 Series Smart Switch Administration Guide 19
Status and Statistics
802.1X EAP Statistics
STEP 1 Click Status and Statistics > Etherlike.
STEP 2 Enter the parameters.
• Interface—Select the type of interface and specific interface for which Ethernet statistics are to be
displayed.
• Refresh Rate—Select the amount of time that passes before the Etherlike statistics are refreshed.
The fields are displayed for the selected interface.
• Frame Check Sequence (FCS) Errors—Received frames that failed the CRC (cyclic redundancy
checks).
• Single Collision Frames—Frames that were involved in a single collision, but were successfully
transmitted.
• Late Collisions—Collisions that have been detected after the first 512 bits of data.
3
• Excessive Collisions—Transmissions rejected due to excessive collisions.
• Oversize Packets—Packets greater than 2000 octets received.
• Internal MAC Receive Errors—Frames rejected because of receiver errors.
• Pause Frames Received—Received flow control pause frames.
• Pause Frames Transmitted—Flow control pause frames transmitted from the selected interface.
To clear statistics counters:
• Click Clear Interface Counters to clear the selected interfaces counters.
• Click View All Interfaces Statistics to see all ports on a single page.
802.1X EAP Statistics
The 802.1x EAP page displays detailed information regarding the EAP (Extensible Authentication Protocol)
frames that were sent or received. To configure the 802.1X feature, see the 802.1X Properties page.
To view the EAP Statistics and/or set the refresh rate:
STEP 1 Click Status and Statistics > 802.1x EAP.
STEP 2 Select the Interface that is polled for statistics.
Cisco Small Business 200 Series Smart Switch Administration Guide 20
Status and Statistics
Health
STEP 3 Select the Refresh Rate (time period) that passes before the EAP statistics are
refreshed.
The values are displayed for the selected interface.
• EAPOL Frames Received—Valid EAPOL frames received on the port.
• EAPOL Frames Transmitted—Valid EAPOL frames transmitted by the port.
• EAPOL Start Frames Received—EAPOL Start frames received on the port.
• EAPOL Logoff Frames Received—EAPOL Logoff frames received on the port.
• EAP Response/ID Frames Received—EAP Resp/ID frames received on the port.
• EAP Response Frames Received—EAP Response frames received by the port (other than Resp/ID
frames).
• EAP Request/ID Frames Transmitted—EAP Req/ID frames transmitted by the port.
3
• EAP Request Frames Transmitted—EAP Request frames transmitted by the port.
• Invalid EAPOL Frames Received—Unrecognized EAPOL frames received on this port.
• EAP Length Error Frames Received—EAPOL frames with an invalid Packet Body Length received on
this port.
• Last EAPOL Frame Version—Protocol version number attached to the most recently received
EAPOL frame.
• Last EAPOL Frame Source—Source MAC address attached to the most recently received EAPOL
frame.
To clear statistics counters:
• Click Clear Interface Counters to clear the selected interfaces counters.
• Click Refresh to refresh the selected interfaces counters.
• Click View All Interfaces Statistics to clear the counters of all interfaces.
Health
See Health.
Cisco Small Business 200 Series Smart Switch Administration Guide 21
Status and Statistics
RMON
3
RMON
RMON (Remote Networking Monitoring) enables an SNMP agent in the device to proactively monitor traffic
statistics over a given period and send traps to an SNMP manager. The local SNMP agent compares actual,
real-time counters against predefined thresholds and generates alarms, without the need for polling by a
central SNMP management platform. This is an effective mechanism for proactive management, provided
that you have set the correct thresholds relative to your network’s base line.
RMON decreases the traffic between the manager and the device since the SNMP manager does not have
to poll the device frequently for information, and enables the manager to get timely status reports, since the
device reports events as they occur.
With this feature, you can perform the following actions:
• View the current statistics (from the time that the counter values were cleared). You can also collect
the values of these counters over a period of time, and then view the table of collected data, where
each collected set is a single line of the History tab.
• Define interesting changes in counter values, such as “reached a certain number of late collisions”
(defines the alarm), and then specify what action to perform when this event occurs (log, trap, or log
and trap).
RMON Statistics
The Statistics page displays detailed information regarding packet sizes and information regarding physical
layer errors. The information is displayed according to the RMON standard. An oversized packet is defined
as an Ethernet frame with the following criteria:
• Packet length is greater than MRU byte size.
• Collision event has not been detected.
• Late collision event has not been detected.
• Received (Rx) error event has not been detected.
• Packet has a valid CRC.
To view RMON statistics and/or set the refresh rate:
STEP 1 Click Status and Statistics > RMON > Statistics.
STEP 2 Select the Interface for which Ethernet statistics are to be displayed.
STEP 3 Select the Refresh Rate, which is the time period that passes before the interface
statistics are refreshed.
Cisco Small Business 200 Series Smart Switch Administration Guide 22
Status and Statistics
RMON
The following statistics are displayed for the selected interface.
• Bytes Received—Octets received, including bad packets and FCS octets, but excluding framing bits.
• Drop Events—Packets dropped.
• Packets Received—Good packets received, including Multicast and Broadcast packets.
• Broadcast Packets Received—Good Broadcast packets received. This number does not include
Multicast packets.
• Multicast Packets Received—Good Multicast packets received.
• CRC & Align Errors—CRC and Align errors that have occurred.
• Undersize Packets—Undersized packets (less than 64 octets) received.
• Oversize Packets—Oversized packets (over 2000 octets) received.
3
• Fragments—Fragments (packets with less than 64 octets, excluding framing bits, but including FCS
octets) received.
• Jabbers—Received packets that were longer than 1632 octets. This number excludes frame bits, but
includes FCS octets that had either a bad FCS (Frame Check Sequence) with an integral number of
octets (FCS Error) or a bad FCS with a non-integral octet (Alignment Error) number. A Jabber packet
is defined as an Ethernet frame that satisfies the following criteria:
- Packet data length is greater than MRU.
- Packet has an invalid CRC.
- Received (Rx) Error Event has not been detected.
• Collisions—Collisions received. If Jumbo frames are enabled, the threshold of Jabber frames is
raised to the maximum size of Jumbo frames.
• Frames of 64 Bytes—Frames, containing 64 bytes that were received.
• Frames of 65 to 127 Bytes—Frames, containing 65-127 bytes that were received.
• Frames of 128 to 255 Bytes—Frames, containing 128-255 bytes that were received.
• Frames of 256 to 511 Bytes—Frames, containing 256-511 bytes that were received.
• Frames of 512 to 1023 Bytes—Frames, containing 512-1023 bytes that were received.
• Frames of 1024 Bytes or More—Frames, containing 1024-2000 bytes, and Jumbo Frames, that
were received.
Cisco Small Business 200 Series Smart Switch Administration Guide 23
Status and Statistics
RMON
To clear statistics counters:
• Click Clear Interface Counters to clear the selected interfaces counters.
• Click View All Interfaces Statistics to see all ports on a single page.
3
RMON History
The RMON feature enables monitoring statistics per interface.
The History Control Table page
from which to gather the data.
After the data is sampled and stored, it appears in the History Table page that can be viewed by clicking
History Table.
To enter RMON control information:
defines the sampling frequency, amount of samples to store and the port
STEP 1 Click Status and Statistics > RMON > History. The fields displayed on this page
are defined in the Add RMON History page, below. The only field is that is on this
page and not defined in the Add page is:
• Current Number of Samples—RMON is allowed by the standard to not grant all requested samples,
but rather to limit the number of samples per request. Therefore, this field represents the sample
number actually granted to the request that is equal or less than the requested value.
STEP 2 Click Add.
STEP 3 Enter the parameters.
• New History Entry—Displays the number of the new History table entry.
• Source Interface—Select the type of interface from which the history samples are to be taken.
• Max No. of Samples to Keep—Enter the number of samples to store.
• Sampling Interval—Enter the time in seconds that samples are collected from the ports. The field
range is 1-3600.
• Owner—Enter the RMON station or user that requested the RMON information.
STEP 4 Click Apply. The entry is added to the History Control Table page
Configuration file is updated.
,
and the Running
STEP 5 Click History Table (described below) to view the actual statistics.
Cisco Small Business 200 Series Smart Switch Administration Guide 24
Status and Statistics
RMON
RMON History Table
The History Table page displays interface-specific statistical network samplings. The samples were
configured in the History Control table described above.
To view RMON history statistics:
STEP 1 Click Status and Statistics > RMON > History.
STEP 2 Click History Table.
STEP 3 From the History Entry No. drop down menu, optionally select the entry number
of the sample to display.
The fields are displayed for the selected sample.
• Owner—History table entry owner.
3
• Sample No.—Statistics were taken from this sample.
• Drop Events—Dropped packets due to lack of network resources during the sampling interval. This
may not represent the exact number of dropped packets, but rather the number of times dropped
packets were detected.
• Bytes Received—Octets received including bad packets and FCS octets, but excluding framing bits.
• Packets Received—Packets received, including bad packets, Multicast, and Broadcast packets.
• Broadcast Packets—Good Broadcast packets excluding Multicast packets.
• Multicast Packets—Good Multicast packets received.
• CRC Align Errors—CRC and Align errors that have occurred.
• Undersize Packets—Undersized packets (less than 64 octets) received.
• Oversize Packets—Oversized packets (over 2000 octets) received.
• Fragments—Fragments (packets with less than 64 octets) received, excluding framing bits, but
including FCS octets.
• Jabbers—Total number of received packets that were longer than 2000 octets. This number excludes
frame bits, but includes FCS octets that had either a bad FCS (Frame Check Sequence) with an
integral number of octets (FCS Error) or a bad FCS with a non-integral octet (Alignment Error) number.
• Collisions—Collisions received.
Cisco Small Business 200 Series Smart Switch Administration Guide 25
Status and Statistics
RMON
• Utilization—Percentage of current interface traffic compared to maximum traffic that the interface
can handle.
RMON Events Control
You can control the occurrences that trigger an alarm and the type of notification that occurs. This is
performed as follows:
• Events Page—Configures what happens when an alarm is triggered. This can be any combination of
logs and traps.
• Alarms Page—Configures the occurrences that trigger an alarm.
To define RMON events:
3
STEP 1 Click Status and Statistics > RMON > Events.
This page displays previously defined events.
The fields on this page are defined by the Add RIMON Events dialog box except for the Time field.
• Time—Displays the time of the event. (This is a read-only table in the parent window and cannot be
defined).
STEP 2 Click Add.
STEP 3 Enter the parameters.
• Event Entry—Displays the event entry index number for the new entry.
• Description—Enter a name for the event. This name is used in the Add RMON Alarm page to attach
an alarm to an event.
• Notification Type—Select the type of action that results from this event. Values are:
- None—No action occurs when the alarm goes off.
- Log (Event Log Table)—Add a log entry to the Event Log table when the alarm is triggered.
- Trap (SNMP Manager and SYSLOG Server)—Send a trap to the remote log server when the
alarm goes off.
- Log and Trap—Add a log entry to the Event Log table and send a trap to the remote log server
when the alarm goes off.
• Owner—Enter the device or user that defined the event.
Cisco Small Business 200 Series Smart Switch Administration Guide 26
Status and Statistics
RMON
STEP 4 Click Apply. The RMON event is saved to the Running Configuration file.
STEP 5 Click Event Log Table to display the log of alarms that have occurred and that have
been logged (see description below).
3
RMON Events Logs
The Event Log Table page displays the log of events (actions) that occurred. Two types of events can be
logged: Log or Log and Trap. The action in the event is performed when the event is bound to an alarm (see
the Alarms page) and the conditions of the alarm have occurred.
STEP 1 Click Status and Statistics > RMON > Events.
STEP 2 Click Event Log Table.
This page displays the following fields:
• Event Entry No.—Event’s log entry number.
• Log No.—Log number (within the event).
• Log Time—Time that the log entry was entered.
• Description—Description of event that triggered the alarm.
RMON Alarms
RMON alarms provide a mechanism for setting thresholds and sampling intervals to generate exception
events on counters or any other SNMP object counter maintained by the agent. Both the rising and falling
thresholds must be configured in the alarm. After a rising threshold is crossed, no rising events are
generated until the companion falling threshold is crossed. After a falling alarm is issued, the next alarm is
issued when a rising threshold is crossed.
One or more alarms are bound to an event, which indicates the action to be taken when the alarm occurs.
Alarm counters can be monitored by either absolute values or changes (delta) in the counter values.
Cisco Small Business 200 Series Smart Switch Administration Guide 27
Status and Statistics
RMON
To enter RMON alarms:
STEP 1 Click Status and Statistics > RMON > Alarms. All previously-defined alarms are
displayed. The fields are described in the Add RMON Alarm page below. In
addition to those fields, the following field appears:
• Counter Value—Displays the value of the statistic during the last sampling period.
STEP 2 Click Add.
STEP 3 Enter the parameters.
• Alarm Entry No.—Displays the alarm entry number.
• Interface—Select the type of interface for which RMON statistics are displayed.
• Counter Name—Select the MIB variable that indicates the type of occurrence measured.
3
• Counter Value—Number of occurrences.
• Sample Type—Select the sampling method to generate an alarm. The options are:
- Absolute—If the threshold is crossed, an alarm is generated.
- Delta—Subtracts the last sampled value from the current value. The difference in the values is
compared to the threshold. If the threshold was crossed, an alarm is generated.
• Rising Threshold—Enter the value that triggers the rising threshold alarm.
• Rising Event—Select an event to be performed when a rising event is triggered. Events are created
in the Events page.
• Falling Threshold—Enter the value that triggers the falling threshold alarm.
• Falling Event—Select an event to be performed when a falling event is triggered.
• Startup Alarm—Select the first event from which to start generation of alarms. Rising is defined by
crossing the threshold from a low-value threshold to a higher-value threshold.
- Rising Alarm—A rising value triggers the rising threshold alarm.
- Falling Alarm—A falling value triggers the falling threshold alarm.
- Rising and Falling—Both rising and falling values trigger the alarm.
• Interval—Enter the alarm interval time in seconds.
• Owner—Enter the name of the user or network management system that receives the alarm.
Cisco Small Business 200 Series Smart Switch Administration Guide 28
Status and Statistics
View Log
STEP 4 Click Apply. The RMON alarm is saved to the Running Configuration file.
View Log
See Viewing Memory Logs.
3
Cisco Small Business 200 Series Smart Switch Administration Guide 29
4
Administration: System Log
This section describes the system logging, which enables the device to generate multiple independent
logs. Each log is a set of messages describing system events.
The device generates the following local logs:
• Log sent to the console interface.
• Log written into a cyclical list of logged events in the RAM and erased when the device reboots.
• Log written to a cyclical log-file saved to the Flash memory and persists across reboots.
In addition, you can send messages to remote SYSLOG servers in the form of SNMP traps and SYSLOG
messages.
This section covers the following sections:
• Setting System Log Settings
• Setting Remote Logging Settings
• Viewing Memory Logs
Setting System Log Settings
You can select the events to be logged by severity level. Each log message has a severity level marked
with the first letter of the severity level concatenated with a dash (-) on each side (except for Emergency
that is indicated by the letter F). For example, the log message "%INIT-I-InitCompleted: … " has a severity
level of I, meaning Informational.
The event severity levels are listed from the highest severity to the lowest severity, as follows:
• Emergency—System is not usable.
• Alert—Action is needed.
• Critical—System is in a critical condition.
Cisco Small Business 200 Series Smart Switch Administration Guide 30
Administration: System Log
Setting System Log Settings
• Error—System is in error condition.
• Warning—System warning has occurred.
• Notice—System is functioning properly, but a system notice has occurred.
• Informational—Device information.
• Debug—Detailed information about an event.
You can select different severity levels for RAM and Flash logs. These logs are displayed in the RAM
Memory page and Flash Memory page, respectively.
Selecting a severity level to be stored in a log causes all of the higher severity events to be automatically
stored in the log. Lower severity events are not stored in the log.
For example, if Warning is selected, all severity levels that are Warning and higher are stored in the log
(Emergency, Alert, Critical, Error, and Warning). No events with severity level below Warning are stored
(Notice, Informational, and Debug).
4
To set global log parameters:
STEP 1 Click Administration > System Log > Log Settings.
STEP 2 Enter the parameters.
• Logging—Select to enable message logging.
• Syslog Aggregator—Select to enable the aggregation of SYSLOG messages and traps. If enabled,
identical and contiguous SYSLOG messages and traps are aggregated over the specified Max.
Aggregation Time and sent in a single message. The aggregated messages are sent in the order of
their arrival. Each message states the number of times it was aggregated.
• Max. Aggregation Time—Enter the interval of time that SYSLOG messages are aggregated.
• Originator Identifier—Enables adding an origin identifier to SYSLOG messages. The options are:
- None—Do not include the origin identifier in SYSLOG messages.
- Hostname—Include the system host name in SYSLOG messages.
- IPv4 Address—Include the IPv4 address of the sending interface in SYSLOG messages.
- IPv6 Address—Include the IPv6 address of the sending interface in SYSLOG messages.
- User Defined—Enter a description to be included in SYSLOG messages.
• RAM Memory Logging—Select the severity levels of the messages to be logged to the RAM.
Cisco Small Business 200 Series Smart Switch Administration Guide 31
Administration: System Log
Setting Remote Logging Settings
• Flash Memory Logging—Select the severity levels of the messages to be logged to the Flash
memory.
STEP 3 Click Apply. The Running Configuration file is updated.
4
Setting Remote Logging Settings
The Remote Log Servers page enables defining remote SYSLOG servers to which log messages are sent.
For each server, you can configure the severity of the messages that it receives.
To d ef i n e SY S LO G s e r v er s :
STEP 1 Click Administration > System Log > Remote Log Servers.
STEP 2 Enter the following fields:
• IPv4 Source Interface—Select the source interface whose IPv4 address will be used as the source
IPv4 address of SYSLOG messages sent to SYSLOG servers.
• IPv6 Source Interface—Select the source interface whose IPv6 address will be used as the source
IPv6 address of SYSLOG messages sent to SYSLOG servers.
NOTE If the Auto option is selected, the system takes the source IP address from the IP address
defined on the outgoing interface.
Information is described for each previously-configured log server. The fields are described below in the
Add page.
STEP 3 Click Add.
STEP 4 Enter the parameters.
• Server Definition—Select whether to identify the remote log server by IP address or name.
• IP Version—Select the supported IP format.
• IPv6 Address Type—Select the IPv6 address type (if IPv6 is used). The options are:
- Link Local—The IPv6 address uniquely identifies hosts on a single network link. A link local
address has a prefix of FE80, is not routable, and can be used for communication only on the local
network. Only one link local address is supported. If a link local address exists on the interface, this
entry replaces the address in the configuration.
Cisco Small Business 200 Series Smart Switch Administration Guide 32
Administration: System Log
Viewing Memor y Logs
- Global—The IPv6 address is a global Unicast IPV6 type that is visible and reachable from other
networks.
• Link Local Interface—Select the link local interface (if IPv6 Address Type Link Local is selected) from
the list.
• Log Server IP Address/Name—Enter the IP address or domain name of the log server.
• UDP Port—Enter the UDP port to which the log messages are sent.
• Facility—Select a facility value from which system logs are sent to the remote server. Only one facility
value can be assigned to a server. If a second facility code is assigned, the first facility value is
overridden.
• Description—Enter a server description.
• Minimum Severity—Select the minimum level of system log messages to be sent to the server.
4
STEP 5 Click Apply. The Add Remote Log Server page
added, and the Running Configuration file is updated.
closes, the SYSLOG server is
Viewing Memory Logs
The device can write to the following logs:
• Log in RAM (cleared during reboot).
• Log in Flash memory (cleared only upon user command).
You can configure the messages that are written to each log by severity, and a message can go to more
than one log, including logs that reside on external SYSLOG servers.
RAM Memory
The RAM Memory page displays all messages that were saved in the RAM (cache) in chronological order.
Entries are stored in the RAM log according to the configuration in the Log Settings page.
To view log entries, click Status and Statistics > View Log > RAM Memory.
The top of the page has a button that allows you to Disable Alert Icon Blinking. Click. This button toggles
between disable and enable.
The Current Logging Threshold specifies the levels of logging that are generated. This can be changed by
clicking Edit by the field’s name.
Cisco Small Business 200 Series Smart Switch Administration Guide 33
Administration: System Log
Viewing Memor y Logs
This page contains the following fields for every log file:
• Log Index—Log entry number.
• Log Time—Time when message was generated.
• Severity—Event severity.
• Description—Message text describing the event.
To clear the log messages, click Clear Logs. The messages are cleared.
4
Flash Memory
The Flash Memory page displays the messages that were stored in the Flash memory, in chronological
order. The minimum severity for logging is configured in the Log Settings page. Flash logs remain when the
device is rebooted. You can clear the logs manually.
To view the Flash logs, click Status and Statistics > View Log > Flash Memory.
The Current Logging Threshold specifies the levels of logging that are generated. This can be changed by
clicking Edit by the field’s name.
This page contains the following fields for each log file:
• Log Index—Log entry number.
• Log Time—Time when message was generated.
• Severity—Event severity.
• Description—Message text describing the event.
To clear the messages, click Clear Logs. The messages are cleared.
Cisco Small Business 200 Series Smart Switch Administration Guide 34
Administration: File Management
This section describes how system files are managed.
The following topics are covered:
• System Files
• Upgrade/Backup Firmware/Language
• Download/Backup Configuration/Log
• Configuration Files Properties
• Copy/Save Configuration
• Auto Configuration/Image Update via DHCP
5
System Files
System files are files that contain configuration information, firmware images or boot code.
Various actions can be performed with these files, such as: selecting the firmware file from which the
device boots, copying various types of configuration files internally on the device, or copying files to or from
an external device, such as an external server.
The possible methods of file transfer are:
• Internal copy
• HTTP/HTTPS that uses the facilities that the browser provides
• TFTF/SCP client, requiring a TFTP/SCP server
Configuration files on the device are defined by their type, and contain the settings and parameter values
for the device.
Cisco Small Business 200 Series Smart Switch Administration Guide 35
Administration: File Management
System Files
When a configuration is referenced on the device, it is referenced by its configuration file type (such as
Startup Configuration or Running Configuration), as opposed to a file name that can be modified by the
user.
Content can be copied from one configuration file type to another, but the names of the file types cannot be
changed by the user.
Other files on the device include firmware, boot code, and log files, and are referred to as operational files.
The configuration files are text files and can be edited in a text editor, such as Notepad after they are copied
to an external device, such as a PC.
5
Files and File Types
The following types of configuration and operational files are found on the device:
• Running Configuration—Contains the parameters currently being used by the device to operate.
This is the only file type that is modified when you change parameter values on the device.
If the device is rebooted, the Running Configuration is lost. The Startup Configuration, stored in Flash,
overwrites the Running Configuration, stored in RAM.
To preserve any changes you made to the device, you must save the Running Configuration to the
Startup Configuration, or another file type.
• Startup Configuration—The parameter values that were saved by copying another configuration
(usually the Running Configuration) to the Startup Configuration.
The Startup Configuration is retained in Flash and is preserved when the device is rebooted. At this
time, the Startup Configuration is copied to RAM and identified as the Running Configuration.
• Mirror Configuration—A copy of the Startup Configuration, created by the device when the following
conditions exist:
- The device has been operating continuously for 24 hours.
- No configuration changes have been made to the Running Configuration in the previous 24 hours.
- The Startup Configuration is identical to the Running Configuration.
Only the system can copy the Startup Configuration to the Mirror Configuration. However, you can
copy from the Mirror Configuration to other file types or to another device.
The option of automatically copying the Running Configuration to the mirror configuration can be
disabled in the Configuration Files Properties page.
• Backup Configuration—A manual copy of a configuration file used for protection against system
shutdown or for the maintenance of a specific operating state. You can copy the Mirror Configuration,
Cisco Small Business 200 Series Smart Switch Administration Guide 36
Administration: File Management
System Files
Startup Configuration, or Running Configuration to a Backup Configuration file. The Backup
Configuration exists in Flash and is preserved if the device is rebooted.
• Firmware—The program that controls the operations and functionality of the device. More
commonly referred to as the image.
• Boot Code—Controls the basic system startup and launches the firmware image.
• Language File—The dictionary that enables the web-based configuration utility windows to be
displayed in the selected language.
• Flash Log—SYSLOG messages stored in Flash memory.
File Actions
The following actions can be performed to manage firmware and configuration files:
• Upgrade the firmware or boot code, or replace a second language, as described in Upgrade/Backup
Firmware/Language section.
5
• Save configuration files on the device to a location on another device as described in the Download/
Backup Configuration/Log section.
• Clear the Startup Configuration or Backup Configuration file types as described in the Configuration
Files Properties section.
• Copy one configuration file type to another configuration file type as described in the Copy/Save
Configuration section.
• Enable automatically uploading a configuration file from a DHCP server to the device, as described in
the section.
This section covers the following topics:
• Upgrade/Backup Firmware/Language
• Download/Backup Configuration/Log
• Configuration Files Properties
• Copy/Save Configuration
• Auto Configuration/Image Update via DHCP
Cisco Small Business 200 Series Smart Switch Administration Guide 37
Administration: File Management
Upgrade/Backup Firmware/Language
Upgrade/Backup Firmware/Language
The Upgrade/Backup Firmware/Language process can be used to:
• Upgrade or backup the firmware image.
• Upgrade or backup the boot code.
• Import or upgrade a second language file.
The following methods for transferring files are supported:
• HTTP/HTTPS that uses the facilities provided by the browser
• TFTP that requires a TFTP server
• Secure Copy Protocol (SCP) that requires an SCP server
5
If a new language file was loaded onto the device, the new language can be selected from the drop-down
menu. (It is not necessary to reboot the device).
A single firmware image is stored on the device. After new firmware has been successfully loaded into the
device, the device must be rebooted prior to the new firmware taking effect. The Summary page continues
to show the previous image prior to the reboot.
Upgrade/Backing Firmware or Language File
To upgrade or backup a software image or language file:
STEP 1 Click Administration > File Management > Upgrade/Backup Firmware/
Language.
STEP 2 Click the Transfer Method. Proceed as follows:
• If you selected TFTP, go to STEP 3.
• If you selected via HTTP/HTTPS, go to STEP 4.
• If you selected via SCP, go to STEP 5.
STEP 3 If you selected via TFTP, enter the parameters as described in this step.
Otherwise, skip to STEP 4.
Select one of the following Save Action::
• Upgrade—Specifies that the file type on the device is to be replaced with a new version of that file
type located on a TFTP server.
Cisco Small Business 200 Series Smart Switch Administration Guide 38
Administration: File Management
Upgrade/Backup Firmware/Language
• Backup—Specifies that a copy of the file type is to be saved to a file on another device.
Enter the following fields:
• File Type—Select the destination file type. Only valid file types are shown. (File types are described
in the Files and File Types section).
• TFTP Server Definition—Select whether to specify the TFTP server By IP address or By name.
• IP Version—Select whether an IPv4 or an IPv6 address is used.
• IPv6 Address Type—Select the IPv6 address type (if IPv6 is used). The options are:
- Link Local—The IPv6 address uniquely identifies hosts on a single network link. A link local
address has a prefix of FE80, is not routable, and can be used for communication only on the local
network. Only one link local address is supported. If a link local address exists on the interface, this
entry replaces the address in the configuration.
- Global—The IPv6 address is a global Unicast IPV6 type that is visible and reachable from other
networks.
5
• Link Local Interface—Select the link local interface (if IPv6 is used) from the list.
• TFTP Server IP Address/Name—Enter the IP address or the name of the TFTP server.
• (For Upgrade) Source File Name—Enter the name of the source file.
• (For Backup) Destination File Name—Enter the name of the backup file.
STEP 4 If you selected via HTTP/HTTPS, you can only select the Save Action: Upgrade.
Enter the parameters as described in this step.
• File Type—Select one of the following file types:
- Firmware Image—Select this to upgrade the firmware image.
- Language File—Select this to upgrade the language file.
• File Name—Click Browse to select a file or enter the path and source file name to be used in the
transfer.
STEP 5 If you selected via SCP (Over SSH), see SSH Client Authentication for
instructions. Then, enter the following fields: (only unique fields are described, for
non-unique fields, see the descriptions above)
• Remote SSH Server Authentication—To enable SSH server authentication (which is disabled by
default), click Edit. This takes you to the SSH Server Authentication page to configure the SSH server,
and return to this page. Use the SSH Server Authentication page to select an SSH user
authentication method (password or public/private key), set a username and password on the device
(if the password method is selected), and generate an RSA or DSA key if required.
Cisco Small Business 200 Series Smart Switch Administration Guide 39
Administration: File Management
Upgrade/Backup Firmware/Language
SSH Client Authentication—Client authentication can be done in one of the following ways:
• Use SSH Client System Credentials—Sets permanent SSH user credentials. Click System
Credentials to go to the SSH User Authentication page where the user/password can be set once for
all future use.
• Use SSH Client One-Time Credentials—Enter the following:
- Username—Enter a username for this copy action.
- Password—Enter a password for this copy.
NOTE The username and password for one-time credential will not saved in configuration file.
Select one of the following Save Action(s):
• Upgrade—Specifies that the file type on the device is to be replaced with a new version of that file
type located on a TFTP server.
5
• Backup—Specifies that a copy of the file type is to be saved to a file on another device.
Enter the following fields:
• File Type—Select the destination file type. Only valid file types are shown. (The file types are
described in the Files and File Types section).
• SCP Server Definition—Select whether to specify the SCP server by IP address or by domain name.
• IP Version—Select whether an IPv4 or an IPv6 address is used.
• IPv6 Address Type—Select the IPv6 address type (if used). The options are:
- Link Local—The IPv6 address uniquely identifies hosts on a single network link. A link local
address has a prefix of FE80, is not routable, and can be used for communication only on the local
network. Only one link local address is supported. If a link local address exists on the interface, this
entry replaces the address in the configuration.
- Global—The IPv6 address is a global Unicast IPv6 type that is visible and reachable from other
networks.
• Link Local Interface—Select the link local interface from the list.
• SCP Server IP Address/Name—Enter the IP address or domain name of the SCP server.
• (For Upgrade) Source File Name—Enter the name of the source file.
• (For Backup) Destination File Name—Enter the name of the backup file.
STEP 6 Click Apply. If the files, passwords and server addresses are correct, one of the
following may happen:
Cisco Small Business 200 Series Smart Switch Administration Guide 40
Administration: File Management
Download/Backup Configuration/Log
• If SSH server authentication is enabled (in the SSH Server Authentication page), and the SCP server
is trusted, the operation succeeds. If the SCP server is not trusted, the operation fails and an error is
displayed.
• If SSH server authentication is not enabled, the operation succeeds for any SCP server.
Download/Backup Configuration/Log
The Download/Backup Configuration/Log page enables:
• Backing up configuration files or logs from the device to an external device.
• Restoring configuration files from an external device to the device.
5
When restoring a configuration file to the Running Configuration, the imported file adds any configuration
commands that did not exist in the old file and over writes any parameter values in the existing configuration
commands.
When restoring a configuration file to the Startup Configuration or a backup configuration file, the new file
replaces the previous file.
When restoring to Startup Configuration, the device must be rebooted for the restored Startup
Configuration to be used as the Running Configuration. You can reboot the device by using the process
described in the Management Interface section.
Configuration File Backwards Compatibility
When restoring configuration files from an external device to the device, the a compatibility issue might
arise if the System modes are different on the device and in the new configuration file. In this case:
• If the configuration file is downloaded onto the device (using the Download/Backup Configuration/
Log page), the operation is aborted, and a message is displayed indicating that the System mode
must be changed in the System Settings page.
• If the configuration file is downloaded during an automatic configuration process, the Startup
Configuration file is deleted and the device reboots automatically in the new System mode. The
device is configured with an empty configuration file.
Cisco Small Business 200 Series Smart Switch Administration Guide 41
Administration: File Management
Download/Backup Configuration/Log
5
Downloading or Backing-up a Configuration or Log File
To backup or restore the system configuration file:
STEP 1 Click Administration > File Management > Download/Backup Configuration/
Log.
STEP 2 Select the Transfer Method.
STEP 3 If you selected via TFTP, enter the parameters. Otherwise, skip to STEP 4.
Select either Download or Backup as the Save Action.
Download—Specifies that the file on another device replaces a file type on the device. Enter the following
fields:
a. TFTP Server Definition—Select whether to specify the TFTP server by IP address or by domain name.
b. IP Version—Select whether an IPv4 or an IPv6 address is used.
NOTE If the server is selected by name in the Server Definition, there is no need to select the IP
Version related options.
c. IPv6 Address Type—Select the IPv6 address type (if used). The options are:
- Link Local—The IPv6 address uniquely identifies hosts on a single network link. A link local
address has a prefix of FE80, is not routable, and can be used for communication only on the local
network. Only one link local address is supported. If a link local address exists on the interface, this
entry replaces the address in the configuration.
- Global—The IPv6 address is a global Unicast IPV6 type that is visible and reachable from other
networks.
d. Link Local Interface—Select the link local interface from the list.
e. TFTP Server IP Address/Name—Enter the IP address or name of the TFTP server.
f. Source File Name—Enter the source file name. File names cannot contain slashes (\ or /), cannot start
with a period (.), and must include between 1 and 160 characters. (Valid characters: A-Z, a-z, 0-9, “.”, “-”,
“_”).
g. Destination File Type—Enter the destination configuration file type. Only valid file types are displayed.
(The file types are described in the Files and File Types section).
Backup—Specifies that a file type is to be copied to a file on another device. Enter the following fields:
a. TFTP Server Definition—Select whether to specify the TFTP server by IP address or by domain name.
b. IP Version—Select whether an IPv4 or an IPv6 address is used.
Cisco Small Business 200 Series Smart Switch Administration Guide 42
Administration: File Management
Download/Backup Configuration/Log
c. IPv6 Address Type—Select the IPv6 address type (if used). The options are:
• Link Local—The IPv6 address uniquely identifies hosts on a single network link. A link local address
has a prefix of FE80, is not routable, and can be used for communication only on the local network.
Only one link local address is supported. If a link local address exists on the interface, this entry
replaces the address in the configuration.
• Global—The IPv6 address is a global Unicast IPV6 type that is visible and reachable from other
networks.
d. Link Local Interface—Select the link local interface from the list.
e. TFTP Server IP Address/Name—Enter the IP address or name of the TFTP server.
f. Source File Type—Enter the source configuration file type. Only valid file types are displayed. (The file
types are described in the Files and File Types section).
g. Sensitive Data—Select how sensitive data should be included in the backup file. The following options
are available:
5
- Exclude—Do not include sensitive data in the backup.
- Encrypted—Include sensitive data in the backup in its encrypted form.
- Plaintext—Include sensitive data in the backup in its plaintext form.
NOTE The available sensitive data options are determined by the current user SSD rules. For details,
refer to Secure Sensitive Data Management > SSD Rules page.
h. Destination File Name—Enter the destination file name. File names cannot contain slashes (\ or /), the
leading letter of the file name must not be a period (.), and the file name must be between 1 and 160
characters. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”).
i. Click Apply. The file is upgraded or backed up.
STEP 4 If you selected via HTTP/HTTPS, enter the parameters as described in this step.
Select the Save Action.
If Save Action is Download (replacing the file on the device with a new version from another device), do the
following. Otherwise, go to the next procedure in this step.
a. Source File Name—Click Browse to select a file or enter the path and source file name to be used in the
transfer.
b. Destination File Type—Select the configuration file type. Only valid file types are displayed. (The file
types are described in the Files and File Types section).
c. Click Apply. The file is transferred from the other device to the device.
Cisco Small Business 200 Series Smart Switch Administration Guide 43
Administration: File Management
Download/Backup Configuration/Log
If Save Action is Backup (copying a file to another device), do the following:
a. Source File Type—Select the configuration file type. Only valid file types are displayed. (The file types
are described in the Files and File Types section).
b. Sensitive Data—Select how sensitive data should be included in the backup file. The following options
are available:
- Exclude—Do not include sensitive data in the backup.
- Encrypted—Include sensitive data in the backup in its encrypted form.
- Plaintext—Include sensitive data in the backup in its plaintext form.
NOTE The available sensitive data options are determined by the current user SSD rules. For details,
refer to Secure Sensitive Data Management > SSD Rules page.
c. Click Apply. The file is upgraded or backed up.
5
STEP 5 If you selected via SCP (Over SSH), see SSH Client Configuration Through the
GUI for instructions. Then enter the following fields:
• Remote SSH Server Authentication—To enable SSH server authentication (it is disabled by default),
click Edit, which takes you to the SSH Server Authentication page to configure this, and return to this
page. Use the SSH Server Authentication page to select an SSH user authentication method
(password or public/private key), set a username and password on the device, if the password
method is selected, and generate an RSA or DSA key if required.
SSH Client Authentication—Client authentication can be done in one of the following ways:
• Use SSH Client System Credentials—Sets permanent SSH user credentials. Click System
Credentials to go to the SSH User Authentication page where the user/password can be set once for
all future use.
• Use SSH Client One-Time Credentials—Enter the following:
- Username—Enter a username for this copy action.
- Password—Enter a password for this copy.
• Save Action—Select whether to backup or restore the system configuration file.
• SCP Server Definition—Select whether to specify the SCP server by IP address or by domain name.
• IP Version—Select whether an IPv4 or an IPv6 address is used.
• IPv6 Address Type—Select the IPv6 address type (if used). The options are:
Cisco Small Business 200 Series Smart Switch Administration Guide 44
Administration: File Management
Download/Backup Configuration/Log
- Link Local—The IPv6 address uniquely identifies hosts on a single network link. A link local
address has a prefix of FE80, is not routable, and can be used for communication only on the local
network. Only one link local address is supported. If a link local address exists on the interface, this
entry replaces the address in the configuration.
- Global—The IPv6 address is a global Unicast IPV6 type that is visible and reachable from other
networks.
• Link Local Interface—Select the link local interface from the list.
• SCP Server IP Address/Name—Enter the IP address or name of the SCP server.
If Save Action is Download (replacing the file on the device with a new version from another device), enter
the following fields.
• Source File Name—Enter the name of the source file.
• Destination File Type—Select the configuration file type. Only valid file types are displayed. (The file
types are described in the Files and File Types section).
5
If Save Action is Backup (copying a file to another device), enter the following fields (in addition to those
fields listed above):
• Source File Type—Select the configuration file type. Only valid file types are displayed. (The file
types are described in the Files and File Types section).
• Sensitive Data—Select how sensitive data should be included in the backup file. The following
options are available:
- Exclude—Do not include sensitive data in the backup.
- Encrypted—Include sensitive data in the backup in its encrypted form.
- Plaintext—Include sensitive data in the backup in its plaintext form.
NOTE The available sensitive data options are determined by the current user SSD rules. For details,
refer to Secure Sensitive Data Management > SSD Rules page.
• Destination File Name—Name of file being copied to.
STEP 6 Click Apply. The file is upgraded or backed up.
Cisco Small Business 200 Series Smart Switch Administration Guide 45
Administration: File Management
!
Configuration Files Properties
5
Configuration Files Properties
The Configuration Files Properties page displays when various system configuration files were created. It
also enables deleting the Startup Configuration and Backup Configuration files. You cannot delete the other
configuration file types.
To set whether mirror configuration files will be created, clear configuration files and see when
configuration files were created:
STEP 1 Click Administration > File Management > Configuration Files Properties.
This page displays the following fields:
• Configuration File Name—Type of system file.
• Creation Time—Date and time that file was modified.
STEP 2 If required, disable Auto Mirror Configuration. This disables the automatic
creation of mirror configuration files. When disabling this feature, the mirror
configuration file, if it exists, is deleted. See System Files for a description of
mirror files and why you might not want to automatically create mirror
configuration files.
STEP 3 If required, select either the Startup Configuration, Backup Configuration or both
and click Clear Files to delete these files.
Copy/Save Configuration
When you click Apply on any window, changes that you made to the device configuration settings are
stored only in the Running Configuration. To preserve the parameters in the Running Configuration, the
Running Configuration must be copied to another configuration type or saved on another device.
CAUTION Unless the Running Configuration is copied to the Startup Configuration or another
configuration file, all changes made since the last time the file was copied are lost
when the device is rebooted.
Cisco Small Business 200 Series Smart Switch Administration Guide 46
Administration: File Management
Copy/Save Configuration
The following combinations of copying internal file types are allowed:
• From the Running Configuration to the Startup Configuration or Backup Configuration.
• From the Startup Configuration to the Running Configuration, Startup Configuration or Backup
Configuration.
• From the Backup Configuration to the Running Configuration, Startup Configuration or Backup
Configuration.
• From the Mirror Configuration to the Running Configuration, Startup Configuration or Backup
Configuration.
To copy one type of configuration file to another type of configuration file:
STEP 1 Click Administration > File Management > Copy/Save Configuration.
STEP 2 Select the Source File Name to be copied. Only valid file types are displayed
(described in the Files and File Types section).
5
STEP 3 Select the Destination File Name to be overwritten by the source file.
STEP 4 Select the Sensitive Data option if you are backing up a configuration file, select
one of the following formats for the backup file.
- Exclude—Sensitive data is not included in the backup file.
- Encrypted—Sensitive data is included in the backup file in encrypted form.
- Plaintext—Sensitive data is included in the backup file in plain text.
NOTE The available sensitive data options are determined by the current user SSD rules. For details,
refer to Secure Sensitive Data Management > SSD Rules page.
STEP 5 The Save Icon Blinking field indicates whether an icon blinks when there is
unsaved data. To disable/enable this feature, click Disable/Enable Save Icon
Blinking.
STEP 6 Click Apply. The file is copied.
Cisco Small Business 200 Series Smart Switch Administration Guide 47
Administration: File Management
Auto Configuration/Image Update via DHCP
5
Auto Configuration/Image Update via DHCP
The Auto Configuration/Image Update feature provides a convenient method to automatically configure
Cisco Small Business 200, 300 and 500 switches in a network and upgrade their firmware. This process
enables the administrator to remotely ensure that the configuration and firmware of these devices in the
network are up-to-date.
This feature is comprised of the following parts:
• Auto Image Update—Automatic downloading a firmware image from a remote TFTP/SCP server. At
the end of the Auto Configuration/Image Update process, the device reboots itself to the firmware
image.
• Auto Configuration—Automatic downloading a configuration file from a remote TFTP/SCP server. At
the end of the Auto Configuration/Image process, the device reboots itself to the configuration file.
NOTE If both Auto Image Update and Auto Configuration are requested, Auto Image
Update is performed first, then after reboot, Auto Configuration is performed and
then a final reboot is performed.
To use this feature, configure a DHCP server in the network with the locations and names of the
configuration file and firmware image of your devices. The devices in the network are configured as DHCP
clients by default. When the devices are assigned their IP addresses by the DHCP server, they also receive
information about the configuration file and firmware image. If the configuration file and/or firmware image
are different from the ones currently used on the device, the device reboots itself after downloading the file
and/or image. This section describes these processes.
In addition to the ability to keep the devices in the network updated with the latest configuration files and
firmware image, Auto-Update/Configuration enables quick installation of new devices on the network, since
an out-of-the-box device is configured to retrieve its configuration file and software image from the network
without any manual intervention by the system administrator. The first time that it applies for its IP address
from the DHCP server, the device downloads and reboots itself with the configuration file and/or image
specified by the DHCP server.
The Auto Configuration process supports downloading a configuration file that includes sensitive
information, such as RADIUS server keys and SSH/SSL keys, by using the Secured Copy Protocol (SCP)
and the Secure Sensitive Data (SSD) feature (See SSH Client Authentication and Security: Secure
Sensitive Data Management).
Download Protocols (TFTP or SCP)
Configuration files and firmware images can be downloaded from either a TFTP or an SCP server.
Cisco Small Business 200 Series Smart Switch Administration Guide 48
Administration: File Management
Auto Configuration/Image Update via DHCP
The user configures the protocol to be used, as follows:
• Auto By File Extension—(Default) If this option is selected, a user-defined file extension indicates that
files with this extension are downloaded using SCP (over SSH), while files with other extensions are
downloaded using TFTP. For example, if the file extension specified is.xyz, files with the .xyz
extension are downloaded using SCP, and files with the other extensions are downloaded using
TFTP. The default extension is .scp.
• TFTP Only—The download is done through TFTP, regardless of the file extension of the configuration
file name.
• SCP Only—The download is done through SCP (over SSH), regardless of the file extension of the
configuration file name.
5
SSH Client Authentication
SCP is SSH based. By default, remote SSH server authentication is disabled, so that the device accepts
any remote SSH server out of the box. You can enable remote SSH server authentication so that only
servers found in the trusted server list can be used.
SSH client authentication parameters are required to access the SSH server by the client (which is the
device). The default SSH client authentication parameters are:
• SSH authentication method: by username/password
• SSH username: anonymous
• SSH password: anonymous
NOTE The SSH client authentication parameters can also be used when downloading a
file manually (meaning, a download that is not performed through the DHCP Auto
Configuration/Image Update feature).
Auto Configuration/Image Update Process
DHCP Auto Configuration uses the configuration server name/address and configuration file name/path, if
any, in the DHCP messages received. In addition, DHCP Image Update uses the indirect file name of the
firmware, if any, in the messages. This information is specified as DHCP options in the Offer message
coming from the DHCPv4 servers and in the Information Reply messages coming from DHCPv6 servers.
If this information is not found in the DHCP server messages, backup information that has been configured
in the DHCP Auto Configuration/Image Update page is used.
Cisco Small Business 200 Series Smart Switch Administration Guide 49
Administration: File Management
Auto Configuration/Image Update via DHCP
When the Auto Configuration/Image Update process is triggered (see Auto Configuration/Image Update
Trigger), the sequence of events described below occurs.
5
Auto Image Update Starts:
• The switch uses the indirect file name from option 125 (DHCPv4) and option 60 (DHCPv6) if any, from
the DHCP message received.
• If the DHCP server did not send the indirect file name of the firmware image file, the Backup Indirect
Image File Name (from the DHCP Auto Configuration/Image Update page) is used.
• The switch downloads the Indirect Image File and extracts from it the name of the TFTP/SCP server's
image file.
• The switch compares the version of the TFTP server's image file with the version of the switch active
image.
• If the two versions are different, the new version is loaded into the non-active image, a reboot is
performed and the non-active image becomes the active image.
• When using the SCP protocol, a SYSLOG message is generated informing that reboot is about to
start.
• When using the SCP protocol, a SYSLOG message is generated acknowledging that the Auto
Update process is completed.
• When using the TFTP protocol, SYSLOG messages are generated by the copy process.
Auto Configuration Starts:
• The device uses the TFTP/SCP server name/address and configuration file name/path (DHCPv4
options: 66,150, and 67, DHCPv6 options: 59 and 60), if any, from the DHCP message received.
• If the information is not sent by the DHCP server, the Backup Server IP Address/Name and the
Backup Configuration File Name (from the DHCP Auto Configuration/Image Update page) is used.
• The new configuration file is used if its name is different than the name of the configuration file
previously used on the device or if the device has never been configured.
• The device is rebooted with the new configuration file, at the end of the Auto Configuration/Image
Update Process.
• SYSLOG messages are generated by the copy process.
Missing Options
• If the DHCP server did not send the TFTP/SCP server address in a DHCP option and the backup
TFTP/SCP server address parameter has not been configured, then:
Cisco Small Business 200 Series Smart Switch Administration Guide 50
Administration: File Management
Auto Configuration/Image Update via DHCP
- SCP—The Auto Configuration process is halted.
- TFTP—The device sends TFTP Request messages to a limited Broadcast address (for IPv4) or
ALL NODES address (for IPv6) on its IP interfaces and continues the process of Auto
Configuration/Image Update with the first answering TFTP server.
Download Protocol Selection
• The copy protocol (SCP/TFTP) is selected, as described in Download Protocols (TFTP or SCP).
SCP
• When downloading using SCP, the device accepts any specified SCP/SSH server (without
authentication) if either of the following is true:
- The SSH server authentication process is disabled. By default the SSH server authentication is
disabled in order to allow downloading configuration file for devices with factory default
configuration (for example out-of-box devices).
5
- The SSH Server is configured in the SSH Trusted Servers list.
If the SSH server authentication process is enabled, and the SSH server is not found in the SSH
Trusted Servers list, the Auto Configuration process is halted.
• If the information is available, the SCP server is accessed to download the configuration file or image
from it.
Auto Configuration/Image Update Trigger
Auto Configuration/Image Update via DHCPv4 is triggered when the following conditions are fulfilled:
• The IP address of the device is dynamically assigned/renewed at reboot, or explicitly renewed by
administrative action, or automatically renewed due to an expiring lease. Explicit renewal can be
activated in the IPv4 Interface page.
• If Auto Image Update is enabled, the Auto Image Update process is triggered when an indirect image
file name is received from a DHCP server or a backup indirect image file name has been configured.
Indirect means that this is not the image itself, but rather a file that holds the path name to the image.
• If Auto Configuration is enabled, the Auto Configuration process is triggered when the configuration
file name is received from a DHCP server or a backup configuration file name has been configured.
Auto Configuration/Image Update via DHCPv6 is triggered when the following conditions are fulfilled:
• When a DHCPv6 server sends information to the device. This occurs in the following cases:
- When an IPv6-enabled interface is defined as a DHCPv6 stateless configuration client.
Cisco Small Business 200 Series Smart Switch Administration Guide 51
Administration: File Management
Auto Configuration/Image Update via DHCP
- When DHCPv6 messages are received from the server (for example, when you press the Restart
button on IPv6 Interfaces page,
- When DHCPv6 information is refreshed by the device.
- After rebooting the device when stateless DHCPv6 client is enabled.
• When the DHCPv6 server packets contain the configuration filename option.
• The Auto Image Update process is triggered when an indirect image file name is provided by the
DHCP server or a backup indirect image file name has been configured. Indirect means that this is
not the image itself, but rather a file that holds the path name to the image.
Ensuring Correct Performance
To ensure that the Auto Configuration/Image Update feature works correctly, note the following:
5
• A configuration file that is placed on the TFTP/SCP server must match the form and format
requirements of the supported configuration file. The form and format of the file are checked, but the
validity of the configuration parameters is not checked prior to loading it to the Startup Configuration.
• In IPv4, to ensure that a device downloads the configuration and images file as intended during the
Auto Configuration/Image Update process, it is recommended that the device is always assigned
the same IP address. This ensures that the device is always assigned with the same IP address, and
obtains the same information used in Auto Configuration/Image Update.
DHCP Auto Configuration/Image Update
The following GUI pages are used to configure the device:
• Administration > File Management > DHCP Auto Configuration/Image Update—To configure the
device as a DHCP client.
• Administration > Management Interface > IPv4 Interface (In L2) or IP Configuration > IPv4
Management and Interfaces > IPv4 Interfaces (in L3)—To renew the IP address through DHCP when
the device is in Layer 2 system mode.
Default Settings and Configuration
The following defaults exist on the system:
• Auto Configuration is enabled.
• Auto Image Update is enabled.
• The device is enabled as a DHCP client.
Cisco Small Business 200 Series Smart Switch Administration Guide 52
Administration: File Management
Auto Configuration/Image Update via DHCP
• Remote SSH server authentication is disabled.
5
Before You Start the Auto Configuration/Image Update Process
To use this feature, the device must either be configured as a DHCPv4 or DHCPv6 client. The type of DHCP
client defined on the device is in correlation with the type of interfaces defined on the device.
Auto Configuration Preparations on the Server
To prepare the DHCP and TFTP/SCP servers, do the following:
TFTP/SCP Server
• Place a configuration file in the working directory. This file can be created by copying a configuration
file from a device. When the device is booted, this becomes the Running Configuration file.
DHCP Server
Configure the DHCP server with the following options:
• DHCPv4:
- 66 (single server address) or 150 (list of server addresses)
- 67 (name of configuration file)
• DHCPv6
- Option 59 (server address)
- Options 60 (name of configuration file plus indirect image file name, separated by a comma)
Auto Image Update Preparations
To prepare the DHCP and TFTP/SCP servers do the following:
TFTP/SCP Server
1. Create a sub directory in the main directory. Place a software image file in it.
2. Create an indirect file that contains a path and the name of the firmware version (for example indirectcisco.txt that contains cisco\cisco-version.ros).
3. Copy this indirect file to the TFTP/SCP server’s main directory
Cisco Small Business 200 Series Smart Switch Administration Guide 53
Administration: File Management
Auto Configuration/Image Update via DHCP
DHCP Server
Configure the DHCP server with the following options
• DHCPv4—Option 125 (indirect file name)
• DHCPv6—Options 60 (name of configuration file plus indirect image file name, separated by a
comma)
DHCP Client Work Flow
STEP 1 Configure Auto Configuration and/or Auto Image Update parameters in the
Administration > File Management > DHCP Auto Configuration/Image Update
page.
STEP 2 Set the IP Address Type to Dynamic in the Administration > Management Interface
> IPv4 Interface page.
5
Web Configuration
To configure Auto Configuration and/or Auto Update:
STEP 1 Click Administration > File Management > DHCP Auto Configuration/Image
Update.
STEP 2 Enter the values.
• Auto Configuration Via DHCP—Select this field to enable DHCP Auto Configuration. This feature is
enabled by default, but can be disabled here.
• Download Protocol—Select one of the following options:
Auto By File Extension
-
depending on the extension of the configuration file. If this option is selected, the extension of the
configuration file does not necessarily have to be given. If it is not given, the default extension is
used (as indicated below).
-
File Extension for SCP
Any file with this extension is downloaded using SCP. If no extension is entered, the default file
extension .scp is used.
—Select to indicate that Auto Configuration uses the TFTP or SCP protocol
—If Auto By File Extension is selected, you can indicate a file extension here.
-
TFTP Only
SCP Only
-
• Image Auto Update Via DHCP—Select this field to enable update of the firmware image from the
DHCP server. This feature is enabled by default, but can be disabled here.
Cisco Small Business 200 Series Smart Switch Administration Guide 54
—Select to indicate that only the TFTP protocol is to be used for auto configuration.
—Select to indicate that only the SCP protocol is to be used for auto configuration.
Administration: File Management
Auto Configuration/Image Update via DHCP
• Download Protocol—Select one of the following options:
5
Auto By File Extension
-
depending on the extension of the image file. If this option is selected, the extension of the image
file does not necessarily have to be given. If it is not given, the default extension is used (as
indicated below).
-
File Extension for SCP
Any file with this extension is downloaded using SCP. If no extension is entered, the default file
extension .scp is used.
-
TFTP Only
SCP Only
-
• SSH Settings for SCP—When using SCP for downloading the configuration files, select one of the
following options:
• Remote SSH Server Authentication—Click on the Enable/Disable link to navigate to the SSH Server
Authentication page. There you can enable authentication of the SSH server to be used for the
download and enter the trusted SSH server if required.
• SSH Client Authentication—Click on the System Credentials link to enter user credentials in the SSH
User Authentication page.
• Backup Server Definition—Select whether the backup server will be configured By IP address or
By name.
—Select to indicate that only the TFTP protocol is to be used for auto update.
—Select to indicate that only the SCP protocol is to be used for auto update.
—Select to indicate that auto update uses the TFTP or SCP protocol
—If Auto By File Extension is selected, you can indicate a file extension here.
• IP Version—Select whether an IPv4 or an IPv6 address is used.
• IPv6 Address Type—Select the IPv6 address type (if IPv6 is used). The options are:
- Link Local—The IPv6 address uniquely identifies hosts on a single network link. A link local
address has a prefix of FE80, is not routable, and can be used for communication only on the local
network. Only one link local address is supported. If a link local address exists on the interface, this
entry replaces the address in the configuration.
- Global—The IPv6 address is a global Unicast IPV6 type that is visible and reachable from other
networks.
• Link Local Interface—Select the link local interface (if IPv6 is used) from the list.
STEP 3 Enter the following optional information that is used if the DHCP server did not
provide the required information.
• Backup Server IP Address/Name—Enter either the backup server IP address or name.
• Backup Configuration File Name—Enter the backup configuration file name.
Cisco Small Business 200 Series Smart Switch Administration Guide 55
Administration: File Management
• Backup Indirect Image File Name—Enter the indirect image file name to be used. This is a file that
holds the path to the image. An example of an indirect image file name is: indirect-cisco.scp. This file
contains the path and name of the firmware image.
The following fields are displayed:
• Last Auto Configuration/Image Server IP Address—Address of the last backup server.
• Last Auto Configuration File Name—Name of the last configuration file name.
STEP 4 Click Apply. The parameters are copied to the Running Configuration file.
5
Cisco Small Business 200 Series Smart Switch Administration Guide 56
6
Administration
This section describes how to view system information and configure various options on the device.
It covers the following topics:
• Device Models
• System Settings
• Management Interface
• User Accounts
• Defining Idle Session Timeout
• Time Settings
• System Log
• File Management
• Rebooting the Device
• Health
• Diagnostics
• Discovery - Bonjour
• Discovery - LLDP
• Discovery - CDP
• Ping
Device Models
All models can be fully managed through the web-based switch configuration utility.
NOTE See Interface Naming Conventions for port naming conventions.
Cisco Small Business 200 Series Smart Switch Administration Guide 57
Administration
Device Models
The following table describes the various models, the number and type of ports on them and their PoE
information.
6
Model Name Product ID
(PID)
SG200-18 SLM2016T 16 GE ports + 2 GE special-purpose
SG200-26 SLM2024T 24 GE ports + 2 GE special-purpose
SG200-26P SLM2024PT 24 GE ports + 2 GE special-purpose
SG200-50 SLM2048T 48 GE ports + 2 GE special-purpose
SG200-50P SLM2048PT 48 GE ports + 2 GE special-purpose
SF200-24 SLM224GT 24 FE ports + 2 GE special-purpose
Description of Ports on Device Power
combo ports
combo-ports
combo-ports
combo-ports
combo-ports
combo-ports
No. of Ports
Dedicated
to PoE
N/A N/A
N/A N/A
100W 12 ports
N/A N/A
180W 24 ports
N/A N/A
that Support
PoE
FE1-FE6, FE13
- FE18
FE1-FE12,
FE25 - FE36
SF200-24P SLM224PT 24 FE ports + 2 GE special-purpose
combo-ports
SF200-48 SLM248GT 48 FE ports + 2 GE special-purpose
combo-ports
SF200-48P SLM248PT
V. 0
SG200-10FP SG200-
10FP V.0
SF200-24FP SF200-
24FP V.0
Cisco Small Business 200 Series Smart Switch Administration Guide 58
48 FE ports + 2 GE special-purpose
combo-ports
10-Port Gigabit PoE Smart Switch 62W 8
24-Port 10/100 PoE Smart Switch 180W 24
100W 12 ports
FE1- FE6,
FE13 - FE18
N/A N/A
180W 24 PoE ports
Administration
System Settings
6
Model Name Product ID
(PID)
SG200-26FP SG200-
26FP V.0
SG200-50FP SG200-
50FP V.0
Description of Ports on Device Power
Dedicated
to PoE
26-Port Gigabit PoE Smart Switch 180W 24
50-Port Gigabit PoE Smart Switch 375W 48
No. of Ports
that Support
PoE
System Settings
The System Summary page provides a graphic view of the device, and displays device status, hardware
information, firmware version information, general PoE status, and other items.
Displaying the System Summary
To view system information:
STEP 1 Click Status and Statistics > System Summary.
System Information:
• System Description—A description of the system.
• System Location—Physical location of the device. Click Edit to go the System Settings page to
enter this information.
• System Contact—Name of a contact person. Click Edit to go the System Settings page to enter this
information.
• Host Name—Name of the device. Click Edit to go the System Settings page to enter this information.
By default, the device hostname is composed of the word device concatenated with the three least
significant bytes of the device MAC address (the six furthest right hexadecimal digits).
• System Object ID—Unique vendor identification of the network management subsystem contained
in the entity (used in SNMP).
• System Uptime—Time that has elapsed since the last reboot.
• Current Time—Current system time.
• Base MAC Address—Device MAC address.
Cisco Small Business 200 Series Smart Switch Administration Guide 59
Administration
System Settings
• Jumbo Frames—Jumbo frame support status. This support can be enabled or disabled by using the
Port Settings page of the Port Management menu.
NOTE Jumbo frames support takes effect only after it is enabled, and after the device is rebooted.
Software Information:
• Firmware Version—Firmware version number of the active image.
• Firmware MD5 Checksum—MD5 checksum of the active image.
• Boot Version—Boot version number.
• Boot MD5 Checksum—MD5 checksum of the boot version.
• Locale—Locale of the first language. (This is always English.)
• Language Version—Language package version of the first or English language.
6
• Language MD5 Checksum—MD5 checksum of the language file.
TCP/UDP Services Status:
• HTTP Service—Displays whether HTTP is enabled/disabled.
• HTTPS Service—Displays whether HTTPS is enabled/disabled.
• SNMP Service—Displays whether SNMP is enabled/disabled.
PoE Power Information: (on devices supporting PoE)
• Maximum Available PoE Power (W)—Maximum available power that can be delivered by the PoE.
• Total PoE Power Consumption (W)—Total PoE power delivered to connected PoE devices.
• PoE Power Mode—Port Limit or Class Limit.
System Settings
To enter system settings:
STEP 1 Click Administration > System Settings.
STEP 2 View or modify the system settings.
• System Description—Displays a description of the device.
• System Location—Enter the physical location of the device.
• System Contact—Enter the name of a contact person.
Cisco Small Business 200 Series Smart Switch Administration Guide 60
Administration
Management Interface
• Host Name—Select the host name of this device. This is used in the prompt of CLI commands:
- Use Default—The default hostname (System Name) of these switches is: switch123456, where
123456 represents the last three bytes of the device MAC address in hex format.
- User Defined—Enter the hostname. Use only letters, digits, and hyphens. Host names cannot
begin or end with a hyphen. No other symbols, punctuation characters, or blank spaces are
permitted (as specified in RFC1033, 1034, 1035).
• Custom Banner Settings—The following banners can be set:
- Login Banner—Enter text to display on the Login page before login. Click Preview to view the
results.
- Welcome Banner—Enter text to display on the Login page after login. Click Preview to view the
results.
NOTE When you define a login banner from the web-based configuration utility, it also activates the
banner for the CLI interfaces (Console, Telnet, and SSH).
6
STEP 3 Click Apply to save the values in the Running Configuration file.
Management Interface
See IPv4 Management and Interfaces.
User Accounts
See Defining Users.
Defining Idle Session Timeout
The
Idle Session Timeout
before it times out and you must log in again to reestablish the session.
configures the time interval during which the HTTP session can remain idle
• HTTP Session Timeout
• HTTPS Session Timeout
Cisco Small Business 200 Series Smart Switch Administration Guide 61
Administration
Time S et tings
To set the idle session timeout of an HTTP or HTTPS session:
STEP 1 Click Administration > Idle Session Timeout.
STEP 2 Select the timeout for the each session from the corresponding list. The default
timeout value is 10 minutes.
STEP 3 Click Apply to set the configuration settings on the device.
Time Settings
See Administration: Time Settings.
6
System Log
See Administration: System Log.
File Management
See Administration: File Management.
Rebooting the Device
Some configuration changes, such as enabling jumbo frame support, require the system to be rebooted
before they take effect. However, rebooting the device deletes the Running Configuration, so it is critical
that the Running Configuration is saved to the Startup Configuration before the device is rebooted. Clicking
Apply does not save the configuration to the Startup Configuration. For more information on files and file
types, see the System Files section.
You can back up the device configuration by using
Configuration
remote device. See the Download/Backup Configuration/Log section.
or clicking Save at the top of the window. You can also upload the configuration from a
Administration > File Management > Copy/Save
Cisco Small Business 200 Series Smart Switch Administration Guide 62
Administration
Rebooting the Device
You might want to set the time of the reboot for some time in the future. This could happen, for example, in
one of the following cases:
• You are performing actions on a remote device, and these actions might create loss of connectivity to
the remote device. Pre-scheduling a reboot restores the working configuration and enables restoring
the connectivity to the remote device. If these actions are successful, the delayed reboot can be
cancelled.
• Reloading the device cause loss of connectivity in the network, thus by using delayed reboot, you
can schedule the reboot to a time that is more convenient for the users (e.g. late night).
To reboot the device:
STEP 1 Click Administration > Reboot.
STEP 2 Click the Reboot button to reboot the device.
• Reboot—Reboots the device. Since any unsaved information in the Running Configuration is
discarded when the device is rebooted, you must click Save in the upper-right corner of any window
to preserve current configuration across the boot process. If the Save option is not displayed, the
Running Configuration matches the Startup Configuration and no action is necessary.
6
• Cancel Reboot—Cancels a reboot if one has been schedule for the future.
The following options are available:
- Immediate—Reboot immediately.
- Date—Enter the date (month/day) and time (hour and minutes) of the schedule reboot. This
schedules a reload of the software to take place at the specified time (using a 24-hour clock). If
you specify the month and day, the reload is scheduled to take place at the specified time and
date. If you do not specify the month and day, the reload takes place at the specified time on the
current day (if the specified time is later than the current time) or on the next day (if the specified
time is earlier than the current time). Specifying 00:00 schedules the reload for midnight. The
reload must take place within 24 days.
NOTE This option can only be used if the system time has either been set manually or by SNTP.
- In—Reboot within the specified number of hours and minutes. The maximum amount of time that
can pass is 24 days.
• Reboot to Factory Defaults—Reboots the device by using the factory default configuration. This
process erases the Startup Configuration file, and the backup configuration file. The mirror
configuration file is not deleted when restoring to factory default.
• Clear Startup Configuration File—Check to clear the startup configuration on the device for the next
time it boots up.
Cisco Small Business 200 Series Smart Switch Administration Guide 63
Administration
Health
NOTE Clearing the Startup Configuration File and Rebooting is not the same as Rebooting to Factory
Defaults. Rebooting to Factory Defaults is more intrusive.
6
Health
The Health page monitors the fan status on all devices with fans. Depending on the model, there are one or
more fans on a device. Some models have no fans at all.
Some devices have a temperature sensor to protect its hardware from overheating. In this case, the
following actions are performed by the device if it overheats and during the cool down period after
overheating:
Event Action
At least one temperature
sensor exceeds the
Warning threshold
At least one temperature
sensor exceeds the Critical
threshold
The following are generated:
• SYSLOG message
• SNMP trap
The following are generated:
• SYSLOG message
• SNMP trap
The following actions are performed:
• System LED is set to solid amber (if hardware
supports this).
• Disable Ports — When the Critical
temperature has been exceeded for two
minutes, all ports will be shut down.
• (On devices that support PoE) Disable the
PoE circuitry so that less power is consumed
and less heat is emitted.
Cisco Small Business 200 Series Smart Switch Administration Guide 64
Administration
Diagnostics
Event Action
6
Cool down period after the
Critical threshold was
exceeded (all sensors are
lower than the Warning
threshold - 2 °C).
To view the device health parameters, click Status and Statistics > Health.
The Health page displays the following fields:
• Fan Status—Fan status. The following values are possible:
- OK—Fan is operating normally.
- Fail—Fan is not operating correctly.
- N/A—Fan ID is not applicable for the specific model.
• Fan Direction—(On relevant devices) The direction that the fans are working in (for example: Front to
Back).
After all the sensors cool down to Warning
Threshold minus 2 degree C, the PHY will be reenabled, and all ports brought back up.
If FAN status is OK, the ports are enabled.
(On devices that support PoE) the PoE circuitry is
enabled.
• Te mp e rat ur e—Th e opti ons are :
- OK—The temperature is below the warning threshold.
- Warning—The temperature is between the warning threshold to the critical threshold.
- Critical—Temperature is above the critical threshold
Diagnostics
See Administration: Diagnostics.
Discovery - Bonjour
See Bonjour.
Cisco Small Business 200 Series Smart Switch Administration Guide 65
Administration
Discovery - LLDP
6
Discovery - LLDP
See Configuring LLDP.
Discovery - CDP
See Configuring CDP.
Ping
The Ping utility tests if a remote host can be reached and measures the round-trip time for packets sent
from the device to a destination device.
Ping operates by sending Internet Control Message Protocol (ICMP) echo request packets to the target
host and waiting for an ICMP response, sometimes called a pong. It measures the round-trip time and
records any packet loss.
To ping a host:
STEP 1 Click Administration > Ping.
STEP 2 Configure ping by entering the fields:
• Host Definition—Select whether to specify the source interface by its IP address or name. This field
influences the interfaces that are displayed in the Source IP field, as described below.
• IP Version—If the source interface is identified by its IP address, select either IPv4 or IPv6 to indicate
that it will be entered in the selected format.
• Source IP—Select the source interface whose IPv4 address will be used as the source IPv4 address
for communication with the destination. If the Host Definition field was By Name, all IPv4 and IPv6
addresses will be displayed in this drop-down field. If the Host Definition field was By IP Address, only
the existing IP addresses of the type specified in the IP Version field will be displayed.
NOTE If the Auto option is selected, the system computes the source address based on the
destination address.
• Destination IPv6 Address Type—Select Link Local or Global as the type of IPv6 address to enter as
the destination IP address.
Cisco Small Business 200 Series Smart Switch Administration Guide 66
Administration
Ping
- Link Local—The IPv6 address uniquely identifies hosts on a single network link. A link local
address has a prefix of FE80, is not routable, and can be used for communication only on the local
network. Only one link local address is supported. If a link local address exists on the interface, this
entry replaces the address in the configuration.
- Global—The IPv6 address is a global Unicast IPV6 type that is visible and reachable from other
networks.
• Link Local Interface—If the IPv6 address type is Link Local, select from where it is received.
• Destination IP Address/Name—Address or host name of the device to be pinged. Whether this is an
IP address or host name depends on the Host Definition.
• Ping Interval—Length of time the system waits between ping packets. Ping is repeated the number
of times configured in the Number of Pings field, whether the ping succeeds or not. Select to use the
default interval or specify your own value.
• Number of Pings—The number of times the ping operation is performed. Select to use the default or
specify your own value.
6
• Status—Displays whether the ping succeeded or failed.
STEP 3 Click Activate Ping to ping the host. The ping status appears and a message is
added to the list of messages, indicating the result of the ping operation.
STEP 4 View the results of ping in the Ping Counters and Status section of the page.
Cisco Small Business 200 Series Smart Switch Administration Guide 67
7
Administration: Time Settings
Synchronized system clocks provide a frame of reference between all devices on the network. Network
time synchronization is critical because every aspect of managing, securing, planning, and debugging a
network involves determining when events occur. Without synchronized clocks, accurately correlating log
files between devices when tracking security breaches or network usage is impossible.
Synchronized time also reduces confusion in shared file systems, as it is important for the modification
times to be consistent, regardless of the machine on which the file systems reside.
For these reasons, it is important that the time configured on all of the devices on the network is accurate.
NOTE The device supports Simple Network Time Protocol (SNTP) and when enabled, the
device dynamically synchronizes the device time with time from an SNTP server.
The device operates only as an SNTP client, and cannot provide time services to
other devices.
This section describes the options for configuring the system time, time zone, and Daylight Savings Time
(DST). It covers the following topics:
• System Time Options
• SNTP Modes
• Configuring System Time
System Time Options
System time can be set manually by the user, dynamically from an SNTP server, or synchronized from the
PC running the GUI. If an SNTP server is chosen, the manual time settings are overwritten when
communications with the server are established.
As part of the boot process, the device always configures the time, time zone, and DST. These parameters
are obtained from the PC running the GUI, SNTP, values set manually, or if all else fails, from the factory
defaults.
Cisco Small Business 200 Series Smart Switch Administration Guide 68
Administration: Time Settings
System Time Options
Time
The following methods are available for setting the system time on the device:
• Manual—User must manually set the time.
• From PC—Time can be received from the PC by using browser information.
The configuration of time from the computer is saved to the Running Configuration file. You must
copy the Running Configuration to the Startup Configuration to enable the device to use the time
from the computer after reboot. The time after reboot is set during the first WEB login to the device.
When you configure this feature for the first time, if the time was not already set, the device sets the
time from the PC.
This method of setting time works with both HTTP and HTTPS connections.
• SNTP—Time can be received from SNTP time servers. SNTP ensures accurate network time
synchronization of the device up to the millisecond by using an SNTP server for the clock source.
When specifying an SNTP server, if choosing to identify it by hostname, three suggestions are given
in the GUI:
7
- time-a.timefreq.bldrdoc.gov
- time-b.timefreq.bldrdoc.gov
- time-c.timefreq.bldrdoc.gov
After the time has been set by any of the above sources, it is not set again by the browser.
NOTE SNTP is the recommended method for time setting.
Time Zone and Daylight Savings Time (DST)
The Time Zone and DST can be set on the device in the following ways:
• Dynamic configuration of the device through a DHCP server, where:
- Dynamic DST, when enabled and available, always takes precedence over the manual
configuration of DST.
- If the server supplying the source parameters fails, or dynamic configuration is disabled by the
user, the manual settings are used.
- Dynamic configuration of the time zone and DST continues after the IP address lease time has
expired.
• Manual configuration of the time zone and DST becomes the Operational time zone and DST, only if
the dynamic configuration is disabled or fails.
Cisco Small Business 200 Series Smart Switch Administration Guide 69
Administration: Time Settings
!
SNTP Modes
NOTE The DHCP server must supply DHCP option 100 in order for dynamic time zone configuration
to take place.
SNTP Modes
The device can receive system time from an SNTP server in one of the following ways:
• Client Broadcast Reception (passive mode)—SNTP servers broadcast the time, and the device
listens to these broadcasts. When the device is in this mode, there is no need to define a Unicast
SNTP server.
• Client Broadcast Transmission (active mode)—The device, as an SNTP client, periodically requests
SNTP time updates. This mode works in either of the following ways:
- SNTP Anycast Client Mode—The device broadcasts time request packets to all SNTP servers in
the subnet, and waits for a response.
7
- Unicast SNTP Server Mode—The device sends Unicast queries to a list of manually-configured
SNTP servers, and waits for a response.
The device supports having all of the above modes active at the same time and selects the best system
time received from an SNTP server, according to an algorithm based on the closest stratum (distance from
the reference clock).
Configuring System Time
Selecting Source of System Time
Use the System Time page to select the system time source. If the source is manual, you can enter the time
here.
CAUTION If the system time is set manually and the device is rebooted, the manual time
settings must be reentered.
Cisco Small Business 200 Series Smart Switch Administration Guide 70
Administration: Time Settings
Configuring System Time
To define system time:
STEP 1 Click Administration > Time Settings > System Time.
The following fields are displayed:
• Actual Time (Static)—System time on the device. This shows the DHCP time zone or the acronym for
the user-defined time zone if these were defined.
• Last Synchronized Server—Address, stratum and type of the SNTP server from which system time
was last taken.
STEP 2 Enter the following parameters:
Clock Source Settings—Select the source used to set the system clock.
• Main Clock Source (SNTP Servers)—If this is enabled, the system time is obtained from an SNTP
server. To use this feature, you must also configure a connection to an SNTP server in the SNTP
Interface Settings page. Optionally, enforce authentication of the SNTP sessions by using the SNTP
Authentication page.
7
• Alternate Clock Source (PC via active HTTP/HTTPS sessions)—Select to set the date and time
from the configuring computer using the HTTP protocol.
NOTE The Clock Source Setting needs to be set to either of the above in order for RIP MD5
authentication to work.
Manual Settings—Set the date and time manually. The local time is used when there is no alternate source
of time, such as an SNTP server:
• Date—Enter the system date.
• Local Time—Enter the system time.
Time Zone Settings—The local time is used via the DHCP server or Time Zone offset.
• Get Time Zone from DHCP—Select to enable dynamic configuration of the time zone and the DST
from the DHCP server. Whether one or both of these parameters can be configured depends on the
information found in the DHCP packet. If this option is enabled, DHCP client must be enabled on the
device.
NOTE The DHCP Client supports Option 100 providing dynamic time zone setting.
• Time Zone from DHCP—Displays the acronym of the time zone configured from the DHCP server.
This acronym appears in the Actual Time field
• Time Zone Offset—Select the difference in hours between Greenwich Mean Time (GMT) and the
local time. For example, the Time Zone Offset for Paris is GMT +1, while the Time Zone Offset for New
Yor k is G M T – 5 .
Cisco Small Business 200 Series Smart Switch Administration Guide 71
Administration: Time Settings
Configuring System Time
• Time Zone Acronym—Enter a name that will represent this time zone. This acronym appears in the
Actual Time field.
Daylight Savings Settings—Select how DST is defined:
• Daylight Savings—Select to enable Daylight Saving Time.
• Time Set Offset—Enter the number of minutes offset from GMT ranging from 1—1440. The default is
60.
• Daylight Savings Type—Click one of the following:
USA
-
—DST is set according to the dates used in the USA.
7
European
-
use this standard.
-
By dates
Enter the parameters described below.
Recurring
-
Selecting
- From—Day and time that DST starts.
- To —Day and time that DST ends.
Selecting
• From—Date when DST begins each year.
Day
-
Week
-
Month
-
Time
-
—DST is set according to the dates used by the European Union and other countries that
—DST is set manually, typically for a country other than the USA or a European country.
—DST occurs on the same date every year.
By Dates
Recurring
—Day of the week on which DST begins every year.
—Week within the month from which DST begins every year.
—Month of the year in which DST begins every year.
—The time at which DST begins every year.
allows customization of the start and stop of DST:
allows different customization of the start and stop of DST:
• To —Date when DST ends each year. For example, DST ends locally every fourth Friday in October at
5:00 am. The parameters are:
Day
-
-
-
-
Cisco Small Business 200 Series Smart Switch Administration Guide 72
—Day of the week on which DST ends every year.
Week
—Week within the month from which DST ends every year.
Month
Time
—Month of the year in which DST ends every year.
—The time at which DST ends every year.
Administration: Time Settings
Configuring System Time
STEP 3 Click Apply. The system time values are written to the Running Configuration file.
Adding a Unicast SNTP Server
Up to 16 Unicast SNTP servers can be configured.
NOTE To specify a Unicast SNTP server by name, you must first configure DNS server(s)
on the device (see DNS Settings).
To add a Unicast SNTP server:
STEP 1 Click Administration > Time Settings > SNTP Unicast.
STEP 2 Enter the following fields:
7
• SNTP Client Unicast—Select to enable the device to use SNTP-predefined Unicast clients with
Unicast SNTP servers.
• IPv4 Source Interface—Select the IPv4 interface whose IPv4 address will be used as the source
IPv4 address in messages used for communication with the SNTP server.
• IPv6 Source Interface—Select the IPv6 interface whose IPv6 address will be used as the source
IPv6 address in messages used for communication with the SNTP server.
NOTE If the Auto option is selected, the system takes the source IP address from the IP address
defined on the outgoing interface.
This page displays the following information for each Unicast SNTP server:
• SNTP Server—SNTP server IP address. The preferred server, or hostname, is chosen according to
its stratum level.
• Poll Interval—Displays whether polling is enabled or disabled.
• Authentication Key ID—Key Identification used to communicate between the SNTP server and
device.
• Stratum Level—Distance from the reference clock expressed as a numerical value. An SNTP server
cannot be the primary server (stratum level1) unless polling interval is enabled.
• Status—SNTP server status. The possible values are:
- Up—SNTP server is currently operating normally.
- Down—SNTP server is currently not available.
- Unknown—SNTP server is currently being searched for by the device.
Cisco Small Business 200 Series Smart Switch Administration Guide 73
Administration: Time Settings
Configuring System Time
-
In Process
booting up the SNTP server).
• Last Response—Last date and time a response was received from this SNTP server.
• Offset—Estimated offset of the server's clock relative to the local clock, in milliseconds. The host
determines the value of this offset using the algorithm described in RFC 2030.
• Delay—Estimated round-trip delay of the server's clock relative to the local clock over the network
path between them, in milliseconds. The host determines the value of this delay using the algorithm
described in RFC 2030.
• Source—How the SNTP server was defined, for example: manually or from DHCPv6 server.
• Interface—Interface on which packets are received.
—Occurs when the SNTP server does not fully trust its own time server (i.e. when first
STEP 3 To add a Unicast SNTP server, enable SNTP Client Unicast.
STEP 4 Click Add.
7
STEP 5 Enter the following parameters:
• Server Definition—Select if the SNTP server is going to be identified by its IP address or if you are
going to select a well-known SNTP server by name from the list.
NOTE To specify a well-known SNTP server, the device must be connected to the internet and
configured with a DNS server or configured so that a DNS server is identified by using DHCP. (See
DNS Settings)
• IP Version—Select the version of the IP address: Version 6 or Version 4.
• IPv6 Address Type—Select the IPv6 address type (if IPv6 is used). The options are
- Link Local—The IPv6 address uniquely identifies hosts on a single network link. A link local
address has a prefix of FE80, is not routable, and can be used for communication only on the local
network. Only one link local address is supported. If a link local address exists on the interface, this
entry replaces the address in the configuration.
- Global—The IPv6 address is a global Unicast IPV6 type that is visible and reachable from other
networks.
• Link Local Interface—Select the link local interface (if IPv6 Address Type Link Local is selected) from
the list.
• SNTP Server IP Address—Enter the SNTP server IP address. The format depends on which address
type was selected.
• SNTP Server—Select the name of the SNTP server from a list of well-known NTP servers. If other is
chosen, enter the name of an SNTP server in the adjacent field.
Cisco Small Business 200 Series Smart Switch Administration Guide 74
Administration: Time Settings
Configuring System Time
• Poll Interval—Select to enable polling of the SNTP server for system time information. All NTP
servers that are registered for polling are polled, and the clock is selected from the server with the
lowest stratum level (distance from the reference clock) that is reachable. The server with the lowest
stratum is considered to be the primary server. The server with the next lowest stratum is a secondary
server, and so forth. If the primary server is down, the device polls all servers with the polling setting
enabled, and selects a new primary server with the lowest stratum.
• Authentication—Select the check box to enable authentication.
• Authentication Key ID—If authentication is enabled, select the value of the key ID. (Create the
authentication keys using the SNTP Authentication page.)
STEP 6 Click Apply. The STNP server is added, and you are returned to the main page.
Configuring the SNTP Mode
7
The device can be in active and/or passive mode (see SNTP Modes for more information).
To enable receiving SNTP packets from all servers on the subnet and/or to enable transmitting time
requests to SNTP servers:
STEP 1 Click Administration > Time Settings > SNTP Multicast/Anycast.
STEP 2 Select from the following options:
• SNTP IPv4 Multicast Client Mode (Client Broadcast Reception)—Select to receive system time IPv4
Multicast transmissions from any SNTP server on the subnet.
• SNTP IPv6 Multicast Client Mode (Client Broadcast Reception)—Select to receive system time IPv6
Multicast transmissions from any SNTP server on the subnet.
• SNTP IPv4 Anycast Client Mode (Client Broadcast Transmission)—Select to transmit SNTP IPv4
synchronization packets requesting system time information. The packets are transmitted to all SNTP
servers on the subnet.
• SNTP IPv6 Anycast Client Mode (Client Broadcast Transmission)—Select to transmit SNTP IPv6
synchronization packets requesting system time information. The packets are transmitted to all SNTP
servers on the subnet.
STEP 3 Click Apply to save the settings to the Running Configuration file.
Cisco Small Business 200 Series Smart Switch Administration Guide 75
Administration: Time Settings
Configuring System Time
7
Defining SNTP Authentication
SNTP clients can authenticate responses by using HMAC-MD5. An SNTP server is associated with a key,
which is used as input together with the response itself to the MD5 function; the result of the MD5 is also
included in the response packet.
The SNTP Authentication page enables configuration of the authentication keys that are used when
communicating with an SNTP server that requires authentication.
The authentication key is created on the SNTP server in a separate process that depends on the type of
SNTP server you are using. Consult with the SNTP server system administrator for more information.
Workflow
STEP 1 Enable authentication in the SNTP Authentication page.
STEP 2 Create a key in the SNTP Authentication page.
STEP 3 Associate this key with an SNTP server in the SNTP Unicast page.
To enable SNTP authentication and define keys:
STEP 1 Click Administration > Time Settings > SNTP Authentication.
STEP 2 Select SNTP Authentication to support authentication of an SNTP session
between the device and an SNTP server.
STEP 3 Click Apply to update the device.
STEP 4 Click Add.
STEP 5 Enter the following parameters:
• Authentication Key ID—Enter the number used to identify this SNTP authentication key internally.
• Authentication Key—Enter the key used for authentication (up to eight characters). The SNTP server
must send this key for the device to synchronize to it.
• Trusted Key—Select to enable the device to receive synchronization information only from a SNTP
server by using this authentication key.
STEP 6 Click Apply. The SNTP Authentication parameters are written to the Running
Configuration file.
STEP 7
Cisco Small Business 200 Series Smart Switch Administration Guide 76
8
Administration: Diagnostics
This section contains information for configuring port mirroring, running cable tests, and viewing device
operational information.
It covers the following topics:
• Copper Ports Tests
• Displaying Optical Module Status
• Configuring Port and VLAN Mirroring
• Viewing CPU Utilization and Secure Core Technology
Copper Ports Tests
The Copper Test page displays the results of integrated cable tests performed on copper cables by the
Virtual Cable Tester (VCT).
VCT performs two types of tests:
• Time Domain Reflectometry (TDR) technology tests the quality and characteristics of a copper cable
attached to a port. Cables of up to 140 meters long can be tested. These results are displayed in the
Test Results block of the Copper Test page.
• DSP-based tests are performed on active GE links to measure cable length. These results are
displayed in the Advanced Information block of the Copper Test page.
Preconditions to Running the Copper Port Test
Before running the test, do the following:
• (Mandatory) Disable Short Reach mode (see the Port Management > Green Ethernet > Properties
page)
• (Optional) Disable EEE (see the Port Management > Green Ethernet > Properties page)
Use a CAT5 data cable when testing cables using (VCT).
Cisco Small Business 200 Series Smart Switch Administration Guide 77
Administration: Diagnostics
!
Copper Ports Tests
Accuracy of the test results can have an error range of +/- 10 for Advanced Testing and +/- 2 for basic
testing.
CAUTION When a port is tested, it is set to the Down state and communications are
interrupted. After the test, the port returns to the Up state. It is not recommended
that you run the copper port test on a port you are using to run the web-based
switch configuration utility, because communications with that device are
disrupted.
To test copper cables attached to ports:
STEP 1 Click Administration > Diagnostics > Copper Test.
STEP 2 Select the port on which to run the test.
8
STEP 3 Click Copper Test.
STEP 4 When the message appears, click OK to confirm that the link can go down or
Cancel to abort the test.
The following fields are displayed in the Test Results block:
• Last Update—Time of the last test conducted on the port.
• Tes t Re s ul ts —Cable test results. Possible values are:
- OK—Cable passed the test.
- No Cable—Cable is not connected to the port.
- Open Cable—Cable is connected on only one side.
- Short Cable—Short circuit has occurred in the cable.
- Unknown Test Result—Error has occurred.
• Distance to Fault—Distance from the port to the location on the cable where the fault was
discovered.
• Operational Port Status—Displays whether port is up or down.
If the port being tested is a Giga port, the Advanced Information block contains the following information,
which is refreshed each time you enter the page:
• Cable Length: Provides an estimate for the length.
• Pair—Cable wire pair being tested.
Cisco Small Business 200 Series Smart Switch Administration Guide 78
Administration: Diagnostics
Displaying Optical Module Status
• Status—Wire pair status. Red indicates fault and Green indicates status OK.
• Channel—Cable channel indicating whether the wires are straight or cross-over.
• Polarity—Indicates if automatic polarity detection and correction has been activated for the wire pair.
• Pair Skew—Difference in delay between wire pairs.
NOTE TDR tests cannot be performed when the port speed is 10Mbit/Sec.
8
Displaying Optical Module Status
The Optical Module Status page displays the operating conditions reported by the SFP (Small Form-factor
Pluggable) transceiver. Some information might not be available for SFPs that do not support the digital
diagnostic monitoring standard SFF-8472.
MSA-compatible SFPs
The following FE SFP (100Mbps) transceivers are supported:
• MFEBX1: 100BASE-BX-20U SFP transceiver for single-mode fiber, 1310 nm wavelength, supports up
to 20 km.
• MFEFX1: 100BASE-FX SFP transceiver, for multimode fiber, 1310 nm wavelength, supports up to 2 km.
• MFELX1: 100BASE-LX SFP transceiver, for single-mode fiber, 1310 nm wavelength, supports up to 10
km.
The following GE SFP (1000Mbps) transceivers are supported:
• MGBBX1: 1000BASE-BX-20U SFP transceiver, for single-mode fiber, 1310 nm wavelength, supports
up to 40 km.
• MGBLH1: 1000BASE-LH SFP transceiver, for single-mode fiber, 1310 nm wavelength, supports up to
40 km.
• MGBLX1: 1000BASE-LX SFP transceiver, for single-mode fiber, 1310 nm wavelength, supports up to
10 km.
• MGBSX1:1000BASE-SX SFP transceiver, for multimode fiber, 850 nm wavelength, supports up to 550
m.
• MGBT1: 1000BASE-T SFP transceiver for category 5 copper wire, supports up to 100 m.
Cisco Small Business 200 Series Smart Switch Administration Guide 79
Administration: Diagnostics
Configuring Port and VLAN Mirroring
To view the results of optical tests, click Administration > Diagnostics > Optical Module Status.
This page displays the following fields:
• Port—Port number on which the SFP is connected.
• Description—Description of optical transceiver.
• Serial Number—Serial number of optical transceiver.
• PID—VLAN ID.
• VID—ID of optical transceiver.
• Te mp e rat ur e—Temperature (Celsius) at which the SFP is operating.
• Voltage—SFP's operating voltage.
• Current—SFP's current consumption.
8
• Output Power—Transmitted optical power.
• Input Power—Received optical power.
• Transmitter Fault—Remote SFP reports signal loss. Values are True, False, and No Signal (N/S).
• Loss of Signal—Local SFP reports signal loss. Values are True and False.
• Data Ready—SFP is operational. Values are True and False
Configuring Port and VLAN Mirroring
Port mirroring is used on a network device to send a copy of network packets seen on a single device port,
multiple device ports, or an entire VLAN to a network monitoring connection on another port on the device.
This is commonly used for network appliances that require monitoring of network traffic, such as an
intrusion-detection system. A network analyzer connected to the monitoring port processes the data
packets for diagnosing, debugging, and performance monitoring.
Up to four sources can be mirrored. This can be any combination of four individual ports and/or VLANs.
A packet that is received on a network port assigned to a VLAN that is subject to mirroring is mirrored to the
analyzer port even if the packet was eventually trapped or discarded. Packets sent by the device are
mirrored when Transmit (Tx) mirroring is activated.
Mirroring does not guarantee that all traffic from the source port(s) is received on the analyzer (destination)
port. If more data is sent to the analyzer port than it can support, some data might be lost.
Cisco Small Business 200 Series Smart Switch Administration Guide 80
Administration: Diagnostics
Configuring Port and VLAN Mirroring
Only one instance of mirroring is supported system-wide. The analyzer port (or target port for VLAN
mirroring or port mirroring) is the same for all the mirrored VLANs or ports.
To enable mirroring:
STEP 1 Click Administration > Diagnostics > Port and VLAN Mirroring.
The following fields are displayed:
• Destination Port—Port to which traffic is to be copied; the analyzer port.
• Source Interface—Interface, port, or VLAN from which traffic is sent to the analyzer port.
• Type—Type of monitoring: incoming to the port (Rx), outgoing from the port (Tx), or both.
• Status— Displays one of the following values:
- Active—Both source and destination interfaces are up and forwarding traffic.
8
- Not Ready—Either source or destination (or both) are down or not forwarding traffic for some
reason.
STEP 2 Click Add to add a port or VLAN to be mirrored.
STEP 3 Enter the parameters:
• Destination Port—Select the analyzer port to where packets are copied. A network analyzer, such as
a PC running Wireshark, is connected to this port. If a port is identified as an analyzer destination port,
it remains the analyzer destination port until all entries are removed.
• Source Interface—Select the source port or source VLAN from where traffic is to be mirrored.
• Type—Select whether incoming, outgoing, or both types of traffic are mirrored to the analyzer port. If
Port is selected, the options are:
- Rx Only—Port mirroring on incoming packets.
- Tx Onl y —Port mirroring on outgoing packets.
- Tx an d Rx—Port mirroring on both incoming and outgoing packets.
STEP 4 Click Apply. Port mirroring is added to the Running Configuration.
Cisco Small Business 200 Series Smart Switch Administration Guide 81
Administration: Diagnostics
Viewing CPU Utilization and Secure Core Technology
8
Viewing CPU Utilization and Secure Core Technology
The device handles the following types of traffic, in addition to end-user traffic:
• Management traffic
• Protocol traffic
• Snooping traffic
Excessive traffic burdens the CPU, and might prevent normal device operation. The device uses the Secure
Core Technology (SCT) feature to ensure that the device receives and processes management and
protocol traffic, no matter how much total traffic is received
cannot be disabled.
There are no interactions with other features.
. SCT is enabled by default on the device and
To display CPU utilization:
STEP 1 Click Administration > Diagnostics > CPU Utilization.
The CPU Utilization page appears.
The CPU Input Rate field displays the rate of input frames to the CPU per second.
The window contains a graph of the CPU utilization. The Y axis is percentage of usage, and the X axis is the
sample number.
STEP 2 Ensure that the CPU Utilization checkbox is enabled.
STEP 3 Select the Refresh Rate (time period in seconds) that passes before the statistics
are refreshed. A new sample is created for each time period.
STEP 4 Click Apply.
Cisco Small Business 200 Series Smart Switch Administration Guide 82
Administration: Discovery
This section provides information for configuring Discovery.
It covers the following topics:
• Bonjour
• LLDP and CDP
• Configuring LLDP
• Configuring CDP
Bonjour
9
As a Bonjour client, the device periodically broadcasts Bonjour Discovery protocol packets to directlyconnected IP subnet(s), advertising its existence and the services that it provides, for example; HTTP or
HTTPS. (Use the Security > TCP/UDP Services page to enable or disable the device services.) The device
can be discovered by a network management system or other third-party applications. By default, Bonjour
is enabled and runs on the Management VLAN. The Bonjour console automatically detects the device and
displays it.
Bonjour in Layer 2 System Mode
Bonjour Discovery can only be enabled globally, and not on a per-port or per-VLAN basis. The device
advertises the services enabled by the administrator.
When Bonjour Discovery and IGMP are both enabled, the IP Multicast address of Bonjour appears on the
Adding IP Multicast Group Addresses page.
When Bonjour Discovery is disabled, the device stops service type advertisements and does not respond
to requests for service from network management applications.
By default, Bonjour is enabled on all interfaces that are members of the Management VLAN.
Cisco Small Business 200 Series Smart Switch Administration Guide 83
Administration: Discovery
LLDP and CDP
To globally enable Bonjour:
STEP 1 Click Administration > Discovery - Bonjour.
STEP 2 Select Enable to enable Bonjour Discovery globally on the device.
STEP 3 Click Apply. Bonjour is enabled or disabled on the device according to the
selection.
9
LLDP and CDP
LLDP (Link Layer Discovery Protocol) and CDP (Cisco Discovery Protocol) are link layer protocols for
directly-connected LLDP and CDP-capable neighbors to advertise themselves and their capabilities. By
default, the device sends an LLDP/CDP advertisement periodically to all its interfaces and processes
incoming LLDP and CDP packets as required by the protocols. In LLDP and CDP, advertisements are
encoded as TLV (Type, Length, Value) in the packet.
The following CDP/LLDP configuration notes apply:
• CDP/LLDP can be enabled or disabled globally or per port. The CDP/LLDP capability of a port is
relevant only if CDP/LLDP is globally enabled.
• If CDP/LLDP is globally enabled, the device filters out incoming CDP/LLDP packets from ports that
are CDP/LLDP-disabled.
• If CDP/LLDP is globally disabled, the device can be configured to discard, VLAN-aware flooding, or
VLAN-unaware flooding of all incoming CDP/LLDP packets. VLAN-aware flooding floods an incoming
CDP/LLDP packet to the VLAN where the packet is received excluding the ingress port. VLANunaware flooding floods an incoming CDP/LLDP packet to all the ports excluding the ingress port.
The default is to discard CDP/LLDP packets when CDP/LLDP is globally disabled. You can configure
the discard/flooding of incoming CDP and LLDP packets from the CDP Properties page and the
LLDP Properties page respectively.
• Auto Smartport requires CDP and/or LLDP to be enabled. Auto Smartport automatically configures
an interface based on the CDP/LLDP advertisement received from the interface.
• CDP and LLDP end devices, such as IP phones, learn the voice VLAN configuration from CDP and
LLDP advertisements. By default, the device is enabled to send out CDP and LLDP advertisement
based on the voice VLAN configured at the device. Refer to the Voice VLAN for details.
Cisco Small Business 200 Series Smart Switch Administration Guide 84
Administration: Discovery
Configuring LLDP
NOTE CDP/LLDP does not distinguish if a port is in a LAG. If there are multiple ports in a
LAG, CDP/LLDP transmit packets on each port without taking into account the fact
that the ports are in a LAG.
The operation of CDP/LLDP is independent of the STP status of an interface.
If 802.1x port access control is enabled at an interface, the device transmits and receives CDP/LLDP
packets to and from the interface only if the interface is authenticated and authorized.
If a port is the target of mirroring, then CDP/LLDP considers it down.
NOTE CDP and LLDP are link layer protocols for directly-connected CDP/LLDP capable
devices to advertise themselves and their capabilities. In deployments where the
CDP/LLDP-capable devices are not directly connected and are separated with
CDP/LLDP-incapable devices, the CDP/LLDP-capable devices may be able to
receive the advertisement from other device(s) only if the CDP/LLDP-incapable
devices flood the CDP/LLDP packets they receive. If the CDP/LLDP-incapable
devices perform VLAN-aware flooding, then CDP/LLDP-capable devices can hear
each other only if they are in the same VLAN. A CDP/LLDP-capable device may
receive advertisements from more than one device if the CDP/LLDP-incapable
devices flood the CDP/LLDP packets.
9
Configuring LLDP
This section describes how to configure LLDP. It covers the following topics:
• LLDP Overview
• LLDP Properties
• LLDP Port Settings
• LLDP MED Network Policy
• LLDP MED Port Settings
• LLDP Port Status
• LLDP Local Information
• LLDP Neighbor Information
• LLDP Statistics
• LLDP Overloading
Cisco Small Business 200 Series Smart Switch Administration Guide 85
Administration: Discovery
Configuring LLDP
9
LLDP Overview
LLDP is a protocol that enables network managers to troubleshoot and enhance network management in
multi-vendor environments. LLDP standardizes methods for network devices to advertise themselves to
other systems, and to store discovered information.
LLDP enables a device to advertise its identification, configuration, and capabilities to neighboring devices
that then store the data in a Management Information Base (MIB). The network management system models
the topology of the network by querying these MIB databases.
LLDP is a link layer protocol. By default, the device terminates and processes all incoming LLDP packets as
required by the protocol.
The LLDP protocol has an extension called LLDP Media Endpoint Discovery (LLDP-MED) that provides and
accepts information from media endpoint devices such as VoIP phones and video phones. For further
information about LLDP-MED, see LLDP MED Network Policy.
LLDP Configuration Workflow
Following are examples of actions that can be performed with the LLDP feature and in a suggested order.
You can refer to the LLDP/CDP section for additional guidelines on LLDP configuration. LLDP configuration
pages are accessible under the Administration > Discovery LLDP menu.
1. Enter LLDP global parameters, such as the time interval for sending LLDP updates using the LLDP
Properties page.
2. Configure LLDP per port by using the Port Settings page. On this page, interfaces can be configured to
receive/transmit LLDP PDUs, send SNMP notifications, specify which TLVs to advertise, and advertise the
device's management address.
3. Create LLDP MED network policies by using the LLDP MED Network Policy
4. Associate LLDP MED network policies and the optional LLDP-MED TLVs to the desired interfaces by
using the LLDP MED Port Settings page.
5. If Auto Smartport is to detect the capabilities of LLDP devices, enable LLDP in the Smartport Properties
page.
6. Display overloading information by using the LLDP Overloading page.
page.
Cisco Small Business 200 Series Smart Switch Administration Guide 86
Administration: Discovery
Configuring LLDP
9
LLDP Properties
The Properties page enables entering LLDP general parameters, such as enabling/disabling the feature
globally and setting timers.
To enter LLDP properties:
STEP 1 Click Administration > Discovery - LLDP > Properties.
STEP 2 Enter the parameters.
• LLDP Status—Select to enable LLDP on the device (enabled by default).
• LLDP Frames Handling—If LLDP is not enabled, select the action to be taken if a packet that matches
the selected criteria is received:
Filtering
-
Flooding
-
• TLV Advertise Interval—Enter the rate in seconds at which LLDP advertisement updates are sent, or
use the default.
• Topology Change SNMP Notification Interval—Enter the minimum time interval between SNMP
notifications.
• Hold Multiplier—Enter the amount of time that LLDP packets are held before the packets are
discarded, measured in multiples of the TLV Advertise Interval. For example, if the TLV Advertise
Interval is 30 seconds, and the Hold Multiplier is 4, then the LLDP packets are discarded after 120
seconds.
• Reinitializing Delay—Enter the time interval in seconds that passes between disabling and
reinitializing LLDP, following an LLDP enable/disable cycle.
• Transmit Delay—Enter the amount of time in seconds that passes between successive LLDP frame
transmissions, due to changes in the LLDP local systems MIB.
• Chassis ID Advertisement—Select one of the following options for advertisement in the LLDP
messages:
—Delete the packet.
—Forward the packet to all VLAN members.
MAC Address
-
Host Name
-
STEP 3 In the Fast Start Repeat Count field, enter the number of times LLDP packets are
Cisco Small Business 200 Series Smart Switch Administration Guide 87
—Advertise the MAC address of the device.
—Advertise the host name of the device.
sent when the LLDP-MED Fast Start mechanism is initialized. This occurs when a
new endpoint device links to the device. For a description of LLDP MED, refer to
the LLDP MED Network Policy section.
Administration: Discovery
Configuring LLDP
STEP 4 Click Apply. The LLDP properties are added to the Running Configuration file.
9
LLDP Port Settings
The Port Settings page enables activating LLDP and SNMP notification per port, and entering the TLVs that
are sent in the LLDP PDU.
The LLDP-MED TLVs to be advertised can be selected in the LLDP MED Port Settings page, and the
management address TLV of the device may be configured.
To define the LLDP port settings:
STEP 1 Click Administration > Discovery - LLDP > Port Settings.
This page contains the port LLDP information.
STEP 2 Select a port and click Edit.
This page provides the following fields:
• Interface—Select the port to edit.
• Administrative Status—Select the LLDP publishing option for the port. The values are:
- Tx Onl y —Publishes but does not discover.
- Rx Only—Discovers but does not publish.
- Tx & R x—Publishes and discovers.
- Disable—Indicates that LLDP is disabled on the port.
• SNMP Notification—Select Enable to send notifications to SNMP notification recipients; for example,
an SNMP managing system, when there is a topology change.
The time interval between notifications is entered in the Topology Change SNMP Notification Interval
field in the LLDP Properties page. Define SNMP Notification Recipients by using the SNMP >
Notification Recipient v1,2
and/or SNMP > Notification Recipient v3 page.
• Selected Optional TLVs—Select the information to be published by the device by moving the TLV
from the Available Optional TLVs list. The available TLVs contain the following information:
- Port Description—Information about the port, including manufacturer, product name and
hardware/software version.
Cisco Small Business 200 Series Smart Switch Administration Guide 88
Administration: Discovery
Configuring LLDP
- System Name—System's assigned name (in alpha-numeric format). The value equals the
sysName object.
- System Description—Description of the network entity (in alpha-numeric format). This includes
the system's name and versions of the hardware, operating system, and networking software
supported by the device. The value equals the sysDescr object.
- System Capabilities—Primary functions of the device, and whether or not these functions are
enabled on the device. The capabilities are indicated by two octets. Bits 0 through 7 indicate Other,
Repeater, Bridge, WLAN AP, Router, Telephone, DOCSIS cable device, and station respectively. Bits
8 through 15 are reserved.
- 802.3 MAC-PHY—Duplex and bit rate capability and the current duplex and bit rate settings of the
sending device. It also indicates whether the current settings are due to auto-negotiation or manual
configuration.
- 802.3 Link Aggregation—Whether the link (associated with the port on which the LLDP PDU is
transmitted) can be aggregated. It also indicates whether the link is currently aggregated, and if so,
provides the aggregated port identifier.
9
- 802.3 Maximum Frame Size—Maximum frame size capability of the MAC/PHY implementation.
Management Address Optional TLV:
• Advertisement Mode—Select one of the following ways to advertise the IP management address of
the device:
- Auto Advertise—Specifies that the software automatically chooses a management address to
advertise from all the IP addresses of the device. In case of multiple IP addresses, the software
chooses the lowest IP address among the dynamic IP addresses. If there are no dynamic
addresses, the software chooses the lowest IP address among the static IP addresses.
- None—Do not advertise the management IP address.
- Manual Advertise—Select this option and the management IP address to be advertised.
• IP Address—If Manual Advertise was selected, select the Management IP address from the
addresses provided.
The following fields relate to the 802.1 VLAN and Protocol:
• PVID—Select to advertise the PVID in the TLV.
• Port & Protocol VLAN ID—Select to advertise the port and protocol VLAN ID.
• VLAN ID—Select which VLANs will be advertised.
• Protocol IDs—Select which protocols will be advertised.
• Selected Protocol IDs—Displays selected protocols.
Cisco Small Business 200 Series Smart Switch Administration Guide 89
Administration: Discovery
Configuring LLDP
STEP 3 Enter the relevant information, and click Apply. The port settings are written to the
Running Configuration file.
LLDP MED Network Policy
9
LLDP Media Endpoint Discovery
capabilities to support media endpoint devices:
• Enables the advertisement and discovery of network polices for real-time applications such as voice
and/or video.
• Device location discovery to allow creation of location databases and, in the case of Voice over
Internet Protocol (VoIP), Emergency Call Service (E-911) by using IP Phone location information.
• Troubleshooting information. LLDP MED sends alerts to network managers upon:
- Port speed and duplex mode conflicts
- QoS policy misconfigurations
(LLDP-MED) is an extension of LLDP that provides the following additional
Setting LLDP MED Network Policy
An LLDP-MED network policy is a related set of configuration settings for a specific real-time application
such as voice, or video. A network policy, if configured, can be included in the outgoing LLDP packets to the
attached LLDP media endpoint device. The media endpoint device must send its traffic as specified in the
network policy it receives. For example, a policy can be created for VoIP traffic that instructs VoIP phone to:
• Send voice traffic on VLAN 10 as tagged packet and with 802.1p priority 5.
• Send voice traffic with DSCP 46.
Network policies are associated with ports by using the LLDP MED Port Settings page. An administrator
can manually configure one or more network policies and the interfaces where the policies are to be sent. It
is the administrator's responsibility to manually create the VLANs and their port memberships according to
the network policies and their associated interfaces.
In addition, an administrator can instruct the device to automatically generate and advertise a network
policy for voice application based on the voice VLAN maintained by the device. Refer the Auto Voice VLAN
section for details on how the device maintains its voice VLAN.
Cisco Small Business 200 Series Smart Switch Administration Guide 90
Administration: Discovery
Configuring LLDP
To define an LLDP MED network policy:
STEP 1 Click Administration > Discovery - LLDP > LLDP MED Network Policy.
This page contains previously-created network policies.
STEP 2 Select Auto for LLDP-MED Network Policy for Voice Application if the device is to
automatically generate and advertise a network policy for voice application based
on the voice VLAN maintained by the device.
NOTE When this box is checked, you may not manually configure a voice network policy.
STEP 3 Click Apply to add this setting to the Running Configuration file.
STEP 4 To define a new policy, click Add.
STEP 5 Enter the values:
9
• Network Policy Number—Select the number of the policy to be created.
• Application—Select the type of application (type of traffic) for which the network policy is being
defined.
• VLAN ID—Enter the VLAN ID to which the traffic must be sent.
• VLAN Type—Select whether the traffic is Tagged or Untagged.
• User Priority—Select the traffic priority applied to traffic defined by this network policy. This is the
CoS value.
• DSCP Value—Select the DSCP value to associate with application data sent by neighbors. This
informs them how they must mark the application traffic they send to the device.
STEP 6 Click Apply. The network policy is defined.
NOTE You must manually configure the interfaces to include the desired manually-defined network
policies for the outgoing LLDP packets using the LLDP MED Port Settings.
Cisco Small Business 200 Series Smart Switch Administration Guide 91
Administration: Discovery
Configuring LLDP
9
LLDP MED Port Settings
The LLDP MED Port Settings page enables the selection of the LLDP-MED TLVs and/or the network policies
to be included in the outgoing LLDP advertisement for the desired interfaces. Network Policies are
configured using the LLDP MED Network Policy page.
NOTE If LLDP-MED Network Policy for Voice Application (LLDP-MED Network Policy
Page) is Auto and Auto Voice VLAN is in operation, then the device automatically
generates an LLDP-MED Network Policy for Voice Application for all the ports that
are LLDP-MED enabled and are members of the voice VLAN.
To configure LLDP MED on each port:
STEP 1 Click Administration > Discovery - LLDP > LLDP MED Port Settings.
This page displays the following LLDP MED settings for all ports (only fields not described in the Edit page
are listed):
• Location—Whether Location TLV is transmitted.
• PoE—Whether POE-PSE TLV is transmitted.
• Inventory—Whether Inventory TLV is transmitted.
STEP 2 The message at the top of the page indicates whether the generation of the LLDP
MED Network Policy for the voice application is automatic or not (see LLDP
Overview). Click on the link to change the mode.
STEP 3 To associate additional LLDP MED TLV and/or one or more user-defined LLDP
MED Network Policies to a port, select it, and click Edit.
STEP 4 Enter the parameters:
• Interface—Select the interface to configure.
• LLDP MED Status—Enable/disable LLDP MED on this port.
• SNMP Notification—Select whether SNMP notification is sent on a per-port basis when an end
station that supports MED is discovered; for example a SNMP managing system, when there is a
topology change.
• Selected Optional TLVs—Select the TLVs that can be published by the device by moving them from
the Available Optional TLVs list to the Selected Optional TLVs list.
• Available Network Policies—Select the LLDP MED policies to be published by LLDP by moving them
from the Available Network Policies list to the Selected Network Policies list. These were created in
.
the LLDP MED Network Policy page
advertisement, you must also select Network Policy from the Available Optional TLVs.
Cisco Small Business 200 Series Smart Switch Administration Guide 92
To include one or more user-defined network polices in the
Administration: Discovery
Configuring LLDP
NOTE The following fields must be entered in hexadecimal characters in the exact data format that is
defined in the LLDP-MED standard (ANSI-TIA-1057_final_for_publication.pdf):
- Location Coordinate—Enter the coordinate location to be published by LLDP.
- Location Civic Address—Enter the civic address to be published by LLDP.
- Location ECS ELIN—Enter the Emergency Call Service (ECS) ELIN location to be published by
LLDP.
STEP 5 Click Apply. The LLDP MED port settings are written to the Running Configuration
file.
LLDP Port Status
9
The LLDP Port Status Table page contains the LLDP global information for every port.
STEP 1 To view the LLDP port status, click Administration > Discovery - LLDP > LLDP
Port Status.
STEP 2 Click LLDP Local Information Detail to see the details of the LLDP and LLDP-MED
TLVs sent to the neighbor.
STEP 3 Click LLDP Neighbor Information Detail to see the details of the LLDP and LLDP-
MED TLVs received from the neighbor.
LLDP Port Status Global Information
• Chassis ID Subtype—Type of chassis ID (for example, MAC address).
• Chassis ID—Identifier of chassis. Where the chassis ID subtype is a MAC address, the MAC address
of the device appears.
• System Name—Name of device.
• System Description—Description of the device (in alpha-numeric format).
• Supported System Capabilities—Primary functions of the device, such as Bridge, WLAN AP, or
Router.
• Enabled System Capabilities—Primary enabled function(s) of the device.
• Port ID Subtype—Type of the port identifier that is shown.
LLDP Port Status Table
• Interface—Port identifier.
Cisco Small Business 200 Series Smart Switch Administration Guide 93
Administration: Discovery
Configuring LLDP
• LLDP Status—LLDP publishing option.
• LLDP MED Status—Enabled or disabled.
• Local PoE—Local PoE information advertised.
• Remote PoE—PoE information advertised by the neighbor.
• # of neighbors—Number of neighbors discovered.
• Neighbor Capability of 1st Device—Displays the primary functions of the neighbor; for example:
Bridge or Router.
LLDP Local Information
To view the LLDP local port status advertised on a port:
9
STEP 1 Click Administration > Discovery - LLDP > LLDP Local Information.
STEP 2 Select the interface for which LLDP local information is to be displayed.
This page displays the following fields for the selected interface:
Global
• Chassis ID Subtype—Type of chassis ID. (For example, the MAC address.)
• Chassis ID—Identifier of chassis. Where the chassis ID subtype is a MAC address, the MAC address
of the device appears.
• System Name—Name of device.
• System Description—Description of the device (in alpha-numeric format).
• Supported System Capabilities—Primary functions of the device, such as Bridge, WLAN AP, or
Router.
• Enabled System Capabilities—Primary enabled function(s) of the device.
• Port ID Subtype—Type of the port identifier that is shown.
• Port ID—Identifier of port.
• Port Description—Information about the port, including manufacturer, product name and hardware/
software version.
Cisco Small Business 200 Series Smart Switch Administration Guide 94
Administration: Discovery
Configuring LLDP
9
Management Address
Displays the table of addresses of the local LLDP agent. Other remote managers can use this address to
obtain information related to the local device. The address consists of the following elements:
• Address Subtype—Type of management IP address that is listed in the Management Address field;
for example, IPv4.
• Address—Returned address most appropriate for management use.
• Interface Subtype—Numbering method used for defining the interface number.
• Interface Number—Specific interface associated with this management address.
MAC/PHY Details
• Auto-Negotiation Supported—Port speed auto-negotiation support status.
• Auto-Negotiation Enabled—Port speed auto-negotiation active status.
• Auto-Negotiation Advertised Capabilities—Port speed auto-negotiation capabilities; for example,
1000BASE-T half duplex mode, 100BASE-TX full duplex mode.
• Operational MAU Type—Medium Attachment Unit (MAU) type. The MAU performs physical layer
functions, including digital data conversion from the Ethernet interfaces' collision detection and bit
injection into the network; for example, 100BASE-TX full duplex mode.
802.3 Details
• 802.3 Maximum Frame Size—The maximum supported IEEE 802.3 frame size.
802.3 Link Aggregation
• Aggregation Capability—Indicates whether the interface can be aggregated.
• Aggregation Status—Indicates whether the interface is aggregated.
• Aggregation Port ID—Advertised aggregated interface ID.
802.3 Energy Efficient Ethernet (EEE) (If device supports EEE)
• Local Tx—Indicates the time (in micro seconds) that the transmitting link partner waits before it starts
transmitting data after leaving Low Power Idle (LPI mode).
• Local Rx—Indicates the time (in micro seconds) that the receiving link partner requests that the
transmitting link partner waits before transmission of data following Low Power Idle (LPI mode).
• Remote Tx Echo—Indicates the local link partner’s reflection of the remote link partner’s Tx value.
Cisco Small Business 200 Series Smart Switch Administration Guide 95
Administration: Discovery
Configuring LLDP
• Remote Rx Echo—Indicates the local link partner’s reflection of the remote link partner’s Rx value.
MED Details
• Capabilities Supported—MED capabilities supported on the port.
• Current Capabilities—MED capabilities enabled on the port.
• Device Class—LLDP-MED endpoint device class. The possible device classes are:
9
Endpoint Class 1
-
-
Endpoint Class 2
1 features.
Endpoint Class 3
-
location, 911, Layer 2 device support, and device information management capabilities.
• PoE Device Type—Port PoE type; for example, powered.
• PoE Power Source—Port power source.
• PoE Power Priority—Port power priority.
• PoE Power Value—Port power value.
• Hardware Revision—Hardware version.
• Firmware Revision—Firmware version.
• Software Revision—Software version.
• Serial Number—Device serial number.
• Manufacturer Name—Device manufacturer name.
—Generic endpoint class, offering basic LLDP services.
—Media endpoint class, offering media streaming capabilities, as well as all Class
—Communications device class, offering all Class 1 and Class 2 features plus
• Model Name—Device model name.
• Asset ID—Asset ID.
Location Information
• Civic—Street address.
• Coordinates—Map coordinates: latitude, longitude, and altitude.
• ECS ELIN—Emergency Call Service (ECS) Emergency Location Identification Number (ELIN).
Network Policy Table
• Application Type—Network policy application type; for example, Voice.
Cisco Small Business 200 Series Smart Switch Administration Guide 96
Administration: Discovery
Configuring LLDP
• VLAN ID—VLAN ID for which the network policy is defined.
• VLAN Type—VLAN type for which the network policy is defined. The possible field values are:
9
Tagged
-
Untagged
-
• User Priority—Network policy user priority.
• DSCP—Network policy DSCP.
—Indicates the network policy is defined for tagged VLANs.
—Indicates the network policy is defined for untagged VLANs.
STEP 3 On the bottom of the page, click LLDP Port Status Table to see the details in the
LLDP Port Status Table.
LLDP Neighbor Information
The LLDP Neighbor Information page contains information that was received from neighboring devices.
After timeout (based on the value received from the neighbor Time To Live TLV during which no LLDP PDU
was received from a neighbor), the information is deleted.
To view the LLDP neighbors information:
STEP 1 Click Administration > Discovery - LLDP > LLDP Neighbor Information.
STEP 2 Select the interface for which LLDP neighbor information is to be displayed.
This page displays the following fields for the selected interface:
• Local Port—Number of the local port to which the neighbor is connected.
• Chassis ID Subtype—Type of chassis ID (for example, MAC address).
• Chassis ID—Identifier of the 802 LAN neighboring device's chassis.
• Port ID Subtype—Type of the port identifier that is shown.
• Port ID—Identifier of port.
• System Name—Published name of the device.
• Time to Live—Time interval (in seconds) after which the information for this neighbor is deleted.
STEP 3 Select a local port, and click Details.
Cisco Small Business 200 Series Smart Switch Administration Guide 97
Administration: Discovery
Configuring LLDP
The LLDP Neighbor Information page contains the following fields:
Port Details
• Local Port—Port number.
• MSAP Entry—Device Media Service Access Point (MSAP) entry number.
Basic Details
• Chassis ID Subtype—Type of chassis ID (for example, MAC address).
• Chassis ID—Identifier of the 802 LAN neighboring device chassis.
• Port ID Subtype—Type of the port identifier that is shown.
• Port ID—Identifier of port.
• Port Description—Information about the port, including manufacturer, product name and hardware/
software version.
9
• System Name—Name of system that is published.
• System Description—Description of the network entity (in alpha-numeric format). This includes the
system name and versions of the hardware, operating system, and networking software supported by
the device. The value equals the sysDescr object.
• Supported System Capabilities—Primary functions of the device. The capabilities are indicated by
two octets. Bits 0 through 7 indicate Other, Repeater, Bridge, WLAN AP, Router, Telephone, DOCSIS
cable device, and station, respectively. Bits 8 through 15 are reserved.
• Enabled System Capabilities—Primary enabled function(s) of the device.
Management Address Table
• Address Subtype—Managed address subtype; for example, MAC or IPv4.
• Address—Managed address.
• Interface Subtype—Port subtype.
• Interface Number—Port number.
MAC/PHY Details
• Auto-Negotiation Supported—Port speed auto-negotiation support status. The possible values are
True and False.
• Auto-Negotiation Enabled—Port speed auto-negotiation active status. The possible values are True
and False.
Cisco Small Business 200 Series Smart Switch Administration Guide 98
Administration: Discovery
Configuring LLDP
• Auto-Negotiation Advertised Capabilities—Port speed auto-negotiation capabilities, for example,
1000BASE-T half duplex mode, 100BASE-TX full duplex mode.
• Operational MAU Type—Medium Attachment Unit (MAU) type. The MAU performs physical layer
functions, including digital data conversion from the Ethernet interfaces’ collision detection and bit
injection into the network; for example, 100BASE-TX full duplex mode.
802.3 Power via MDI
• MDI Power Support Port Class—Advertised power support port class.
• PSE MDI Power Support—Indicates if MDI power is supported on the port.
• PSE MDI Power State—Indicates if MDI power is enabled on the port.
• PSE Power Pair Control Ability—Indicates if power pair control is supported on the port.
• PSE Power Pair—Power pair control type supported on the port.
9
• PSE Power Class—Advertised power class of the port.
802.3 Details
• 802.3 Maximum Frame Size—Advertised maximum frame size that is supported on the port.
802.3 Link Aggregation
• Aggregation Capability—Indicates if the port can be aggregated.
• Aggregation Status—Indicates if the port is currently aggregated.
• Aggregation Port ID—Advertised aggregated port ID.
802.3 Energy Efficient Ethernet (EEE)
• Remote Tx—Indicates the time (in micro seconds) that the transmitting link partner waits before it
starts transmitting data after leaving Low Power Idle (LPI mode).
• Remote Rx—Indicates the time (in micro seconds) that the receiving link partner requests that the
transmitting link partner waits before transmission of data following Low Power Idle (LPI mode).
• Local Tx Echo—Indicates the local link partner’s reflection of the remote link partner’s Tx value.
• Local Rx Echo—Indicates the local link partner’s reflection of the remote link partner’s Rx value.
MED Details
• Capabilities Supported—MED capabilities enabled on the port.
• Current Capabilities—MED TLVs advertised by the port.
Cisco Small Business 200 Series Smart Switch Administration Guide 99
Loading...