manualshive.com logo in svg

Cisco SG200 Series, Administration Manual

The Cisco SG200 Series Administration Manual is a comprehensive and user-friendly guide for managing and optimizing your Cisco SG200 Series switches. This manual is available for free download from our website, ensuring easy access to all the necessary information you need to effectively administer your network devices.

Share
Download
background image

Security

Password Strength

Cisco Small Business SG200 Series 8-port Smart Switches Administration Guide 

137

11

 

Password Strength

You can use the 

Password Strength

 page to configure characteristics of secure 

management user passwords. 

To configure password strength settings: 

STEP 1

Click 

Security

 > 

Password Strength

 in the navigation window.

STEP  2

Enter the following parameters:

Minimum Password Length

—The minimum number of characters required 

for a management user password. Specify 0 to set the password length to a 
range of 1–7 characters. Or set a specific password length to a value in the 
range 8–64 characters.

Password Aging Time

—Select the checkbox and enter the time after which 

a password expires, from 1–365 days. When a password expires, the user 
must enter a new password before continuing.

STEP  3

Select Enable for the Strength Check field to configure the types of checks to be 
performed:

Password Exclude Keyword Check

—Select Enable to enable the switch 

check whether preconfigured keywords are used in a password when when 
a user attempts to create or change the password. The preconfigured 
keywords are 

cisco

 and 

ocsic

.

Password User Name Check

—Select Enable to prevent users from 

including their user names in their passwords when they create or change 
them.

Character Can Repeat Itself Consecutively a Maximum of 3 Times

Select Enable to enable the switch to check whether any character in the 
password is repeated consecutively more than three times.

Minimum Number of Character Classes

—Select the checkbox and enter 

the minimum number of character classes that must be represented in the 
password string. The four possible character classes are: uppercase letters, 
lowercase letters, numbers, and special characters available on a standard 
keyboard.

STEP  4

Click 

Apply

 and then click 

Close

. Your changes are saved to the Running 

Configuration.

Summary of Contents for SG200 Series

Page 1: ...Cisco Small Business SG200 Series 8 port Smart Switch ADMINISTRATION GUIDE ...

Page 2: ...Header 11 Other Resources 12 Navigation Window 13 Management Buttons 13 Chapter 2 Viewing Statistics 16 System Summary 16 Displaying the System Summary 16 Configuring System Settings 19 Interface Statistics 20 Etherlike Statistics 21 802 1X EAP Statistics 22 IPv6 DHCP Statistics 23 RADIUS Statistics 24 Statistics 25 Logs 26 RAM Memory Log 27 Flash Memory Log 28 Chapter 3 Administration 30 Configur...

Page 3: ...onfiguring the SNTP Setting 42 Configuring SNTP Authentication 46 System Logs 47 Configuring Log Settings 47 Configuring Remote Log Servers 49 File Management 50 Upgrading and Backing Up Firmware and Language Files 51 Downloading and Backing Up the Configuration and Log Files 53 Downloading a Configuration File to Restore Settings 53 Backing Up the Configuration File and Logs 54 Delete Configurati...

Page 4: ...lobal LLDP MED Properties 72 Configuring LLDP MED on a Port 73 LLDP MED Port Status Details 75 LLDP MED Neighbor Information 77 Configuring DHCP Client Vendor Options 79 Chapter 4 Port Management 80 Configuring Port Settings 80 Link Aggregation 81 Configuring LAGs 82 Configuring LAG Settings 83 Configuring LACP Settings 84 Configuring PoE 85 Configuring PoE Properties 85 Configuring PoE Port Setti...

Page 5: ...and Media 103 Configuring SIP H323 Based Voice and Media 104 Media VLAN 105 Auto VoIP Sessions 107 Chapter 6 Spanning Tree 108 Overview of Spanning Tree 108 Configuring STP Status Global Settings 109 Configuring Global and Bridge Settings 109 Configuring STP Interface Settings 111 RSTP Interface Settings 113 Chapter 7 MAC Address Tables 115 Configuring Static MAC Addresses 115 Configuring the Agin...

Page 6: ...figuration 129 ARP Table 129 Domain Name System 129 Configuring DNS Servers 130 Configuring Global DNS Settings 130 Adding DNS Servers 131 Hostname Mapping 131 Configuring Static DNS Mappings 131 Viewing and Deleting Dynamic DNS Entries 132 Chapter 10 Security 133 RADIUS 133 Configuring Global RADIUS Settings 134 Adding a RADIUS Server 134 Password Strength 136 Management Access Profile Rules 137 ...

Page 7: ...plicant Port Authentication 149 Displaying Authenticated Hosts 150 Chapter 11 Quality of Service 151 QoS Properties 152 Defining Queues 153 Queue Configuration Recommendations 154 Configuring Queues 154 Mapping CoS 802 1p Priorities to Queues 155 Mapping IP Precedence to Queues 156 Mapping DSCP Values to Queues 157 Defining Rate Limit Profiles 158 Applying Rate Limit Profiles to Interfaces 159 Tra...

Page 8: ...net and click Sites Click Advanced and then click Add Add the intranet address of the switch http ip address to the local intranet zone The IP address can also be specified as the subnet IP address so that all addresses in the subnet are added to the local intranet zone If you are using Internet Explorer 6 you cannot directly use an IPv6 address to access the switch You can however use the Domain ...

Page 9: ...efault configuration the web based switch configuration utility appears in the default language After you log in you can download additional languages by using the Upgrade Backup Firmware Language page STEP 2 If this is the first time that you logged on with the default user name cisco and the default password cisco or your password has expired the Change Admin Password page opens Enter the new pa...

Page 10: ...e type before logging off to preserve any changes you made during this session A red X icon displayed to the left of the Save button indicates that Running Configuration changes have been made that have not yet been saved to the Startup Configuration file type When you click Save the page displays see Downloading and Backing Up the Configuration and Log Files Save the Running Configuration by copy...

Page 11: ... Quick Access Change Device Password User Accounts Upgrade Device Software Upgrade Backup Firmware Language Backup Device Configuration Download Backup Configuration Log Configure QoS QoS Properties Configure Port Mirroring Port Mirroring Links on the Getting Started Page Continued Category Link Name on the Page Linked Page Buttons Button Name Description The Syslog Alert Status button red circle ...

Page 12: ...uration by copying it to the Startup Configuration file type After this save the red X icon and the Save button are no longer displayed When the switch is rebooted it copies the Startup Configuration file type to the Running Configuration and sets the switch parameters according to the data in the Running Configuration User The name of the user logged on to the switch The default user name is cisc...

Page 13: ...d to display the related page links Management Buttons The following table describes the commonly used buttons that appear on various pages in the system Management Buttons Button Name Description Depending on the number of pages and the currently displayed page use these features to navigate through the pages of the table Click to go to the first page click to go to the previous page click to go ...

Page 14: ...entered on the selected page Note Your changes are applied to the running configuration only If the switch is rebooted the running configuration is lost To save your changes to the startup configuration click Save For more information see Copying and Saving Configuration Files Cancel Click to undo the changes that you made on the page and to reset the values to the previously applied entries Clear...

Page 15: ...ntry in the table to be deleted and click Delete The entry is deleted Details Click to display details associated with the entry selected on the main page Edit Select an entry and click Edit to open it for editing The Edit page opens and the entry can be modified Click Apply to save the changes to the Running Configuration Note that there is no message to confirm that the parameters have been save...

Page 16: ...sortable message appears below a table each column heading is a sort button Click a column heading to sort the records in ascending order based on the contents of the selected column After the sort is applied an arrow appears in the column heading You can click this arrow to reverse the sort order Management Buttons Continued Button Name Description ...

Page 17: ... page displays basic information such as the hardware model description software version langauge packs and system up time Displaying the System Summary To view system information click Status and Statistics System Summary in the navigation window Or click System Summary under Device Status on the Getting Started page The System Summary page displays the following information System Description A ...

Page 18: ...n displays for the switch Serial Number Serial number of the switch PID VID Part number and version ID Maximum Available Power W PoE switches only Maximum available power that can be delivered by the PoE ports Firmware Version Firmware version number of the active image Firmware MD5 Checksum MD5 checksum of the active image Boot Version Version of the boot code Boot MD5 Checksum MD5 checksum of th...

Page 19: ...ion about the languages available on the switch A language can be selected by the administrator when logging into the configuration utility English is the default language and it is built into the software You can use the Upgrade Backup Firmware Language page to download additional language packs Language files are available from the Cisco firmware download page The Language Pack Table displays th...

Page 20: ...mmary The System Settings page opens STEP 2 Click Edit to modify the following settings System Location Enter the location where the switch is physically located System Contact Enter the name of a contact person Hostname Enter the hostname Use only letters digits and hyphens Host names cannot begin or end with a hyphen No other symbols punctuation characters or blank spaces are permitted as specif...

Page 21: ...selected interface since the switch was last refreshed Multicast Packets Total number of multicast packets transmitted or received on the selected interface since the switch was last refreshed Broadcast Packets Total number of broadcast packets transmitted or received on the selected interface since the switch was last refreshed Packets with Errors Total number of packets with errors received on t...

Page 22: ...llision Frames Signal collision frame errors received Late Collisions Late collision frames received Excessive Collisions Excessive collision frames received Multiple Collisions Multiple collision frames received Oversize Packets Packets received that were longer than 1518 octets excluding framing bits and including FCS octets and were otherwise well formed Internal MAC Receive Errors Internal MAC...

Page 23: ...umulative since the last time the page was refreshed The following information displays for the selected interface EAPOL Frames Received Valid Extensible Authentication Protocol over LAN EAPOL frames received on the port EAPOL Frames Transmitted EAPOL frames transmitted through the port EAPOL Start Frames Received EAPOL Start frames received on the port EAPOL Logoff Frames Received EAPOL Logoff fr...

Page 24: ...packets To display this page click Status and Statistics IPv6 DHCP Statistics in the navigation window Select a refresh rate for the page The page displays the following statistics which are cumulative since the last time the page refreshed DHCPv6 Advertisement Packets Received DHCPv6 Reply Packets Received Received DHCPv6 Advertisement Packets Discarded Received DHCPv6 Reply Packets Discarded DHC...

Page 25: ...ver Access Accepts Number of Authentication Request packets accepted by the RADIUS server Access Rejects Number of Authentication Request packets rejected by the RADIUS server Access Challenges Number of Access Challenge packets sent by the RADIUS server to the switch Malformed Access Responses Number of reply packets from the RADIUS server that were malformed Bad Authenticators Number of Authenti...

Page 26: ...ed on the interface since the switch was last refreshed Packets Received Packets received on the interface including bad packets multicast and broadcast packets since the switch was last refreshed Broadcast Packets Received Good broadcast packets received on the interface since the switch was last refreshed This number does not include multicast packets Multicast Packets Received Good multicast pa...

Page 27: ... frames received on the interface since the switch was last refreshed Frames of 512 to 1023 Bytes 512 byte to 1023 byte frames received on the interface since the switch was last refreshed Frames of 1024 to 1518 Bytes 1024 byte to 1518 byte frames received on the interface since the switch was last refreshed Logs The switch generates messages to identify the state of the system and to assist in di...

Page 28: ...he following fields Log Index Numeric ID for the log entry Log Time Time at which the log was entered in the Log RAM Table Severity The log severity can be one of the following Emergency 0 System is unusable Alert 1 Action must be taken immediately Critical 2 Critical conditions Error 3 Error conditions Warning 4 Warning conditions Notice 5 Normal but significant conditions Informational 6 Informa...

Page 29: ...created log file the Version 2 log is the next most recent and the Version 3 log is the oldest When a new log of the specified type is created the Version 3 log is deleted and the Version 1 and Version 2 logs are renamed to Version 2 and Version 3 respectively When a different version and log is selected the new log automatically displays in the Flash Memory Log Table When the table contains the m...

Page 30: ...Component Software component that produced the log entry Description The log description NOTE You can click Clear Logs to remove all log entries from flash memory You can click Backup Logs to open the Download Backup Configuration Log page where you can use TFTP or HTTP to back up the log files to a TFTP server or network location For more information see Backing Up the Configuration File and Logs...

Page 31: ...contains the following topics Configuring System Settings Management Interface Managing User Accounts Enabling Management Services Configuring the Idle Session Timeout Login Sessions Login History Time Settings System Logs File Management Rebooting the Switch Pinging Hosts Configuring Control Packet Forwarding Diagnostics Enabling Bonjour LLDP MED Configuring DHCP Client Vendor Options ...

Page 32: ...ameters System Location Description of the physical location of the switch The characters and are not supported System Contact Contact person for the switch Hostname Administratively assigned name for this managed node By convention this is the fully qualified domain name of the node The default hostname is switch concatenated with the last 6 hex digits of the MAC address of the switch Hostname la...

Page 33: ...ing an IPv6 Management Interface Viewing and Adding IPv6 Neighbors Configuring an IPv4 Management Interface You can use the IPv4 Interface page to configure the management VLAN and IPv4 address To configure the IPv4 management interface STEP 1 Click Administration Management Interface IPv4 Interface in the navigation window STEP 2 Select a management VLAN from the list A port must be a member of t...

Page 34: ...ddress is 192 168 1 254 24 with default gateway192 168 1 1 If the IP Address Type is set to Static specify the following IP Address Enter an IPv4 address Mask Enter a 32 bit network mask for example 255 255 255 0 Or select Prefix Length and specify the number of bits 0 32 that make up the network prefix for example 24 Default Gateway Select User Defined and specify the default gateway IP address f...

Page 35: ... and autoconfigure the global part of the address DHCPv6 Select to enable the switch to obtain its IPv6 address es from a DHCPv6 server IPv6 Gateway Enter the link local address of the IPv6 router where the switch should send IPv6 packets destined for a device outside the subnet STEP 3 Click Apply Your changes are saved to the Running Configuration You can click Cancel to clear the changes Adding ...

Page 36: ...covery process to identify the default router for communicating with devices outside the local IPv6 subnet The default router in IPv6 networks is similar in function to the default router in IPv4 networks The IPv6 Default Router table lists the default router IP address for each IPv6 management address A default router address consists of the link local address of the IPv6 interface on the subnet ...

Page 37: ...properly Age Updated The time in seconds that has elapsed since an entry was added to the cache Type Neighbor discovery cache information entry type static or dynamic You can click Clear Dynamic Neighbors to clear the table Adding Static IPv6 Neighbors The switch supports up to 16 static IPv6 neighbor entries To add a static neighbor STEP 1 Click Add STEP 2 Enter an IPv6 global address not includi...

Page 38: ...ength as follows Red The password fails to meet the minimum complexity requirements The text Below Minimum displays to the right of the meter Orange The password meets the minimum complexity requirements but the password strength is weak The text Weak displays to the right of the meter Green The password is strong The text Strong displays to the right of the meter The Apply button will not be avai...

Page 39: ...word you can temporarily disable the password strength check feature to allow configuring a password that does not meet the strength check criteria Click Disable Password Strength Enforcement and then click OK when the warning displays To disable the password strength check feature for all users or to configure its characteristics use the Password Strength page STEP 4 Click Apply and then click Cl...

Page 40: ... display this page click Administration Idle Session Timeout in the navigation window The inactivity timeout for HTTP sessions can be from 1 to 60 minutes The default value is 10 minutes If you change the value click Apply to save your change to the Running Configuration Login Sessions The Login Sessions page displays active management login sessions To display this page click Administration Login...

Page 41: ...me stamping service for switch software events such as message logs You can configure the system clock manually or configure the switch as a Simple Network Time Protocol SNTP client that obtains the clock data from a server See the following topics for information on the configuration pages available in the Administration Time Settings menu Setting System Time Configuring the SNTP Setting Configur...

Page 42: ...of hours and minutes difference between the local time zone and Greenwich Mean Time GMT STEP 4 In the Time Zone Acronym field specify an optional acronym up to four characters to identify the configured settings This field is for reference only The characters and are not supported STEP 5 Select Daylight Saving to configure Daylight Savings Time DST settings if applicable to your time zone When sel...

Page 43: ...gured unicast SNTP servers only You must add at least one unicast SNTP server to enable this feature Broadcast Configures the switch to get its time settings from SNTP messages broadcast from SNTP servers STEP 3 Click Apply Your changes are saved to the Running Configuration STEP 4 Use the Configuring the SNTP Setting and Configuring SNTP Authentication to configure additional SNTP settings such a...

Page 44: ...nds STEP 3 Click Apply Your changes are saved to the Running Configuration Viewing Active Server Properties and Global Parameters The SNTP Setting page displays the following properties for the SNTP server if any from which the switch most recently acquired its time settings This page also displays global nonconfigurable parameters Active Server Server Host Address IP address of the SNTP server Se...

Page 45: ...n the Unicast SNTP Servers Table Broadcast Count Number of SNTP broadcast packets that the switch has received from SNTP servers Adding and Modifying SNTP Servers The Unicast SNTP Servers Table displays the following information for each SNTP server that you configure SNTP Server IP address or hostname of the SNTP server Authentication Key ID Encryption key required to communicate with the SNTP se...

Page 46: ...box to select it and then click Edit To remove a server check the box to select it and then click Delete To add a new server click Add and then enter the settings as described below To add an SNTP server STEP 1 Click Add STEP 2 Enter the parameters SNTP Server Enter an IPv4 address or a domain name To use a domain name ensure that the DNS service is enabled on the switch see Domain Name System Aut...

Page 47: ...Administration Time Settings SNTP Authentication in the navigation window The SNTP Authentication Table displays each currently configured authentication key and whether the key is currently enabled for use as a trusted key STEP 2 Select Enable to require the switch to authenticate to an SNTP server before synchronizing its time STEP 3 Click Apply Your changes are saved to the Running Configuratio...

Page 48: ...owing topics for more information on the configuration pages available in the Administration System Log menu Configuring Log Settings Configuring Remote Log Servers Configuring Log Settings Use the Log Settings page to enable logs globally and to define which event types are logged into temporary memory RAM and persistent memory flash Log messages in flash memory are retained across a reboot When ...

Page 49: ... messages to store in the flash memory log STEP 3 Enable the event severity levels to be logged for each log type The severity levels are listed from the highest to the lowest severity as follows Emergency System is not usable Alert Action is needed Critical System is in a critical condition Error System is in error condition Warning System warning has occurred Notice System is functioning properl...

Page 50: ...fies the classification of syslog messages from this switch The meaning of these values Local 0 through Local 7 is determined by the network administrator Local Port Specify the IANA port number for the switch The default is the well known port number for the Syslog protocol 514 STEP 3 In the Remote Log Server Table click Add STEP 4 Enter the parameters Log Server IPv4 address or hostname of the s...

Page 51: ...n the configuration pages available in the File Management menu Upgrading and Backing Up Firmware and Language Files Downloading and Backing Up the Configuration and Log Files Delete Configuration Copying and Saving Configuration Files DHCP Auto Configuration Firmware Recovery Over HTTP Files and File Types The following types of configuration and operational files are found on the switch Running ...

Page 52: ...d is preserved if the device is rebooted Mirror Configuration A copy of the Startup Configuration created by the switch after The switch has been operating continuously for 24 hours Configuration changes have been made to the Running Configuration in the previous 24 hours but have not been saved Only the switch can copy the Startup Configuration to the Mirror Configuration However you can copy fro...

Page 53: ... downloading to or uploading from Save Action Select Upgrade to download a file to the switch or select Backup to copy a file from the switch to the server File Type Select the type of file to upgrade or back up you can back up only the firmware image Firmware Image Software that controls all switch features and interfaces Boot Code Software that controls the initial system bootup Language Pack Th...

Page 54: ...g Files You can use the Download Backup Configuration Log page to download a saved configuration file to the switch to restore previously saved settings or back up the current configuration file to a network location You also can use these pages to back up log files Downloading a Configuration File to Restore Settings Backing Up the Configuration File and Logs Downloading a Configuration File to R...

Page 55: ...pted while the configuration file is downloading to the switch If a power failure occurs while downloading the configuration file the file is lost and the process must be restarted Backing Up the Configuration File and Logs To back up the configuration file or log STEP 1 Click Administration File Management Download Backup Configuration Log in the navigation window STEP 2 Select the Transfer Metho...

Page 56: ...r to copy the Mirror Configuration file type to another configuration file type If the switch is rebooted the Mirror Configuration is reset to the factory default parameters Flash Log Log of events saved to flash memory Operational Log Log of events in RAM that are not saved to the Startup Log Startup Log The first 32 messages logged when the switch is booted Subsequent messages are logged into th...

Page 57: ...ed but not yet saved to the switch Backup Configuration Backup configuration file type saved on the switch Mirror Configuration If the Running Configuration is not modified for at least 24 hours it is automatically saved to the Mirror Configuration file type and a log message with severity level Alert is generated to indicate that a new Mirror Configuration file is available The Mirror Configurati...

Page 58: ...enabled by default DHCP Auto Configuration initiates when the switch is rebooted with Auto Configuration enabled and any of the following conditions occur 1 Information on the TFTP server and Startup Configuration is received from the DHCP server and Auto Configuration has not previously downloaded the configuration file 2 Information on the TFTP server and Startup Configuration is received from t...

Page 59: ...ver address option 150 field in a DHCP reply 4 The siaddr field of a DHCP or BOOTP reply If only the sname or option 66 values are returned to the switch a DNS server is needed to resolve the IP address of the TFTP server After an IP address is assigned to the switch if a hostname is not already assigned Auto Configuration sends a DNS request for the corresponding hostname Alternate TFTP Server an...

Page 60: ...idation is successful the switch copies the configuration to the Startup Configuration file type stores the configuration file name in non volatile memory and reboots the unit NOTE The switch requires the bootfile name to be cfg Default Network Configuration File If Default Network Configuration Mode is enabled the switch will download the configuration file hostname cfg when any one of the follow...

Page 61: ... the configuration is validated for errors If the validation is successful then the switch copies the configuration to the Startup Configuration file type and reboots In this case the default configuration file name is not stored in the non volatile memory NOTE If the switch is unable to get the valid configuration file then the process described above is repeated every 20 minutes until the switch...

Page 62: ...ions state until it receives the notification from the DHCP client The DHCP client triggers the Auto Install process when it receives the IP address from the DHCP server after which the status changes to Processing DHCP BOOTP options checking preconditions The following additional messages might display Waiting for boot options Processing DHCP BOOTP options checking preconditions Downloading tftp ...

Page 63: ...n unicast requests to the TFTP server specified in option 66 fails three times The length of the string cannot exceed 96 characters Alternate Configuration File Specify an alternate configuration file name to serve as a backup If no startup configuration file identified in DHCP option 67 or if the specified file cannot be found on the TFTP server Auto Configuration looks for the alternate file nam...

Page 64: ... In this mode the boot loader sets the switch s internal network port to the following static IP address IP Address 192 168 1 254 Network Mask 255 255 255 0 Default Gateway 192 168 1 1 An HTTP server starts and listens for client connections on port 80 To use this feature to download a new firmware image STEP 1 Directly connect a management PC to any switch port STEP 2 Configure the IP address and...

Page 65: ...y process with a correct image file If the transfer is aborted because the browser window is refreshed or closed the session is cleared and the session times out immediately If the transfer is aborted because the network is unreachable the session times out after 45 seconds After the session times out you can begin the recovery process again Rebooting the Switch Use the Reboot page reboot the swit...

Page 66: ... the station you want the switch to ping Count Specify the number of pings to send Interval Specify the number of seconds between pings sent Datagram Size Specify the data size of the ping packet to send For an IPv6 address enter the following parameters Ping Type Select Global to ping an address outside the local subnet Select Link Local to ping an address on the local subnet IPv6 Address Hostnam...

Page 67: ... LAN Dot1X provides a way to authenticate users and allow or deny them access to services made available by switch ports See 802 1X for information on configuring the Dot1X feature on the switch LLDP Network devices use the Link Layer Discovery Protocol to advertise their capabilities to other devices See LLDP MED for information on configuring the LLDP feature on the switch To configure control p...

Page 68: ...al layer diagnostics can be used to help determine where in the cable a break might exist The Copper Ports Table lists each port and the following data which it learned through the most recent test default data appears if the port has not been tested Test Result Results of the most recent cable test Possible values are Normal Cable is working correctly Open Cable is disconnected or the connector i...

Page 69: ...ected to a destination probe port to analyze network traffic A port configured as a destination probe port acts as a mirroring port as long as the session is operationally active When the session is not active the port transmits and receives traffic based on the other configuration parameters NOTE When a port is configured as a probe port the switch does not forward or receive any traffic or respo...

Page 70: ...and Rx Both incoming and outgoing traffic STEP 5 Click Apply Your changes are saved to the Running Configuration You can repeat the process to assign multiple Source Interfaces to the same session However a source interface can be used in only one active session at a time STEP 6 In the Port Mirroring Session Table select the session to activate and click Edit STEP 7 For the Admin Mode select Enabl...

Page 71: ... the navigation window The page displays the following data Refresh Rate Specify that the page refresh with the latest data every 15 30 or 60 seconds or leave the default as No Refresh CPU Utilization Report The utilization percentage for 5 second 1 minute and 5 minute intervals Memory Utilization Report The following data is reported Allocated Memory Amount of memory available to the operating sy...

Page 72: ...ver Cisco switches and other products deployed in small business networks Management user interfaces This service identifies the management interfaces available on the switch HTTP When a Bonjour enabled switch is attached to a network any Bonjour client can discover and get access to the management interface without prior configuration A system administrator can use an installed Internet Explorer ...

Page 73: ...reas such as VoIP networks NOTE LLDPDUs only communicate information they do not automatically configure the switch The switch supports the LLDP Media Endpoint Discovery LLDP MED extensions to the LLDP protocol LLDP MED enables auto discovery of LAN policies device location and other device characteristics and automates management of Power over Ethernet PoE endpoints See the following topics for m...

Page 74: ...t supported ELIN Switch location is identified using the Emergency Location Identification Number ELIN of the switch Coordinates Switch GPS coordinates in hexadecimal format ELIN Address The ELIN number Country Country where the city is located City City where the street is located Street Street where the building is located Building Building in which the switch is located STEP 4 Click Apply Your ...

Page 75: ...lue This information is used to implement the Voice VLAN feature see Voice and Media Location Hexadecimal GPS location coordinates for the switch PSE Indicates whether the port advertises itself as Power Sourcing Equipment capable of providing power to a connected Power over Ethernet device This option appears only on SG200 08p devices PD Indicates whether the port advertises itself as a Powered D...

Page 76: ... class of service value associated with the network policy DSCP DSCP value for the network policy Tagged Network policy is defined for tagged VLANs The following switch parameters are advertised in Inventory TLVs Hardware Revision Switch hardware revision ID Firmware Revision Switch firmware revision number Software Revision Switch software revision number Serial Number Switch serial number Manufa...

Page 77: ...e switch The following switch parameters are advertised in location TLVs Subtype The supported type of location information civic ELIN or coordinate based Coordinates Switch GPS coordinates in hexadecimal format if coordinate based location information type is used ELIN Address The ELIN number if this location information type is used Country Country where the city is located if the civic location...

Page 78: ... entry and click Details to display additional information from the LLDP MED advertisement from the neighbor The Neighbor Information Details page displays the following information MED Capabilities Capabilities Supported Advertised capabilities of the device Capabilities Enabled Advertised capabilities that are enabled on the device Device Class Advertised class of the remote device Network Polic...

Page 79: ...Switch location is identified by using the Emergency Location Identification Number of the switch Location Information Switch location information in the format specified by the Subtype field Extended PoE PoE Device Type If PoE functionality is advertised this field indicates whether the device is a Powered Device PD or Power Sourcing Equipment PSE Extended PoE PD If the device is powered by PoE t...

Page 80: ...ified hardware type or functionality To configure DHCP vendor option string STEP 1 Click Administration DHCP Options in the navigation window In addition to the vendor option and string the page displays the format that the switch uses when obtaining its timezone information from a DHCP server and indicates whether such information has been received To configure the switch to acquire its timezone ...

Page 81: ...lex mode You can also use this page to configure flow control on the port To configure port settings STEP 1 Click Port Management Port Settings in the navigation window STEP 2 Select the interface to configure and then click Edit STEP 3 Specify the following for the selected port Administrative Status Select Up to enable the port or Down to disable it Auto Negotiation Select Enable to allow the sw...

Page 82: ...d port does not forward packets for the period of time specified in the PAUSE frame When the PAUSE frame time elapses or the utilization returns to a specified low threshold the switch enables the port to again transmit frames Member in LAG Indicates whether the port is a member of a Link Aggregation Group See Link Aggregation for information on configuring LAGs MTU Specify the maximum transmissio...

Page 83: ... LACP Settings Configuring LAGs The switch supports up to 4 LAGs with 8 ports per LAG Use the LAG Management page to assign ports to LAGs and LACPs To display this page click Port Management Link Aggregation LAG Management in the navigation window Four dynamic LAGs are preconfigured by default named ch1 through ch4 They have no port members and are disabled You can add or remove ports to or from a...

Page 84: ... Select Up or Down to administratively enable or disable the LAG When a LAG is disabled its member ports operate as standalone physical ports Load Balance Algorithm Select one of the options to enable the switch to load balance outgoing packets among member ports of a LAG The switch selects one of the links in the channel for transmitting specific packets The switch prioritizes each criteria for l...

Page 85: ...Priority for the switch and Admin Key that uniquely identifies the port in LACP messages These values are not configurable STEP 2 Select the port to configure and click Edit STEP 3 Configure the following settings for the selected port Mode Check the box to enable LACP on the port Actor Timeout Information from the actor is no longer valid after the timeout period elapses Short Short LACP timeout ...

Page 86: ...s do not display on switches that do not support PSE functionality Configuring PoE Properties You can use the Properties page to configure whether the switch generates trap messages under certain conditions and to view current power settings To configure PoE properties STEP 1 Click Port Management PoE Properties in the navigating window STEP 2 Set the following parameters Power Trap Threshold Spec...

Page 87: ...he current power status If On the switch is currently providing power through PoE to a connected device If Off the switch is not providing power through PoE to any connected devices Maximum Available Power The total power in watts that the switch is capable of making available to all PoE capable ports Threshold Power The cutoff power value above which no additional PDs are powered This threshold i...

Page 88: ...ser defined The maximum power that can be delivered by the port is specified by the user If you select this option specify a value in the Power Allocation field LLDP MED The maximum power that can be delivered by the port is limited by the value in LLDP MED TLVs received from a port device The value specified by the device should be in the range of 3 16 2 watts If it is not in this range then the ...

Page 89: ...oint and Legacy Both capacitive and resistive signature devices are detected using the first algorithm Reset Mode Select Enable to enable the switch initialize the ports PoE state machines The following statistics also appear Power Consumption Actual power consumption on the port Overload Counter Total number of power overload occurrences Short Counter Total number of power short condition electri...

Page 90: ...en Short Reach Auto is enabled a cable test is performed when a link comes up If the length of the cable is less than 10 meters the PHY can be put into low power mode so that only enough power is used to support a short cable When the link goes down low power mode is disabled The switch also supports Short Reach Force where the port is administratively forced into low power mode Wnen enabled the G...

Page 91: ...t Settings STEP 3 Click Apply Your changes are saved to the Running Configuration Configuring Green Ethernet Port Settings Use the Green Ethernet Settings page to view and configure the Green Ethernet settings on individual ports NOTE Green Ethernet port settings are overridden if the global settings are subsequently changed see Configuring Green Ethernet Properties To configure Green Ethernet por...

Page 92: ...ach mode is operational enabled on the port Reason Indicates why the Short Reach operational status is active or inactive The following reason might display when the Short Reach operational status is enabled Short Cable The port has been detected as having Short Reach cables Forced Short Reach mode has been administratively forced on the port The following reasons might display when the Short Reac...

Page 93: ... 5 STEP 3 Configure the following settings Energy Detect Select to administratively enable Energy Detect on the port Short Reach Auto Select to enable Short Reach mode on the port Short Reach Force Select to enable Force Reach mode on the port STEP 4 Click Apply to save any changes to the Running Configuration ...

Page 94: ...cast traffic A VLAN is a set of end stations and the switch ports that connect them You might have many reasons for the logical division such as department or project membership The only requirement is that the end station and the port to which it is connected both belong to the same VLAN s Each VLAN in a network has an associated VLAN ID which appears in the IEEE 802 1Q tag also known as VLAN tag...

Page 95: ...N cannot be deleted A Static VLAN can be deleted However VLAN ID 1 cannot be deleted even if it is configured as a Static VLAN You can create up to 16 VLANs and assign VLAN IDs up to 4094 To create a new VLAN or a range of VLANs STEP 1 Click Add STEP 2 Select VLAN and enter a VLAN ID Or create a range of VLANs by selecting Range and specifying the beginning and ending VLAN IDs in the range STEP 3 ...

Page 96: ...VLAN ID PVID Access ports are typically used to connect hosts which become members of the VLAN by virtue of being physically connected to the port If you selected Access the access port can be a member of only one VLAN called the access VLAN Set the Access VLAN to the PVID for the access port Trunk The port can be assigned to only one untagged VLAN the native VLAN and can be assigned to any number...

Page 97: ...at most one untagged VLAN and one or more tagged VLANs If a trunk port is member of both untagged and tagged VLANs it admits all frame types If the trunk port is member of tagged VLANs only it admits tagged frames only Ingress Filtering Select to enable ingress filtering on the port When ingress filtering is enabled the switch accepts frames only from the VLANs of which it is a member It discards ...

Page 98: ... to the default VLAN ID and the port is set to admit only untagged or priority tagged packets The port is untagged for the default VLAN Changing from Access Port to General Port The VLAN configuration remains unchanged except that the port can now admit all frames As a General port it can be a tagged or an untagged member of any VLAN Changing from General Port to Access Port If the General port ha...

Page 99: ...he VLAN ID as its PVID the General port s PVID is changed to the default VLAN ID No other VLAN memberships are changed Configuring VLAN Membership You can use these pages to view and configure VLAN memberships The Port to VLAN page enables you to select a VLAN and configure its member ports See Configuring Port to VLAN The Port VLAN Membership page enables you to select a port and configure it as ...

Page 100: ...VLAN ID to configure and use the Interface Type list to display either ports or LAGs STEP 3 For each interface configure the following parameters Member Check this box if a port is to be member of the VLAN Uncheck this box if a port is not to be member of the VLAN A port is not member of the VLAN by default Tagged Select Tagged if all the packets of the VLAN egress to the port are to be tagged Oth...

Page 101: ...embership Click a VLAN in the Selected list and then click the left arrow button to move it to the Available list Depending on the interface VLAN mode Trunk Access or General when you select a VLAN in the Available list you can specify the following properties for the interface before moving the VLAN to the Selected list for the interface Membership The interface can be configured as a tagged or u...

Page 102: ...pply and then click Close Your changes are saved to the Running Configuration Setting the Default VLAN By default the switch automatically creates VLAN 1 as the default VLAN for all ports and link aggregation groups LAGs If a port has no VLAN memberships the switch automatically configures it as a member of the default VLAN You can use the Default VLAN Settings page to change the default VLAN When...

Page 103: ...ia feature identifies VoIP streams in Ethernet switches and provides them with a better Class of Service CoS than ordinary traffic The switch supports two types of Voice and Media Protocol based Identifies a VoIP session using the Session Initiation Protocol SIP and H 323 control traffic and assigns these packets the highest priority on the voice VLAN OUI based Ports that are enabled for this feat...

Page 104: ...g ports for Voice and Media To add a new OUI description STEP 1 Click Add STEP 2 Specify the following values Telephony OUI Enter a 3 octet identifier for the telephony application Description Enter a description of the service such as the vendor name or telephony product The characters and are not supported STEP 3 Click Apply and Close Configuring OUI Based Voice and Media You can use the Telepho...

Page 105: ... Interface Settings Table select an interface to configure and then click Edit STEP 7 Select Enable for the Auto VoIP mode The port is automatically added as a member of the voice VLAN STEP 8 Click Apply and then click Close Your changes are saved to the Running Configuration Configuring SIP H323 Based Voice and Media You can use the SIP H323 Based Auto VoIP page to configure the switch to recogni...

Page 106: ...pport LLDP MED applications See LLDP MED for information on the protocol Each Media VLAN corresponds to an LLDP MED application for a specific type of media traffic The LLDP MED applications are voice voice signaling guest voice guest voice signaling softphone voice video conferencing streaming video and video signaling Each Media VLAN is associated with the following parameters A VLAN with option...

Page 107: ... traffic type to configure Voice Voice Signaling Guest Voice Guest Voice Signaling Softphone Voice Video Conferencing Streaming Video Video Signaling STEP 6 For Application Status select Enable to enable priority assignment for the selected application Uncheck the box to disable this feature STEP 7 If you enabled Application Status enable or disable the following features Untagged Select Enable if...

Page 108: ...traffic The priority tag range is 0 7 DSCP and DSCP Value Select Enable to specify a DSCP for the selected application Then enter a DSCP value for the port The range is 0 63 STEP 8 Click Apply and then click Close Your changes are saved to the Running Configuration STEP 9 Ensure that LLDP MED is enabled on the interface See LLDP MED for instructions Auto VoIP Sessions The Auto VoIP Sessions page d...

Page 109: ... that affect network performance and confuse forwarding algorithms Each STP enabled bridge exchanges Bridge Protocol Data Units BPDUs with other bridges BPDUs identify the bridge port MAC addresses and the priority and cost associated with each port STP uses this information to build a topology that provides one active path between any two stations on the network Duplicate paths between those stat...

Page 110: ...pology Spanning tree is enabled by default and set to be RSTP Configuring STP Status Global Settings You can use the STP Status Global Settings page to enable STP select the STP mode of operation and configure bridge priority settings You can also view status information about the STP topology To display this page click Spanning Tree STP Status Global Settings in the navigation window This page en...

Page 111: ... 0 and 4095 it will be set to 0 The default priority is 32768 The valid range is 0 61440 The following information appears in the Bridge Settings section of the page Hello Time The interval at which a bridge sends configuration messages Max Age The amount of time in seconds that a bridge waits before implementing a topological change Max Hops The number of hops before a BDPU is discarded and the p...

Page 112: ...able displays configuration information for each port and LAG By default all ports are enabled for STP operation NOTE The list ports LAGs might span more than one page Use the Page list to display the next set of entries STEP 2 Select the port or LAG to configure and click Edit STEP 3 Enter the parameters STP Select to enable STP operation on the port LAG Auto Edge Select Enable to allow the switc...

Page 113: ...following information about the port LAG Edge Operational Status Indicates if a port is currently operating as an edge port or PortFast port This indicates Enabled if the port is in the forwarding state due to either of the following configurations The port is configured as an Edge Port and is therefore automatically in the forwarding state The port is configured as an Auto Edge port and because i...

Page 114: ... for any bridged LAN To display the RSTP Interface Settings page click Spanning Tree RSTP Interface Settings in the navigation window A rapid spanning tree topology is formed automatically when RSTP is selected as the spanning tree mode Use the STP Status Global Settings page to enable RSTP mode By default the RSTP Interface Settings Table displays information for each port Use the Interface Type ...

Page 115: ...bled The port is not participating in the Spanning Tree Mode Indicates whether the RSTP administrative mode is enabled or disabled for the port Edge Port Operational Status If enabled for the port or LAG the port is automatically placed in the forwarding state See Configuring STP Interface Settings for instructions on modifying this setting Port Status The operational state of the port You can sel...

Page 116: ...e switch floods the packets to the VLAN excluding the ingress port It includes the following topics Configuring Static MAC Addresses Configuring the Aging Time for Dynamic Addresses Dynamic MAC Addresses Configuring Static MAC Addresses The Static Addresses page displays a list of MAC addresses that are manually configured into the bridging table of the switch A static MAC address is also associat...

Page 117: ... When a MAC address is secured at a port packets that originate from the MAC address can only be ingressed from the secured port Otherwise the packets are discarded If port security is disabled on the port the MAC address is deleted from the static MAC address list When Port Security is enabled at a port the port can support a maximum of 256 static and dynamic MAC addresses For more information se...

Page 118: ...destination MAC address of an incoming packet the switch learns the MAC address the VLAN and the ingress port of the packet and adds an entry to the Dynamic Address table To prevent the bridging table from overflowing and to make room for new addresses an address is deleted from the bridging table if no traffic is received from a dynamic MAC address for the configured aging period see Configuring ...

Page 119: ... ID VLAN on which the MAC address was learned Frames are forwarded to the interface only if they are associated with this VLAN MAC Address The dynamically learned MAC address Interface The port on which the MAC address was dynamically learned Frames specifying this MAC address and VLAN as the destination are forwarded out to this port Click Clear Table to clear all dynamic MAC address entries from...

Page 120: ...sts and routers making them ideal for use in applications such as video and audio conferencing whiteboard tools and stock distribution tickers The switch maintains a multicast forwarding table to make forwarding decisions for packets that arrive with a multicast destination MAC address When multicasts are restricted only to specified ports traffic is prevented from going to parts of the network wh...

Page 121: ...he Global Multicast Mode setting to set all VLANs currently configured on the switch to a selected forwarding mode The global setting does not create a default setting for VLANs created subsequently it simply ensures that all existing VLANs are configured with the specified mode You can also configure how the switch forwards multicast packets on an individual or per VLAN basis Configuring a Multic...

Page 122: ...om the VLAN ID menu and click Edit STEP 2 Select the Multicast Mode as described in Configuring a Multicast Forwarding Mode on all VLANs STEP 3 Click Apply and then click Close Your changes are saved to the Running Configuration Configuring MAC Group Addresses The MAC Group Address page enables you to view and configure associations between multicast group MAC address and VLANs on the switch You c...

Page 123: ...e specified multicast MAC address MAC Group Address Multicast group MAC address in hexadecimal format that is compared to an incoming packet destination MAC address Adding a Static MAC Group Address Table Entry To add a static multicast MAC address and associate it with a VLAN STEP 1 Click Add on the MAC Group Address page STEP 2 Enter the parameters VLAN ID Select a VLAN from the list Address Typ...

Page 124: ... 3 Internet protocol that enables IPv4 networks to manage memberships to multicast groups IPv6 multicast traffic is managed using the MLD protocol as described in Configuring MLD Snooping IGMP communication occurs between IGMP routers and IGMP enabled hosts clients Although the switch does not initiate or reply to IGMP packets it can be configured to listen to IGMP communication between routers an...

Page 125: ...eave Select Enable to allow the switch to immediately remove a port or LAG from its multicast forwarding table when it receives an IGMP leave message for that multicast group When enabled the switch removes the port without first sending out general queries to the interface Enable Fast Leave mode only on VLANs where only one host is connected to each port This prevents the inadvertent dropping of ...

Page 126: ...to receive IPv6 multicast packets on its directly attached links and to discover which multicast packets are of interest to neighboring nodes MLD is derived from IGMP which performs a similar function for IPv4 multicast traffic see Configuring IGMP Snooping When MLD snooping is enabled the switch selectively forwards IPv6 multicast packets to a list of ports that want to receive the data instead o...

Page 127: ...face before deleting the interface from the multicast forwarding database entry Select Default to specify 260 seconds or select User Defined and enter a value in the range 2 to 3600 seconds MLD Max Response Time Specify the time in seconds that the switch waits for a reply after sending a query on an interface because it did not receive a report for a particular group in that interface This value ...

Page 128: ...LAG as an IGMP Mrouter interface and to configure related settings STEP 1 Click Multicast IGMP Mrouter in the navigation window By default the IGMP MRouter Table lists each switch port To show LAGs select LAG from the Interface Type list STEP 2 Select the port or LAG that you want to configure and click Edit STEP 3 Select Enable for the Mode STEP 4 To specify the VLANs that use this interface as t...

Page 129: ...To enable a switch port or LAG as an MLD Mrouter interface STEP 1 Click Multicast MLD Mrouter in the navigation window By default the MLD MRouter Table lists each switch port To show LAGs select LAG from the Interface Type list STEP 2 Select the port or LAG to configure and click Edit STEP 3 Select Enable for the Mode STEP 4 Move VLAN IDs between the Available and Selected lists VLANs in the Selec...

Page 130: ...o display this page click IP Configuration ARP in the navigation window You can click Clear ARP to delete all entries from the table except for the management port IP address and MAC address Domain Name System The switch supports IPv4 DNS client functionality When enabled as a DNS client the switch provides a hostname lookup service to other applications on the switch such as ping RADIUS syslog Au...

Page 131: ...h if it is not already enabled STEP 3 Enter the following parameters Default Domain Name Specify a domain name to be used to complete an unqualified hostname For example finance yahoo com is a fully qualified domain name If only the unqualified hostname finance is specified the default domain name yahoo com would be appended with a period in between In your entry do not include the period that sep...

Page 132: ...rough applications that use the DNS lookup service NOTE If you configure a static hostname and IP address and that same hostname IP address mapping is later learned from DNS the entry becomes dynamic and it is no longer saved as a static entry in the the Running Configuration Configuring Static DNS Mappings The Host Mapping Table lists hostnames that are statically assigned to IP addresses on the ...

Page 133: ...psed Number of minutes that have elapsed since the hostname was assigned Type Identifies the hostname as one of the following IP Address The assigned hostname is associated with an IP address Canonical The assigned hostname is an alias or nickname for a properly denoted official hostname For example www google com might be a hostname alias associated with the official hostname www l google com Add...

Page 134: ...rge accessible networks for authenticating users prior to access To authenticate users in a secure manner a RADIUS client and RADIUS server are configured with the same shared password or secret This secret is used to generate one way encrypted authenticators that are present in all RADIUS packets Without knowledge of the secret the possibility of a malicious user correctly spoofing packets is suf...

Page 135: ...ange is 0 to 2000 The default is 0 RADIUS Attribute 4 NAS IP Address Select to enable the switch to include the network access server NAS attribute in Access Request RADIUS server packets If this option is disabled the RADIUS client uses the switch management port address as the NAS IP Address NAS IP Address IP address to include in Access Request packets This field is editable only when the RADIU...

Page 136: ...his secret must match the secret configured on the RADIUS server The secret key can be edited by deleting the entry and recreating the entry with the desired secret key This must be an ASCII alphanumeric value between 32 to 176 characters Authentication Port Port number used for RADIUS authentication requests and replies The default port 1812 is the well know IANA port number for RADIUS authentica...

Page 137: ...the Strength Check field to configure the types of checks to be performed Password Exclude Keyword Check Select Enable to enable the switch check whether preconfigured keywords are used in a password when when a user attempts to create or change the password The preconfigured keywords are cisco and ocsic Password User Name Check Select Enable to prevent users from including their user names in the...

Page 138: ...are assigned to that profile Configuring an Access Profile and Rules To create an access profile and assign rules to it STEP 1 In the Access Profile Table click Add STEP 2 Specify the Access Profile Name and select Enable STEP 3 Click Apply and the click Close The new profile appears in the Access Profile Table Now you can add rules to the profile STEP 4 In the Profile Rule table click Add STEP 5 ...

Page 139: ...rule Deny The specified interface user or IP address is denied access to the switch Applies to Interface Select All to apply this rule to all interfaces ports and LAGs Or select User Defined and select a port or LAG that the rule applies to Applies to User Select All to apply this rule to all system users Or select User Defined and select a User Name that the rule applies to Applies to Source IP A...

Page 140: ...e To disable an access profile STEP 1 Select the profile in the Access Profile Table and click Edit STEP 2 Uncheck the Enable box STEP 3 Click Apply and then click Close When you finish making changes re enable the access profile To delete an access profile after disabling it STEP 1 Select the profile in the Access Profile Table STEP 2 Click Delete To delete a profile rule after disabling the acce...

Page 141: ... the navigation window STEP 2 Select an authentication method from the Methods list Local A user ID password combination from the supplicant is compared with a locally stored user database on the switch None No authentication method is used RADIUS The switch passes authentication requests to a RADIUS server which replies with RADIUS Access Accept or Access Reject frames RADIUS None The switch pass...

Page 142: ...ort to configure and click Edit STEP 2 For broadcast multicast and unicast traffic specify the following parameters for the selected port Mode Select Enable to turn on storm control protection for the traffic type Rate Threshold Type Select how the switch determines whether traffic exceeds the threshold Percent Traffic is dropped when it exceeds a percent of the capability on the link pps Packets ...

Page 143: ...rt A secure MAC address can be statically configured or dynamically learned The maximum number of secure MAC addresses at a secured port is 256 Static secure MAC addresses are configured using the Static Addresses page Both static and dynamic secure MAC addresses are subject to aging limits see Configuring the Aging Time for Dynamic Addresses To display the Port Security page click Security Port S...

Page 144: ...hen the following rules apply If the new value is greater than the old value no action is taken for either the dynamic or static addresses If the new value is less than the old value the following actions are taken Dynamic Addresses The switch initiates a flush of all learned addresses on the port Static Addresses The switch retains the static addresses up to the static limit regardless of whether...

Page 145: ...o set the Status field for the entry to Secure You can click Port Security Table to redisplay the Port Security page 802 1X Local Area Networks LANs are often deployed in environments that permit unauthorized devices to be physically attached to the LAN infrastructure or permit unauthorized users to attempt to access the LAN through equipment already attached In such environments it might be desir...

Page 146: ...ge to configure the global 802 1X administrative mode on the switch To enable 802 1X security globally STEP 1 Click Security 802 1X Properties in the navigation window STEP 2 Select Enable for the Port Based Authentication State to allow 802 1X port based authentication globally on the switch STEP 3 Select an authentication method from the Authentication Method list None No authentication method i...

Page 147: ...ctions on configuring authentication on individual ports Modifying Port PAE Capabilities Use the Port PAE Capabilities page to view and configure each port s 802 1X role as authenticator or supplicant To modify the role of a port as an authenticator or supplicant STEP 1 Click Security 802 1X Properties in the navigation window STEP 2 Select the port to configure and click Edit STEP 3 Select the ro...

Page 148: ...ed for authentication Current Port Control The current authorization status of the port Authorized or Unauthorized Administrative Port Control Select the port authorization mode The possible values are Force Unauthorized Select this option to always deny port access by supplicants attaching to the port If selected the port control status becomes Unauthorized auto Select this option if the port con...

Page 149: ...unreliable links or specific behavioral problems with certain clients and authentication servers To provide a faster response time to the user enter a smaller number than the default 60 seconds The range is 0 65535 seconds Resending EAP The amount of time that lapses before EAP requests are resent The range is 1 65535 seconds and the default is 30 seconds Supplicant Timeout The amount of time that...

Page 150: ...ization mode The possible values are Force Unauthorized Denies the selected interface system access by moving the interface into unauthorized state Auto The switch detects the mode of the interface based on the outcome of authentication exchanges between the supplicant the authenticator and the authentication server Force Authorized The port is placed into an authorized state without requiring aut...

Page 151: ...cated Hosts in the navigation window The Authenticated Hosts Table displays the following information for each host Port Port used for authentication User Name User name of the host Supplicant MAC Address Supplicant device MAC address Session Time Time in seconds since the supplicant logged in Session Timeout Time for which the given session is valid The time period in seconds is returned by the R...

Page 152: ... is queued for transmission in a port the rate at which it is serviced depends on how the queue is configured and possibly the amount of traffic present in the other queues of the port If a delay is necessary packets get held in the queue until the scheduler authorizes the queue for transmission As queues become full packets have no place to be held for transmission and might be dropped by the swi...

Page 153: ...a trusted port A port that is configured to use its own priority value rather than the value encoded in the frame or packet to make queue assignment decisions is considered untrusted If a port is configured as trusted but the frame or packet does not have priority information then the default port priority is assigned to the packet The default port priority is zero You can use the VLAN Management ...

Page 154: ... the frame is not VLAN tagged STEP 5 Click Apply and then click Close Your changes are saved to the Running Configuration Defining Queues You can use the Queue page to configure how the traffic scheduler determines which queue has access to the egress port A queue can be configured in strict priority mode or Weighted Round Robin WRR mode By default all queues are strict priority queues Packets are...

Page 155: ...scenario it is recommended that Q4 be configured in SP mode and Q3 Q2 and Q1 in WRR mode Two queues in SP mode and two queues in WRR mode q4 q3 q2 q1 q2 q1 A B In this scenario it is recommended that Q4 and Q3 be configured in strict mode with Q2 and Q1 in WRR mode These scenarios reflect that when there are more ingress ports with traffic destined to different queues on egress ports a system migh...

Page 156: ...for all queues cannot exceed 100 STEP 5 Click Apply Your changes are saved to the Running Configuration To apply these queue properties to all other interfaces on the switch click Copy Settings to All Interfaces Mapping CoS 802 1p Priorities to Queues The priority of a packet arriving on an interface might be identified by an IEEE 802 1p priority value in the Ethernet frame header 802 1p specifies...

Page 157: ... are defined 0 7 You can use the IP Precedence to Queue page to map these values to the four CoS queues to steer packets to the appropriate outbound queue Queue1 has the lowest priority and queue 4 has the highest priority NOTE IP Precedence to queue mapping is configured per interface Configure these mapping values on the incoming interface To map IP precedence values to queues STEP 1 Click Quali...

Page 158: ...face might be identified by the Differentiated Service Code Point DSCP value in an IP packet header The IP DSCP field might contain any one of 64 values 0 63 You can use the DSCP to Queue page to map these values to the four egress queues Queue 1 has the lowest priority and queue 4 has the highest priority DSCP mapping settings are applied globally to all ports To map DSCP values to queues STEP 1 ...

Page 159: ...tch drops all further traffic from the port Rate limits are applied per port To apply rate limits you first use this page to create one or more rate limit profiles Profiles specify the criteria that determines when the rate limit is exceeded Then you assign rate limit profiles to interfaces see Applying Rate Limit Profiles to Interfaces To add an entry to the Rate limit Profile Table STEP 1 Click ...

Page 160: ... See Defining Rate Limit Profiles for instructions on creating profiles To apply a rate limit profile to an interface STEP 1 Click Quality of Service Interface Rate Limit in the navigation window STEP 2 Use the Interface Type list to display ports or LAGs in the Interface Rate Limit Table STEP 3 Select the interface to configure and click Edit STEP 4 Add or remove a profile To assign a profile to ...

Page 161: ...later transmission over increments of time To configure traffic shaping on a port or LAG STEP 1 Click Quality of Service Traffic Shaping in the navigation window STEP 2 Use the Interface Type menu to display ports or LAGs in the Traffic Shaping Settings Table STEP 3 Select the interface to configure and click Edit STEP 4 For the selected port or LAG enter the output rate limit as a percentage of t...

Page 162: ... Inc and or its affiliates in the U S and other countries A listing of Cisco s trademarks can be found at www cisco com go trademarks Third party trademarks mentioned are the property of their respective owners The use of the word partner does not imply a partnership relationship between Cisco and any other company 1005R ...

Reviews:

No comments

Related manuals for SG200 Series

Fantech DB10 Installation Instructions preview
DB10
Brand: Fantech Pages: 4
H3C s5820x series Quick Start Manual preview
s5820x series
Brand: H3C Pages: 32
H3C S5830V2 series Mce Command Reference preview
S5830V2 series
Brand: H3C Pages: 22
H3C s5820x series Command Reference Manual preview
s5820x series
Brand: H3C Pages: 488
H3C S10500X Series Installation, Quick Start preview
S10500X Series
Brand: H3C Pages: 3
H3C S7500 Series Manual preview
S7500 Series
Brand: H3C Pages: 8
H3C S7500 Series Command Manual preview
S7500 Series
Brand: H3C Pages: 25
H3C S12500 Series Manual preview
S12500 Series
Brand: H3C Pages: 31
H3C S12500 Series Interface Configuration Manual preview
S12500 Series
Brand: H3C Pages: 23
H3C S12500 Series Software Upgrade preview
S12500 Series
Brand: H3C Pages: 24
H3C S12500 Series Installation Instructions Manual preview
S12500 Series
Brand: H3C Pages: 126
H3C S12500-X Configuration Manual preview
S12500-X
Brand: H3C Pages: 42
H3C S6300 Series Troubleshooting Manual preview
S6300 Series
Brand: H3C Pages: 32
H3C S7500 Series Installation Manual preview
S7500 Series
Brand: H3C Pages: 13
H3C S12500 Series Reference preview
S12500 Series
Brand: H3C Pages: 16
H3C S12500 Series Configuration Manual preview
S12500 Series
Brand: H3C Pages: 39
Indu-Sol PROmesh P10 Quick Start User Manual preview
PROmesh P10
Brand: Indu-Sol Pages: 9
Clas Ohlson 36-2824 Quick Start Manual preview
36-2824
Brand: Clas Ohlson Pages: 5

Brands by name

Popular brands

Load more brands