Page 1 ADMINISTRATION GUIDE Cisco Small Business 200 Series Smart Switch Administration Guide Release 1.3...
Page 2: Table Of Contents
Viewing the RMON Events Logs Defining RMON Alarms Chapter 3: Administration: System Log Setting System Log Settings Setting Remote Logging Settings Viewing Memory Logs RAM Memory Flash Memory Chapter 4: Administration: File Management System Files Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 3 Defining Idle Session Timeout Pinging a Host Chapter 6: Administration: Time Settings System Time Options Time Time Zone and Daylight Savings Time (DST) SNTP Modes Configuring System Time Selecting Source of System Time Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 4 Displaying LLDP Local Information Displaying LLDP Neighbors Information Accessing LLDP Statistics LLDP Overloading Configuring CDP Setting CDP Properties Editing CDP Interface Settings Displaying CDP Local Information Displaying CDP Neighbors Information Viewing CDP Statistics Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 5 What is a Smartport Smartport Types Special Smartport Types Smartport Macros Applying a Smartport Type to an Interface Macro Failure and the Reset Operation How the Smartport Feature Works Auto Smartport Enabling Auto Smartport Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 6 Configuring PoE Settings PoE priority example: Chapter 12: VLAN Management VLANs Configuring Default VLAN Settings Creating VLANs Configuring VLAN Interface Settings Defining VLAN Membership Configuring Port to VLAN Configuring VLAN Membership Voice VLAN Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 7 Configuring Dynamic MAC Address Aging Time Querying Dynamic Addresses Chapter 15: Multicast Multicast Forwarding Typical Multicast Setup Multicast Address Properties Defining Multicast Properties Adding MAC Group Address Adding IP Multicast Group Addresses Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 8 IPv6 Default Router List Defining IPv6 Neighbors Information Viewing IPv6 Route Tables Domain Name DNS Settings Search List Host Mapping Chapter 17: Security Defining Users Setting User Accounts Setting Password Complexity Rules Configuring RADIUS Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 9 Types of DoS Attacks Defense Against DoS Attacks Dependencies Between Features Default Configuration Configuring DoS Prevention Security Suite Settings SYN Protection Chapter 18: Security: SSH Client Secure Copy (SCP) and SSH Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 10 SSD Default Read Mode Session Override SSD Properties Passphrase Default and User-defined Passphrases Local Passphrase Configuration File Passphrase Control Configuration File Integrity Control Read Mode Configuration Files File SSD Indicator SSD Control Block Startup Configuration File Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 11 Configuring Egress Shaping per Queue Managing QoS Statistics Viewing Queues Statistics Chapter 21: SNMP SNMP Versions and Workflow SNMPv1 and v2 SNMPv3 SNMP Workflow Supported MIBs Model OIDs SNMP Engine ID Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 12 Contents Configuring SNMP Views Creating SNMP Groups Managing SNMP Users Defining SNMP Communities Defining Trap Settings Notification Recipients Defining SNMPv1,2 Notification Recipients Defining SNMPv3 Notification Recipients SNMP Notification Filters Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 13 Contents Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 14: Chapter 1: Getting Started
IPv6 address. • If you have multiple IPv6 interfaces on your management station, use the IPv6 global address instead of the IPv6 link local address to access the device from your browser. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 15: Launching The Configuration Utility
IP address, the power LED is on solid. Logging In The default username is cisco and the default password is cisco. The first time that you log in with the default username and password, you are required to enter a new password.
Page 16: Http/Https
Getting Started Starting the Web-based Configuration Utility If this is the first time that you logged on with the default user ID (cisco) and the STEP 3 default password (cisco) or your password has expired, the Change Password Page appears. See Password Expiration for additional information.
Page 17: Logging Out
Getting Started page. If you did not select this option, the initial page is the Getting Started page. If you did select this option, the initial page is the System Summary page. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 18: Quick Start Device Configuration
Configure Port Mirroring Port and VLAN Mirroring page There are two hot links on the Getting Started page that take you to Cisco web pages for more information. Clicking on the Support link takes you to the device product support page, and clicking on the Forums link takes you to the Small Business Support Community page.
Page 19 Gigabit Ethernet ports (10/100/1000 bits)—These are displayed as LAG (Port Channel)—These are displayed as LAG. VLAN—These are displayed as VLAN. Tunnel —These are displayed as Tunnel. • Interface Number: Port, LAG, tunnel or VLAN ID Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 20: Window Navigation
Configuration and sets the device parameters according to the data in the Running Configuration. Username Displays the name of the user logged on to the device. The default username is cisco. (The default password is cisco). Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 21 SYSLOG Alert Status icon is no longer displayed. To display the page when there is not an active SYSLOG message, Click Status and Statistics > View Log > RAM Memory. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 22: Management Buttons
Click to clear the statistic counters for the selected Counters interface. Clear Logs Clears log files. Clear Table Clears table entries. Close Returns to main page. If any changes were not applied to the Running Configuration, a message appears. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 23 2. Click Close to return to the main page. Enter the query filtering criteria and click Go. The results are displayed on the page. Test Click Test to perform the related tests. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 24 Getting Started Window Navigation Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 25: Chapter 2: Status And Statistics
Refresh Rate—Select the time period that passes before the interface Ethernet statistics are refreshed. The available options are: No Refresh—Statistics are not refreshed. 15 Sec—Statistics are refreshed every 15 seconds. 30 Sec—Statistics are refreshed every 30 seconds. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 26: Viewing Etherlike Statistics
(Layer 1), which might disrupt traffic. To view Etherlike Statistics and/or set the refresh rate: Click Status and Statistics > Etherlike. STEP 1 Enter the parameters. STEP 2 Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 27: Viewing 802.1X Eap Statistics
Authentication Protocol) frames that were sent or received. To configure the 802. 1 X feature, see the 802. 1 X Properties page. To view the EAP Statistics and/or set the refresh rate: Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 28 EAPOL frame. To clear statistics counters: • Click Clear Interface Counters to clear the selected interfaces counters. • Click Clear All Interface Counters to clear the counters of all interfaces. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 29: Managing Rmon
Packet length is greater than MRU byte size. • Collision event has not been detected. • Late collision event has not been detected. • Received (Rx) error event has not been detected. • Packet has a valid CRC. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 30 A Jabber packet is defined as an Ethernet frame that satisfies the following criteria: Packet data length is greater than MRU. Packet has an invalid CRC. Received (Rx) Error Event has not been detected. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 31: Configuring Rmon History
After the data is sampled and stored, it appears in the History Table page that can be viewed by clicking History Table. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 32: Viewing The Rmon History Table
Click Status and Statistics > RMON > History. STEP 1 Click History Table. STEP 2 From the History Entry No. list, select the entry number of the sample to display. STEP 3 Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 33: Defining Rmon Events Control
You can control the occurrences that trigger an alarm and the type of notification that occurs. This is performed as follows: • Events Page—Configures what happens when an alarm is triggered. This can be any combination of logs and traps. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 34 Click Apply. The RMON event is saved to the Running Configuration file. STEP 4 Click Event Log Table to display the log of alarms that have occurred and that have STEP 5 been logged (see description below). Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 35: Viewing The Rmon Events Logs
The Alarms page provides the ability to configure alarms and to bind them with events. Alarm counters can be monitored by either absolute values or changes (delta) in the counter values. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 36 Rising Alarm—A rising value triggers the rising threshold alarm. Falling Alarm—A falling value triggers the falling threshold alarm. Rising and Falling—Both rising and falling values trigger the alarm. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 37 Interval—Enter the alarm interval time in seconds. • Owner—Enter the name of the user or network management system that receives the alarm. Click Apply. The RMON alarm is saved to the Running Configuration file. STEP 4 Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 38 Status and Statistics Managing RMON Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 39: Chapter 3: Administration: System Log
(-) on each side (except for Emergency that is indicated by the letter F). For example, the log message "%INIT-I-InitCompleted: … " has a severity level of I, meaning Informational. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 40 Time and sent in a single message. The aggregated messages are sent in the order of their arrival. Each message states the number of times it was aggregated. • Max Aggregation Time—Enter the interval of time that SYSLOG messages are aggregated. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 41: Setting Remote Logging Settings
Server Definition—Select whether to identify the remote log server by IP address or name. • IP Version—Select the supported IP format. • IPv6 Address Type—Select the IPv6 address type (if IPv6 is used). The options are: Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 42: Viewing Memory Logs
You can configure the messages that are written to each log by severity, and a message can go to more than one log, including logs that reside on external SYSLOG servers. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 43: Ram Memory
Log Index—Log entry number. • Log Time—Time when message was generated. • Severity—Event severity. • Description—Message text describing the event. To clear the messages, click Clear Logs. The messages are cleared. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 44 Administration: System Log Viewing Memory Logs Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 45: Chapter 4: Administration: File Management
HTTP/HTTPS that uses the facilities that the browser provides. • TFTF/SCP client, requiring a TFTP/SCP server. Configuration files on the device are defined by their type, and contain the settings and parameter values for the device. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 46 The device has been operating continuously for 24 hours. No configuration changes have been made to the Running Configuration in the previous 24 hours. The Startup Configuration is identical to the Running Configuration. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 47 Copy one configuration file type to another configuration file type as described in the Copy/Save Configuration section. • Enable automatically uploading a configuration file from a DHCP server to the device, as described in the DHCP Auto Configuration section. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 48: Upgrade/Backup Firmware/Language
The Summary page continues to show the previous image prior to the reboot. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 49: Upgrade/Backing Firmware Or Language File
If a link local address exists on the interface, this entry replaces the address in the configuration. Global—The IPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 50 Use SSH Client One-Time Credentials—Enter the following: Username—Enter a username for this copy action. Password—Enter a password for this copy. The username and password for one-time credential will not saved in NOTE configuration file. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 51 If SSH server authentication is enabled (in the SSH Server Authentication page), and the SCP server is trusted, the operation succeeds. If the SCP server is not trusted, the operation fails and an error is displayed. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 52: Download/Backup Configuration/Log
Change the System Mode—If the System mode is contained in a configuration file that is downloaded to the device, and the file's System mode matches the current System mode, this information is ignored. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 53: Downloading Or Backing-Up A Configuration Or Log File
Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 54 Sensitive Data—Select how sensitive data should be included in the backup file. The following options are available: Exclude—Do not include sensitive data in the backup. Encrypted—Include sensitive data in the backup in its encrypted form. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 55 The available sensitive data options are determined by the current NOTE user SSD rules. For details, refer to Secure Sensitive Data Management > SSD Rules page. c. Click Apply. The file is upgraded or backed up. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 56 Global—The IPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks. • Link-Local Interface—Select the link local interface from the list. • SCP Server IP Address/Name—Enter the IP address or domain name of the TFTP server. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 57: Configuration Files Properties
The Configuration Files Properties page allows you to see when various system configuration files were created. It also enables deleting the Startup Configuration and Backup Configuration files. You cannot delete the other configuration file types. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 58: Copy/Save Configuration
Unless the Running Configuration is copied to the Startup Configuration or another CAUTION configuration file, all changes made since the last time the file was copied are lost when the device is rebooted. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 59 The Save Icon Blinking field indicates whether an icon blinks when there is STEP 4 unsaved data. To disable/enable this feature, click Disable/Enable Save Icon Blinking. Click Apply. The file is copied. STEP 5 Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 60: Dhcp Auto Configuration
Restart button on IPv6 Interfaces page, When DHCPv6 information is refreshed by the device. After rebooting the device when stateless DHCPv6 client is enabled. • When the DHCPv6 server packets contain the configuration filename option. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 61: Dhcp Server Options
SSH Client Authentication parameters are required to access the SSH server by the client (which is the device). The default SSH Client authentication parameters are: • SSH Authentication method: by username/password • SSH username: anonymous • SSH password: anonymous Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 62: Auto Configuration Process
The SSH server authentication process is disabled. Note that by default the SSH server authentication is disabled in order to allow downloading configuration file for devices with factory default configuration (for example out-of-box devices). Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 63: Configuring Dhcp Auto Configuration
Note the following regarding the DHCP auto configuration process: • A configuration file that is placed on the TFTP/SCP server must match the form and format requirements of the supported configuration file. The form Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 64 SSH server to be used for the download and enter the trusted SSH server if required. SSH Client Authentication —Click on the System Credentials link to enter user credentials in the SSH User Authentication page. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 65 Backup Configuration File Name—Enter the path and file name of the file to be used if no configuration file name was specified in the DHCP message. Click Apply. The parameters are copied to the Running Configuration file. STEP 4 Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 66 Administration: File Management DHCP Auto Configuration Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 67: Chapter 5: Administration: General Information
All models can be fully managed through the web-based switch configuration utility. The following port conventions are used: NOTE • GE is used for Gigabit Ethernet (10/100/1000) ports. • FE is used for Fast Ethernet (10/100) ports. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 68 24 FE ports + 2 GE special-purpose combo-ports SF200-24P SLM224PT 24 FE ports + 2 GE special-purpose 100W 12 ports combo-ports FE1- FE6, FE13 - FE18 SF200-48 SLM248GT 48 FE ports + 2 GE special-purpose combo-ports Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 69: System Information
Port Settings page of the Port Management menu. Jumbo frames support takes effect only after it is enabled, and after NOTE the device is rebooted. TCP/UDP Services Status: • HTTP Service—Displays whether HTTP is enabled/disabled. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 70: Configuring The System Settings
User Defined—Enter the hostname. Use only letters, digits, and hyphens. Host names cannot begin or end with a hyphen. No other symbols, punctuation characters, or blank spaces are permitted (as specified in RFC1033, 1034, 1035). Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 71: Rebooting The Device
(e.g. late night). To reboot the device: Click Administration > Reboot. STEP 1 Click one of the Reboot buttons to reboot the device. STEP 2 Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 72 Clearing the Startup Configuration File and Rebooting is not the same NOTE as Rebooting to Factory Defaults. Rebooting to Factory Defaults is more intrusive. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 73: Monitoring Fan Status
Warning If FAN status is OK, the ports are enabled. threshold - 2 °C). (On devices that support PoE) the PoE circuitry is enabled. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 74: Defining Idle Session Timeout
Select the timeout for the each session from the corresponding list. The default STEP 2 timeout value is 10 minutes. Click Apply to set the configuration settings on the device. STEP 3 Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 75: Pinging A Host
Choose to use the default interval or specify your own value. • Number of Pings—The number of times the ping operation is performed. Choose to use the default or specify your own value. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 76 View the results of ping in the Ping Counters and Status section of the page. STEP 4 Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 77: Chapter 6: Administration: Time Settings
This section describes the options for configuring the system time, time zone, and Daylight Savings Time (DST). It covers the following topics: • System Time Options • SNTP Modes • Configuring System Time Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 78: System Time Options
After the time has been set by any of the above sources, it is not set again by the browser. SNTP is the recommended method for time setting. NOTE Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 79: Time Zone And Daylight Savings Time (Dst)
The device supports having all of the above modes active at the same time and selects the best system time received from an SNTP server, according to an algorithm based on the closest stratum (distance from the reference clock). Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 80: Configuring System Time
The Clock Source Setting needs to be set to either of the above in NOTE order for RIP MD5 authentication to work. This also helps features that associate with time, for example: Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 81 —DST is set manually, typically for a country other than the USA or a European country. Enter the following parameters: Recurring —DST occurs on the same date every year. By Dates Selecting allows customization of the start and stop of DST: Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 82: Adding A Unicast Sntp Server
STEP 1 This page contains the following information for each Unicast SNTP server: • SNTP Server—SNTP server IP address. The preferred server, or hostname, is chosen according to its stratum level. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 83 To specify a well-known SNTP server, the device must be connected NOTE to the Internet and configured with a DNS server or configured so that a DNS server is identified by using DHCP. (See Settings) Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 84 Authentication Key ID—If authentication is enabled, select the value of the key ID. (Create the authentication keys using the SNTP Authentication page.) Click Apply. The STNP server is added, and you are returned to the main page. STEP 5 Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 85: Configuring The Sntp Mode
MD5 function; the result of the MD5 is also included in the response packet. The SNTP Authentication page enables configuration of the authentication keys that are used when communicating with an SNTP server that requires authentication. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 86 Trusted Key—Select to enable the device to receive synchronization information only from a SNTP server by using this authentication key. Click Apply. The SNTP Authentication parameters are written to the Running STEP 6 Configuration file. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 87: Chapter 7: Administration: Diagnostics
Copper Test page. Preconditions to Running the Copper Port Test Before running the test, do the following: • (Mandatory) Disable Short Reach mode (see the Port Management > Green Ethernet > Properties page) Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 88 Unknown Test Result—Error has occurred. • Distance to Fault—Distance from the port to the location on the cable where the fault was discovered. • Operational Port Status—Displays whether port is up or down. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 89: Displaying Optical Module Status
MFELX1: 100BASE-LX SFP transceiver, for single-mode fiber, 1310 nm wavelength, supports up to 10 km. The following GE SFP (1000Mbps) transceivers are supported: • MGBBX1: 1000BASE-BX-20U SFP transceiver, for single-mode fiber, 1310 nm wavelength, supports up to 40 km. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 90: Configuring Port And Vlan Mirroring
A network analyzer connected to the monitoring port processes the data packets for diagnosing, debugging, and performance monitoring. Up to eight sources can be mirrored. This can be any combination of eight individual ports and/or VLANs. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 91 Source Interface—Select the source port or source VLAN from where traffic is to be mirrored. • Type—Select whether incoming, outgoing, or both types of traffic are mirrored to the analyzer port. If Port is selected, the options are: Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 92: Viewing Cpu Utilization And Secure Core Technology
X axis is the sample number. Select the Refresh Rate (time period in seconds) that passes before the statistics STEP 2 are refreshed. A new sample is created for each time period Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 93: Chapter 8: Administration: Discovery
Bonjour appears on the Adding IP Multicast Group Addresses page. When Bonjour Discovery is disabled, the device stops service type advertisements and does not respond to requests for service from network management applications. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 94: Lldp And Cdp
STEP 3 selection. LLDP and CDP LLDP (Link Layer Discovery Protocol) and CDP (Cisco Discovery Protocol) are link layer protocols for directly-connected LLDP and CDP-capable neighbors to advertise themselves and their capabilities to each other. By default, the device sends an LLDP/CDP advertisement periodically to all its interfaces and terminates and processes incoming LLDP and CDP packets as required by the protocols.
Page 95: Configuring Lldp
Configuring LLDP This section describes how to configure LLDP. It covers the following topics: • LLDP Overview • Setting LLDP Properties • Editing LLDP Port Settings • LLDP MED Network Policy Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 96: Lldp Overview
2. Configure LLDP per port by using the Port Settings page. On this page, interfaces can be configured to receive/transmit LLDP PDUs, send SNMP notifications, specify which TLVs to advertise, and advertise the device's management address. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 97: Setting Lldp Properties
Hold Multiplier is 4, then the LLDP packets are discarded after 120 seconds. • Reinitializing Delay—Enter the time interval in seconds that passes between disabling and reinitializing LLDP, following an LLDP enable/disable cycle. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 98: Editing Lldp Port Settings
Disable—Indicates that LLDP is disabled on the port. • SNMP Notification—Select Enable to send notifications to SNMP notification recipients; for example, an SNMP managing system, when there is a topology change. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 99 Auto Advertise—Specifies that the software would automatically choose a management address to advertise from all the IP addresses of the product. In case of multiple IP addresses the software chooses the Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 100: Lldp Med Network Policy
Voice over Internet Protocol (VoIP), Emergency Call Service (E-911) by using IP Phone location information. • Troubleshooting information. LLDP MED sends alerts to network managers upon: Port speed and duplex mode conflicts QoS policy misconfigurations Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 101 Network Policy Number—Select the number of the policy to be created. • Application—Select the type of application (type of traffic) for which the network policy is being defined. • VLAN ID—Enter the VLAN ID to which the traffic must be sent. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 102: Configuring Lldp Med Port Settings
MED Network Policies to a port, select it, and click Edit. Enter the parameters: STEP 4 • Interface—Select the interface to configure. • LLDP MED Status—Enable/disable LLDP MED on this port. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 103: Displaying Lldp Port Status
TLVs sent to the neighbor. Click LLDP Neighbor Information Detail to see the details of the LLDP and LLDP- STEP 3 MED TLVs received from the neighbor. LLDP Port Status Global Information Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 104: Displaying Lldp Local Information
TLVs sent to the neighbor. Click LLDP Neighbor Information Details to see the details of the LLDP and LLDP- MED TLVs received from the neighbor. Select the desired port from the Port list. STEP 3 Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 105 Interface Subtype—Numbering method used for defining the interface number. • Interface Number—Specific interface associated with this management address. MAC/PHY Details • Auto-Negotiation Supported—Port speed auto-negotiation support status. • Auto-Negotiation Enabled—Port speed auto-negotiation active status. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 106 Rx value. MED Details • Capabilities Supported—MED capabilities supported on the port. • Current Capabilities—MED capabilities enabled on the port. • Device Class—LLDP-MED endpoint device class. The possible device classes are: Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 107 VLAN ID—VLAN ID for which the network policy is defined. • VLAN Type—VLAN type for which the network policy is defined. The possible field values are: Tagged —Indicates the network policy is defined for tagged VLANs. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 108: Displaying Lldp Neighbors Information
Select a local port, and click Details. STEP 2 This page contains the following fields: Port Details • Local Port—Port number. • MSAP Entry—Device Media Service Access Point (MSAP) entry number. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 109 • Auto-Negotiation Enabled—Port speed auto-negotiation active status. The possible values are True and False. • Auto-Negotiation Advertised Capabilities—Port speed auto-negotiation capabilities, for example, 1000BASE-T half duplex mode, 100BASE-TX full duplex mode. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 110 Local Tx Echo—Indicates the local link partner’s reflection of the remote link partner’s Tx value. • Local Rx Echo—Indicates the local link partner’s reflection of the remote link partner’s Rx value. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 111 Model Name—Device model name. • Asset ID—Asset ID. 802. 1 VLAN and Protocol • PVID—Advertised port VLAN ID. PPVID Table • VID—Protocol VLAN ID. • Supported—Supported Port and Protocol VLAN IDs. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 112: Accessing Lldp Statistics
VLAN Type—VLAN type, Tagged or Untagged, for which the network policy is defined. • User Priority—Network policy user priority. • DSCP—Network policy DSCP. Accessing LLDP Statistics The LLDP Statistics page displays LLDP statistical information per port. To view the LLDP statistics: Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 113: Lldp Overloading
Click Administration > Discovery - LLDP > LLDP Overloading. STEP 1 This page contains the following fields for each port: • Interface—Port identifier. • Total (Bytes)—Total number of bytes of LLDP information in each packet Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 114 • 802.3 TLVs Size (Bytes) —Total LLDP MED 802.3 TLVs packets byte size. Status —If the LLDP MED 802.3 TLVs packets were sent, or if they were overloaded. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 115: Configuring Cdp
• Viewing CDP Statistics Setting CDP Properties Similar to LLDP, CDP (Cisco Discovery Protocol) is a link layer protocol for directly connected neighbors to advertise themselves and their capabilities to each other. Unlike LLDP, CDP is a Cisco proprietary protocol.
Page 116 CDP Mandatory TLVs Validation—If selected, incoming CDP packets not containing the mandatory TLVs are discarded and the invalid error counter is incremented. • CDP Version—Select the version of CDP to use. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 117 This means that the duplex information in the incoming frame does not match what the local device is advertising. Click Apply. The LLDP properties are defined. STEP 3 Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 118: Editing Cdp Interface Settings
CDP Status—Select to enable/disable the CDP publishing option for the port. The next three fields are operational when the device has been set up NOTE to send traps to the management station. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 119: Displaying Cdp Local Information
Device ID—Device ID advertised in the device ID TLV. • System Name TLV System Name—System name of the device. • Address TLV Address1-3—IP addresses (advertised in the device address TLV). • Port TLV Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 120 Layer 2 CoS value, meaning, an 802. 1 D/802. 1 p priority value. This is the COS value with which all packets received on an untrusted port are remarked by the device. • Power TLV Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 121: Displaying Cdp Neighbors Information
Local Interface—Number of the local port to which the neighbor is connected. • Advertisement Version—CDP protocol version. • Time to Live (sec)—Time interval (in seconds) after which the information for this neighbor is deleted. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 122 Power Drawn—Amount of power consumed by neighbor on the interface. • Version—Neighbors software version. Clicking on the Clear Table button disconnect all connected devices if from CDP, NOTE and if Auto Smartport is enabled change all port types to default. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 123: Viewing Cdp Statistics
Configuring CDP Viewing CDP Statistics The CDP Statistics page displays information regarding Cisco Discovery Protocol (CDP) frames that were sent or received from a port. CDP packets are received from devices attached to the switches interfaces, and are used for the Smartport feature.
Page 124 Administration: Discovery Configuring CDP Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 125: Chapter 9: Port Management
6. Configure Green Ethernet energy mode and 802.3 Energy Efficient Ethernet per port by using the Port Settings page. 7. If PoE is supported and enabled for the device, configure the device as described in Port Management: PoE. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 126: Setting Port Configuration
SFP Fiber takes precedence in Combo ports when both ports are NOTE being used. • Port Description—Enter the port user-defined name or comment. • Administrative Status—Select whether the port must be Up or Down when the device is rebooted. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 127 10 Half—10 Mbps speed and Half Duplex mode. 10 Full—10 Mbps speed and Full Duplex mode. 100 Half—100 Mbps speed and Half Duplex mode. 100 Full—100 Mbps speed and Full Duplex mode. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 128 Auto—Select to configure this device to automatically detect the correct pinouts for the connection to another device. • Operational MDI/MDIX—Displays the current MDI/MDIX setting. Click Apply. The Port Settings are written to the Running Configuration file. STEP 6 Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 129: Configuring Link Aggregation
Traffic load balancing over the active member ports of a LAG is managed by a hash-based distribution function that distributes Unicast and Multicast traffic based on Layer 2 or Layer 3 packet header information. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 130: Default Settings And Configuration
Protocols, such as Spanning Tree, consider all the ports in the LAG to be one port. Default Settings and Configuration Ports are not members of a LAG and are not candidates to become part of a LAG. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 131: Static And Dynamic Lag Workflow
MAC Address—Perform load balancing by source and destination MAC addresses on all packets. • IP/MAC Address—Perform load balancing by the source and destination IP addresses on IP packets, and by the source and destination MAC addresses on non-IP packets Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 132: Configuring Lag Settings
Description—Enter the LAG name or a comment. • LAG Type—Displays the port type that comprises the LAG. • Administrative Status—Set the selected LAG to be Up or Down. • Operational Status—Displays whether the LAG is currently operating. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 133 Administrative Flow Control—Set Flow Control to either Enable or Disable or enable the Auto-Negotiation of Flow Control on the LAG. • Operational Flow Control—Displays the current Flow Control setting. Click Apply. The Running Configuration file is updated. STEP 4 Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 134: Configuring Lacp
LACP With No Link Partner In order for LACP to create a LAG, the ports on both link ends should be configured for LACP, meaning that the ports send LACP PDUs and handle received PDUs. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 135: Setting Lacp Parameter Settings
LACP Timeout—Time interval between the sending and receiving of consecutive LACP PDUs. Select the periodic transmissions of LACP PDUs, which occur at either a Long or Short transmission speed, depending upon the expressed LACP timeout preference. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 136: Configuring Green Ethernet
RJ45 GE ports; it does not apply to Combo ports. This mode is globally disabled by default. It cannot be enabled if EEE mode is enabled (see below). Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 137: Power Saving By Disabling Port Leds
On the System Summary page, the LEDs that are displayed on the device board pictures are not affected by disabling the LEDs. On the Green Ethernet -> Properties page, the device enables the user to disable the ports LEDs in order to save power. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 138: 802.3Az Energy Efficient Ethernet Feature
Keep Alive signal indicates that the ports are in LPI status (and not in Down status), and power is reduced. For ports to stay in LPI mode, the Keep Alive signal must be received continuously from both sides. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 139 Mode option on the port is checked. • If the port speed on the GE port is changed to 10Mbit, 802.3az EEE is disabled. This is supported in GE models only. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 140: Setting Global Green Ethernet Properties
It also displays the current power savings. To enable Green Ethernet and EEE and view power savings: Click Port Management > Green Ethernet > Properties. STEP 1 Enter the values for the following fields: STEP 2 Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 141: Setting Green Ethernet Properties For Ports
Auto negotiation. The exception is that EEE is still functional even when Auto Negotiation is disabled, but the port is at 1GB or higher. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 142 Status), whether it has been enabled on the local port and whether it is operational on the local port. LLDP Administrative—Displays whether advertising EEE counters through LLDP was enabled. LLDP Operational—Displays whether advertising EEE counters through LLDP is currently operating. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 143 (advertisement of EEE capabilities through LLDP) if there are GE ports on the device. Click Apply. The Green Ethernet port settings are written to the Running STEP 7 Configuration file. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 144 Port Management Configuring Green Ethernet Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 145: Chapter 10: Smartport
By applying the same Smartport macro to multiple interfaces, the interfaces share a common set of configurations. A Smartport macro can be applied to an interface by the Smartport type associated with the macro. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 146: What Is A Smartport
IP phone, a printer, or a router and/or Access Point (AP). Smartport Types Smartport types refers to the types of devices attached, or to be attached to Smartports. The device supports the following Smartport types: • Printer Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 147 Smartport and Auto Smartport Types Smartport Type Supported by Auto Supported by Auto Smartport Smartport by default Unknown Default Printer Desktop Guest Server Host IP camera IP phone IP phone desktop Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 148: Special Smartport Types
Auto Smartport features do not function on the interface until you correct the error and applies the Reset action (performed in the Interface Settings pages) that resets the Smartport status. See the workflow area in Common Smartport Tasks section for troubleshooting tips. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 149: Smartport Macros
Smartport macros to the interfaces after reboot as follows: • If the Startup Configuration File does not specify a Smartport type for an interface, its Smartport type is set to Default. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 150: Macro Failure And The Reset Operation
Smartport macro is corrected, you must perform a reset operation to reset the interface before it can be reapplied with a Smartport type (in the Interface Settings pages). See the workflow area in Common Smartport Tasks section for troubleshooting tips. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 151: How The Smartport Feature Works
• If multiple devices are attached to an interface, a configuration profile that is appropriate for all of the devices is applied to the interface if possible. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 152: Enabling Auto Smartport
Aging out times are determined by the absence of CDP and/or LLDP advertisements from the device for a specified time period. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 153: Using Cdp/Lldp Information To Identify Smartport Types
Repeater IETF RFC 2108 Ignore MAC Bridge IEEE Std. 802. 1 D Switch WLAN Access Point IEEE Std. 802. 1 1 Wireless Access Point Router IETF RFC 1812 Router Telephone IETF RFC 4293 ip_phone Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 154: Multiple Devices Attached To The Port
If one of the devices is an IP phone desktop and the other is an IP phone or host, the ip_phone_desktop Smartport type is used. • In all other cases the default Smartport type is used. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 155: Persistent Auto Smartport Interface
Voice VLAN, relies on both CDP and LLDP to detect attaching device's Smartport type, and detects Smartport type IP phone, IP phone + Desktop, Switch, and Wireless Access Point. Voice VLAN for a description of the voice factory defaults. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 156: Relationships With Other Features And Backwards Compatibility
Select the interface, and click Edit. STEP 6 Select Auto Smartport in the Smartport Application field. STEP 7 Check or uncheck Persistent Status if desired. STEP 8 Click Apply. STEP 9 Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 157 5. In the Edit page, modify the fields. 6. Click Apply to rerun the macro if the parameters were changed, or Restore Defaults to restore default parameter values to built-in macros if required. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 158: Configuring Smartport Using The Web-Based Interface
The Smartport feature is configured in the Smartport > Properties, Smartport Type Settings and Interface Settings pages. For Voice VLAN configuration, see Voice VLAN. For LLDP/CDP configuration, see the Configuring LLDP Configuring CDP sections, respectively. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 159: Smartport Properties
Auto Smartport can assign Smartport types to interfaces. If unchecked, Auto Smartport does not assign that Smartport type to any interface. Click Apply. This sets the global Smartport parameters on the device. STEP 3 Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 160: Smartport Type Settings
Click Apply to save the changes to the running configuration. If the Smartport STEP 5 macro and/or its parameter values associated with the Smartport type are modified, Auto Smartport automatically reapplies the macro to the interfaces Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 161: Smartport Interface Settings
• Reset unknown interfaces. This sets the mode of Unknown interfaces to Default. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 162 To assign a Smartport type to an interface or activate Auto Smartport on the interface: Select an interface and click Edit. STEP 1 Enter the fields. STEP 2 • Interface—Select the port or LAG. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 163: Built-In Smartport Macros
Smartport type there is a macro to configure the interface and an anti macro to remove the configuration. Macro code for the following Smartport types are provided: • desktop • printer Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 164 $native_vlan port security max $max_hosts port security mode max-addresses port security discard trap 60 smartport storm-control broadcast level 10 smartport storm-control include-multicast smartport storm-control broadcast enable spanning-tree portfast no_desktop Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 165 1 port security mode max-addresses port security discard trap 60 smartport storm-control broadcast level 10 smartport storm-control include-multicast smartport storm-control broadcast enable spanning-tree portfast no_printer [no_printer] #macro description No printer Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 166 60 smartport storm-control broadcast level 10 smartport storm-control include-multicast smartport storm-control broadcast enable spanning-tree portfast no_guest]] [no_guest] #macro description No guest no switchport access vlan no switchport mode Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 167 10 smartport storm-control broadcast enable spanning-tree portfast no_server [no_server] #macro description No server no smartport switchport trunk native vlan smartport switchport trunk allowed vlan remove all no port security Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 168 [no_host] #macro description No host no smartport switchport trunk native vlan smartport switchport trunk allowed vlan remove all no port security no port security mode Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 169 #macro description No ip_camera no switchport access vlan no switchport mode no port security no port security mode no smartport storm-control broadcast enable no smartport storm-control broadcast level no smartport storm-control include-multicast Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 170 $voice_vlan: The voice VLAN ID #Default Values are #$voice_vlan = 1 smartport switchport trunk allowed vlan remove $voice_vlan no smartport switchport trunk native vlan smartport switchport trunk allowed vlan remove all Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 171 60 smartport storm-control broadcast level 10 smartport storm-control include-multicast smartport storm-control broadcast enable spanning-tree portfast no_ip_phone_desktop [no_ip_phone_desktop] #macro description no ip_phone_desktop #macro keywords $voice_vlan Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 172 $native_vlan spanning-tree link-type point-to-point no_switch [no_switch] #macro description No switch #macro keywords $voice_vlan #macro key description: $voice_vlan: The voice VLAN ID no smartport switchport trunk native vlan Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 173 #macro description No router #macro keywords $voice_vlan #macro key description: $voice_vlan: The voice VLAN ID no smartport switchport trunk native vlan smartport switchport trunk allowed vlan remove all no smartport storm-control broadcast enable Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 174 Built-in Smartport Macros no smartport storm-control broadcast level no spanning-tree link-type [ap] #macro description ap #macro keywords $native_vlan $voice_vlan #macro key description: $native_vlan: The untag VLAN which will be configured on the port Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 175: Chapter 11: Port Management: Poe
Eliminates the need to run 110/220 V AC power to all devices on a wired LAN. • Removes the necessity for placing all network devices next to power sources. • Eliminates the need to deploy double cabling systems in an enterprise significantly decreasing installation costs. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 176: Poe Operation
There are two factors to consider in the PoE feature: • The amount of power that the PSE can supply • The amount of power that the PD is actually attempting to consume Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 177 Even though Sx200/300/500 PoE switches are PSE, and as such should be powered by AC, they could be powered up as a legacy PD by another PSE due to false detection. When this happens, the PoE device may not operate properly and Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 178: Configuring Poe Properties
SNMP and configure at least one SNMP Notification Recipient. • Power Trap Threshold—Enter the usage threshold that is a percentage of the power limit. An alarm is initiated if the power exceeds this value. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 179: Configuring Poe Settings
The administrator configures all ports to allocate up to 30 watts. This results in 48 times 30 ports equaling 1440 watts, which is too much. The device cannot provide enough power to each port, so it provides power according to the priority. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 180 Class—This field appears only if the Power Mode set in the PoE Properties page is Class Limit. The class determines the power level: Class Maximum Power Delivered by Device Port 15.4 watt 4.0 watt 7.0 watt 15.4 watt 30.0 watt Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 181 PSE. Signatures are generated during powered device detection, classification, or maintenance. Click Apply. The PoE settings for the port are written to the Running Configuration STEP 4 file. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 182 Port Management: PoE Configuring PoE Settings Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 183: Chapter 12: Vlan Management
A port in VLAN Access mode can be part of only one VLAN. If it is in General or Trunk mode, the port can be part of one or more VLANs. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 184 Voice VLAN: For more information refer to the Voice VLAN section. • Guest VLAN: Set in the Edit VLAN Authentication page. • Default VLAN: For more information refer to the Configuring Default VLAN Settings section. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 185 4. Assign interfaces to VLANs by using the Configuring Port to VLAN section or Configuring VLAN Membership section. 5. View the current VLAN port membership for all the interfaces in the Configuring VLAN Membership section. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 186: Configuring Default Vlan Settings
Enter the value for the following field: STEP 2 • Current Default VLAN ID—Displays the current default VLAN ID. • Default VLAN ID After Reboot—Enter a new VLAN ID to replace the default VLAN ID after reboot. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 187: Creating Vlans
The page enables the creation of either a single VLAN or a range of VLANs. To create a single VLAN, select the VLAN radio button, enter the VLAN ID (VID), STEP 3 and optionally the VLAN Name. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 188: Configuring Vlan Interface Settings
Customer—Selecting this option places the interface in QinQ mode. This enables you to use your own VLAN arrangements (PVID) across the provider network. The device is in Q-in-Q mode when it has one or more customer ports. See QinQ. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 189: Defining Vlan Membership
PVID on the ports between the two devices must be the same if the ports are to send and receive untagged packets to and from the VLAN. Otherwise, traffic might leak from one VLAN to another. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 190: Configuring Port To Vlan
Click Apply. The interfaces are assigned to the VLAN written to the Running STEP 4 , and Configuration file. You can continue to display and/or configure port membership of another VLAN by selecting another VLAN ID. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 191: Configuring Vlan Membership
The default VLAN might appear in the right list if it is tagged, but it cannot be selected. • Tagging—Select one of the following tagging/PVID options: Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 192: Voice Vlan
• Voice VLAN Overview • Configuring Voice VLAN Voice VLAN Overview This section covers the following topics: • Dynamic Voice VLAN Modes • Auto Voice VLAN, Auto Smartports, CDP, and LLDP Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 193 The following are typical voice deployment scenarios with appropriate configurations: • UC3xx/UC5xx hosted: All Cisco phones and VoIP endpoints support this deployment model. For this model, the UC3xx/UC5xx, Cisco phones and VoIP endpoints reside in the same voice VLAN. The voice VLAN of UC3xx/ UC5xx defaults to VLAN 100.
Page 194: Dynamic Voice Vlan Modes
VLAN, manually configured, or learned from external devices such as UC3xx/5xx and from switches that advertise voice VLAN in CDP or VSDP. VSDP is a Cisco defined protocol for voice service discovery. Unlike Telephony OUI mode that detects voice devices based on telephony OUI, Auto Voice VLAN mode depends on Auto Smartport to dynamically add the ports to the voice VLAN.
Page 195: Voice End-Points
Voice VLAN Voice End-Points To have a voice VLAN work properly, the voice devices, such as Cisco phones and VoIP endpoints, must be assigned to the voice VLAN where it sends and receives its voice traffic. Some of the possible scenarios are as follows: •...
Page 196 Communication (UC) devices, are advertising their voice VLAN, the voice VLAN from the device with the lowest MAC address is used. If connecting the device to a Cisco UC device, you may need to NOTE configure the port on the UC device using the switchport voice vlan command to ensure the UC device advertises its voice VLAN in CDP at the port.
Page 197: Voice Vlan Qos
A VLAN that is defined as a Voice VLAN cannot be removed In addition the following constraints are applicable for Telephony OUI: • The Voice VLAN cannot be VLAN1 (the default VLAN). Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 198: Voice Vlan Workflows
STEP 6 Configure LLDP/CDP as described in the Configuring LLDP Configuring STEP 7 sections, respectively. Enable the Smartport feature on the relevant ports using the Smartport > Interface STEP 8 Settings page. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 199: Configuring Voice Vlan
Configure the VLAN ID of the Voice VLAN. • Configure voice VLAN QoS settings. • Configure the voice VLAN mode (Telephony OUI or Auto Voice VLAN). • Configure how Auto Voice VLAN is triggered. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 200 By External Voice VLAN Trigger —Auto Voice VLAN on the device is activated and put into operation only if the device detects a device advertising the voice VLAN. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 201: Displaying Auto Voice Vlan Settings
• Root Switch MAC Address—The MAC address of the Auto Voice VLAN root device that discovers or is configured with the voice VLAN from which the voice VLAN is learned. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 202 DSCP—The advertised or configured DSCP values that are used by the LLDP-MED as a voice network policy. • Best Local Source—Displays whether this voice VLAN was used by the device. The following options are available: Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 203: Configuring Telephony Oui
The Telephony OUI page contains the following fields: • Telephony OUI Operational Status—Displays whether OUIs are used to identify voice traffic. • CoS/802.1p—Select the CoS queue to be assigned to voice traffic. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 204: Adding Interfaces To Voice Vlan On Basis Of Ouis
Voice VLAN are applied to any incoming frame that is classified to the Voice VLAN and contains an OUI in the source MAC address that matches a configured telephony OUI. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 205 All—QoS attributes are applied on all packets that are classified to the Voice VLAN. Telephony Source MAC Address—QoS attributes are applied only on packets from IP phones. Click Apply. The OUI is added. STEP 4 Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 206 VLAN Management Voice VLAN Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 207: Chapter 13: Spanning Tree
Classic STP – Provides a single path between any two end stations, avoiding and eliminating loops. • Rapid STP (RSTP) – Detects network topologies to provide faster convergence of the spanning tree. This is most effective when the network Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 208: Configuring Stp Status And Global Settings
STP ports. The default path cost assigned to an interface varies according to the selected method. Short—Specifies the range 1 through 65,535 for port path costs. Long—Specifies the range 1 through 200,000,000 for port path costs. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 209 Last Topology Change—The time interval that elapsed since the last topology change occurred. The time appears in a days/hours/minutes/ seconds format. Click Apply. The STP Global settings are written to the Running Configuration file. STEP 3 Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 210: Defining Spanning Tree Interface Settings
STP state. This root-inconsistent state is effectively equal to a listening state. No traffic is forwarded across this port. In this way, Root Guard enforces the position of the root bridge. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 211 Learning—The port is in Learning mode. The port cannot forward traffic, but it can learn new MAC addresses. Forwarding—The port is in Forwarding mode. The port can forward traffic and learn new MAC addresses. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 212: Configuring Rapid Spanning Tree Settings
Protocol Migration test. This discovers whether the link partner using STP still exists, and if so whether it has migrated to RSTP. If it still exists as an STP link, Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 213 LAN has two or more established connections to a shared segment. Disabled —The port is not participating in Spanning Tree. • Mode—Displays the current Spanning Tree mode: Classic STP or RSTP. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 214 MAC addresses. Forwarding —The port is in Forwarding mode. The port can forward traffic and learn new MAC addresses. Click Apply. The Running Configuration file is updated. STEP 7 Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 215: Chapter 14: Managing Mac Address Tables
MAC address that is not found in the tables, they are transmitted/broadcasted to all the ports on the relevant VLAN. Such frames are referred to as unknown Unicast frames. The device supports a maximum of 8K static and dynamic MAC addresses. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 216: Configuring Static Mac Addresses
Delete on timeout—The MAC address is deleted when aging occurs. Secure—The MAC address is secure when the interface is in classic locked mode (see Configuring Port Security). Click Apply. A new entry appears in the table. STEP 4 Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 217: Managing Dynamic Mac Addresses
Enter the Dynamic Address Table Sort Key field by which the table is sorted. The STEP 3 address table can be sorted by VLAN ID, MAC address, or interface. Click Go. The Dynamic MAC Address Table is queried and the results are STEP 4 displayed. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 218 Managing MAC Address Tables Managing Dynamic MAC Addresses To delete all of the dynamic MAC addresses. click Clear Table. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 219: Chapter 15: Multicast
The data is sent only to relevant ports. Forwarding the data only to the relevant ports conserves bandwidth and host resources on links. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 220: Typical Multicast Setup
When the device is IGMP/MLD-snooping-enabled and receives a frame for a Multicast stream, it forwards the Multicast frame to all the ports that have registered to receive the Multicast stream using IGMP Join messages. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 221: Multicast Address Properties
MLD v1/v2 Multicast Address Properties Multicast addresses have the following properties: • Each IPv4 Multicast address is in the address range 224.0.0.0 to 239.255.255.255. • The IPv6 Multicast address is FF00:/8. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 222: Defining Multicast Properties
MAC group address. Forwarding, based on the MAC group address, can result in an IP Multicast stream being forwarded to ports that have no receiver for the stream. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 223: Adding Mac Group Address
The device supports forwarding incoming Multicast traffic based on the Multicast group information. This information is derived from the IGMP/MLD packets received or as the result of manual configuration, and it is stored in the Multicast Forwarding Database (MFDB). Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 224 VLAN ID—Defines the VLAN ID of the new Multicast group. • MAC Group Address—Defines the MAC address of the new Multicast group. Click Apply, the MAC Multicast group is saved to the Running Configuration file. STEP 6 Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 225: Adding Ip Multicast Group Addresses
The IP Multicast Group Address page is similar to the MAC Group Address page except that Multicast groups are identified by IP addresses. The IP Multicast Group Address page enables querying and adding IP Multicast groups. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 226 The VLAN ID, IP Version, IP Multicast Group Address, and Source IP Address selected are displayed as read-only in the top of the window. You can select the filter type: • Interface Type equals to—Select whether to display ports or LAGs. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 227: Configuring Igmp Snooping
Ports, asking to join a specific Multicast group, issue an IGMP report that specifies which group(s) the host wants to join. This results in the creation of a forwarding entry in the Multicast Forwarding Data Base. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 228 Query Max Response Interval—Enter the delay used to calculate the Maximum Response Code inserted into the periodic General Queries. • Operational Query Max Response Interval—Displays the Query Max Response Interval included in the General Queries sent by the elected querier. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 229: Mld Snooping
MLDv2 snooping uses MLDv2 control packets to forward traffic based on the source IPv6 address, and the destination IPv6 Multicast address. The actual MLD version is selected by the Multicast router in the network. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 230 MRouter Ports Auto-Learn—Enable or disable Auto Learn for the Multicast router. • Query Robustness—Enter the Robustness Variable value to be used if the device cannot read this value from messages sent by the elected querier. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 231: Querying Igmp/Mld Ip Multicast Group
Click Apply. The Running Configuration file is updated. STEP 5 Querying IGMP/MLD IP Multicast Group The IGMP/MLD IP Multicast Group page displays the IPv4 and IPv6 group address learned from IGMP/MLD messages. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 232: Defining Multicast Router Ports
Multicast router port(s) numbers when it forwards the Multicast streams and IGMP/MLD registration messages. This is required so that the Multicast routers can, in turn, forward the Multicast streams and propagate the registration messages to other subnets. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 233: Defining Forward All Multicast
Multicast traffic is flooded to ports in the device. You can statically (manually) configure a port to Forward All, if the devices connecting to the port do not support IGMP and/or MLD. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 234: Defining Unregistered Multicast Settings
The Unregistered Multicast page enables handling Multicast frames that belong to groups that are not known to the device (unregistered Multicast groups). Unregistered Multicast frames are usually forwarded to all ports on the VLAN. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 235 Forwarding—Enables forwarding of unregistered Multicast frames to the selected interface. Filtering—Enables filtering (rejecting) of unregistered Multicast frames to the selected interface. Click Apply. The settings are saved, and the Running Configuration file is updated. STEP 3 Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 236 Multicast Defining Unregistered Multicast Settings Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 237: Chapter 16: Ip Configuration
If the ARP response shows that the IPv4 address is in use, the device sends a DHCPDECLINE message to the offering DHCP server, and sends another DHCPDISCOVER packet that restarts the process. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 238: Ipv4 Management And Interfaces
To manage the device by using the web-based configuration utility, the IPv4 device management IP address must be defined and known. The device IP address can be manually configured or automatically taken from a DHCP server. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 239 Operational Default Gateway—Displays the current default gateway status. If the device is not configured with a default gateway, it cannot NOTE communicate with other devices that are not in the same IP subnet. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 240: Arp
• Clear ARP Table Entries—Select the type of ARP entries to be cleared from the system. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 241 IP Address—Enter the IP address of the local device. • MAC Address—Enter the MAC address of the local device. Click Apply. The ARP entry is saved to the Running Configuration file. STEP 6 Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 242: Ipv6 Global Configuration
An IPv6 interface can be configured on a port, LAG, VLAN, or tunnel. A tunnel interface is configured with an IPv6 address based on the settings defined in the IPv6 Tunnel page. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 243 DAD verification. Entering 0 in this field disables duplicate address detection processing on the specified interface. Entering 1 in this field indicates a single transmission without follow-up transmissions. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 244 DHCPv6 Server Address—Address of DHCPv6 server. • DHCPv6 Server DUID—Unique identifier of the DHCPv6 server. • DHCPv6 Server Preference—Priority of this DHCPv6 server. • Information Minimum Refresh Time— See above. • Information Refresh Time—See above. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 245: Ipv6 Tunnel
When the ISATAP router IPv4 address is not resolved via the DNS process, the ISATAP IP interface remains active. The system does not have a default router for ISATAP traffic until the DNS process is resolved. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 246: Configuring Tunnels
The larger the number, the more frequent the queries. The ISATAP tunnel is not operational if the underlying IPv4 interface is NOTE not in operation. Click Apply. The tunnel is saved to the Running Configuration file. STEP 3 Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 247: Defining Ipv6 Addresses
EUI-64—Select to use the EUI-64 parameter to identify the interface ID portion of the Global IPv6 address by using the EUI-64 format based on a device MAC address. Click Apply. The Running Configuration file is updated. STEP 4 Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 248: Ipv6 Default Router List
Dynamic—The default router was dynamically configured. State—The default router status options are: Incomplete—Address resolution is in process. Default router has not yet responded. Reachable Reachable—Positive confirmation was received within the Time. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 249: Defining Ipv6 Neighbors Information
This page displays the neighbors that were automatically detected or manually configured entries. Each entry displays to which interface the neighbor is connected, the neighbor’s IPv6 and MAC addresses, the entry type (static or dynamic), and the state of the neighbor. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 250 Router—Specifies whether the neighbor is a router (Yes or No). To add a neighbor to the table, click Add. STEP 3 Enter values for the following fields: STEP 4 • Interface—The neighboring IPv6 interface to be added. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 251: Viewing Ipv6 Route Tables
Link Local—An IPv6 interface and IPv6 address that uniquely identifies hosts on a single network link. A link local address has a prefix of FE80, is not routable, and can be used for communication only on the local Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 252: Domain Name
The Domain Name System (DNS) translates domain names into IP addresses for the purpose of locating and addressing hosts. As a DNS client, the device resolves domain names to IP addresses through the use of one or more configured DNS servers. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 253: Dns Settings
DNS Server Table: The following fields are displayed for each DNS server configured: • DNS Server—The IP address of the DNS server. • Preference—Each server has a preference value, a lower value means a higher chance of being used. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 254: Search List
The following fields are displayed for each DNS server configured on the device. • Domain Name—Name of domain that can be used on the device. • Source—Source of the server’s IP address (static or DHCPv4 or DHCPv6) for this domain. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 255: Host Mapping
Host Name—User-defined host name or fully-qualified name. • IP Address—The host IP address. • Type—Is this a Dynamic or Static entry to the cache. • Status— Displays the results of attempts to access the host Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 256 0 through 9, the underscore and the hyphen. A period (.) is used to separate labels. • IP Address(es)—Enter a single address or up to eight associated IP addresses (IPv4 or IPv6). Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 257: Chapter 17: Security
Access control of end-users to the network through the device is described in the following sections: • Configuring Management Access Authentication • Defining Management Access Method • Configuring RADIUS • Configuring Port Security • Configuring 802.1X Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 258: Defining Users
Configuring Port Security Defining Users The default username/password is cisco/cisco. The first time that you log in with the default username and password, you are required to enter a new password. Password complexity is enabled by default. If the password that you choose is not complex enough (Password Complexity Settings are enabled in the Password Strength page), you are prompted to create another password.
Page 259: Setting Password Complexity Rules
Password Aging—If selected, the user is prompted to change the password when the Password Aging Time expires. • Password Aging Time—Enter the number of days that can elapse before the user is prompted to change the password. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 260 The New Password Must Be Different than the Current One—If selected, the new password cannot be the same as the current password upon a password change. Click Apply. The password settings are written to the Running Configuration file. STEP 5 Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 261: Configuring Radius
The TACACS+ server then checks user privileges. Defaults The following defaults are relevant to this feature: • No default RADIUS server is defined by default. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 262: Interactions With Other Features
Plaintext form. If you do not have an encrypted key string (from another device), enter the key string in plaintext mode and click Apply. The encrypted key string is generated and displayed. This overrides the default key string if one has been defined. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 263 RADIUS server before retrying the query, or switching to the next server if the maximum number of retries were made. If Use Default is selected, the device uses the default timeout value. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 264: Configuring Management Access Authentication
For example, if the selected authentication methods are RADIUS and Local, and all configured RADIUS servers are queried in priority order and do not reply, the user is authenticated locally. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 265: Defining Management Access Method
Only users who pass both the active access profile and the management access authentication methods are given management access to the device. There can only be a single access profile active on the device at one time. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 266: Active Access Profile
To change the active access profile, select a profile from the Active Access STEP 2 Profile drop down menu and click Apply. This makes the chosen profile the active access profile. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 267 Applies to Interface—Select the interface attached to the rule. The options are: All—Applies to all ports, VLANs, and LAGs. User Defined—Applies to selected interface. • Interface—Enter the interface number if User Defined was selected. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 268: Defining Profile Rules
To add profile rules to an access profile: Click Security > Mgmt Access Method > Profile Rules. STEP 1 Select the Filter field, and an access profile. Click Go. STEP 2 Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 269 The Source IP Address field is valid for a subnetwork. Select one of the following values: All—Applies to all types of IP addresses. User Defined—Applies to only those types of IP addresses defined in the fields. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 270: Ssl Server
To open an HTTPS session with a user-created certificate, perform the following actions: 1. Generate a certificate. 2. Request that the certificate be certified by a CA. 3. Import the signed certificate into the device. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 271: Default Settings And Configuration
Organization Unit—Specifies the organization-unit or department name. Organization Name—Specifies the organization name. Location—Specifies the location or city name. State—Specifies the state or province name. Country—Specifies the country name. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 272: Configuring Tcp/Udp Services
Click Apply to apply the changes to the Running Configuration. STEP 5 Configuring TCP/UDP Services The TCP/UDP Services page enables TCP or UDP-based services on the device, usually for security reasons. The device offers the following TCP/UDP services: Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 273 Remote Port—TCP port of the remote device that is requesting the service. • State—Status of the service. The UDP Services table displays the following information: • Service Name—Access method through which the device is offering the UDP service. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 274: Defining Storm Control
Edit Storm Control page. Select a port and click Edit. STEP 2 Enter the parameters. STEP 3 • Interface—Select the port for which storm control is enabled. • Storm Control—Select to enable Storm Control. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 275: Configuring Port Security
Secure Permanent—Keeps the current dynamic MAC addresses associated with the port and learns up to the maximum number of addresses allowed on the port (set by Max No. of Addresses Allowed). Relearning and aging are disabled. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 276 Interface must be cleared. After the mode is changed, the Lock Interface can be reinstated. The options are: Classic Lock—Locks the port immediately, regardless of the number of addresses that have already been learned. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 277 • Trap Frequency—Enter minimum time (in seconds) that elapses between traps. Click Apply. Port security is modified, and the Running Configuration file is STEP 4 updated. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 278: Configuring 802.1X
The device supports the 802. 1 x authentication mechanism, as described in the standard, to authenticate and authorize 802. 1 x supplicants. 802.1X Parameters Workflow Define the 802. 1 X parameters as follows: Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 279: Defining 802.1X Properties
RADIUS—Authenticate the user on the RADIUS server. If no authentication is performed, the session is not permitted. None—Do not authenticate the user. Permit the session. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 280: Defining 802.1X Port Authentication
Auto—Enables port-based authentication and authorization on the device. The interface moves between an authorized or unauthorized state based on the authentication exchange between the device and the client. Force Authorized—Authorizes the interface without authentication. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 281 • Termination Cause—Displays the reason for which port authentication was terminated, if applicable. Click Apply. The port settings are written to the Running Configuration file. STEP 4 Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 282: Defining Host And Session Authentication
Not in Auto Mode—Auto port control is not enabled. • Number of Violations—Displays the number of packets that arrive on the interface in single-host mode, from a host whose MAC address is not the supplicant MAC address. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 283: Viewing Authenticated Hosts
This page displays the following fields: • User Name—Supplicant names that were authenticated on each port. • Port—Number of the port. • Session Time (DD:HH:MM:SS)—Amount of time that the supplicant was logged on the port. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 284: Denial Of Service Prevention
One method of resisting DoS attacks employed by the device is the use of SCT. SCT is enabled by default on the device and cannot be disabled. The Cisco device is an advanced device that handles management traffic, protocol traffic and snooping traffic, in addition to end-user (TCP) traffic.
Page 285: Defense Against Dos Attacks
• SYN-FIN protection is enabled by default (even if DoS Prevention is disabled). • If SYN protection is enabled, the default is Report.The default threshold is 30 SYN packets per second. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 286: Configuring Dos Prevention
• Block SYN-FIN Packets—Select to enable the feature. If TCP packets with both SYN and FIN flags are detected, a SYSLOG message is generated. • SYN Protection Mode—Select between three modes: Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 287 Current Status—Interface status. The possible values are: Normal—No attack was identified on this interface. Attacked—Attack was identified on this interface. • Last Attack—Date of last SYN-FIN attack identified by the system and the system action (Reported). Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 288 Security Denial of Service Prevention Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 289: Chapter 18: Security: Ssh Client
SCP server to a device. With respect to SSH, the SCP running on the device is an SSH client application and the SCP server is a SSH server application. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 290: Protection Methods
SSH server. This is not done through the device’s management system, although, after a username has been established on the server, the server password can be changed through the device’s management system. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 291: Public/Private Keys
SSH server. To facilitate this process, an additional feature enables secure transfer of the encrypted private key to all switches in the system. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 292: Ssh Server Authentication
If no matching IP address/host name is found, the search is completed and authentication fails. • If the entry for the SSH server is not found in the list of trusted servers, the process fails. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 293: Ssh Client Authentication
The following algorithms are supported on the client side: • Key Exchange Algorithm-diffie-hellman • Encryption Algorithms aes128-cbc 3des-cbc arcfour aes192-cbc aes256-cbc • Message Authentication Code Algorithms hmac-sha1 hmac-md5 Compression algorithms are not supported. NOTE Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 294: Before You Begin
SSH User Authentication page can be used. Set up a username/password on the SSH server or modify the password on the STEP 3 SSH server. This activity depends on the server and is not described here. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 295 To change your password on an SSH server: Identify the server in the Change User Password on SSH Server page. STEP 1 Enter the new password. STEP 2 Click Apply. STEP 3 Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 296: Ssh Client Configuration Through The Gui
• Display Sensitive Data As Plaintext—Sensitive data for the current page appears as plaintext. The SSH User Key Table contains the following fields for each key: • Key Type—RSA or DSA. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 297: Ssh Server Authentication
Click Apply. The trusted server definition is stored in the Running Configuration STEP 4 file. Modifying the User Password on the SSH Server To change the password on the SSH server: Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 298 Old Password—This must match the password on the server. • New Password—Enter the new password and confirm it in the Confirm Password field. Click Apply. The password on the SSH server is modified. STEP 3 Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 299: Chapter 19: Security: Secure Sensitive Data Management
SSD provides users with the flexibility to configure the desired level of protection no protection with sensitive data in plaintext, minimum on their sensitive data; from protection with encryption based on the default passphrase, and better protection with encryption based on user-defined passphrase. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 300: Ssd Management
A device comes with a set of default SSD rules. An administrator can add, delete, and change SSD rules as desired. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 301: Elements Of An Ssd Rule
User Type will be applied). Specific—The rule applies to a specific user. Default User (cisco)—The rule applies to the default user (cisco). Level 15—The rule applies to users with privilege level 15. All—The rule applies to all users.
Page 302 Each management channel allows specific read presumptions. The following summarizes these. Table 2 Default Read Modes for Read Permissions Read Permission Default Read Mode Allowed Exclude Exclude Encrypted Only *Encrypted Plaintext Only *Plaintext Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 303 CLI/GUI sessions. When the SSD rule applied upon the session login is changed from NOTE within that session, the user must log out and back in to see the change. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 304: Ssd Rules And User Authentication
Rule Key Rule Action User Channel Read Default Read Mode Permission Level Secure XML Plaintext Only Plaintext SNMP Level Secure Both Encrypted Level Insecure Both Encrypted Insecure XML Exclude Exclude SNMP Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 305: Ssd Default Read Mode Session Override
• Controlling how the sensitive data is encrypted. • Controlling the strength of security on configuration files. • Controlling how the sensitive data is viewed within the current session. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 306: Passphrase
By default, the local passphrase and default passphrase are identical. It can be changed by administrative actions from either the Command Line Interface (if available) or the web-based interface. It is Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 307: Configuration File Passphrase Control
Configuration File Integrity Control be enabled when a device uses a user-defined passphrase with Unrestricted Configuration File Passprhase Control. Any modification made to a configuration file that is integrity protected is CAUTION considered tampering. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 308: Read Mode
• The SSD indicator, if it exists, must be in the configuration header file. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 309: Ssd Control Block
SSD control block, the device rejects the source file and the copy fails. • If there is no SSD control block in the source configuration file, the SSD configuration in the Startup Configuration file is reset to default. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 310: Running Configuration File
(meaning read permissions of either Both or Plaintext Only), the device rejects all SSD commands. • When copied from a source file, File SSD indicator, SSD Control Block Integrity, and SSD File Integrity are neither verified nor enforced. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 311: Backup And Mirror Configuration File
SSD Indicator shows Exclude or Plaintext Only sensitive data. • A user with Encrypted Only permission can access mirror and backup configuration files with their file SSD Indicator showing Exclude or Encrypted sensitive data. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 312: Sensitive Data Zero-Touch Auto Configuration
However, for auto configuration to succeed with a user-defined passphrase, the target devices must be manually pre-configured with the same passphrase as the device that generates the files, which is not zero touch. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 313: Ssd Management Channels
Management Channel GUI/HTTP Insecure GUI/HTTPS GUI/HTTPS Secure XML/HTTP Insecure-XML- XML/HTTPS SNMP XML/HTTPS Secure-XML-SNMP SNMPv1/v2/v3 without Insecure-XML- Secure-XML-SNMP privacy SNMP SNMPv3 with privacy Secure-XML-SNMP (level-15 users) TFTP Insecure SCP (Secure Copy) Secure Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 314: Menu Cli And Password Recovery
Click Security > Secure Sensitive Data Management > Properties. The STEP 1 following field appears: • Current Local Passphrase Type—Displays whether the default passphrase or a user-defined passphrase is currently being used. Enter the following Persistent Settings fields: STEP 2 Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 315: Ssd Rules
Specific User—Select and enter the specific user name to which this rule applies (this user does not necessarily have to be defined). Default User (cisco)—Indicates that this rule applies to the default user. Level 15—Indicates that this rule applies to all users with privilege level All—Indicates that this rule applies to all users.
Page 316 • Restore to Default—Restore a user-modified default rule to the default rule. • Restore All Rules to Default—Restore all user-modified default rules to the default rule and remove all user-defined rules. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 317: Chapter 20: Quality Of Service
This section covers the following topics: • QoS Features and Components • Configuring QoS - General • Managing QoS Statistics Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 318: Qos Features And Components
CoS/802. 1 p to Queue page or the DSCP to Queue page (depending on whether the trust mode is CoS/802. 1 p or DSCP, respectively). Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 319: Qos Workflow
In addition, the default CoS priority or DSCP value for each interface can be defined. Setting QoS Properties To enable QoS: Click Quality of Service > General > QoS Properties. STEP 1 Enable QoS on the device. STEP 2 Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 320 Default CoS—Select the default CoS (Class-of-Service) value to be assigned for incoming packets (that do not have a VLAN tag). Click Apply. The interface default CoS value is saved to Running Configuration file. STEP 2 Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 321: Interface Qos Settings
Traffic from the lower queues is processed only after the highest queue has been transmitted, thus providing the highest level of priority of traffic to the highest numbered queue. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 322 —If WRR is selected, enter the WRR weight assigned to the queue. % of WRR Bandwidth —Displays the amount of bandwidth assigned to the queue. These values represent the percent of the WRR weight. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 323: Mapping Cos/802.1P To A Queue
4, 4 being the the highest) highest priority) Background Best Effort Excellent Effort Critical Application - LVS phone SIP Video Voice - Cisco IP phone default Interwork Control - LVS phone RTP Network Control Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 324 Enter the parameters. STEP 2 • 802.1p—Displays the 802. 1 p priority tag values to be assigned to an egress queue, where 0 is the lowest and 7 is the highest priority. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 325: Mapping Dscp To Queue
The following tables describe the default DSCP to queue mapping for a 4 and 8 queue systems: Table 4 DSCP to Queue Default Mapping – 4 Queues System DSCP Queue DSCP Queue DSCP Queue DSCP Queue Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 326 Table 5 DSCP to Queue Default Mapping – 8 Queues System (7 is highest and 8 is used for stack control purposes) DSCP Queue DSCP Queue DSCP Queue DSCP Queue DSCP Queue DSCP Queue DSCP Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 327 Queue Table 6 DSCP to Queue Default Mapping – 8 Queues System (8 is highest) DSCP Queue DSCP Queue DSCP Queue DSCP Queue DSCP Queue DSCP Queue DSCP Queue DSCP Queue Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 328: Configuring Bandwidth
The % column is the ingress rate limit for the port divided by the total port bandwidth. Select an interface, and click Edit. STEP 2 Select the Port or LAG interface. STEP 3 Enter the fields for the selected interface: STEP 4 Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 329: Configuring Egress Shaping Per Queue
The device limits all frames except for management frames. Any frames that are not limited are ignored in the rate calculations, meaning that their size is not included in the limit total. Per-queue Egress rate shaping can be disabled. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 330: Managing Qos Statistics
QoS Statistics are shown only when the device is in QoS Advanced Mode only. This NOTE change is made in General > QoS Properties. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 331 Set 2—Displays the statistics for Set 2 that contains all interfaces and queues with a low DP. • Interface—Queue statistics are displayed for this interface. • Queue—Packets were forwarded or tail dropped from this queue. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 332 Queue—Select the queue for which statistics are displayed. • Drop Precedence—Enter drop precedence that indicates the probability of being dropped. Click Apply. The Queue Statistics counter is added, and the Running Configuration STEP 6 file is updated. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 333: Chapter 21: Snmp
The device functions as SNMP agent and supports SNMPv1, v2, and v3. It also reports system events to trap receivers using the traps defined in the supported MIBs (Management Information Base). Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 334: Snmpv1 And V2
For security reasons, SNMP is disabled by default. Before you can NOTE manage the device via SNMP, you must turn on SNMP on the Security >TCP/ UDP Services page. The following is the recommended series of actions for configuring SNMP: Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 335 If the SNMP Engine ID is not set, then users may not be created. Optionally, enable or disable traps by using the Trap Settings page. STEP 5 Optionally, define a notification filter(s) by using the Notification Filter page. STEP 6 Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 336: Supported Mibs
9.6. 1 .87.24.2 combo-ports SF200-48 48 FE ports + 2 GE special-purpose 9.6. 1 .87.48. 1 combo-ports SF200-48P FE1-FE48, GE1-GE4. 48 FE ports + 2 GE 9.6. 1 .87.48.2 special-purpose combo-ports Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 337: Snmp Engine Id
User Defined—Enter the local device engine ID. The field value is a hexadecimal string (range: 10 - 64). Each byte in the hexadecimal character strings is represented by two hexadecimal digits. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 338: Configuring Snmp Views
Object ID (OID) of the root of the relevant subtrees. Either well- known names can be used to specify the root of the desired subtree or an OID can be entered (see Model OIDs). Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 339 Default—Default SNMP view for read and read/write views. • DefaultSuper—Default SNMP view for administrator views. Other views can be added. • Object ID Subtree—Displays the subtree to be included or excluded in the SNMP view. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 340: Creating Snmp Groups
Click SNMP > Groups. STEP 1 This page contains the existing SNMP groups and their security levels. Click Add. STEP 2 Enter the parameters. STEP 3 • Group Name—Enter a new group name. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 341 Otherwise, there is no restriction on the contents of the traps. This can only be selected for SNMPv3. Click Apply. The SNMP group is saved to the Running Configuration file. STEP 4 Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 342: Managing Snmp Users
Remote IP Address—User is connected to a different SNMP entity besides the local device. If the remote Engine ID is defined, remote devices receive inform messages, but cannot make requests for Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 343 Privacy Password—16 bytes are required (DES encryption key) if the DES privacy method was selected. This field must be exactly 32 hexadecimal characters. The Encrypted or Plaintext mode can be selected. Click Apply to save the settings. STEP 4 Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 344: Defining Snmp Communities
IP device can access the SNMP community. • IP Version—Select either IPv4 or IPv6. • IPv6 Address Type—Select the supported IPv6 address type if IPv6 is used. The options are: Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 345 Advanced—Select this mode for a selected community. Group Name—Select an SNMP group that determines the access rights. Click Apply. The SNMP Community is defined, and the Running Configuration is STEP 4 updated. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 346: Defining Trap Settings
The Add/Edit pop-ups enable configuring the attributes of the notifications. An SNMP notification is a message sent from the device to the SNMP management station indicating that a certain event has occurred, such as a link up/ down. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 347: Defining Snmpv1,2 Notification Recipients
UDP Port—Enter the UDP port used for notifications on the recipient device. • Notification Type—Select whether to send Traps or Informs. If both are required, two recipients must be created. • Timeout—Enter the number of seconds the device waits before re-sending informs. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 348: Defining Snmpv3 Notification Recipients
Server Definition—Select whether to specify the remote log server by IP address or name. • IP Version—Select either IPv4 or IPv6. • IPv6 Address Type—Select the IPv6 address type (if IPv6 is used). The options are: Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 349 The options are: No Authentication —Indicates the packet is neither authenticated nor encrypted. Authentication —Indicates the packet is authenticated but not encrypted. Privacy —Indicates the packet is both authenticated and encrypted. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 350: Snmp Notification Filters
Down arrow to descend to the level of the selected node's children. Click nodes in the view to pass from one node to its sibling. Use the scrollbar to bring siblings in view. Cisco Small Business 200 Series Smart Switch Administration Guide...
Page 351 Select or deselect Include in filter. If this is selected, the selected MIBs are STEP 4 included in the filter, otherwise they are excluded. Click Apply. The SNMP views are defined and the running configuration is STEP 5 updated. Cisco Small Business 200 Series Smart Switch Administration Guide...

Cisco Small Business 200 Administration Manual

Chapter 1: Getting Started

Chapter 2: Status and Statistics

Chapter 3: Administration: System Log

Chapter 4: Administration: File Management

Chapter 5: Administration: General Information

Chapter 6: Administration: Time Settings

Chapter 7: Administration: Diagnostics

Chapter 8: Administration: Discovery

Chapter 9: Port Management

Chapter 10: Smartport

Chapter 11: Port Management: Poe

Chapter 12: VLAN Management

Chapter 13: Spanning Tree

Chapter 14: Managing MAC Address Tables

Chapter 15: Multicast

Chapter 16: IP Configuration

Chapter 17: Security

Chapter 18: Security: SSH Client

Chapter 19: Security: Secure Sensitive Data Management

Chapter 20: Quality of Service

Chapter 21: SNMP

Quick Links

Related Manuals for Cisco Small Business 200

Summary of Contents for Cisco Small Business 200