Page 1 ADMINISTRATION GUIDE Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.2.7...
Page 2: Table Of Contents
Types of System Files Upgrade/Backup Firmware/Language Selecting the Active Image Downloading or Backing-up a Configuration or Log Viewing Configuration Files Properties Copying Configuration Files DHCP Auto Configuration Chapter 1: Stack Management Overview Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 3 Monitoring the Fan Status and Temperature Defining Idle Session Timeout Pinging a Host Traceroute Chapter 3: System Time System Time Options SNTP Modes Configuring System Time Chapter 4: Managing Device Diagnostics Testing Copper Ports Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 4 Smartport Types Smartport Macros Macro Failure and the Reset Operation How the Smartport Feature Works Auto Smartport Error Handling Default Configuration Relationships with Other Features and Backwards Compatibility Common Smartport Tasks Web GUI Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 5 Configuring STP Status and Global Settings Defining Spanning Tree Interface Settings Configuring Rapid Spanning Tree Settings Multiple Spanning Tree Defining MSTP Properties Mapping VLANs to a MSTP Instance Defining MSTP Instance Settings Defining MSTP Interface Settings Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 6 Chapter 13: Configuring IP Information Management and IP Interfaces Defining IPv4 Routes Configuring ARP Enabling ARP Proxy Defining UDP Relay Domain Name Systems Chapter 14: Configuring Security Defining Users Configuring TACACS+ Configuring RADIUS Key Management Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 7 SSH Client Configuration SSH Client Activation Chapter 16: Using the SSH Server Feature Overview Default Settings Common Tasks SSH Server Configuration Pages Chapter 17: Using the SSL Feature SSL Overview Default Settings and Configuration Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 8 DHCP Snooping Binding Database DHCP Configuration Chapter 20: Access Control Access Control Lists Defining MAC-based ACLs IPv4-based ACLs IPv6-Based ACLs Defining ACL Binding Chapter 21: Configuring Quality of Service QoS Features and Components Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 9 Constraints and Interactions with Other Features Configuring VRRP With CLI Commands Configuring VRRP Through Web GUI Chapter 24: RIP Overview Limitations and Constraints How the RIP Protocol Works How RIP Operates on the Device Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 10 Contents Configuring RIP With CLI Commands Configuring RIP Through the WEB GUI How to Configure RIP - an Example Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 11: Chapter 1: Getting Started
IPv6 address. • If you have multiple IPv6 interfaces on your management station, use the IPv6 global address instead of the IPv6 link local address to access the switch from your browser. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 12 IP address, the power LED is on solid. Logging In The default username is cisco and the default password is cisco. The first time that you log in with the default username and password, you are required to enter a new password.
Page 13 Getting Started Starting the Web-based Switch Configuration Utility If this is the first time that you logged on with the default user ID (cisco) and the STEP 3 Change Password default password (cisco) or your password has expired, the Page opens. See Password Expiration for additional information.
Page 14 Getting Started page. If you did not select this option, the initial page is the Getting Started page. If you did select this option, the initial page is the System Summary page. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 15: Quick Start Switch Configuration
Port and VLAN Mirroring page There are two hot links on the Getting Started page that take you to Cisco web pages for more information. Clicking on the Support link takes you to the switch product support page, and clicking on the Forums link takes you to the Small Business Support Community page.
Page 16: Interface Naming Conventions
Layer 3 system modes. The SG500X devices always run in Layer 3 system mode. • Stack ports are different on these devices. See Stack Ports. • Port speed availability per cable types are different on these devices. See Cables Types. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 17: Window Navigation
Configuration and sets the switch parameters according to the data in the Running Configuration. Username Displays the name of the user logged on to the switch. The default username is cisco. (The default password is cisco). Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 18 After you access this page, the SYSLOG Alert Status icon is no longer displayed. To display the page when there is not an active SYSLOG message, Click Status and Statistics > View Log > RAM Memory. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 19 Click to clear the statistic counters for the selected Counters interface. Clear Logs Clears log files. Clear Table Clears table entries. Close Returns to main page. If any changes were not applied to the Running Configuration, a message is displayed. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 20 2. Click Close to return to the main page. Enter the query filtering criteria and click Go. The results are displayed on the page. Test Click Test to perform the related tests. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 21: Chapter 2: Viewing Statistics
Interface—Select the type of interface and specific interface for which Ethernet statistics are to be displayed. • Refresh Rate—Select the time period that passes before the interface Ethernet statistics are refreshed. The available options are: No Refresh—Statistics are not refreshed. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 22: Viewing Etherlike Statistics
The refresh rate of the information can be selected. This page provides more detailed information regarding errors in the physical layer (Layer 1), which might disrupt traffic. To view Etherlike Statistics and/or set the refresh rate: Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 23 Pause Frames Transmitted—Flow control pause frames transmitted from the selected interface. To clear statistics counters: • Click Clear Interface Counters to clear the selected interface’s counters. • Click Clear All Interface Counters to clear the counters of all interfaces. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 24: Viewing Gvrp Statistics
• Invalid Protocol ID—Invalid protocol ID errors. • Invalid Attribute Type—Invalid attribute ID errors. • Invalid Attribute Value—Invalid attribute value errors. • Invalid Attribute Length—Invalid attribute length errors. • Invalid Event—Invalid events. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 25: Viewing 802.1X Eap Statistics
EAP Response Frames Received—EAP Response frames received by the port (other than Resp/ID frames). • EAP Request/ID Frames Transmitted—EAP Req/ID frames transmitted by the port. • EAP Request Frames Transmitted—EAP Request frames transmitted by the port. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 26: Viewing Tcam Utilization
The TCAM Utilization page is displayed, showing the percentage of TCAM utilization per system and per stack unit. TCAM Rules To view how the allocation among various processes can be changed (for the 500 series), see the TCAM Allocation section. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 27: Managing Rmon
Packet length is greater than MRU byte size. • Collision event has not been detected. • Late collision event has not been detected. • Received (Rx) error event has not been detected. • Packet has a valid CRC. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 28 A Jabber packet is defined as an Ethernet frame that satisfies the following criteria: Packet data length is greater than MRU. Packet has an invalid CRC. Received (Rx) Error Event has not been detected. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 29 To enter RMON control information: Click Status and Statistics > RMON > History. The History Control Table page is STEP 1 displayed. The fields displayed on this page are defined in the Add RMON History Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 30 Click History Table. The History Control Table page is displayed. STEP 2 Click History Table to go to the History Table page. STEP 3 From the History Entry No. list, select the entry number of the sample to display. STEP 4 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 31 You can control the occurrences that trigger an alarm and the type of notification that occurs. This is performed as follows: • Events Page—Configures what happens when an alarm is triggered. This can be any combination of logs and traps. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 32 Click Apply. The RMON event is written to the Running Configuration file. STEP 4 Click Event Log Table to display the log of alarms that have occurred and that have STEP 5 been logged (see description below). Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 33 (delta) in the counter values. To enter RMON alarms: Click Status and Statistics > RMON > Alarms. The Alarms page is displayed. All STEP 1 previously-defined alarms are displayed. The fields are described in the Add Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 34 Rising Alarm—A rising value triggers the rising threshold alarm. Falling Alarm—A falling value triggers the falling threshold alarm. Rising and Falling—Both rising and falling values trigger the alarm. • Interval—Enter the alarm interval time in seconds. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 35 Viewing Statistics Managing RMON • Owner—Enter the name of the user or network management system that receives the alarm. Click Apply. The RMON alarm is written to the Running Configuration file. STEP 4 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 36: Chapter 3: Managing System Logs
(-) on each side (except for Emergency that is indicated by the letter F). For example, the log message "%INIT-I-InitCompleted: … " has a severity level of I, meaning Informational. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 37: Setting System Log Settings
Time and sent in a single message. The aggregated messages are sent in the order of their arrival. Each message states the number of times it was aggregated. • Max Aggregation Time—Enter the interval of time that SYSLOG messages are aggregated. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 38: Setting Remote Logging Settings
Global—The IPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks. • Link Local Interface—Select the link local interface (if IPv6 Address Type Link Local is selected) from the list. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 39: Viewing Memory Logs
RAM Memory page opens. The top of the page has a button that allows you to Disable Alert Icon Blinking. Click to toggle between disable and enable. This page displays the following fields: Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 40 • Log Index—Log entry number. • Log Time—Time when message was generated. • Severity—Event severity. • Description—Message text describing the event. To clear the messages, click Clear Logs. The messages are cleared. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 41: Chapter 4: Managing System Files
The possible methods of file transfer are: • Internal copy. • HTTP/HTTPS that uses the facilities that the browser provides. • TFTP/SCP client, requiring a TFTP/SCP server. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 42 The switch has been operating continuously for 24 hours. No configuration changes have been made to the Running Configuration in the previous 24 hours. The Startup Configuration is identical to the Running Configuration. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 43 Copy one configuration file type to another configuration file type as described in the Copying Configuration Files section. • Enable automatically uploading a configuration file from a DHCP server to the switch, as described in the DHCP Auto Configuration section. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 44: Upgrade/Backup Firmware/Language
Image can be updated prior to connecting a unit to the stack. This is the recommended method. • Upgrade master. The slave units are automatically updated. The following steps can be done from the CLI or from the web interface. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 45 TFTP server. • Backup Save Action—Specifies that a copy of the file type is to be saved to a file on another device. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 46 If you selected via SCP (Over SSH), see Using the SSH Client Feature STEP 5 instructions. Then, enter the following fields: (only unique fields are described, for non-unique fields, see the descriptions above) Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 47 SCP Server IP Address/Name—Enter the IP address or domain name of the SCP server. • (For Upgrade) Source File Name—Enter the name of the source file. • (For Backup) Destination File Name—Enter the name of the backup file. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 48: Selecting The Active Image
Active Image Version Number After Reboot displays the firmware version of the active image that is used after the switch is rebooted. Click Apply. The active image selection is updated. STEP 3 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 49: Downloading Or Backing-Up A Configuration Or Log
If the server is selected by name in the Server Definition, there is no NOTE need to select the IP Version related options. c. IPv6 Address Type—Select the IPv6 address type (if used). The options are: Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 50 TFTP Server IP Address/Name—Enter the IP address or domain name of the TFTP server. Source File Type—Enter the source configuration file type. Only valid file types are displayed. (The file types are described in the Files and File Types section). Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 51 The following options are available: Exclude—Do not include sensitive data in the backup. Encrypted—Include sensitive data in the backup in its encrypted form. Plaintext—Include sensitive data in the backup in its plaintext form. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 52 Global—The IPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks. • Link-Local Interface—Select the link local interface from the list. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 53: Viewing Configuration Files Properties
Configuration Files Properties page allows you to see when various system configuration files were created. It also enables deleting the Startup Configuration and Backup Configuration files. You cannot delete the other configuration file types. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 54: Copying Configuration Files
Unless the Running Configuration is copied to the Startup Configuration or another CAUTION configuration file, all changes made since the last time the file was copied are lost when the switch is rebooted. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 55 The Save Icon Blinking field indicates whether an icon blinks when there is STEP 4 unsaved data. To disable/enable this feature, click Disable/Enable Save Icon Blinking. Click Apply. The file is copied. STEP 5 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 56: Dhcp Auto Configuration
This is an optional parameter. Backup Configuration File Name You can specify the backup configuration filename. This file is used if no filename was specified in the DHCP message. This is an optional parameter. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 57 SSH password: anonymous Note that the SSH Client authentication parameters can also be used when downloading a file for manual download (a download that is not performed through the DHCP Auto Configuration feature). Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 58 • If the configuration filename was not supplied by the DHCP server and the backup configuration file name is empty, the Auto Configuration process is halted. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 59 IP addresses with each DHCP renew cycle, it is recommended that IP addresses be bound to MAC addresses in the DHCP server table. This ensures that each device has its own reserved IP address and other relevant information. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 60 Enter the following optional information to be used if no configuration file name STEP 3 was received from the DHCP server. • Backup Server Definition—Select By IP Address or By name to configure the server. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 61 DHCP server into the Startup Configuration file, and initiates a reboot. If the values match, no action is taken. Click Apply. The DHCP Auto Configuration feature is updated in the Running STEP 4 Configuration. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 62: Chapter 1: Stack Management
(Sx500 or SG500X). By default, all Sx500 and SG500X devices operate in Native Stacking mode. The units in a stack are connected through stack ports. These devices are then collectively managed as a single logical device. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 63 During Fast Stack Link failover, the master/backup units remain active and functioning. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 64: Types Of Units In Stack
The system mode (Layer 2 or Layer 3) of the backup and slaves units is taken from the master-enabled unit. This mode can be configured before the reboot process and might be affected after reboot (see table below). Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 65: Stack Ports
If auto selection of the stack port speed is not configured, all stack ports must be set to the same speed in order for the stack to functions correctly. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 66 SG500X Sx500 in SG500X and S3, S4 and S3, S4 for Sx500 for Sx500 Cisco SFP- H10GB-CU1M – Copper Cable Cisco SFP- H10GB-CU3M – Copper Cable Cisco SFP- H10GB-CU5M – Copper Cable Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 67 According According According According Forced user Forced user Forced user Forced user speed speed speed speed EEPROM EEPROM EEPROM EEPROM speed speed speed speed 1G speed 1G speed 1G speed 10G speed Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 68: Stack Topology
Stack in Chain Topology Ring Topology—All the units in the stack are connected in a chain. The last unit is connected to the first unit. The following shows a ring topology: Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 69 During topology discovery, each unit in a stack exchanges packets, which contain topology information. After the topology discovery process is completed, each unit contains the stack mapping information table of all units in the stack. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 70: Unit Id Assignment
In the figure above, Unit 1 does not join the stack and is shut down. It did not win the master selection process between the master-enabled units (1 or 2). The following shows a case where one of the duplicate units (auto-numbered) is renumbered. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 71: Master Selection Process
Master Selection Process The master unit is selected from the master-enabled units (1 or 2). The factors in selecting the master unit are taken into account in the following priority: Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 72: Stack Changes And Unit Id Assignment
Connecting or disconnecting a stack cable, or configuring a stack port link up or down, triggers a topology change. This can be the result of adding or removing a unit from the stack, or from changing the stack topology between a chain and a ring. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 73 The other unit is made the backup. Auto-numbered Master-enabled Unit The following shows an example of auto numbering when a new unit joins the stack. The existing units retain their ID. The new unit receives the lowest available Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 74: Unit Failure In Stack
In warm standby, the master and its backup units are synchronized with the static configuration (contained in both the Startup and Running configuration files). Backup configuration files are not synchronized. The backup configuration file remains on the previous master. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 75 Packet forwarding on the slave unit resumes after the state of its ports are set to forwarding by the master according to STP. Packet flooding to unknown unicast MAC addresses occurs until NOTE the MAC addresses are learned or relearned. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 76: Software Auto Synchronization In Stack
Change the stacking mode, the stack unit ID, stack ports, and the bit rate of the stack port of the devices in a stack. • Change the system mode (Layer 2/3) of a standalone device or of the stack. Stack Settings To configure the stack: Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 77 Model Name—Model name of a known and active unit. • Stack Connection 1—Information for the first stack connection: Port—The name of the port that is connected. Speed—The speed of the port that is connected. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 78 Stack Port Speed—The speed of the network ports for connecting to neighbor units in the stack after reboot. Click Apply and Reboot to reboot the device with the new settings. STEP 4 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 79: Chapter 2: General Administrative Information
Each model can be set to Layer 3 system mode by using the System Mode and NOTE Stack Management page, except for the SG500X models that always run in both Layer 2 and Layer 3 system mode. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 80 SG500-28 SG5000-28-K9 28-Port Gigabit Stackable Managed Switch SG500-28P SG500-28P-K9 28-Port Gigabit PoE Stackable 180W Managed Switch SG500-52 SG500-52-K9 52-Port Gigabit Stackable Managed Switch SG500-52P SG500-52P-K9 52-Port Gigabit PoE Stackable 375W Managed Switch Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 81: System Information
(Native Stacking or Standalone). The following options are available: • System Operational Mode—Specifies whether the system is operating in Layer 2 or Layer 3 system mode for 500 devices. SG500X devices also Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 82 Firmware MD5 Checksum (Active Image)—MD5 checksum of the active image. • Firmware Version (Non-active Image)—Firmware version number of the non-active image. If the system is in stack mode, the version of the master unit is displayed. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 83 The units in the stack are displayed graphically, along with the following information for each unit: • Unit ID of Master Unit • Model Description—Switch model description. • Serial Number—Serial number. • PID VID—Part number and version ID. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 84: Console Settings (Autobaud Rate Support)
The console port speed can be set to one of the following speeds: 4800, 9600, 19200, 38400, 57600, and 115200 or to Auto Detection. Auto Detection enables the device to detect your console speed automatically, so that you are not required to set it explicitly. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 85: Rebooting The Switch
Managing System Files section. To reboot the switch: Click Administration > Reboot. The Reboot page opens. STEP 1 Click one of the Reboot buttons to reboot the switch. STEP 2 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 86: Tcam Allocation
IP Entries—TCAM entries reserved for IPv4 static routes, IP interfaces, and IP hosts. Each type generates the following number of TCAM entries: IPv4 Static Routes—One entry per route IP Interface—Two entries per interface Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 87 Non IP Entries—TCAM entries reserved for other applications, such as ACL rules, CoS policers, and VLAN rate limits. To change the TCAM allocation for IP entries, enter the new value(s) in the New STEP 2 Settings block. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 88 IPv4 Routes—Displays the number of IPv4 routes entries that are used/ available. • IP Interfaces—Displays the number of used and available IP interfaces entries. • IP Host—Displays the number of IP host entries used and available. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 89: Monitoring The Fan Status And Temperature
• HTTP Session Timeout • HTTPS Session Timeout • Console Session Timeout Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 90: Pinging A Host
Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 91: Traceroute
Host Definition—Select whether hosts are identified by their IP address or name. • IP Version—If the host is identified by its IP address, select either IPv4 or IPv6 to indicate that it will be entered in the selected format. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 92 Host—Displays a stop along the route to the destination. • Round Trip Time (1-3)—Displays the round trip time in (ms) for the first through third frame and the status of the first through third operation. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 93: Chapter 3: System Time
This section describes the options for configuring the system time, time zone, and Daylight Savings Time (DST). It covers the following topics: • System Time Options • SNTP Modes • Configuring System Time Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 94: System Time Options
After the time has been set by any of the above sources, it is not set again by the browser. SNTP is the recommended method for time setting. NOTE Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 95: Sntp Modes
The switch supports having all of the above modes active at the same time and selects the best system time received from an SNTP server, according to an algorithm based on the closest stratum (distance from the reference clock). Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 96: Configuring System Time
Manual Settings—Set the date and time manually. The local time is used when there is no alternate source of time, such as an SNTP server: • Date—Enter the system date. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 97 To—Day and time that DST ends. Recurring Selecting allows different customization of the start and stop of DST: • From—Date when DST begins each year. —Day of the week on which DST begins every year. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 98 SNTP server and switch. • Stratum Level—Distance from the reference clock expressed as a numerical value. An SNTP server cannot be the primary server (stratum level 1) unless polling interval is enabled. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 99 Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 100 Click Administration > Time Settings > SNTP Multicast/Anycast. The STEP 1 Multicast/Anycast page opens. Select from the following options: STEP 2 • SNTP Multicast Client Mode (Client Broadcast Reception)—Select to receive system time from any SNTP server on the subnet. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 101 Enable authentication in the SNTP Authentication page. STEP 1 Create a key in the SNTP Authentication page. STEP 2 Associate this key with an SNTP server in the SNTP Unicast page. STEP 3 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 102 Absolute —This type of time range begins on a specific date or immediately and ends on a specific date or extends infinitely. It is created in the Time Range pages. A recurring element can be added to it. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 103 Date, Time—Enter the date and time that the Time Range begins. • Absolute Ending Time—To define the start time, enter the following: Infinite—Select for the time range to never end. Date, Time—Enter the date and time that the Time Range ends. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 104 Recurring Starting Time—Enter the date and time that the Time Range begins on a recurring basis. • Recurring Ending Time—Enter the date and time that the Time Range ends on a recurring basis. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 105: Chapter 4: Managing Device Diagnostics
Copper Test page. Preconditions to Running the Copper Port Test Before running the test, do the following: • (Mandatory) Disable Short Reach mode (see the Port Management > Green Ethernet > Properties page) Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 106 Unknown Test Result—Error has occurred. • Distance to Fault—Distance from the port to the location on the cable where the fault was discovered. • Operational Port Status—Displays whether port is up or down. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 107: Displaying Optical Module Status
MFELX1: 100BASE-LX SFP transceiver, for single-mode fiber, 1310 nm wavelength, supports up to 10 km. The following GE SFP (1000Mbps) transceivers are supported: • MGBBX1: 1000BASE-BX-20U SFP transceiver, for single-mode fiber, 1310 nm wavelength, supports up to 40 km. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 108: Configuring Port And Vlan Mirroring
A network analyzer connected to the monitoring port processes the data packets for diagnosing, debugging, and performance monitoring. Up to eight sources can be mirrored. This can be any combination of eight individual ports and/or VLANs. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 109 Not Ready—Either source or destination (or both) are down or not forwarding traffic for some reason. Add Port and VLAN Mirroring Click Add to add a port or VLAN to be mirrored. The STEP 2 page opens. Enter the parameters: STEP 3 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 110: Viewing Cpu Utilization And Secure Core Technology
SCT is enabled by default on the device and cannot be disabled. There are no interactions with other features. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 111 X axis is the sample number. Select the Refresh Rate (time period in seconds) that passes before the statistics STEP 2 are refreshed. A new sample is created for each time period. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 112: Chapter 5: Configuring Discovery
Services on the configuration on the page. When Bonjour Discovery and IGMP are both enabled, the IP Multicast address of Bonjour is displayed on the Adding IP Multicast Group Address page. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 113 If an IP address is changed, that change is advertised. If Bonjour is disabled, the switch does not send Bonjour Discovery advertisements and it does not listen for Bonjour Discovery advertisements sent by other devices. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 114: Lldp And Cdp
Apply). LLDP and CDP LLDP (Link Layer Discovery Protocol) and CDP (Cisco Discovery Protocol) are link layer protocols for directly-connected LLDP and CDP-capable neighbors to advertise themselves and their capabilities to each other. By default, the switch sends an LLDP/CDP advertisement periodically to all its interfaces and terminates and processes incoming LLDP and CDP packets as required by the protocols.
Page 115: Configuring Lldp
CDP/LLDP packets. Configuring LLDP This section describes how to configure LLDP. It covers the following topics: • LLDP Overview • Setting LLDP Properties • Editing LLDP Port Settings • LLDP MED Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 116 2. Configure LLDP per port by using the page On this page, interfaces can be configured to receive/transmit LLDP PDUs, send SNMP notifications, specify which TLVs to advertise, and advertise the switch's management address. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 117 Hold Multiplier is 4, then the LLDP packets are discarded after 120 seconds. • Reinitializing Delay—Enter the time interval in seconds that passes between disabling and reinitializing LLDP, following an LLDP enable/disable cycle. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 118 Administrative Status—Select the LLDP publishing option for the port. The values are: Tx Only—Publishes but does not discover. Rx Only—Discovers but does not publish. Tx & Rx—Publishes and discovers. Disable—Indicates that LLDP is disabled on the port. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 119 802.3 Maximum Frame—Maximum frame size capability of the MAC/ PHY implementation. The following fields relate to the Management Address: • Advertisement Mode—Select one of the following ways to advertise the IP management address of the switch: Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 120 Voice over Internet Protocol (VoIP), Emergency Call Service (E-911) by using IP Phone location information. • Troubleshooting information. LLDP MED sends alerts to network managers upon: Port speed and duplex mode conflicts QoS policy misconfigurations Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 121 Add LLDP MED Network Policy To define a new policy, click Add and the page STEP 4 opens. Enter the values: STEP 5 • Network Policy Number—Select the number of the policy to be created. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 122 The message at the top of the page indicates whether the generation of the LLDP STEP 2 MED Network Policy for the voice application is automatic or not (see LLDP Overview). Click on the link to change the mode. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 123 LLDP. Location (ECS) ELIN—Enter the Emergency Call Service (ECS) ELIN location to be published by LLDP. Click Apply. The LLDP MED port settings are written to the Running Configuration STEP 5 file. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 124 • Remote PoE—PoE information advertised by the neighbor. • # of neighbors—Number of neighbors discovered. • Neighbor Capability of 1st Device—Displays the primary functions of the neighbor; for example: Bridge or Router. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 125 The address consists of the following elements: • Address Subtype—Type of management IP address that is listed in the Management Address field; for example, IPv4. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 126 Low Power Idle (LPI mode). • Remote Tx Echo—Indicates the local link partner’s reflection of the remote link partner’s Tx value. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 127 Software Revision—Software version. • Serial Number—Device serial number. • Manufacturer Name—Device manufacturer name. • Model Name—Device model name. • Asset ID—Asset ID. Location Information • Civic—Street address. • Coordinates—Map coordinates: latitude, longitude, and altitude. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 128 Chassis ID—Identifier of the 802 LAN neighboring device's chassis. • Port ID Subtype—Type of the port identifier that is shown. • Port ID—Identifier of port. • System Name—Published name of the switch. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 129 Enabled System Capabilities—Primary enabled function(s) of the device. Management Address Table • Address Subtype—Managed address subtype; for example, MAC or IPv4. • Address—Managed address. • Interface Subtype—Port subtype. • Interface Number—Port number. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 130 Aggregation Port ID—Advertised aggregated port ID. 802.3 Energy Efficient Ethernet (EEE) • Remote Tx—Indicates the time (in micro seconds) that the transmitting link partner waits before it starts transmitting data after leaving Low Power Idle (LPI mode). Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 131 • Hardware Revision –Hardware version. • Firmware Revision—Firmware version. • Software Revision—Software version. • Serial Number—Device serial number. • Manufacturer Name—Device manufacturer name. • Model Name—Device model name. • Asset ID—Asset ID. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 132 VLAN ID—VLAN ID for which the network policy is defined. • VLAN Type—VLAN type, Tagged or Untagged, for which the network policy is defined. • User Priority—Network policy user priority. • DSCP—Network policy DSCP. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 133 PDU size supported by an interface. LLDP Overloading page displays the number of bytes of LLDP/LLDP-MED information, the number of available bytes for additional LLDP information, and the overloading status of every interface. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 134 Size (Bytes) —Total LLDP MED network policies packets byte size. Status —If the LLDP MED network policies packets were sent, or if they were overloaded. • LLDP MED Extended Power via MDI Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 135 —If the LLDP MED inventory packets were sent, or if they were overloaded. • Total (Bytes)—Total number of bytes of LLDP information in each packet • Left to Send (Bytes)—Total number of available bytes left for additional LLDP information in each packet. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 136: Configuring Cdp
• Viewing CDP Statistics Setting CDP Properties Similar to LLDP, CDP (Cisco Discovery Protocol) is a link layer protocol for directly connected neighbors to advertise themselves and their capabilities to each other. Unlike LLDP, CDP is a Cisco proprietary protocol.
Page 137 Source Interface—IP address to be used in the TLV of the frames. The following options are possible: Use Default—Use the IP address of the outgoing interface. User Defined—Use the IP address of the interface (in the Interface field) in the address TLV. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 138 CDP Status—CDP publishing option for the port. • Reporting Conflicts with CDP Neighbors—Displays the status of the reporting options that are enabled/disabled in the Edit page (Voice VLAN/ Native VLAN/Duplex). • No. of Neighbors—Number of neighbors detected. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 139 Enter the relevant information, and click Apply. The port settings are written to the STEP 3 Running Configuration. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 140 Version—Information about the software release on which the device is running. • Platform TLV Platform—Identifier of platform advertised in the platform TLV. • Native VLAN TLV Native VLAN—The native VLAN identifier advertised in the native VLAN TLV. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 141 The interface transitions to Down Available Power—Amount of power consumed by port. Management Power Level—Displays the supplier's request to the powered device for its Power Consumption TLV. The device always displays “No Preference” in this field. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 142 Device ID—Identifier of the neighboring device ID. • Local Interface—Interface number of port through which frame arrived. • Advertisement Version—Version of CDP. • Time to Live—Time interval (in seconds) after which the information for this neighbor is deleted. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 143 Auto Smartport is enabled change all port types to default. Viewing CDP Statistics The CDP Statistics page displays information regarding Cisco Discovery Protocol (CDP) frames that were sent or received from a port. CDP packets are received from devices attached to the switches interfaces, and are used for the Smartport feature.
Page 144 To clear all counters on all interfaces, click Clear All Interface Counters. To clear all counters on an interface, select it and click Clear All Interface Counters. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 145: Chapter 6: Port Management
6. Configure Green Ethernet energy mode and 802.3 Energy Efficient Ethernet per port by using the Port Settings page. 7. If PoE is supported and enabled for the switch, configure the switch as described in Managing Power-over-Ethernet Devices. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 146: Setting Basic Port Configuration
10G-Fiber Optics—Ports with speed of either 1G or 10G. SFP Fiber takes precedence in Combo ports when both ports are NOTE being used. • Port Description—Enter the port user-defined name or comment. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 147 Full—The interface supports transmission between the switch and the client in both directions simultaneously. Half—The interface supports transmission between the switch and the client in only one direction at a time. • Operational Duplex Mode—Displays the port’s current duplex mode. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 148 Operational MDI/MDIX—Displays the current MDI/MDIX setting. • Protected Port—Select to make this a protected port. (A protected port is also referred as a Private VLAN Edge (PVE).) The features of a protected port are as follows: Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 149: Configuring Link Aggregation
This section describes how to configure LAGs. It covers the following topics: • Link Aggregation Overview • Static and Dynamic LAG Workflow • Defining LAG Management • Configuring LAG Settings • Configuring LACP Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 150 In general, a LAG is treated by the system as a single logical port. In particular, the LAG has port attributes similar to a regular port, such as state and speed. The switch supports eight LAGs. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 151 2. Configure various aspects of the LAG, such as speed and flow control by using LAG Settings page. LACP 3. Set the LACP priority and timeout of the ports in the LAG by using the page. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 152 Port List—Move those ports that are to be assigned to the LAG from the Port List to the LAG Members list. Up to eight ports per static LAG can be assigned, and 16 ports can be assigned to a dynamic LAG. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 153 • Operational Auto Negotiation—Displays the auto-negotiation setting. • Administrative Speed—Select the LAG speed. • Operational LAG Speed—Displays the current speed at which the LAG is operating. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 154 The selected candidate ports of the LAG are all connected to the same remote device. Both the local and remote switches have a LACP system priority. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 155 Enter the LACP System Priority. See Configuring LACP. STEP 2 Select a port, and click Edit. The Edit LACP page opens. STEP 3 Enter the values for the following fields: STEP 4 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 156: Configuring Green Ethernet
After cable length is analyzed, the power usage is adjusted for various cable lengths. If the cable is shorter than 50 meters, the switch uses less power to send frames over the cable, thus saving energy. This Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 157 This section describes the 802.3az Energy Efficient Ethernet (EEE) feature. It covers the following topics: • 802.3az EEE Overview • Advertise Capabilities Negotiation • Link Level Discovery for 802.3az EEE • Availability of 802.3az EEE • Default Configuration Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 158 During the link establishment process, both link partners to exchange their 802.3az EEE capabilities. Auto-Negotiation functions automatically without user interaction when it is enabled on the device. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 159 On the GUI, the EEE field for the port is not available when the Short Reach Mode option on the port is checked. • If the port speed on the GE port is changed to 10Mbit, 802.3az EEE is disabled. This is supported in GE models only. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 160 To enable Green Ethernet and EEE and view power savings: Click Port Management > Green Ethernet > Properties. The Properties page STEP 1 opens. Enter the values for the following fields: STEP 2 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 161 To define per port Green Ethernet settings: Click Port Management > Green Ethernet> Port Settings. The Port Settings STEP 1 page opens. The Port Settings page displays the following: • Global Parameter Status—Describes the enabled features. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 162 LLDP Operational—Displays whether advertising EEE counters through LLDP is currently operating. EEE Support on Remote—Displays whether EEE is supported on the link partner. EEE must be supported on both the local and remote link partners. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 163 (advertisement of EEE capabilities through LLDP) if there are GE ports on the device. Click Apply. The Green Ethernet port settings are written to the Running STEP 7 Configuration file. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 164: Chapter 7: Smartports
• Auto Smartport • Error Handling • Default Configuration • Relationships with Other Features and Backwards Compatibility • Common Smartport Tasks • Configuring Smartport Using The Web-based Interface • Built-in Smartport Macros Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 165: Overview
Voice VLAN and Smartport, described in the Voice VLAN section. • LLDP/CDP for Smartport, described in the Configuring LLDP Configuring CDP sections, respectively. Additionally, typical work flows are described in the Common Smartport Tasks section. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 166: What Is A Smartport
"the anti-macro," serves to undo all configuration performed by "the macro" when that interface happens to become a different Smartport type. You can apply a Smartport macro by the following methods: • The associated Smartport type. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 167 Smartport and Auto Smartport Types Smartport Type Supported by Auto Supported by Auto Smartport Smartport by default Unknown Default Printer Desktop Guest Server Host IP camera IP phone IP phone desktop Switch Router Wireless Access Point Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 168 CDP or LLDP messages are received on the interface before both TTLs of the most recent CDP and LLDP packets decrease to 0, then the anti- macro is run, and the Smartport type returns to default. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 169: Smartport Macros
(for example: no_my_printer) Smartport macros are bound to Smartport types in the Edit Smartport Type Setting page. Built-in Smartport Macros for a listing of the built-in Smartport macros for each device type. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 170: Macro Failure And The Reset Operation
When a Smartport macro fails on an interface, the status of the interface is set to Unknown. The reason for the failure can be displayed in the Interface Settings page, Show Diagnostics popup. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 171: How The Smartport Feature Works
In both cases, the associated anti-macro is run when the Smartport type is removed from the interface, and the anti-macro runs in exactly the same manner, removing all of the interface configuration. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 172: Auto Smartport
Smartport macro to the interface based on the Smartport type of the attaching device. Auto Smartport derives the Smartport types of attaching devices based on the CDP and/or LLDP the devices advertise. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 173 Switch 0x08 Switch Host 0x10 Host IGMP conditional filtering 0x20 Ignore Repeater 0x40 Ignore VoIP Phone 0x80 ip_phone Remotely-Managed Device 0x100 Ignore CAST Phone Port 0x200 Ignore Two-Port MAC Relay 0x400 Ignore Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 174 If multiple devices are connected to the switch through one interface, Auto Smartport considers each capability advertisement it receives through that interface in order to assign the correct Smartport type. The assignment is based on the following algorithm: Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 175: Error Handling
When a smart port macro fails to apply to an interface, you can examine the point Interface Settings of the failure in the page and reset the port and reapply the Interface Settings Interface macro after the error is corrected from the Settings Edit pages. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 176: Default Configuration
Click Apply STEP 4 To enable the Auto Smartport feature on one or more interfaces, open the STEP 5 Smartport > Interface Settings page. Select the interface, and click Edit. STEP 6 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 177 Smartport type and/or modify the default values of the parameters in the macros bound to that Smartport type. These parameter default values are used when Auto Smartport applies the selected Smartport type (if applicable) to an interface. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 178 Configuring Smartport Using The Web-based Interface Smartport > Smartport The Smartport feature is configured in the Properties, Type Settings and Interface Settings pages. For Voice VLAN configuration, see Voice VLAN. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 179 Auto Smartport can assign Smartport types to interfaces. If unchecked, Auto Smartport does not assign that Smartport type to any interface. Click Apply. This sets the global Smartport parameters on the switch. STEP 3 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 180 Smartport type. The macro must have already been paired with an anti-macro. Pairing of the two macros is done by name and is described in the Smartport Macro section. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 181 Smartport macro so that the configuration at an interface is up to date. For instance, reapplying a switch Smartport macro at a switch interface makes the interface a member of the VLANs created Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 182 Resetting the interface of unknown type does not reset the configuration NOTE performed by the macro that failed. This clean up must be done manually. To assign a Smartport type to an interface or activate Auto Smartport on the interface: Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 183: Built-In Smartport Macros
The following describes the pair of built-in macros for each Smartport type. For each Smartport type there is a macro to configure the interface and an anti macro to remove the configuration. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 184 $native_vlan port security max $max_hosts port security mode max-addresses port security discard trap 60 smartport storm-control broadcast level 10 smartport storm-control include-multicast smartport storm-control broadcast enable spanning-tree portfast Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 185 $native_vlan #single host port security max 1 port security mode max-addresses port security discard trap 60 smartport storm-control broadcast level 10 smartport storm-control include-multicast smartport storm-control broadcast enable spanning-tree portfast Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 186 $native_vlan #single host port security max 1 port security mode max-addresses port security discard trap 60 smartport storm-control broadcast level 10 smartport storm-control include-multicast smartport storm-control broadcast enable spanning-tree portfast no_guest]] Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 187 $native_vlan port security max $max_hosts port security mode max-addresses port security discard trap 60 smartport storm-control broadcast level 10 smartport storm-control broadcast enable spanning-tree portfast no_server [no_server] #macro description No server Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 188 $max_hosts port security mode max-addresses port security discard trap 60 smartport storm-control broadcast level 10 smartport storm-control include-multicast smartport storm-control broadcast enable spanning-tree portfast no_host [no_host] #macro description No host Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 189 60 smartport storm-control broadcast level 10 smartport storm-control include-multicast smartport storm-control broadcast enable spanning-tree portfast no_ip_camera [no_ip_camera] #macro description No ip_camera no switchport access vlan no switchport mode no port security Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 190 10 smartport storm-control include-multicast smartport storm-control broadcast enable spanning-tree portfast no_ip_phone [no_ip_phone] #macro description no ip_phone #macro keywords $voice_vlan #macro key description: $voice_vlan: The voice VLAN ID #Default Values are Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 191 $native_vlan port security max $max_hosts port security mode max-addresses port security discard trap 60 smartport storm-control broadcast level 10 smartport storm-control include-multicast smartport storm-control broadcast enable spanning-tree portfast no_ip_phone_desktop Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 192 #$voice_vlan = 1 #the default mode is trunk smartport switchport trunk allowed vlan add all smartport switchport trunk native vlan $native_vlan spanning-tree link-type point-to-point no_switch [no_switch] #macro description No switch #macro keywords $voice_vlan Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 193 [no_router] #macro description No router #macro keywords $voice_vlan #macro key description: $voice_vlan: The voice VLAN ID no smartport switchport trunk native vlan smartport switchport trunk allowed vlan remove all Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 194 [no_ap] #macro description No ap #macro keywords $voice_vlan #macro key description: $voice_vlan: The voice VLAN ID no smartport switchport trunk native vlan smartport switchport trunk allowed vlan remove all no spanning-tree link-type Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 195 Smartports Built-in Smartport Macros Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 196: Chapter 8: Managing Power-Over-Ethernet Devices
Eliminates the need to run 110/220 V AC power to all devices on a wired LAN. • Removes the necessity for placing all network devices next to power sources. • Eliminates the need to deploy double cabling systems in an enterprise significantly decreasing installation costs. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 197 There are two factors to consider in the PoE feature: • The amount of power that the PSE can supply • The amount of power that the PD is actually attempting to consume Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 198 Even though Sx200/300/500 PoE switches are PSE, and as such should be powered by AC, they could be powered up as a legacy PD by another PSE due to false detection. When this happens, the PoE switch may not operate properly and Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 199: Configuring Poe Properties
The following counters are displayed for each device or for all the units of the stack: • Nominal Power—The total amount of power the switch can supply to all the connected PDs. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 200: Configuring The Poe Power, Priority, And Class
The administrator sets the priority for each port, allocating how much power it can be given. These priorities are entered in the PoE Settings page. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 201 Class—This field is displayed only if the Power Mode set in the Properties page is Class Limit. The class determines the power level: Class Maximum Power Delivered by Switch Port 15.4 watt 4.0 watt 7.0 watt 15.4 watt 30.0 watt Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 202 Signatures are the means by which the powered device identifies itself to the PSE. Signatures are generated during powered device detection, classification, or maintenance. Click Apply. The PoE settings for the port are written to the Running Configuration STEP 4 file. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 203: Chapter 9: Vlan Management
VLAN if all packets destined for that port into the VLAN have a VLAN tag. A port can be a member of one untagged VLAN and can be a member of several tagged VLANs. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 204 Ethernet MAC layer. Devices from different VLANs can communicate with each other only through Layer 3 routers. An IP router, for example, is required to route IP traffic between VLANs if each VLAN represents an IP subnet. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 205 An additional benefit of QinQ is that there is no need to configure customers' edge devices. QinQ is enabled in the VLAN Management > Interface Settings page. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 206: Configuring Default Vlan Settings
VLAN. A port is no longer a member of a VLAN if the VLAN is deleted or the port is removed from the VLAN. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 207 Click Save (in the upper-right corner of the window) and save the Running STEP 4 Configuration to the Startup Configuration. The Default VLAN ID After Reset becomes the Current Default VLAN ID after you reboot the switch. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 208: Creating Vlans
VLANs to be created by entering the Starting VID and Ending VID, inclusive. When using the Range function, the maximum number of VLANs you can create at one time is 100. Click Apply to create the VLAN(s). STEP 4 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 209: Configuring Vlan Interface Settings
Frame Type—Select the type of frame that the interface can receive. Frames that are not of the configured frame type are discarded at ingress. These frame types are only available in General mode. Possible values are: Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 210: Defining Vlan Membership
VLAN-aware or VLAN-unaware. If a destination end node is VLAN-unaware, but is to receive traffic from a VLAN, then the last VLAN-aware device (if there is one), must send frames of the destination VLAN to the end node untagged. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 211 Click Apply. The interfaces are assigned to the VLAN written to the Running STEP 4 , and Configuration file. You can continue to display and/or configure port membership of another VLAN by selecting another VLAN ID. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 212 STEP 3 Enter the values for the following fields: STEP 4 • Interface—Select a Port or LAG. Select the Unit/Slot on a 500 Series switch. Interface • Mode—Displays the port VLAN mode that was selected in the Settings page.
Page 213: Gvrp Settings
Port VLAN Membership page. If the VLAN does not exist, it is dynamically created when Dynamic VLAN creation is enabled for this port (in the GVRP Settings page). Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 214: Vlan Groups
Click Apply. GVRP settings are modified, and written to the Running Configuration STEP 7 file. VLAN Groups VLAN groups are used for load balancing of traffic on a Layer 2 network. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 215 If the interface does not belong to the VLAN, manually assign it to the VLAN using the Port to VLAN page. Assigning MAC-based VLAN Groups This feature is only available when the switch in Layer 2 system mode. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 216 Interface—Enter a general interface (port/LAG) through which traffic is received. MAC-Based Groups • Group ID—Select a VLAN group, defined in the page • VLAN ID—Select the VLAN to which traffic from the VLAN group is forwarded. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 217 Enter the following fields:. STEP 3 • Encapsulation—Protocol Packet type. The following options are available: Ethernet V2—If this is selected, select the Ethernet Type. LLC-SNAP (rfc1042)—If this is selected, enter the Protocol Value. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 218 Group ID—Protocol group ID. • VLAN ID—Attaches the interface to a user-defined VLAN ID. Click Apply. The protocol ports are mapped to VLANs, and written to the Running STEP 4 Configuration file. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 219: Voice Vlan
The following are typical voice deployment scenarios with appropriate configurations: • UC3xx/UC5xx hosted: All Cisco phones and VoIP endpoints support this deployment model. For this model, the UC3xx/UC5xx, Cisco phones and VoIP endpoints reside in the same voice VLAN. The voice VLAN of UC3xx/ UC5xx defaults to VLAN 100.
Page 220 VLAN, manually configured, or learned from external devices such as UC3xx/5xx and from switches that advertise voice VLAN in CDP or VSDP. VSDP is a Cisco defined protocol for voice service discovery. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 221 CDP and/or LLDP-MED. Voice End-Points To have a voice VLAN work properly, the voice devices, such as Cisco phones and VoIP endpoints, must be assigned to the voice VLAN where it sends and receives its voice traffic.
Page 222 Communication (UC) devices, are advertising their voice VLAN, the voice VLAN from the device with the lowest MAC address is used. If connecting the switch to a Cisco UC device, you may need to NOTE configure the port on the UC device using the switchport voice vlan command to ensure the UC device advertises its voice VLAN in CDP at the port.
Page 223 Telephony OUI voice streams, you can override the quality of service and optionally remark the 802. 1 p of the voice streams by specifying the desired CoS/ 802. 1 p values and using the remarking option under Telephony OUI. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 224 Select the Voice VLAN ID. It cannot be set to VLAN ID 1 (this step is not required for STEP 2 dynamic Voice VLAN). Set Dynamic Voice VLAN to Enable Auto Voice VLAN. STEP 3 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 225 Interface page. Configuring Voice VLAN This section describes how to configure voice VLAN. It covers the following topics: • Configuring Voice VLAN Properties • Displaying Auto Voice VLAN Settings • Configuring Telephony OUI Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 226 • Dynamic Voice VLAN—Select this field to disable or enable voice VLAN feature in one of the following ways: Enable Auto Voice VLAN —Enable Dynamic Voice VLAN in Auto Voice VLAN mode. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 227 The Operation Status block on this page shows the information about the current voice VLAN and its source: • Auto Voice VLAN Status—Displays whether Auto Voice VLAN is enabled. • Voice VLAN ID—The identifier of the current voice VLAN Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 228 Static—User-defined voice VLAN configuration defined on the switch. CDP—UC that advertised voice VLAN configuration is running CDP. LLDP—UC that advertised voice VLAN configuration is running LLDP. Voice VLAN ID—The identifier of the advertised or configured voice VLAN Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 229 Auto Membership Aging time can be configured. If the specified time period passes with no telephony activity, the port is removed from the Voice VLAN. Use the Telephony OUI page to view existing OUIs, and add new OUIs. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 230 Enter the values for the following fields: STEP 5 • Telephony OUI—Enter a new OUI. • Description—Enter an OUI name. Click Apply. The OUI is added to the Telephony OUI Table. STEP 6 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 231 All—QoS attributes are applied on all packets that are classified to the Voice VLAN. Telephony Source MAC Address—QoS attributes are applied only on packets from IP phones. Click Apply. The OUI is added. STEP 4 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 232: Access Port Multicast Tv Vlan
(see Configuring VLAN Interface Settings). The Multicast TV VLAN configuration is defined per port. Customer ports are Multicast TV VLAN configured to be member of Multicast TV VLANs using the Page. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 233 VLAN. data VLAN. Group registration All Multicast group Groups must be associated registration is dynamic. to Multicast VLAN statically, but actual registration of station is dynamic. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 234 Click Add to associate a Multicast group to a VLAN. Any VLAN can be selected. STEP 2 When a VLAN is selected, it becomes a Multicast TV VLAN. Click Apply. Multicast TV VLAN settings are modified, and written to the Running STEP 3 Configuration file. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 235: Customer Port Multicast Tv Vlan
Packets from subscribers to the service provider network are forwarded as VLAN tagged frames, in order to distinguish between the service types, which mean that for each service type there is a unique VLAN ID in the CPE box. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 236 VLAN. CPE (internal) Multicast VLANs must be mapped to the Multicast provider (external) VLANs. After a CPE VLAN is mapped to a Multicast VLAN, it can participate in IGMP snooping. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 237 The ports associated with the Multicast VLANs must be configured as customer ports (see Configuring VLAN Interface Settings). Use the Port Multicast VLAN Membership page to map these ports to Multicast TV VLANs as described in Port Multicast VLAN Membership Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 238: Chapter 10: Configuring The Spanning Tree Protocol
STP provides a tree topology for any arrangement of switches and interconnecting links, by creating a unique path between end stations on a network, and thereby eliminating loops. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 239: Configuring Stp Status And Global Settings
Click Spanning Tree > STP Status & Global Settings. The STEP 1 Settings page is displayed. Enter the parameters. STEP 2 Global Settings: • Spanning Tree State—Enable or disable STP on the switch. • STP Operation Mode—Select an STP mode. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 240 Root Port—The port that offers the lowest cost path from this bridge to the Root Bridge. (This is significant when the bridge is not the root.) • Root Path Cost—The cost of the path from this bridge to the root. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 241: Defining Spanning Tree Interface Settings
Enable —Enables Fast Link immediately. Auto —Enables Fast Link a few seconds after the interface becomes active. This allows STP to resolve loops before enabling Fast Link. Disable —Disables Fast Link. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 242 The priority is a value from 0 to 240, set in increments of 16. • Port State—Displays the current STP state of a port. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 243: Configuring Rapid Spanning Tree Settings
RSTP Interface Settings page enables you to configure RSTP per port. Any configuration that is done on this page is active when the global STP mode is set to RSTP or MSTP. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 244 Point to Point Administrative Status is set to Auto. • Role—Displays the role of the port that was assigned by STP to provide STP paths. The possible roles are: Root —Lowest cost path to forward packets to the Root Bridge. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 245 MAC addresses. Forwarding —The port is in Forwarding mode. The port can forward traffic and learn new MAC addresses. Click Apply. The Running Configuration file is updated. STEP 7 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 246: Multiple Spanning Tree
For two or more switches to be in the same MST region, they must have the same VLANs to MST instance mapping, the same configuration revision number, and the same region name. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 247: Mapping Vlans To A Mstp Instance
The same MSTI can be mapped to more than one VLAN, but each VLAN can only NOTE have one MST Instance attached to it. MSTP Configuration on this page (and all of the pages) applies if the system STP mode is MSTP. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 248: Defining Mstp Instance Settings
Configuring the Spanning Tree Protocol Defining MSTP Instance Settings Up to 16 MST instances can be defined on the 500 Series switches in addition to instance zero. For those VLANs that are not explicitly mapped to one of the MST instances, the switch automatically maps them to the CIST (Core and Internal Spanning Tree) instance.
Page 249: Defining Mstp Interface Settings
MST instance. To configure the ports in an MST instance: MSTP Interface Settings Click Spanning Tree > MSTP Interface Settings. The STEP 1 page is displayed. Enter the parameters. STEP 2 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 250 Port Role—Displays the port or LAG role, per port or LAG per instance, assigned by the MSTP algorithm to provide STP paths: Root —Forwarding packets through this interface provides the lowest cost path for forwarding packets to the root device. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 251 Ports with a lower cost are less likely to be blocked if STP detects loops. • Remaining Hops—Displays the hops remaining to the next destination. • Forward Transitions—Displays the number of times the port has changed from the Forwarding state to the Blocking state. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 252 Configuring the Spanning Tree Protocol Defining MSTP Interface Settings Click Apply. The Running Configuration file is updated. STEP 6 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 253: Chapter 11: Managing Mac Address Tables
MAC address that is not found in the tables, they are transmitted/broadcasted to all the ports on the relevant VLAN. Such frames are referred to as unknown Unicast frames. The switch supports a maximum of 8K static and dynamic MAC addresses. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 254: Configuring Static Mac Addresses
Click Apply. A new entry appears in the table. STEP 4 Managing Dynamic MAC Addresses The Dynamic Address Table (bridging table) contains the MAC addresses acquired by monitoring the source addresses of frames entering the switch. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 255 VLAN ID, MAC address, or interface. Click Go. The Dynamic MAC Address Table is queried and the results are STEP 4 displayed. To delete all of the dynamic MAC addresses. click Clear Table. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 256: Defining Reserved Mac Addresses
Action—Select one of the following actions to be taken upon receiving a packet that matches the selected criteria: Discard —Delete the packet. Bridge —Forward the packet to all VLAN members. Click Apply. A new MAC address is reserved. STEP 4 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 257: Chapter 12: Configuring Multicast Forwarding
The data is sent only to relevant ports. Forwarding the data only to the relevant ports conserves bandwidth and host resources on links. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 258 When the switch is IGMP/MLD-snooping-enabled and receives a frame for a Multicast stream, it forwards the Multicast frame to all the ports that have registered to receive the Multicast stream using IGMP Join messages. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 259 An IGMP Querier is required to facilitate the IGMP protocol on a given subnet. In general, a Multicast router is also an IGMP Querier. When there are multiple IGMP Queriers in a subnet, the queriers elect a single querier as the primary querier. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 260: Defining Multicast Properties
By default, all Multicast frames are flooded to all ports of the VLAN. To selectively forward only to relevant ports and filter (drop) the Multicast on the rest of the ports, enable Bridge Multicast filtering status in the Properties page. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 261 Click Multicast> Properties. The Properties page opens. STEP 1 Enter the parameters. STEP 2 • Bridge Multicast Filtering Status—Select to enable filtering. • VLAN ID—Select the VLAN ID to set its forwarding method. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 262: Adding Mac Group Address
Source Group, use the page. To define and view MAC Multicast groups: MAC Group Address Click Multicast > MAC Group Address. The page opens. STEP 1 Enter the parameters. STEP 2 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 263 • Forbidden—Specifies that this port is not allowed to join this group on this VLAN. • None—Specifies that the port is not currently a member of this Multicast group on this VLAN. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 264: Adding Ip Multicast Group Addresses
Layer 2 system mode, the IP Multicast address of Bonjour is displayed. Click Add to add a static IP Multicast Group Address. The Add IP Multicast Group STEP 4 Address page opens. Enter the parameters. STEP 5 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 265: Configuring Igmp Snooping
To support selective Multicast forwarding (IPv4), Bridge Multicast filtering must be enabled (in the Properties page), and IGMP Snooping must be enabled globally and for each relevant VLAN (in the IGMP Snooping page). Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 266 To enable IGMP Snooping and identify the switch as an IGMP Snooping Querier on a VLAN: IGMP Snooping Click Multicast > IGMP Snooping. The page opens. STEP 1 Enable or disable the IGMP Snooping status. STEP 2 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 267 • Last Member Query Counter—Enter the number of IGMP Group-Specific Queries sent before the switch assumes there are no more members for the group, if the switch is the elected querier. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 268: Mld Snooping
Multicast packets only to switch ports where there are host nodes that are members of the Multicast groups. The switch does not support MLD Querier. Hosts use the MLD protocol to report their participation in Multicast sessions. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 269 MLD Snooping Status—Enable or disable MLD snooping on the VLAN. The switch monitors network traffic to determine which hosts have asked to be sent Multicast traffic. The switch performs MLD snooping only when MLD snooping and Bridge Multicast filtering are both enabled Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 270 Interval sent by the elected querier. • Immediate Leave—When enabled, reduces the time it takes to block unnecessary MLD traffic sent to a switch port. Click Apply. The Running Configuration file is updated. STEP 5 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 271: Querying Igmp/Mld Ip Multicast Group
Included Ports—The list of destination ports for the Multicast stream. • Excluded Ports—The list of ports not included in the group. • Compatibility Mode—The oldest IGMP/MLD version of registration from the hosts the switch receives on the IP group address. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 272: Defining Multicast Router Ports
Mrouter is not learned on this port (i.e. MRouter Ports Auto-Learn is not enabled on this port). • None—The port is not currently a Multicast router port. Click Apply to update the switch. STEP 5 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 273: Defining Forward All Multicast
Forbidden—Ports cannot receive any Multicast streams, even if IGMP/MLD snooping designated the port to join a Multicast group. • None—The port is not currently a Forward All port. Click Apply. The Running Configuration file is updated. STEP 5 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 274: Defining Unregistered Multicast Settings
Forwarding—Enables forwarding of unregistered Multicast frames to the selected interface. Filtering—Enables filtering (rejecting) of unregistered Multicast frames to the selected interface. Click Apply. The settings are saved, and the Running Configuration file is updated. STEP 3 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 275: Chapter 13: Configuring Ip Information
In Layer 3 system mode, the switch has IP routing capabilities as well as Layer 2 system mode capabilities. In this system mode, a Layer 3 port still retains much of the Layer 2 functionality, such as Spanning Tree Protocol and VLAN membership. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 276 VLAN can be configured with a static or dynamic IP address. In Layer 3 system mode, up to 32 interfaces (ports, LAGs, and/or VLANs) on the switch can be configured with a static or dynamic IP address. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 277 All the IP addresses configured or assigned to the switch are referred to as Management IP addresses in this guide. If the pages for Layer 2 and Layer 3 are different, both versions are displayed. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 278 Operational Default Gateway—Displays the current default gateway status. If the switch is not configured with a default gateway, it cannot NOTE communicate with other devices that are not in the same IP subnet. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 279 Layer 2 to Layer 3 it automatically enables IP routing. This page displays the following fields in the IPv4 Interface Table: • Interface—Interface for which the IP address is defined. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 280 If Static Address was selected, enter the IP Address for this interface. STEP 4 Enter the Network Mask or Prefix Length for this IP address. STEP 5 • Network Mask—IP mask for this address. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 281 The switch detects IPv6 frames by the IPv6 Ethertype. Defining IPv6 Global Configuration The IPv6 Global Configuration page defines the frequency of the IPv6 ICMP error messages generated by the switch. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 282 This page displays the IPv6 interfaces already configured. Click Add to add a new interface on which interface IPv6 is enabled. STEP 2 The Add IPv6 Interface page opens. STEP 3 Enter the values. STEP 4 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 283 This page is described in the Defining IPv6 Addresses section. Defining IPv6 Addresses To assign an IPv6 address to an IPv6 Interface: In Layer 2 system mode, click Administration > Management Interface > IPv6 STEP 1 Addresses. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 284 EUI-64—Select to use the EUI-64 parameter to identify the interface ID portion of the Global IPv6 address by using the EUI-64 format based on a device MAC address. Click Apply. The Running Configuration file is updated. STEP 5 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 285 Static—The default router was manually added to this table through the Add button. Dynamic—The default router was dynamically configured. State—The default router status options are: Incomplete—Address resolution is in process. Default router has not yet responded. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 286 If an ISATAP interface is active, the ISATAP router IPv4 address is resolved via DNS by using ISATAP-to-IPv4 mapping. If the ISATAP DNS record is not resolved, ISATAP host name-to-address mapping is searched in the host mapping table. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 287 ISATAP Solicitation Interval—The number of seconds from 10-3600 between ISATAP router solicitations messages, when there is no active ISATAP router. The interval can be the default value (10 seconds) or a user defined interval. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 288 IPv6 Neighbors Table. • Static Only—Deletes the static IPv6 address entries. • Dynamic Only—Deletes the dynamic IPv6 address entries. • All Dynamic & Static—Deletes the static and dynamic address entries IPv6 address entries. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 289 MAC Address—Enter the MAC address mapped to the specified IPv6 address. Click Apply. The Running Configuration file is updated. STEP 5 To change the type of an IP address from Dynamic to Static, use the Edit IPv6 STEP 6 Neighbors page. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 290 Route Type—How the destination is attached, and the method used to obtain the entry. The following values are: Local —A directly-connected network whose prefix is derived from a manually-configured switch’s IPv6 address. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 291: Defining Ipv4 Routes
Route Type—Select the route type. Reject —Rejects the route and stops routing to the destination network via all gateways. This ensures that if a frame arrives with the destination IP of this route, it is dropped. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 292: Configuring Arp
Clear ARP Table Entries—Select the type of ARP entries to be cleared from the system. —Deletes all of the static and dynamic addresses immediately. Dynamic —Deletes all of the dynamic addresses immediately. Static —Deletes all of the static addresses immediately. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 293: Enabling Arp Proxy
The Proxy ARP technique is used by a device on a given IP subnet to answer ARP queries for a network address that is not on that network. The ARP proxy feature is only available when device is in L3 mode. NOTE Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 294: Defining Udp Relay
Select the Source IP Interface to where the switch is to relay UDP Broadcast STEP 3 packets based on a configured UDP destination port. The interface must be one of the IPv4 interfaces configured on the switch. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 295: Domain Name Systems
The switch appends this to all non-fully qualified domain names (FQDNs) turning them into FQDNs. • Type—Displays the default domain type options: DHCP —The default domain name is dynamically assigned by the DHCP server. Static —The default domain name is user-defined. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 296 DNS Server IP Address—Enter the DNS server IP address. • Set DNS Server Active—Select to activate the new DNS server. Click Apply. The DNS server is written to the Running Configuration file. STEP 6 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 297 VLAN2 or ISATAP. • Host Name—Enter a domain name, up to 158 characters. • IP Address—Enter an IPv4 address or enter up to four IPv6 host addresses. Addresses 2–4 are backup addresses. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 298 Configuring IP Information Domain Name Systems Click Apply. The DNS host is written to the Running Configuration file. STEP 4 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 299: Chapter 14: Configuring Security
• Access Control Access control of end-users to the network through the switch is described in the following sections: • Configuring Management Access Authentication • Defining Management Access Method • Configuring TACACS+ Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 300: Defining Users
Access Control Defining Users The default username/password is cisco/cisco. The first time that you log in with the default username and password, you are required to enter a new password. Password complexity is enabled by default. If the password that you choose is not complex enough (Password Complexity Settings are enabled in the Password Strength page), you are prompted to create another password.
Page 301 CLI commands that change the switch configuration. See the CLI Reference Guide for more information. Read/Write Management Access (15)—User can access the GUI, and can configure the switch. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 302 Do not repeat or reverse the user’s name or any variant reached by changing the case of the characters. • Do not repeat or reverse the manufacturer’s name or any variant reached by changing the case of the characters. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 303: Configuring Tacacs
The TACACS+ server then checks user privileges. The TACACS+ protocol ensures network integrity, through encrypted protocol exchanges between the device and the TACACS+ server. TACACS+ is supported only with IPv4. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 304 Click Apply. The TACACS+ settings are added to the Running Configuration file. STEP 4 To add a TACACS+ server, click Add. The Add TACACS+ Server page is STEP 5 displayed. Enter the parameters. STEP 6 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 305: Configuring Radius
Remote Authorization Dial-In User Service (RADIUS) servers provide a centralized 802. 1 X or MAC-based network access control. The switch is a RADIUS client that can use a RADIUS server to provide centralized security. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 306 This overrides the default key string if one has been defined. • Source IPv4 Address—Enter the source IPv4 address to be used. • Source IPv6 Address—Enter the source IPv6 address to be used. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 307 Retries—Enter the number of requests that are sent to the RADIUS server before a failure is considered to have occurred. If Use Default is selected, the switch uses the default value for the number of retries. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 308: Key Management
TACACS+ or RADIUS server. For the RADIUS server to grant access to the web-based switch configuration utility, the RADIUS server must return cisco-avpair = shell:priv-lvl=15. User authentication occurs in the order that the authentication methods are selected.
Page 309: Defining Management Access Method
Access Profiles can limit management access from specific sources. Only users who pass both the active access profile and the management access authentication methods are given management access to the switch. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 310 If a console-only access profile has been activated, the only way to deactivate it is through a direct connection from the management station to the physical console port on the switch. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 311 Management Method—Select the management method for which the rule is defined. The options are: All—Assigns all management methods to the rule. Telnet—Users requesting access to the switch that meets the Telnet access profile criteria are permitted or denied access. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 312 Mask—Select the format for the subnet mask for the source IP address, and enter a value in one of the fields: Network Mask —Select the subnet to which the source IP address belongs and enter the subnet mask in dotted decimal format. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 313 • Management Method—Select the management method for which the rule is defined. The options are: All—Assigns all management methods to the rule. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 314 Mask—Select the format for the subnet mask for the source IP address, and enter a value in one of the field: Network Mask—Select the subnet to which the source IP address belongs and enter the subnet mask in dotted decimal format. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 315: Configuring Tcp/Udp Services
SNMP Service—Indicates whether the SNMP service is enabled or disabled. • Telnet Service—Indicates whether the Telnet service is enabled or disabled. • SSH Service—Indicates whether the SSH server service is enabled or disabled. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 316: Defining Storm Control
Storm protection enables you to limit the number of frames entering the switch and to define the types of frames that are counted towards this limit. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 317 Multicast & Broadcast—Counts Broadcast and Multicast traffic towards the bandwidth threshold. Broadcast Only—Counts only Broadcast traffic towards the bandwidth threshold. Click Apply. Storm control is modified, and the Running Configuration file is STEP 4 updated. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 318: Configuring Port Security
MAC address is not learned on that port. In addition to one of these actions, you can also generate traps, and limit their frequency and number to avoid overloading the devices. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 319 Max No. of Addresses Allowed—Enter the maximum number of MAC addresses that can be learned on the port if Limited Dynamic Lock learning mode is selected. The number 0 indicates that only static addresses are supported on the interface. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 320: Configuring 802.1X
Guest VLAN and/or non-authenticated VLANs. Authentication of the supplicant is performed by an external RADIUS server through the authenticator. The authenticator monitors the result of the authentication. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 321 The assigned VLAN must not be the default VLAN and must have been created on the switch. • The switch must not be configured to use both a DVA and a MAC-based VLAN group together. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 322 VLAN. • The member ports must be manually configured as tagged members. • The member ports must be trunk and/or general ports. An access port cannot be member of an unauthenticated VLAN. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 323 You can select the Guest VLAN field to have untagged incoming frames go to the guest VLAN. • Define host authentication parameters for each port using the Port Authentication page. • View 802. 1 X authentication history using the Authenticated Hosts page. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 324 Guest VLAN timeout period has expired. If the port state changes from Authorized to Not Authorized, the port is added to the Guest VLAN only after the Guest VLAN timeout has expired. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 325 Click Security > 802.1X > Port Authentication. The Port Authentication page is STEP 1 displayed. This page displays authentication settings for all ports. Select a port, and click Edit. The Edit Port Authentication page is displayed. STEP 2 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 326 VLAN is automatically assigned to the unauthorized ports as an Untagged VLAN. Cleared—Disables Guest VLAN on the port. • Authentication Method—Select the authentication method for the port. The options are: Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 327 • Resending EAP—Enter the number of seconds that the switch waits for a response to an Extensible Authentication Protocol (EAP) request/identity frame from the supplicant (client) before resending the request. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 328 Multiple Sessions—Enables the number of specific authorized hosts to access the port. Each host is treated as if it were the first and only user and must be authenticated. Filtering is based on the source MAC address. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 329 Action on Violation—Select the action to be applied to packets arriving in Single Session/Single Host mode, from a host whose MAC address is not the supplicant MAC address. The options are: Protect (Discard)—Discards the packets. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 330 None—No authentication is applied; it is automatically authorized. RADIUS—Supplicant was authenticated by a RADIUS server. • MAC Address—Displays the supplicant MAC address. Defining Time Ranges Time Range for an explanation of this feature. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 331: Denial Of Service Prevention
Filtering page) • Deny attacks from Stacheldraht Distribution, Invasor Trojan, and Back Orifice Trojan (Security Suite Settings page). The Cisco switch is an advanced switch that handles the following types of traffic, in addition to end-user traffic: • Management traffic •...
Page 332 Click Apply. The Denial of Service prevention Security Suite settings are written to STEP 5 the Running Configuration file. • If Interface-Level Prevention is selected, click the appropriate Edit button to configure the desired prevention. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 333 Enter the parameters. STEP 4 • IP Version—Indicates the supported IP version. Currently, support is only offered for IPv4. • IP Address—Enter an IP addresses to reject. The possible values are: Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 334 • TCP Port—Select the destination TCP port being filtered: Known Ports—Select a port from the list. User Defined—Enter a port number. All Ports—Select to indicate that all ports are filtered. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 335 IP address prefix. • SYN Rate Limit—Enter the number of SYN packets that be received. Click Apply. The SYN rate protection is defined, and the Running Configuration is STEP 4 updated. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 336 Fragments Filtering page is displayed. Click Add. The Add IP Fragments Filtering page is displayed. STEP 2 Enter the parameters. STEP 3 • Interface—Select the interface on which the IP fragmentation is being defined. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 337: Ip Source Guard
IP source guard can be active on an interface only if: DHCP Snooping is enabled on at least one of the port's VLANs The interface is DHCP untrusted. All packets on trusted ports are forwarded. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 338 Enable IP Source Guard in the Security > IP Source Guard > Properties page. STEP 4 Enable IP Source Guard on the untrusted interfaces as required in the Security > STEP 5 IP Source Guard > Interface Settings page. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 339 Select the port/LAG and click Edit. The Edit Interface Settings page is displayed. STEP 3 Select Enable in the IP Source Guard field to enable IP Source Guard on the interface. Click Apply to copy the setting to the Running Configuration file. STEP 4 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 340 Status—Displays whether interface is active. • Type—Displays whether entry is dynamic or static. • Reason—If the interface is not active, displays the reason. The following reasons are possible: No Problem—Interface is active. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 341: Dynamic Arp Inspection
After the attack, all traffic from the device under attack flows through the attacker's computer and then to the router, switch, or host. The following shows an example of ARP cache poisoning. ARP Cache Poisoning Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 342 If the packet's IP address was not found in the ARP access control rules or in the DHCP Snooping Binding database the packet is invalid and is dropped. A SYSLOG message is generated. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 343 Dynamic ARP Inspection Not enabled. ARP Packet Validation Not enabled ARP Inspection Enabled on Not enabled VLAN Log Buffer Interval SYSLOG message generation for dropped packets is enabled at 5 seconds interval Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 344 Addresses include 0.0.0.0, 255.255.255.255, and all IP Multicast addresses. • Log Buffer Interval—Select one of the following options: Retry Frequency—Enable sending SYSLOG messages for dropped packets. Entered the frequency with which the messages are sent. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 345 To add an entry, click Add. The Add ARP Access Control page is displayed. STEP 2 Enter the fields: STEP 3 • ARP Access Control Name—Enter a user-created name. • MAC Address—MAC address of packet. • IP Address—IP address of packet. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 346 To associate an ARP Access Control group with a VLAN, click Add. Select the STEP 3 VLAN number and select a previously-defined ARP Access Control group. Click Apply. The settings are defined, and the Running Configuration file is STEP 4 updated. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 347: Chapter 15: Using The Ssh Client Feature
SCP server to a switch. With respect to SSH, the SCP running on the switch is an SSH client application and the SCP server is a SSH server application. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 348: Protection Methods
The username/password must then be created on the switch. When data is transferred from the server to the switch, the username/password supplied by the switch must match the username/password on the server. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 349 When a private key is created on a switch, it is also possible to create an associated passphrase. This passphrase is used to encrypt the private key and to import it into the remaining switches. In this way, all the switches can use the same public/private key. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 350: Ssh Server Authentication
SSH client authentication by password is enabled by default, with the username/ password being “anonymous”. The user must configure the following information for authentication: • The authentication method to be used. • The username/password or public/private key pair. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 351: Before You Begin
When using the password authentication method, a username/password must be set up on the SSH server. • When using public/private keys authentication method, the public key must be stored on the SSH server. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 352: Common Tasks
Upgrade/backup the firmware or language file, using SCP, by selecting the via SCP (over SSH) option in the Upgrade/Backup Firmware/Language page. d. Download/backup the configuration file, using SCP, by selecting the via SCP (over SSH) option in the Download/Backup Configuration/Log page. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 353: Ssh Client Configuration
RSA or DSA key, if the public/private key method is selected. To select an authentication method, and set the username/password/keys. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 354 To handle an RSA or DSA key, select either RSA or DSA and perform one of the STEP 6 following actions: • Generate—Generate a new key. • Edit—Display the keys for copying/pasting to another device. • Delete—Delete the key. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 355 IP address of the server in the appropriate fields. Enter the Username. This must match the username on the server. STEP 3 Enter the Old Password. This must match the password on the server. STEP 4 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 356 SSH Client Configuration Through the GUI Enter the New Password and confirm it in the Confirm Password field. STEP 5 Click Apply. The password in the SSH server is modified. STEP 6 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 357: Chapter 16: Using The Ssh Server Feature
SSH server application, such as PuTTY. The public keys are entered in the device. The users can then open an SSH session on the device through the external SSH server application. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 358: Common Tasks
Log on to switch B and open the SSH Server Authentication page. Select either STEP 3 the RSA or DSA key, click Edit and paste in the key from switch A. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 359: Ssh Server Configuration Pages
SSH User Name—Enter a user name. • Key Type—Select either RSA or DSA. • Public Key—Copy the public key generated by an external SSH client application (like PuTTY) into this text box. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 360 Display Sensitive Data as Encrypted. to display the text in encrypted form. If new keys were generated, click Apply. The key(s) are stored in the Running STEP 4 Configuration file. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 361: Chapter 17: Using The Ssl Feature
2. Request that the certificate be certified by a CA. 3. Import the signed certificate into the device. Default Settings and Configuration By default, the switch contains a certificate that can be modified. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 362: Ssl Server Authentication Settings
Organization Unit—Specifies the organization-unit or department name. Organization Name—Specifies the organization name. Location—Specifies the location or city name. State—Specifies the state or province name. Country—Specifies the country name. Duration—Specifies the number of days a certification is valid. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 363 RSA key-pair to another device (using copy/paste). When you click Display Sensitive Data as Encrypted., the private keys are displayed in encrypted form. Click Apply to apply the changes to the Running Configuration. STEP 5 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 364: Chapter 18: Secure Sensitive Data
SSD provides users with the flexibility to configure the desired level of protection no protection with sensitive data in plaintext, minimum on their sensitive data; from protection with encryption based on the default passphrase, and better protection with encryption based on user-defined passphrase. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 365: Ssd Management
A device comes with a set of default SSD rules. An administrator can add, delete, and change SSD rules as desired. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 366 User Type will be applied). Specific—The rule applies to a specific user. Default User (cisco)—The rule applies to the default user (cisco). Level 15—The rule applies to users with privilege level 15. All—The rule applies to all users.
Page 367 Each management channel allows specific read presumptions. The following summarizes these. Table 2 Default Read Modes for Read Permissions Read Permission Default Read Mode Allowed Exclude Exclude Encrypted Only *Encrypted Plaintext Only *Plaintext Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 368 CLI/GUI sessions. When the SSD rule applied upon the session login is changed from NOTE within that session, the user must log out and back in to see the change. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 369 Table 3 Default SSD Rules Rule Key Rule Action User Channel Read Default Read Mode Permission Level Secure XML Plaintext Only Plaintext SNMP Level Secure Both Encrypted Level Insecure Both Encrypted Insecure XML Exclude Exclude SNMP Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 370: Ssd Properties
• Controling how the sensitive data is encrypted. • Controling the strength of security on configuration files. • Controling how the sensitive data is viewed within the current session. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 371 When a device is reset to factory default, the local passphrase is reset to the default passphrase. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 372 File Integrity Control command in the file's SSD Control block. If a file is integrity protected but a device finds the integrity of the file is not intact, the device rejects the file. Otherwise, the file is accepted for further processing. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 373: Configuration Files
• The SSD indicator, if it exists, must be in the configuration header file. • A text-based configuration that does not include an SSD indicator is considered not to contain sensitive data. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 374 SSD control block, the device rejects the source file and the copy fails. • If there is no SSD control block in the source configuration file, the SSD configuration in the Startup Configuration file is reset to default. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 375 (meaning read permissions of either Both or Plaintext Only), the device rejects all SSD commands. • When copied from a source file, File SSD indicator, SSD Control Block Integrity, and SSD File Integrity are neither verified nor enforced. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 376 SSD Indicator shows Exclude or Plaintext Only sensitive data. • A user with Encrypted Only permission can access mirror and backup configuration files with their file SSD Indicator showing Exclude or Encrypted sensitive data. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 377 However, for auto configuration to succeed with a user-defined passphrase, the target devices must be manually pre-configured with the same passphrase as the device that generates the files, which is not zero touch. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 378: Ssd Management Channels
Management Channel SSD Management Parallel Secured Channel Type Management Channel Console Secure Telnet Insecure Secure GUI/HTTP Insecure GUI/HTTPS GUI/HTTPS Secure XML/HTTP Insecure-XML- XML/HTTPS SNMP XML/HTTPS Secure-XML-SNMP SNMPv1/v2/v3 without Insecure-XML- Secure-XML-SNMP privacy SNMP Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 379: Menu Cli And Password Recovery
SSD rules are defined in the SSD Rules page. SSD Properties Only users with SSD read permission of Plaintext-only or Both are allowed to set SSD properties. To configure global SSD properties: Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 380 Specific User—Select and enter the specific user name to which this rule applies (this user does not necessarily have to be defined). Default User (cisco)—Indicates that this rule applies to the default user. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 381 Exclude—Do not allow reading the sensitive data. Encrypted—Sensitive data is presented encrypted. Plaintext—Sensitive data is presented as plaintext. The following actions can be performed: STEP 3 • Restore to Default—Restore a user-modified default rule to the default rule. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 382 Secure Sensitive Data Configuring SSD • Restore All Rules to Default—Restore all user-modified default rules to the default rule and remove all user-defined rules. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 383: Chapter 19: Configuring Dhcp
An untrusted port is a port that is not allowed to assign DHCP addresses. By default, all ports are considered untrusted until you declare them trusted (in the DHCP Snooping Interface Settings page). Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 384: Dhcp Relay
The following cases are possible: • DHCP client and DHCP server are connected to the same VLAN. In this case, a regular bridging passes the DHCP messages between DHCP client and DHCP server. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 385: Interactions Between Dhcp Snooping, Dhcp Relay And Option
Relay – Insertion without Option with the inserts Option discards the Disabled original packet Option 82 Bridge – no Bridge – Option 82 is Packet is sent inserted with the original Option 82 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 386 Insertion without Option sent with the Option 82 discards the Disabled original packet Bridge – no Option 82 Option 82 is Bridge – Packet is sent inserted with the original Option 82 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 387 Snooping is disabled: DHCP Relay DHCP Relay VLAN with IP Address VLAN without IP Address Packet arrives Packet arrives Packet arrives Packet arrives without with Option without with Option Option 82 Option 82 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 388 Option 82 without Option 82 Option 82 Bridge – Packet is sent Bridge – Bridge – Packet is sent Packet is sent without with the Option 82 with the Option 82 Option 82 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 389 Option 82 Packet is Packet is Relay – Insertion sent without sent without discards without Option 82 Enabled Option 82 Option 82 Option 82 Bridge – Packet is sent without Option 82 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 390: Dhcp Snooping Binding Database
How the DHCP Snooping Binding Database is Built The following describes the switch handles DHCP packets when both the DHCP client and DHCP server are trusted. The DHCP Snooping Binding database is built in this process. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 391 The DHCP Snooping Binding database is stored in non-volatile memory. DHCP Packet Handling Packet Type Arriving from Arriving from Trusted Ingress Untrusted Ingress Interface Interface DHCPDISCOVER Forward to trusted Forwarded to trusted interfaces interfaces only. only. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 392 DHCPRELEASE Same as Same as DHCPDECLINE. DHCPDECLINE. DHCPINFORM Forward to trusted Forward to trusted interfaces interfaces only. only. DHCPLEASEQUE Filtered. Forward. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 393 Configure interfaces as trusted or untrusted in the IP Configuration > DHCP > STEP 3 DHCP Snooping Interface page. Optional. Add entries to the DHCP Snooping Binding database in the IP STEP 4 Configuration > DHCP > DHCP Snooping Binding Database page. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 394: Dhcp Configuration
Enter the IP address of the DHCP server and click Apply. The settings are written STEP 4 to the Running Configuration file. Defining DHCP Interface Settings In Layer 2, DHCP Relay and Snooping can only be enabled on VLANs with IP addresses. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 395 • The switch does not update the DHCP Snooping Binding database when a station moves to another interface. • If a port is down, the entries for that port are not deleted. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 396 Lease Time—If the entry is dynamic, enter the amount of time that the entry is to be active in the DHCP Database. If there is no Lease Time, check Infinite.) Click Apply. The settings are defined, and the device is updated. STEP 4 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 397: Chapter 20: Access Control
Either a DENY or PERMIT action is applied to frames whose contents match the filter. The switch supports a maximum of 512 ACLs, and a maximum of 512 ACEs. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 398: Access Control Lists
If a frame matches the filter in an ACL, it is defined as a flow with the name of that ACL. In advanced QoS, these frames can be referred to using this Flow name, and QoS can be applied to these frames (see QoS Advanced Mode). Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 399: Defining Mac-Based Acls
Only then can the ACL be modified, as described in the sections of this section. Defining MAC-based ACLs MAC-based ACLs are used to filter traffic based on Layer 2 fields. MAC-based ACLs check all frames for a match. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 400 Such ports can be reactivated from the Port Settings page. • Time Range—Select to enable limiting the use of the ACL to a specific time range. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 401 802.1p Mask—Enter the wildcard mask to be applied to the VPT tag. • Ethertype—Enter the frame Ethertype to be matched. Click Apply. The MAC-based ACE is written to the Running Configuration file. STEP 5 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 402: Ipv4-Based Acls
Enter the name of the new ACL in the ACL Name field. The names are STEP 3 case-sensitive. Click Apply. The IPv4-based ACL is written to the Running Configuration file. STEP 4 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 403 ICMP —Internet Control Message Protocol IGMP —Internet Group Management Protocol IP in IP —IP in IP encapsulation —Transmission Control Protocol —Exterior Gateway Protocol —Interior Gateway Protocol Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 404 Source IP Wildcard Mask—Enter the mask to define a range of IP addresses. Note that this mask is different than in other uses, such as subnet mask. Here, setting a bit as 1 indicates don't care and 0 indicates to mask that value. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 405 Filtered packets are either forwarded or dropped. Filtering packets by TCP flags increases packet control, which increases network security. • Type of Service—The service type of the IP packet. —Any service type DSCP to Match —Differentiated Serves Code Point (DSCP) to match Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 406: Ipv6-Based Acls
Click Apply. The IPv4-based ACE is written to the Running Configuration file. STEP 5 IPv6-Based ACLs IPv6-Based ACL page displays and enables the creation of IPv6 ACLs, which check pure IPv6-based traffic. IPv6 ACLs do not check IPv6-over-IPv4 or ARP packets. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 407 Priority—Enter the priority. ACEs with higher priority are processed first. • Action—Select the action assigned to the packet matching the ACE. The options are as follows: Permit—Forward packets that meet the ACE criteria. Deny—Drop packets that meet the ACE criteria. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 408 MAC address is matched and its mask (if relevant). • Destination IP Prefix Length—Enter the prefix length of the IP address. • Source Port—Select one of the following: Any—Match to all source ports. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 409 Select one of the following options, to configure whether to filter on this code: Any—Accept all codes. User defined—Enter an ICMP code for filtering purposes. Click Apply. STEP 5 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 410: Defining Acl Binding
Select MAC Based ACL—Select a MAC-based ACL to be bound to the interface. • Select IPv4 Based ACL—Select an IPv4-based ACL to be bound to the interface. • Select IPv6 Based ACL—Select an IPv6-based ACL to be bound to the interface. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 411 Click Apply. The ACL binding is modified, and the Running Configuration file is STEP 7 updated. If no ACL is selected, the ACL(s) that is previously bound to the NOTE interface is unbound. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 412: Chapter 21: Configuring Quality Of Service
This section covers the following topics: • QoS Features and Components • Configuring QoS - General • QoS Basic Mode • QoS Advanced Mode • Managing QoS Statistics Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 413: Qos Features And Components
Code Point (DSCP) value for IPv4 or Traffic Class (TC) value for IPv6 in Layer 3. When operating in Basic Mode, the switch trusts this external assigned QoS value. The external assigned QoS value of a packet determines its traffic class and QoS. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 414 The following steps in the workflow, assume that you have chosen to enable QoS. QoS Properties Assign each interface a default CoS priority by using the page. STEP 2 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 415: Configuring Qos - General
QoS mode for the system (Basic, Advanced, or Disabled, as described in the “QoS Modes” section). In addition, the default CoS priority for each interface can be defined. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 416 Default CoS—Select the default CoS (Class-of-Service) value to be assigned for incoming packets (that do not have a VLAN tag). The range is 0-7. Click Apply. The interface default CoS value is written to Running Configuration STEP 2 file. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 417 Click Quality of Service > General > Queue. The Queue page is displayed. STEP 1 Enter the parameters. STEP 2 • Queue—Displays the queue number. • Scheduling Method: Select one of the following options: Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 418 (2 queues: (0-7, 7 being 4, 4 being the Normal and the highest) highest High) priority) Normal Background Normal Best Effort Normal Excellent Effort Normal Critical Application LVS phone SIP Normal Video Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 419 For each 802. 1 p priority, select the Output Queue to which it is mapped. STEP 3 Click Apply. 801. 1 p priority values to queues are mapped, and the Running STEP 4 Configuration file is updated. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 420 The ingress rate limit is the number of bits per second that can be received from the ingress interface. Excess bandwidth above this limit is discarded. The following values are entered for egress shaping: Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 421 Select an interface, and click Edit. The Edit Bandwidth page is displayed. STEP 2 Select the Port or LAG interface. 500 series switches also have an option to STEP 3 select Unit/Port. Enter the fields for the selected interface: STEP 4 •...
Page 422 Committed Burst Size (CBS)—Enter the maximum burst size (CBS) in bytes. CBS is the maximum burst of data allowed to be sent even if a burst exceeds CIR. Click Apply. The bandwidth settings are written to the Running Configuration file. STEP 6 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 423 Committed Burst Size (CBS)—Enter the maximum burst size of data for the egress interface in bytes of data. This amount can be sent even if it temporarily increases the bandwidth beyond the allowed limit. Cannot be entered for LAGs. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 424: Qos Basic Mode
CoS/802. 1 p trusted mode and DSCP trusted mode. CoS/802. 1 p trusted mode uses the 802. 1 p priority in the VLAN tag. DSCP trusted mode use the DSCP value in the IP header. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 425 DSCP Override Table. When Override Ingress DSCP is enabled, the switch uses the new DSCP values for egress queueing. It also replaces the original DSCP values in the packets with the new DSCP values. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 426 STEP 3 Select the Port or LAG interface. STEP 4 Click to enable or disable QoS State for this interface. STEP 5 Click Apply. The Running Configuration file is updated. STEP 6 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 427: Qos Advanced Mode
QoS on the class map (flow) at a port independent of each other. • An aggregate policer applies the QoS to all its flow(s) in aggregation regardless of policies and ports. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 428 Aggregate Policer page. Create a policy that associates a class map with the aggregate policer by using the Policy Table page 5. Bind the policy to an interface by using the Policy Binding page Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 429 DSCP Override Table. When Override Ingress DSCP is enabled, the switch uses the new DSCP values for egress queueing. It also replaces the original DSCP values in the packets with the new DSCP values. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 430 30 respectively. If this traffic is forwarded to another service provider that has the same three levels of service, but uses DSCP values 16, 24, and 48, Out of Profile DSCP Mapping changes the incoming values as they are mapped to the outgoing values. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 431 Click Quality of Service > QoS Advanced Mode > Class Mapping. The Class STEP 1 Mapping page is displayed. This page displays the already-defined class maps. Click Add. The Add Class Mapping page is displayed. STEP 2 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 432 This can be done by using the ACLs in the class map(s) to match the desired traffic, and by using a policer to apply the QoS on the matching traffic. QoS policers are not supported when the switch is in Layer 3 system mode. NOTE Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 433 An aggregate policer applies the QoS to one or more class maps, therefore one or more flows. An aggregation policer can support class maps from different policies and applies the QoS to all its flow(s) in aggregation regardless of policies and ports. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 434 QoS polices defined in the system. The page also allows you to create and delete polices. Only those policies that are bound to an interface are active (see Policy Binding page). Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 435 Select a policy in the Filter, and click Go. All class maps in that policy are STEP 2 displayed. To add a new class map, click Add. The Add Policy Class Map page is displayed. STEP 3 Enter the parameters. STEP 4 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 436 Aggregate, select a previously-defined (in the Aggregate Policer page) aggregate policer. If Police Type is Single, enter the following QoS parameters: • Ingress Committed Information Rate (CIR)—Enter the CIR in Kbps. See a description of this in the Bandwidth page Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 437 Select a Policy Name and Interface Type if required. STEP 2 Click Go. The policy is selected. STEP 3 Select the following for the policy/interface: STEP 4 • Binding—Select to bind the policy to the interface. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 438: Managing Qos Statistics
This page displays the following fields: • Interface—Statistics are displayed for this interface. • Policy—Statistics are displayed for this policy. • Class Map—Statistics are displayed for this class map. • In-Profile Bytes—Number of in-profile bytes received. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 439 Click Apply. An additional request for statistics is created, and the Running STEP 4 Configuration file is updated. Viewing Queues Statistics The Queues Statistics page displays queue statistics, including statistics of forwarded and dropped packets, based on interface, queue, and drop precedence. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 440 STEP 2 Enter the parameters. STEP 3 • Counter Set—Select the counter set: Set 1—Displays the statistics for Set 1 that contains all interfaces and queues with a high DP (Drop Precedence). Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 441 Queue—Select the queue for which statistics are displayed. • Drop Precedence—Enter drop precedence that indicates the probability of being dropped. Click Apply. The Queue Statistics counter is added, and the Running Configuration STEP 4 file is updated. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 442: Chapter 22: Configuring Snmp
SNMP Versions and Workflow The switch functions as SNMP agent and supports SNMPv1, v2, and v3. It also reports system events to trap receivers using the traps defined in the supported MIBs (Management Information Base). Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 443 For security reasons, SNMP is disabled by default. Before you can NOTE Security >TCP/ manage the switch via SNMP, you must turn on SNMP on the UDP Services page The following is the recommended series of actions for configuring SNMP: Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 444 If the SNMP Engine ID is not set, then users may not be created. Trap Settings Optionally, enable or disable traps by using the page STEP 5 Notification Filter Optionally, define a notification filter(s) by using the page STEP 6 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 445: Model Oids
52-Port Gigabit PoE Stackable Managed Switch SG500X-24 9.6. 1 .85.24. 1 24-Port Gigabit with 4-Port 10-Gigabit Stackable Managed Switch SG500X 24P 9.6. 1 .85.24.2 24-Port Gigabit with 4-Port 10-Gigabit PoE Stackable Managed Switch Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 446: Snmp Engine Id
ID is based on the switch MAC address, and is defined per standard First 4 octets—First bit = 1, the rest is the IANA enterprise number. Fifth octet—Set to 3 to indicate the MAC address that follows. Last 6 octets—MAC address of the switch. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 447 Link Local is selected) from the list. • Server IP Address/Name—Enter the IP address or domain name of the log server. • Engine ID—Enter the Engine ID. Click Apply. The Running Configuration file is updated. STEP 5 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 448: Configuring Snmp Views
In order to verify your view configuration, select the user-defined views from the STEP 6 Filter: View Name list. The following views exist by default: • Default—Default SNMP view for read and read/write views. • DefaultSuper—Default SNMP view for administrator views. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 449: Creating Snmp Groups
It becomes operational when it is associated with an SNMP user or community. Views To associate a non-default view with a group, first create the view in the NOTE page. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 450 MIBs except those that control SNMP itself. Write—Management access is write for the selected view. Otherwise, a user or a community associated with this group is able to write all MIBs except those that control SNMP itself. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 451: Managing Snmp Users
Click Add. The page is displayed. STEP 2 This page provides information for assigning SNMP access control privileges to SNMP users. Enter the parameters. STEP 3 • User Name—Enter a name for the user. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 452 • Privacy Password—16 bytes are required (DES encryption key) if the DES privacy method was selected. This field must be exactly 32 hexadecimal characters. The Encrypted or Plaintext mode can be selected. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 453: Defining Snmp Communities
SNMP Management Station—Click User Defined to enter the management STEP 3 station IP address that can access the SNMP community. Click All to indicate that any IP device can access the SNMP community. • IP Version—Select either IPv4 or IPv6. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 454 View Name—Select an SNMP view (a collection of MIB subtrees to which access is granted). • Advanced—Select this mode for a selected community. Group Name—Select an SNMP group that determines the access rights. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 455: Defining Trap Settings
When an event arises that requires a trap message to be sent, it is sent to every node listed in the Notification Recipient Table. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 456 Link Local Interface—If the IPv6 address type is Link Local, select whether it is received through a VLAN or ISATAP. • Recipient IP Address—Enter the IP address of where the traps are sent. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 457 STEP 2 Enter the parameters. STEP 3 • IP Version—Select either IPv4 or IPv6. • IPv6 Address Type—Select the IPv6 address type (if IPv6 is used). The options are: Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 458 Authentication and Privacy. The options are: No Authentication —Indicates the packet is neither authenticated nor encrypted. Authentication —Indicates the packet is authenticated but not encrypted. Privacy —Indicates the packet is both authenticated and encrypted. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 459: Snmp Notification Filters
Down arrow to descend to the level of the selected node's children. Click nodes in the view to pass from one node to its sibling. Use the scrollbar to bring siblings in view. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 460 Select or deselect Include in filter. If this is selected, the selected MIBs are STEP 4 included in the filter, otherwise they are excluded. Click Apply. The SNMP views are defined and the running configuration is STEP 5 updated. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 461: Overview
To enable IP Routing from the web-based interface, go to Configuration > NOTE Management and IP Interface > IPv4 interface page on the SG500X models. The IP Routing control is available on the SG500X models only. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 462: How Rip Operates On The Device
In this way, the relative cost of the interfaces can be adjusted as desired. It is your responsibility to set the offset for each interface (1 by default). Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 463 In this case, the router is passive, and only receives the updated RIP information on this interface. By default, transmission of routing updates on an IP interface is enabled. RIP Settings on an IP Interface for more information. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 464 Causes RIP to use the predefined default metric value for the propagated static route configuration. • Transparent (default) Causes RIP to use the routing table metric as the RIP metric for the propagated static route configuration. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 465 The static route configuration of router rB, can be propagated to router rC using either the default metric or transparent system. A static route is redistributed either with the static route's metric (transparent metric) or with the metric defined by the default-metric command. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 466 RIP Peers Database You can monitor the RIP peers database per IP interface. See Displaying the RIP Peers Database for a description of these counters. Configuring RIP The following actions can be performed. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 467 Disable—Disable RIP. Disabling RIP deletes the RIP configuration on the system. Shutdown—Set the RIP global state to shutdown. • Redistribute Static Route—Select to enable this feature (described in Redistributing Static Route Configuration. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 468 • Authentication—RIP authentication state (enable/disable) on a specified IP interface. The following options are available: None—There is no authentication performed. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 469 To view the RIP statistical counters for each IP address: Click IP Configuration > RIPv2 > RIPv2 Statistics. The RIPv2 Statistics page is STEP 1 displayed. The following fields are displayed: • IP Interface—IP interface defined on the Layer 2 interface. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 470 Last Updated—Indicates the last time RIP received RIP routes from the remote IP address. To clear all counters, click Clear All Interface Counters. STEP 2 Configuring Access Lists Filtering Routing Updates for a description of access lists. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 471 Action—Select an action for the access list. The following options are available: Permit—Permit entry of packets from the IP address(es) in the access list. Deny—Reject entry of packets from the IP address(es) in the access list. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 472 This feature is only relevant for SG500X devices. NOTE This section describes how to configure key chains for applications and protocols, such as RIP. See RIP Authentication for a description of how RIP uses key chain for authentication. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 473 If you select User Defined, the system time must be set either NOTE manually or from SNTP. Otherwise, Accept Life Time and Send Life Times always fail. • Start Date—Enter the earliest date that the key-identifier is valid. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 474 Key Identifier—Integer identifier for the key chain. • Key String—Value of the key chain string. Enter one of the following options: User Defined (Encrypted)—Enter an encrypted version. User Defined (Plaintext)—Enter a plaintext version Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 475 To always display sensitive data as plaintext (and not in encrypted form), click STEP 4 Display Sensitive Data as Plaintext. Click Apply. The settings are written to the Running Configuration file. STEP 5 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 476 VRRP also enables load sharing of traffic. Traffic can be shared equitably among available routers by configuring VRRP in such a way that traffic to and from LAN clients are shared by multiple routers. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 477 The VRRP router that is the IP address owner responds/processes packets whose NOTE destination is to the IP address. The VRRP router that is the virtual router master, but not the IP address owner, does not respond/process those packets. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 478 The following shows a LAN topology in which VRRP is configured. Routers A and B share the traffic to and from clients 1 through 4 and Routers A and B act as virtual router backups to each other if either router fails. Load Sharing VRRP Topology Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 479 IPv4 VRRPv3 and VRRPv2 based on RFC5798. VRRPv3 and VRRP v2 messages are sent. • IPv4 VRRPv2 based on RC3768. VRRPv2 messages are sent. Configuring the VRRP version is per virtual router. The default is VRRPv2. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 480 If a VRRP router (the physical router) is the owner of the virtual router’s IP addresses, the virtual router’s IP address must be configured manually on the VRRP router, not DHCP assigned. Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 481 If a virtual router is the owner of the IP address, its VRRP priority is automatically assigned with priority of 255 by the system, and the VRRP router (on which this virtual router is assigned) automatically functions as a virtual router master if it is Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 482 Click IP Configuration > IPv4 VRRP Virtual Routers. The IPv4 VRRP Virtual STEP 1 Routers page opens. To add a virtual router, click ADD. The Add Virtual Router page opens. STEP 2 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 483 Interface—The Layer 2 interface (port, LAG or VLAN) on which the virtual router is defined • VRID—The virtual router identification number. • Virtual Router MAC Address—The virtual MAC address of the virtual router Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 484 Advertisement Interval—The advertisement interval of the virtual router. • Source IP Address—IP address used as source IP address in VRRP messages. Click Apply. The settings are written to the Running Configuration file. STEP 6 Cisco 500 Series Stackable Managed Switch Administration Guide...
Page 485 Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.

Cisco 500 series Administration Manual

Chapter 1: Getting Started

Chapter 2: Viewing Statistics

Chapter 3: Managing System Logs

Chapter 4: Managing System Files

Chapter 5: Configuring Discovery

Chapter 6: Port Management

Chapter 7: Smartports

Chapter 8: Managing Power-Over-Ethernet Devices

Chapter 9: VLAN Management

Chapter 10: Configuring the Spanning Tree Protocol

Chapter 11: Managing MAC Address Tables

Chapter 12: Configuring Multicast Forwarding

Chapter 13: Configuring IP Information

Chapter 14: Configuring Security

Chapter 15: Using the SSH Client Feature

Chapter 16: Using the SSH Server Feature

Chapter 17: Using the SSL Feature

Chapter 18: Secure Sensitive Data

Chapter 19: Configuring DHCP

Chapter 20: Access Control

Chapter 21: Configuring Quality of Service

Chapter 22: Configuring SNMP

Chapter 23 : VRRP

Chapter 24: RIP

Quick Links

Related Manuals for Cisco 500 series

Summary of Contents for Cisco 500 series