ADMINISTRATION GUIDE Cisco Small Business 200 Series Smart Switch Administration Guide Release 1.
Contents Chapter 1: Getting Started Starting the Web-based Switch Configuration Utility 1 1 Launching the Configuration Utility 1 Logging In 2 Password Expiration 5 Logging Out 5 Quick Start Switch Configuration 6 Window Navigation 7 Application Header 7 Management Buttons 9 Chapter 2: Viewing Statistics 12 Viewing Ethernet Interface 12 Viewing Etherlike Statistics 15 Viewing 802.
Contents Chapter 4: Managing System Files 39 Upgrade/Backup Firmware/Language 42 Downloading or Backing-up a Configuration or Log 45 Displaying Configuration File Properties 49 Copying Configuration Files 50 Setting DHCP Auto Configuration 52 Chapter 5: System Time 55 System Time Options 56 Configuring System Time 57 Adding an SNTP Server 59 Defining SNTP Authentication 63 Chapter 6: General Administrative Information and Operations 66 System Information 67 Displaying the System S
Contents Displaying LLDP Port Status 90 Displaying LLDP Local Information 92 Displaying LLDP Neighbors Information 96 Accessing LLDP Statistics 101 LLDP Overloading 102 Chapter 8: Port Management Configuring Ports 106 106 Port Management Workflow 106 Setting the Basic Port Configuration 107 Configuring Link Aggregation 111 Static and Dynamic LAG Workflow 112 Defining LAG Management 113 Defining Member Ports in a LAG 114 Configuring LAG Settings 115 Configuring LACP 117 Setting P
Contents Configuring PoE Properties 137 Configuring the PoE Power, Priority, and Class 139 Chapter 11: VLAN Management 143 VLANs 143 Configuring Default VLAN Settings 145 Creating VLANs 147 Configuring VLAN Interface Settings 150 Defining VLAN Membership 153 Configuring Port to VLAN 154 Configuring VLAN to Port 155 Viewing VLAN Membership 158 Voice VLAN 159 Voice VLAN Options 160 Configuring Voice VLAN Properties 161 Configuring Telephony OUI 163 Chapter 12: Configuring the Sp
Contents Typical Multicast Setup 183 Multicast Operation 183 Multicast Registration 184 Multicast Address Properties 185 Defining Multicast Properties 185 Adding MAC Group Address 188 Adding IP Multicast Group Address 192 Configuring IGMP Snooping 195 Configuring MLD Snooping 199 Viewing GMP/MLD IP Multicast GroupsI 202 Defining Multicast Router Ports 203 Defining Forward All Multicast 205 Defining Unregistered Multicast Settings 207 Chapter 15: Configuring IP Information Manageme
Contents Chapter 16: Configuring Security Defining Users 238 240 Setting User Accounts 240 Setting Password Complexity Rules 242 Configuring RADIUS Parameters 244 Configuring Management Access Authentication 248 Defining Access Profiles 250 Displaying, Adding, or Activating an Access Profile 251 Defining Profile Rules 254 Configuring TCP/UDP Services 257 Defining Storm Control 259 Configuring Port Security 262 Configuring 802.1X 265 802.1X Parameters Workflow 266 Defining 802.
1 Getting Started This section provides an introduction to the user interface, and includes the following topics: • Starting the Web-based Switch Configuration Utility • Quick Start Switch Configuration • Window Navigation Starting the Web-based Switch Configuration Utility This section describes how to navigate the web-based switch configuration utility. If you are using a pop-up blocker, make sure it is disabled.
Getting Started Starting the Web-based Switch Configuration Utility 1 Launching the Configuration Utility To open the user interface: STEP 1 Open a Web browser. STEP 2 Enter the IP address of the switch you are configuring in the address bar on the browser, and then press Enter. The Login page opens. NOTE When the switch is using the factory default IP address of 192.168.1.254, its power LED flashes continuously.
Getting Started Starting the Web-based Switch Configuration Utility 1 If you entered an incorrect username or password, an error message is displayed and the Login page remains displayed on the window. If you are having problems logging in, please see the Launching the Configuration Utility section in the Administration Guide for additional information. Select Don’t show this page on startup to prevent the Getting Started page from being displayed each time that you logon to the system.
1 Getting Started Quick Start Switch Configuration port appropriately for the device. These configuration commands are written to the Running Configuration file. This causes the Save icon to begin blinking when the user logs on even though the user did not make any configuration changes. When you click Save, the Copy/Save Configuration page is displayed. Save the Running Configuration file by copying it to the Startup Configuration file.
1 Getting Started Quick Start Switch Configuration Links on the Getting Started page (Continued) Category Quick Access Link Name (on the Page) Linked Page View Log RAM Memory page Change Device Password User Accounts page Upgrade Device Software Upgrade/Backup Firmware/ Language page Backup Device Configuration Download/Backup Configuration/Log page Configure QoS QoS Properties page Configure Port Mirroring Port and VLAN Mirroring page There are two hot links on the Getting Started page th
1 Getting Started Window Navigation Window Navigation This section describes the features of the web-based switch configuration utility. Application Header Application Header The Application Header is displayed on every page.
1 Getting Started Window Navigation Application Links (Continued) Application Link Name Description About Click to display the switch name and switch version number. Help Click to display the online help. The SYSLOG Alert Status icon is displayed when a SYSLOG message, above the critical severity level, is logged. Click the icon to open the RAM Memory page. After you access this page, the SYSLOG Alert Status icon is no longer displayed.
1 Getting Started Window Navigation Management Buttons (Continued) Button Name Description Apply Click to apply changes to the Running Configuration on the switch. If the switch is rebooted, the Running Configuration is lost, unless it is saved to the Startup Configuration file type or another file type. Click Save to display the Copy/ Save Configuration page and save the Running Configuration to the Startup Configuration file type on the switch. Cancel Click to reset changes made on the page.
1 Getting Started Window Navigation Management Buttons (Continued) Button Name Description Edit Select the entry and click Edit to open the entries for editing. The Edit page opens, and the entry can be modified. 1. Click Apply to save the changes to the Running Configuration. 2. Click Close to return to the main page. Go Enter the query filtering criteria and click Go. The results are displayed on the page. Test Click Test to perform the related tests. Cisco Small Business 200 1.
2 Viewing Statistics This section describes how to view switch statistics. It contains the following sections: • Viewing Ethernet Interface • Viewing Etherlike Statistics • Viewing 802.1X EAP Statistics • Managing RMON Viewing Ethernet Interface The Interface page displays traffic statistics per port. The refresh rate of the information can be selected. This page is useful for analyzing the amount of traffic that is both sent and received and its dispersion (Unicast, Multicast, and Broadcast).
2 Viewing Statistics Viewing Etherlike Statistics - 60 Sec—Statistics are refreshed every 60 seconds. The Receive Statistics area displays information about incoming packets. • Total Bytes (Octets)—Octets received, including bad packets and FCS octets, but excluding framing bits. • Unicast Packets—Good Unicast packets received. • Multicast Packets—Good Multicast packets received. • Broadcast Packets—Good Broadcast packets received. • Packets with Errors—Packets with errors received.
2 Viewing Statistics Viewing Etherlike Statistics • Interface—Select the type of interface and specific interface for which Ethernet statistics are to be displayed. • Refresh Rate—Select the amount of time that passes before the Etherlike statistics are refreshed. The fields are displayed for the selected interface. • Frame Check Sequence (FCS) Errors—Received frames that failed the CRC (cyclic redundancy checks).
2 Viewing Statistics Viewing 802.1X EAP Statistics Viewing 802.1X EAP Statistics The 802.1x EAP page displays detailed information regarding the EAP (Extensible Authentication Protocol) frames that were sent or received. To configure the 802.1X feature, see the 802.1X Properties page. To view the EAP Statistics: STEP 1 Click Status and Statistics > 802.1X EAP. The 802.1x EAP page opens. STEP 2 Select the Port that is polled for statistics.
2 Viewing Statistics Managing RMON • Last EAPOL Frame Source—Source MAC address attached to the most recently received EAPOL frame. To clear the counters for a specified interface, click Clear Interface Counters. To clear the counters for all interfaces, click Clear All Interface Counters. Managing RMON RMON (Remote Networking Monitoring) enables the switch to proactively monitor traffic statistics over a given period.
2 Viewing Statistics Managing RMON The statistics are displayed for the selected interface. • Bytes Received (Octets)—Number of octets received, including bad packets and FCS octets, but excluding framing bits. • Drop Events—Number of packets that were dropped. • Packets Received—Number of good packets received, including Multicast and Broadcast packets. • Broadcast Packets Received—Number of good Broadcast packets received. This number does not include Multicast packets.
2 Viewing Statistics Managing RMON • Frames of 128 to 255 Bytes—Number of frames, containing 128-255 bytes that were received. • Frames of 256 to 511 Bytes—Number of frames, containing 256-511 bytes that were received. • Frames of 512 to 1023 Bytes—Number of frames, containing 512-1023 bytes that were received. • Frames greater than 1024 Bytes—Number of frames, containing 10241632 bytes, and Jumbo Frames, that were received. STEP 4 Select another interface in the Interface field.
3 Managing System Logs This section describes the System Log feature, which enables the switch to keep several independent logs. Each log is a set of messages recording system events. The switch generates the following local logs: • Log sent to the console interface • Log written into a cyclical list of logged events in RAM and is erased when the switch reboots. • Log written to a cyclical log-file saved to Flash memory and persists across reboots.
3 Managing System Logs Setting System Log Settings The event severity levels are listed from the highest severity to the lowest severity, as follows: • Emergency—System is not usable. • Alert—Action is needed. • Critical—System is in a critical condition. • Error—System is in error condition. • Warning—System warning has occurred. • Notice—System is functioning properly, but a system notice has occurred. • Informational—Device information.
3 Managing System Logs Setting Remote Logging Settings • RAM Memory Logging—Select the severity levels of the messages to be logged to RAM. • Flash Memory Logging—Select the severity levels of the messages to be logged to Flash memory. STEP 3 Click Apply. The Running Configuration file is updated. Setting Remote Logging Settings The Remote Log Servers page enables defining remote SYSLOG servers where log messages are sent (using the SYSLOG protocol).
3 Managing System Logs Viewing Memory Logs • Log Server IP Address/Name—Enter the IP address or domain name of the log server. • UDP Port—Enter the UDP port to which the log messages are sent. • Facility—Select a facility value from which system logs are sent to the remote server. Only one facility value can be assigned to a server. If a second facility code is assigned, the first facility value is overridden. • Description—Enter a server description.
3 Managing System Logs Viewing Memory Logs To view log entries, click Status and Statistics > View Log > RAM Memory. The RAM Memory page opens. The top of the page has a button that allows you to Disable Alert Icon Blinking. Click to toggle between disable and enable. This page displays the following fields: • Log Index—Log entry number. • Log Time—Time when message was generated. • Severity—Event severity. • Description—Message text describing the event.
4 Managing System Files You can choose the firmware file from which the switch boots. You can also copy file types internally on the switch, or to or from an external device, such as a PC. The methods of file transfer are: • Internal copy. • HTTP that uses the facilities that the browser provides. • TFTP client, requiring a TFTP server. Configuration files on the switch are defined by their type, and contain the settings and parameter values for the device.
4 Managing System Files To preserve any changes made to the switch, you must save the Running Configuration to the Startup Configuration, or another file type if you do not want the switch to reboot with this configuration. If you have saved the Running Configuration to the Startup Configuration, when the switch is rebooted, it recreates a Running Configuration that includes the changes you have made since the last time the Running Configuration was saved to the Startup Configuration.
4 Managing System Files • Language File—The dictionary that allows the windows to be displayed in the selected language. • Flash Log—SYSLOG messages stored in Flash memory. File Actions The following actions can be performed to manage firmware and configuration files: • Upgrade the firmware or boot code, or replace a language as described in Upgrade/Backup Firmware/Language section.
Managing System Files Upgrade/Backup Firmware/Language 4 It includes the following topics: • Upgrade/Backup Firmware/Language • Downloading or Backing-up a Configuration or Log • Displaying Configuration File Properties • Copying Configuration Files • Setting DHCP Auto Configuration Upgrade/Backup Firmware/Language The Upgrade/Backup Firmware/Language process can be used to: • Upgrade or backup the firmware image • Upgrade or backup the boot code • Import a new language file, upgrade an exi
Managing System Files Upgrade/Backup Firmware/Language 4 To download or backup a system or language file: STEP 1 Click Administration > File Management > Upgrade/Backup Firmware/ Language. The Upgrade/Backup Firmware/Language page opens. STEP 2 Click the Transfer Method. If you selected TFTP, go to STEP 3. If you selected HTTP, go to STEP 4. STEP 3 If you selected TFTP, enter the parameters as described in this step. Otherwise, skip to STEP 4. Select either the Upgrade or Backup Save Action.
Managing System Files Upgrade/Backup Firmware/Language 4 Backup Save Action—Specifies that a copy of the file type is to be saved to a file on another device. Enter the following fields: a. File Type—Select the source file type. Only valid file types can be selected. (The file types are described in the Files and File Types section.) b. Server Definition—Select either By IP Address or By name. c. IP Version—Select whether an IPv4 or an IPv6 address is used. d.
Managing System Files Downloading or Backing-up a Configuration or Log 4 STEP 1 Click Delete Language. STEP 2 A confirmation window appears asking you to click OK to remove the file. STEP 3 Click OK to remove the file. If you already have a second language file and want to load another, you will receive a confirmation window asking you to click OK if you want to replace the existing language file with a new one.
Managing System Files Downloading or Backing-up a Configuration or Log 4 Select either Download or Backup as the Save Action. Download Save Action—Specifies that the file on another device will replace a file type on the switch. Enter the following fields: a. Server Definition—Select whether to specify the TFTP server by IP address or by domain name. b. IP Version—Select whether an IPv4 or an IPv6 address is used.
Managing System Files Downloading or Backing-up a Configuration or Log 4 Backup Save Action—Specifies that a file type is to be copied to a file on another device. Enter the following fields: a. Server Definition—Select whether to specify the TFTP server by IP address or by domain name. a. IP Version—Select whether an IPv4 or an IPv6 address is used. b. IPv6 Address Type—Select the IPv6 address type (if used).
Managing System Files Displaying Configuration File Properties 4 If for the Save Action you selected Backup to specify that a file type is to be copied to a file on another device, do the following: a. Source File Type—Select the configuration file type. Only valid file types are displayed. (The file types are described in the Files and File Types section.) b. Click Apply. The Download/Backup Configuration/Log window displays. STEP 5 Click Done.
4 Managing System Files Copying Configuration Files ! CAUTION Unless the Running Configuration is copied to the Startup Configuration or another configuration file, all changes made since the last time the file was copied are lost when the switch is rebooted. The following combinations of copying internal file types are allowed: • From the Running Configuration to the Startup Configuration or Backup Configuration. • From the Startup Configuration to the Backup Configuration.
4 Managing System Files Setting DHCP Auto Configuration Setting DHCP Auto Configuration Dynamic Host Configuration Protocol (DHCP) provides a means of passing configuration information (including the IP address of a TFTP server and a configuration file name) to hosts on a TCP/IP network. By default, the switch is enabled as a DHCP client.
4 Managing System Files Setting DHCP Auto Configuration To configure DHCP server auto configuration: STEP 1 Click Administration > File Management > DHCP Auto Configuration. The DHCP Auto Configuration page opens. STEP 2 Enter the values. • Auto Configuration Via DHCP—Select this field to enable the automatic transfer of a configuration file from a TFTP server to the Startup Configuration on the switch. • Server Definition—Select By IP Address or By name.
5 System Time Network time synchronization is critical because every aspect of managing, securing, planning, and debugging a network involves determining when events occur. Time provides a frame of reference between all devices on the network. Without synchronized time, accurately correlating log files between devices, for instance when tracking security breaches or network usage, is not possible.
5 System Time System Time Options System Time Options System time can be set manually by the user, dynamically by using an SNTP server, or synchronized from the pc running the GUI. If an SNTP server is chosen, the manual time settings are overwritten when communications with the server are established. As part of the boot process, the switch always configures the time, time zone, and DST in some way.
5 System Time Configuring System Time NOTE Receiving the time from the computer configuring the switch should be the last resort, such as after a power outage when no other time source is available.
5 System Time Configuring System Time Clock Source Settings—Select the source used to set the system clock. • Main Clock Source (SNTP Servers)—The system time is obtained from an SNTP server. To use this feature, you must also add an SNTP server or enable SNTP Broadcast mode by using the SNTP Settings page. Optionally, enforce authentication of the SNTP sessions by using the SNTP Authentication page. This feature does not function when the switch is in layer 3 mode.
5 System Time Configuring System Time - European—DST will be set according to the dates used by the European Union and other countries that use this standard. - By Dates—DST will be set manually, typically for a country other than the USA or a European country. Enter the following parameters: - Recurring—DST occurs on the same date every year. Enter the following parameters: Selecting By Dates allows customization of the start and stop of DST: • From—Day and time that DST starts.
5 System Time Adding an SNTP Server Adding an SNTP Server Up to eight SNTP servers can be configured. In addition to configuring SNTP server(s), enable this feature by using the SNTP Settings page. NOTE To specify an SNTP server by name, you must first configure DNS server(s) on the switch (see the Defining DNS Servers section). The switch supports the following modes: • Broadcast—The SNTP server broadcasts the time, and the switch listens to these broadcasts.
5 System Time Adding an SNTP Server - In Process—Occurs when the SNTP server has not fully trusted it's own time server (i.e. when first booting up the NTP server). • Last Response—Date and time of the last time a response was received from this SNTP server. • Offset—The estimated offset of the server's clock relative to the local clock, in milliseconds. The host determines the value of this offset using the algorithm described in RFC 2030.
5 System Time Defining SNTP Authentication • Link Local Interface—Select the link local interface (if IPv6 Address Type Link Local is selected) from the list. • SNTP Server IP Address—Enter the SNTP server IP address. The format depends on which address type was selected. • SNTP Server—Select the name of the SNTP server from a list of well-known SNTP servers. If other is chosen, enter name of SNTP server in the adjacent field.
5 System Time Defining SNTP Authentication To define SNTP authentication: STEP 1 Click Administration > Time Settings > SNTP Authentication. The SNTP Authentication page opens. STEP 2 Select SNTP Authentication to require authentication of an SNTP session between the switch and an SNTP server. STEP 3 Click Apply to update the switch. STEP 4 Click Add. The Add SNTP Authentication page opens.
6 General Administrative Information and Operations This section describes how to view system information and configure various options on the switch.
General Administrative Information and Operations System Information 6 System information: • System Description—A description of the system. • System Location—Physical location of the switch. Click Edit to go the System Settings page to enter this value. • System Contact—Name of a contact person. Click Edit to go the System Settings page to enter this value. • Host Name—Name of the switch. Click Edit to go the System Settings page to enter this value.
General Administrative Information and Operations System Information 6 • Locale—Locale of the first language. (This is always English.) • Language Version—Language package version of the first or English language. • Language MD5 Checksum—MD5 checksum of the language file. • Locale—Locale of the second language. • Language Version—Language package version of the second language. • Language MD5 Checksum—MD5 checksum of the secondary language file.
6 General Administrative Information and Operations Switch Models • Custom Login Screen Settings—If you want text to be displayed on the Login page, enter the text in the Login Banner text box. Click Preview to view the results. NOTE When the user defines a login banner from the web interface, it also activates the banner for the CLI interfaces (Console, Telnet, and SSH). STEP 3 Click Apply to set the values in the Running Configuration file.
6 General Administrative Information and Operations Switch Models Smart Switch Models (Continued) Model Name Product ID (PID) Description of Ports on Device Power Dedicated to PoE No.
General Administrative Information and Operations Rebooting the Switch 6 Rebooting the Switch Some configuration changes, such as enabling jumbo frame support, require the system to be rebooted before they take effect. However, rebooting the switch deletes the Running Configuration, so it is critical that the Running Configuration is saved to the Startup Configuration before the switch is rebooted. Clicking Apply does not save the configuration to the Startup Configuration.
General Administrative Information and Operations Monitoring the Fan Status and Temperature 6 Monitoring the Fan Status and Temperature The Health page displays the switch fan status and temperature on the following devices: SG200-50P The page displays the fan status only on the rest of the devices. To view the switch health parameters, click Status and Statistics > Health. The Health page opens. The Health page displays the following fields: • Fan Status—Fan status.
General Administrative Information and Operations Pinging a Host 6 Pinging a Host Ping is a utility used to test if a remote host can be reached and to measure the round-trip time for packets sent from the switch to a destination device. Ping operates by sending Internet Control Message Protocol (ICMP) echo request packets to the target host and waiting for an ICMP response, sometimes called a pong. It measures the round-trip time and records any packet loss.
General Administrative Information and Operations Pinging a Host 6 STEP 3 Click Activate Ping to ping the host. The ping status is displayed and another message is added to the list of messages, indicating the result of the ping operation. STEP 4 View the results of ping in the Ping Counters and Status section of the page. Cisco Small Business 200 1.
7 Configuring Discovery This section provides information for configuring Discovery. It includes the following topics: • Configuring Bonjour Discovery • LLDP and CDP • Configuring LLDP • Configuring CDP Configuring Bonjour Discovery As a Bonjour client, the switch periodically broadcasts Bonjour Discovery protocol packets to directly-connected IP subnet(s), advertising its existence and the services that it provides, for example HTTP or HTTPS.
7 Configuring Discovery LLDP and CDP By default, Bonjour is enabled on all interfaces that are members of the Management VLAN. To globally enable Bonjour: STEP 1 Click Administration > Discovery - Bonjour. The Discovery - Bonjour page opens. STEP 2 Select Enable to enable Bonjour Discovery globally on the switch. STEP 3 Click Apply. Bonjour is enabled or disabled on the switch according to the selection.
7 Configuring Discovery LLDP and CDP • If CDP/LLDP is globally disabled, the switch can be configured to discard, VLAN-aware flooding, or VLAN-unaware flooding of all incoming CDP/LLDP packets. VLAN-aware flooding floods an incoming CDP/LLDP packet to the VLAN where the packet is received excluding the ingress port. VLANunaware flooding floods an incoming CDP/LLDP packet to all the ports excluding the ingress port. The default is to discard CDP/LLDP packets when CDP/LLDP is globally disabled.
7 Configuring Discovery Configuring LLDP Configuring LLDP This section describes how to configure LLDP.
7 Configuring Discovery Configuring LLDP LLDP Configuration Workflow Following are examples of actions that can be performed with the LLDP feature and in a suggested order. You can refer to the LLDP/CDP section for additional guidelines on LLDP configuration. LLDP configuration pages are accessible under the Administration > Discovery LLDP menu. 1. Enter LLDP global parameters, such as the time interval for sending LLDP updates using the LLDP Properties page. 2.
7 Configuring Discovery Configuring LLDP • TLV Advertise Interval—Enter the rate in seconds at which LLDP advertisement updates are sent or use the default. • Topology Change System Log Notification Interval—Enter the minimum time interval between system log notifications. • Hold Multiplier—Enter the amount of time that LLDP packets are held before the packets are discarded, measured in multiples of the TLV Advertise Interval.
7 Configuring Discovery Configuring LLDP This page provides the following fields: • Interface—Select the port to be defined. • Administrative Status—Select the LLDP publishing option for the port. The values are: • - Tx Only—Publishes but does not discover. - Rx Only—Discovers but does not publish. - Tx & Rx—Publishes and discovers. - Disable—Indicates that LLDP is disabled on the port.
7 Configuring Discovery Configuring LLDP - 802.3 Link Aggregation—Whether the link (associated with the port on which the LLDP PDU is transmitted) can be aggregated. It also indicates whether the link is currently aggregated, and if so, provides the aggregated port identifier. - 802.3 Maximum Frame—Maximum frame size capability of the MAC/ PHY implementation.
7 Configuring Discovery Configuring LLDP • Troubleshooting information. LLDP MED sends alerts to network managers upon: - Port speed and duplex mode conflicts - QoS policy misconfigurations Setting LLDP MED Network Policy An LLDP-MED network policy is a related set of configuration settings for a specific real-time application such as voice, or video. A network policy, if configured, will be included into the outgoing LLDP packets to the attached LLDP media endpoint device.
7 Configuring Discovery Configuring LLDP STEP 4 To define a new policy, click Add and the Add LLDP MED Network Policy page opens. STEP 5 Enter the values. • Network Policy Number—Select the number of the policy to be created. • Application—Select the type of application (type of traffic) for which the network policy is being defined: • VLAN ID—Enter the VLAN ID to which the traffic should be sent. • VLAN Tag—Select whether the traffic is Tagged or Untagged.
7 Configuring Discovery Configuring LLDP To configure LLDP MED on each port: STEP 1 Click Administration > Discovery - LLDP > LLDP MED Port Settings. The LLDP MED Port Settings page opens. This page displays LLDP MED settings, including enabled TLVs, for all ports. STEP 2 The message at the top of the page indicates whether the generation of the LLDP MED Network Policy for the voice application is automatic or not (see LLDP Overview). Click on the link to change the mode.
7 Configuring Discovery Configuring LLDP STEP 5 Click Apply. The LLDP MED port settings are modified, and the Running Configuration file is updated. Displaying LLDP Port Status The LLDP Port Status Table page displays the LLDP global information for every port. • To view the LLDP port status, click Administration > Discovery - LLDP > LLDP Port Status. The LLDP Port Status page opens. • Click LLDP Local Information Details to see the details of the LLDP and LLDP-MED TLVs sent to the neighbor.
7 Configuring Discovery Configuring LLDP • Local PoE—Local PoE information advertised. • Remote PoE—PoE information advertised by the neighbor. • # of neighbors—Number of neighbors discovered. • Neighbor Capability of 1st Device—Displays the primary functions of the neighbor, for example: Bridge or Router. Cisco Small Business 200 1.
7 Configuring Discovery Configuring LLDP Displaying LLDP Local Information To view the LLDP local port status advertised on a port: STEP 1 Click Administration > Discovery - LLDP > LLDP Local Information. The LLDP Local Information page opens. STEP 2 On the bottom of the page, click LLDP Port Status Table. Click LLDP Local Information Details to see the details of the LLDP and LLDPMED TLVs sent to the neighbor.
7 Configuring Discovery Configuring LLDP • Address—Returned address most appropriate for management use, . • Interface Subtype—Numbering method used for defining the interface number. • Interface Number—Specific interface associated with this management address. MAC/PHY Details • Auto-Negotiation Supported—Port speed auto-negotiation support status. • Auto-Negotiation Enabled—Port speed auto-negotiation active status.
7 Configuring Discovery Configuring LLDP • Remote Rx Echo—Indicates the local link partner’s reflection of the remote link partner’s Rx value. MED Details • Capabilities Supported—MED capabilities supported on the port. • Current Capabilities—MED capabilities enabled on the port. • Device Class—LLDP-MED endpoint device class. The possible device classes are: - Endpoint Class 1—Indicates a generic endpoint class, offering basic LLDP services.
7 Configuring Discovery Configuring LLDP • ECS ELIN—Emergency Call Service (ECS) Emergency Location Identification Number (ELIN). Network Policy Table • Application Type—Network policy application type, for example, Voice. • VLAN ID—VLAN ID for which the network policy is defined. • VLAN Type—VLAN type for which the network policy is defined. The possible field values are: - Tagged—Indicates the network policy is defined for tagged VLANs.
7 Configuring Discovery Configuring LLDP • Time to Live—Time interval (in seconds) after which the information for this neighbor is deleted. STEP 2 Select a local port, and click Details. The Neighbors Information page opens. This page displays the following fields: Port Details • Local Port—Port number. • MSAP Entry—Device Media Service Access Point (MSAP) entry number. Basic Details • Chassis ID Subtype—Type of chassis ID (for example, MAC address).
7 Configuring Discovery Configuring LLDP MAC/PHY Details • Auto-Negotiation Supported—Port speed auto-negotiation support status. The possible values are True and False. • Auto-Negotiation Enabled—Port speed auto-negotiation active status. The possible values are True and False. • Auto-Negotiation Advertised Capabilities—Port speed auto-negotiation capabilities, for example, 1000BASE-T half duplex mode, 100BASE-TX full duplex mode. • Operational MAU Type—Medium Attachment Unit (MAU) type.
7 Configuring Discovery Configuring LLDP • Local Rx—Indicates the time (in micro seconds) that the receiving link partner requests that the transmitting link partner waits before transmission of data following Low Power Idle (LPI mode). • Remote Tx Echo—Indicates the local link partner’s reflection of the remote link partner’s Tx value. • Remote Rx Echo—Indicates the local link partner’s reflection of the remote link partner’s Rx value.
7 Configuring Discovery Configuring LLDP 802.1 VLAN and Protocol • PVID—Advertised port VLAN ID. PPVID • VID—Protocol VLAN ID. • Supported—Supported Port and Protocol VLAN IDs. • Enabled—Enabled Port and Protocol VLAN IDs. VLAN IDs • VID—Port and Protocol VLAN ID. • VLAN Names—Advertised VLAN names. Protocol IDs • Protocol ID Table—Advertised protocol IDs. Location Information Enter the following data structures in hexadecimal as described in section 10.2.
7 Configuring Discovery Configuring LLDP Accessing LLDP Statistics The LLDP Statistics page displays LLDP statistical information per port. To view the LLDP statistics: STEP 1 Click Administration > Discovery - LLDP > LLDP Statistics. The LLDP Statistics page opens. For each port, the fields are displayed: • Interface—Identifier of interface. • Tx Frames Total—Number of transmitted frames. • Rx Frames • • - Total—Number of received frames.
7 Configuring Discovery Configuring LLDP To view LLDP overloading information: STEP 1 Click Administration > Discovery - LLDP > LLDP Overloading. The LLDP Overloading page opens. This page displays the following fields for each port: • Interface—Port identifier. • Total (Bytes)—Total number of bytes of LLDP information in each packet • Left to Send (Bytes)—Total number of available bytes left for additional LLDP information in each packet.
7 Configuring Discovery Configuring LLDP - Size (Bytes)—Total LLDP MED extended power via MDI packets byte size. • Status—If the LLDP MED extended power via MDI packets were sent, or if they were overloaded. 802.3 TLVs - Size (Bytes)—Total LLDP MED 802.3 TLVs packets byte size. - Status—If the LLDP MED 802.3 TLVs packets were sent, or if they were overloaded. • LLDP Optional TLVs - Size (Bytes)—Total LLDP MED optional TLVs packets byte size.
7 Configuring Discovery Configuring CDP Configuring CDP This section describes how to configure CDP. It contains the following topics: • Setting CDP Properties • Editing CDP Interface Settings • Displaying CDP Local Information • Displaying CDP Neighbors Information • Viewing CDP Statistics Setting CDP Properties CDP Overview Similar to LLDP, CDP (Cisco Discovery Protocol) is a link layer protocol for directly connected neighbors to advertise themselves and their capabilities to each other.
7 Configuring Discovery Configuring CDP • CDP Status—Select to enable CDP on the switch. • CDP Frames Handling—If CDP is not enabled, select the action to be taken if a packet that matches the selected criteria is received: - Bridging—Forward the packet based on the VLAN. - Filtering—Delete the packet. - Flooding—VLAN unaware flooding that forwards incoming CDP packets to all the ports excluding the ingress ports.
7 Configuring Discovery Configuring CDP • Interface—IF User Defined was selected for Source Interface, select the interface. • Syslog Voice VLAN Mismatch—Check to send a SYSLOG message when a voice VLAN mismatch is detected. This means that the voice VLAN information in the incoming frame does not match what the local device is advertising. • Syslog Native VLAN Mismatch—Check to send a SYSLOG message when a native VLAN mismatch is detected.
7 Configuring Discovery Configuring CDP The bottom of the page has four buttons: • Copy Settings—Select to copy a configuration from one port to another. • Edit—Fields explained in Step 2 below. • CDP Local Information Details—Takes you to the Administration > Discovery - CDP > CDP Local Information page. • CDP Neighbor Information Details—Takes you to the Administration > Discovery - CDP > CDP Neighbor Information page. STEP 2 Select a port and click Edit.
7 Configuring Discovery Configuring CDP Displaying CDP Local Information The CDP Local Information page displays information that is advertised by the CDP protocol about the local device. To view the CDP local information: STEP 1 Click Administration > Discovery - CDP > CDP Local Information. The CDP Local Information page opens. STEP 2 Select a local port, and the following fields are displayed: • Interface—Number of the local port. • CDP State—Displays whether CDP is enabled or not.
7 Configuring Discovery Configuring CDP • CoS for Untrusted Ports—If Extended Trust is disabled on the port, this fields displays the Layer 2 CoS value, meaning, an 802.1D/802.1p priority value. This is the COS value with which all packets received on an untrusted port are remarked by the device. • Request ID—Last power request ID received echoes the Request-ID field last received in a Power Requested TLV. It is 0 if no Power Requested TLV was received since the interface last transitioned to Up.
7 Configuring Discovery Configuring CDP • Time to Live (sec)—Time interval (in seconds) after which the information for this neighbor is deleted. • Capabilities—Capabilities advertised by neighbor. • Platform—Information from Platform TLV of neighbor. • Neighbor Interface—Outgoing interface of the neighbor. STEP 2 Select a device, and click Details. The CDP Neighbors Details page opens.
7 Configuring Discovery Configuring CDP Viewing CDP Statistics The CDP Statistics page displays information regarding Cisco Discovery Protocol (CDP) frames that were sent or received from a port. CDP packets are received from devices attached to the switches interfaces, and are used for the Smartport feature. See Configuring CDP for more information. CDP statistics for a port are only displayed if CDP is enabled globally and on the port.
8 Port Management This section describes port configuration, link aggregation, and the Green Ethernet feature. It contains the following topics: • Configuring Ports • Setting Basic Port Configuration • Configuring Link Aggregation • Configuring Green Ethernet Configuring Ports To configure ports, perform the following actions: 1. Configure port by using the Port Setting page. 2.
8 Port Management Setting Basic Port Configuration Setting Basic Port Configuration The Port Setting page displays the global and per port setting of all the ports. This page enables you to select and configure the desired ports from the Edit Port Setting page. To configure port settings: STEP 1 Click Port Management > Port Setting. The Port Setting page opens. STEP 2 Select Jumbo Frames to support packets of up to 10 Kb in size.
8 Port Management Setting Basic Port Configuration • Operational Status—Displays whether the port is currently Up or Down. • Reactivate Suspended Port—Select to reactivate a port that has been suspended. There are numerous ways that a port can be suspended, such as through the locked port security option, dot1x single host violation, loopback detection, or STP loopback guard. The reactivate operation brings the port up without regard to why the port was suspended.
8 Port Management Configuring Link Aggregation - 100 Half—100 Mbps speed and Half Duplex mode. - 100 Full—100 Mbps speed and Full Duplex mode. - 1000 Full—1000 Mbps speed and Full Duplex mode. • Operational Advertisement—Displays the capabilities currently published to the port’s neighbor. The possible options are those specified in the Administrative Advertisement field. • Neighbor Advertisement—Displays the capabilities advertised by the neighboring device (link partner).
8 Port Management Configuring Link Aggregation • Link Aggregation Overview • Static and Dynamic LAG Workflow • Defining LAG Management • Configuring LAG Settings • Configuring LACP Link Aggregation Overview Link Aggregation Control Protocol (LACP) is part of the IEEE specification (802.3az) that allows you to bundle several physical ports together to form a single logical channel (LAG). LAGs multiply the bandwidth, increase port flexibility, and provide link redundancy between two devices.
8 Port Management Configuring Link Aggregation The switch supports two modes of load balancing: • By MAC Addresses—Based on the destination and source MAC addresses of all packets. • By IP and MAC Addresses—Based on the destination and source IP addresses for IP packets, and destination and source MAC addresses for non-IP packets. LAG Management LAG Management In general, a LAG is treated by the system as a single logical port.
8 Port Management Configuring Link Aggregation To configure a static LAG, perform the following actions: 1. Disable LACP on the LAG to make it static. Assign up to eight member ports to the static LAG by selecting and moving the ports from the Port List to the LAG Members list. Select the load balancing algorithm for the LAG. Perform these actions in the LAG Management page. 2. Configure various aspects of the LAG, such as speed and flow control by using the LAG Settings page.
8 Port Management Configuring Link Aggregation To define the member or candidate ports in a LAG. STEP 1 Select the LAG to be configured, and click Edit. The Edit LAG Membership page opens. STEP 2 Enter the values for the following fields: • LAG—Select the LAG number. • LAG Name—Enter the LAG name or a comment. • LACP—Select to enable LACP on the selected LAG. This makes it a dynamic LAG. This field can only be enabled after moving a port to the LAG in the next field.
8 Port Management Configuring Link Aggregation • Reactivate Suspended LAG—Select to reactivate a port if the LAG has been disabled through the locked port security option . • Administrative Auto-Negotiation—Enables or disable auto-negotiation on the LAG. Auto-negotiation is a protocol between two link partners that enables a LAG to advertise its transmission speed and flow control to its partner (the Flow Control default is disabled).
8 Port Management Configuring Link Aggregation Configuring LACP A dynamic LAG is LACP-enabled, and LACP is run on every candidate port defined in the LAG. LACP Priority and Rules LACP Priority and Rules LACP system priority and LACP port priority are both used to determine which of the candidate ports become active member ports in a dynamic LAG configured with more than eight candidate ports. The selected candidate ports of the LAG are all connected to the same remote device.
8 Port Management Configuring Link Aggregation Setting Port LACP Parameter Settings The LACP page displays and enables configuration of the LACP System Priority, LACP timeout, and LACP port priority. LACP timeout is a per port parameter, and is the time interval between the sending and receiving of consecutive LACP PDUs.
8 Port Management Configuring Green Ethernet Configuring Green Ethernet This section describes the Green Ethernet feature that is designed to save power on the switch. It contains the following sections: • Green Ethernet Overview • Setting Global Green Ethernet Properties • Setting Green Ethernet Properties for Ports Green Ethernet Overview Green Ethernet is a common name for a set of features that is designed to be environmentally friendly, and to reduce the power consumption of a device.
8 Port Management Configuring Green Ethernet These modes are configured per port, without taking into account the LAG membership of the ports. Power savings, current power consumption and cumulative energy saved can be monitored. The total amount of saved energy can be viewed as a percentage of the power that would have been consumed by the physical interfaces had they not been running in Green Ethernet mode. The saved energy displayed is only related to Green Ethernet. EEE energy saved is not displayed.
8 Port Management Configuring Green Ethernet Both sides of a connection (switch port and connecting device) must support 802.3az EEE for it to work. When traffic is absent, both sides send signals indicating that power is about to be reduced. When signals from both sides are received, the Keep Alive signal indicates that the ports are in LPI status (and not in Down status), and power is reduced. For ports to stay in LPI mode, the Keep Alive signal must be received continuously from both sides.
8 Port Management Configuring Green Ethernet 1gigabyte, EEE will still be enabled even though Auto-Negotiation is disabled. • If 802.3az EEE is enabled and the port is going Up, it commences to work immediately in accordance with the maximum wake time value of the port. • On the GUI, the EEE field for the port is not available when the Short Reach Mode option on the port is checked. • If the port speed on the GE port is changed to 10Mbit, 802.3az EEE is disabled. This is supported in GE models only.
8 Port Management Configuring Green Ethernet Setting Global Green Ethernet Properties The Properties page displays and enables configuration of the Green Ethernet mode for the switch. It also displays the current power savings. To enable Green Ethernet and EEE and view power savings: STEP 1 Click Port Management > Green Ethernet > Properties. The Properties page opens. STEP 2 Enter the values for the following fields: • Energy Detect Mode—Globally enable or disable Energy Detect mode.
8 Port Management Configuring Green Ethernet Setting Green Ethernet Properties for Ports The Port Settings page displays the current Green Ethernet and EEE modes per port, and enables configuring Green Ethernet on a port using the Edit Port Setting page. For the Green Ethernet modes to operate on a port, the corresponding modes must be activated globally in the Properties page. Note that EEE settings are only displayed for devices that have GE ports. EEE works only when ports are set to Auto negotiation.
8 Port Management Configuring Green Ethernet - Operational—Displays whether EEE is currently operating on the local port. This is a function of whether it has been enabled (Administrative Status), whether it has been enabled on the local port and whether it is operational on the local port. - LLDP Administrative—Displays whether advertising EEE counters through LLDP was enabled. - LLDP Operational—Displays whether advertising EEE counters through LLDP is currently operating.
9 Smartports This document describes the Smartports feature.
9 Smartports What is a Smartport There are two ways to apply a Smartport macro by Smartport type to an interface: • Static Smartport—The user manually assigns a Smartport type to an interface. The result is the corresponding Smartport macro is applied to the interface. • Auto Smartport—Auto Smartport waits for a device to be attached to the interface before applying a configuration.
9 Smartports Smartport Types • Desktop • Guest • Server • Host • IP Camera • IP phone • IP Phone+Desktop • Switch • Router • Wireless Access Point Smartport types are named so that they describe the type of device connected to an interface. Each Smartport type is associated with two Smartport macros. One macro, called "the macro," serves to apply the desired configuration.
9 Smartports Smartport Types Table 1 Smartport Type Supported by Auto Smartport Supported by Auto Smartport by default Server No No Host Yes No IP camera No No IP phone Yes Yes IP phone desktop Yes Yes Switch Yes Yes Router Yes No Wireless Access Point Yes Yes Special Smartport Types There are two special smartport types; "default" and "unknown." These two types are not associated with macros, but they exist to signify the state of the interface regarding smartport.
9 Smartports Smartport Macros If Auto Smartport assigns a Smartport type to an interface and the interface is not configured to be Auto Smartport Persistent, then its Smartport type will be re-initialized to Default in the following cases: • - A link down/up operation is performed on the interface. - The switch is restarted. - All devices attached to the interface have aged out, which is defined as the absence of CDP and/or LLDP advertisement from the device for a specified time period.
9 Smartports Macro Failure and the Reset Operation Two Smartport macros are paired by their names as follows: • macro_name (for example: printer) • no_macro_name (for example: no_printer, the anti Smartport macro of Smartport macro printer) See the Built-in Smartport Macros section for a listing of the built-in Smartport macros for each device type.
9 Smartports How the Smartport Feature Works • Port number • Smartport type • The line number of the failed CLI command in the macro When a Smartport macro fails on an interface, the status of the interface is set to Unknown. The reason for the failure can be displayed in the Interface Settings page, Show Diagnostics popup.
9 Smartports Auto Smartport In both cases, the associated anti-macro is run when the Smartport type is removed from the interface, and the anti-macro runs in exactly the same manner, removing all of the configuration. Auto Smartport In order for Auto Smartport to automatically assign Smartport types to interfaces, the Auto Smartport feature must be enabled globally and on the interfaces which Auto Smartport should be allowed to configure.
9 Smartports Auto Smartport Identifying Smartport Type If Auto Smartport is globally enabled (in the Properties page) , and at an interface (in the Interface Settings page), the switch applies a SmartPort macro to the interface based on the Smartport type of the attaching device. Auto SmartPort derives the SmartPort types of attaching devices based on the CDP and/or LLDP the devices advertise.
9 Smartports Auto Smartport Table 2 CDP Capabilities Mapping to Smartport Type (Continued) Capability Name CDP Bit Smartport Type Two-Port MAC Relay 0x400 Ignore Table 3 LLDP Capabilities Mapping to Smartport Type Capability Name LLDP Bit Smartport Type Other 1 Ignore Repeater IETF RFC 2108 2 Ignore MAC Bridge IEEE Std 802.1D 3 Switch WLAN Access Point IEEE Std 802.
9 Smartports Auto Smartport If multiple devices are connected to the switch through one interface, Auto Smartport will consider each capability advertisement it receives through that interface in order to assign the correct Smartport type. The assignment is based on the following algorithm: • If all devices on an interface advertise the same capability (there is no conflict) the matching Smartport type is applied to the interface. • If one of the devices is a switch, the Switch Smartport type is used.
9 Smartports Error Handling Error Handling When a smart port macro fails to apply to an interface, you can examine the point of the failure in the Interface Settings Page and reset the port and reapply the macro after the error is corrected from the Interface Settings Edit Page. Default Configuration Smartport is always available.
9 Smartports Common Smartport Tasks Common Smartport Tasks This section describes some common tasks to setup Smartport and Auto Smartport. Workflow1: To globally enable Auto Smartport on the switch, and to configure a port with Auto Smartport, perform the following steps: STEP 1 To enable the Auto Smartport feature on the switch, open the Smartport > Properties page. Set Administrative Auto Smartport to Enable or Enable by Voice VLAN.
9 Smartports Common Smartport Tasks Workflow3: To adjust Smartport macro parameter defaults, perform the following steps: Through this procedure you can accomplish the following: • View the macro source. • Change parameter defaults. • Restore the parameter defaults to the factory settings. • 1. Open the Smartport > Smartport Type Settings page. 2. Select the Smartport Type. 3. Click View Macro Source to view the current Smartport macro that is associated with the selected Smartport Type. 4.
9 Smartports Web GUI STEP 3 Click Reset All Unknown Smartports. TIP This problem could be a configuration on the interface prior to applying the macro most often encountered with security and storm-control settings, a typo or incorrect command within the user-defined macro, or an invalid parameter setting.
9 Smartports Web GUI • Auto Smartport Device Detection Method—Select whether incoming CDP, LLDP, or both types of packets are used to detect the Smartport type of the attaching device(s). At least one must be checked in order for Auto Smartport to identify devices. • Operational CDP Status—Displays the operational status of CDP. Enable CDP if Auto Smartport is to detect the Smartport type based on CDP advertisement. • Operational LLDP Status—Displays the operational status of LLDP.
9 Smartports Web GUI STEP 3 To modify the parameters of a macro, select a Smartport type and click Edit. The Edit Smartport Type Settings page opens. STEP 4 Enter the fields. • Port Type—Select a Smartport type. • Macro Name—Displays the name of the Smartport macro currently associated with the Smartport type. • Macro Parameters—You can restore the default parameter values by clicking Restore Defaults. STEP 5 Click Apply to save the changes to the running configuration.
9 Smartports Web GUI • Reapply a Smartport to an interface. In some circumstances, you may want to reapply a Smartport macro so that the configuration at an interface is up to date. For instance, reapplying a switch Smartport macro at a switch interface will make the interface a member of the VLANs created since the last macro application. You have to be familiar with the current configurations on the switch and the definition of the macro to determine if a reapplication has any impact on the interface.
9 Smartports Web GUI If a Smartport macro fails, the Smartport Type of the interface is Unknown. Select an interface which is of unknown type and click Show Diagnostic. This will show the command at which application of the macro failed. See the workflow area in Common Smartport Tasks section for troubleshooting tips. Proceed after correcting the problem. STEP 5 Select an interface which is of unknown type and click Edit. The Edit Interface Type Settings page opens.
9 Smartports Built-in Smartport Macros Smartport Application of the interface is Auto Smartport. Enabling Persistent at an interface eliminates the device detection delay that otherwise will occur. • Macro Parameters—This block displays the parameter values of the Smartport macro applied or to be applied to the interface. • Reset—If an interface is in Unknown status (as a result of an unsuccessful macro application), set it to Default and reapply the last macro that was run on it.
9 Smartports Built-in Smartport Macros desktop [desktop] #interface configuration, for increased network security and reliability when connecting a desktop device, such as a PC, to a switch port.
9 Smartports Built-in Smartport Macros no_desktop [no_desktop] #macro description No Desktop # no smartport switchport trunk native vlan smartport switchport trunk allowed vlan remove all # no port security no port security mode no port security max # no smartport storm-control broadcast enable no smartport storm-control broadcast level no smartport storm-control include-multicast # spanning-tree portfast auto # @ Cisco Small Business 200 1.
9 Smartports Built-in Smartport Macros printer [printer] #macro description printer #macro keywords $native_vlan # #macro key description: $native_vlan: The untag VLAN which will be configured on the port #Default Values are #$native_vlan = Default VLAN # #the port type cannot be detected automatically # switchport mode access switchport access vlan $native_vlan # #single host port security max 1 port security mode max-addresses port security discard trap 60 # smartport storm-control broadcast level 10 sm
9 Smartports Built-in Smartport Macros no_printer [no_printer] #macro description No printer # no switchport access vlan no switchport mode # no port security no port security mode # no smartport storm-control broadcast enable no smartport storm-control broadcast level no smartport storm-control include-multicast # spanning-tree portfast auto # @ Cisco Small Business 200 1.
9 Smartports Built-in Smartport Macros guest [guest] #macro description guest #macro keywords $native_vlan # #macro key description: $native_vlan: The untag VLAN which will be configured on the port #Default Values are #$native_vlan = Default VLAN # #the port type cannot be detected automatically # switchport mode access switchport access vlan $native_vlan # #single host port security max 1 port security mode max-addresses port security discard trap 60 # smartport storm-control broadcast level 10 smartpor
9 Smartports Built-in Smartport Macros no_guest]] [no_guest] #macro description No guest # no switchport access vlan no switchport mode # no port security no port security mode # no smartport storm-control broadcast enable no smartport storm-control broadcast level no smartport storm-control include-multicast # spanning-tree portfast auto # @ Cisco Small Business 200 1.
9 Smartports Built-in Smartport Macros server [server] #macro description server #macro keywords $native_vlan $max_hosts # #macro key description: $native_vlan: The untag VLAN which will be configured on the port # $max_hosts: The maximum number of allowed devices on the port #Default Values are #$native_vlan = Default VLAN #$max_hosts = 10 # #the port type cannot be detected automatically # #the default mode is trunk smartport switchport trunk native vlan $native_vlan # port security max $max_hosts por
9 Smartports Built-in Smartport Macros no_server [no_server] #macro description No server # no smartport switchport trunk native vlan smartport switchport trunk allowed vlan remove all # no port security no port security mode no port security max # no smartport storm-control broadcast enable no smartport storm-control broadcast level # spanning-tree portfast auto # @ Cisco Small Business 200 1.
9 Smartports Built-in Smartport Macros host [host] #macro description host #macro keywords $native_vlan $max_hosts # #macro key description: $native_vlan: The untag VLAN which will be configured on the port # $max_hosts: The maximum number of allowed devices on the port #Default Values are #$native_vlan = Default VLAN #$max_hosts = 10 # #the port type cannot be detected automatically # #the default mode is trunk smartport switchport trunk native vlan $native_vlan # port security max $max_hosts port secu
9 Smartports Built-in Smartport Macros no_host [no_host] #macro description No host # no smartport switchport trunk native vlan smartport switchport trunk allowed vlan remove all # no port security no port security mode no port security max # no smartport storm-control broadcast enable no smartport storm-control broadcast level no smartport storm-control include-multicast # spanning-tree portfast auto # @ Cisco Small Business 200 1.
9 Smartports Built-in Smartport Macros ip_camera [ip_camera] #macro description ip_camera #macro keywords $native_vlan # #macro key description: $native_vlan: The untag VLAN which will be configured on the port #Default Values are #$native_vlan = Default VLAN # switchport mode access switchport access vlan $native_vlan # #single host port security max 1 port security mode max-addresses port security discard trap 60 # smartport storm-control broadcast level 10 smartport storm-control include-multicast smar
9 Smartports Built-in Smartport Macros no_ip_camera [no_ip_camera] #macro description No ip_camera # no switchport access vlan no switchport mode # no port security no port security mode # no smartport storm-control broadcast enable no smartport storm-control broadcast level no smartport storm-control include-multicast # spanning-tree portfast auto # @ Cisco Small Business 200 1.
9 Smartports Built-in Smartport Macros ip_phone [ip_phone] #macro description ip_phone #macro keywords $native_vlan $voice_vlan $max_hosts # #macro key description: $native_vlan: The untag VLAN which will be configured on the port # $voice_vlan: The voice VLAN ID # $max_hosts: The maximum number of allowed devices on the port #Default Values are #$native_vlan = Default VLAN #$voice_vlan = 1 #$max_hosts = 10 # #the default mode is trunk smartport switchport trunk allowed vlan add $voice_vlan smartport
9 Smartports Built-in Smartport Macros no_ip_phone [no_ip_phone] #macro description no ip_phone #macro keywords $voice_vlan # #macro key description: $voice_vlan: The voice VLAN ID # #Default Values are #$voice_vlan = 1 # smartport switchport trunk allowed vlan remove $voice_vlan no smartport switchport trunk native vlan smartport switchport trunk allowed vlan remove all # no port security no port security mode no port security max # no smartport storm-control broadcast enable no smartport storm-control b
9 Smartports Built-in Smartport Macros ip_phone_desktop [ip_phone_desktop] #macro description ip_phone_desktop #macro keywords $native_vlan $voice_vlan $max_hosts # #macro key description: $native_vlan: The untag VLAN which will be configured on the port # $voice_vlan: The voice VLAN ID # $max_hosts: The maximum number of allowed devices on the port #Default Values are #$native_vlan = Default VLAN #$voice_vlan = 1 #$max_hosts = 10 # #the default mode is trunk smartport switchport trunk allowed vlan ad
9 Smartports Built-in Smartport Macros no_ip_phone_desktop [no_ip_phone_desktop] #macro description no ip_phone_desktop #macro keywords $voice_vlan # #macro key description: $voice_vlan: The voice VLAN ID # #Default Values are #$voice_vlan = 1 # smartport switchport trunk allowed vlan remove $voice_vlan no smartport switchport trunk native vlan smartport switchport trunk allowed vlan remove all # no port security no port security mode no port security max # no smartport storm-control broadcast enable no s
9 Smartports Built-in Smartport Macros switch [switch] #macro description switch #macro keywords $native_vlan $voice_vlan # #macro key description: $native_vlan: The untag VLAN which will be configured on the port # $voice_vlan: The voice VLAN ID #Default Values are #$native_vlan = Default VLAN #$voice_vlan = 1 # #the default mode is trunk smartport switchport trunk allowed vlan add all smartport switchport trunk native vlan $native_vlan # spanning-tree link-type point-to-point # @ Cisco Small Business
9 Smartports Built-in Smartport Macros no_switch [no_switch] #macro description No switch #macro keywords $voice_vlan # #macro key description: $voice_vlan: The voice VLAN ID # no smartport switchport trunk native vlan smartport switchport trunk allowed vlan remove all # no spanning-tree link-type # @ Cisco Small Business 200 1.
9 Smartports Built-in Smartport Macros router [router] #macro description router #macro keywords $native_vlan $voice_vlan # #macro key description: $native_vlan: The untag VLAN which will be configured on the port # $voice_vlan: The voice VLAN ID # #Default Values are #$native_vlan = Default VLAN #$voice_vlan = 1 # #the default mode is trunk smartport switchport trunk allowed vlan add all smartport switchport trunk native vlan $native_vlan # smartport storm-control broadcast level 10 smartport storm-con
9 Smartports Built-in Smartport Macros no_router [no_router] #macro description No router #macro keywords $voice_vlan # #macro key description: $voice_vlan: The voice VLAN ID # no smartport switchport trunk native vlan smartport switchport trunk allowed vlan remove all # no smartport storm-control broadcast enable no smartport storm-control broadcast level # no spanning-tree link-type # @ Cisco Small Business 200 1.
9 Smartports Built-in Smartport Macros ap [ap] #macro description ap #macro keywords $native_vlan $voice_vlan # #macro key description: $native_vlan: The untag VLAN which will be configured on the port # $voice_vlan: The voice VLAN ID # #Default Values are #$native_vlan = Default VLAN #$voice_vlan = 1 # #the default mode is trunk smartport switchport trunk allowed vlan add all smartport switchport trunk native vlan $native_vlan # spanning-tree link-type point-to-point # @ Cisco Small Business 200 1.
9 Smartports Built-in Smartport Macros no_ap [no_ap] #macro description No ap #macro keywords $voice_vlan # #macro key description: $voice_vlan: The voice VLAN ID # no smartport switchport trunk native vlan smartport switchport trunk allowed vlan remove all # no spanning-tree link-type # @ Cisco Small Business 200 1.
10 Managing Device Diagnostics This section contains information for configuring port mirroring, running cable tests, and viewing device operational information. It includes the following topics: • Testing Copper Ports • Displaying Optical Module Status • Configuring Port and VLAN Mirroring • Viewing CPU Utilization and Secure Core Technology Testing Copper Ports The Copper Ports page displays the results of integrated cable tests performed on copper cables by the Virtual Cable Tester (VCT).
10 Managing Device Diagnostics Testing Copper Ports • (Optional) Disable EEE (see the Port Management > Green Ethernet > Properties page) Use a CAT5 data cable to run all cable testing (VCT). Accuracy of the test results can have an error range of +/- 10 for Advanced Testing and +/- 2 for Basic Testing. ! CAUTION When a port is tested, it is set to the Down state and communications are interrupted. After the test, the port returns to the Up state.
10 Managing Device Diagnostics Displaying Optical Module Status If the port being tested is a Giga port, the Advanced Information block displays the following information (it is refreshed each time you enter the page): • Pair—Cable wire pair being tested. • Status—Wire pair status. Red indicates fault and Green indicates status OK. • Channel—Cable channel indicating whether the wires are straight or crossover.
Managing Device Diagnostics Configuring Port and VLAN Mirroring 10 • MGBLH1: 1000BASE-LH SFP transceiver, for single-mode fiber, 1310 nm wavelength, supports up to 40 km. • MGBLX1: 1000BASE-LX SFP transceiver, for single-mode fiber, 1310 nm wavelength, supports up to 10 km. • MGBSX1:1000BASE-SX SFP transceiver, for multimode fiber, 850 nm wavelength, supports up to 550 m. • MGBT1: 1000BASE-T SFP transceiver for category 5 copper wire, supports up to 100 m. To view the results of optical tests.
10 Managing Device Diagnostics Configuring Port and VLAN Mirroring A packet that is received on a network port assigned to a VLAN that is subject to mirroring, is mirrored to the analyzer port even if the packet was eventually trapped or discarded. Packets sent by the switch are mirrored when Transmit (Tx) mirroring is activated. Mirroring does not guarantee that all traffic from the source port(s) is received on the analyzer (destination) port.
Managing Device Diagnostics Viewing CPU Utilization and Secure Core Technology • 10 Type—Select whether incoming, outgoing, or both types of traffic are mirrored to the analyzer port. If Port is selected, the options are: - Rx Only—Port mirroring on incoming packets. - Tx Only—Port mirroring on outgoing packets. - Tx and Rx—Port mirroring on both incoming and outgoing packets. STEP 4 Click Apply. Port mirroring is added, and the Running Configuration file is updated.
Managing Device Diagnostics Viewing CPU Utilization and Secure Core Technology 10 The CPU Utilization page opens. The CPU Input Rate field displays the rate of input frames to the CPU per second. STEP 3 Select CPU Utilization to enable viewing CPU resource utilization information. The window displays a graph of the CPU utilization. The Y axis is percentage of usage, and the X axis is the sample number.
11 Managing Power-over-Ethernet Devices The Power over Ethernet (PoE) feature is only available on PoE-based devices. For a list of PoE-based devices, refer to the Switch Models section. This section describes how to use the PoE feature.
Managing Power-over-Ethernet Devices PoE on the Switch 11 Power over Ethernet can be used in any enterprise network that deploys relatively low-powered devices connected to the Ethernet LAN, such as: • IP phones • Wireless access points • IP gateways • Audio and video remote monitoring devices PoE Operation PoE Operation PoE implements in the following stages: • Detection—Sends special pulses on the copper cable. When a PoE device is located at the other end, that device responds to these pulses.
Managing Power-over-Ethernet Devices Configuring PoE Properties 11 PoE Configuration Considerations PoE Configuration Considerations There are two factors to consider in the PoE feature: • The amount of power that the PSE can supply • The amount of power that the PD is actually attempting to consume You can decide the following: • Maximum power a PSE is allowed to supply to a PD • During device operation, to change the mode from Class Power Limit to Port Limit and vice versa.
Managing Power-over-Ethernet Devices Configuring PoE Properties 11 Output power is disabled during power-on reboot, initialization, and system configuration to ensure that PDs are not damaged. To configure PoE on the switch and monitor current power usage: STEP 1 Click Port Management > PoE > Properties. The PoE Properties page opens.
Managing Power-over-Ethernet Devices Configuring the PoE Power, Priority, and Class 11 Configuring the PoE Power, Priority, and Class The PoE Settings page displays system PoE information for enabling PoE on the interfaces and monitoring the current power usage and maximum power limit per port. This page limits the power per port in two ways depending on the Power Mode: • Port Limit: Power is limited to a specified wattage. For these settings to be active, the system must be in PoE Port Limit mode.
11 Managing Power-over-Ethernet Devices Configuring the PoE Power, Priority, and Class • Power Priority Level—Select the port priority: low, high, or critical, for use when the power supply is low. For example, if the power supply is running at 99% usage and port 1 is prioritized as high, but port 3 is prioritized as low, port 1 receives power and port 3 might be denied power. • Administrative Power Allocation—This field is displayed only if the Power Mode set in the PoE Properties page is Port Limit.
Managing Power-over-Ethernet Devices Configuring the PoE Power, Priority, and Class 11 STEP 4 Click Apply. The PoE settings for the port are defined and the Running Configuration file is updated. Cisco Small Business 200 1.
12 VLAN Management This section contains the following topics: • VLANs • Configuring Default VLAN Settings • Creating VLANs • Configuring VLAN Interface Settings • Defining VLAN Membership • Voice VLAN VLANs A VLAN is a logical group of ports that enables devices associated with it to communicate with each other over the Ethernet MAC layer, regardless of the physical LAN segment of the bridged network to which they are connected.
12 VLAN Management VLANs VLANs address security and scalability issues. Traffic from a VLAN stays within the VLAN, and terminates at devices in the VLAN. It also eases network configuration by logically connecting devices without physically relocating those devices. If a frame is VLAN-tagged, a four-byte VLAN tag is added to each Ethernet frame, increasing the maximum frame size from 1518 to 1522. The tag contains a VLAN ID between 1 and 4094, and a VLAN Priority Tag (VPT) between 0 and 7.
12 VLAN Management VLANs • Management VLAN: For more information refer to the Configuring IP Information section. QinQ QinQ provides isolation between service provider networks and customers' networks. The switch is a provider bridge that supports port-based c-tagged service interface. With QinQ, the switch adds an ID tag known as Service Tag (S-tag) to forward traffic over the network. The S-tag is used to segregate traffic between various customers, while preserving the customer VLAN tags.
12 VLAN Management Configuring Default VLAN Settings Configuring Default VLAN Settings When using factory default settings, the switch automatically creates VLAN 1 as the default VLAN, the default interface status of all ports is Trunk, and all ports are configured as untagged members of the default VLAN. The default VLAN has the following characteristics: • It is distinct, non-static/non-dynamic, and all ports are untagged members by default. • It cannot be deleted. • It cannot be given a label.
12 VLAN Management Creating VLANs To change the default VLAN: STEP 1 Click VLAN Management > Default VLAN Settings. The Default VLAN Settings page opens. STEP 2 Enter the value for the following field: • Current Default VLAN ID—Displays the current default VLAN ID. • Default VLAN ID After Reboot—Enter a new VLAN ID to replace the default VLAN ID after reboot. STEP 3 Click Apply.
12 VLAN Management Configuring VLAN Interface Settings To create a VLAN: STEP 1 Click VLAN Management > Create VLAN. The Create VLAN page opens. The Create VLAN page displays the following fields for all VLANs: • VLAN ID—User-defined VLAN ID. • VLAN Name—User-defined VLAN name. • Type—VLAN type: - Static—VLAN is user-defined. - Default—VLAN is the default VLAN. STEP 2 Click Add to add a new VLAN or select an existing VLAN and click Edit to modify the VLAN parameters.
12 VLAN Management Configuring VLAN Interface Settings STEP 3 To configure a Port or LAG, select it and click Edit. The Edit Interface Setting page opens. STEP 4 Enter the values for the following fields: • Interface—Select a Port/LAG. • Interface VLAN Mode—Select the interface mode for the VLAN. The options are: - General—The interface can support all functions as defined in the IEEE 802.1q specification. The interface can be a tagged or untagged member of one or more VLANs.
12 VLAN Management Defining VLAN Membership STEP 5 Click Apply. The parameters are written to the Running Configuration file. Defining VLAN Membership The Port to VLAN and Port VLAN Membership pages display the VLAN memberships of the ports in various presentations. You can use them to add or remove memberships to or from the VLANs. When a port is forbidden default VLAN membership, that port is not allowed membership in any other VLAN. An internal VID of 4095 is assigned to the port.
12 VLAN Management Defining VLAN Membership The port mode for each port or LAG is displayed with its current port mode (Access, Trunk or General) configured from the Interface Settings page. Each port or LAG is displayed with its current registration to the VLAN. STEP 3 Change the registration of an interface to the VLAN by selecting the desired option from the following list: • Forbidden—The interface is not allowed to join the VLAN.
12 VLAN Management Defining VLAN Membership To assign a port to one or more VLANs: STEP 1 Click VLAN Management > Port VLAN Membership. The Port VLAN Membership page opens. STEP 2 Select interface type (Port or LAG), and click Go. The following fields are displayed for all interfaces of the selected type: • Interface—Port/LAG ID. • Mode—Interface VLAN mode that was selected in the Interface Settings page.
12 VLAN Management Defining VLAN Membership - PVID—Port PVID is set to this VLAN. If the interface is in access mode or trunk mode, the switch automatically makes the interface an untagged member of the VLAN. If the interface is in general mode, you must manually configure VLAN membership. STEP 5 Click Apply. The settings are modified and written to the Running Configuration file. STEP 6 To see the administrative and operational VLANs on an interface, click Details. Cisco Small Business 200 1.
12 VLAN Management Voice VLAN Voice VLAN In a LAN, voice devices, such as IP phones, VoIP endpoints, and voice systems are placed into the same VLAN. This VLAN is referred as the voice VLAN. If the voice devices are in different voice VLANs, IP (L3) routers are needed to provide communication.
12 VLAN Management Voice VLAN From a VLAN perspective, the above models operate in both VLAN-aware and VLAN-unaware environments. In the VLAN-aware environment, the voice VLAN is one of the many VLANs configured in an installation. The VLAN-unaware scenario is equivalent to a VLAN-aware environment with only one VLAN. The switch always operates as a VLAN-aware switch. The switch supports a single voice VLAN. The voice VLAN is defaulted to VLAN 1. A different voice VLAN can be manually configured.
12 VLAN Management Voice VLAN Unlike Telephony OUI mode that detects voice devices based on telephony OUI, Auto Voice VLAN mode depends on Auto Smartport to dynamically add the ports to the voice VLAN. Auto Smartport, if enabled, adds a port to the voice VLAN if it detects an attaching device to the port that advertises itself as a phone or media end points through CDP and/or LLDP-MED.
12 VLAN Management Voice VLAN Voice VLAN Triggers When Dynamic Voice VLAN mode is Auto Voice VLAN enabled based on trigger, it means Auto Voice VLAN will become operational only if one or more triggers occur. Possible triggers are static voice VLAN configuration, voice VLAN information received in neighbor CDP advertisement, and voice VLAN information received in Voice VLAN Discovery Protocol (VSDP).
12 VLAN Management Voice VLAN • It synchronizes the voice VLAN-related parameters with other Auto Voice VLAN-enabled switches, using Voice Service Discovery Protocol (VSDP). The switch always configures itself with the voice VLAN from the highest priority source it is aware of. The priority is based on the source type and MAC address of the source providing the voice VLAN information.
12 VLAN Management Voice VLAN Voice VLAN QoS Voice VLAN can propagate the CoS/802.1p and DSCP settings by using LLDPMED Network policies. The LLDP-MED is set by default to response with the Voice QoS setting if an appliance sends LLDP-MED packets. MED-supported devices should send their voice traffic with the same CoS/802.1p and DSCP values, as received with the LLDP-MED response. The user can disable the automatic update between Voice VLAN and LLDP-MED and use his own network policies.
12 VLAN Management Voice VLAN Voice VLAN Workflows The switch default configuration on Auto Voice VLAN, Auto Smartports, CDP, and LLDP cover most common voice deployment scenarios. This section describes how to deploy voice VLAN when the default configuration does not apply. Workflow1: To configure Auto Voice VLAN: STEP 1 Open the VLAN Management > Voice VLAN > Properties page. STEP 2 Select the Voice VLAN ID. It cannot be set to VLAN ID 1 (this step is not required for dynamic Voice VLAN).
12 VLAN Management Voice VLAN • Configuring Voice VLAN Properties • Displaying Auto Voice VLAN Settings • Configuring Telephony OUI Configuring Voice VLAN Properties Use the Voice VLAN Properties page for the following: • View how voice VLAN is currently configured. • Configure the VLAN ID of the Voice VLAN. • Configure voice VLAN QoS settings. • Configure the voice VLAN mode (Telephony OUI or Auto Voice VLAN). • Configure how Auto Voice VLAN is triggered.
12 VLAN Management Voice VLAN • Dynamic Voice VLAN—Select this field to disable or enable voice VLAN feature in one of the following ways: - Enable Auto Voice VLAN—Enable Dynamic Voice VLAN in Auto Voice VLAN mode. - Enable Telephony OUI—Enable Dynamic Voice VLAN in Telephony OUI mode. • Disable—Disable Auto Voice Vlan or Telephony OUI.
12 VLAN Management Voice VLAN To view Auto Voice VLAN parameters: STEP 1 Click VLAN Management > Voice VLAN > Auto Voice VLAN. The Auto Voice VLAN page opens. The operation status block on this page shows the information about the current voice VLAN and its source: • Auto Voice VLAN Status—Displays whether Auto Voice VLAN is enabled. • Voice VLAN ID—The identifier of the current voice VLAN • Source Type—Displays the type of source where the voice VLAN is discovered by the root switch. • CoS/802.
12 VLAN Management Voice VLAN STEP 3 Click Refresh to refresh the information on the page Configuring Telephony OUI OUIs are assigned by the Institute of Electrical and Electronics Engineers, Incorporated (IEEE) Registration Authority. Since the number of IP phone manufacturers is limited and well-known, the known OUI values cause the relevant frames, and the port on which they are seen, to be automatically assigned to a Voice VLAN. The OUI Global table can hold up to 128 OUIs.
12 VLAN Management Voice VLAN The Telephony OUI table is displayed: • Telephony OUI—First six digits of the MAC address that are reserved for OUIs. • Description—User-assigned OUI description. STEP 3 Click Restore OUI Defaults to delete all of the user-created OUIs, and leave only the default OUIs in the table. To delete all the OUIs, select the top checkbox. All the OUIs are selected and can be deleted by clicking Delete. If you then click Restore, the system recovers the known OUIs.
12 VLAN Management Voice VLAN To configure Telephony OUI on an interface: STEP 1 Click VLAN Management > Voice VLAN > Telephony OUI Interface. The Telephony OUI Interface page opens. The Telephony OUI Interface page displays voice VLAN OUI parameters for all interfaces. STEP 2 To configure an interface to be a candidate port of the telephony OUI-based voice VLAN, click Edit. The Edit Interface Settings page opens. STEP 3 Enter the values for the following fields: • Interface—Select an interface.
13 Configuring the Spanning Tree Protocol The Spanning Tree Protocol (STP) (IEEE802.1D and IEEE802.1Q) is enabled by default, set to RSTP (Rapid Spanning Tree Protocol) mode, and protects a Layer 2 Broadcast domain from broadcast storms by selectively setting links to standby mode to prevent loops. In standby mode, these links temporarily do not transfer user data. They are automatically re-activated when the topology changes to make it desirable to transfer user data.
Configuring the Spanning Tree Protocol Configuring STP Status and Global Settings 13 topology is naturally tree-structured, and therefore faster convergence might be possible. RSTP is enabled by default. Although Classic STP is guaranteed to prevent Layer 2 forwarding loops in a general network topology, there might be an unacceptable delay before convergence. This means that each bridge or switch in the network needs to decide, if it should actively forward traffic or not on each of its ports.
Configuring the Spanning Tree Protocol Configuring STP Status and Global Settings - 13 Long—Specifies the range 1 through 200,000,000 for port path costs. Bridge Settings: • Priority—Sets the bridge priority value. After exchanging BPDUs, the device with the lowest priority becomes the Root Bridge. In the case that all bridges use the same priority, then their MAC addresses are used to determine which is the Root Bridge. The bridge priority value is provided in increments of 4096.
Configuring the Spanning Tree Protocol Defining Spanning Tree Interface Settings 13 Defining Spanning Tree Interface Settings The STP Interface Settings page enables you to configure STP on a per-port basis, and to view the information learned by the protocol, such as the designated bridge. The configuration entered on this page is active for all flavors of the STP protocol. To configure STP on an interface: STEP 1 Click Spanning Tree > STP Interface Settings. The STP Interface Settings page displays.
Configuring the Spanning Tree Protocol Defining Spanning Tree Interface Settings 13 • Path Cost—Set the port contribution to the root path cost or use the default cost generated by the system. • Priority—Set the priority value of the port. The priority value influences the port choice when a bridge has two ports connected in a loop. The priority is a value from 0 to 240, set in increments of 16. • Port State—Displays the current STP state of a port. - Disabled—STP is currently disabled on the port.
Configuring the Spanning Tree Protocol Configuring Rapid Spanning Tree Settings 13 Configuring Rapid Spanning Tree Settings Rapid Spanning Tree Protocol (RSTP) detects and uses network topologies that enable a faster STP convergence without creating forwarding loops. The RSTP Interface Settings page enables you to configure RSTP per port. Any configuration that is done on this page is active when the global STP mode is set to RSTP .
Configuring the Spanning Tree Protocol Configuring Rapid Spanning Tree Settings • 13 Role—Displays the role of the port that has been assigned by STP to provide STP paths. The possible roles are: - Root—Lowest cost path to forward packets to the Root Bridge. - Designated—The interface through which the bridge is connected to the LAN, that provides the lowest cost path from the LAN to the Root Bridge. - Alternate—Provides an alternate path to the Root Bridge from the root interface.
Configuring the Spanning Tree Protocol Configuring Rapid Spanning Tree Settings 13 MSTP Workflow Cisco Small Business 200 1.
14 Managing MAC Address Tables MAC addresses are stored in the Static Address table or the Dynamic Address table, along with VLAN and port information. Static addresses are configured by the user in the Static Address table and do not age out. MAC addresses seen in packets arriving at the switch are listed in the Dynamic Address table for a period of time. If another frame with the same source MAC address does not appear on the switch before that time expires, the entry is deleted from the table.
14 Managing MAC Address Tables Dynamic MAC Addresses To define a static address: STEP 1 Click MAC Address Tables > Static Addresses. The Static Addresses page opens. The Static Addresses page displays the defined static addresses. STEP 2 Click Add. The Add Static Address page opens. STEP 3 Enter the parameters. • VLAN ID—Select the VLAN ID for the port. • MAC Address—Enter the interface MAC address. • Interface—Select an interface (port or LAG) for the entry.
Managing MAC Address Tables Dynamic MAC Addresses 14 Setting Dynamic MAC Address Settings Setting Dynamic MAC Address Settings To enter the aging interval for dynamic addresses: STEP 1 Click MAC Address Tables > Dynamic Address Settings. The Dynamic Addresses Setting page opens. STEP 2 Enter Aging Time. The aging time is a value between the user-configured value and twice that value minus 1. For example, if you entered 300 seconds, the aging time is between 300 and 599 seconds. STEP 3 Click Apply.
Managing MAC Address Tables Dynamic MAC Addresses 14 Click Clear Table to delete all of the dynamic MAC addresses. Cisco Small Business 200 1.
15 Configuring Multicast Forwarding This section describes the Multicast Forwarding feature, and contains the following topics: • Multicast Forwarding • Defining Multicast Properties • Adding MAC Group Address • Adding IP Multicast Group Addresses • Configuring IGMP Snooping • MLD Snooping • Querying IGMP/MLD IP Multicast Group • Defining Multicast Router Ports • Defining Forward All Multicast • Defining Unregistered Multicast Settings Multicast Forwarding Multicast forwarding enables o
Configuring Multicast Forwarding Multicast Forwarding 15 For Multicast forwarding to work across IP subnets, nodes, and routers must be Multicast-capable. A Multicast-capable node must be able to: • Send and receive Multicast packets. • Register the Multicast addresses being listened to by the node with local routers, so that local and remote routers can route the Multicast packet to the nodes.
Configuring Multicast Forwarding Multicast Forwarding 15 Multicast Operation Multicast Operation In a Layer 2 Multicast service, a Layer 2 switch receives a single frame addressed to a specific Multicast address. It creates copies of the frame to be transmitted on each relevant port. When the switch is IGMP/MLD-snooping-enabled and receives a frame for a Multicast stream, it forwards the Multicast frame to all the ports that have registered to receive the Multicast stream using IGMP Join messages.
Configuring Multicast Forwarding Multicast Forwarding 15 IGMP/MLD snooping can effectively reduce Multicast traffic from streaming bandwidth-intensive IP applications. A switch using IGMP/MLD snooping only forwards Multicast traffic to the hosts interested in that traffic. This reduction of Multicast traffic reduces the packet processing at the switch, and also reduces the workload of the end hosts, since they do not have to receive and filter all of the Multicast traffic generated in the network.
Configuring Multicast Forwarding Defining Multicast Properties 15 Defining Multicast Properties The Properties page enables you to configure the Bridge Multicast filtering status. By default, all Multicast frames are flooded to all ports of the VLAN. To selectively forward only to relevant ports and filter (drop) the Multicast on the rest of the ports, enable Bridge Multicast filtering status in the Properties page.
Configuring Multicast Forwarding Adding MAC Group Address 15 To enable Multicast filtering, and select the forwarding method: STEP 1 Click Multicast> Properties. The Properties page opens. STEP 2 Enter the parameters. • Bridge Multicast Filtering Status—Select to enable filtering. • VLAN ID—Select the VLAN ID to set its forwarding method.
Configuring Multicast Forwarding Adding MAC Group Address 15 For viewing the forwarding information when the mode is IP Address Group or IP and Source Group, use the IP Multicast Group Address page. To define and view MAC Multicast groups: STEP 1 Click Multicast > MAC Group Address. The MAC Group Address page opens. STEP 2 Enter the parameters. • VLAN ID Equals To—Set the VLAN ID of the group to be displayed. • MAC Group Address Equals To—Set the MAC address of the Multicast group to be displayed.
Configuring Multicast Forwarding Adding IP Multicast Group Addresses 15 • Static—Attaches the interface to the Multicast group as a static member. • Dynamic—Indicates that the interface was added to the Multicast group as a result of IGMP/MLD snooping. • Forbidden—Specifies that this port is not allowed to join this group on this VLAN. • None—Specifies that the port is not currently a member of this Multicast group on this VLAN. STEP 10 Click Apply, and the Running Configuration file is updated.
Configuring Multicast Forwarding Adding IP Multicast Group Addresses • 15 Source IP Address equals to—Define the source IP address of the sending device. If mode is (S,G), enter the sender S. This together with the IP Group Address is the Multicast group ID (S,G) to be displayed. If mode is (*.G), enter an * to indicate that the Multicast group is only defined by destination. STEP 3 Click Go. The results are displayed in the lower block.
Configuring Multicast Forwarding Configuring IGMP Snooping 15 STEP 9 Click Apply. The Running Configuration file is updated. Configuring IGMP Snooping To support selective Multicast forwarding (IPv4), Bridge Multicast filtering must be enabled (in the Properties page), and IGMP Snooping must be enabled globally and for each relevant VLAN (in the IGMP Snooping page).
Configuring Multicast Forwarding Configuring IGMP Snooping 15 To enable IGMP Snooping and identify the switch as an IGMP Snooping Querier on a VLAN: STEP 1 Click Multicast > IGMP Snooping. The IGMP Snooping page opens. STEP 2 Enable or disable the IGMP Snooping status. When IGMP Snooping is enabled globally, the device monitoring network traffic can determine which hosts have requested to receive Multicast traffic.
Configuring Multicast Forwarding MLD Snooping 15 • Last Member Query Counter—Enter the number of IGMP Group-Specific Queries sent before the switch assumes there are no more members for the group, if the switch is the elected querier. • Operational Last Member Query Counter—Displays the operational value of the Last Member Query Counter.
Configuring Multicast Forwarding MLD Snooping 15 To support selective Multicast forwarding (IPv6), Bridge Multicast filtering must be enabled, and MLD Snooping must be enabled globally and for each relevant VLAN. NOTE The switch supports MLD Snooping only on static VLANs. It does not support MLD Snooping on dynamic VLANs The switch uses this feature to build Multicast membership lists.
Configuring Multicast Forwarding MLD Snooping 15 To enable MLD Snooping: STEP 1 Click Multicast > MLD Snooping. The MLD Snooping page opens. STEP 2 Enable or disable MLD Snooping Status. When MLD Snooping is globally enabled, the device monitoring network traffic can determine which hosts have requested to receive Multicast traffic. The switch performs MLD Snooping only if both MLD snooping and Bridge Multicast filtering are enabled. STEP 3 Select a VLAN, and click Edit. The Edit MLD Snooping page opens.
Configuring Multicast Forwarding Querying IGMP/MLD IP Multicast Group 15 • Last Member Query Counter—Enter the Last Member Query Count to be used if the switch cannot derive the value from the messages sent by the elected querier. • Operational Last Member Query Counter—Displays the operational value of the Last Member Query Counter.
Configuring Multicast Forwarding Defining Multicast Router Ports 15 • Source Address equals to—Defines the sender address to query. • VLAN ID equals to—Defines the VLAN ID to query. STEP 4 Click Go. The following fields are displayed for each Multicast group: • VLAN—The VLAN ID. • Group Address—The Multicast group MAC address or IP address. • Source Address—The sender address for all of the specified group ports. • Included Ports—The list of destination ports for the Multicast stream.
Configuring Multicast Forwarding Defining Forward All Multicast 15 STEP 4 For each port or LAG, select its association type. The options are as follows: • Static—The port is statically configured as a Multicast router port. • Dynamic—(Display only) The port is dynamically configured as a Multicast router port by a MLD/IGMP query.
Configuring Multicast Forwarding Defining Unregistered Multicast Settings 15 STEP 4 Select the port/LAG that is to be defined as Forward All by using the following methods: • Static—The port receives all Multicast streams. • Forbidden—Ports cannot receive any Multicast streams, even if IGMP/MLD snooping designated the port to join a Multicast group. • None—The port is not currently a Forward All port. STEP 5 Click Apply. The Running Configuration file is updated.
Configuring Multicast Forwarding Defining Unregistered Multicast Settings • 15 Unregistered Multicast—Displays the forwarding status of the selected interface. The possible values are: - Forwarding—Enables forwarding of unregistered Multicast frames to the selected interface. - Filtering—Enables filtering (rejecting) of unregistered Multicast frames to the selected interface. STEP 3 Click Apply. The settings are saved, and the Running Configuration file is updated. Cisco Small Business 200 1.
16 Configuring IP Information IP interface addresses can be configured manually by the user, or automatically configured by a DHCP server. This section provides information for defining the switch IP addresses. It includes the following topics: • Management and IP Interfaces • Configuring ARP • Domain Name Systems Management and IP Interfaces The switch operates as a Layer 2 VLAN-aware switch, and has no routing capabilities. The 200 Series switches do not have Layer 3 capabilities.
16 Configuring IP Information Management and IP Interfaces If the switch receives a DHCP response from the DHCP server with an IP address, it sends Address Resolution Protocol (ARP) packets to confirm that the IP address is unique. If the ARP response shows that the IP address is in use, the switch sends a DHCPDECLINE message to the offering DHCP server, and sends another DHCPDISCOVER packet that restarts the process.
16 Configuring IP Information Management and IP Interfaces Defining an IPv4 Interface To manage the switch by using the web-based switch configuration utility, the IPv4 switch management IP address must be defined and known. The switch IP address can be manually configured or automatically taken from a DHCP server. To configure the IPv4 switch IP address: STEP 1 Click Administration > Management Interface > (Layer 2) > IPv4 Interface. The IPv4 Interface page opens.
16 Configuring IP Information Management and IP Interfaces If a dynamic IP address is retrieved from the DHCP server, select those of the following fields that are enabled: • Renew IP Address Now—The switch dynamic IP address can be renewed any time after it is assigned by a DHCP server. Depending on your DHCP server configuration, the switch might receive a new IP address after the renewal that will cause a loss of connectivity to the web-based switch configuration utility.
16 Configuring IP Information Management and IP Interfaces Defining IPv6 Global Configuration The IPv6 Global Configuration page defines the frequency of the IPv6 ICMP error messages generated by the switch. To define IPv6 global parameters: STEP 1 Click Administration > Management Interface (Layer 2) > IPv6 Global Configuration. The IPv6 Global Configuration page opens. STEP 2 Enter values for the following fields: • ICMPv6 Rate Limit Interval—Enter the time limit.
16 Configuring IP Information Management and IP Interfaces • IPv6 Interface—Select a specific port, LAG, VLAN, or ISATAP tunnel. • Number of DAD Attempts—Enter the number of consecutive neighbor solicitation messages that are sent while Duplicate Address Detection (DAD) is performed on the interface’s Unicast IPv6 addresses. DAD verifies the uniqueness of a new Unicast IPv6 address before it is assigned. New addresses remain in a tentative state during DAD verification.
16 Configuring IP Information Management and IP Interfaces STEP 3 Click Add. The Add IPv6 Address page opens. STEP 4 Enter values for the fields. • IPv6 Interface—Displays the interface where the address is automatically completed, based on the filter. • IPv6 Address Type—Select Link Local or Global as the type of IPv6 address to add. • - Link Local—The IPv6 address uniquely identifies hosts on a single network link.
16 Configuring IP Information Management and IP Interfaces Defining an IPv6 Default Router List The IPv6 Default Router List page enables configuring and viewing the default IPv6 router addresses. This list contains the routers that are candidates to become the switch default router for non-local traffic (it may be empty). The switch randomly selects a router from the list. The switch supports one static IPv6 default router.
16 Configuring IP Information Management and IP Interfaces - Stale—Previously-known neighboring network is unreachable, and no action is taken to verify its reachability until it is necessary to send traffic. - Delay—Previously-known neighboring network is unreachable. The device is in Delay state for a predefined Delay Time. If no confirmation is received, the state changes to Probe.
16 Configuring IP Information Management and IP Interfaces To configure an IPv6 Tunnel: STEP 1 Click Administration > Management Interface > (Layer 2) > IPv6 Tunnel. The IPv6 Tunnel page opens. STEP 2 Enter values for the following fields: • Tunnel Number—Displays the automatic tunnel router domain number. • Tunnel Type—Always displayed as ISATAP. • Source IPv4 Address—Disable the ISATAP tunnel, or enable the ISATAP tunnel over an IPv4 interface.
16 Configuring IP Information Management and IP Interfaces STEP 3 Click Apply. The tunnel is defined, and the Running Configuration file is updated. Defining IPv6 Neighbors Information The IPv6 Neighbors page enables configuring and viewing the list of IPv6 neighbors on the IPv6 interface. The IPv6 Neighbor Table (also known as IPv6 Neighbor Discovery Cache) displays the MAC addresses of the IPv6 neighbors that are in the same IPv6 subnet as the switch.
16 Configuring IP Information Management and IP Interfaces - Incomplete—Address resolution is working. The neighbor has not yet responded. - Reachable—Neighbor is known to be reachable. - Stale—Previously-known neighbor is unreachable. No action is taken to verify its reachability until traffic must be sent. - Delay—Previously-known neighbor is unreachable. The interface is in Delay state for a predefined Delay Time. If no reachability confirmation is received, the state changes to Probe.
16 Configuring IP Information Management and IP Interfaces STEP 1 Click Administration > Management Interface > (Layer 2) > IPv6 Routes. The IPv6 Routes page opens. This page displays the following fields: • IPv6 Address—The IPv6 subnet address. • Prefix Length—IP route prefix length for the destination IPv6 subnet address. It is preceded by a forward slash. • Interface—Interface used to forward the packet. • Next Hop—Address where the packet is forwarded.
16 Configuring IP Information Configuring ARP DHCP Relay Description DHCP Relay Limitations Defining DHCP Relay Properties Defining DHCP Relay Interfaces Configuring ARP The switch maintains an ARP (Address Resolution Protocol) table for all known devices that reside in its directly-connected IP subnets. A directly-connected IP subnet is the subnet to which a IPv4 interface of the switch is connected.
16 Configuring IP Information Domain Name Systems - Normal Age Out—Deletes dynamic addresses based on the configured ARP Entry Age Out time. STEP 3 Click Apply. The ARP global settings are modified, and the Running Configuration file is updated. The ARP table displays the following fields: • Interface—The IPv4 Interface of the directly-connected IP subnet where the IP device resides. • IP Address—The IP address of the IP device. • MAC Address—The MAC address of the IP device.
16 Configuring IP Information Domain Name Systems Defining DNS Servers Use the DNS Servers page to enable the DNS feature, configure the DNS servers and set the default domain used by the switch. STEP 1 Click IP Configuration > Domain Name System > DNS Servers. The DNS Servers page opens. STEP 2 Enter the parameters. • DNS—Select to designate the switch as a DNS client which resolves DNS names into IP addresses through one or more configured DNS servers.
16 Configuring IP Information Domain Name Systems • IPv6 Address Type—Select the IPv6 address type (if IPv6 is used). The options are: - Link Local—The IPv6 address uniquely identifies hosts on a single network link. A link local address has a prefix of FE80, is not routable, and can be used for communication only on the local network. Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration.
16 Configuring IP Information Domain Name Systems STEP 2 To add a host mapping, click Add. The Add Host Mapping page opens. STEP 3 Enter the parameters. • IP Version—Select Version 6 for IPv6 or Version 4 for IPv4. • IPv6 Address Type—Select the IPv6 address type (if IPv6 is used). The options are: - Link Local—The IPv6 address uniquely identifies hosts on a single network link. A link local address has a prefix of FE80, is not routable, and can be used for communication only on the local network.
17 Configuring Security This section describes switch security and access control. The system handles various types of security. The following list of topics describes the various types of security features described in this section. Some features are used for more than a single type of security or control, and so they appear twice in the list of topics below.
17 Configuring Security Defining Users Protection from other network users is described in the following sections. These are attacks that pass through, but are not directed at, the switch. • Denial of Service Prevention • Configuring TCP/UDP Services • Defining Storm Control • Configuring Port Security Defining Users The default username/password is cisco/cisco. The first time that you log in with the default username and password, you are required to enter a new password.
17 Configuring Security Defining Users • Password—Enter a password (UTF-8 characters are not permitted). If the password strength and complexity is defined, the user password must comply with the policy configured in the Setting Password Complexity Rules section. • Confirm Password—Enter the password again. • Password Strength Meter—Displays the strength of password. The policy for password strength and complexity are configured in the Password Strength page. STEP 4 Click Apply.
17 Configuring Security Defining Users • Contain characters from at least three character classes (uppercase letters, lowercase letters, numbers, and special characters available on a standard keyboard). • Are different from the current password. • Contain no character that is repeated more than three times consecutively. • Do not repeat or reverse the user’s name or any variant reached by changing the case of the characters.
17 Configuring Security Configuring RADIUS Parameters Configuring RADIUS Parameters Remote Authorization Dial-In User Service (RADIUS) servers provide a centralized 802.1X or MAC-based network access control. The switch is a RADIUS client that can use a RADIUS server to provide centralized security. For the RADIUS server to grant access to the web-based switch configuration utility, the RADIUS server must return cisco-avpair = shell:priv-lvl=15.
17 Configuring Security Configuring RADIUS Parameters STEP 4 To add a RADIUS server, click Add. The Add RADIUS Server page displays. STEP 5 Enter the values in the fields for each server. To use the default values entered in the RADIUS page, select Use Default. • Server Definition—Select whether to specify the RADIUS server by IP address or name. • IP Version—If the RADIUS server will be identified by IP address, select either IPv4 or IPv6, to indicate that it will be entered in the selected format.
Configuring Security Configuring Management Access Authentication 17 - 802.1X—RADIUS server is used for 802.1x authentication. - All—RADIUS server is used for authenticating user that ask to administer the switch and for 802.1X authentication. STEP 6 Click Apply. The RADIUS server definition is added to the Running Configuration file of the switch. Configuring Management Access Authentication Authentication methods can be assigned to HTTP/HTTPS sessions.
17 Configuring Security Defining Access Profiles NOTE The Local or None authentication method must always be selected last. All authentication methods selected after Local or None are ignored. STEP 4 Click Apply. The selected authentication methods are associated with the access method. Defining Access Profiles Access profiles determine how to authenticate and authorize users accessing the switch through various access methods. Access Profiles can limit management access from specific sources.
17 Configuring Security Defining Access Profiles When a user attempts to access the switch through an access method, the switch looks to see if the active access profile explicitly permits management access to the switch through this method. If no match is found, access is denied. When an attempt to access the switch is in violation of the active access profile, the switch generates a SYSLOG message to alert the system administrator of the attempt.
17 Configuring Security Defining Access Profiles • • • Management Method—Select the management method for which the rule is defined. The options are: - All—Assigns all management methods to the rule. - HTTP— Users requesting access to the switch who meet the HTTP access profile criteria, are permitted or denied. - Secure HTTP (HTTPS)—Users requesting access to the switch who meet the HTTPS access profile criteria, are permitted or denied. Action—Select the action attached to the rule.
17 Configuring Security Defining Access Profiles STEP 6 Click Apply. The access profile is created, and the Running Configuration file is updated. You can now select this access profile as the active access profile. Defining Profile Rules Access profiles can contain up to 128 rules to determine who is permitted to manage and access the switch, and the access methods that may be used. Each rule in an access profile contains an action and a criteria (one or more parameters) to match.
17 Configuring Security Defining Access Profiles - HTTP—Assigns HTTP access to the rule. Users requesting access to the switch who meet the HTTP access profile criteria, are permitted or denied. - Secure HTTP (HTTPS)—Users requesting access to the switch who meet the HTTPS access profile criteria, are permitted or denied. • Action—Select Permit to permit the users that attempt to access the switch by using the configured access method from the interface and IP source defined in this rule.
17 Configuring Security Configuring TCP/UDP Services Configuring TCP/UDP Services The TCP/UDP Services page enables TCP or UDP-based services on the switch, usually for security reasons. The switch offers the following TCP/UDP services: • HTTP—Enabled by factory default • HTTPS—Disabled by factory default The active TCP connections are also displayed in this window. To configure TCP/UDP services: STEP 1 Click Security > TCP/UDP Services. The TCP/UDP Services page displays.
17 Configuring Security Defining Storm Control • Local IP Address—Local IP address through which the switch is offering the service. • Local Port—Local UDP port through which the switch is offering the service. • Application Instance—The service instance of the UDP service. (For example, when two senders send data to the same destination.) STEP 3 Click Apply. The services are added, and the Running Configuration file is updated.
17 Configuring Security Configuring Port Security • Storm Control Rate Threshold—Enter the maximum rate at which unknown packets can be forwarded. The default for this threshold is 10,000 for FE devices and 100,000 for GE devices. • Storm Control Mode—Select one of the modes: - Unknown Unicast, Multicast & Broadcast—Counts unknown Unicast, Broadcast, and Multicast traffic towards the bandwidth threshold. - Multicast & Broadcast—Counts Broadcast and Multicast traffic towards the bandwidth threshold.
17 Configuring Security Configuring Port Security When a frame from a new MAC address is detected on a port where it is not authorized (the port is classically locked, and there is a new MAC address, or the port is dynamically locked, and the maximum number of allowed addresses has been exceeded), the protection mechanism is invoked, and one of the following actions can take place: • Frame is discarded • Frame is forwarded • Port is shut down When the secure MAC address is seen on another port, the
17 Configuring Security Configuring 802.1X - Limited Dynamic Lock—Locks the port by deleting the current dynamic MAC addresses associated with the port. The port learns up to the maximum addresses allowed on the port. Both re-learning and aging of MAC addresses are enabled. • Max No. of Addresses Allowed—Enter the maximum number of MAC addresses that can be learned on the port if Limited Dynamic Lock learning mode is selected.
17 Configuring Security Configuring 802.1X The 802.1x is an IEEE standard for port-based network access control. The 802.1x framework enables a device (the supplicant) to request port access from a remote device (authenticator) to which it is connected. Only when the supplicant requesting port access is authenticated and authorized is it permitted to send data to the port. Otherwise, the authenticator discards the supplicant data.
17 Configuring Security Configuring 802.1X • Define 802.1X settings for each port by using the Edit Port Authentication page. Note the following: • You can select the Guest VLAN field to have untagged incoming frames go to the guest VLAN. • Define host authentication parameters for each port using the Port Authentication page. • View 802.1X authentication history using the Authenticated Hosts page. Defining 802.1X Properties The 802.1X Properties page is used to globally enable 802.
17 Configuring Security Configuring 802.1X Defining 802.1X Port Authentication The Port Authentication page enables configuration of 802.1X parameters for each port. Since some of the configuration changes are only possible while the port is in Force Authorized state, such as host authentication, it is recommended that you change the port control to Force Authorized before making changes. When the configuration is complete, return the port control to its previous state. NOTE A port with 802.
17 Configuring Security Configuring 802.1X - 802.1X Only—802.1X authentication is the only authentication method performed on the port. • Periodic Reauthentication—Select to enable port re-authentication attempts after the specified Reauthentication Period. • Reauthentication Period—Enter the number of seconds after which the selected port is reauthenticated. • Reauthenticate Now—Select to enable immediate port re-authentication.
17 Configuring Security Configuring 802.1X Defining Host and Session Authentication The Host and Session Authentication page enables defining the mode in which 802.1X operates on the port and the action to perform if a violation has been detected. The 802.1X modes are: • Single—Only a single authorized host can access the port. (Port Security cannot be enabled on a port in single-host mode.) • Multiple Host (802.1X)—Multiple hosts can be attached to a single 802.1Xenabled port.
17 Configuring Security Configuring 802.1X • Number of Violations—Displays the number of packets that arrive on the interface in single-host mode, from a host whose MAC address is not the supplicant MAC address. STEP 2 Select a port, and click Edit. The Edit Host and Session Authentication page displays. STEP 3 Enter the parameters. • Interface—Enter a port number for which host authentication is enabled. • Host Authentication—Select one of the modes.
17 Configuring Security Denial of Service Prevention Viewing Authenticated Hosts To view details about authenticated users: STEP 1 Click Security > 802.1X > Authenticated Hosts. The Authenticated Hosts page displays. This page displays the following fields: • User Name—Supplicant names that were authenticated on each port. • Port—Number of the port. • Session Time (DD:HH:MM:SS)—Amount of time that the supplicant was logged on the port.
Configuring Security Denial of Service Prevention 17 The switch uses the Secure Core Technology (SCT) feature, which ensures that the switch will receive and process management and protocol traffic, no matter how much total traffic is received. SCT is enabled by default on the device and cannot be disabled. There are no interactions with other features. SCT can be monitored in the Denial of Service > Security Suite Settings page (Details button).
19 Configuring Quality of Service The Quality of Service feature is applied throughout the network to ensure that network traffic is prioritized according to required criteria and the desired traffic receives preferential treatment. This section contains the following topics: • QoS Features and Components • Configuring QoS - General • Managing QoS Statistics Cisco Small Business 300 1.
19 Configuring Quality of Service QoS Features and Components QoS Features and Components The QoS feature is used to optimize network performance.
Configuring Quality of Service Configuring QoS - General 19 QoS Workflow To configure general QoS parameters, perform the following: STEP 1 Enable QoS by using the QoS Properties page to select the trust mode. Then enable QoS on ports by using the Interface Settings page. STEP 2 Assign each interface a default CoS or DSCP priority by using the QoS Properties page. STEP 3 Assign the schedule method (Strict Priority or WRR) and bandwidth allocation for WRR to the egress queues by using the Queue page.
Configuring Quality of Service Configuring QoS - General 19 STEP 3 Select a trust mode (CoS/802.1p or DSCP) and click Apply. STEP 4 If you selected DSCP, proceed to STEP 6; if you selected CoS, proceed to the next step. STEP 5 Select Port/LAG and click GO to display/modify all ports/LAGs and their CoS information. The following fields are displayed for all ports/LAGs: • Interface—Type of interface. • Default CoS—Default VPT value for incoming packets that do not have a VLAN Tag. The default CoS is 0.
Configuring Quality of Service Configuring QoS - General 19 Interface QoS Settings The Interface Settings page enables configuring QoS on each port of the switch, as follows: QoS State Disabled on an Interface—All inbound traffic on the port is mapped to the best effort queue and no classification/prioritization takes place. QoS State of the Port is Enabled—Port prioritize traffic on ingress is based on the system wide configured trusted mode, which is either CoS/ 802.1p trusted mode or DSCP trusted mode.
19 Configuring Quality of Service Configuring QoS - General Weighted Round Robin (WRR)—In WRR mode the number of packets sent from the queue is proportional to the weight of the queue (the higher the weight the more frames are sent). For example, if all four queues are WRR and the default weights are used, queue1 receives 1/15 of the bandwidth (assuming all queues are saturated and there is congestion), queue 2 receives 2/15, queue 3 receives 4/ 15 and queue 4 receives 8 /15 of the bandwidth.
19 Configuring Quality of Service Configuring QoS - General STEP 3 Click Apply. The queues are configured, and the Running Configuration file is updated. Mapping CoS/802.1p to a Queue The CoS/802.1p to Queue page maps 802.1p priorities to egress queues. The CoS/802.1p to Queue Table determines the egress queues of the incoming packets based on the 802.1p priority in their VLAN Tags. For incoming untagged packets, the 802.1p priority will be the default CoS/802.1p priority assigned to the ingress ports.
Configuring Quality of Service Configuring QoS - General 19 Queue 1 has the lowest priority, queue 4 has the highest priority. To map CoS values to egress queues: STEP 1 Click Quality of Service > General > CoS/802.1p to Queue. The CoS/802.1p to Queue page opens. STEP 2 Enter the parameters. • 802.1p—Displays the 802.1p priority tag values to be assigned to an egress queue, where 0 is the lowest and 7 is the highest priority. • Output Queue—Select the egress queue to which the 802.
Configuring Quality of Service Configuring QoS - General 19 To map DSCP to queues: STEP 1 Click Quality of Service > General > DSCP to Queue. The DSCP to Queue page opens. The DSCP to Queue page contains Ingress DSCP. It displays the DSCP value in the incoming packet and its associated class. STEP 2 Select the Output Queue (traffic forwarding queue) to which the DSCP value is mapped. STEP 3 Click Apply. The Running Configuration file is updated.
Configuring Quality of Service Configuring QoS - General 19 • Ingress Rate Limit—Select to enable the ingress rate limit, which is defined in the field below. • Ingress Rate Limit—Enter the maximum amount of bandwidth allowed on the interface. NOTE The two Ingress Rate Limit fields do not appear when the interface type is LAG. • Egress Shaping Rate—Select to enable egress shaping on the interface. • Committed Information Rate (CIR)—Enter the maximum bandwidth for the egress interface.
Configuring Quality of Service Managing QoS Statistics 19 STEP 3 Select a Port/LAG, and click Edit. The Edit Egress Shaping Per Queue page opens. This page enables shaping the egress for up to four queues on each interface. STEP 4 Select the Interface. STEP 5 For each queue that is required, enter the following fields: • Enable Shaping—Select to enable egress shaping on this queue. • Committed Information Rate (CIR)—Enter the maximum rate (CIR) in Kbits per second (Kbps).
19 Configuring Quality of Service Managing QoS Statistics Viewing Queues Statistics The Queues Statistics page displays queue statistics, including statistics of forwarded and dropped packets, based on interface, queue, and drop precedence. NOTE QoS Statistics are shown only when the switch is in QoS Advanced Mode only. This change is made in General > QoS Properties. To view Queues Statistics: STEP 1 Click Quality of Service > QoS Statistics > Queues Statistics. The Queues Statistics page opens.
19 Configuring Quality of Service Managing QoS Statistics • • Counter Set—Select the counter set: - Set 1—Displays the statistics for Set 1 that contains all interfaces and queues with a high DP (Drop Precedence). - Set 2—Displays the statistics for Set 2 that contains all interfaces and queues with a low DP. Interface—Select the ports for which statistics are displayed. The options are: - Port—Selects the port on the selected unit number for which statistics are displayed.
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R) © 2011 Cisco Systems, Inc. All rights reserved.
