manualshive.com logo in svg

Cisco SG 200-08P, Administration Manual

Share
Download
Cisco SG 200-08P Administration Manual Download Page 163

Security

802.1X

Cisco Small Business SG200 Series 8-port Smart Switch

163

10

 

User Name

—Select the user to be used by the port to identify itself as a 

supplicant. The user must be one of the switch management users 
configured in the switch. The password configured for the user will be used 
in the authentication process. As a supplicant, the switch supports EAP-MD5 
authentication method. (See 

Managing User Accounts

 to set up the users.) 

STEP  4

Click 

Apply

 and then click 

Close

. Your changes are saved to the Running 

Configuration.

Displaying Authenticated Hosts

To display ports that have authenticated users on the 

Authenticated Hosts

 page, 

click 

Security

 > 

802.1X

 > 

Authenticated Hosts

 in the navigation window.

The Authenticated Hosts Table displays the following information for each host:

Port

—Port used for authentication.

User Name

—User name of the host.

Supplicant MAC Address

—Supplicant device MAC address.

Session Time

—Time since the supplicant logged in.

Session Timeout

—Time that the given session is valid. The time period in 

seconds is returned by the RADIUS server on authentication of the port.

Authentication Method

:

-

Local

—A user ID and password combination from the supplicant was 

compared with a locally-stored user database on the switch. Or the 
switch could not reach a server and the local user database was used to 
accept or reject the request.

-

None

—No authentication method was used. Or the switch attempted to 

could not reach the server, and no authentication method was used and 
the request was accepted.

-

RADIUS

—Authentication requests are passed to a RADIUS server that 

replies with RADIUS Access-Accept or Access-Reject frames. If the 
switch cannot reach the server, the request is denied.

Summary of Contents for SG 200-08P

Page 1: ...Cisco Small Business SG200 Series 8 port Smart Switches ADMINISTRATION GUIDE ...

Page 2: ...Navigation Window 14 Management Buttons 14 Chapter 2 Viewing Statistics 18 System Summary 18 Displaying the System Summary 18 Configuring System Settings 21 Interface Statistics 22 Etherlike Statistics 23 802 1X EAP Statistics 24 IPv6 DHCP Statistics 25 RADIUS Statistics 26 RMON 27 Logs 29 RAM Memory Log 29 Flash Memory Log 30 Chapter 3 Administration 32 Configuring System Settings 33 Management I...

Page 3: ...stem Logs 51 Configuring Log Settings 52 Configuring Remote Log Servers 53 File Management 54 Upgrading and Backing Up Firmware and Language Files 56 Downloading and Backing Up the Configuration and Log Files 58 Downloading a Configuration File to Restore Settings 58 Backing Up the Configuration File and Logs 59 Delete Configuration 61 Copying and Saving Configuration Files 61 DHCP Auto Configurat...

Page 4: ...P MED 81 Configuring Global LLDP MED Properties 82 Configuring LLDP MED on a Port 83 LLDP MED Port Status Details 85 LLDP MED Neighbor Information 87 Configuring DHCP Client Vendor Options 89 Chapter 4 Port Management 90 Configuring Port Settings 90 Link Aggregation 92 Configuring LAGs 92 Configuring LAG Settings 93 Configuring LACP 94 Configuring PoE 96 Configuring PoE Properties 96 Configuring P...

Page 5: ...7 Chapter 6 Spanning Tree 118 Overview of Spanning Tree 118 Configuring STP Status and Global Settings 119 Configuring Global and Bridge Settings 119 Configuring STP Interface Settings 121 RSTP Interface Settings 123 Chapter 7 MAC Address Tables 127 Configuring Static MAC Addresses 127 Configuring the Aging Time for Dynamic Addresses 129 Dynamic MAC Addresses 129 Chapter 8 Multicast 131 Multicast ...

Page 6: ... Configuring Global DNS Settings 143 Adding DNS Servers 144 Hostname Mapping 144 Configuring Static DNS Mappings 144 Viewing and Deleting Dynamic DNS Entries 145 Chapter 10 Security 146 RADIUS 146 Configuring Global RADIUS Settings 147 Adding a RADIUS Server 147 Password Strength 149 Management Access Profile Rules 150 Configuring an Access Profile and Rules 150 Modifying and Deleting Access Profi...

Page 7: ... Displaying Authenticated Hosts 163 Chapter 11 Quality of Service 164 QoS Properties 165 Defining Queues 166 Queue Configuration Recommendations 167 Configuring Queues 167 Mapping CoS 802 1p Priorities to Queues 168 Mapping IP Precedence to Queues 170 Mapping DSCP Values to Queues 171 Defining Rate Limit Profiles 172 Applying Rate Limit Profiles to Interfaces 173 Traffic Shaping 174 ...

Page 8: ...ck Sites Click Advanced and then click Add Add the intranet address of the switch http ip address to the local intranet zone The IP address can also be specified as the subnet IP address so that all addresses in the subnet are added to the local intranet zone If you are using Internet Explorer 6 you cannot directly use an IPv6 address to access the switch You can however use the Domain Name System...

Page 9: ...Backup Firmware Language page STEP 2 If this is the first time that you logged on with the default user name cisco and the default password cisco or your password has expired the Change Admin Password page opens Enter the new password confirm it click Apply and then click Close The characters and are not supported The new password is saved NOTE Password complexity is enabled by default and the new...

Page 10: ...age CAUTION Unless the Running Configuration is copied to the Startup Configuration file type all changes made since the last time the file type was saved are lost if the switch is rebooted We recommend that you save the Running Configuration to the Startup Configuration file type before logging off to preserve any changes you made during this session A red X icon displayed to the left of the Save...

Page 11: ...ry Link Name on the Page Linked Page Initial Setup Change Device IP Address IPv4 Interface Create VLAN Create VLAN Configure Port Settings Port Settings Device Status System Summary System Summary Port Statistics Interface RMON Statistics RMON Statistics View Log RAM Memory Quick Access Change Device Password User Accounts Upgrade Device Software Upgrade Backup Firmware Language Backup Device Conf...

Page 12: ...tion changes have been made and have not yet been saved to the Startup Configuration file When you click this button the Download Backup Configuration Log page displays Save the Running Configuration by copying it to the Startup Configuration file type After you click Apply to save this file the red X icon and the Save button are no longer displayed When the switch is rebooted it copies the Startu...

Page 13: ...d assistance with using your switch Support Displays the support web page for Cisco Small Business Managed Switches Forums Displays the web page for the Cisco Small Business Support Community Log Out Click to log out of the web based switch configuration utility About Click to display the switch type and switch version number Help Click to display the online help Buttons Continued Name Description...

Page 14: ...play the related page links Management Buttons The following table describes the commonly used buttons that appear on various pages in the system Management Buttons Name Description Depending on the number of pages and the currently displayed page use these features to navigate through the pages of the table Click to go to the first page click to go to the previous page click to go to the next pag...

Page 15: ...on the selected page Note Your changes are applied to the running configuration only If the switch is rebooted the running configuration is lost To save your changes to the startup configuration click Save For more information see Copying and Saving Configuration Files Cancel Click to undo the changes that you made on the page and to reset the values to the previously applied entries Clear All Int...

Page 16: ...the table to be deleted and click Delete The entry is deleted Details Click to display details associated with the entry selected on the main page Edit Select an entry and click Edit to open it for editing The Edit page opens and the entry can be modified Click Apply to save the changes to the Running Configuration Note that there is no message to confirm that the parameters have been saved to the...

Page 17: ... message appears below a table each column heading is a sort button Click a column heading to sort the records in ascending order based on the contents of the selected column After the sort is applied an arrow appears in the column heading You can click this arrow to reverse the sort order Management Buttons Continued Name Description ...

Page 18: ...ation such as the hardware model description software version language packs and system up time Displaying the System Summary To view system information click Status and Statistics System Summary in the navigation window Or click System Summary under Device Status on the Getting Started page The System Summary page displays the following information System Description A description of the system S...

Page 19: ...nt system time Base MAC Address Switch MAC address Hardware and Firmware Version Information The following hardware and software information displays for the switch Serial Number Serial number of the switch PID VID Part number and version ID Boot Version Version of the boot code Maximum Available Power W PoE switches only Maximum available power that can be delivered by the PoE ports Threshold Pow...

Page 20: ...ile version MD5 Checksum 128 bit hash code used to check file integrity File Size The file size in KB File Type Indicates one of the following values Built In Default language provided within the software and therefore cannot be downloaded as a separate file External A language file that has been downloaded to the switch and can be selected at login Default Displays Yes to indicate that the web ba...

Page 21: ...ion session is established between the switch and a server or client depending on each device s role with respect to this protocol Configuring System Settings To configure the system settings STEP 1 Click Status and Statistics System Summary The System Summary page opens STEP 2 Click Edit to modify the following settings System Location Enter the location where the switch is physically located Sys...

Page 22: ...terface since the switch was last refreshed Multicast Packets Total number of multicast packets transmitted or received on the selected interface since the switch was last refreshed Broadcast Packets Total number of broadcast packets transmitted or received on the selected interface since the switch was last refreshed Packets with Errors Total number of packets with errors received on the selected...

Page 23: ...es Signal collision frame errors received Late Collisions Late collision frames received Excessive Collisions Excessive collision frames received Multiple Collisions Multiple collision frames received Oversize Packets Packets received that were longer than 1518 octets excluding framing bits and including FCS octets and were otherwise well formed Internal MAC Receive Errors Internal MAC errors rece...

Page 24: ...ince the last time the page was refreshed The following information displays for the selected interface EAPOL Frames Received Valid Extensible Authentication Protocol over LAN EAPOL frames received on the port EAPOL Frames Transmitted EAPOL frames transmitted through the port EAPOL Start Frames Received EAPOL Start frames received on the port EAPOL Logoff Frames Received EAPOL Logoff frames receiv...

Page 25: ...isplay this page click Status and Statistics IPv6 DHCP Statistics in the navigation window Select a refresh rate for the page The page displays the following statistics which are cumulative since the last time the page refreshed DHCPv6 Advertisement Packets Received DHCPv6 Reply Packets Received Received DHCPv6 Advertisement Packets Discarded Received DHCPv6 Reply Packets Discarded DHCPv6 Malforme...

Page 26: ...Accepts Number of Authentication Request packets accepted by the RADIUS server Access Rejects Number of Authentication Request packets rejected by the RADIUS server Access Challenges Number of Access Challenge packets sent by the RADIUS server to the switch Malformed Access Responses Number of reply packets from the RADIUS server that were malformed Bad Authenticators Number of Authentication Requ...

Page 27: ...h as packet processing statistics and errors that have occurred on the switch The RMON Statistics page displays detailed information regarding packet sizes and information regarding physical layer errors The information shown is according to the RMON standard To view statistics STEP 1 Click Status and Statistics RMON Statistics in the navigation window STEP 2 Select the port or LAG for which you w...

Page 28: ... was last refreshed Jabbers Packets received that were more than 1518 octets long and had an FCS error during the sampling session Collisions Collisions received on the interface since the switch was last refreshed Frames of 64 Bytes 64 byte frames received on the interface since the switch was last refreshed Frames of 65 to 127 Bytes 65 byte to 127 byte frames received on the interface since the ...

Page 29: ...ory Log Flash Memory Log RAM Memory Log Use the RAM Memory page to view information about specific RAM cache log entries including the time the log was entered the log severity and a description of the log To display this page click Status and Statistics View Log RAM Memory in the navigation window NOTE This page might take up to 45 seconds to display when the table contains the maximum number of ...

Page 30: ...ight be generated during the initial powering on of the switch and booting from the factory default configuration might be important to a troubleshooter Therefore when the switch is first booted from the factory default configuration it places the first 32 messages into the Start up log and the balance of the messages are logged into the Operational log If the logs are cleared the Start up log is ...

Page 31: ...x Numeric ID for the log entry Log Time Time that the log was created in the Flash Memory Table Severity The log severity can be one of the following Alert 1 Action must be taken immediately Critical 2 Critical conditions Error 3 Error conditions Warning 4 Warning conditions Notice 5 Normal but significant conditions Informational 6 Informational messages Debug 7 Provides detailed information abou...

Page 32: ...It contains the following topics Configuring System Settings Management Interface Managing User Accounts Configuring the Idle Session Timeouts Login Sessions Login History Time Settings System Logs File Management Rebooting the Switch Pinging Hosts Configuring Control Packet Forwarding Diagnostics Enabling Bonjour LLDP MED Configuring DHCP Client Vendor Options ...

Page 33: ...on of the physical location of the switch System Contact Contact person for the switch Hostname Administratively assigned name for this managed node By convention this is the fully qualified domain name of the node The default hostname is switch concatenated with the last 6 hex digits of the MAC address of the switch Hostname labels contain only letters digits and hyphens Hostname labels cannot be...

Page 34: ...ent Interface Configuring an IPv6 Management Interface Viewing and Adding IPv6 Neighbors Configuring an IPv4 Management Interface You can use the IPv4 Interface page to configure the management VLAN and IPv4 address To configure the IPv4 management interface STEP 1 Click Administration Management Interface IPv4 Interface in the navigation window STEP 2 Select a management VLAN from the list A port...

Page 35: ... address assigned in the IP Address field If the IP Address Type is set to Static specify the following IP Address Enter an IPv4 address Mask Enter a 32 bit network mask for example 255 255 255 0 Or select Prefix Length and specify the number of bits 0 32 that make up the network prefix for example 24 Default Gateway Select User Defined and specify the default gateway IP address for management pac...

Page 36: ...ormat using the MAC address of the port s for the link local part of the address The switch listens to router advertisements to detect and autoconfigure the global part of the address DHCPv6 Select to enable the switch to obtain its IPv6 address es from a DHCPv6 server IPv6 Gateway Enter the link local address of the IPv6 router where the switch should send IPv6 packets destined for a device outsi...

Page 37: ...ch can be managed from another subnet To add a static IPv6 address STEP 1 Click Add STEP 2 Enter an IPv6 address followed by a slash and the prefix length STEP 3 Select EUI 64 if the address conforms to the EUI 64 format whereby the first three to five octets are the Organizationally Unique Identifier OUI and the remaining octets are a unique assigned address STEP 4 Click Apply and then click Clos...

Page 38: ... address of the neighbor State State of the neighbor The following are the states for dynamic entries Reachable Confirmation was received within a preconfigured interval that the forward path to the neighbor is functioning properly While in the Reachable state the device takes no special action as packets are sent Delay More time has elapsed than a preconfigured interval since the last confirmatio...

Page 39: ... Accounts page configure up to five additional users and to change a user password Adding a User To add a new user STEP 1 Click Administration User Accounts in the navigation window The User Account Table displays the currently configured users STEP 2 Click Add STEP 3 Enter a user name between 1 to 32 alphanumeric characters Only numbers 0 9 and letters a z upper or lower are allowed for user name...

Page 40: ...ailable until the strength meter is orange and the password is confirmed When adding a user you can temporarily disable the password strength check to allow configuring a password that does not meet the strength check criteria Click Disable Password Strength Enforcement and then click OK when the warning displays To disable the Password Strength Enforcement for all users or to configure its charac...

Page 41: ...f Password Strength Enforcement is enabled Apply is not available until the strength meter is orange and the password is confirmed When adding a user you can temporarily disable the password strength check to allow configuring a password that does not meet the strength check criteria Click Disable Password Strength Enforcement and then click OK when the warning displays To disable the Password Str...

Page 42: ...e navigation window STEP 2 Specify the parameter HTTP Session Timeout The inactivity timeout for HTTP sessions The value must be in the range of 1 to 60 minutes The default value is 10 minutes STEP 3 Click Apply Your changes are saved to the Running Configuration Login Sessions The Login Sessions page displays active management login sessions To display this page click Administration Login Session...

Page 43: ...P Telnet Serial SSH or SNMP Location IP address of the host Time Settings A system clock is used to provide a network synchronized time stamping service for switch software events such as message logs You can configure the system clock manually or configure the switch as a Simple Network Time Protocol SNTP client that obtains the clock data from a server See the following topics for information on...

Page 44: ...er you are using to access the switch Or clear this field and configure the following time settings Date Enter the date in mm dd yyyy format such as 01 01 2010 for January 1 2010 Local Time Enter the current time in HH mm ss format such as 22 00 00 for 10 p m The hint text displays HH if the time is based on a 24 hour clock or hh if the time is in 12 hour clock format GMT Time Zone Offset Select t...

Page 45: ...s and ends each year STEP 6 Click Apply Your changes are saved to the Running Configuration Configuring the Switch as an SNTP Client You can also configure the switch to acquire time from an SNTP server by configuring the switch SNTP Settings To configure the switch to acquire time settings from an SNTP server STEP 1 On the System Time page select Use SNTP Server STEP 2 Configure the SNTP client o...

Page 46: ...onal SNTP settings such as polling intervals unicast server addresses and authentication information the switch needs to access SNTP servers Configuring the SNTP Setting The switch supports the Simple Network Time Protocol SNTP SNTP ensures accurate network device time synchronization up to the millisecond Time synchronization is performed by a network SNTP server The switch operates as an SNTP cl...

Page 47: ...r example if you enter 4 the poll interval is 16 seconds If the switch detects a server it ignores time broadcasts from other SNTP servers unless the Broadcast Poll Interval expires three consecutive times without an update received from the server STEP 3 Click Apply Your changes are saved to the Running Configuration Adding and Modifying SNTP Servers The Unicast SNTP Servers Table displays the fo...

Page 48: ...quests the switch has made to the unicast server To edit the settings for a server check the box to select it and then click Edit To remove a server check the box to select it and then click Delete To add a new server click Add and then enter the settings as described below To add an SNTP server STEP 1 Click Add STEP 2 Enter the parameters SNTP Server Enter an IPv4 address or a domain name To use ...

Page 49: ... Active Server Server Host Address IP address of the SNTP server Server Type IP protocol version the server uses IPv4 or IPv6 Server Stratum Hierarchical level of the SNTP server that identifies its distance from a reference clock Server Reference Id 32 bit code that identifies the reference clock that this server uses Server Mode Mode in which the server is operating Unicast The SNTP server liste...

Page 50: ...n the identifying information that the switch uses to authenticate to STNP servers You also use this page to enable the SNTP authentication service When you define SNTP servers that the switch can use you specify whether a server uses authentication and which authentication key it uses NOTE You must configure at least one trusted authentication key before you enable SNTP authentication Otherwise t...

Page 51: ...s are used with unicast SNTP servers only A key is used to authenticate an SNTP server only when the key is enabled as trusted A keys that is configured on the switch but specified as untrusted will not be used An administrator can add an untrusted key to have it available for use at another time STEP 6 Click Apply and then click Close Your changes are saved to the Running Configuration System Log...

Page 52: ...ived consecutively within a configured time interval then these messages are aggregated into a single log message Log Aggregation Interval If Log Aggregation is enabled specify the interval in seconds Consecutive messages that are received within this interval will be aggregated into a single log message The range is 15 seconds to 120 seconds RAM Memory Logging Select to enable logging in RAM Flas...

Page 53: ... navigation window STEP 2 For the Syslog Logging mode click Enable and then configure the following settings Facility Select a value from the list that identifies the classification of syslog messages from this switch The meaning of these values Local 0 through Local 7 is determined by the network administrator Local Port Specify the IANA port number for the switch The default is the well known po...

Page 54: ... in progress all management access to the switch is blocked until the transfer is complete to protect the switch from any unknown changes NOTE When logging in by using HTTP HTML and you can choose from more than one network port you should the lowest number port See the following topics for more information on the configuration pages available in the File Management menu Upgrading and Backing Up F...

Page 55: ...retained in Flash and is preserved any time the switch is rebooted When it is rebooted the Startup Configuration is copied to RAM and identified as the Running Configuration Backup Configuration A manual copy of the parameter definitions for protection against system shutdown or for the maintenance of a specific operating state You can copy the Mirror Configuration Startup Configuration or Running...

Page 56: ...iles Encryption keys used for secure shell communication Upgrading and Backing Up Firmware and Language Files You can use the Upgrade Backup Firmware Language page to Upgrade the firmware by downloading a new image from a server Upgrade the boot code by downloading a new boot file from a server Update the language files by downloading a new file from a server Language files determine the language ...

Page 57: ...are image Firmware Image Controls all switch features and interfaces Boot Code Controls the initial system bootup Language File Strings used by the system interface to display the selected language TFTP Server TFTP only Specify the IPv4 or IPv6 address of the TFTP server Or specify the server name if DNS is enabled in the IP configuration see Domain Name System Source File Name For upgrades via TF...

Page 58: ...ructions on downloading a working image Downloading and Backing Up the Configuration and Log Files You can use the Download Backup Configuration Log page to download a saved configuration file to the switch to restore previously saved settings or back up the current configuration file to a network location You also can use this page to back up log files Downloading a Configuration File to Restore ...

Page 59: ...artup Configuration file It will be the active configuration file when you reboot Backup Configuration The specified file will replace the current backup configuration file STEP 5 Click Apply to begin the upgrade A progress bar indicates the status of the upgrade CAUTION Ensure that power to the switch remains uninterrupted while the configuration file is downloading to the switch If a power failu...

Page 60: ...ckup Configuration file Mirror Configuration If the Running Configuration is not modified for at least 24 hours it is automatically saved to a Mirror Configuration file type and a log message with severity alert is generated to indicate that a new mirror file is available This feature allows the administrator to view the previous version of the configuration before it is saved to the Startup Confi...

Page 61: ...elete the Startup or Backup Configuration file STEP 1 Click Administration File Management Delete Configuration in the navigation window STEP 2 Select the Startup Configuration or Backup Configuration file type STEP 3 Click Apply Copying and Saving Configuration Files The Copy Save Configuration page enables you to copy files within the file system For example you can copy the Backup Configuration...

Page 62: ...an copy the Mirror Configuration to either the Startup or Backup Configuration file type and reboot STEP 3 For the Destination File Name select the file type to be overwritten with the file you are copying Startup Configuration Configuration file type used when the switch last booted This does not include any configuration changes applied but not yet saved to the switch Backup Configuration Backup...

Page 63: ...ation is received from the DHCP server When conditions 1 and 2 occur the switch saves the file to flash memory Upon subsequent startups it compares the stored file name to the name specified in option 66 67 in the current DHCP message If they differ the new file is downloaded and written to flash memory NOTE When the system boots up for the first time the switch does not have a specific name for t...

Page 64: ...on is not configured or the server or file name cannot be found the switch sends broadcast TFTP requests for the file name in the DHCP message if given Otherwise the switch enters default network configuration mode process described in the Default Network Configuration File section Configuration File Download Details The switch first attempts to download a host specific configuration file If this ...

Page 65: ... name mappings The switch determines the hostname from the mappings with its IP address If there is no mapping the switch uses reverse DNS lookup to discover the hostname The following is a sample fp net cfg file config ip host switch_to_setup 192 168 1 10 ip host another_switch 192 168 1 11 other hostname definitions exit When a hostname has been determined the switch issues a TFTP request for a ...

Page 66: ...lowing table summarizes the configuration files that can be downloaded and the order in which they are sought An operator can terminate Auto Configuration at any time prior to the downloading of the file This should be done when the switch is disconnected from the network or if the required configuration files have not been set up on TFTP servers When a configuration file is successfully downloade...

Page 67: ...anges to Processing DHCP BOOTP options checking preconditions The following messages might display Waiting for boot options Processing DHCP BOOTP options checking preconditions Downloading tftp tftp address filename Applying downloaded configuration Waiting for restart timeout Saving the downloaded configuration Stopped AutoInstall is completed AutoInstall process is terminated File filename valid...

Page 68: ...sed when unicast requests to the TFTP server specified in option 66 fails three times The length of the string cannot exceed 96 characters Alternate Configuration File Specify an alternate configuration file name to serve as a backup If no startup configuration file identified in DHCP option 67 or if the specified file cannot be found on the TFTP server Auto Configuration looks for the alternate f...

Page 69: ...mware recovery mode when the switch is booted and the boot loader cannot find a valid image in flash memory In this mode the boot loader sets the switch internal network port to the following static IP address IP Address 192 168 1 254 Network Mask 255 255 255 0 Default Gateway 192 168 1 1 An HTTP server starts and listens for client connections on port 80 NOTE Firmware recovery can also be perform...

Page 70: ... written to flash The file selected by administrator is downloaded to RAM and is validated for following conditions The CRC of the file is good The STK file is built for this platform The STK file size is within the partition limits 4 5 MB is reserved for this file If these conditions are met the file is written to Flash memory and the system is rebooted using the new firmware If any of these chec...

Page 71: ... a management station you can use the XMODEM protocol to download the file NOTE This process requires a management system that is connected to the serial console port on the switch and has a terminal emulation program such as Tera Term or HyperTerminal Configure the utility with the following parameters 115200 bits per second 8 data bits no parity 1 stop bit no flow control See your product Quick ...

Page 72: ...t code filename WARNING Make sure that the switch is connected to an uninterrupted power supply during a boot code upgrade This process might take 10 20 seconds When the download is complete the switch copies the image or boot code file into Flash memory STEP 7 Enter the command to restart the switch to boot it with new software CFE reset sysreset NOTE You can verify the boot code or image version...

Page 73: ...t code upgrade This process might take 10 20 seconds The switch waits for a file to be sent from the management station STEP 5 In the terminal emulation software select the file and begin the transfer For example in Tera Term click File Transfer XMODEM Send and then browse to select the file When the download is complete the switch burns the image or boot code file into Flash memory STEP 6 Enter t...

Page 74: ...ots the switch using with the factory default configuration file Any customized settings are lost A window appears to enable you to confirm or cancel the reboot The current management session might be terminated STEP 3 Confirm or cancel the reboot Pinging Hosts Use the Ping page to send a Ping request from the switch to a specified IP address You can use this feature to check whether the switch ca...

Page 75: ...ubnet as the switch Datagram Size Specify the data size of the ping packet to send between 48 and 2048 bytes STEP 4 Click Apply to send the ping You can view the status in the Ping window Configuring Control Packet Forwarding You can use the Control Packet Forwarding page to configure how the switch handles packets of the following protocol types CDP The Cisco Discovery Protocol CDP which is suppo...

Page 76: ...e selected type are dropped Forward All packets of the selected type are forwarded within the specified VLAN This is the default action for CDP packets Terminate The packet is accepted and processed on the switch This is the default action for LLDP and DOT1X packets and is not available for CDP packets STEP 4 Click Apply Your changes are saved to the Running Configuration Diagnostics You can use t...

Page 77: ... or the connector is faulty Short Cable has an electrical short Untested No test has been performed Cable status test failed Cable status could not be determined by the test The cable might be working Distance to Fault Distance in meters from the port where the cable error if any was detected in the most recent cable test Last Update Last time the port was tested Cable Length Length of the cable i...

Page 78: ...isplay the Port and VLAN Mirroring page click Administration Diagnostics Port Mirroring in the navigation window Four mirroring sessions are available for configuration and are disabled by default The Port Mirroring Session Table displays the following fields for each session Session ID A monitoring session ID number Admin Mode Indicates whether the port mirroring session is enabled or disabled De...

Page 79: ...oring Session Table select the session to activate and click Edit STEP 7 For the Admin Mode select Enable Deselecting the Admin Mode check box retains the session configuration but disables it STEP 8 For the Destination Interface select Enable and select a Destination Interface port to mirror the data CAUTION When a port is configured as a destination probe port the switch does not forward or rece...

Page 80: ...ata is reported Allocated Memory Amount of memory available to the operating system OS Free Memory Amount of memory available to the OS that is currently free Total Memory Total system memory which includes the Allocated Memory plus free memory plus memory reserved for use by code and data sections of the software image Enabling Bonjour Bonjour enables the switch and the services enabled by the ad...

Page 81: ...abled the switch stops service type advertisements and does not respond Bonjour works in both IPv4 and IPv6 networks To enable the switch to be discovered through Bonjour STEP 1 Click Administration Discovery Bonjour in the navigation window STEP 2 Select Enable STEP 3 Click Apply LLDP MED The IEEE 802 1AB standard Link Layer Discovery Protocol LLDP describes a method by which stations residing on...

Page 82: ... global LLDP MED properties STEP 1 Click Administration Discovery LLDP MED Properties in the navigation window The LLDP MED specification defines two primary device classes Network Connectivity devices and Endpoint devices As indicated in the Device Class field the switch is classified as a Network Connectivity device STEP 2 For Asset ID enter the asset ID for the switch advertised in Inventory TL...

Page 83: ...pply Your changes are saved to the Running Configuration Configuring LLDP MED on a Port The LLDP for Media Endpoint Devices LLDP MED protocol provides extensions to the LLDP standard for network configuration and policy device location Power over Ethernet management and inventory management Use the LLDP MED Port Settings page to view and configure LLDP MED operation on ports To configure these set...

Page 84: ...evice This option appears only on switches that include the PoE features Inventory Hardware and software version information System Capabilities Identifies the basic functionality of the switch such as bridging NOTE The Application Type is included in the Network Policy TLV Application types include Voice Voice Signaling Guest Voice Guest Voice Signaling Softphone Voice Video Conferencing Streamin...

Page 85: ...ervice value associated with the network policy DSCP DSCP value for the network policy Tagged Network policy is defined for tagged VLANs The following switch parameters are advertised in Inventory TLVs Hardware Revision Switch hardware revision ID Firmware Revision Switch firmware revision number Software Revision Switch software revision number Serial Number Switch serial number Manufacturer Name...

Page 86: ...The following switch parameters are advertised in Location TLVs Subtype The supported type of location information civic ELIN or coordinate based Coordinates Switch GPS coordinates in hexadecimal format if coordinate based location information type is used ELIN Address The ELIN number if this location information type is used Country Country where the city is located if the civic location informat...

Page 87: ... advertisement Device Class Advertised class of the remote device You can select an entry and click Details to display additional information from the LLDP MED advertisement from the neighbor The Neighbor Information Details page displays the following information MED Capabilities Capabilities Supported Advertised capabilities of the device Capabilities Enabled Advertised capabilities that are ena...

Page 88: ...entified by using a geographic description of the location such as city street name and building name ELIN Switch location is identified by using the Emergency Location Identification Number of the switch Location Information Switch location information in the format specified by the Subtype field Extended PoE PoE Device Type If PoE functionality is advertised this field indicates whether the devi...

Page 89: ...identified hardware type or functionality To configure DHCP vendor option string STEP 1 Click Administration DHCP Options in the navigation window In addition to the vendor option and string the page displays the format that the switch uses when obtaining its timezone information from a DHCP server To configure the switch to acquire its timezone from DHCP see Time Settings If timezone information ...

Page 90: ...u can also use this page to configure flow control on the port To configure port settings STEP 1 Click Port Management Port Settings in the navigation window STEP 2 Select the interface to configure and then click Edit STEP 3 Specify the following for the selected port Administrative Status Select Up to enable the port or Down to disable it Auto Negotiation Select Enable to allow the switch autone...

Page 91: ... the switch can send a PAUSE frame to stop traffic on a port if the amount of memory used by packets on the port exceeds a preconfigured threshold The paused port does not forward packets for the period of time specified in the PAUSE frame When the PAUSE frame time elapses or memory utilization falls below a specified low threshold the switch enables the port to again transmit frames When the mode...

Page 92: ...ts When formed the LAG might include only a subset of the eligible ports depending on the port number limitations for LAGs and other factors Candidate ports that are not selected as active member ports of a LAG are standby ports A standby port may be selected as an active member when an active port in the same LAG fails The following topics provide additional information on the configuration pages...

Page 93: ...DUs to dynamically form the LAG Port List LAG Member To add or remove ports from a static LAG select each port and click the left or right arrow to move it between the Port and LAG Member lists STEP 3 Click Apply and then click Close Your changes are saved to the Running Configuration Configuring LAG Settings You can use the LAG Settings page to administratively enable or disable a LAG and configu...

Page 94: ...alanced using the Src and Dest MAC address MTU Specify the maximum transmission unit size in bytes The default MTU is 1518 and the range is between 1518 and bytes STEP 4 Click Apply and then click Close Your changes are saved to the Running Configuration Configuring LACP The switch uses the Link Aggregation Control Protocol LACP to automate the formation of dynamic LAGs LACP enabled ports send pro...

Page 95: ...f the link partner LACP Timeout The time after which an LACPDU is no longer valid Long or Short The Table also displays the LACP Aggregation LACP Passive and LACP timeout values for the port when the port is the Partner remote port To edit the LACP settings STEP 1 Select the port to configure and click Edit STEP 2 Configure the following settings for the selected port Mode Check the box to enable ...

Page 96: ...e following topics provide information on the configuration pages available in the Port Management PoE menu Configuring PoE Properties Configuring PoE Port Settings NOTE These configuration pages do not display on switches that do not support PSE functionality Configuring PoE Properties You can use the Properties page to configure whether the switch generates trap messages under certain conditions...

Page 97: ...ports If two or more port priorities are equal the port with the lower port number is given preference Reset Mode Select Enable to enable the switch initialize all PoE ports state machines STEP 3 Click Apply Your changes are saved to the Running Configuration NOTE This page displays the following data for PoE power on the switch Power The current power status If On the switch is currently providin...

Page 98: ...d ports For ports that have the same priority level the lower numbered port has higher priority For a system delivering peak power to a certain number of devices if a new device is attached on a high priority port power is shut down to a device on a low priority port and the new device is powered up Power Limit Type Select one of the following methods to limit the power that the switch provides to...

Page 99: ...tts Detection Type Select one of the following methods to detect PoE powered devices connected to the ports 802 3af 4point Resistive signature devices detected with the first algorithm that correspond to the updated IEEE 802 3at 2009 PoE standard also known as PoE It provides up to 51 W of power over a single cable by utilizing all four pairs in the Cat5 cable 802 3af 2point Resistive signature de...

Page 100: ...d When the port PHY is in low power mode the PHY wakes up after a certain period of time and sends link pulses to monitor for energy from the link partner If energy is detected while the port is in wake up mode the switch returns the port to normal operation When the wake up period expires the port returns to low power mode Energy Detect works whether the port has autonegotiation enabled or disabl...

Page 101: ...NOTE Energy Detect port settings are overridden if the global settings are subsequently changed see Configuring Green Ethernet Properties To configure Green Ethernet port settings STEP 1 Click Port Management Green Ethernet Port Settings in the navigation window The Settings page displays the following Energy Detect fields for each port Admin Indicates whether Energy Detect is enabled on the port ...

Page 102: ...nk up There is activity on the link Admin Down Energy detect mode is administratively disabled STEP 2 Select the port to configure and click Edit STEP 3 Select Energy Detect to administratively enable Energy Detect on the port STEP 4 Click Apply to save any changes to the Running Configuration ...

Page 103: ...LAN is a set of end stations and the switch ports that connect them You might have many reasons for the logical division such as department or project membership The only requirement is that the end station and the port to which it is connected both belong to the same VLAN s Each VLAN in a network has an associated VLAN ID which appears in the IEEE 802 1Q tag also known as VLAN tag in the Layer 2 ...

Page 104: ...be deleted A Static VLAN can be deleted However VLAN ID 1 cannot be deleted even if it is configured as a Static VLAN You can create up to VLANs and assign VLAN IDs up to 4094 To create a new VLAN or a range of VLANs STEP 1 Click Add STEP 2 Select VLAN and enter a VLAN ID Or create a range of VLANs by selecting Range and specifying the beginning and ending VLAN IDs in the range STEP 3 If you are c...

Page 105: ...of tagged VLANs or none Trunk ports carry traffic for multiple VLANs from the switch to other network devices such as an upstream router or an edge switch PVID General ports only The port VLAN ID indicates the default VLAN that the interface is a member of Set the PVID equal to a VLAN ID where the port is an untagged member For Access ports the PVID is automatically set to the Access VLAN ID For T...

Page 106: ... filtering is enabled the switch accepts frames only from the VLANs of which it is a member It discards frames received from other VLANs All ports in access or trunk mode will always have their Ingress Filtering enabled Disabling and enabling Ingress Filtering is only available on ports set to General Mode VLAN Priority The default 802 1p priority value for the port The value will be applied to th...

Page 107: ...N membership that provides the PVID for the port when the port is changed to an Access port it is removed from all the General port s VLANs and becomes an untagged member of the default VLAN The Access port PVID is set to the default VLAN The Access port admits only untagged or priority tagged packets Changing from Trunk Port to General Port The VLAN configuration remains unchanged As a General po...

Page 108: ...ember of one or more VLANs See Configuring Port VLAN Membership By default all ports are members of VLAN 1 You can change the VLAN membership of any port VLAN memberships can be configured as tagged or untagged If the switch receives an untagged frame from a VLAN the switch will insert a VLAN tag before forwarding the frame to the egress ports that are configured as tagged members of the VLAN If t...

Page 109: ...display either ports or LAGs STEP 3 For each interface configure the following parameters Member Check this box if a port is to be member of the VLAN Uncheck this box if a port is not to be member of the VLAN A port is not member of the VLAN by default Tagged Select Tagged if all the packets of the VLAN egress to the port are to be tagged Otherwise select Untagged A trunk port is tagged by default...

Page 110: ...N in the Selected list and then click the left arrow button to move it to the Available list Tagging and PVID Properties Depending on the interface VLAN mode Trunk Access or General when you select a VLAN in the Available list you can specify the following properties for the interface before moving the VLAN to the Selected list for the interface Membership The interface can be configured as a tagg...

Page 111: ...to the VID STEP 4 Click Apply and then click Close Your changes are saved to the Running Configuration Setting the Default VLAN By default the switch automatically creates VLAN 1 as the default VLAN for all ports and link aggregation groups LAGs If a port has no VLAN memberships the switch automatically configures it as a member of the default VLAN You can use the Default VLAN Settings page to cha...

Page 112: ...anism for voice packets so that they can be prioritized above data packets The Voice and Media feature identifies VoIP streams in Ethernet switches and provides them with a better Class of Service CoS than ordinary traffic The switch supports two types of Voice and Media Protocol based Identifies a VoIP session using the Session Initiation Protocol SIP and H 323 control traffic and assigns these p...

Page 113: ...c to a voice VLAN See Configuring OUI Based Voice and Media for instructions on associating the VLAN with an IEEE 802 1p priority and enabling ports for Voice and Media To add a new OUI description STEP 1 Click Add STEP 2 Specify the following values Telephony OUI Enter a 3 octet identifier for the telephony application Description Enter a description of the service such as the vendor name or tele...

Page 114: ...witch see Creating VLANs STEP 4 In the Priority field specify the IEEE 802 1p Class of Service CoS priority level for VoIP traffic STEP 5 Click Apply Your changes are saved to the Running Configuration STEP 6 In the Telephony OUI Based Interface Settings Table select an interface to configure and then click Edit NOTE Set the an auto VoIP port to be a General port not a Trunk or Access port STEP 7 ...

Page 115: ...g different priorities to traffic enables separation of media and data traffic coming into a port The Media VLAN feature helps to ensure that the sound or video quality of an IP phone or video device is safeguarded from deterioration when data traffic on the port is high The inherent traffic isolation provided by VLANs ensures that inter VLAN traffic is under management control and that network at...

Page 116: ...ce g1 but can be on Media VLAN 10 on interface g2 The Media VLAN Interface Settings Table displays each media traffic type that can be enabled and shows its status and settings on the selected port To configure Media VLAN applications STEP 1 Click VLAN management Voice and Media Media VLAN in the navigation window STEP 2 Select Enable for Admin Mode to globally enable this feature on the switch an...

Page 117: ... and then choose a VLAN ID from the list Uncheck the box to disable this feature Priority and Priority Value Select Enable to prioritize packets of the selected application Then enter an IEEE 802 1p class of service priority tagging value for Media VLAN traffic The priority tag range is 0 7 DSCP and DSCP Value Select Enable to specify a DSCP for the selected application Then enter a DSCP value for...

Page 118: ...ect network performance and confuse forwarding algorithms Each STP enabled bridge exchanges Bridge Protocol Data Units BPDUs with other bridges BPDUs identify the bridge port MAC addresses and the priority and cost associated with each port STP uses this information to build a topology that provides one active path between any two stations on the network Duplicate paths between those stations are ...

Page 119: ...RSTP IEEE 802 1D 2004 or IEEE 802 1w provides protocol enhancements that enable a network to more quickly achieve an optimal STP topology Spanning tree is enabled by default and set to be RSTP Configuring STP Status and Global Settings You can use the STP Status Global Settings page to enable STP select the STP mode of operation and configure bridge priority settings You can also view status infor...

Page 120: ...switch with the lowest bridge identifier becomes the root bridge The bridge priority must be a multiple of 4096 If you specify a priority that is not a multiple of 4096 the priority is automatically set to the next lowest multiple of 4096 For example if you attempt to set the priority to any value between 0 and 4095 it will be set to 0 The default priority is 32768 The valid range is 0 61440 CST B...

Page 121: ...ot Topology Changes Count The total amount of STP state changes that have occurred Last Topology Change The total amount of time since the last topographic change STEP 3 Click Apply Your changes are saved to the Running Configuration Configuring STP Interface Settings The STP Interface Settings page assigns STP properties to individual ports or LAGs These settings are applicable to both the Classi...

Page 122: ...n spanning tree ports to all other non spanning tree ports Path Cost Specify the port path cost The cost of a path to the root bridge is the sum of the costs of all ports in the path The path cost is used by CST and RSTP to forward traffic when a path is being rerouted Select Use Default to set the path cost to the port speed Or select User Defined to set a custom value between 0 and 200 000 000 A...

Page 123: ...r of the bridge that offers the lowest root path cost to a LAN The ID is a concatenation of the bridge priority and the base MAC address of the bridge Designated Port ID Port identifier on the Designated Bridge that offers the lowest root path cost to the LAN The ID is a concatenation of the port priority and the interface number of the port Designated Cost The root path cost from the designated b...

Page 124: ...gnated bridge in the LAN Alternate Provides an alternate path to the root bridge from the root interface Backup Provides a backup path to the designated port path toward the Spanning Tree leaves Backup ports occur only when two ports are connected in a loop by a point to point link or when a LAN has two or more connections connected to a shared segment Disabled The port is not participating in the...

Page 125: ...Spanning Tree RSTP Interface Settings Cisco Small Business SG200 Series 8 port Smart Switch 125 6 MSTP Instance Settings MSTP Interface Settings ...

Page 126: ...Spanning Tree RSTP Interface Settings Cisco Small Business SG200 Series 8 port Smart Switch 126 6 ...

Page 127: ...ods the packets to the VLAN excluding the ingress port It includes the following topics Configuring Static MAC Addresses Configuring the Aging Time for Dynamic Addresses Dynamic MAC Addresses Configuring Static MAC Addresses The Static Addresses page displays a list of MAC addresses that are manually configured into the bridging table of the switch A static MAC address is also associated with a VL...

Page 128: ... is treated like a dynamically learned MAC address See the Dynamic Address Settings to set the aging period Secure When this status is selected the MAC address is secured and is used in conjunction with the Port Security feature When a MAC address is secured at a port packets that originate from the MAC address can only be ingressed from the secured port Otherwise the packets are discarded If port...

Page 129: ... MAC address of an incoming packet the switch learns the MAC address the VLAN and the ingress port of the packet and adds an entry to the Dynamic Address table To prevent the bridging table from overflowing and to make room for new addresses an address is deleted from the bridging table if no traffic is received from a dynamic MAC address for the configured aging period see Configuring the Aging T...

Page 130: ... which the MAC address was learned Frames are forwarded to the interface only if they are associated with this VLAN MAC Address The dynamically learned MAC address Interface The port on which the MAC address was dynamically learned Frames specifying this MAC address and VLAN as the destination are forwarded out to this port Click Clear Table to clear all dynamic MAC address entries from the table ...

Page 131: ...hosts and routers making them ideal for use in applications such as video and audio conferencing whiteboard tools and stock distribution tickers The switch maintains a multicast forwarding table to make forwarding decisions for packets that arrive with a multicast destination MAC address When multicasts are restricted only to specified ports traffic is prevented from going to parts of the network ...

Page 132: ...ulticast Mode setting to set all VLANs currently configured on the switch to a selected forwarding mode The global setting does not create a default setting for VLANs created subsequently it simply ensures that all existing VLANs are configured with the specified mode You can also configure how the switch forwards multicast packets on an individual or per VLAN basis Configuring a Multicast Forward...

Page 133: ... click Edit STEP 2 Select the Multicast Mode as described in Configuring a Multicast Forwarding Mode on all VLANs STEP 3 Click Apply and then click Close Your changes are saved to the Running Configuration Configuring MAC Group Addresses The MAC Group Address page enables you to view and configure associations between multicast group MAC address and VLANs on the switch You can configure static ass...

Page 134: ...multicast MAC address MAC Group Address Multicast group MAC address in hexadecimal format that is compared to an incoming packet destination MAC address Adding a Static MAC Group Address Table Entry To add a static multicast MAC address and associate it with a VLAN STEP 1 Click Add on the MAC Group Address page STEP 2 Enter the parameters VLAN ID Select a VLAN from the list Address Type Select IPv...

Page 135: ...lticast Address STEP 3 Click Apply and then click Close Your changes are saved to the Running Configuration Configuring Group to Port The Group to Port page enables you to configure associations between VLANs and multicast group MAC address on the switch You can configure static associations or they can be learned dynamically through IGMP or MLD snooping see the IGMP Snooping page to configure the...

Page 136: ...is referred to as IGMP snooping This is particularly beneficial for high bandwidth multicast network traffic Ordinarily when the switch receives broadcast or multicast packets the switch forwards a copy into each of the remaining network segments This approach works well for broadcast packets that are intended to be processed by all connected nodes For multicast packets however this approach could...

Page 137: ...me in seconds that the switch waits for an IGMP membership report from a particular group on a particular interface before deleting the interface from the multicast forwarding database entry Select Default to specify 260 seconds or select User Defined and enter a value in the range 2 to 3600 seconds IGMP Max Response Time Specify the time in seconds that the switch waits for a reply after sending ...

Page 138: ...nabled the switch selectively forwards IPv6 multicast packets to a list of ports that want to receive the data instead of flooding the packets to all ports in the VLAN This list is constructed by snooping IPv6 multicast control packets NOTE The switch supports MLD snooping of MLD version 1 and version 2 packets The switch can be configured to perform MLD snooping and IGMP snooping simultaneously M...

Page 139: ...e from the multicast forwarding database entry Select Default to specify 260 seconds or select User Defined and enter a value in the range 2 to 3600 seconds MLD Max Response Time Specify the time in seconds that the switch waits for a reply after sending a query on an interface because it did not receive a report for a particular group in that interface This value must be less than the MLD Group M...

Page 140: ...GMP Mrouter interface and to configure related settings STEP 1 Click Multicast IGMP Mrouter in the navigation window By default the IGMP MRouter Table lists each switch port To show LAGs select LAG from the Interface Type list STEP 2 Select the port or LAG that you want to configure and click Edit STEP 3 Select Enable for the Mode STEP 4 To specify the VLANs that use this interface as the IGMP Mro...

Page 141: ... switch port or LAG as an MLD Mrouter interface STEP 1 Click Multicast MLD Mrouter in the navigation window By default the MLD MRouter Table lists each switch port To show LAGs select LAG from the Interface Type list STEP 2 Select the port or LAG to configure and click Edit STEP 3 Select Enable for the Mode STEP 4 Move VLAN IDs between the Available and Selected lists VLANs in the Selected list us...

Page 142: ...o display ARP entries learned by the management VLAN To display this page click IP Configuration ARP in the navigation window You can click Clear ARP to delete all entries from the table except for the management port IP address and MAC address Domain Name System The switch supports IPv4 DNS client functionality When enabled as a DNS client the switch provides a hostname lookup service to other ap...

Page 143: ...ck IP Configuration Domain Name System DNS Servers in the navigation window STEP 2 Select Enable to implement DNS client functionality on the switch if it is not already enabled STEP 3 Enter the following parameters Default Domain Name Specify a domain name to be used to complete an unqualified hostname For example finance yahoo com is a fully qualified domain name If only the unqualified hostname...

Page 144: ...between hostnames and IP addresses You can statically associate a hostname with an IP address You can also view hostnames that have been learned dynamically through applications that use the DNS lookup service NOTE If you configure a static hostname and IP address and that same hostname IP address mapping is later learned from DNS the entry becomes dynamic and it is no longer saved as a static ent...

Page 145: ...rved for this assignment Elapsed Number of minutes that have elapsed since the hostname was assigned Type Identifies the hostname as one of the following IP Address The assigned hostname is associated with an IP address Canonical The assigned hostname is an alias or nickname for a properly denoted official hostname For example www google com might be a hostname alias associated with the official h...

Page 146: ...ble networks for authenticating users prior to access To authenticate users in a secure manner a RADIUS client and RADIUS server are configured with the same shared password or secret This secret is used to generate one way encrypted authenticators that are present in all RADIUS packets Without knowledge of the secret the possibility of a malicious user correctly spoofing packets is sufficiently r...

Page 147: ...ess Select to enable the switch to include the network access server NAS attribute in Access Request RADIUS server packets If this option is disabled the RADIUS client uses the switch management port address as the NAS IP Address NAS IP Address IP address to include in Access Request packets This field is editable only when RADIUS Attribute 4 is enabled The address should be unique to the NAS with...

Page 148: ...ween the switch and the RADIUS server This secret must match the secret configured on the RADIUS server This must be an ASCII alphanumeric value between 32 to 176 characters Authentication Port Port number used for RADIUS authentication requests and replies The default port 1812 is the well know IANA port number for RADIUS authentication services The range is 1025 to 65535 The default is1812 Messa...

Page 149: ...st chose a new password before continuing Password Exclude Keyword Check Select Enable to check for preconfigured keywords in a password when a user attempts to create or change the password The preconfigured keywords are cisco and ocsic Password User Name Check Select Enable to prevent users from including their user name in their password when they create or change it Character Can Repeat Itself...

Page 150: ...gned to that profile Configuring an Access Profile and Rules To create an access profile and assign rules to it STEP 1 In the Access Profile Table click Add STEP 2 Specify the Access Profile Name and select Enable STEP 3 Click Apply and then click Close The new profile appears in the Access Profile Table Next add the rules to the profile STEP 4 In the Profile Rule table click Add STEP 5 Specify an...

Page 151: ...ity for instructions Action Select the action to be performed when the rules criteria is matched Permit The specified interface user or IP address is permitted access to the switch that would otherwise be explicitly forbidden by a deny rule Deny The specified interface user or IP address is denied access to the switch Applies to Interface Select All to apply this rule to all interfaces ports and L...

Page 152: ...hanges re enable the access profile To delete an access profile after disabling it STEP 1 Select the profile in the Access Profile Table STEP 2 Click Delete To delete a profile rule after disabling the access profile STEP 1 Select the rule in the Profile Rule Table STEP 2 Click Delete To modify a profile rule after disabling the access profile STEP 1 Select the rule in the Profile Rule Table and c...

Page 153: ...cess Accept or Access Reject frames If the switch cannot reach the server the request is denied RADIUS None Authentication requests are passed to a RADIUS server that replies with RADIUS Access Accept or Access Reject frames If the switch cannot reach the server then no authentication method is used and the request is accepted RADIUS Local Authentication requests are passed to a RADIUS server If t...

Page 154: ...ity Storm Control in the navigation window STEP 2 Select the port to configure and click Edit STEP 3 For broadcast multicast and unicast traffic specify the following storm control parameters for the selected port Mode Select Enable to turn on storm control protection for the traffic type Rate Threshold Type Select the measurement the switch uses to determine whether traffic exceeds the threshold ...

Page 155: ...s secured at the port All other packets are discarded This includes discarding any packet from a port with a source MAC address that is secured at another port A secure MAC address can be statically configured or dynamically learned The maximum number of secure MAC addresses at a secured port is 256 Static secure MAC addresses are configured using the Static Addresses page Both static and dynamic ...

Page 156: ...ction is taken for either the dynamic or static addresses If the new value is less than the old value the following actions are taken Dynamic Addresses The switch initiates a flush of all learned addresses on the port Static Addresses The switch retains the static addresses up to the static limit regardless of whether the addresses are configured as secure permanent or delete on timeout It then de...

Page 157: ...figuring static addresses See Configuring Static MAC Addresses Be sure to set the Status field for the entry to Secure You can click Port Security Table to redisplay the Port Security page 802 1X Local Area Networks LANs are often deployed in environments that permit unauthorized devices to be physically attached to the LAN infrastructure or permit unauthorized users to attempt to access the LAN t...

Page 158: ...ge exchanges between supplicants and authenticators A switch port can be configured either as an authenticator or a supplicant but not both See the following topics for more information on the configuration pages available in the Security 802 1X menu Defining 802 1X Properties Modifying Port PAE Capabilities Configuring Port Authentication Configuring Supplicant Port Authentication Displaying Auth...

Page 159: ... above If the switch cannot reach any servers it performs the authentication locally see previous description of Local NOTE When the Radius None or the Radius Local option is selected None or Local is used only if the Radius Server specified is incorrect or it is not specified if it is correct but the credentials are incorrect the authentication fails and does not fall back to the None or the Loca...

Page 160: ...e set to Authenticator To enable a port as an authenticator see Modifying Port PAE Capabilities To edit a port authenticator settings STEP 1 Click Security 802 1X Port Authentication in the navigation window The Port Authentication Table displays the current configuration of each port STEP 2 Select the port to configure and click Edit STEP 3 Enter the parameters Local Database User Name Use the le...

Page 161: ...ng Authenticating Authenticated Aborting Held Force Authenticate and Force Unauthenticate Quiet Period Amount of time that the switch remains in the quiet state following a failed authentication exchange During the quiet period the switch does not accept or initiate authentication requests Change the default value of this command only to adjust for unusual circumstances such as unreliable links or...

Page 162: ...nt port authentication STEP 1 Click Security 802 1X Supplicant Port Authentication in the navigation window STEP 2 Select the port to configure and click Edit The Current Port Control field shows the current authorization mode for the port STEP 3 Configure the following Administrative Port Control Select the port authorization mode The possible values are Force Unauthorized Denies the selected int...

Page 163: ...following information for each host Port Port used for authentication User Name User name of the host Supplicant MAC Address Supplicant device MAC address Session Time Time since the supplicant logged in Session Timeout Time that the given session is valid The time period in seconds is returned by the RADIUS server on authentication of the port Authentication Method Local A user ID and password co...

Page 164: ...or more queues for transmitting packets to the attached network Multiple queues per port are often configured to give preference to certain packets over others based on a user defined criteria When a packet is queued for transmission in a port the rate at which it is serviced depends on how the queue is configured and possibly the amount of traffic present in the other queues for the port If a del...

Page 165: ...is considered a trusted port A port that is configured to use its own priority value rather than the value encoded in the frame or packet to make queue assignment decisions is considered untrusted If a port is configured as trusted but the frame or packet does not have priority information the default port priority is assigned to the packet The default port priority is zero You can use the Interfa...

Page 166: ... tagged STEP 5 Click Apply and then click Close Your changes are saved to the Running Configuration Defining Queues You can use the Queue page to configure how the traffic scheduler determines which queue has access to the egress port A queue can be configured in strict priority mode or Weighted Round Robin WRR mode By default all queues are strict priority queues Packets are transmitted according...

Page 167: ...q7 q6 and q5 are configured in strict mode with q4 q3 q2 and q1 in WRR mode When there are more ingress ports with traffic destined to different queues on egress ports a system might encounter a Head of Line Blocking HOL condition HOL could result in higher numbered queues getting more bandwidth although higher numbered queues are configured with lower bandwidth and weight It is always recommended...

Page 168: ...g CoS 802 1p Priorities to Queues The priority of a packet arriving on an interface might be identified by an IEEE 802 1p priority value in the Ethernet frame header 802 1p specifies eight priority levels 0 7 Use the CoS 802 1p to Queue page to map these priority levels to the four CoS queues to steer packets to the appropriate outbound queue Queue1 has the lowest priority and queue 4 has the high...

Page 169: ... Priorities to Queues Cisco Small Business SG200 Series 8 port Smart Switch 169 11 NOTE If you click Restore Defaults the following mappings are applied to the selected interface 802 1p Priority Output Queue 0 1 1 1 2 2 3 3 4 3 5 4 6 4 7 4 ...

Page 170: ...priority NOTE IP Precedence to queue mapping is configured per interface Configure these mapping values on the incoming interface To map IP precedence values to queues STEP 1 Click Quality of Service IP Precedence to Queue in the navigation window STEP 2 Select from the Interface drop down menus the Port or the LAG to configure STEP 3 For each IP Precedence value select a queue from the Output Que...

Page 171: ...ny one of 64 values 0 63 You can use the DSCP to Queue page to map these values to the four egress queues Queue 1 has the lowest priority and queue 4 has the highest priority DSCP mapping settings are applied globally to all ports To map DSCP values to queues STEP 1 Click Quality of Service DSCP to Queue in the navigation window STEP 2 For each Ingress DSCP value select a queue from the Output Que...

Page 172: ...ne or more rate limit profiles Profiles specify the criteria that determines when the rate limit is exceeded Then you assign rate limit profiles to interfaces see Applying Rate Limit Profiles to Interfaces To add an entry to the Rate limit Profile Table STEP 1 Click Quality of Service Rate Limit Profile in the navigation window STEP 2 Click Add STEP 3 Enter the parameters Profile ID Specify any nu...

Page 173: ...ofile to an interface STEP 1 Click Quality of Service Interface Rate Limit in the navigation window STEP 2 Use the Interface Type list to display Ports or LAGs in the Interface Rate Limit Table STEP 3 Select the interface to configure and click Edit STEP 4 Add or remove a profile To assign a profile to this interface click the profile ID in the Available list and then click the right arrow button ...

Page 174: ...on over increments of time To configure traffic shaping on a port or LAG STEP 1 Click Quality of Service Traffic Shaping in the navigation window STEP 2 Use the Interface Type menu to display Ports or LAGs in the Traffic Shaping Settings table STEP 3 Select the interface to configure and click Edit STEP 4 For the selected Port or LAG enter the output rate limit as a percentage of the total bandwid...

Page 175: ... Inc and or its affiliates in the U S and other countries A listing of Cisco s trademarks can be found at www cisco com go trademarks Third party trademarks mentioned are the property of their respective owners The use of the word partner does not imply a partnership relationship between Cisco and any other company 1005R ...

Reviews:

No comments

Brands by name

Popular brands

Load more brands