ADMINISTRATION GUIDE Cisco Small Business 200 Series Smart Switch Administration Guide
Contents Chapter 1: Getting Started Starting the Web-based Switch Configuration Utility 1 1 Launching the Configuration Utility 1 Logging In 2 Password Expiration 5 Logging Out 5 Quick Start Switch Configuration 6 Window Navigation 7 Application Header 7 Management Buttons 9 Chapter 2: Viewing Statistics 12 Viewing Ethernet Interface 12 Viewing Etherlike Statistics 15 Viewing 802.
Contents Setting DHCP Auto Configuration Chapter 5: System Time 52 55 System Time Options 56 Configuring System Time 57 Adding an SNTP Server 59 Defining SNTP Authentication 63 Chapter 6: General Administrative Information and Operations 66 System Information 67 Displaying the System Summary 67 Configuring the System Settings 69 Switch Models 70 Rebooting the Switch 71 Monitoring the Fan Status and Temperature 73 Defining Idle Session Timeout 74 Pinging a Host 75 Chapter 7: Co
Contents Chapter 8: Port Management Configuring Ports 106 106 Port Management Workflow 106 Setting the Basic Port Configuration 107 Configuring Link Aggregation 111 Static and Dynamic LAG Workflow 112 Defining LAG Management 113 Defining Member Ports in a LAG 114 Configuring LAG Settings 115 Configuring LACP 117 Setting Port LACP Parameter Settings 118 Green Ethernet 120 Setting Global Green Ethernet Properties 121 Setting Green Ethernet Properties for Ports 123 Chapter 9: Managin
Contents Configuring Default VLAN Settings 145 Creating VLANs 147 Configuring VLAN Interface Settings 150 Defining VLAN Membership 153 Configuring Port to VLAN 154 Configuring VLAN to Port 155 Viewing VLAN Membership 158 Voice VLAN 159 Voice VLAN Options 160 Configuring Voice VLAN Properties 161 Configuring Telephony OUI 163 Chapter 12: Configuring the Spanning Tree Protocol 165 STP Flavors 165 Configuring STP Status and Global Settings 166 Defining Spanning Tree Interface Setti
Contents Adding MAC Group Address 188 Adding IP Multicast Group Address 192 Configuring IGMP Snooping 195 Configuring MLD Snooping 199 Viewing IGMP/MLD IP Multicast Groups 202 Defining Multicast Router Ports 203 Defining Forward All Multicast 205 Defining Unregistered Multicast Settings 207 Chapter 15: Configuring IP Information Management and IP Interfaces 210 210 IP Addressing 212 Defining an IPv4 Interface 213 Defining IPv6 Global Configuration 215 Defining an IPv6 Interface 216
Contents Defining Access Profiles 250 Displaying, Adding, or Activating an Access Profile 251 Defining Profile Rules 254 Configuring TCP/UDP Services 257 Defining Storm Control 259 Configuring Port Security 262 Configuring 802.1X 265 802.1X Parameters Workflow 266 Defining 802.1X Properties 267 Defining 802.
1 Getting Started This chapter provides an introduction to the user interface, and includes the following topics: • Starting the Web-based Switch Configuration Utility • Quick Start Switch Configuration Starting the Web-based Switch Configuration Utility This section describes how to navigate the web-based switch configuration utility. Browser Restrictions • If you are using a pop-up blocker, make sure it is disabled.
Getting Started Starting the Web-based Switch Configuration Utility 1 Launching the Configuration Utility To open the user interface: STEP 1 Open a Web browser. STEP 2 Enter the IP address of the switch you are configuring in the address bar on the browser, and then press Enter. The Login Page opens. NOTE When the switch is using the factory default IP address of 192.168.1.254, its power LED flashes continuously.
Getting Started Starting the Web-based Switch Configuration Utility 1 If you entered an incorrect username or password, an error message is displayed, and the Login Page remains displayed. If you are having problems logging in, please see the Launching the Configuration Utility section in the Cisco Small Business 200 Series Smart Switch Administration Guide for additional information.
1 Getting Started Quick Start Switch Configuration When you click Save, the Copy/Save Configuration Page is displayed. Save the Running Configuration file by copying it to the Startup Configuration file. After this save, the red X icon and the Save application link are no longer displayed. To logout, click Logout in the top right corner of any page. The system logs out of the switch.
1 Getting Started Quick Start Switch Configuration Links on the Getting Started Page Category Link Name (on the Page) Linked Page Upgrade Device Software Upgrade/Backup Firmware/ Language Backup Device Configuration Download/Backup Configuration/Log Page Configure QoS QoS Properties Page Configure Port Mirroring Port and VLAN Mirroring Page This section describes the features of the web-based switch configuration utility. Application Header The Application Header is displayed on every page.
1 Getting Started Quick Start Switch Configuration Application Links (Continued) Application Link Name Description About Click to display the switch name and switch version number. Help Click to display the online help. Language Menu Select a language or load a new language file into the switch. If the language required is displayed in the menu, select it. If it is not displayed, select Download Language.
1 Getting Started Quick Start Switch Configuration Management Buttons The following table describes the commonly-used buttons that appear on various pages in the system. Management Buttons Button Name Description Navigate the table by using the right and left arrow icons when there are more than 50 entries in a table. Indicates a mandatory field. Add Click to display the related Add page and add an entry to a table. Enter the information and click Apply to save it to the Running Configuration.
1 Getting Started Quick Start Switch Configuration Management Buttons (Continued) Button Name Description Copy Settings A table typically contains one or more entries containing configuration settings. Instead of modifying each entry individually, it is possible to modify one entry and then copy it to multiple entries, as described below: 1. Select the entry to be copied. Click Copy Settings to display the popup. 2. Enter the destination entry numbers in the to field. 3.
2 Viewing Statistics This chapter describes how to view switch statistics. It contains the following sections: • Viewing Ethernet Interface • Viewing Etherlike Statistics • Viewing 802.1X EAP Statistics • Managing RMON Statistics Viewing Ethernet Interface The Interface Page displays traffic statistics per port. The refresh rate of the information can be selected.
2 Viewing Statistics Viewing Etherlike Statistics - 60 Sec—Statistics are refreshed every 60 seconds. The Receive Statistics area displays information about incoming packets. • Total Bytes (Octets)—Octets received, including bad packets and FCS octets, but excluding framing bits. • Unicast Packets—Good Unicast packets received. • Multicast Packets—Good Multicast packets received. • Broadcast Packets—Good Broadcast packets received. • Packets with Errors—Packets with errors received.
2 Viewing Statistics Viewing Etherlike Statistics • Interface—Select the type of interface and specific interface for which Ethernet statistics are to be displayed. • Refresh Rate—Select the amount of time that passes before the Etherlike statistics are refreshed. The fields are displayed for the selected interface. • Frame Check Sequence (FCS) Errors—Received frames that failed the CRC (cyclic redundancy checks).
2 Viewing Statistics Viewing 802.1X EAP Statistics Viewing 802.1X EAP Statistics The 802.1x EAP Page displays detailed information regarding the EAP (Extensible Authentication Protocol) frames that were sent or received. To configure the 802.1X feature, see the 802.1X Properties Page. To view the EAP Statistics: STEP 1 Click Status and Statistics > 802.1X EAP. The 802.1x EAP Page opens. STEP 2 Select the Port that is polled for statistics.
2 Viewing Statistics Managing RMON Statistics • Last EAPOL Frame Source—Source MAC address attached to the most recently received EAPOL frame. Managing RMON Statistics RMON (Remote Networking Monitoring) enables the switch to proactively monitor traffic statistics over a given period and send traps to a remote log server. The switch compares real-time counters against predefined thresholds and generates alarms, without the need for polling by a central management platform.
2 Viewing Statistics Managing RMON Statistics To view the RMON statistics: STEP 1 Click RMON > Statistics. The Statistics Page opens. STEP 2 Select the Interface for which Ethernet statistics are to be displayed. STEP 3 Select the Refresh Rate, the time period that passes before the interface statistics are refreshed. The statistics are displayed for the selected interface. • Bytes Received (Octets)—Number of octets received, including bad packets and FCS octets, but excluding framing bits.
2 Viewing Statistics Managing RMON Statistics • Collisions—Number of collisions received. If Jumbo Frames are enabled, the threshold of Jabber Frames is raised to the maximum size of Jumbo Frames. • Frames of 64 Bytes—Number of frames, containing 64 bytes that were received. • Frames of 65 to 127 Bytes—Number of frames, containing 65-127 bytes that were received. • Frames of 128 to 255 Bytes—Number of frames, containing 128-255 bytes that were received.
3 Managing System Logs This chapter describes the System Log feature, which enables the switch to keep several independent logs. Each log is a set of messages recording system events. The switch generates the following local logs: • Log written into a cyclical list of logged events in RAM and is erased when the switch reboots. • Log written to a cyclical log-file saved to Flash memory and persists across reboots.
3 Managing System Logs Setting System Log Settings The event severity levels are listed from the highest severity to the lowest severity, as follows: • Emergency—System is not usable. • Alert—Action is needed. • Critical—System is in a critical condition. • Error—System is in error condition. • Warning—System warning has occurred. • Notice—System is functioning properly, but a system notice has occurred. • Informational—Device information.
3 Managing System Logs Setting Remote Logging Settings • RAM Memory Logging—Select the severity levels of the messages to be logged to RAM. • Flash Memory Logging—Select the severity levels of the messages to be logged to Flash memory. STEP 3 Click Apply. The switch is updated. Setting Remote Logging Settings The Remote Log Servers Page enables defining remote SYSLOG servers where log messages are sent (using the SYSLOG protocol).
3 Managing System Logs Viewing Memory Logs • Log Server IP Address/Name —Enter the IP address or domain name of the log server. • UDP Port—Enter the UDP port to which the log messages are sent. • Facility—Select a facility value from which system logs are sent to the remote server. Only one facility value can be assigned to a server. If a second facility code is assigned, the first facility value is overridden. • Description—Enter a server description.
3 Managing System Logs Viewing Memory Logs • Log Time—Time when message was generated. • Severity—Event severity. • Description—Message text describing the event. To clear the log messages, click Clear Logs. The messages are cleared. Flash Memory Flash Memory The Flash Memory Page displays the messages that were stored in Flash memory, in chronological order. The minimum severity for logging is configured in the Log Settings Page. Flash logs remain when the switch is rebooted.
4 Managing System Files You can choose the firmware file from which the switch boots. You can also copy file types internally on the switch, or to or from an external device, such as a PC. The methods of file transfer are: • Internal copy • HTTP that uses the facilities that the browser provides • TFTP client, requiring a TFTP server Configuration files on the switch are defined by their type, and contain the settings and parameter values for the device.
4 Managing System Files To preserve any changes made to the switch, you must save the Running Configuration to the Startup Configuration, or another file type if you do not want the switch to reboot with this configuration. If you have saved the Running Configuration to the Startup Configuration, when the switch is rebooted, it recreates a Running Configuration that includes the changes you have made since the last time the Running Configuration was saved to the Startup Configuration.
4 Managing System Files • Language File—The dictionary that allows the windows to be displayed in the selected language. • Flash Log—SYSLOG messages stored in Flash memory. File Actions The following actions can be performed to manage firmware and configuration files: • Upgrade the firmware or boot code, or replace a language as described in Upgrade/Backup Firmware/Language section.
Managing System Files Upgrade/Backup Firmware/Language 4 This chapter describes how configuration and log files are managed.
Managing System Files Upgrade/Backup Firmware/Language 4 A single firmware image is stored on the switch. After uploading a new firmware image to the switch, that image is used. After new firmware has been successfully loaded into the switch, the device needs to be rebooted prior to the new firmware taking effect. The Summary page will continue to show the previous image prior to the reboot.
Managing System Files Upgrade/Backup Firmware/Language 4 If for the Save Action you selected Backup to specify that a copy of the file type is to be saved to a file on another device, do the following: a. File Type—Select the source file type. Only valid file types can be selected. (The file types are described in the Files and File Types section.) b. Server Definition—Select either By IP Address or By name. c. IP Version—Select whether an IPv4 or an IPv6 address is used. d.
Managing System Files Downloading or Backing-up a Configuration or Log 4 If for the Save Action you selected Backup to specify that a copy of the file type is to be saved to a file on another device, do the following: a. Source File Type—Select the configuration file type. Only valid file types are displayed. (The file types are described in the Files and File Types section.) b. Click Apply. The File Download window displays. c. Click Save. The Save As window displays. d. Click Save.
Managing System Files Downloading or Backing-up a Configuration or Log 4 When restoring a configuration file to the Startup Configuration or a backup configuration file, the new file replaces the previous file. When restoring to Startup Configuration, the switch must be rebooted for the restored Startup Configuration to be used as the Running Configuration. You can reboot the switch by using the process described in the Rebooting the Switch section.
Managing System Files Downloading or Backing-up a Configuration or Log f. 4 Destination File Type—Enter the destination configuration file type. Only valid file types are displayed. (The file types are described in the Files and File Types section.) If for the Save Action you selected Backup to specify that a file type is to be copied to a file on another device, do the following: a. Server Definition—Select whether to specify the TFTP server by IP address or by domain name. b.
Managing System Files Displaying Configuration File Properties 4 Select the Save Action. If for the Save Action you select Download to specify that the file type on the switch is to be replaced with a new version of that file type from a file on another device, do the following. Otherwise, go to the next procedure in this step. a. Source File Name—Click Browse to select a file or enter the path and source file name to be used in the transfer. b. Destination File Type—Select the configuration file type.
4 Managing System Files Copying Configuration Files To clear a configuration file, select it and click Clear Files. Copying Configuration Files When you click Apply on any window, changes that you made to the switch configuration settings are stored only in the Running Configuration. To preserve the parameters in the Running Configuration, the Running Configuration must be copied to another configuration type or saved as a file on another device.
4 Managing System Files Setting DHCP Auto Configuration Setting DHCP Auto Configuration Dynamic Host Configuration Protocol (DHCP) provides a means of passing configuration information (including the IP address of a TFTP server and a configuration file name) to hosts on a TCP/IP network. By default, the switch is enabled as a DHCP client.
4 Managing System Files Setting DHCP Auto Configuration To configure DHCP server auto configuration: STEP 1 Click Administration > File Management > DHCP Auto Configuration. The DHCP Auto Configuration Page opens. STEP 2 Enter the values. • Auto Configuration Via DHCP—Select this field to enable or disable the automatic transfer of a configuration from a TFTP server to the Startup Configuration on the switch. • Server Definition—Select By IP Address or By name.
5 System Time Network time synchronization is critical because every aspect of managing, securing, planning, and debugging a network involves determining when events occur. Time also provides the only frame of reference between all devices on the network. Without synchronized time, accurately correlating log files between these devices is difficult, even impossible. A few of the specific reasons include, tracking security breaches, network usage.
5 System Time System Time Options System Time Options System time can be set manually by the user or dynamically by using an SNTP server. If an SNTP server is chosen, the manual time settings are overwritten when communications with the server is established. As part of the boot process, the switch always configures the time, time-zone, and DST in some way, either from DHCP, from SNTP, from values set manually, or if all else fails from the factory defaults.
5 System Time Configuring System Time • Manual configuration of the time zone and DST by the user, where the time zone and DST set manually becomes the Operational time zone and DST, only if the dynamic configuration of the time zone and DST is disabled or fails. Configuring System Time Use the System Time Page to configure the current time, time zone, DST, and the time source. If the time is determined manually, enter the manual time here.
5 System Time Configuring System Time Local Settings—The local time is used when there is no alternate source of time, such as an SNTP server: • Date—Enter the system date. • Local Time—Enter the system time. • Time Zone Offset—Select the difference in hours between Greenwich Mean Time (GMT) and the local time. For example, the Time Zone Offset for Paris is GMT +1, while the Time Zone Offset for New York is GMT – 5. • Daylight Savings—Select Daylight Savings to enable DST.
5 System Time Adding an SNTP Server Time—The time at which DST ends every year. STEP 3 Click Apply. The system time values are defined, and the switch is updated. The time settings are displayed in the Actual Time Details block. Adding an SNTP Server A switch can be configured to synchronize its system clock with an SNTP server by using the SNTP Settings Page.
5 System Time Adding an SNTP Server • • Preference—Priority of use for the SNTP server. - Primary—Server with the lowest stratum level. Stratum level is the distance from the reference clock. Time information is taken from this server. - Secondary—Server with the next lowest stratum level after the primary server. Serves as a backup to the primary server. - In progress—SNTP server that is currently sending or receiving SNTP information. Status—SNTP server status.
5 System Time Adding an SNTP Server • IPv6 Address Type—Select the IPv6 address type (if IPv6 is used). The options are - Link Local—The IPv6 address uniquely identifies hosts on a single network link. A link local address has a prefix of FE80, is not routable, and can be used for communication only on the local network. Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration.
5 System Time Defining SNTP Authentication Defining SNTP Authentication The SNTP Authentication Page enables configuration of the authentication keys that are used when communicating with an SNTP server that requires authentication. After a key has been created, it must be bound to one or more relevant SNTP servers to be authenticated. This authentication key can also be used for authentication when receiving Broadcast synchronization. SNTP sessions might require authentication.
6 General Administrative Information and Operations This chapter describes how to view system information and configure various options on the switch.
General Administrative Information and Operations System Information 6 System information: • System Description—A description of the system. • System Location—Physical location of the switch. Click Edit to go the System Settings Page to enter this value. • System Contact—Name of a contact person. Click Edit to go the System Settings Page to enter this value. • Host Name—Name of the switch. Click Edit to go the System Settings Page to enter this value.
General Administrative Information and Operations System Information 6 • Language Version—Firmware version of the primary language of the active image. • Language MD5 Checksum—MD5 checksum of the language file. • Locale—Locale of the second language. • Language Version—Firmware version of the secondary language package. • Language MD5 Checksum—MD5 checksum of the secondary language file.
6 General Administrative Information and Operations Switch Models STEP 3 Click Apply to set the values in the Running Configuration. Switch Models All models can be fully managed through the web-based switch configuration utility. Smart Switch Models Model Name Product ID (PID) Description SG 200-18 SLM2016T 18-port Gigabit SG 200-26 SLM2024T 26-port Gigabit SG 200-26P SLM2024PT 26-port Gigabit PoE Ports Power Dedicated to PoE No.
General Administrative Information and Operations Rebooting the Switch 6 Rebooting the Switch Some configuration changes, such as enabling jumbo frame support, require the system to be rebooted before they take effect. However, rebooting the switch deletes the Running Configuration, so it is critical that the Running Configuration is saved to the Startup Configuration before the switch is rebooted. Clicking Apply does not save the configuration to the Startup Configuration.
General Administrative Information and Operations Monitoring the Fan Status and Temperature 6 Monitoring the Fan Status and Temperature The Health Page displays switch fan status and temperature on SG 200-50P. The SG 200-26P, SG 200-50, SF 200-24P, and SF 200-48P devices display only fan status. To view the switch health parameters, click Status and Statistics > Health. The Health Page opens. The Health page displays the following fields: • Fan Status—Fan status. • Temperature—Switch temperature.
General Administrative Information and Operations Pinging a Host 6 Pinging a Host Ping is a utility used to test if a remote host can be reached and to measure the round-trip time for packets sent from the switch to a destination device. Ping operates by sending Internet Control Message Protocol (ICMP) echo request packets to the target host and waiting for an ICMP response, sometimes called a pong. It measures the round-trip time and records any packet loss.
General Administrative Information and Operations Pinging a Host • 6 Status—Displays whether the ping succeeded or failed. STEP 3 Click Activate Ping to ping the host. The ping status is displayed and another message is added to the list of messages, indicating the result of the ping operation. STEP 4 View the results of ping in the Ping Counters and Status section of the page.
7 Configuring Discovery This chapter provides information for configuring Discovery. It includes the following topics: • Configuring Bonjour Discovery • Configuring LLDP Configuring Bonjour Discovery As a Bonjour client, the switch periodically broadcasts Bonjour Discovery protocol packets to directly-connected IP subnet(s), advertising its existence and the services that it provides. The switch can be discovered by a network management system or other third-party applications.
7 Configuring Discovery Configuring LLDP STEP 3 Click Apply. Bonjour is enabled or disabled on the switch according to the selection. Configuring LLDP The Link Layer Discovery Protocol (LLDP) enables network managers to troubleshoot and enhance network management by discovering and maintaining network topologies over multi-vendor environments. LLDP discovers network neighbors by standardizing methods for network devices to advertise themselves to other systems, and to store discovered information.
7 Configuring Discovery Configuring LLDP 6. View the LLDP information that was discovered from neighbors, such as local port, system name, time to live, system description, system capabilities by using the LLDP Neighbors Information Page. 7. View LLDP-related statistical information per interface by using the LLDP Statistics Page. 8. Display overloading information by using the LLDP Overloading Page. Setting LLDP Properties The LLDP Properties Page enables entering LLDP general parameters.
7 Configuring Discovery Configuring LLDP For a description of LLDP MED, refer to the LLDP MED Protocol section. STEP 3 In the Fast Start Repeat Count field, enter the number of times LLDP packets are sent when the LLDP-MED Fast Start mechanism is initialized. This occurs when a new endpoint device links to the switch. STEP 4 Click Apply. The LLDP properties are defined.
7 Configuring Discovery Configuring LLDP • System Log Notification—Select Enable to notify notification recipients that there has been a topology change. The time interval between notifications is entered in the Topology Change System Log Notification Interval field in the LLDP Properties Page. • Available Optional TLVs—Select the information to be published by the switch by moving the TLV to the Selected Optional TLVs list.
7 Configuring Discovery Configuring LLDP - 802.3 Maximum Frame—Maximum frame size capability of the MAC/ PHY implementation. The following fields relate to the Management Address: • • Advertisement Mode—Select one of the following ways to advertise the IP management address of the switch: - Auto Advertise—Send the current management IP address of the switch, regardless of whether it was acquired via DHCP or manually. - None—Do not advertise the management IP address.
7 Configuring Discovery Configuring LLDP NOTE The switch automatically advertises the policy according to your configuration; however, you must also manually configure the switch to use that policy. Setting LLDP MED Network Policy An LLDP-MED network policy is a related set of configuration settings identified by a network policy number. This set is loaded into an LLDP-MED TLV, and sent to devices connected to the switch.
7 Configuring Discovery Configuring LLDP - Softphone Voice - Video Conferencing - Streaming Video - Video Signaling • VLAN ID—Enter the VLAN ID to which the traffic should be sent. • VLAN Tag—Select whether the traffic is Tagged or Untagged. • User Priority—Select the traffic priority applied to traffic defined by this network policy. • DSCP Value—Select the DSCP value to associate with application data sent by neighbors.
7 Configuring Discovery Configuring LLDP • System Log Notification—Select whether the log notification is sent on a per-port basis, when an end station that supports MED has been discovered. • Available Optional TLVs—Select the TLVs that can be published by the switch, by moving them to the Selected Optional TLVs list. • Available Network Policies—Select the LLDP MED policies that will be published by LLDP, by moving them to the Selected Network Policies list.
7 Configuring Discovery Configuring LLDP • Enabled System Capabilities—Primary enabled function(s) of the device. • Port ID Subtype—Type of the port identifier that is shown. LLDP Port Status Table • Interface—Port identifier. • LLDP Status—LLDP publishing option. • LLDP MED Status—Enabled or disabled. • Local PoE—Local PoE information advertised. • Remote PoE—PoE information advertised by the neighbor. • # of neighbors—Number of neighbors discovered.
7 Configuring Discovery Configuring LLDP Displaying LLDP Local Information To view the LLDP local port status advertised on a port: STEP 1 Click Administration > Discovery - LLDP > LLDP Local Information. The LLDP Local Information Page opens. STEP 2 On the bottom of the page, click LLDP Port Status Table. Click LLDP Local Information Details to see the details of the LLDP and LLDPMED TLVs sent to the neighbor.
7 Configuring Discovery Configuring LLDP • Address—Returned address most appropriate for management use. • Interface Subtype—Numbering method used for defining the interface number. • Interface Number—Specific interface associated with this management address. MAC/PHY Details • Auto-Negotiation Supported—Port speed auto-negotiation support status. • Auto-Negotiation Enabled—Port speed auto-negotiation active status.
7 Configuring Discovery Configuring LLDP - Endpoint Class 2—Indicates a media endpoint class, offering media streaming capabilities, as well as all Class 1 features. - Endpoint Class 3—Indicates a communications device class, offering all Class 1 and Class 2 features plus location, 911, Layer 2 switch support, and device information management capabilities. • PoE Device Type—Port PoE type, for example, powered. • PoE Power Source—Port power source. • PoE Power Priority—Port power priority.
7 Configuring Discovery Configuring LLDP • VLAN Type—VLAN type for which the network policy is defined. The possible field values are: - Tagged—Indicates the network policy is defined for tagged VLANs. - Untagged—Indicates the network policy is defined for untagged VLANs. • User Priority—Network policy user priority. • DSCP—Network policy DSCP.
7 Configuring Discovery Configuring LLDP STEP 2 Select a local port, and click Details. The Neighbors Information Page opens. This page displays the following fields: Port Details • Local Port—Port number. • MSAP Entry—Device Media Service Access Point (MSAP) entry number. Basic Details • Chassis ID Subtype—Type of chassis ID (for example, MAC address). • Chassis ID—Identifier of the 802 LAN neighboring device chassis. • Port ID Subtype—Type of the port identifier that is shown.
7 Configuring Discovery Configuring LLDP • Auto-Negotiation Enabled—Port speed auto-negotiation active status. The possible values are True and False. • Auto-Negotiation Advertised Capabilities—Port speed auto-negotiation capabilities, for example, 1000BASE-T half duplex mode, 100BASE-TX full duplex mode. • Operational MAU Type—Medium Attachment Unit (MAU) type.
7 Configuring Discovery Configuring LLDP - Endpoint Class 2—Indicates a media endpoint class, offering media streaming capabilities as well as all Class 1 features. - Endpoint Class 3—Indicates a communications device class, offering all Class 1 and Class 2 features plus location, 911, Layer 2 switch support and device information management capabilities. • PoE Device Type—Port PoE type, for example, powered. • PoE Power Source—Port’s power source. • PoE Power Priority—Port’s power priority.
7 Configuring Discovery Configuring LLDP Location Information Enter the following data structures in hexadecimal as described in section 10.2.4 of the ANSI-TIA-1057 standard: • Civic—Civic or street address. • Coordinates—Location map coordinates—latitude, longitude, and altitude. • ECS ELIN—Device’s Emergency Call Service (ECS) Emergency Location Identification Number (ELIN). • Unknown—Unknown location information.
7 Configuring Discovery Configuring LLDP • • Errors—Total number of received frames with errors. Rx TLVs - Discarded—Total number of received TLVs that were discarded. - Unrecognized—Total number of received TLVs that were unrecognized. Neighbor’s Information Deletion Count—Number of neighbor ageouts on the interface. STEP 2 Click Refresh to view the latest statistics. LLDP Overloading LLDP adds information to packets, and can create oversized packets.
7 Configuring Discovery Configuring LLDP • • • - Size (Bytes)—Total mandatory TLV byte size. - Status—If the mandatory TLV group is being transmitted, or if the TLV group was overloaded. LLDP MED Capabilities - Size (Bytes)—Total LLDP MED capabilities packets byte size. - Status—If the LLDP MED capabilities packets were sent, or if they were overloaded. LLDP MED Location - Size (Bytes)—Total LLDP MED location packets byte size.
7 Configuring Discovery Configuring LLDP • LLDP MED Inventory - Size (Bytes)—Total LLDP MED inventory TLVs packets byte size. - Status—If the LLDP MED inventory packets were sent, or if they were overloaded. • Total (Bytes)—Total number of packets sent (in bytes). • Left to Send (Bytes)—Total number of packet bytes left to transmit.
8 Port Management This chapter describes port configuration, link aggregation, and the Green Ethernet feature. It contains the following topics: • Setting the Basic Port Configuration • Configuring Link Aggregation • Green Ethernet Configuring Ports Port Management Workflow To configure ports, perform the following actions: 1. Configure port by using the Port Setting Page. 2.
8 Port Management Configuring Ports Setting the Basic Port Configuration The Port Setting Page displays the global and per port setting of all the ports. This page enables you to select and configure the desired ports from the Edit Port Setting Page. NOTE SFP Fiber takes precedence when both ports are being used. To configure port settings: STEP 1 Click Port Management > Port Settings. The Port Setting Page opens. STEP 2 Select (Jumbo Frames) Enable to support packets of up to 10 Kb in size.
8 Port Management Configuring Ports • Auto-Negotiation—Select to enable auto-negotiation on the port. AutoNegotiation enables a port to advertise its transmission rate, duplex mode, and Flow Control abilities to other devices. • Operational Auto-Negotiation—Displays the current auto-negotiation status on the port. • Administrative Port Speed—Select the configured rate for the port. The port type determines the speed setting options are available.
8 Port Management Configuring Ports NOTE To change the status of a Giga port from 10 Half/100 Half to 1000 Full, change the duplex mode to Full and then change the Administrative Port speed to 1000. • Operation Advertisement—Displays the capabilities currently published to the port’s neighbor to start the negotiation process. The possible options are those specified in the Administrative Advertisement field.
8 Port Management Configuring Link Aggregation Configuring Link Aggregation Link Aggregation Control Protocol (LACP) is part of an IEEE specification (802.3ad) that allows you to bundle several physical ports together to form a single logical channel. Link aggregation optimizes port usage by linking multiple ports together to form a Link Aggregation Group (LAG). LAGs multiply the bandwidth, increase port flexibility, and provide link redundancy between two devices.
8 Port Management Configuring Link Aggregation The switch supports four LAGs. Every LAG has the following characteristics: • All ports in a LAG must be of the same media type. • To add a port to the LAG, it cannot belong to any VLAN except the default VLAN. • Ports in a LAG must not be assigned to another LAG. • No more than eight ports are assigned to a static LAG and no more than 16 ports can be candidates for a dynamic LAG.
8 Port Management Configuring Link Aggregation Defining LAG Management The LAG Management Page displays the global and per LAG settings. The page also enables you to configure the global setting and to select and edit the desired LAG on the Edit LAG Membership Page. STEP 1 To configure LAG management, click Port Management > Link Aggregation > LAG Management. The LAG Management Page opens.
8 Port Management Configuring Link Aggregation Configuring LAG Settings The LAG Settings Page displays a table of current settings for all LAGs. You can configure the settings of selected LAGs, and reactivate suspended LAGs by launching the Edit LAG Settings Page. To configure the LAG: STEP 1 Click Port Management > Link Aggregation > LAG Settings. The LAG Settings Page opens. STEP 2 Select a LAG, and click Edit. The Edit LAG Settings Page opens.
8 Port Management Configuring Link Aggregation - 10 Full—The LAG advertises a 10 Mbps speed and the mode is full duplex. - 100 Full—The LAG advertises a 100 Mbps speed and the mode is full duplex. - 1000 Full—The LAG advertises a 1000 Mbps speed and the mode is full duplex. • Operational Advertisement—Displays the Administrative Advertisement status. The LAG advertises its capabilities to its neighbor LAG to start the negotiation process.
8 Port Management Configuring Link Aggregation The LACP priority is taken either from the local or the remote device according to the following rule: The local LACP System Priority is compared to the remote LACP System Priority device. The lowest priority is used. If both priorities are the same, the local and remote MAC addresses are compared. The priority of the device with the lowest MAC address is used.
8 Port Management Green Ethernet • LACP Timeout—Select the periodic transmissions of LACP PDUs occur at either a slow or fast transmission rate, depending upon the expressed LACP timeout preference. STEP 5 Click Apply. The switch is updated. You can continue editing by selecting another port in the Port field. Green Ethernet Green Ethernet is a common name for a set of features that are designed to be environmentally friendly, and to reduce the power consumption of a device.
8 Port Management Green Ethernet Setting Global Green Ethernet Properties The Properties Page displays and enables configuration of the Green Ethernet mode for the switch. It also displays the current power savings. To define Global Green Ethernet properties: STEP 1 Click Port Management > Green Ethernet > Properties. The Properties Page opens. STEP 2 Enter the values for the following fields: • Energy Detect Mode—Globally enable or disable Energy Detect mode.
8 Port Management Green Ethernet Setting Green Ethernet Properties for Ports The Port Settings Page displays the current Green Ethernet Energy mode for each port, and enables selecting a port for Green Ethernet Energy configuration by using the Edit Port Setting Page. For the Green Ethernet modes to operate on a port, the corresponding modes must be activated globally in the Properties Page. To define per port Green Ethernet settings: STEP 1 Click Port Management > Green Ethernet> Port Settings.
8 Port Management Green Ethernet STEP 5 Click Apply. The Green Ethernet port settings are modified, and the switch is updated. Select another port to display or edit that port.
9 Managing Device Diagnostics This chapter contains information for configuring port mirroring, running cable tests, and viewing device operational information. It includes the following topics: • Testing Copper Ports • Displaying Optical Module Status • Configuring Port and VLAN Mirroring • Viewing CPU Utilization Testing Copper Ports The Copper Ports Page displays the results of integrated cable tests performed on copper cables.
9 Managing Device Diagnostics Testing Copper Ports To test copper cables attached to ports: STEP 1 Click Administration > Diagnostics > Copper Ports. The Copper Ports Page opens. This page displays the results of previously-conducted basic tests. STEP 2 To perform a Basic test, select a port from the list of ports, and click Basic Test. A message displays indicating that the test causes the link to briefly go down. STEP 3 Click OK to confirm that the link can go down or click Cancel to abort the test.
9 Managing Device Diagnostics Testing Copper Ports • Speed—Link speed. • Link Status—Current link Up/Down status. • Pair—Cable wire pairs being tested. • Distance to Fault—Distance between the port and the location on the cable where the fault was discovered. • Status—Wire pair status. Red indicates fault and Green indicates status OK. • Cable length—Cable length in meters. If the link is down, TDR Technology is used to test the GE and FE ports.
9 Managing Device Diagnostics Displaying Optical Module Status Displaying Optical Module Status The Optical Module Status Page displays the operating conditions reported by the SFP (Small Form-factor Pluggable) transceiver. Some information might not be available for SFPs that do not support the digital diagnostic monitoring standard SFF-8472.
Managing Device Diagnostics Configuring Port and VLAN Mirroring 9 • Output Power—Transmitted optical power. • Input Power—Received optical power. • Transmitter Fault—Remote SFP reports signal loss. Values are True, False, and No Signal (N/S). • Loss of Signal—Local SFP reports signal loss. Values are True and False. • Data Ready—SFP is operational.
9 Managing Device Diagnostics Configuring Port and VLAN Mirroring • Source Interface—Interface, port, or VLAN, from which traffic is sent to the analyzer port. • Type—Type of monitoring: incoming to the port, outgoing from the port, or both. • Status—Whether the interface is up or down. STEP 2 Click Add to add a port or VLAN to be mirrored. The Add Port/VLAN Mirroring Page opens. STEP 3 Enter the parameters: • Destination Port—Select the analyzer port to where packets are copied.
Managing Device Diagnostics Viewing CPU Utilization 9 Viewing CPU Utilization The CPU Utilization Page displays the switch CPU utilization. You can enable or disable CPU utilization monitoring, and configure the rate at which the graph is updated. To enable and display CPU utilization: STEP 1 Click Administration > Diagnostics > CPU Utilization. The CPU Utilization Page opens. STEP 2 Select CPU Utilization to enable viewing CPU resource utilization information.
10 Managing Power-over-Ethernet Devices The Power over Ethernet (PoE) feature is only available on PoE-based devices. For a list of PoE-based devices, refer to the Switch Models section. This chapter describes how to use the PoE feature.
Managing Power-over-Ethernet Devices PoE on the Switch 10 Power over Ethernet can be used in any enterprise network that deploys relatively low-powered devices connected to the Ethernet LAN, such as: • IP phones • Wireless access points • IP gateways • Audio and video remote monitoring devices PoE Operation PoE implements in the following stages: • Detection—Sends special pulses on the copper cable. When a PoE device is located at the other end, that device responds to these pulses.
Managing Power-over-Ethernet Devices Configuring PoE Properties 10 You can decide the following: • Maximum power a PSE is allowed to supply to a PD • During device operation, to change the mode from Class Power Limit to Port Limit and vice versa. The power values per port that were configured for the Port Limit mode are retained. • Maximum port limit allowed as a per-port numerical limit in mW (Port Limit mode).
Managing Power-over-Ethernet Devices Configuring PoE Properties 10 To configure PoE on the switch and monitor current power usage: STEP 1 Click Port Management > PoE > Properties. The PoE Properties Page opens. STEP 2 Enter the values for the following fields: • • Power Mode—Select one of the following options: - Port Limit—The maximum power limit per each port is configured by the user.
Managing Power-over-Ethernet Devices Configuring the PoE Power, Priority, and Class 10 Configuring the PoE Power, Priority, and Class The PoE Settings Page displays system PoE information for enabling PoE on the interfaces and monitoring the current power usage and maximum power limit per port. This page limits the power per port in two ways depending on the Power Mode: • Port Limit: Power is limited to a specified wattage. For these settings to be active, the system must be in PoE Port Limit mode.
Managing Power-over-Ethernet Devices Configuring the PoE Power, Priority, and Class 10 • Power Priority Level—Select the port priority: low, high, or critical, for use when the power supply is low. For example, if the power supply is running at 99% usage and port 1 is prioritized as high, but port 3 is prioritized as low, port 1 receives power and port 3 might be denied power. • Class—This field is displayed only if the Power Mode set in the PoE Properties Page is Class Limit.
11 VLAN Management A VLAN is a logical group that enables devices connected to the VLAN to communicate with each other over the Ethernet MAC layer, regardless of the physical LAN segment of the bridged network to which they are connected.
11 VLAN Management VLANs If a frame is VLAN-tagged, a four-byte VLAN tag is added to each Ethernet frame, increasing the maximum frame size from 1518 to 1522. The tag contains a VLAN ID between 1 and 4094, and a VLAN Priority Tag (VPT) between 0 and 7. See QoS Features and Components for details about VPT. When a frame enters a VLAN-aware device, it is classified as belonging to a VLAN, based on the four-byte VLAN tag in the frame.
11 VLAN Management Configuring Default VLAN Settings VLAN Configuration Workflow To configure VLANs: 1. If required, change the default VLAN by using the Configuring Default VLAN Settings section. 2. Create the required VLANs by using the Creating VLANs section. 3. Set the desired per port VLAN-related configuration using the Configuring VLAN Interface Settings section. 4. Assign interfaces to VLANs by using the Configuring Port to VLAN section or the Configuring VLAN to Port section. 5.
11 VLAN Management Configuring Default VLAN Settings When the VID of the default VLAN is changed, the switch performs the following on all the ports in the VLAN after saving the configuration and rebooting the switch: • Removes VLAN membership of the ports from the original default VLAN (possible only after reboot). • Changes the PVID (Port VLAN Identifier) of the ports to the VID of the new default VLAN. • The original Default VLAN ID is removed from the switch. To be used, it must be recreated.
11 VLAN Management Creating VLANs Creating VLANs You can create a VLAN, but this has no effect until the VLAN is attached to at least one port, either manually or dynamically. Ports must always belong to one or more VLANs. The Cisco Sx200 Series switch supports 128 VLANs, including the default VLAN. Each VLAN must be configured with a unique VID (VLAN ID) with a value from 1 to 4094. The switch reserves VID 4095 as the Discard VLAN.
11 VLAN Management Configuring VLAN Interface Settings Configuring VLAN Interface Settings The Interface Settings Page displays and enables configuration of VLAN-related parameters for all interfaces. The Cisco Sx200 Series switch supports 128 VLANs, including the default VLAN. To configure the VLAN settings: STEP 1 Click VLAN Management > Interface Settings. The Interface Settings Page opens. The Interface Settings page lists all ports or LAGs and their VLAN parameters.
11 VLAN Management Configuring VLAN Interface Settings • Frame Type—Select the type of frame that the interface can receive. Frames that are not of the configured frame type are discarded at ingress. These frame types are only available in General mode. Possible values are: - Admit All—The interface accepts all types of frames: untagged frames, tagged frames, and priority tagged frames. - Admit Tagged Only—The interface accepts only tagged frames.
11 VLAN Management Defining VLAN Membership Defining VLAN Membership The Port to VLAN Page, VLAN To Port Page, and Port VLAN Membership Page display the VLAN memberships of the ports in various presentations. You can use the Port to VLAN Page and the VLAN To Port Page to add or remove memberships to or from the VLANs. When a port is forbidden default VLAN membership, that port is not allowed membership in any other VLAN. An internal VID of 4095 is assigned to the port.
11 VLAN Management Defining VLAN Membership The port mode for each port or LAG is displayed with its current port mode (Access, Trunk or General) configured from the Interface Settings Page. Each port or LAG is displayed with its current registration to the VLAN. STEP 3 Change the registration of an interface to the VLAN by selecting the desired option from the following list: • Forbidden—The interface is not allowed to join the VLAN.
11 VLAN Management Defining VLAN Membership • VLANs—Drop-down list that displays all VLANs of which the interface is a member. • LAG—If interface selected is Port, displays the LAG in which it is a member. STEP 3 Select a port, and click the Join VLAN button. The Join VLAN To Port Page opens. STEP 4 Enter the values for the following fields: • Interface—Select a Port or LAG. • Mode—Displays the port VLAN mode that was selected in the Interface Settings Page.
11 VLAN Management Voice VLAN To view VLAN membership: STEP 1 Click VLAN Management > Port VLAN Membership. The Port VLAN Membership Page opens. STEP 2 Select an interface type (Port or LAG), and click Go. The Port VLAN Membership page displays the operational membership of the ports or LAGs: • Port number. • Mode—Port mode defined in the Interface Settings Page. • PVID—Port VLAN Identifier of the VLAN to which incoming untagged frames are assigned at ingress.
11 VLAN Management Voice VLAN In MAC addresses, the first three bytes contain a manufacturer ID, known as an Organizationally Unique Identifier (OUI), and the last three bytes contain a unique station ID. The classification of a packet from VoIP equipment or phones is based on the OUI of the packet source MAC address. Ports can be assigned to Voice VLAN as follows: • Static—Assigned manually to the Voice VLAN (described in the Configuring VLAN Interface Settings section).
11 VLAN Management Voice VLAN • Assign ports as candidates to the Voice VLAN. (This is configured by using the process described in the Configuring VLAN Interface Settings section.) • Assign the QoS mode per port to one of the following: - For a port that has already joined the Voice VLAN, all packets are assigned to the Voice VLAN as described in the Configuring VLAN Interface Settings section.
11 VLAN Management Voice VLAN • The Voice VLAN QoS is applied to candidate ports that have joined the Voice VLAN, and to static ports. • The voice flow is accepted if the MAC address can be learned by the FDB. (If there is no free space in FDB, no action occurs).
11 VLAN Management Voice VLAN STEP 3 Click Apply. The VLAN properties are saved, and the switch is updated. Configuring Telephony OUI Organizationally Unique Identifiers (OUIs) are assigned by the Institute of Electrical and Electronics Engineers, Incorporated (IEEE) Registration Authority. Since the number of IP phone manufacturers is limited and well-known, the known OUI values causes the relevant frames, and the port on which they are seen, to be automatically assigned to a Voice VLAN.
12 Configuring the Spanning Tree Protocol The Spanning Tree Protocol (STP) (IEEE802.1D and IEEE802.1Q) is enabled by default, set to RSTP (Rapid Spanning Tree Protocol) mode, and protects a Layer 2 Broadcast domain from broadcast storms by selectively setting links to standby mode to prevent loops. In standby mode, these links temporarily do not transfer user data. They are automatically re-activated when the topology changes to make it desirable to transfer user data.
Configuring the Spanning Tree Protocol Configuring STP Status and Global Settings 12 The switch supports the following Spanning Tree Protocol versions: • Classic STP provides a single path between any two end stations, avoiding and eliminating loops. • Rapid STP (RSTP) detects network topologies to provide faster convergence of the spanning tree. This is most effective when the network topology is naturally tree-structured, and therefore faster convergence might be possible. RSTP is enabled by default.
Configuring the Spanning Tree Protocol Configuring STP Status and Global Settings • 12 Flooding—Floods BPDU packets when Spanning Tree is disabled on an interface. Path Cost Default Values—Selects the method used to assign default path costs to the STP ports. The default path cost assigned to an interface varies according to the selected method. - Short—Specifies that the default port path costs are within the range: 1—65,535.
Configuring the Spanning Tree Protocol Defining Spanning Tree Interface Settings • 12 Last Topology Change—The time interval that elapsed since the last topology change occurred. The time is displayed in a days/hours/minutes/ seconds format. STEP 3 Click Apply. The switch is updated with the STP Global settings.
Configuring the Spanning Tree Protocol Defining Spanning Tree Interface Settings 12 - Use Global Settings—Select to use the settings defined in the STP Status and Global Settings Page. - Filtering—Filters BPDU packets when Spanning Tree is disabled on an interface. - Flooding—Floods BPDU packets when Spanning Tree is disabled on an interface. • Path Cost—Set the port contribution to the root path cost or use the default cost generated by the system. • Priority—Set the priority value of the port.
Configuring the Spanning Tree Protocol Configuring Rapid Spanning Tree Settings • 12 LAG—Displays the LAG to which the port belongs. If a port is a member of a LAG, the LAG settings override the port settings. STEP 4 Click Apply. The interface settings are modified, and the switch is updated. Configuring Rapid Spanning Tree Settings Rapid Spanning Tree Protocol (RSTP) detects and uses network topologies that enable a faster STP convergence without creating forwarding loops.
Configuring the Spanning Tree Protocol Configuring Rapid Spanning Tree Settings 12 - Disable—The port is not considered point-to-point for RSTP purposes, which means that STP works on it at regular speed, as opposed to rapid speed. - Auto—Automatically determines switch status by using RSTP BPDUs. • Point-to-Point Operational Status—Displays the Point-to-Point operating status if the Point-to-Point Administrative Status is set to Auto.
Configuring the Spanning Tree Protocol Configuring Rapid Spanning Tree Settings 12 - Learning—The port is in Learning mode. The port cannot forward traffic, however it can learn new MAC addresses. - Forwarding—The port is in Forwarding mode. The port can forward traffic and learn new MAC addresses. STEP 7 Click Apply. The switch is updated.
13 Managing MAC Address Tables MAC addresses are stored in the Static Address table or the Dynamic Address table, along with VLAN and port information. Static addresses are configured by the user in the Static Address table and do not age out. MAC addresses seen in packets arriving at the switch are listed in the Dynamic Address table for a period of time. If another frame with the same source MAC address does not appear on the switch before that time expires, the entry is deleted from the table.
13 Managing MAC Address Tables Dynamic MAC Addresses To define a static address: STEP 1 Click MAC Address Tables > Static Addresses. The Static Addresses Page opens. The Static Addresses Page displays the defined static addresses. STEP 2 Click Add. The Add Static Address Page opens. STEP 3 Enter the parameters. • VLAN ID—Select the VLAN ID for the port. • MAC Address—Enter the interface MAC address. • Interface—Select an interface (port or LAG) for the entry.
Managing MAC Address Tables Dynamic MAC Addresses 13 Configuring Dynamic MAC Address Parameters The Dynamic Addresses Setting Page enables entering the aging interval for the MAC address table. To enter the aging interval for dynamic addresses: STEP 1 Click MAC Address Tables > Dynamic Address Settings. The Dynamic Addresses Setting Page opens. STEP 2 Enter Aging Time. The aging time is a value between the user-configured value and twice that value minus 1.
Managing MAC Address Tables Dynamic MAC Addresses 13 • Interface—Select the interface for which the table is queried. The query can search for specific ports or LAGs. • Dynamic Address Table Sort Key—Enter the field by which the table is sorted. The address table can be sorted by VLAN ID, MAC address, or interface. STEP 3 Select the preferred option for sorting the addresses table in the Dynamic Address Sort Key. STEP 4 Click Go.
14 Configuring Multicast Forwarding This chapter describes the Multicast Forwarding feature, and contains the following topics: • Multicast Forwarding • Defining Multicast Properties • Adding MAC Group Address • Adding IP Multicast Group Addresses • Configuring IGMP Snooping • MLD Snooping • Viewing IGMP/MLD IP Multicast Groups • Defining Multicast Router Ports • Defining Forward All Multicast • Defining Unregistered Multicast Settings Multicast Forwarding Multicast forwarding enables o
Configuring Multicast Forwarding Multicast Forwarding 14 For Multicast forwarding to work across IP subnets, nodes, and routers must be Multicast-capable. A Multicast-capable node must be able to: • Send and receive Multicast packets. • Register the Multicast addresses being listened to by the node with local routers, so that local and remote routers can route the Multicast packet to the nodes.
Configuring Multicast Forwarding Multicast Forwarding 14 The switch can forward Multicast streams based on one of the following options: • Multicast MAC Group Address • IP Multicast Group Address (G) • A combination of the source IP address (S) and the destination IP Multicast Group Address (G) of the Multicast packet. One of these options can be configured per VLAN.
Configuring Multicast Forwarding Defining Multicast Properties 14 The following versions are supported: • IGMP v1/v2/ v3 • MLD v1/v2 Multicast Address Properties Multicast addresses have the following properties: • Each IPv4 Multicast address is in the address range 224.0.0.0 to 239.255.255.255. • The IPv6 Multicast address is FF00:/8.
Configuring Multicast Forwarding Defining Multicast Properties 14 A common way of representing Multicast membership is the (S,G) notation where “S” is the (single) source sending a Multicast stream of data, and “G” is the IPv4 or IPv6 group address. If a Multicast client can receive Multicast traffic from any source of a specific Multicast group, this is written as (*,G). The following are ways of forwarding Multicast frames: • MAC Group Address—Based on the destination MAC in the Ethernet frame.
Configuring Multicast Forwarding Adding MAC Group Address • 14 Forwarding Method for IPv4—Set the forwarding method for IPv4 addresses. These are used by hardware to identify Multicast flow by one of the following options: MAC Group Address, IP Group Address, or Source Specific IP Group Address. STEP 3 Click Apply. The switch is updated. Adding MAC Group Address The switch supports forwarding incoming Multicast traffic based on the Multicast group information.
Configuring Multicast Forwarding Adding MAC Group Address • 14 MAC Group Address Equals To—Set the MAC address of the Multicast group to be displayed. If no MAC Group Address is specified, the page displays all the MAC Group Addresses from the selected VLAN. STEP 3 Click Go, and the MAC Multicast group addresses are displayed in the lower block. STEP 4 Click Add to add a static MAC Group Address. The Add MAC Group Address Page opens. STEP 5 Enter the parameters.
Configuring Multicast Forwarding Adding IP Multicast Group Addresses 14 Adding IP Multicast Group Addresses The IP Multicast Group Address Page is similar to the MAC Group Address Page except that Multicast groups are identified by IP addresses. The IP Multicast Group Address Page enables querying and adding IP Multicast groups. To define and view IP Multicast groups: STEP 1 Click Multicast> IP Multicast Group Address. The IP Multicast Group Address Page opens.
Configuring Multicast Forwarding Configuring IGMP Snooping • 14 IP Source Address—Defines the source address to be included. STEP 6 Click Apply. The IP Multicast group is added, and the device is updated. STEP 7 To configure and display the registration of an IP group address, select an address and click Details. The IP Multicast Interface Settings Page opens. STEP 8 Use the filter "Interface Type equals" to view the group membership on port or LAG and click Go.
Configuring Multicast Forwarding Configuring IGMP Snooping 14 When IGMP Snooping is enabled globally or on a VLAN, all IGMP packets are forwarded to the CPU. The CPU analyzes the incoming packets, and determines the following: • Which ports are asking to join which Multicast groups on what VLAN. • Which ports are connected to Multicast routers (Mrouters) that are generating IGMP queries. • Which ports are receiving PIM, DVMRP, or IGMP query protocols. These are displayed on the IGMP Snooping Page.
Configuring Multicast Forwarding Configuring IGMP Snooping 14 • Operational IGMP Snooping Status—Displays the current status of the IGMP Snooping for the selected VLAN. • MRouter Ports Auto Learn—Enable or disable auto learning of the ports to which the Mrouter is connected. • Query Robustness—Enter the Robustness Variable value to be used. • Operational Query Robustness—Displays the robustness variable sent by the elected querier.
Configuring Multicast Forwarding MLD Snooping 14 MLD Snooping When IGMP/MLD snooping is enabled in a switch on a VLAN, it analyzes all of the IGMP/MLD packets it receives from the VLAN connected to the switch and Multicast routers in the network. When a switch learns that a host is using IGMP/MLD messages to register to receive a Multicast stream, optionally from a specific source, the switch adds the registration in its Multicast forwarding data base.
Configuring Multicast Forwarding MLD Snooping 14 In an approach similar to IGMP snooping, MLD frames are snooped as they are forwarded by the switch from stations to an upstream Multicast router and vice versa.
Configuring Multicast Forwarding MLD Snooping 14 • Query Robustness—Enter the Robustness Variable value to be used if the switch cannot read this value from messages sent by the elected querier. • Operational Query Robustness—Displays the robustness variable sent by the elected querier. • Query Interval—Enter the Query Interval value to be used by the switch if the switch cannot derive the value from the messages sent by the elected querier.
Configuring Multicast Forwarding Viewing IGMP/MLD IP Multicast Groups 14 Viewing IGMP/MLD IP Multicast Groups The IGMP/MLD IP Multicast Group Page displays the IPv4 and IPv6 group address the switch learned from the IGMP/MLD messages it snoops. There might be a difference between information on this page and, for example, information displayed in the MAC Group Address Page. Assuming that the system is in MAC-based groups and a port that requested to join the following Multicast groups 224.1.1.1 and 225.1.
Configuring Multicast Forwarding Defining Multicast Router Ports 14 Defining Multicast Router Ports A Multicast router (Mrouter) port is a port that connects to a Multicast router. The switch includes the Multicast router port(s) when it forwards the Multicast streams and IGMP/MLD registration messages. This is required in order for all the Multicast routers can in turn forward the Multicast streams and propagate the registration messages to other subnets.
Configuring Multicast Forwarding Defining Forward All Multicast 14 Defining Forward All Multicast The Forward All Page enables and displays the configuration of the ports and/or LAGs that are to receive all of the Multicast stream from a specific VLAN. This feature requires that the Bridge Multicast filtering in the Properties Page be enabled. If it is disabled, then all Multicast traffic is flooded to all ports in the switch.
Configuring Multicast Forwarding Defining Unregistered Multicast Settings 14 Defining Unregistered Multicast Settings Multicast frames are generally forwarded to all ports in the VLAN. If IGMP/MLD Snooping is enabled, the switch learns about the existence of Multicast groups, and monitors which ports have joined which Multicast group. Multicast groups can also be statically configured. Multicast groups that were either dynamically learned or statically configured, are considered registered.
Configuring Multicast Forwarding Defining Unregistered Multicast Settings 14 • Interface—Select the interface to be modified. • LAG—Select the LAG to be modified. • Unregistered Multicast—Define the forwarding status of the interface. The options are as follows: - Forwarding—Enables forwarding of unregistered Multicast frames to the selected interface. - Filtering—Enables filtering of unregistered Multicast frames to the selected interface. STEP 5 Click Apply.
15 Configuring IP Information IP interface addresses are configured manually by the user, or auto-configured by a DHCP server. This chapter provides information for defining the switch IP addresses. It includes the following topics: • Management and IP Interfaces • Configuring ARP • Domain Name Systems Management and IP Interfaces IP Addressing The factory default setting of the IP address configuration is DHCP.
15 Configuring IP Information Management and IP Interfaces When a VLAN is configured to use dynamic IP addresses, the switch issues DHCP requests until it is assigned an IP address from a DHCP server. The management VLAN can be configured with a static or dynamic IP address. The IP subnets to which these IP addresses belong are known as directly connected/attached IP subnets.
15 Configuring IP Information Management and IP Interfaces The tunneling mechanism uses the ISATAP mechanism. This protocol treats the IPv4 network as a virtual IPv6 local link, with mappings from each IPv4 address to a link local IPv6 address. The switch detects IPv6 frames by the IPv6 Ethertype. IP Addressing The switch operates as a Layer 2 VLAN-aware switch, and has no routing capabilities. The 200 Series switches do not have layer 3 capabilities.
15 Configuring IP Information Management and IP Interfaces - Static—Manually define a static IP address. If a static IP address is used, configure the following fields. • IP Address—Enter the IP address, and configure one of the following fields: • Mask—Select and enter the IP address mask. • Prefix Length—Select and enter the length of the IPv4 address prefix.
15 Configuring IP Information Management and IP Interfaces STEP 3 Click Apply. The IPv6 global parameters are defined, and the switch is updated. Defining an IPv6 Interface The IPv6 Interfaces Page displays the switch’s IPv6 interface parameters and enables configuring this interface. An IPv6 interface can be configured on a port, a LAG, VLAN, or ISATAP tunnel interface. The switch supports one IPv6 interface as an IPv6 end device.
15 Configuring IP Information Management and IP Interfaces STEP 4 Click Apply to enable IPv6 processing on the selected interface.
15 Configuring IP Information Management and IP Interfaces it receives. The device supports a maximum of 128 addresses at the interface. Each address must be a valid IPv6 address that is specified in hexadecimal format by using 16-bit values separated by colons. NOTE You cannot configure any IPv6 addresses directly on a ISATAP tunnel interface.
15 Configuring IP Information Management and IP Interfaces To define a default router: STEP 1 Click Administration > Management Interface > IPv6 Default Router List. The IPv6 Default Router List Page opens. This page displays the following fields for each default router: • Default Router IPv6 Address—Link local IP address of the default router. • Interface—Outgoing IPv6 interface where the default router resides.
15 Configuring IP Information Management and IP Interfaces Configuring IPv6 Tunnels The ISATAP (Intra-Site Automatic Tunnel Addressing Protocol) enables encapsulating IPv6 packets within IPv4 packets for transmission over IPv4 networks. You must first manually enable and configure an ISATAP tunnel. Then you manually define an IPv6 interface at the ISATAP tunnel. Then the switch automatically configures the link local IPv6 address to the IPv6 interface.
15 Configuring IP Information Management and IP Interfaces • Tunnel Router's Domain Name—A global string that represents a specific automatic tunnel router domain name. The name can either be the default name (ISATAP) or a user defined name. • Query Interval—The number of seconds from 10-3600 between DNS queries (before the IP address of the ISATAP router is known) for this tunnel. The interval can be the default value (10 seconds) or a user defined interval.
15 Configuring IP Information Management and IP Interfaces To define IPv6 neighbors: STEP 1 Click Administration > Management Interface > IPv6 Neighbors The IPv6 Neighbors Page opens. STEP 2 Select a Clear Table option to clear some or all of IPv6 addresses in the IPv6 Neighbors Table. • Static Only—Deletes the static IPv6 address entries. • Dynamic Only—Deletes the dynamic IPv6 address entries. • All Dynamic & Static—Deletes the static and dynamic address entries IPv6 address entries.
15 Configuring IP Information Management and IP Interfaces • Interface—The neighboring IPv6 interface to be added. • IPv6 Address—Enter the IPv6 network address assigned to the interface. The address must be a valid IPv6 address. • MAC Address—Enter the MAC address mapped to the specified IPv6 address. STEP 5 Click Apply. The switch is updated. Modifying an IPv6 Neighbor To modify an IPv6 Neighbor: STEP 1 Click Administration > Management Interface > IPv6 Neighbors The IPv6 Neighbors Page opens.
15 Configuring IP Information Management and IP Interfaces Viewing IPv6 Route Tables The IPv6 Routes Table Page displays the IPv6 Routes Table. The table contains a single default route (IPv6 address::0) that uses the default router selected from the IPv6 Default Router List to send packets to destination devices that are not in the same IPv6 subnet as the switch.
15 Configuring IP Information Configuring ARP Configuring ARP The switch maintains an ARP (Address Resolution Protocol) Table for all the known devices that reside in its directly connected IP subnets. A directly connected IP subnet is the subnet that a IPv4 interface of the switch is connected to. When the switch needs to send/route a packet to a local device, it searches the ARP Table to obtain the MAC address of the device. The ARP Table contains both static and dynamic addresses.
15 Configuring IP Information Domain Name Systems • IP Address—The IP address of the IP device. • MAC Address—The MAC address of the IP device. • Status—Whether the entry was manually entered or dynamically learned. STEP 3 Click Apply. The ARP global settings are modified, and the switch is updated. STEP 4 Click Add. The Add ARP Page (Layer 2) opens. STEP 5 Enter the parameters. • IP Version—The IP address format supported by the host. Only IPv4 is supported.
15 Configuring IP Information Domain Name Systems Defining DNS Servers The DNS Servers Page enables configuring the DNS servers and the default domain used by the switch. To configure DNS servers: STEP 1 Click IP Configuration > Domain Name System > DNS Servers. The DNS Servers Page opens. STEP 2 Enter the parameters. • DNS—Select to enable the switch as a DNS client to resolve DNS names into IP addresses through one or more configured DNS servers.
15 Configuring IP Information Domain Name Systems • IPv6 Address Type—Select the IPv6 address type (if IPv6 is used). The options are: - Link Local—The IPv6 address uniquely identifies hosts on a single network link. A link local address has a prefix of FE80, is not routable, and can be used for communication only on the local network. Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration.
15 Configuring IP Information Domain Name Systems STEP 2 Click Add. The Add Host Mapping Page opens. STEP 3 Enter the parameters. • IP Version—Select Version 6 for IPv6 or Version 4 for IPv4. • IPv6 Address Type—Select the IPv6 address type (if IPv6 is used). The options are: - Link Local—The IPv6 address uniquely identifies hosts on a single network link. A link local address has a prefix of FE80, is not routable, and can be used for communication only on the local network.
16 Configuring Security This chapter describes various aspects of security and access control. The system handles various types of security. Some features are used for more than a single type of security or control, and so they appear twice in the list of topics below.
16 Configuring Security Defining Users Protection from other network users is detailed in the following sections. These are attacks that pass through, but are not directed at, the switch. • Configuring TCP/UDP Services • Defining Storm Control • Configuring Port Security Defining Users A user, in this context, is a system administrator or superuser, who manages the switch. The default username is cisco and the default password is cisco.
16 Configuring Security Defining Users • Password—Enter a password (UTF-8 characters are not permitted). If the password strength and complexity is defined, the user password must comply with the policy. This is configured in the Setting Password Complexity Rules section. • Confirm Password—Enter the password again. • Password Strength Meter—Displays the strength of password. The policy for password strength and complexity are configured in the Password Strength Page. STEP 4 Click Apply.
16 Configuring Security Configuring RADIUS Parameters • Password Aging Time—Enter the number of days that can elapse before the user must change the password. The default is 180 days. STEP 4 Click Apply. The password settings are set, and the switch is updated. Configuring RADIUS Parameters Remote Authorization Dial-In User Service (RADIUS) servers provide a centralized 802.1X or MAC-based network access control.
16 Configuring Security Configuring RADIUS Parameters • Key String—Enter the default key string used for authenticating and encrypting the RADIUS attributes communicated between the switch and the RADIUS server. This key must match the key configured on the RADIUS server. A key string is used to encrypt communications by using MD5. A key configured for an individual RADIUS server has precedence over the default key that is used if there is no key provided for an individual server. STEP 3 Click Apply.
Configuring Security Configuring Management Access Authentication 16 • Authentication Port—Enter the UDP port number of the RADUS server for authentication requests. • Accounting Port—Enter the UDP port number of the RADUS server for accounting requests. • Number of Retries—Enter the number of requests that are sent to the RADIUS server before a failure is considered to have occurred. Select Use Default to use the default value for the number of retries.
16 Configuring Security Defining Access Profiles To define authentication methods for an access method: STEP 1 Click Security > Management Access Authentication. The Management Access Authentication Page displays. STEP 2 Select an access method from the Application list. STEP 3 Use the arrows to move the authentication method between the Optional Methods column and the Selected Methods column. The first method selected is the first method that is used. • RADIUS—User is authenticated on a RADIUS server.
16 Configuring Security Defining Access Profiles Rules are composed of filters that include the following elements: • Access Methods—The HTTP access method is available. • Action—Permit or deny access to an interface or source address. • Interface—Which ports, LAGs, or VLANs are permitted to access or denied access to the web-based switch configuration utility. • Source IP Address—IP addresses or subnets that are allowed access.
16 Configuring Security Defining Access Profiles A caution message displays if you selected any other access profile, warning you that, depending on the selected access profile, you might be disconnected from the web-based switch configuration utility. NOTE Some 200 Series switches only support web access (http only, not https).
16 Configuring Security Defining Access Profiles - User Defined—Applies to only those types of IP addresses defined in the fields. • IP Version—Select the supported IP version of the source address, IPv6 or IPv4. • IP Address—Enter the source IP address. • Mask—Select the format for the subnet mask for the source IP address, and enter a value in one of the fields: - Network Mask—Select the subnet to which the source IP address belongs and enter the subnet mask in dotted decimal format.
16 Configuring Security Defining Access Profiles STEP 3 Click Add to add a rule to it. The Add Profile Rule Page displays. STEP 4 Enter the parameters. • Access Profile Name—Select an access profile. • Rule Priority—Enter the rule priority. When the packet is matched to a rule, user groups are either granted or denied access to the switch. The rule priority is essential to matching packets to rules, as packets are matched on a first-fit basis.
16 Configuring Security Configuring TCP/UDP Services STEP 5 Click Apply, and the rule is added to the access profile. Configuring TCP/UDP Services The TCP/UDP Services Page enables TCP or UDP-based services on the switch, usually for security reasons. The switch offers HTTP TCP/UDP services. To view these services: STEP 1 Click Security > TCP/UDP Services. The TCP/UDP Services Page displays.
16 Configuring Security Defining Storm Control • Application Instance—The service instance of the UDP service. (For example, when two senders send to the same destination.) Defining Storm Control When Broadcast, Multicast, or Unknown Unicast frames are received, they are duplicated, and a copy is sent to all possible egress ports. This means that in practice they are sent to all ports belonging to the relevant VLAN. In this way, one ingress frame is turned into many, creating the potential for a storm.
16 Configuring Security Configuring Port Security • Storm Control Mode—Select one of the modes: - Unknown Unicast, Multicast & Broadcast—Counts unknown Unicast, Broadcast, and Multicast traffic together towards the bandwidth threshold. - Multicast & Broadcast—Counts Broadcast and Multicast traffic together towards the bandwidth threshold. - Broadcast Only—Counts only Broadcast traffic towards the bandwidth threshold. STEP 4 Click Apply. Storm control is modified, and the switch is updated.
16 Configuring Security Configuring Port Security • Port is shut down When the secure MAC address is seen on another port, the frame is forwarded, but the MAC address is not learned on that port. In addition to one of these actions, you can also generate traps, and limit their frequency and number to avoid overloading the devices. NOTE Traps on the 200 Series are syslog related traps, not SNMP. NOTE If you want to use 802.1X on a port, it must be multiple host mode (see the 802.
16 Configuring Security Configuring 802.1X • Max No. of Addresses Allowed—Enter the maximum number of MAC addresses that can be learned on the port if Limited Dynamic Lock learning mode is selected. The range is 0-256 and the default is 1. The number 0 indicates that only static addresses are supported on the interface. • Action on Violation—Select an action to be applied to packets arriving on a locked port. The options are: • - Discard—Discards packets from any unlearned source.
16 Configuring Security Configuring 802.1X Authentication of the supplicant is performed by an external RADIUS server through the authenticator. The authenticator monitors the result of the authentication. In the 802.1x standard, a device can be a supplicant and an authenticator at a port simultaneously, requesting port access and granting port access. However, this device is only the authenticator, and does not take on the role of a supplicant. The following varieties of 802.
16 Configuring Security Configuring 802.1X Defining 802.1X Properties The 802.1X Properties Page is used to globally enable 802.1X. For 802.1X to function, it must be activated both globally and individually on each port. To define port-based authentication: STEP 1 Click Security > 802.1X > Properties. The 802.1X Properties Page displays. STEP 2 Enter the parameters. • Port Based Authentication—Enable or disable port-based, 802.1X authentication. STEP 3 Click Apply. The 802.
16 Configuring Security Configuring 802.1X • Port—Select a port. • User Name—Displays the username of the port. • Current Port Control—Displays the current port authorization state. If the state is Authorized, the port is either authenticated or the Administrative Port Control is Force Authorized. Conversely, if the state is Unauthorized, then the port is either not authenticated or the Administrative Port Control is Force Unauthorized.
16 Configuring Security Configuring 802.1X • Quiet Period—Enter the number of seconds that the switch remains in the quiet state following a failed authentication exchange. • Resending EAP—Enter the number of seconds that the switch waits for a response to an Extensible Authentication Protocol (EAP) request/identity frame from the supplicant (client) before resending the request. • Max EAP Requests—Enter the maximum number of EAP requests that can be sent.
16 Configuring Security Configuring 802.1X To define 802.1X advanced settings for ports: STEP 1 Click Security > 802.1X > Host and Session Authentication. The Host and Session Authentication Page displays. 802.1X authentication parameters are described for all ports. All fields except the following are described in the Edit Host and Session Authentication Page. • • Status—Displays the host status. An asterisk indicates that the port is either not linked or is down.
16 Configuring Security Configuring 802.1X • Shutdown—Discards the packets and shuts down the port. The ports remains shut down until reactivated, or until the switch is rebooted. Traps—Select to enable traps. NOTE Traps on the 200 Series are syslog related and not SNMP. • Trap Frequency—Defines how often traps are sent to the host. This field can be defined only if multiple hosts are disabled. STEP 4 Click Apply. The settings are defined, and the switch is updated.
17 Configuring Quality of Service The Quality of Service feature is applied throughout the network to ensure that network traffic is prioritized according to required criteria and the desired traffic receives preferential treatment. This chapter contains the following topics: • QoS Features and Components • Configuring QoS • Managing QoS Statistics QoS Features and Components The QoS feature is used to optimize network performance.
Configuring Quality of Service Configuring QoS 17 QoS Workflow To configure general QoS parameters, perform the following: STEP 1 Enable QoS by using the QoS Properties Page to select the trust mode. STEP 2 Assign each interface a default CoS or DSCP priority by using the QoS Properties Page. STEP 3 Assign the schedule method (Strict Priority or WRR) and bandwidth allocation for WRR to the egress queues by using the Queue Page.
Configuring Quality of Service Configuring QoS 17 STEP 4 If you selected DSCP, proceed to STEP 6; if you selected CoS, proceed to the next step. STEP 5 Select Port/LAG to display/modify all ports/LAGs and their CoS information. The following fields are displayed for all ports/LAGs: • Interface—Type of interface. • Default CoS—Default VPT value for incoming packets that do not have a VLAN Tag. The default CoS is 0. The default is only relevant for untagged frames if Trust CoS is selected.
Configuring Quality of Service Configuring QoS 17 Defining QoS Interface Settings The Interface Settings Page enables configuring QoS on each port of the switch, as follows: QoS State Disabled on an Interface—All inbound traffic on the port is mapped to the best effort queue and no classification/prioritization takes place. QoS State Enabled on an Interface—Port prioritized traffic on ingress is based on the system-wide configured trusted mode, which is either CoS/ 802.1p or DSCP trusted mode.
17 Configuring Quality of Service Configuring QoS Weighted Round Robin (WRR)—In WRR mode the number of packets sent from the queue is proportional to the weight of the queue (the higher the weight the more frames are sent). For example, if all four queues are WRR and the default weights are used, queue1 receives 1/15 of the bandwidth (assuming all queues are saturated and there is congestion), queue 2 receives 2/15, queue 3 receives 4/ 15 and queue 4 receives 8 /15 of the bandwidth.
17 Configuring Quality of Service Configuring QoS STEP 3 Click Apply. The queues are configured, and the switch is updated. Mapping CoS/802.1p to a Queue The CoS/802.1p to Queue Page maps 802.1p priorities to egress queues. The CoS/802.1p to Queue Table determines the egress queues of the incoming packets based on the 802.1p priority in their VLAN Tags. For incoming untagged packets, the 802.1p priority will be the default CoS/802.1p priority assigned to the ingress ports. Default Mapping Queues 802.
Configuring Quality of Service Configuring QoS 17 To map CoS values to egress queues: STEP 1 Click Quality of Service > General > CoS/802.1p to Queue. The CoS/802.1p to Queue Page opens. STEP 2 Enter the parameters. • 802.1p—Displays the 802.1p priority tag values to be assigned to an egress queue, where 0 is the lowest and 7 is the highest priority. • Output Queue—Select the egress queue to which the 802.1p priority is mapped.
Configuring Quality of Service Configuring QoS 17 To map DSCP to queues: STEP 1 Click Quality of Service > General > DSCP to Queue. The DSCP to Queue Page opens. The DSCP to Queue Page contains Ingress DSCP. It displays the DSCP value in the incoming packet and its associated class. STEP 2 Select the Output Queue (traffic forwarding queue) to which the DSCP value is mapped. STEP 3 Click Apply. The switch is updated.
Configuring Quality of Service Configuring QoS 17 STEP 4 Enter the fields for the selected interface: • Ingress Rate Limit—Select to enable the ingress rate limit, which is defined in the field below. • Ingress Rate Limit—Enter the maximum amount of bandwidth allowed on the interface. NOTE The two Ingress Rate Limit fields do not appear when the interface type is LAG. • Egress Shaping Rate—Select to enable egress shaping on the interface.
17 Configuring Quality of Service Managing QoS Statistics STEP 3 Select a port/LAG, and click Edit. The Edit Egress Shaping Per Queue Page opens. This page enables shaping the egress for up to four queues on each interface. STEP 4 Select the Interface. STEP 5 For each queue that is required, enter the following fields: • Enable Shaping—Select to enable egress shaping on this queue. • Committed Information Rate (CIR)—Enter the maximum rate (CIR) in Kbits per second (Kbps).
17 Configuring Quality of Service Managing QoS Statistics - Set 2—Displays the statistics for Set 2 that contains all interfaces and queues with a low DP. • Interface—Queue statistics are displayed for this interface. • Queue—Packets were forwarded or tail dropped from this queue. • Drop Precedence—Lowest drop precedence has the lowest probability of being dropped. • Total packets—Number of packets forwarded or tail dropped. • Tail Drop packets—Percentage of packets that were tail dropped.
CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco Ironport, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco Nurse Connect, Cisco Stackpower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flip Video, Flip Video (Design), Flipshare (Design), Flip Ultra, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn, Cisco Store, and Flip Gift Card are service marks; and Access Regist
