Page is loading ...
Cisco Small Business 300 Series Managed Switch
Administration Guide Release 1.3
ADMINISTRATION
GUIDE
Cisco Small Business 300 Series Managed Switch Administration Guide 1
Contents
Chapter 1: Getting Started 1
Starting the Web-based Configuration Utility 1
Launching the Configuration Utility 2
HTTP/HTTPS 3
Logging Out 4
Quick Start Device Configuration 5
Interface Naming Conventions 6
Window Navigation 7
Application Header 7
Management Buttons 9
Chapter 2: Status and Statistics 12
Viewing Ethernet Interfaces 12
Viewing Etherlike Statistics 13
Viewing GVRP Statistics 15
Viewing 802.1X EAP Statistics 16
Viewing TCAM Utilization[ 17
Managing RMON 18
Viewing RMON Statistics 18
Configuring RMON History 20
Viewing the RMON History Table 21
Defining RMON Events Control 22
Viewing the RMON Events Logs 24
Defining RMON Alarms 24
Chapter 3: Administration: System Log 28
Setting System Log Settings 28
Setting Remote Logging Settings 30
Viewing Memory Logs 31
RAM Memory 32
Flash Memory 32
Cisco Small Business 300 Series Managed Switch Administration Guide 2
Contents
Chapter 4: Administration: File Management 34
System Files 34
Upgrade/Backup Firmware/Language 37
Upgrade/Backing Firmware or Language File 38
Active Image 41
Download/Backup Configuration/Log 41
Configuration File Backwards Compatibility 42
Downloading or Backing-up a Configuration or Log File 43
Configuration Files Properties 47
Copy/Save Configuration 48
DHCP Auto Configuration 49
DHCP Server Options 50
Auto Configuration Download Protocol (TFTP or SCP) 50
SSH Client Authentication Parameters 51
Auto Configuration Process 51
Configuring DHCP Auto Configuration 53
Chapter 5: Administration: General Information 56
Device Models 56
System Information 58
Displaying the System Summary 58
Configuring the System Settings 60
Console Settings (Autobaud Rate Support) 61
Rebooting the Device 62
Routing Resources 64
Monitoring Fan Status 65
Defining Idle Session Timeout 67
Pinging a Host 67
Traceroute 69
Chapter 6: Administration: Time Settings 72
Cisco Small Business 300 Series Managed Switch Administration Guide 3
Contents
System Time Options 73
Time 73
Time Zone and Daylight Savings Time (DST) 74
SNTP Modes 74
Configuring System Time 75
Selecting Source of System Time 75
Adding a Unicast SNTP Server 77
Configuring the SNTP Mode 80
Defining SNTP Authentication 80
Time Range 81
Absolute Time Range 82
Recurring Time Range 83
Chapter 7: Administration: Diagnostics 84
Testing Copper Ports 84
Displaying Optical Module Status 86
MSA-compatible SFPs 86
Configuring Port and VLAN Mirroring 87
Viewing CPU Utilization and Secure Core Technology 89
Chapter 8: Administration: Discovery 92
Configuring Bonjour Discovery 92
Bonjour in Layer 2 System Mode 92
Bonjour in Layer 3 System Mode 93
LLDP and CDP 94
Configuring LLDP 95
LLDP Overview 96
Setting LLDP Properties 97
Editing LLDP Port Settings 98
LLDP MED Network Policy 100
Configuring LLDP MED Port Settings 102
Displaying LLDP Port Status 103
Displaying LLDP Local Information 104
Cisco Small Business 300 Series Managed Switch Administration Guide 4
Contents
Displaying LLDP Neighbors Information 108
Accessing LLDP Statistics 112
LLDP Overloading 113
Configuring CDP 115
Setting CDP Properties 115
Editing CDP Interface Settings 118
Displaying CDP Local Information 119
Displaying CDP Neighbors Information 121
Viewing CDP Statistics 123
Chapter 9: Port Management 124
Configuring Ports 124
Setting Port Configuration 125
Configuring Link Aggregation 128
Link Aggregation Overview 129
Load Balancing 129
Default Settings and Configuration 130
Static and Dynamic LAG Workflow 130
Defining LAG Management 131
Configuring LAG Settings 132
Configuring LACP 134
LACP Priority and Rules 134
LACP With No Link Partner 134
Setting LACP Parameter Settings 135
Configuring Green Ethernet 136
Green Ethernet Overview 136
Power Saving by Disabling Port LEDs 137
802.3az Energy Efficient Ethernet Feature 138
Setting Global Green Ethernet Properties 140
Setting Green Ethernet Properties for Ports 141
Chapter 10: Smartport 144
Overview 145
Cisco Small Business 300 Series Managed Switch Administration Guide 5
Contents
What is a Smartport 146
Smartport Types 146
Special Smartport Types 148
Smartport Macros 149
Applying a Smartport Type to an Interface 150
Macro Failure and the Reset Operation 150
How the Smartport Feature Works 151
Auto Smartport 152
Enabling Auto Smartport 152
Identifying Smartport Type 152
Using CDP/LLDP Information to Identify Smartport Types 153
Multiple Devices Attached to the Port 154
Persistent Auto Smartport Interface 155
Error Handling 155
Default Configuration 156
Relationships with Other Features and Backwards Compatibility 156
Common Smartport Tasks 156
Configuring Smartport Using The Web-based Interface 159
Smartport Properties 159
Smartport Type Settings 160
Smartport Interface Settings 161
Built-in Smartport Macros 164
Chapter 11: Port Management: PoE 176
PoE on the Device 176
PoE Features 176
PoE Operation 177
PoE Configuration Considerations 177
Configuring PoE Properties 179
Configuring PoE Settings 180
PoE priority example: 180
Cisco Small Business 300 Series Managed Switch Administration Guide 6
Contents
Chapter 12: VLAN Management 184
VLANs 184
Configuring Default VLAN Settings 187
Creating VLANs 189
Configuring VLAN Interface Settings 190
Defining VLAN Membership 191
Configuring Port to VLAN 192
Configuring VLAN Membership 193
GVRP Settings 194
Defining GVRP Settings 195
VLAN Groups 195
MAC-based Groups 196
Assigning MAC-based VLAN Groups 196
Mapping VLAN Group to VLAN Per Interface 197
Voice VLAN 198
Voice VLAN Overview 198
Dynamic Voice VLAN Modes 199
Voice End-Points 200
Auto Voice VLAN, Auto Smartports, CDP, and LLDP 200
Voice VLAN QoS 202
Voice VLAN Constraints 203
Voice VLAN Workflows 203
Configuring Voice VLAN 204
Configuring Voice VLAN Properties 205
Displaying Auto Voice VLAN Settings 206
Configuring Telephony OUI 208
Adding OUIs to the Telephony OUI Table 208
Adding Interfaces to Voice VLAN on Basis of OUIs 210
Access Port Multicast TV VLAN 211
IGMP Snooping 212
Differences Between Regular and Multicast TV VLANs 212
Configuration 213
Multicast TV Group to VLAN 213
Port Multicast VLAN Membership 214
Cisco Small Business 300 Series Managed Switch Administration Guide 7
Contents
Customer Port Multicast TV VLAN 214
Mapping CPE VLANs to Multicast TV VLANs 215
CPE Port Multicast VLAN Membership 216
Chapter 13: Spanning Tree 218
STP Flavors 218
Configuring STP Status and Global Settings 219
Defining Spanning Tree Interface Settings 221
Configuring Rapid Spanning Tree Settings 223
Multiple Spanning Tree 226
Defining MSTP Properties 226
Mapping VLANs to a MSTP Instance 227
Defining MSTP Instance Settings 228
Defining MSTP Interface Settings 229
Chapter 14: Managing MAC Address Tables 232
Types of MAC Addresses 232
Configuring Static MAC Addresses 233
Managing Dynamic MAC Addresses 234
Configuring Dynamic MAC Address Aging Time 234
Querying Dynamic Addresses 234
Defining Reserved MAC Addresses 235
Chapter 15: Multicast 236
Multicast Forwarding 236
Typical Multicast Setup 237
Multicast Address Properties 239
Defining Multicast Properties 239
Adding MAC Group Address 241
Adding IP Multicast Group Addresses 243
Configuring IGMP Snooping 244
Cisco Small Business 300 Series Managed Switch Administration Guide 8
Contents
MLD Snooping 247
Querying IGMP/MLD IP Multicast Group 249
Defining Multicast Router Ports 250
Defining Forward All Multicast 251
Defining Unregistered Multicast Settings 252
Chapter 16: IP Configuration 254
Overview 254
Layer 2 IP Addressing 255
Layer 3 IP Addressing 256
IPv4 Management and Interfaces 256
IPv4 Interface 256
Defining an IPv4 Interface in Layer 2 System Mode 257
Defining IPv4 Interface in Layer 3 System Mode 258
IPv4 Routes 260
ARP 261
ARP Proxy 262
UDP Relay/IP Helper 263
DHCPv4 Snooping/Relay 263
DHCPv4 Snooping 263
DHCPv4 Relay 264
Transparent DHCP Relay 264
Option 82 264
Interactions Between DHCPv4 Snooping, DHCPv4 Relay and Option 82 265
DHCP Snooping Binding Database 269
DHCP Trusted Ports 270
How the DHCP Snooping Binding Database is Built 270
DHCP Snooping Along With DHCP Relay 272
DHCP Default Configuration 272
Configuring DHCP Work Flow 272
DHCP Snooping/Relay 273
Properties 273
Interface Settings 274
DHCP Snooping Trusted Interfaces 274
DHCP Snooping Binding Database 275
Cisco Small Business 300 Series Managed Switch Administration Guide 9
Contents
DHCP Server 276
DHCP Options 276
Dependencies Between Features 278
Default Settings and Configurations 278
DHCPv4 Server 279
Network Pool 279
Excluded Addresses 281
Static Hosts 281
Address Binding 283
IPv6 Management and Interfaces 284
IPv6 Global Configuration 285
IPv6 Interface 285
IPv6 Tunnel 288
Configuring Tunnels 289
Defining IPv6 Addresses 290
IPv6 Default Router List 291
Defining IPv6 Neighbors Information 293
Viewing IPv6 Route Tables 294
DHCPv6 Relay 296
Dependencies with Other Features 296
Global Destinations 296
Interface Settings 297
Domain Name 297
DNS Settings 298
Search List 299
Host Mapping 300
Chapter 17: Security 302
Defining Users 303
Setting User Accounts 303
Setting Password Complexity Rules 305
Configuring TACACS+ 306
Accounting Using a TACACS+ Server 307
Defaults 308
Cisco Small Business 300 Series Managed Switch Administration Guide 10
Contents
Interactions With Other Features 308
Workflow 308
Configuring a TACACS+ Server 308
Configuring RADIUS 311
Accounting Using a RADIUS Server 311
Defaults 311
Interactions With Other Features 312
Radius Workflow 312
Configuring Management Access Authentication 315
Defining Management Access Method 316
Active Access Profile 317
Defining Profile Rules 319
SSL Server 321
SSL Overview 321
Default Settings and Configuration 322
SSL Server Authentication Settings 322
Configuring TCP/UDP Services 324
Defining Storm Control 325
Configuring Port Security 326
Configuring 802.1X 329
802.1X Parameters Workflow 332
Defining 802.1X Properties 332
Defining 802.1X Port Authentication 334
Defining Host and Session Authentication 337
Viewing Authenticated Hosts 339
Defining Time Ranges 339
Denial of Service Prevention 340
Secure Core Technology (SCT) 340
Types of DoS Attacks 340
Defense Against DoS Attacks 341
Dependencies Between Features 342
Cisco Small Business 300 Series Managed Switch Administration Guide 11
Contents
Default Configuration 342
Configuring DoS Prevention 342
Security Suite Settings 342
SYN Protection 344
Martian Addresses 345
SYN Filtering 346
SYN Rate Protection 347
ICMP Filtering 348
IP Fragmented Filtering 348
IP Source Guard 349
Interactions with Other Features 349
Filtering 350
Configuring IP Source Guard Work Flow 350
Enabling IP Source Guard 351
Configuring IP Source Guard on Interfaces 351
Binding Database 352
Dynamic ARP Inspection 353
How ARP Prevents Cache Poisoning 354
Interaction Between ARP Inspection and DHCP Snooping 355
ARP Defaults 355
ARP Inspection Work Flow 356
Defining ARP Inspection Properties 356
Defining Dynamic ARP Inspection Interfaces Settings 357
Defining ARP Inspection Access Control 357
Defining ARP Inspection Access Control Rules 358
Defining ARP Inspection VLAN Settings 358
Chapter 18: Security: Secure Sensitive Data Management 360
Introduction 360
SSD Management 361
SSD Rules 361
Elements of an SSD Rule 362
SSD Rules and User Authentication 365
Default SSD Rules 365
Cisco Small Business 300 Series Managed Switch Administration Guide 12
Contents
SSD Default Read Mode Session Override 366
SSD Properties 366
Passphrase 367
Default and User-defined Passphrases 367
Local Passphrase 367
Configuration File Passphrase Control 368
Configuration File Integrity Control 368
Read Mode 369
Configuration Files 369
File SSD Indicator 369
SSD Control Block 370
Startup Configuration File 370
Running Configuration File 371
Backup and Mirror Configuration File 372
Sensitive Data Zero-Touch Auto Configuration 373
SSD Management Channels 374
Menu CLI and Password Recovery 375
Configuring SSD 375
SSD Properties 375
SSD Rules 376
Chapter 19: Security: SSH Client 380
Secure Copy (SCP) and SSH 380
Protection Methods 381
Passwords 381
Public/Private Keys 382
Import Keys 382
SSH Server Authentication 383
SSH Client Authentication 384
Supported Algorithms 384
Before You Begin 385
Common Tasks 385
Cisco Small Business 300 Series Managed Switch Administration Guide 13
Contents
SSH Client Configuration Through the GUI 387
SSH User Authentication 387
SSH Server Authentication 388
Modifying the User Password on the SSH Server 388
Chapter 20: Security: SSH Server 390
Overview 390
Common Tasks 391
SSH Server Configuration Pages 392
SSH User Authentication 392
SSH Server Authentication 393
Chapter 21: Access Control 396
Access Control Lists 396
Defining MAC-based ACLs 398
Adding Rules to a MAC-based ACL 399
IPv4-based ACLs 401
Defining an IPv4-based ACL 401
Adding Rules (ACEs) to an IPv4-Based ACL 402
IPv6-Based ACLs 405
Adding Rules (ACEs) for an IPv6-Based ACL 406
Defining ACL Binding 409
Chapter 22: Quality of Service 412
QoS Features and Components 413
QoS Modes 413
QoS Workflow 414
Configuring QoS - General 415
Setting QoS Properties 416
Configuring QoS Queues 417
Mapping CoS/802.1p to a Queue 418
Mapping DSCP to Queue 420
Cisco Small Business 300 Series Managed Switch Administration Guide 14
Contents
Configuring Bandwidth 423
Configuring Egress Shaping per Queue 425
Configuring VLAN Ingress Rate Limit 425
TCP Congestion Avoidance 427
QoS Basic Mode 427
Workflow to Configure Basic QoS Mode 427
Configuring Global Settings 428
Interface QoS Settings 429
QoS Advanced Mode 429
Workflow to Configure Advanced QoS Mode 431
Configuring Global Settings 431
Configuring Out-of-Profile DSCP Mapping 432
Defining Class Mapping 434
QoS Policers 435
Defining Aggregate Policers 436
Configuring a Policy 437
Policy Class Maps 438
Policy Binding 440
Managing QoS Statistics 440
Policer Statistics 441
Viewing Single Policer Statistics 441
Viewing Aggregated Policer Statistics 442
Viewing Queues Statistics 442
Chapter 23: SNMP 446
SNMP Versions and Workflow 446
SNMPv1 and v2 447
SNMPv3 447
SNMP Workflow 447
Supported MIBs 449
Model OIDs 449
SNMP Engine ID 450
Cisco Small Business 300 Series Managed Switch Administration Guide 15
Contents
Configuring SNMP Views 452
Creating SNMP Groups 453
Managing SNMP Users 455
Defining SNMP Communities 457
Defining Trap Settings 459
Notification Recipients 460
Defining SNMPv1,2 Notification Recipients 460
Defining SNMPv3 Notification Recipients 462
SNMP Notification Filters 463
Cisco Small Business 300 Series Managed Switch Administration Guide 16
Contents
1
Cisco Small Business 300 Series Managed Switch Administration Guide 1
Getting Started
This section provides an introduction to the web-based configuration utility, and
covers the following topics:
• Starting the Web-based Configuration Utility
• Quick Start Device Configuration
• Interface Naming Conventions
• Window Navigation
Starting the Web-based Configuration Utility
This section describes how to navigate the web-based switch configuration utility.
If you are using a pop-up blocker, make sure it is disabled.
Browser Restrictions
• If you are using older versions of Internet Explorer, you cannot directly use
an IPv6 address to access the device. You can, however, use the DNS
(Domain Name System) server to create a domain name that contains the
IPv6 address, and then use that domain name in the address bar in place of
the IPv6 address.
• If you have multiple IPv6 interfaces on your management station, use the
IPv6 global address instead of the IPv6 link local address to access the
device from your browser.
Getting Started
Starting the Web-based Configuration Utility
Cisco Small Business 300 Series Managed Switch Administration Guide 2
1
Launching the Configuration Utility
To open the web-based configuration utility:
STEP 1 Open a Web browser.
STEP 2 Enter the IP address of the device you are configuring in the address bar on the
browser, and then press Enter.
NOTE When the device is using the factory default IP address of 192.168.1.254, its power
LED flashes continuously. When the device is using a DHCP assigned IP address or
an administrator-configured static IP address, the power LED is on solid.
Logging In
The default username is cisco and the default password is cisco. The first time
that you log in with the default username and password, you are required to enter
a new password.
NOTE If you have not previously selected a language for the GUI, the language of the Login
page is determined by the language(s) requested by your browser and the
languages configured on your device. If your browser requests Chinese, for
example, and Chinese has been loaded into your device, the Login page is
automatically displayed in Chinese. If Chinese has not been loaded into your
device, the Login page appears in English.
The languages loaded into the device have a language and country code (en-US,
en-GB and so on). For the Login page to be automatically displayed in a particular
language, based on the browser request, both the language and country code of
the browser request must match those of the language loaded on the device. If the
browser request contains only the language code without a country code (for
example: fr). The first embedded language with a matching language code is
taken (without matching the country code, for example: fr_CA).
To log in to the device configuration utility:
STEP 1 Enter the username/password. The password can contain up to 64 ASCII
characters. Password-complexity rules are described in the Setting Password
Complexity Rules section of the Configuring Security chapter.
STEP 2 If you are not using English, select the desired language from the Language drop-
down menu. To add a new language to the device or update a current one, refer to
the Upgrade/Backup Firmware/Language section.
Getting Started
Starting the Web-based Configuration Utility
3 Cisco Small Business 300 Series Managed Switch Administration Guide
1
STEP 3 If this is the first time that you logged on with the default user ID (cisco) and the
default password (cisco) or your password has expired, the Change Password
Page appears. See Password Expiration for additional information.
STEP 4 Choose whether to select Disable Password Complexity Enforcement or not.
For more information on password complexity, see the Setting Password
Complexity Rules section.
STEP 5 Enter the new password and click Apply.
When the login attempt is successful, the Getting Started page appears.
If you entered an incorrect username or password, an error message appears and
the Login page remains displayed on the window. If you are having problems
logging in, please see the Launching the Configuration Utility section in the
Administration Guide for additional information.
Select Don’t show this page on startup to prevent the Getting Started page from
being displayed each time that you log on to the system. If you select this option,
the System Summary page is opened instead of the Getting Started page.
HTTP/HTTPS
You can either open an HTTP session (not secured) by clicking Log In, or you can
open an HTTPS (secured) session, by clicking Secure Browsing (HTTPS). You are
asked to approve the logon with a default RSA key, and an HTTPS session is
opened.
NOTE There is no need to input the username/password prior to clicking the Secure
Browsing (HTTPS) button.
For information on how to configure HTTPS, see SSL Server.
Password Expiration
The New Password page appears:
• The first time you access the device with the default username cisco and
password cisco. This page forces you to replace the factory default
password.
• When the password expires, this page forces you to select a new
password.
/
