Cisco Systems Sf300 24P Users Manual Small Business 300 Series Managed Switches Administration Guide (English)

SRW224G4PK9NA to the manual e4dfb64e-81a0-4a35-a2a5-f7a861b4d369

2015-01-05

: Cisco-Systems Cisco-Systems-Sf300-24P-Users-Manual-203493 cisco-systems-sf300-24p-users-manual-203493 cisco-systems pdf

Open the PDF directly: View PDF PDF.
Page Count: 483 [warning: Documents this large are best viewed by clicking the View PDF Link!]

Cisco Small Business 300 Series Managed Switch
Administration Guide Release 1.3
ADMINISTRATION
GUIDE
Cisco Small Business 300 Series Managed Switch Administration Guide 1
Contents
Chapter 1: Getting Started 1
Starting the Web-based Configuration Utility 1
Launching the Configuration Utility 2
HTTP/HTTPS 3
Logging Out 4
Quick Start Device Configuration 5
Interface Naming Conventions 6
Window Navigation 7
Application Header 7
Management Buttons 9
Chapter 2: Status and Statistics 12
Viewing Ethernet Interfaces 12
Viewing Etherlike Statistics 13
Viewing GVRP Statistics 15
Viewing 802.1X EAP Statistics 16
Viewing TCAM Utilization[ 17
Managing RMON 18
Viewing RMON Statistics 18
Configuring RMON History 20
Viewing the RMON History Table 21
Defining RMON Events Control 22
Viewing the RMON Events Logs 24
Defining RMON Alarms 24
Chapter 3: Administration: System Log 28
Setting System Log Settings 28
Setting Remote Logging Settings 30
Viewing Memory Logs 31
RAM Memory 32
Flash Memory 32
Cisco Small Business 300 Series Managed Switch Administration Guide 2
Contents
Chapter 4: Administration: File Management 34
System Files 34
Upgrade/Backup Firmware/Language 37
Upgrade/Backing Firmware or Language File 38
Active Image 41
Download/Backup Configuration/Log 41
Configuration File Backwards Compatibility 42
Downloading or Backing-up a Configuration or Log File 43
Configuration Files Properties 47
Copy/Save Configuration 48
DHCP Auto Configuration 49
DHCP Server Options 50
Auto Configuration Download Protocol (TFTP or SCP) 50
SSH Client Authentication Parameters 51
Auto Configuration Process 51
Configuring DHCP Auto Configuration 53
Chapter 5: Administration: General Information 56
Device Models 56
System Information 58
Displaying the System Summary 58
Configuring the System Settings 60
Console Settings (Autobaud Rate Support) 61
Rebooting the Device 62
Routing Resources 64
Monitoring Fan Status 65
Defining Idle Session Timeout 67
Pinging a Host 67
Traceroute 69
Chapter 6: Administration: Time Settings 72
Cisco Small Business 300 Series Managed Switch Administration Guide 3
Contents
System Time Options 73
Time 73
Time Zone and Daylight Savings Time (DST) 74
SNTP Modes 74
Configuring System Time 75
Selecting Source of System Time 75
Adding a Unicast SNTP Server 77
Configuring the SNTP Mode 80
Defining SNTP Authentication 80
Time Range 81
Absolute Time Range 82
Recurring Time Range 83
Chapter 7: Administration: Diagnostics 84
Testing Copper Ports 84
Displaying Optical Module Status 86
MSA-compatible SFPs 86
Configuring Port and VLAN Mirroring 87
Viewing CPU Utilization and Secure Core Technology 89
Chapter 8: Administration: Discovery 92
Configuring Bonjour Discovery 92
Bonjour in Layer 2 System Mode 92
Bonjour in Layer 3 System Mode 93
LLDP and CDP 94
Configuring LLDP 95
LLDP Overview 96
Setting LLDP Properties 97
Editing LLDP Port Settings 98
LLDP MED Network Policy 100
Configuring LLDP MED Port Settings 102
Displaying LLDP Port Status 103
Displaying LLDP Local Information 104
Cisco Small Business 300 Series Managed Switch Administration Guide 4
Contents
Displaying LLDP Neighbors Information 108
Accessing LLDP Statistics 112
LLDP Overloading 113
Configuring CDP 115
Setting CDP Properties 115
Editing CDP Interface Settings 118
Displaying CDP Local Information 119
Displaying CDP Neighbors Information 121
Viewing CDP Statistics 123
Chapter 9: Port Management 124
Configuring Ports 124
Setting Port Configuration 125
Configuring Link Aggregation 128
Link Aggregation Overview 129
Load Balancing 129
Default Settings and Configuration 130
Static and Dynamic LAG Workflow 130
Defining LAG Management 131
Configuring LAG Settings 132
Configuring LACP 134
LACP Priority and Rules 134
LACP With No Link Partner 134
Setting LACP Parameter Settings 135
Configuring Green Ethernet 136
Green Ethernet Overview 136
Power Saving by Disabling Port LEDs 137
802.3az Energy Efficient Ethernet Feature 138
Setting Global Green Ethernet Properties 140
Setting Green Ethernet Properties for Ports 141
Chapter 10: Smartport 144
Overview 145
Cisco Small Business 300 Series Managed Switch Administration Guide 5
Contents
What is a Smartport 146
Smartport Types 146
Special Smartport Types 148
Smartport Macros 149
Applying a Smartport Type to an Interface 150
Macro Failure and the Reset Operation 150
How the Smartport Feature Works 151
Auto Smartport 152
Enabling Auto Smartport 152
Identifying Smartport Type 152
Using CDP/LLDP Information to Identify Smartport Types 153
Multiple Devices Attached to the Port 154
Persistent Auto Smartport Interface 155
Error Handling 155
Default Configuration 156
Relationships with Other Features and Backwards Compatibility 156
Common Smartport Tasks 156
Configuring Smartport Using The Web-based Interface 159
Smartport Properties 159
Smartport Type Settings 160
Smartport Interface Settings 161
Built-in Smartport Macros 164
Chapter 11: Port Management: PoE 176
PoE on the Device 176
PoE Features 176
PoE Operation 177
PoE Configuration Considerations 177
Configuring PoE Properties 179
Configuring PoE Settings 180
PoE priority example: 180
Cisco Small Business 300 Series Managed Switch Administration Guide 6
Contents
Chapter 12: VLAN Management 184
VLANs 184
Configuring Default VLAN Settings 187
Creating VLANs 189
Configuring VLAN Interface Settings 190
Defining VLAN Membership 191
Configuring Port to VLAN 192
Configuring VLAN Membership 193
GVRP Settings 194
Defining GVRP Settings 195
VLAN Groups 195
MAC-based Groups 196
Assigning MAC-based VLAN Groups 196
Mapping VLAN Group to VLAN Per Interface 197
Voice VLAN 198
Voice VLAN Overview 198
Dynamic Voice VLAN Modes 199
Voice End-Points 200
Auto Voice VLAN, Auto Smartports, CDP, and LLDP 200
Voice VLAN QoS 202
Voice VLAN Constraints 203
Voice VLAN Workflows 203
Configuring Voice VLAN 204
Configuring Voice VLAN Properties 205
Displaying Auto Voice VLAN Settings 206
Configuring Telephony OUI 208
Adding OUIs to the Telephony OUI Table 208
Adding Interfaces to Voice VLAN on Basis of OUIs 210
Access Port Multicast TV VLAN 211
IGMP Snooping 212
Differences Between Regular and Multicast TV VLANs 212
Configuration 213
Multicast TV Group to VLAN 213
Port Multicast VLAN Membership 214
Cisco Small Business 300 Series Managed Switch Administration Guide 7
Contents
Customer Port Multicast TV VLAN 214
Mapping CPE VLANs to Multicast TV VLANs 215
CPE Port Multicast VLAN Membership 216
Chapter 13: Spanning Tree 218
STP Flavors 218
Configuring STP Status and Global Settings 219
Defining Spanning Tree Interface Settings 221
Configuring Rapid Spanning Tree Settings 223
Multiple Spanning Tree 226
Defining MSTP Properties 226
Mapping VLANs to a MSTP Instance 227
Defining MSTP Instance Settings 228
Defining MSTP Interface Settings 229
Chapter 14: Managing MAC Address Tables 232
Types of MAC Addresses 232
Configuring Static MAC Addresses 233
Managing Dynamic MAC Addresses 234
Configuring Dynamic MAC Address Aging Time 234
Querying Dynamic Addresses 234
Defining Reserved MAC Addresses 235
Chapter 15: Multicast 236
Multicast Forwarding 236
Typical Multicast Setup 237
Multicast Address Properties 239
Defining Multicast Properties 239
Adding MAC Group Address 241
Adding IP Multicast Group Addresses 243
Configuring IGMP Snooping 244
Cisco Small Business 300 Series Managed Switch Administration Guide 8
Contents
MLD Snooping 247
Querying IGMP/MLD IP Multicast Group 249
Defining Multicast Router Ports 250
Defining Forward All Multicast 251
Defining Unregistered Multicast Settings 252
Chapter 16: IP Configuration 254
Overview 254
Layer 2 IP Addressing 255
Layer 3 IP Addressing 256
IPv4 Management and Interfaces 256
IPv4 Interface 256
Defining an IPv4 Interface in Layer 2 System Mode 257
Defining IPv4 Interface in Layer 3 System Mode 258
IPv4 Routes 260
ARP 261
ARP Proxy 262
UDP Relay/IP Helper 263
DHCPv4 Snooping/Relay 263
DHCPv4 Snooping 263
DHCPv4 Relay 264
Transparent DHCP Relay 264
Option 82 264
Interactions Between DHCPv4 Snooping, DHCPv4 Relay and Option 82 265
DHCP Snooping Binding Database 269
DHCP Trusted Ports 270
How the DHCP Snooping Binding Database is Built 270
DHCP Snooping Along With DHCP Relay 272
DHCP Default Configuration 272
Configuring DHCP Work Flow 272
DHCP Snooping/Relay 273
Properties 273
Interface Settings 274
DHCP Snooping Trusted Interfaces 274
DHCP Snooping Binding Database 275
Cisco Small Business 300 Series Managed Switch Administration Guide 9
Contents
DHCP Server 276
DHCP Options 276
Dependencies Between Features 278
Default Settings and Configurations 278
DHCPv4 Server 279
Network Pool 279
Excluded Addresses 281
Static Hosts 281
Address Binding 283
IPv6 Management and Interfaces 284
IPv6 Global Configuration 285
IPv6 Interface 285
IPv6 Tunnel 288
Configuring Tunnels 289
Defining IPv6 Addresses 290
IPv6 Default Router List 291
Defining IPv6 Neighbors Information 293
Viewing IPv6 Route Tables 294
DHCPv6 Relay 296
Dependencies with Other Features 296
Global Destinations 296
Interface Settings 297
Domain Name 297
DNS Settings 298
Search List 299
Host Mapping 300
Chapter 17: Security 302
Defining Users 303
Setting User Accounts 303
Setting Password Complexity Rules 305
Configuring TACACS+ 306
Accounting Using a TACACS+ Server 307
Defaults 308
Cisco Small Business 300 Series Managed Switch Administration Guide 10
Contents
Interactions With Other Features 308
Workflow 308
Configuring a TACACS+ Server 308
Configuring RADIUS 311
Accounting Using a RADIUS Server 311
Defaults 311
Interactions With Other Features 312
Radius Workflow 312
Configuring Management Access Authentication 315
Defining Management Access Method 316
Active Access Profile 317
Defining Profile Rules 319
SSL Server 321
SSL Overview 321
Default Settings and Configuration 322
SSL Server Authentication Settings 322
Configuring TCP/UDP Services 324
Defining Storm Control 325
Configuring Port Security 326
Configuring 802.1X 329
802.1X Parameters Workflow 332
Defining 802.1X Properties 332
Defining 802.1X Port Authentication 334
Defining Host and Session Authentication 337
Viewing Authenticated Hosts 339
Defining Time Ranges 339
Denial of Service Prevention 340
Secure Core Technology (SCT) 340
Types of DoS Attacks 340
Defense Against DoS Attacks 341
Dependencies Between Features 342
Cisco Small Business 300 Series Managed Switch Administration Guide 11
Contents
Default Configuration 342
Configuring DoS Prevention 342
Security Suite Settings 342
SYN Protection 344
Martian Addresses 345
SYN Filtering 346
SYN Rate Protection 347
ICMP Filtering 348
IP Fragmented Filtering 348
IP Source Guard 349
Interactions with Other Features 349
Filtering 350
Configuring IP Source Guard Work Flow 350
Enabling IP Source Guard 351
Configuring IP Source Guard on Interfaces 351
Binding Database 352
Dynamic ARP Inspection 353
How ARP Prevents Cache Poisoning 354
Interaction Between ARP Inspection and DHCP Snooping 355
ARP Defaults 355
ARP Inspection Work Flow 356
Defining ARP Inspection Properties 356
Defining Dynamic ARP Inspection Interfaces Settings 357
Defining ARP Inspection Access Control 357
Defining ARP Inspection Access Control Rules 358
Defining ARP Inspection VLAN Settings 358
Chapter 18: Security: Secure Sensitive Data Management 360
Introduction 360
SSD Management 361
SSD Rules 361
Elements of an SSD Rule 362
SSD Rules and User Authentication 365
Default SSD Rules 365
Cisco Small Business 300 Series Managed Switch Administration Guide 12
Contents
SSD Default Read Mode Session Override 366
SSD Properties 366
Passphrase 367
Default and User-defined Passphrases 367
Local Passphrase 367
Configuration File Passphrase Control 368
Configuration File Integrity Control 368
Read Mode 369
Configuration Files 369
File SSD Indicator 369
SSD Control Block 370
Startup Configuration File 370
Running Configuration File 371
Backup and Mirror Configuration File 372
Sensitive Data Zero-Touch Auto Configuration 373
SSD Management Channels 374
Menu CLI and Password Recovery 375
Configuring SSD 375
SSD Properties 375
SSD Rules 376
Chapter 19: Security: SSH Client 380
Secure Copy (SCP) and SSH 380
Protection Methods 381
Passwords 381
Public/Private Keys 382
Import Keys 382
SSH Server Authentication 383
SSH Client Authentication 384
Supported Algorithms 384
Before You Begin 385
Common Tasks 385
Cisco Small Business 300 Series Managed Switch Administration Guide 13
Contents
SSH Client Configuration Through the GUI 387
SSH User Authentication 387
SSH Server Authentication 388
Modifying the User Password on the SSH Server 388
Chapter 20: Security: SSH Server 390
Overview 390
Common Tasks 391
SSH Server Configuration Pages 392
SSH User Authentication 392
SSH Server Authentication 393
Chapter 21: Access Control 396
Access Control Lists 396
Defining MAC-based ACLs 398
Adding Rules to a MAC-based ACL 399
IPv4-based ACLs 401
Defining an IPv4-based ACL 401
Adding Rules (ACEs) to an IPv4-Based ACL 402
IPv6-Based ACLs 405
Adding Rules (ACEs) for an IPv6-Based ACL 406
Defining ACL Binding 409
Chapter 22: Quality of Service 412
QoS Features and Components 413
QoS Modes 413
QoS Workflow 414
Configuring QoS - General 415
Setting QoS Properties 416
Configuring QoS Queues 417
Mapping CoS/802.1p to a Queue 418
Mapping DSCP to Queue 420
Cisco Small Business 300 Series Managed Switch Administration Guide 14
Contents
Configuring Bandwidth 423
Configuring Egress Shaping per Queue 425
Configuring VLAN Ingress Rate Limit 425
TCP Congestion Avoidance 427
QoS Basic Mode 427
Workflow to Configure Basic QoS Mode 427
Configuring Global Settings 428
Interface QoS Settings 429
QoS Advanced Mode 429
Workflow to Configure Advanced QoS Mode 431
Configuring Global Settings 431
Configuring Out-of-Profile DSCP Mapping 432
Defining Class Mapping 434
QoS Policers 435
Defining Aggregate Policers 436
Configuring a Policy 437
Policy Class Maps 438
Policy Binding 440
Managing QoS Statistics 440
Policer Statistics 441
Viewing Single Policer Statistics 441
Viewing Aggregated Policer Statistics 442
Viewing Queues Statistics 442
Chapter 23: SNMP 446
SNMP Versions and Workflow 446
SNMPv1 and v2 447
SNMPv3 447
SNMP Workflow 447
Supported MIBs 449
Model OIDs 449
SNMP Engine ID 450
Cisco Small Business 300 Series Managed Switch Administration Guide 15
Contents
Configuring SNMP Views 452
Creating SNMP Groups 453
Managing SNMP Users 455
Defining SNMP Communities 457
Defining Trap Settings 459
Notification Recipients 460
Defining SNMPv1,2 Notification Recipients 460
Defining SNMPv3 Notification Recipients 462
SNMP Notification Filters 463
Cisco Small Business 300 Series Managed Switch Administration Guide 16
Contents
1
Cisco Small Business 300 Series Managed Switch Administration Guide 1
Getting Started
This section provides an introduction to the web-based configuration utility, and
covers the following topics:
Starting the Web-based Configuration Utility
Quick Start Device Configuration
Interface Naming Conventions
Window Navigation
Starting the Web-based Configuration Utility
This section describes how to navigate the web-based switch configuration utility.
If you are using a pop-up blocker, make sure it is disabled.
Browser Restrictions
If you are using older versions of Internet Explorer, you cannot directly use
an IPv6 address to access the device. You can, however, use the DNS
(Domain Name System) server to create a domain name that contains the
IPv6 address, and then use that domain name in the address bar in place of
the IPv6 address.
If you have multiple IPv6 interfaces on your management station, use the
IPv6 global address instead of the IPv6 link local address to access the
device from your browser.
Getting Started
Starting the Web-based Configuration Utility
Cisco Small Business 300 Series Managed Switch Administration Guide 2
1
Launching the Configuration Utility
To open the web-based configuration utility:
STEP 1 Open a Web browser.
STEP 2 Enter the IP address of the device you are configuring in the address bar on the
browser, and then press Enter.
NOTE When the device is using the factory default IP address of 192.168.1.254, its power
LED flashes continuously. When the device is using a DHCP assigned IP address or
an administrator-configured static IP address, the power LED is on solid.
Logging In
The default username is cisco and the default password is cisco. The first time
that you log in with the default username and password, you are required to enter
a new password.
NOTE If you have not previously selected a language for the GUI, the language of the Login
page is determined by the language(s) requested by your browser and the
languages configured on your device. If your browser requests Chinese, for
example, and Chinese has been loaded into your device, the Login page is
automatically displayed in Chinese. If Chinese has not been loaded into your
device, the Login page appears in English.
The languages loaded into the device have a language and country code (en-US,
en-GB and so on). For the Login page to be automatically displayed in a particular
language, based on the browser request, both the language and country code of
the browser request must match those of the language loaded on the device. If the
browser request contains only the language code without a country code (for
example: fr). The first embedded language with a matching language code is
taken (without matching the country code, for example: fr_CA).
To log in to the device configuration utility:
STEP 1 Enter the username/password. The password can contain up to 64 ASCII
characters. Password-complexity rules are described in the Setting Password
Complexity Rules section of the Configuring Security chapter.
STEP 2 If you are not using English, select the desired language from the Language drop-
down menu. To add a new language to the device or update a current one, refer to
the Upgrade/Backup Firmware/Language section.
Getting Started
Starting the Web-based Configuration Utility
3 Cisco Small Business 300 Series Managed Switch Administration Guide
1
STEP 3 If this is the first time that you logged on with the default user ID (cisco) and the
default password (cisco) or your password has expired, the Change Password
Page appears. See Password Expiration for additional information.
STEP 4 Choose whether to select Disable Password Complexity Enforcement or not.
For more information on password complexity, see the Setting Password
Complexity Rules section.
STEP 5 Enter the new password and click Apply.
When the login attempt is successful, the Getting Started page appears.
If you entered an incorrect username or password, an error message appears and
the Login page remains displayed on the window. If you are having problems
logging in, please see the Launching the Configuration Utility section in the
Administration Guide for additional information.
Select Don’t show this page on startup to prevent the Getting Started page from
being displayed each time that you log on to the system. If you select this option,
the System Summary page is opened instead of the Getting Started page.
HTTP/HTTPS
You can either open an HTTP session (not secured) by clicking Log In, or you can
open an HTTPS (secured) session, by clicking Secure Browsing (HTTPS). You are
asked to approve the logon with a default RSA key, and an HTTPS session is
opened.
NOTE There is no need to input the username/password prior to clicking the Secure
Browsing (HTTPS) button.
For information on how to configure HTTPS, see SSL Server.
Password Expiration
The New Password page appears:
The first time you access the device with the default username cisco and
password cisco. This page forces you to replace the factory default
password.
When the password expires, this page forces you to select a new
password.
Getting Started
Starting the Web-based Configuration Utility
Cisco Small Business 300 Series Managed Switch Administration Guide 4
1
Logging Out
By default, the application logs out after ten minutes of inactivity. You can change
this default value as described in the Defining Idle Session Timeout section.
!
CAUTION Unless the Running Configuration is copied to the Startup Configuration, rebooting
the device will remove all changes made since the last time the file was saved.
Save the Running Configuration to the Startup Configuration before logging off to
preserve any changes you made during this session.
A flashing red X icon to the left of the Save application link indicates that Running
Configuration changes have not yet been saved to the Startup Configuration file.
The flashing can be disabled by clicking on the Disable Save Icon Blinking button
on the Copy/Save Configuration page
When the device auto-discovers a device, such as an IP phone (see What is a
Smartport), and it configures the port appropriately for the device. These
configuration commands are written to the Running Configuration file. This causes
the Save icon to begin blinking when the you log on even though you did not make
any configuration changes.
When you click Save, the Copy/Save Configuration page appears. Save the
Running Configuration file by copying it to the Startup Configuration file. After this
save, the red X icon and the Save application link are no longer displayed.
To logout, click Logout in the top right corner of any page. The system logs out of
the device.
When a timeout occurs or you intentionally log out of the system, a message
appears and the Login page appears, with a message indicating the logged-out
state. After you log in, the application returns to the initial page.
The initial page displayed depends on the “Do not show this page on startup”
option in the Getting Started page. If you did not select this option, the initial page
is the Getting Started page. If you did select this option, the initial page is the
System Summary page.
Getting Started
Quick Start Device Configuration
5 Cisco Small Business 300 Series Managed Switch Administration Guide
1
Quick Start Device Configuration
To simplify device configuration through quick navigation, the Getting Started
page provides links to the most commonly used pages.
There are two hot links on the Getting Started page that take you to Cisco web
pages for more information. Clicking on the Support link takes you to the device
product support page, and clicking on the Forums link takes you to the Small
Business Support Community page.
Links on the Getting Started page
Category Link Name (on the Page) Linked Page
Change Management
Applications and Services
TCP/UDP Services page
Change Device IP Address IPv4 Interface page
Create VLAN Create VLAN page
Configure Port Settings Port Setting page
Device Status System Summary System Summary page
Port Statistics Interface page
RMON Statistics Statistics page
View Log RAM Memory page
Quick Access Change Device Password User Accounts page
Upgrade Device Software Upgrade/Backup Firmware/
Language page
Backup Device Configuration Download/Backup
Configuration/Log page
Create MAC Based ACL MAC Based ACL page
Create IP Based ACL IPv4 Based ACL page
Configure QoS QoS Properties page
Configure Port Mirroring Port and VLAN Mirroring page
Getting Started
Interface Naming Conventions
Cisco Small Business 300 Series Managed Switch Administration Guide 6
1
Interface Naming Conventions
Within the GUI, interfaces are denoted by concatenating the following elements:
Type of interface: The following types of interfaces are found on the various
types of devices:
-Fast Ethernet (10/100 bits)These are displayed as FE.
-Gigabit Ethernet ports (10/100/1000 bits)These are displayed as
GE.
-LAG (Port Channel)These are displayed as LAG.
-VLANThese are displayed as VLAN.
-TunnelThese are displayed as Tunnel.
Interface Number: Port, LAG, tunnel or VLAN ID
Getting Started
Window Navigation
7 Cisco Small Business 300 Series Managed Switch Administration Guide
1
Window Navigation
This section describes the features of the web-based switch configuration utility.
Application Header
The Application Header appears on every page. It provides the following
application links:
Application Links
Application Link
Name
Description
A flashing red X icon displayed to the left of the Save
application link indicates that Running Configuration
changes have been made that have not yet been saved to
the Startup Configuration file. The flashing of the red X can
be disabled on the Copy/Save Configuration page.
Click Save to display the Copy/Save Configuration page.
Save the Running Configuration file by copying it to the
Startup Configuration file type on the device. After this
save, the red X icon and the Save application link are no
longer displayed. When the device is rebooted, it copies
the Startup Configuration file type to the Running
Configuration and sets the device parameters according
to the data in the Running Configuration.
Username Displays the name of the user logged on to the device. The
default username is cisco. (The default password is cisco).
Getting Started
Window Navigation
Cisco Small Business 300 Series Managed Switch Administration Guide 8
1
Language Menu This menu provides the following options:
Select a language: Select one of the languages that
appear in the menu. This language will be the web-
based configuration utility language.
Download Language: Add a new language to the
device.
Delete Language: Deletes the second language on
the device. The first language (English) cannot be
deleted.
Debug: Used for translation purposes. If you select
this option, all web-based configuration utility labels
disappear and in their place are the IDs of the
strings that correspond to the IDs in the language
file.
NOTE To upgrade a language file, use the Upgrade/
Backup Firmware/Language page.
Logout Click to log out of the web-based switch configuration
utility.
About Click to display the device name and device version
number.
Help Click to display the online help.
The SYSLOG Alert Status icon appears when a SYSLOG
message, above the critical severity level, is logged. Click
the icon to open the RAM Memory page. After you access
this page, the SYSLOG Alert Status icon is no longer
displayed. To display the page when there is not an active
SYSLOG message, Click Status and Statistics > View
Log > RAM Memory.
Application Links (Continued)
Application Link
Name
Description
Getting Started
Window Navigation
9 Cisco Small Business 300 Series Managed Switch Administration Guide
1
Management Buttons
The following table describes the commonly-used buttons that appear on various
pages in the system.
Management Buttons
Button Name Description
Use the pull-down menu to configure the number of
entries per page.
Indicates a mandatory field.
Add Click to display the related Add page and add an entry to a
table. Enter the information and click Apply to save it to the
Running Configuration. Click Close to return to the main
page. Click Save to display the Copy/Save Configuration
page and save the Running Configuration to the Startup
Configuration file type on the device.
Apply Click to apply changes to the Running Configuration on the
device. If the device is rebooted, the Running
Configuration is lost, unless it is saved to the Startup
Configuration file type or another file type. Click Save to
display the Copy/Save Configuration page and save the
Running Configuration to the Startup Configuration file
type on the device.
Cancel Click to reset changes made on the page.
Clear All
Interfaces
Counters
Click to clear the statistic counters for all interfaces.
Clear Interface
Counters
Click to clear the statistic counters for the selected
interface.
Clear Logs Clears log files.
Clear Table Clears table entries.
Close Returns to main page. If any changes were not applied to
the Running Configuration, a message appears.
Getting Started
Window Navigation
Cisco Small Business 300 Series Managed Switch Administration Guide 10
1
Copy Settings A table typically contains one or more entries containing
configuration settings. Instead of modifying each entry
individually, it is possible to modify one entry and then
copy the selected entry to multiple entries, as described
below:
1. Select the entry to be copied. Click Copy Settings to
display the popup.
2. Enter the destination entry numbers in the to field.
3. Click Apply to save the changes and click Close to
return to the main page.
Delete After selecting an entry in the table, click Delete to
remove.
Details Click to display the details associated with the entry
selected.
Edit Select the entry and click Edit. The Edit page appears,
and the entry can be modified.
1. Click Apply to save the changes to the Running
Configuration.
2. Click Close to return to the main page.
Go Enter the query filtering criteria and click Go. The results
are displayed on the page.
Test Click Te st to perform the related tests.
Management Buttons (Continued)
Button Name Description
Getting Started
Window Navigation
11 Cisco Small Business 300 Series Managed Switch Administration Guide
1
2
Cisco Small Business 300 Series Managed Switch Administration Guide 12
Status and Statistics
This section describes how to view device statistics.
It covers the following topics:
Viewing Ethernet Interfaces
Viewing Etherlike Statistics
Viewing GVRP Statistics
Viewing 802.1X EAP Statistics
Viewing TCAM Utilization[
Managing RMON
Viewing Ethernet Interfaces
The Interface page
displays traffic statistics per port. The refresh rate of the
information can be selected.
This page is useful for analyzing the amount of traffic that is both sent and
received and its dispersion (Unicast, Multicast, and Broadcast).
To display Ethernet statistics and/or set the refresh rate:
STEP 1 Click Status and Statistics > Interface.
STEP 2 Enter the parameters.
Interface—Select the type of interface and specific interface for which
Ethernet statistics are to be displayed.
Refresh Rate—Select the time period that passes before the interface
Ethernet statistics are refreshed. The available options are:
-No Refresh—Statistics are not refreshed.
Status and Statistics
Viewing Etherlike Statistics
13 Cisco Small Business 300 Series Managed Switch Administration Guide
2
-15 Sec—Statistics are refreshed every 15 seconds.
-30 Sec—Statistics are refreshed every 30 seconds.
-60 Sec—Statistics are refreshed every 60 seconds.
The Receive Statistics area displays information about incoming packets.
Total By te s (Octets)—Octets received, including bad packets and FCS
octets, but excluding framing bits.
Unicast Packets—Good Unicast packets received.
Multicast Packets—Good Multicast packets received.
Broadcast Packets—Good Broadcast packets received.
Packets with Errors—Packets with errors received.
The Transmit Statistics area displays information about outgoing packets.
Total By te s (Octets)—Octets transmitted, including bad packets and FCS
octets, but excluding framing bits.
Unicast Packets—Good Unicast packets transmitted.
Multicast Packets—Good Multicast packets transmitted.
Broadcast PacketsGood Broadcast packets transmitted.
To clear statistics counters:
Click Clear Interface Counters to clear counters for the interface displayed.
Click View All Interfaces Statistics to see all ports on a single page.
Viewing Etherlike Statistics
The Etherlike page
displays statistics per port according to the Etherlike MIB
standard definition. The refresh rate of the information can be selected. This page
provides more detailed information regarding errors in the physical layer (Layer 1),
which might disrupt traffic.
To view Etherlike Statistics and/or set the refresh rate:
Status and Statistics
Viewing Etherlike Statistics
Cisco Small Business 300 Series Managed Switch Administration Guide 14
2
STEP 1 Click Status and Statistics > Etherlike.
STEP 2 Enter the parameters.
Interface—Select the type of interface and specific interface for which
Ethernet statistics are to be displayed.
Refresh Rate—Select the amount of time that passes before the Etherlike
statistics are refreshed.
The fields are displayed for the selected interface.
Frame Check Sequence (FCS) Errors—Received frames that failed the
CRC (cyclic redundancy checks).
Single Collision Frames—Frames that were involved in a single collision,
but were successfully transmitted.
Late Collisions—Collisions that have been detected after the first 512 bits
of data.
Excessive Collisions—Number of transmissions rejected due to excessive
collisions.
Oversize Packets—Packets greater than 2000 octets received.
Internal MAC Receive Errors—Frames rejected because of receiver errors.
Pause Frames Received—Received flow control pause frames.
Pause Frames Transmitted—Flow control pause frames transmitted from
the selected interface.
To clear statistics counters:
Click Clear Interface Counters to clear the selected interfaces counters.
Click View All Interfaces Statistics to see all ports on a single page.
Status and Statistics
Viewing GVRP Statistics
15 Cisco Small Business 300 Series Managed Switch Administration Guide
2
Viewing GVRP Statistics
The GVRP page displays information regarding GARP VLAN Registration Protocol
(GVRP) frames that were sent or received from a port. GVRP is a standards-based
Layer 2 network protocol, for automatic configuration of VLAN information on
switches. It was defined in the 802.1ak amendment to 802.1Q-2005.
GVRP statistics for a port are only displayed if GVRP is enabled globally and on
the port. See the GVRP page.
To view GVRP statistics and/or set the refresh rate:
STEP 1 Click Status and Statistics > GVRP.
STEP 2 Enter the parameters.
Interface—Select the specific interface for which GVRP statistics are to be
displayed.
Refresh Rate—Select the time period that passes before the GVRP
statistics page is refreshed.
The Attribute Counter block displays the counters for various types of packets per
interface.
Join Empty—Number of GVRP Join Empty packets received/transmitted.
Empty—Number of GVRP empty packets received/transmitted.
Leave Empty—Number of GVRP Leave Empty packets received/
transmitted.
Join In—Number of GVRP Join In packets received/transmitted.
Leave In—Number of GVRP Leave In packets received/transmitted.
Leave All—Number of GVRP Leave All packets received/transmitted.
The GVRP Error Statistics section displays the GVRP error counters.
Invalid Protocol ID—Invalid protocol ID errors.
Invalid Attribute Type—Invalid attribute ID errors.
Invalid Attribute Value—Invalid attribute value errors.
Invalid Attribute Length—Invalid attribute length errors.
Invalid Event—Invalid events.
Status and Statistics
Viewing 802.1X EAP Statistics
Cisco Small Business 300 Series Managed Switch Administration Guide 16
2
To clear statistics counters:
Click Clear Interface Counters to clear the selected counters.
Click View All Interfaces Statistics to see all ports on a single page.
Viewing 802.1X EAP Statistics
The 802.1x EAP page displays detailed information regarding the EAP (Extensible
Authentication Protocol) frames that were sent or received. To configure the
802.1X feature, see the 802.1X Properties page.
To view the EAP Statistics and/or set the refresh rate:
STEP 1 Click Status and Statistics > 802.1x EAP.
STEP 2 Select the Interface that is polled for statistics.
STEP 3 Select the time period (Refresh Rate) that passes before the EAP statistics are
refreshed.
The values are displayed for the selected interface.
EAPOL Frames ReceivedValid EAPOL frames received on the port.
EAPOL Frames TransmittedValid EAPOL frames transmitted by the port.
EAPOL Start Frames Received—EAPOL Start frames received on the port.
EAPOL Logoff Frames Received—EAPOL Logoff frames received on the
port.
EAP Response/ID Frames Received—EAP Resp/ID frames received on the
port.
EAP Response Frames Received—EAP Response frames received by the
port (other than Resp/ID frames).
EAP Request/ID Frames Transmitted—EAP Req/ID frames transmitted by
the port.
EAP Request Frames Transmitted—EAP Request frames transmitted by
the port.
Status and Statistics
Viewing TCAM Utilization[
17 Cisco Small Business 300 Series Managed Switch Administration Guide
2
Invalid EAPOL Frames Received—Unrecognized EAPOL frames received
on this port.
EAP Length Error Frames Received—EAPOL frames with an invalid Packet
Body Length received on this port.
Last EAPOL Frame Version—Protocol version number attached to the most
recently received EAPOL frame.
Last EAPOL Frame Source—Source MAC address attached to the most
recently received EAPOL frame.
To clear statistics counters:
Click Clear Interface Counters to clear the selected interfaces counters.
Click Clear All Interface Counters to clear the counters of all interfaces.
Viewing TCAM Utilization[
The device architecture uses a TCAM (Ternary Content Addressable Memory) to
support packet actions in wire speed.
TCAM holds the rules produced by applications, such as ACLs (Access Control
Lists), Quality of Service (QoS), IP Routing and user-created rules. The maximum
number of TCAM rules that can be allocated by all applications on the device is
512.
Some applications allocate rules upon their initiation. Additionally, processes that
initialize during system boot use some of their rules during the startup process.
To view TCAM utilization, click Status and Statistics > TCAM Utilization.
The TCAM Utilization page shows the following fields:
Maximum TCAM Entries for IPv4 and Non-IP (Rules)—Maximum TCAM
Entries available.
IPv4 Routing
-In Use—Number of TCAM entries used for IPv4 routing.
-Maximum—Number of available TCAM entries that can be used for IPv4
routing.
Status and Statistics
Managing RMON
Cisco Small Business 300 Series Managed Switch Administration Guide 18
2
Non-IP Rules
-In Use—Number of TCAM entries used for non-IP rules.
-Maximum—Number of available TCAM entries that can be used for non-
IP rules.
Managing RMON
RMON (Remote Networking Monitoring) is an SNMP specification that enables an
SNMP agent in the device to proactively monitor traffic statistics over a given
period and send traps to an SNMP manager. The local SNMP agent compares
actual, real-time counters against predefined thresholds and generates alarms,
without the need for polling by a central SNMP management platform. This is an
effective mechanism for proactive management, provided that you have the
correct thresholds set relative to your networks base line.
RMON decreases the traffic between the manager and the device because the
SNMP manager does not have to poll the device frequently for information, and
enables the manager to get timely status reports, because the device reports
events as they occur.
With this feature, you can perform the following actions:
View the current statistics (since the counter values were cleared). You can
also collect the values of these counters over a period of time, and then
view the table of collected data, where each collected set is a single line of
the History tab.
Define interesting changes in counter values, such as “reached a certain
number of late collisions” (defines the alarm), and then specify what action
to perform when this event occurs (log, trap, or log and trap).
Viewing RMON Statistics
The Statistics page
displays detailed information regarding packet sizes and
information regarding physical layer errors. The information displayed is according
to the RMON standard. An oversized packet is defined as an Ethernet frame with
the following criteria:
Packet length is greater than MRU byte size.
Collision event has not been detected.
Status and Statistics
Managing RMON
19 Cisco Small Business 300 Series Managed Switch Administration Guide
2
Late collision event has not been detected.
Received (Rx) error event has not been detected.
Packet has a valid CRC.
To view RMON statistics and/or set the refresh rate:
STEP 1 Click Status and Statistics > RMON > Statistics.
STEP 2 Select the Interface for which Ethernet statistics are to be displayed.
STEP 3 Select the Refresh Rate, the time period that passes before the interface
statistics are refreshed.
The statistics are displayed for the selected interface.
Bytes Received—Number of octets received, including bad packets and
FCS octets, but excluding framing bits.
Drop Events—Number of packets dropped.
Packets Received—Number of good packets received, including Multicast
and Broadcast packets.
Broadcast Packets Received—Number of good Broadcast packets
received. This number does not include Multicast packets.
Multicast Packets Received—Number of good Multicast packets received.
CRC & Align Errors—Number of CRC and Align errors that have occurred.
Undersize Packets—Number of undersized packets (less than 64 octets)
received.
Oversize Packets—Number of oversized packets (over 2000 octets)
received.
Fragments—Number of fragments (packets with less than 64 octets,
excluding framing bits, but including FCS octets) received.
JabbersTotal number received packets that were longer than 1632
octets. This number excludes frame bits, but includes FCS octets that had
either a bad FCS (Frame Check Sequence) with an integral number of octets
(FCS Error) or a bad FCS with a non-integral octet (Alignment Error) number.
A Jabber packet is defined as an Ethernet frame that satisfies the following
criteria:
-Packet data length is greater than MRU.
Status and Statistics
Managing RMON
Cisco Small Business 300 Series Managed Switch Administration Guide 20
2
-Packet has an invalid CRC.
-Received (Rx) Error Event has not been detected.
Collisions—Number of collisions received. If Jumbo Frames are enabled,
the threshold of Jabber Frames is raised to the maximum size of Jumbo
Frames.
Frames of 64 Bytes—Number of frames, containing 64 bytes that were
received.
Frames of 65 to 127 Bytes—Number of frames, containing 65-127 bytes
that were received.
Frames of 128 to 255 Bytes—Number of frames, containing 128-255 bytes
that were received.
Frames of 256 to 511 Bytes—Number of frames, containing 256-511 bytes
that were received.
Frames of 512 to 1023 Bytes—Number of frames, containing 512-1023
bytes that were received.
Frames greater than 1024 Bytes—Number of frames, containing 1024-
2000 bytes, and Jumbo Frames, that were received.
To clear statistics counters:
Click Clear Interface Counters to clear the selected interfaces counters.
Click View All Interfaces Statistics to see all ports on a single page.
Configuring RMON History
The RMON feature enables monitoring statistics per interface.
The History Control Table page
defines the sampling frequency, amount of
samples to store and the port from where to gather the data.
After the data is sampled and stored, it appears in the History Table page that can
be viewed by clicking History Table.
Status and Statistics
Managing RMON
21 Cisco Small Business 300 Series Managed Switch Administration Guide
2
To enter RMON control information:
STEP 1 Click Status and Statistics > RMON > History. The fields displayed on this page
are defined in the Add RMON History page, below. The only field is that is on this
page and not defined in the Add page is:
Current Number of Samples—RMON is allowed by standard to not grant all
requested samples, but rather to limit the number of samples per request.
Therefore, this field represents the sample number actually granted to the
request that is equal or less than the requested value.
STEP 2 Click Add.
STEP 3 Enter the parameters.
New History Entry—Displays the number of the new History table entry.
Source Interface—Select the type of interface from which the history
samples are to be taken.
Max No. of Samples to Keep—Enter the number of samples to store.
Sampling Interval—Enter the time in seconds that samples are collected
from the ports. The field range is 1-3600.
Owner—Enter the RMON station or user that requested the RMON
information.
STEP 4 Click Apply. The entry is added to the History Control Table page
,
and the Running
Configuration file is updated.
STEP 5 Click History Table to view the actual statistics.
Viewing the RMON History Table
The History Table page displays interface-specific statistical network samplings.
The samples were configured in the History Control table described above.
To view RMON history statistics:
STEP 1 Click Status and Statistics > RMON > History.
STEP 2 Click History Table.
STEP 3 From the History Entry No. list, select the entry number of the sample to display.
Status and Statistics
Managing RMON
Cisco Small Business 300 Series Managed Switch Administration Guide 22
2
The fields are displayed for the selected sample.
Owner—History table entry owner.
Sample No.—Statistics were taken from this sample.
Drop Events—Dropped packets due to lack of network resources during the
sampling interval. This may not represent the exact number of dropped
packets, but rather the number of times dropped packets were detected.
Bytes Received—Octets received including bad packets and FCS octets,
but excluding framing bits.
Packets Received—Packets received, including bad packets, Multicast,
and Broadcast packets.
Broadcast Packets—Good Broadcast packets excluding Multicast packets.
Multicast PacketsGood Multicast packets received.
CRC Align Errors—CRC and Align errors that have occurred.
Undersize Packets—Undersized packets (less than 64 octets) received.
Oversize Packets—Oversized packets (over 2000 octets) received.
Fragments—Fragments (packets with less than 64 octets) received,
excluding framing bits, but including FCS octets.
JabbersTotal number of received packets that were longer than 2000
octets. This number excludes frame bits, but includes FCS octets that had
either a bad FCS (Frame Check Sequence) with an integral number of octets
(FCS Error) or a bad FCS with a non-integral octet (Alignment Error) number.
Collisions—Collisions received.
Utilization—Percentage of current interface traffic compared to maximum
traffic that the interface can handle.
Defining RMON Events Control
You can control the occurrences that trigger an alarm and the type of notification
that occurs. This is performed as follows:
Events PageConfigures what happens when an alarm is triggered. This
can be any combination of logs and traps.
Status and Statistics
Managing RMON
23 Cisco Small Business 300 Series Managed Switch Administration Guide
2
Alarms Page—Configures the occurrences that trigger an alarm.
To define RMON events:
STEP 1 Click Status and Statistics > RMON > Events.
This page displays previously defined events.
STEP 2 Click Add.
STEP 3 Enter the parameters.
Event Entry—Displays the event entry index number for the new entry.
Community—Enter the SNMP community string to be included when traps
are sent (optional).
Description—Enter a name for the event. This name is used in the Add
RMON Alarm page to attach an alarm to an event.
Notification Type—Select the type of action that results from this event.
Values are:
-None—No action occurs when the alarm goes off.
-Log (Event Log Table)—Add a log entry to the Event Log table when the
alarm is triggered.
-Trap (SNMP Manager and SYSLOG Server)—Send a trap to the remote
log server when the alarm goes off.
-Log and Trap—Add a log entry to the Event Log table and send a trap to
the remote log server when the alarm goes off.
Time—The time of the event. (This is a read-only table in the parent window
and cannot be defined).
Owner—Enter the device or user that defined the event.
STEP 4 Click Apply. The RMON event is saved to the Running Configuration file.
STEP 5 Click Event Log Table to display the log of alarms that have occurred and that have
been logged (see description below).
Status and Statistics
Managing RMON
Cisco Small Business 300 Series Managed Switch Administration Guide 24
2
Viewing the RMON Events Logs
The Event Log Table page displays the log of events (actions) that occurred. Two
types of events can be logged: Log or Log and Trap. The action in the event is
performed when the event is bound to an alarm (see the Alarms page) and the
conditions of the alarm have occurred.
STEP 1 Click Status and Statistics > RMON > Events.
STEP 2 Click Event Log Table.
This page displays the following fields:
Event Entry No.—Event’s log entry number.
Log No.—Log number (within the event).
Log TimeTime that the log entry was entered.
Description—Description of event that triggered the alarm.
Defining RMON Alarms
RMON alarms provide a mechanism for setting thresholds and sampling intervals
to generate exception events on any counter or any other SNMP object counter
maintained by the agent. Both the rising and falling thresholds must be configured
in the alarm. After a rising threshold is crossed, no rising events are generated until
the companion falling threshold is crossed. After a falling alarm is issued, the next
alarm is issued when a rising threshold is crossed.
One or more alarms are bound to an event, which indicates the action to be taken
when the alarm occurs.
The Alarms page provides the ability to configure alarms and to bind them with
events. Alarm counters can be monitored by either absolute values or changes
(delta) in the counter values.
Status and Statistics
Managing RMON
25 Cisco Small Business 300 Series Managed Switch Administration Guide
2
To enter RMON alarms:
STEP 1 Click Status and Statistics > RMON > Alarms. All previously-defined alarms are
displayed. The fields are described in the Add RMON Alarm page below. In
addition to those fields, the following field appears:
Counter Value—Displays the value of the statistic during the last sampling
period.
STEP 2 Click Add.
STEP 3 Enter the parameters.
Alarm Entry—Displays the alarm entry number.
Interface—Select the type of interface for which RMON statistics are
displayed.
Counter Name—Select the MIB variable that indicates the type of
occurrence measured.
Sample Type—Select the sampling method to generate an alarm. The
options are:
-Absolute—If the threshold is crossed, an alarm is generated.
-Delta—Subtracts the last sampled value from the current value. The
difference in the values is compared to the threshold. If the threshold was
crossed, an alarm is generated.
Rising Threshold—Enter the value that triggers the rising threshold alarm.
Rising Event—Select an event to be performed when a rising event is
triggered. Events are created in the Events page.
Falling Threshold—Enter the value that triggers the falling threshold alarm.
Falling Event—Select an event to be performed when a falling event is
triggered.
Startup Alarm—Select the first event from which to start generation of
alarms. Rising is defined by crossing the threshold from a low-value
threshold to a higher-value threshold.
-Rising Alarm—A rising value triggers the rising threshold alarm.
-Falling Alarm—A falling value triggers the falling threshold alarm.
-Rising and Falling—Both rising and falling values trigger the alarm.
Status and Statistics
Managing RMON
Cisco Small Business 300 Series Managed Switch Administration Guide 26
2
Interval—Enter the alarm interval time in seconds.
Owner—Enter the name of the user or network management system that
receives the alarm.
STEP 4 Click Apply. The RMON alarm is saved to the Running Configuration file.
Status and Statistics
Managing RMON
27 Cisco Small Business 300 Series Managed Switch Administration Guide
2
3
Cisco Small Business 300 Series Managed Switch Administration Guide 28
Administration: System Log
This section describes the System Log feature, which enables the device to
generate several independent logs. Each log is a set of messages describing
system events.
The device generates the following local logs:
Log sent to the console interface.
Log written into a cyclical list of logged events in the RAM and erased when
the device reboots.
Log written to a cyclical log-file saved to the Flash memory and persists
across reboots.
In addition, you can send messages to remote SYSLOG servers in the form of
SNMP traps and SYSLOG messages.
This section covers the following sections:
Setting System Log Settings
Setting Remote Logging Settings
Viewing Memory Logs
Setting System Log Settings
You can enable or disable logging on the Log Settings page, and select whether to
aggregate log messages.
You can select the events by severity level. Each log message has a severity level
marked with the first letter of the severity level concatenated with a dash (-) on
each side (except for Emergency that is indicated by the letter F). For example, the
log message "%INIT-I-InitCompleted: … " has a severity level of I, meaning
Informational.
Administration: System Log
Setting System Log Settings
29 Cisco Small Business 300 Series Managed Switch Administration Guide
3
The event severity levels are listed from the highest severity to the lowest severity,
as follows:
Emergency—System is not usable.
Alert—Action is needed.
Critical—System is in a critical condition.
Error—System is in error condition.
Warning—System warning has occurred.
Notice—System is functioning properly, but a system notice has occurred.
Informational—Device information.
Debug—Detailed information about an event.
You can select different severity levels for RAM and Flash logs. These logs are
displayed in the RAM Memory page and Flash Memory page, respectively.
Selecting a severity level to be stored in a log causes all of the higher severity
events to be automatically stored in the log. Lower severity events are not stored
in the log.
For example, if Warning is selected, all severity levels that are Warning and higher
are stored in the log (Emergency, Alert, Critical, Error, and Warning). No events with
severity level below Warning are stored (Notice, Informational, and Debug).
To set global log parameters:
STEP 1 Click Administration > System Log > Log Settings.
STEP 2 Enter the parameters.
Logging—Select to enable message logging.
Syslog Aggregator—Select to enable the aggregation of SYSLOG
messages and traps. If enabled, identical and contiguous SYSLOG
messages and traps are aggregated over the specified Max Aggregation
Time and sent in a single message. The aggregated messages are sent in
the order of their arrival. Each message states the number of times it was
aggregated.
Max Aggregation Time—Enter the interval of time that SYSLOG messages
are aggregated.
Administration: System Log
Setting Remote Logging Settings
Cisco Small Business 300 Series Managed Switch Administration Guide 30
3
Originator Identifier—Enables adding an origin identifier to SYSLOG
messages. The options are:
-None—Do not include the origin identifier in SYSLOG messages.
-Hostname—Include the system hostname in SYSLOG messages.
-IPv4 Address—Include the IPv4 address of the sending interface in
SYSLOG messages.
-IPv6 Address—Include the IPv6 address of the sending interface in
SYSLOG messages.
-User Defined—Enter a description to be included in SYSLOG messages.
RAM Memory Logging—Select the severity levels of the messages to be
logged to the RAM.
Flash Memory Logging—Select the severity levels of the messages to be
logged to the Flash memory.
STEP 3 Click Apply. The Running Configuration file is updated.
Setting Remote Logging Settings
The Remote Log Servers page enables defining remote SYSLOG servers where
log messages are sent (using the SYSLOG protocol). For each server, you can
configure the severity of the messages that it receives.
To d e f i n e SY S LO G s e r v e r s :
STEP 1 Click Administration > System Log > Remote Log Servers.
STEP 2 Click Add.
STEP 3 Enter the parameters.
Server Definition—Select whether to identify the remote log server by IP
address or name.
IP Version—Select the supported IP format.
IPv6 Address Type—Select the IPv6 address type (if IPv6 is used). The
options are:
Administration: System Log
Viewing Memory Logs
31 Cisco Small Business 300 Series Managed Switch Administration Guide
3
-Link LocalThe IPv6 address uniquely identifies hosts on a single
network link. A link local address has a prefix of FE80, is not routable, and
can be used for communication only on the local network. Only one link
local address is supported. If a link local address exists on the interface,
this entry replaces the address in the configuration.
-GlobalThe IPv6 address is a global Unicast IPV6 type that is visible and
reachable from other networks.
Link Local Interface—Select the link local interface (if IPv6 Address Type
Link Local is selected) from the list.
Log Server IP Address/Name—Enter the IP address or domain name of the
log server.
UDP Port—Enter the UDP port to which the log messages are sent.
Facility—Select a facility value from which system logs are sent to the
remote server. Only one facility value can be assigned to a server. If a second
facility code is assigned, the first facility value is overridden.
Description—Enter a server description.
Minimum Severity—Select the minimum level of system log messages to
be sent to the server.
STEP 4 Click Apply. The Add Remote Log Server page
closes, the SYSLOG server is
added, and the Running Configuration file is updated.
Viewing Memory Logs
The device can write to the following logs:
Log in RAM (cleared during reboot).
Log in Flash memory (cleared only upon user command).
You can configure the messages that are written to each log by severity, and a
message can go to more than one log, including logs that reside on external
SYSLOG servers.
Administration: System Log
Viewing Memory Logs
Cisco Small Business 300 Series Managed Switch Administration Guide 32
3
RAM Memory
The RAM Memory page
displays all messages that were saved in the RAM
(cache) in chronological order. Entries are stored in the RAM log according to the
configuration in the Log Settings page.
To view log entries, click Status and Statistics > View Log > RAM Memory.
The top of the page has a button that allows you to Disable Alert Icon Blinking.
Click to toggle between disable and enable.
This page contains the following fields:
Log Index—Log entry number.
Log TimeTime when message was generated.
Severity—Event severity.
Description—Message text describing the event.
To clear the log messages, click Clear Logs. The messages are cleared.
Flash Memory
The Flash Memory page
displays the messages that were stored in the Flash
memory, in chronological order. The minimum severity for logging is configured in
the Log Settings page. Flash logs remain when the device is rebooted. You can
clear the logs manually.
To view the Flash logs, click Status and Statistics > View Log > Flash Memory.
This page contains the following fields:
Log Index—Log entry number.
Log TimeTime when message was generated.
Severity—Event severity.
Description—Message text describing the event.
To clear the messages, click Clear Logs. The messages are cleared.
Administration: System Log
Viewing Memory Logs
33 Cisco Small Business 300 Series Managed Switch Administration Guide
3
4
Cisco Small Business 300 Series Managed Switch Administration Guide 34
Administration: File Management
This section describes how system files are managed.
The following topics are covered:
System Files
Upgrade/Backup Firmware/Language
Active Image
Download/Backup Configuration/Log
Configuration Files Properties
Copy/Save Configuration
DHCP Auto Configuration
System Files
System files are files that contain configuration information, firmware images or
boot code.
Various actions can be performed with these files, such as: selecting the firmware
file from which the device boots, copying various types of configuration files
internally on the device, or copying files to or from an external device, such as an
external server.
The possible methods of file transfer are:
Internal copy.
HTTP/HTTPS that uses the facilities that the browser provides.
TFTF/SCP client, requiring a TFTP/SCP server.
Administration: File Management
System Files
35 Cisco Small Business 300 Series Managed Switch Administration Guide
4
Configuration files on the device are defined by their type, and contain the
settings and parameter values for the device.
When a configuration is referenced on the device, it is referenced by its
configuration file type (such as Startup Configuration or Running Configuration),
as opposed to a file name that can be modified by the user.
Content can be copied from one configuration file type to another, but the names
of the file types cannot be changed by the user.
Other files on the device include firmware, boot code, and log files, and are
referred to as operational files.
The configuration files are text files and can be edited in a text editor, such as
Notepad after they are copied to an external device, such as a PC.
Files and File Types
The following types of configuration and operational files are found on the device:
Running Configuration—Contains the parameters currently being used by
the device to operate. This is the only file type that is modified when you
change parameter values on the device.
If the device is rebooted, the Running Configuration is lost. The Startup
Configuration, stored in Flash, overwrites the Running Configuration, stored
in RAM.
To preserve any changes you made to the device, you must save the
Running Configuration to the Startup Configuration, or another file type.
Startup ConfigurationThe parameter values that were saved by copying
another configuration (usually the Running Configuration) to the Startup
Configuration.
The Startup Configuration is retained in Flash and is preserved when the
device is rebooted. At this time, the Startup Configuration is copied to RAM
and identified as the Running Configuration.
Mirror Configuration—A copy of the Startup Configuration, created by the
device when the following conditions exist:
-The device has been operating continuously for 24 hours.
-No configuration changes have been made to the Running Configuration
in the previous 24 hours.
-The Startup Configuration is identical to the Running Configuration.
Administration: File Management
System Files
Cisco Small Business 300 Series Managed Switch Administration Guide 36
4
Only the system can copy the Startup Configuration to the Mirror
Configuration. However, you can copy from the Mirror Configuration to other
file types or to another device.
The option of automatically copying the Running Configuration to the mirror
configuration can be disabled in the Configuration Files Properties page.
Backup Configuration—A manual copy of a configuration file used for
protection against system shutdown or for the maintenance of a specific
operating state. You can copy the Mirror Configuration, Startup
Configuration, or Running Configuration to a Backup Configuration file. The
Backup Configuration exists in Flash and is preserved if the device is
rebooted.
FirmwareThe program that controls the operations and functionality of
the device. More commonly referred to as the image.
Boot Code—Controls the basic system startup and launches the firmware
image.
Language FileThe dictionary that enables the web-based configuration
utility windows to be displayed in the selected language.
Flash Log—SYSLOG messages stored in Flash memory.
File Actions
The following actions can be performed to manage firmware and configuration
files:
Upgrade the firmware or boot code, or replace a second language, as
described in Upgrade/Backup Firmware/Language section.
View the firmware image currently in use or select the image to be used in
the next reboot as described in the Active Image section.
Save configuration files on the device to a location on another device as
described in the Download/Backup Configuration/Log section.
Clear the Startup Configuration or Backup Configuration file types as
described in the Configuration Files Properties section.
Copy one configuration file type to another configuration file type as
described in the Copy/Save Configuration section.
Enable automatically uploading a configuration file from a DHCP server to
the device, as described in the DHCP Auto Configuration section.
Administration: File Management
Upgrade/Backup Firmware/Language
37 Cisco Small Business 300 Series Managed Switch Administration Guide
4
This section covers the following topics:
Upgrade/Backup Firmware/Language
Active Image
Download/Backup Configuration/Log
Configuration Files Properties
Copy/Save Configuration
DHCP Auto Configuration
Upgrade/Backup Firmware/Language
The Upgrade/Backup Firmware/Language process can be used to:
Upgrade or backup the firmware image.
Upgrade or backup the boot code.
Import or upgrade a second language file.
The following methods for transferring files are supported:
HTTP/HTTPS that uses the facilities provided by the browser
TFTP that requires a TFTP server
Secure Copy Protocol (SCP) that requires an SCP server
If a new language file was loaded onto the device, the new language can be
selected from the drop-down menu. (It is not necessary to reboot the device).
There are two firmware images stored on the device. One of the images is
identified as the active image and other image is identified as the inactive image.
When you upgrade the firmware, the new image always replaces the image
identified as the inactive image.
Even after uploading new firmware on the device, the device continues to boot by
using the active image (the old version) until you change the status of the new
image to be the active image by using the procedure in the Active Image section.
Then boot the device.
Administration: File Management
Upgrade/Backup Firmware/Language
Cisco Small Business 300 Series Managed Switch Administration Guide 38
4
Upgrade/Backing Firmware or Language File
To upgrade or backup a software image or language file:
STEP 1 Click Administration > File Management > Upgrade/Backup Firmware/
Language.
STEP 2 Click the Transfer Method. Proceed as follows:
If you selected TFTP, go to STEP 3.
If you selected via HTTP/HTTPS, go to STEP 4.
If you selected via SCP, go to STEP 5.
STEP 3 If you selected via TFTP, enter the parameters as described in this step.
Otherwise, skip to STEP 4.
Select one of the following Save Actions:
Upgrade—Specifies that the file type on the device is to be replaced with a
new version of that file type located on a TFTP server.
Backup—Specifies that a copy of the file type is to be saved to a file on
another device.
Enter the following fields:
File Type—Select the destination file type. Only valid file types are shown.
(The file types are described in the Files and File Types section).
TFTP Server Definition—Select whether to specify the TFTP server by IP
address or domain name.
IP Version—Select whether an IPv4 or an IPv6 address is used.
IPv6 Address Type—Select the IPv6 address type (if IPv6 is used). The
options are:
-Link LocalThe IPv6 address uniquely identifies hosts on a single
network link. A link local address has a prefix of FE80, is not routable, and
can be used for communication only on the local network. Only one link
local address is supported. If a link local address exists on the interface,
this entry replaces the address in the configuration.
-GlobalThe IPv6 address is a global Unicast IPV6 type that is visible and
reachable from other networks.
Administration: File Management
Upgrade/Backup Firmware/Language
39 Cisco Small Business 300 Series Managed Switch Administration Guide
4
Link Local Interface—Select the link local interface (if IPv6 is used) from the
list.
TFTP Server IP Address/Name—Enter the IP address or the domain name
of the TFTP server.
(For Upgrade) Source File Name—Enter the name of the source file.
(For Backup) Destination File Name—Enter the name of the backup file.
STEP 4 If you selected via HTTP/HTTPS, you can only Upgrade. Enter the parameters as
described in this step.
File Type—Select one of the following file types:
-Firmware Image—Select this to upgrade the firmware image.
-Language—Select this to upgrade the language file.
File Name—Click Browse to select a file or enter the path and source file
name to be used in the transfer.
STEP 5 If you selected via SCP (Over SSH), see SSH Client Authentication for
instructions. Then, enter the following fields: (only unique fields are described, for
non-unique fields, see the descriptions above)
Remote SSH Server AuthenticationTo enable SSH server authentication
(which is disabled by default), click Edit. This takes you to the SSH Server
Authentication page to configure the SSH server, and return to this page.
Use the SSH Server Authentication page to select an SSH user
authentication method (password or public/private key), set a username and
password on the device (if the password method is selected), and generate
an RSA or DSA key if required.
SSH Client Authentication—Client authentication can be done in one of the
following ways:
Use SSH Client System Credentials—Sets permanent SSH user
credentials. Click System Credentials to go to the SSH User Authentication
page where the user/password can be set once for all future use.
Use SSH Client One-Time Credentials—Enter the following:
-Username—Enter a username for this copy action.
-Password—Enter a password for this copy.
NOTE The username and password for one-time credential will not saved in
configuration file.
Administration: File Management
Upgrade/Backup Firmware/Language
Cisco Small Business 300 Series Managed Switch Administration Guide 40
4
Select one of the following Save Actions:
Upgrade—Specifies that the file type on the device is to be replaced with a
new version of that file type located on a TFTP server.
Backup—Specifies that a copy of the file type is to be saved to a file on
another device.
Enter the following fields:
File Type—Select the destination file type. Only valid file types are shown.
(The file types are described in the Files and File Types section).
SCP Server Definition—Select whether to specify the SCP server by IP
address or by domain name.
IP Version—Select whether an IPv4 or an IPv6 address is used.
IPv6 Address Type—Select the IPv6 address type (if used). The options
are:
-Link LocalThe IPv6 address uniquely identifies hosts on a single
network link. A link local address has a prefix of FE80, is not routable, and
can be used for communication only on the local network. Only one link
local address is supported. If a link local address exists on the interface,
this entry replaces the address in the configuration.
-GlobalThe IPv6 address is a global Unicast IPv6 type that is visible and
reachable from other networks.
Link-Local Interface—Select the link local interface from the list.
SCP Server IP Address/Name—Enter the IP address or domain name of
the SCP server.
(For Upgrade) Source File Name—Enter the name of the source file.
(For Backup) Destination File Name—Enter the name of the backup file.
STEP 6 Click Apply. If the files, passwords and server addresses are correct, one of the
following may happen:
If SSH server authentication is enabled (in the SSH Server Authentication
page), and the SCP server is trusted, the operation succeeds. If the SCP
server is not trusted, the operation fails and an error is displayed.
Administration: File Management
Active Image
41 Cisco Small Business 300 Series Managed Switch Administration Guide
4
If SSH server authentication is not enabled, the operation succeeds for any
SCP server.
Active Image
There are two firmware images stored on the device. One of the images is
identified as the active image and other image is identified as the inactive image.
The device boots from the image you set as the active image. You can change the
image identified as the inactive image to the active image. (You can reboot the
device by using the process described in the Rebooting the Device section).
To select the active image:
STEP 1 Click Administration > File Management > Active Image.
The page displays the following:
Active Image—Displays the image file that is currently active on the device.
Active Image Version Number—Displays the firmware version of the active
image.
Active Image After Reboot—Displays the image that is active after reboot.
Active Image Version Number After Reboot—Displays the firmware
version of the active image as it be after reboot.
STEP 2 Select the image from the Active Image After Reboot menu to identify the
firmware image that is used as the active image after the device is rebooted. The
Active Image Version Number After Reboot displays the firmware version of the
active image that is used after the device is rebooted.
STEP 3 Click Apply. The active image selection is updated.
Download/Backup Configuration/Log
The Download/Backup Configuration/Log page enables:
Backing up configuration files or logs from the device to an external device.
Administration: File Management
Download/Backup Configuration/Log
Cisco Small Business 300 Series Managed Switch Administration Guide 42
4
Restoring configuration files from an external device to the device.
When restoring a configuration file to the Running Configuration, the imported file
adds any configuration commands that did not exist in the old file and overwrites
any parameter values in the existing configuration commands.
When restoring a configuration file to the Startup Configuration or a backup
configuration file, the new file replaces the previous file.
When restoring to Startup Configuration, the device must be rebooted for the
restored Startup Configuration to be used as the Running Configuration. You can
reboot the device by using the process described in the Rebooting the Device
section.
Configuration File Backwards Compatibility
When restoring configuration files from an external device to the device, the
following compatibility issues might arise:
Change Queues Mode from 4 to 8—Queue-related configurations must be
examined and adjusted to meet QoS objectives with the new Queues
mode. See the CLI Reference Guide for a listing of these QoS commands.
Change Queues Mode from 8 to 4—Queue-related configuration
commands that conflict with the new Queues mode are rejected, meaning
that the download of the configuration file fails. Use the System Mode and
Stack Management page to change the Queues mode.
Change the System Mode—If the System mode is contained in a
configuration file that is downloaded to the device, and the file's System
mode matches the current System mode, this information is ignored.
Otherwise, if the System mode is changed, the following cases are
possible:
-If the configuration file is downloaded onto the device (using the
Download/Backup Configuration/Log page), the operation is aborted,
and a message is displayed indicating that the System mode must be
changed in the System Mode and Stack Management page.
-If the configuration file is downloaded during an automatic configuration
process, the Startup Configuration file is deleted and the device reboots
automatically in the new System mode. The device is configured with an
empty configuration file. See DHCP Auto Configuration.
See Configuration After Reboot for a description of what happens when
the stacking modes are changed.
Administration: File Management
Download/Backup Configuration/Log
43 Cisco Small Business 300 Series Managed Switch Administration Guide
4
Downloading or Backing-up a Configuration or Log File
To backup or restore the system configuration file:
STEP 1 Click Administration > File Management > Download/Backup Configuration/
Log.
STEP 2 Select the Transfer Method.
STEP 3 If you selected via TFTP, enter the parameters. Otherwise, skip to STEP 4.
Select either Download or Backup as the Save Action.
Download Save Action—Specifies that the file on another device replaces a file
type on the device. Enter the following fields:
a. Server Definition—Select whether to specify the TFTP server by IP address
or by domain name.
b. IP Version—Select whether an IPv4 or an IPv6 address is used.
NOTE If the server is selected by name in the Server Definition, there is no
need to select the IP Version related options.
c. IPv6 Address Type—Select the IPv6 address type (if used). The options are:
-Link LocalThe IPv6 address uniquely identifies hosts on a single
network link. A link local address has a prefix of FE80, is not routable, and
can be used for communication only on the local network. Only one link
local address is supported. If a link local address exists on the interface,
this entry replaces the address in the configuration.
-GlobalThe IPv6 address is a global Unicast IPV6 type that is visible and
reachable from other networks.
d. Link-Local Interface—Select the link local interface from the list.
e. TFTP Server—Enter the IP address of the TFTP server.
f. Source File Name—Enter the source file name. File names cannot contain
slashes (\ or /), cannot start with a period (.), and must include between 1 and
160 characters. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”).
g. Destination File Type—Enter the destination configuration file type. Only valid
file types are displayed. (The file types are described in the Files and File
Types section).
Administration: File Management
Download/Backup Configuration/Log
Cisco Small Business 300 Series Managed Switch Administration Guide 44
4
Backup Save Action—Specifies that a file type is to be copied to a file on another
device. Enter the following fields:
a. Server Definition—Select whether to specify the TFTP server by IP address
or by domain name.
b. IP Version—Select whether an IPv4 or an IPv6 address is used.
c. IPv6 Address Type—Select the IPv6 address type (if used). The options are:
Link LocalThe IPv6 address uniquely identifies hosts on a single network
link. A link local address has a prefix of FE80, is not routable, and can be used
for communication only on the local network. Only one link local address is
supported. If a link local address exists on the interface, this entry replaces
the address in the configuration.
GlobalThe IPv6 address is a global Unicast IPV6 type that is visible and
reachable from other networks.
d. Link-Local Interface—Select the link local interface from the list.
e. TFTP Server IP Address/Name—Enter the IP address or domain name of the
TFTP server.
f. Source File Type—Enter the source configuration file type. Only valid file
types are displayed. (The file types are described in the Files and File Types
section).
g. Sensitive Data—Select how sensitive data should be included in the backup
file. The following options are available:
-Exclude—Do not include sensitive data in the backup.
-Encrypted—Include sensitive data in the backup in its encrypted form.
-Plaintext—Include sensitive data in the backup in its plaintext form.
NOTE The available sensitive data options are determined by the current
user SSD rules. For details, refer to Secure Sensitive Data Management >
SSD Rules page.
h. Destination File Name—Enter the destination file name. File names cannot
contain slashes (\ or /), the leading letter of the file name must not be a period
(.), and the file name must be between 1 and 160 characters. (Valid characters:
A-Z, a-z, 0-9, “.”, “-”, “_”).
i. Click Apply. The file is upgraded or backed up.
Administration: File Management
Download/Backup Configuration/Log
45 Cisco Small Business 300 Series Managed Switch Administration Guide
4
STEP 4 If you selected via HTTP/HTTPS, enter the parameters as described in this step.
Select the Save Action.
If Save Action is Download (replacing the file on the device with a new version
from another device), do the following. Otherwise, go to the next procedure in this
step.
a. Source File Name—Click Browse to select a file or enter the path and source
file name to be used in the transfer.
b. Destination File Type—Select the configuration file type. Only valid file types
are displayed. (The file types are described in the Files and File Types
section).
c. Click Apply. The file is transferred from the other device to the device.
If Save Action is Backup (copying a file to another device), do the following:
a. Source File Type—Select the configuration file type. Only valid file types are
displayed. (The file types are described in the Files and File Types section).
b. Sensitive Data—Select how sensitive data should be included in the backup
file. The following options are available:
-Exclude—Do not include sensitive data in the backup.
-Encrypted—Include sensitive data in the backup in its encrypted form.
-Plaintext—Include sensitive data in the backup in its plaintext form.
NOTE The available sensitive data options are determined by the current
user SSD rules. For details, refer to Secure Sensitive Data Management >
SSD Rules page.
c. Click Apply. The file is upgraded or backed up.
STEP 5 If you selected via SCP (Over SSH), see SSH Client Configuration Through the
GUI for instructions. Then enter the following fields:
Remote SSH Server AuthenticationTo enable SSH server authentication
(it is disabled by default), click Edit, which takes you to the SSH Server
Authentication page to configure this, and return to this page. Use the SSH
Server Authentication page to select an SSH user authentication method
(password or public/private key), set a username and password on the
device, if the password method is selected, and generate an RSA or DSA
key if required.
Administration: File Management
Download/Backup Configuration/Log
Cisco Small Business 300 Series Managed Switch Administration Guide 46
4
SSH Client Authentication—Client authentication can be done in one of the
following ways:
Use SSH Client—Sets permanent SSH user credentials. Click System
Credentials to go to the SSH User Authentication page where the user/
password can be set once for all future use.
Use SSH Client One-Time Credentials—Enter the following:
-Username—Enter a username for this copy action.
-Password—Enter a password for this copy.
SCP Server Definition—Select whether to specify the TFTP server by IP
address or by domain name.
IP Version—Select whether an IPv4 or an IPv6 address is used.
IPv6 Address Type—Select the IPv6 address type (if used). The options
are:
-Link LocalThe IPv6 address uniquely identifies hosts on a single
network link. A link local address has a prefix of FE80, is not routable, and
can be used for communication only on the local network. Only one link
local address is supported. If a link local address exists on the interface,
this entry replaces the address in the configuration.
-GlobalThe IPv6 address is a global Unicast IPV6 type that is visible and
reachable from other networks.
Link-Local Interface—Select the link local interface from the list.
SCP Server IP Address/Name—Enter the IP address or domain name of
the TFTP server.
If Save Action is Download (replacing the file on the device with a new version
from another device), enter the following fields.
Source File Name—Enter the name of the source file.
Destination File Type—Select the configuration file type. Only valid file
types are displayed. (The file types are described in the Files and File
Types section).
Administration: File Management
Configuration Files Properties
47 Cisco Small Business 300 Series Managed Switch Administration Guide
4
If Save Action is Backup (copying a file to another device), enter the following
fields (in addition to those fields listed above):
Source File Type—Select the configuration file type. Only valid file types
are displayed. (The file types are described in the Files and File Types
section).
Sensitive Data—Select how sensitive data should be included in the
backup file. The following options are available:
-Exclude—Do not include sensitive data in the backup.
-Encrypted—Include sensitive data in the backup in its encrypted form.
-Plaintext—Include sensitive data in the backup in its plaintext form.
NOTE The available sensitive data options are determined by the current
user SSD rules. For details, refer to Secure Sensitive Data Management >
SSD Rules page.
Destination File Name—Name of file being copied to.
STEP 6 Click Apply. The file is upgraded or backed up.
Configuration Files Properties
The Configuration Files Properties page allows you to see when various system
configuration files were created. It also enables deleting the Startup Configuration
and Backup Configuration files. You cannot delete the other configuration file
types.
ITo set whether mirror configuration files will be created, clear configuration files
and see when configuration files were created:
STEP 1 Click Administration > File Management > Configuration Files Properties.
STEP 2 If required, disable Auto Mirror Configuration. This disables the automatic
creation of mirror configuration files. When disabling this feature, the mirror
configuration file, if it exists, is deleted. See System Files for a description of
mirror files and why you might not want to automatically create mirror
configuration files.
Administration: File Management
Copy/Save Configuration
Cisco Small Business 300 Series Managed Switch Administration Guide 48
4
STEP 3 If required, select either the Startup Configuration, Backup Configuration or both
and click Clear Files to delete these files.
This page provides the following fields:
Configuration File Name—Displays the type of file.
Creation Time—Displays the date and time that file was modified.
Copy/Save Configuration
When you click Apply on any window, changes that you made to the device
configuration settings are stored only in the Running Configuration. To preserve
the parameters in the Running Configuration, the Running Configuration must be
copied to another configuration type or saved on another device.
!
CAUTION Unless the Running Configuration is copied to the Startup Configuration or another
configuration file, all changes made since the last time the file was copied are lost
when the device is rebooted.
The following combinations of copying internal file types are allowed:
From the Running Configuration to the Startup Configuration or Backup
Configuration.
From the Startup Configuration to the Running Configuration, Startup
Configuration or Backup Configuration.
From the Backup Configuration to the Running Configuration, Startup
Configuration or Backup Configuration.
From the Mirror Configuration to the Running Configuration, Startup
Configuration or Backup Configuration.
To copy one type of configuration file to another type of configuration file:
STEP 1 Click Administration > File Management > Copy/Save Configuration.
STEP 2 Select the Source File Name to be copied. Only valid file types are displayed
(described in the Files and File Types section).
Administration: File Management
DHCP Auto Configuration
49 Cisco Small Business 300 Series Managed Switch Administration Guide
4
STEP 3 Select the Destination File Name to be overwritten by the source file.
If you are backing up a configuration file, select one of the following formats
for the backup file.
-Exclude—Sensitive data is not included in the backup file.
-Encrypted—Sensitive data is included in the backup file in encrypted
form.
-Plaintext—Sensitive data is included in the backup file in plain text.
NOTE The available sensitive data options are determined by the current
user SSD rules. For details, refer to Secure Sensitive Data Management >
SSD Rules page.
STEP 4 The Save Icon Blinking field indicates whether an icon blinks when there is
unsaved data. To disable/enable this feature, click Disable/Enable Save Icon
Blinking.
STEP 5 Click Apply. The file is copied.
DHCP Auto Configuration
Auto configuration enables passing configuration information to hosts on a TCP/IP
network. Based on this protocol, the Auto Configuration feature enables a device
to download configuration files from a TFTP/SCP server.
The device can be configured as a DHCPv4 client in which auto configuration from
a DHCPv4 server is supported and/or a DHCPv6 client in which auto configuration
from a DHCPv6 server is supported.
By default, the device is enabled as a DHCP client when the Auto Configuration
feature is enabled.
The Auto Configuration process also supports downloading a configuration file
that includes sensitive information, such as RADIUS server keys and SSH/SSL
keys, by using the Secured Copy Protocol (SCP) and the Secure Sensitive Data
(SSD) feature (See Security: Secure Sensitive Data Management).
DHCPv4 Auto Configuration is triggered in the following cases:
Administration: File Management
DHCP Auto Configuration
Cisco Small Business 300 Series Managed Switch Administration Guide 50
4
After reboot when an IP address is allocated or renewed dynamically (using
DHCPv4).
Upon an explicit DHCPv4 renewal request and if the device and the server
are configured to do so.
Upon automatic renewal of the DHCPv4 lease.
DHCPv6 Auto Configuration is triggered when the following conditions are fulfilled:
When a DHCPv6 server sends information to the device. This occurs in the
following cases:
-When an interface, which is IPv6 enabled, is defined as a DHCPv6
stateless configuration client.
-When DHCPv6 messages are received from the server (for example,
when you press the Restart button on IPv6 Interfaces page,
-When DHCPv6 information is refreshed by the device.
-After rebooting the device when stateless DHCPv6 client is enabled.
When the DHCPv6 server packets contain the configuration filename
option.
DHCP Server Options
DHCP messages might contain the configuration server name/address and the
configuration file name/path (these are optional options). These options are found
in the Offer message coming from the DHCPv4 servers and in the Information
Reply messages coming from DHCPv6 servers.
Backup information (configuration server name/address and configuration file
name/path) can be configured in the Auto Configuration page. This information is
used when the DHCPv4 message does not contain this information (but it is not
used by DHCPv6).
Auto Configuration Download Protocol (TFTP or SCP)
The Auto Configuration download protocol can be configured, as follows:
Auto By File Extension—(Default) If this option is selected, a user-defined
file extension indicates that files with this extension are downloaded using
SCP (over SSH), while files with other extensions are downloaded using
TFTP. For example, if the file extension specified is.xyz, files with the .xyz
Administration: File Management
DHCP Auto Configuration
51 Cisco Small Business 300 Series Managed Switch Administration Guide
4
extension are downloaded using SCP, and files with the other extensions
are downloaded using TFTP.
TFTP OnlyThe download is done through TFTP regardless of the file
extension of the configuration file name.
SCP OnlyThe download is done through SCP (over SSH) regardless of
the file extension of the configuration file name.
SSH Client Authentication Parameters
By default, remote SSH server authentication is disabled, so that the device
accepts any remote SSH server out of the box. You can enable remote SSH server
authentication to only allow connections from servers found in the trusted server
list.
SSH Client Authentication parameters are required to access the SSH server by
the client (which is the device). The default SSH Client authentication parameters
are:
SSH Authentication method: by username/password
SSH username: anonymous
SSH password: anonymous
NOTE The SSH Client authentication parameters can also be used when downloading a
file for manual download (a download that is not performed through the DHCP Auto
Configuration feature).
Auto Configuration Process
When the Auto Configuration process is triggered, the following sequence of
events occurs:
The DHCP server is accessed to acquire the TFTP/SCP server name/
address and configuration file name/path (DHCPv4 options: 66,150, and 67,
DHCPv6 options: 59 and 60).
If a server and configuration file options were not supplied by the DHCP
server, then:
-For DHCPv4: The user-defined, backup configuration file name is used.
-For DHCPv6: The process is halted.
Administration: File Management
DHCP Auto Configuration
Cisco Small Business 300 Series Managed Switch Administration Guide 52
4
If the DHCP server did not send these options and the backup TFTP/SCP
server address parameter is empty then:
-For DHCPv4:
SCPThe Auto Configuration process is halted.
TFTPThe device sends TFTP Request messages to a limited
Broadcast address (for IPv4) or ALL NODES address (for IPv6) on its IP
interfaces and continues the process of Auto Configuration with the first
answering TFTP server.
-For DHCPv6: The Auto Configuration process is halted.
If the configuration filename was supplied by the DHCP server (DHCPv4:
option 67, DHCPv6: option 60), then the copy protocol (SCP/TFTP) is
selected as described in Auto Configuration Download Protocol (TFTP or
SCP).
When downloading using SCP, the device accepts any specified SCP/SSH
server (without authentication) if either of the following is true:
-The SSH server authentication process is disabled. Note that by default
the SSH server authentication is disabled in order to allow downloading
configuration file for devices with factory default configuration (for
example out-of-box devices).
-The SSH Server is configured in the SSH Trusted Servers list.
If the SSH server authentication process is enabled, and the SSH server is
not found in the SSH Trusted Servers list, the Auto Configuration process is
halted.
If the information is available, the TFTP/SCP server is accessed to download
the file from it.
The download process is done only if the new configuration filename is
different from the current configuration filename (even if the current
configuration file is empty).
A SYSLOG message is generated acknowledging that the Auto
Configuration process is completed.
Administration: File Management
DHCP Auto Configuration
53 Cisco Small Business 300 Series Managed Switch Administration Guide
4
Configuring DHCP Auto Configuration
Workflow
To configure DHCP Auto Configuration.
1. Configure the DHCPv4 and/or DHCPv6 servers to send the required options.
this process is not described in this guide.
2. Configure Auto Configuration parameters.
3. Define the device as a DHCPv4 client in the Defining an IPv4 Interface in Layer
2 System Mode or Defining IPv4 Interface in Layer 3 System Mode pages,
and/or define the device as a DHCPv6 client in the IPv6 Interface page.
Web Configuration
The DHCP Auto Configuration page is used to perform the following actions when
the information is not provided in a DHCP message:
Enable the DHCP auto configuration feature.
Specify the download protocol.
Configure the device to receive configuration information from a specific file
on a specific server.
Note the following regarding the DHCP auto configuration process:
A configuration file that is placed on the TFTP/SCP server must match the
form and format requirements of the supported configuration file. The form
and format of the file are checked, but the validity of the configuration
parameters is not checked prior to loading it to the Startup Configuration.
In IPv4, to ensure that the device configuration functions as intended, due to
allocation of different IP addresses with each DHCP renew cycle, it is
recommended that IP addresses be bound to MAC addresses in the DHCP
server table. This ensures that each device has its own reserved IP address
and other relevant information.
To configure auto configuration:
STEP 1 Click Administration > File Management > DHCP Auto Configuration.
STEP 2 Enter the values.
Auto Configuration Via DHCP—Select this field to enable DHCP Auto
Configuration. This feature is enabled by default, but can be disabled here.
Administration: File Management
DHCP Auto Configuration
Cisco Small Business 300 Series Managed Switch Administration Guide 54
4
Download Protocol—Select one of the following options:
-
Auto By File Extension
—Select to indicate that auto configuration uses
the TFTP or SCP protocol depending on the extension of the
configuration file. If this option is selected, the extension of the
configuration file does not necessarily have to be given. If it is not given,
the default extension is used (as indicated below).
-
File Extension for SCP
—If Auto By File Extension is selected, you can
indicate a file extension here. Any file with this extension is downloaded
using SCP. If no extension is entered, the default file extension.scp is
used.
-
TFTP Only
—Select to indicate that only the TFTP protocol is to be used
for auto configuration.
-
SCP Only
Select to indicate that only the SCP protocol is to be used for
auto configuration.
SSH Settings for SCPWhen using SCP for downloading the configuration
files, select one of the following options:
-
Remote SSH Server Authentication
—Click on the Enable/Disable link to
navigate to the SSH Server Authentication page. There you can enable
authentication of the SSH server to be used for the download and enter
the trusted SSH server if required.
-
SSH Client Authentication
—Click on the System Credentials link to enter
user credentials in the SSH User Authentication page.
STEP 3 Enter the following optional information to be used if no configuration file name
was received from the DHCP server.
Backup Server Definition—Select By IP address or By name to configure
the server.
IP Version—Select whether an IPv4 or an IPv6 address is used.
IPv6 Address Type—Select the IPv6 address type (if IPv6 is used). The
options are:
-Link LocalThe IPv6 address uniquely identifies hosts on a single
network link. A link local address has a prefix of FE80, is not routable, and
can be used for communication only on the local network. Only one link
local address is supported. If a link local address exists on the interface,
this entry replaces the address in the configuration.
Administration: File Management
DHCP Auto Configuration
55 Cisco Small Business 300 Series Managed Switch Administration Guide
4
-GlobalThe IPv6 address is a global Unicast IPV6 type that is visible and
reachable from other networks.
Link Local Interface—Select the link local interface (if IPv6 is used) from the
list.
Backup Server IP Address/NameEnter the IP address or the name of the
server to be used if no server IP address was specified in the DHCP
message.
Backup Configuration File Name—Enter the path and file name of the file to
be used if no configuration file name was specified in the DHCP message.
STEP 4 Click Apply. The parameters are copied to the Running Configuration file.
5
Cisco Small Business 300 Series Managed Switch Administration Guide 56
Administration: General Information
This section describes how to view system information and configure various
options on the device.
It covers the following topics:
Device Models
System Information
Console Settings (Autobaud Rate Support)Rebooting the Device
Routing Resources
Monitoring Fan Status
Defining Idle Session Timeout
Pinging a Host
Traceroute
Device Models
All models can be fully managed through the web-based switch configuration
utility.
In Layer 2 system mode, the device forwards packets as a VLAN-aware bridge. In
Layer 3 system mode, the device performs both IPv4 routing and VLAN-aware
bridging.
When the device operates in Layer 3 system mode, the VLAN Rate Limit, and QoS
policers are not operational. Other QoS Advanced mode features are operational.
NOTE The following port conventions are used:
GE is used for Gigabit Ethernet (10/100/1000) ports.
Administration: General Information
Device Models
57 Cisco Small Business 300 Series Managed Switch Administration Guide
5
FE is used for Fast Ethernet (10/100) ports.
The following table describes the various models, the number and type of ports
on them and their PoE information.
Managed Switch Models
Model
Name
Product ID
(PID)
Description of Ports on Device Power
Dedicated
to PoE
No. of
Ports that
Support
PoE
SG300-10 SRW2008-K9 8 GE ports, and 2 special-purpose combo ports
(GE/SFP)
SG300-
10MP
SRW2008MP
-K9
8 GE ports, and 2 special-purpose combo ports
(GE/SFP)
124W 8
SG300-
10P
SRW2008P-
K9
8 GE ports, and 2 special-purpose combo ports
(GE/SFP)
62W 8
SG300-20 SRW2016-K9 16 GE ports, and 4 special purpose ports - 2
uplinks and 2 combo ports
N/A N/A
SG300-28 SRW2024-K9 24 GE ports, and 4 special-purpose ports - 2
uplinks and 2 combo-ports
N/A N/A
SG300-
28P
SRW2024P-
K9
24 GE ports, and 4 special-purpose ports - 2
uplinks and 2 combo-ports.
180W 24
SG300-52 SRW2048-K9 48 GE ports, and 4 special-purpose ports - 2
uplinks and 2 combo-ports
N/A N/A
SF300-08 SRW208-K9 8 FE ports. N/A N/A
SF302-08 SRW208G-
K9
8 FE ports plus 2 GE ports N/A N/A
SF302-
08MP
SRW208MP-
K9
8 FE ports plus 2 GE ports 124W 8
SF302-
08P
SRW208P-K9 8 FE ports plus 2 GE ports 62W 8
SF300-24 SRW224G4-
K9
24 FE ports plus 4 GE special-purpose ports - 2
uplinks and 2 combo-ports.
N/A N/A
SF300-
24P
SRW224G4P
-K9
24 FE ports plus 4 GE special-purpose ports - 2
uplinks and 2 combo-ports.
180W 24
Administration: General Information
System Information
Cisco Small Business 300 Series Managed Switch Administration Guide 58
5
System Information
The System Summary page provides a graphic view of the device, and displays
device status, hardware information, firmware version information, general PoE
status, and other items.
Displaying the System Summary
To view system information, click Status and Statistics > System Summary.
The System Summary page contains system and hardware information.
SF300-48 SRW248G4-
K9
48 FE ports plus 4 GE special-purpose ports - 2
uplinks and 2 combo-ports
N/A N/A
SF300-
48P
SRW248G4P
-K9
48 FE ports plus 4 GE special-purpose ports - 2
uplinks and 2 combo-ports
375W 48
SG300-
52MP
SG300-
52MP-K9
52-Port Gigabit PoE Managed Switch 740W 48
SG300-
10SFP
SG300-
10SFP-K9
10-Port Gigabit Managed SFP Switch N/A N/A
ESW2-
350G-52
ESW2-350G-
52-K9
52-Port Gigabit Managed Switch N/A N/A
ESW2-
350G-
52DC
ESW2-350G-
52DC-K9
52-Port Gigabit Managed Switch N/A N/A
SF300-
24MP
SF300-24M-
K9
24-Port 10/100 PoE Managed Switch 375W 24
SG300-
28MP
SRW2024P-
K9
28-Port Gigabit PoE Managed Switch 375W 24
Managed Switch Models (Continued)
Model
Name
Product ID
(PID)
Description of Ports on Device Power
Dedicated
to PoE
No. of
Ports that
Support
PoE
Administration: General Information
System Information
59 Cisco Small Business 300 Series Managed Switch Administration Guide
5
System Information:
System Description—A description of the system.
System Location—Physical location of the device. Click Edit to go the
System Settings page to enter this value.
System Contact—Name of a contact person. Click Edit to go the System
Settings page to enter this value.
Host Name—Name of the device. Click Edit to go the System Settings
page to enter this value. By default, the device hostname is composed of
the word device concatenated with the three least significant bytes of the
device MAC address (the six furthest right hexadecimal digits).
System UptimeTime that has elapsed since the last reboot.
Current Time—Current system time.
Base MAC Address—Device MAC address.
Jumbo Frames—Jumbo frame support status. This support can be enabled
or disabled by using the Port Settings page of the Port Management menu.
NOTE Jumbo frames support takes effect only after it is enabled, and after
the device is rebooted.
TCP/UDP Services Status:
HTTP Service—Displays whether HTTP is enabled/disabled.
HTTPS Service—Displays whether HTTPS is enabled/disabled.
SNMP Service—Displays whether SNMP is enabled/disabled.
Telnet S er vic e—Displays whether Telnet is enabled/disabled.
SSH Service—Displays whether SSH is enabled/disabled.
Other Summary Information:
Model Description—Device model description.
Serial Number—Serial number.
PID VID—Part number and version ID.
Administration: General Information
System Information
Cisco Small Business 300 Series Managed Switch Administration Guide 60
5
Firmware Version (Active Image)—Firmware version number of the active
image.
Firmware MD5 Checksum (Active Image)—MD5 checksum of the active
image.
Firmware Version (Non-active Image)—Firmware version number of the
non-active image.
Firmware MD5 Checksum (Non-active Image)—MD5 checksum of the
non-active image.
Boot Version—Boot version number.
Boot MD5 Checksum—MD5 checksum of the boot version.
Locale—Locale of the first language. (This is always English).
Language Version—Language package version of the first or English
language.
Language MD5 Checksum—MD5 checksum of the language file.
PoE Power Information:
Maximum Available PoE Power (W)—Maximum available power that can
be delivered by the PoE.
Total PoE Power Consumption (W)Total PoE power delivered to
connected PoE devices.
PoE Power Mode—Port Limit or Class Limit.
Configuring the System Settings
To enter system settings:
STEP 1 Click Administration > System Settings.
STEP 2 View or modify the system settings.
System Description—Displays a description of the device.
System Location—Enter the location where the device is physically
located.
System Contact—Enter the name of a contact person.
Administration: General Information
Console Settings (Autobaud Rate Support)
61 Cisco Small Business 300 Series Managed Switch Administration Guide
5
Host Name—Select the host name of this device. This is used in the prompt
of CLI commands:
-Use DefaultThe default hostname (System Name) of these switches is:
switch123456, where 123456 represents the last three bytes of the
device MAC address in hex format.
-User Defined—Enter the hostname. Use only letters, digits, and hyphens.
Host names cannot begin or end with a hyphen. No other symbols,
punctuation characters, or blank spaces are permitted (as specified in
RFC1033, 1034, 1035).
System Mode—Select the system mode of this device.
NOTE If you change the system mode after clicking Apply, the system will
require a reboot, and the startup configuration file will be gone after the boot.
-L2—Select to place the device in Layer 2 system mode.
-L3—Select to place the device in Layer 3 system mode.
Custom Login Screen SettingsTo display text on the Login page, enter
the text in the Login Banner text box. Click Preview to view the results.
NOTE When you define a login banner from the web-based configuration
utility, it also activates the banner for the CLI interfaces (Console, Telnet, and
SSH).
STEP 3 Click Apply to save the values in the Running Configuration file.
Console Settings (Autobaud Rate Support)
The console port speed can be set to one of the following speeds: 4800, 9600,
19200, 38400, 57600, and 115200 or to Auto Detection.
Auto Detection enables the device to detect your console speed automatically, so
that you are not required to set it explicitly.
When Auto Detection is not enabled, the console port speed is automatically set to
the last speed that was set manually at (115,200 by default).
When Auto Detection is enabled but the console baud-rate was not yet
discovered, the system uses speed 115,200 for displaying text (for example, the
boot-up information).
Administration: General Information
Rebooting the Device
Cisco Small Business 300 Series Managed Switch Administration Guide 62
5
After Auto Detection is enabled in the Console Settings page, it can be activated
by connecting the console to the device and press the Enter key twice. The device
detects the baud rate automatically.
To enable Auto Detection or to manually set the baud rate of the console:
STEP 1 Click Administration > Console Settings.
STEP 2 Select one of the following:
Auto DetectionThe console baud rate is detected automatically.
Static—Select one of the available speeds.
Rebooting the Device
Some configuration changes, such as enabling jumbo frame support, require the
system to be rebooted before they take effect. However, rebooting the device
deletes the Running Configuration, so it is critical that the Running Configuration is
saved to the Startup Configuration before the device is rebooted. Clicking Apply
does not save the configuration to the Startup Configuration. For more information
on files and file types, see the System Files section.
You can back up the configuration by using
Administration > File Management >
Copy/Save Configuration
or clicking Save at the top of the window. You can also
upload the configuration from a remote device. See the Download/Backup
Configuration/Log section.
There are cases when you might prefer to set the time of the reboot for some time
in the future. This could happen for example in one of the following cases:
You are performing actions on a remote device, and these actions might
create loss of connectivity to the remote device. Pre-scheduling a reboot
restores the working configuration and enables restoring the connectivity to
the remote device. If these actions are successful, the delayed reboot can
be cancelled.
Reloading the device cause loss of connectivity in the network, thus by
using delayed reboot, you can schedule the reboot to a time that is more
convenient for the users (e.g. late night).
Administration: General Information
Rebooting the Device
63 Cisco Small Business 300 Series Managed Switch Administration Guide
5
To r e b o ot t h e d e v i c e :
STEP 1 Click Administration > Reboot.
STEP 2 Click one of the Reboot buttons to reboot the device.
Reboot—Reboots the device. Since any unsaved information in the Running
Configuration is discarded when the device is rebooted, you must click Save
in the upper-right corner of any window to preserve current configuration
across the boot process. If the Save option is not displayed, the Running
Configuration matches the Startup Configuration and no action is necessary.
The following options are available:
-Immediate—Reboot immediately.
-Date—Enter the date (month/day) and time (hour and minutes) of the
schedule reboot. This schedules a reload of the software to take place
at the specified time (using a 24-hour clock). If you specify the month
and day, the reload is scheduled to take place at the specified time and
date. If you do not specify the month and day, the reload takes place at
the specified time on the current day (if the specified time is later than
the current time) or on the next day (if the specified time is earlier than
the current time). Specifying 00:00 schedules the reload for midnight.
The reload must take place within 24 days.
NOTE This option can only be used if the system time has either been set
manually or by SNTP.
-In—Reboot within the specified number of hours and minutes. The
maximum amount of time that can pass is 24 days.
Reboot to Factory Defaults—Reboots the device by using the factory
default configuration. This process erases the Startup Configuration file and
the backup configuration file.
The mirror configuration file is not deleted when restoring to factory
defaults.
Clear Startup Configuration File—Check to clear the startup configuration
on the device for the next time it boots up.
NOTE Clearing the Startup Configuration File and Rebooting is not the same
as Rebooting to Factory Defaults. Rebooting to Factory Defaults is more
intrusive.
Administration: General Information
Routing Resources
Cisco Small Business 300 Series Managed Switch Administration Guide 64
5
Routing Resources
Use the Router Resources page to display TCAM allocation and modify total
TCAM size. TCAM entries are divided into the following groups:
IP EntriesTCAM entries reserved for IP static routes, IP addresses on the
device, and IP hosts. Each type generates the following number of TCAM
entries:
-IPv4 static routes—One entry per route
-IP Addresses—Two entries per IP address
-IP Hosts—One entry per host
Non-IP EntriesTCAM entries reserved for other applications, such as
ACL rules, CoS policers, and VLAN rate limits.
To view and modify router resources:
STEP 1 Click Administration > Router Resources.
The following fields are displayed:
NeighborsCount is the number of neighbors recorded on the device and
TCAM Entries is the total number of TCAM entries being used for neighbors.
InterfacesCount is the number of IP addresses on interfaces on the
device and TCAM Entries is the total number of TCAM entries being used for
the IP addresses.
RoutesCount is the number of routes recorded on the device and TCAM
Entries is the total number of TCAM entries being used for the routes.
Total—Displays the number of TCAM entries which are currently being
used.
Maximum Entries—Select one of the following options:
-Use DefaultThe number of TCAM entries available for IP entries is
25% of the TCAM size (128).
-User Defined—Enter a value up to 512 entries.
Administration: General Information
Monitoring Fan Status
65 Cisco Small Business 300 Series Managed Switch Administration Guide
5
You must save your current configuration before changing the TCAM Allocation
Settings.
NOTE A summary of the TCAM entries actually in use and available is
displayed at the bottom of this page. For an explanation of the fields, see
Viewing TCAM Utilization[.
STEP 2 Save the new settings by clicking Apply. This checks the feasibility of the TCAM
allocation. If it is incorrect, an error message is displayed. If it is correct, the
allocation is saved to the Running Configuration file and a reboot is performed.
Monitoring Fan Status
The Health page displays the fan status on all devices with fans. Depending on the
model, there are one or more fans on a device. Some models have no fans at all.
On devices on which a temperature sensor is assembled, for protecting the device
hardware in case it overheats, the following actions are performed by the device if
it overheats and during the cool down period after overheating:
Event Action
At least one temperature
sensor exceeds the
Warning threshold
The following are generated:
SYSLOG message
SNMP trap
Administration: General Information
Monitoring Fan Status
Cisco Small Business 300 Series Managed Switch Administration Guide 66
5
To view the device health parameters, click Status and Statistics > Health.
The Health page displays the following fields:
Fan Status—Fan status. The following values are possible:
-OK—Fan is operating normally.
-Fail—Fan is not operating correctly.
-N/A—Fan ID is not applicable for the specific model.
Fan Direction—(On relevant devices) The direction that the fans are
working in (for example: Front to Back).
At least one temperature
sensor exceeds the Critical
threshold
The following are generated:
SYSLOG message
SNMP trap
The following actions are performed:
System LED is set to solid amber (if hardware
supports this).
Disable Ports — When the Critical
temperature has been exceeded for two
minutes, all ports will be shut down.
(On devices that support PoE) Disable the
PoE circuitry so that less power is consumed
and less heat is emitted.
Cool down period after the
Critical threshold was
exceeded (all sensors are
lower than the Warning
threshold - 2 °C).
After all the sensors cool down to Warning
Threshold minus 2 degree C, the PHY will be re-
enabled, and all ports brought back up.
If FAN status is OK, the ports are enabled.
(On devices that support PoE) the PoE circuitry is
enabled.
Event Action
Administration: General Information
Defining Idle Session Timeout
67 Cisco Small Business 300 Series Managed Switch Administration Guide
5
Defining Idle Session Timeout
The
Idle Session Timeout
configures the time intervals that the management
sessions can remain idle before they timeout and you must log in again to
reestablish one of the following sessions:
HTTP Session Timeout
HTTPS Session Timeout
Console Session Timeout
Telnet Session Timeout
SSH Session Timeout
To set the idle session timeout for various types of sessions:
STEP 1 Click Administration > Idle Session Timeout.
STEP 2 Select the timeout for the each session from the corresponding list. The default
timeout value is 10 minutes.
STEP 3 Click Apply to set the configuration settings on the device.
Pinging a Host
Ping is a utility used to test if a remote host can be reached and to measure the
round-trip time for packets sent from the device to a destination device.
Ping operates by sending Internet Control Message Protocol (ICMP) echo request
packets to the target host and waiting for an ICMP response, sometimes called a
pong. It measures the round-trip time and records any packet loss.
To ping a host:
STEP 1 Click Administration > Ping.
STEP 2 Configure ping by entering the fields:
Host Definition—Select whether to specify hosts by their IP address or
name.
Administration: General Information
Pinging a Host
Cisco Small Business 300 Series Managed Switch Administration Guide 68
5
IP Version—If the host is identified by its IP address, select either IPv4 or
IPv6 to indicate that it will be entered in the selected format.
IPv6 Address Type—Select Link Local or Global as the type of IPv6
address to enter.
-Link LocalThe IPv6 address uniquely identifies hosts on a single
network link. A link local address has a prefix of FE80, is not routable, and
can be used for communication only on the local network. Only one link
local address is supported. If a link local address exists on the interface,
this entry replaces the address in the configuration.
-GlobalThe IPv6 address is a global Unicast IPV6 type that is visible and
reachable from other networks.
Link Local Interface—If the IPv6 address type is Link Local, select from
where it is received.
Host IP Address/NameAddress or host name of the device to be pinged.
Whether this is an IP address or host name depends on the Host Definition.
Ping Interval—Length of time the system waits between ping packets. Ping
is repeated the number of times configured in the "Number of Pings" field,
whether the ping succeeds or not. Choose to use the default interval or
specify your own value.
Number of Pings—The number of times the ping operation is performed.
Choose to use the default or specify your own value.
Status—Displays whether the ping succeeded or failed.
STEP 3 Click Activate Ping to ping the host. The ping status appears and another
message is added to the list of messages, indicating the result of the ping
operation.
STEP 4 View the results of ping in the Ping Counters and Status section of the page.
Administration: General Information
Traceroute
69 Cisco Small Business 300 Series Managed Switch Administration Guide
5
Traceroute
Traceroute discovers the IP routes along which packets were forwarded by
sending an IP packet to the target host and back to the device. The Traceroute
page shows each hop between the device and a target host, and the round-trip
time to each such hop.
STEP 1 Click Administration > Traceroute.
STEP 2 Configure Traceroute by entering information into the following fields:
Host Definition—Select whether hosts are identified by their IP address or
name.
IP Version—If the host is identified by its IP address, select either IPv4 or
IPv6 to indicate that it will be entered in the selected format.
IPv6 Address Type—Select Link Local or Global as the type of IPv6
address to enter.
-Link LocalThe IPv6 address uniquely identifies hosts on a single
network link. A link local address has a prefix of FE80, is not routable, and
can be used for communication only on the local network. Only one link
local address is supported. If a link local address exists on the interface,
this entry replaces the address in the configuration.
-GlobalThe IPv6 address is a global Unicast IPV6 type that is visible and
reachable from other networks.
Link Local Interface—If the IPv6 address type is Link Local, select from
where it is received.
Host IP Address/Name—Enter the host address or name.
TTL—Enter the maximum number of hops that Traceroute permits. This is
used to prevent a case where the sent frame gets into an endless loop. The
Traceroute command terminates when the destination is reached or when
this value is reached. To use the default value (30), select Use Default.
Timeout—Enter the length of time that the system waits for a frame to return
before declaring it lost, or select Use Default.
STEP 3 Click Activate Traceroute. The operation is performed.
Administration: General Information
Traceroute
Cisco Small Business 300 Series Managed Switch Administration Guide 70
5
A page appears showing the Round Trip Time (RTT) and status for each trip in the
fields:
Index—Displays the number of the hop.
Host—Displays a stop along the route to the destination.
Round Trip Time (1-3)—Displays the round trip time in (ms) for the first
through third frame and the status of the first through third operation.
Administration: General Information
Traceroute
71 Cisco Small Business 300 Series Managed Switch Administration Guide
5
6
Cisco Small Business 300 Series Managed Switch Administration Guide 72
Administration: Time Settings
Synchronized system clocks provide a frame of reference between all devices on
the network. Network time synchronization is critical because every aspect of
managing, securing, planning, and debugging a network involves determining
when events occur. Without synchronized clocks, accurately correlating log files
between devices when tracking security breaches or network usage is
impossible.
Synchronized time also reduces confusion in shared file systems, as it is important
for the modification times to be consistent, regardless of the machine on which the
file systems reside.
For these reasons, it is important that the time configured on all of the devices on
the network is accurate.
NOTE The device supports Simple Network Time Protocol (SNTP) and when enabled, the
device dynamically synchronizes the device time with time from an SNTP server.
The device operates only as an SNTP client, and cannot provide time services to
other devices.
This section describes the options for configuring the system time, time zone, and
Daylight Savings Time (DST). It covers the following topics:
System Time Options
SNTP Modes
Configuring System Time
Administration: Time Settings
System Time Options
73 Cisco Small Business 300 Series Managed Switch Administration Guide
6
System Time Options
System time can be set manually by the user, dynamically from an SNTP server, or
synchronized from the PC running the GUI. If an SNTP server is chosen, the manual
time settings are overwritten when communications with the server are
established.
As part of the boot process, the device always configures the time, time zone, and
DST. These parameters are obtained from the PC running the GUI, SNTP, values
set manually, or if all else fails, from the factory defaults.
Time
The following methods are available for setting the system time on the device:
ManualYou must manually sets the time.
From PCTime can be received from the PC by using browser information.
The configuration of time from the computer is saved to the Running
Configuration file. You must copy the Running Configuration to the Startup
Configuration in order to enable the device to use the time from the
computer after reboot. The time after reboot is set during the first WEB login
to the device.
When you configure this feature for the first time, if the time was not already
set, the device sets the time from the PC.
This method of setting time works with both HTTP and HTTPS connections.
SNTPTime can be received from SNTP time servers. SNTP ensures
accurate network time synchronization of the device up to the millisecond by
using an SNTP server for the clock source. When specifying an SNTP server,
if choosing to identify it by hostname, three suggestions are given in the GUI:
-time-a.timefreq.bldrdoc.gov
-time-b.timefreq.bldrdoc.gov
-time-c.timefreq.bldrdoc.gov
After the time has been set by any of the above sources, it is not set again by the
browser.
NOTE SNTP is the recommended method for time setting.
Administration: Time Settings
SNTP Modes
Cisco Small Business 300 Series Managed Switch Administration Guide 74
6
Time Zone and Daylight Savings Time (DST)
The Time Zone and DST can be set on the device in the following ways:
Dynamic configuration of the device through a DHCP server, where:
-Dynamic DST, when enabled and available, always takes precedence
over the manual configuration of DST.
-If the server supplying the source parameters fails, or dynamic
configuration is disabled by the user, the manual settings are used.
-Dynamic configuration of the time zone and DST continues after the IP
address lease time has expired.
Manual configuration of the time zone and DST becomes the Operational
time zone and DST, only if the dynamic configuration is disabled or fails.
NOTE The DHCP server must supply DHCP option 100 in order for dynamic
time zone configuration to take place.
SNTP Modes
The device can receive the system time from an SNTP server in one of the
following ways:
Client Broadcast Reception (passive mode)
SNTP servers broadcast the time, and the device listens to these
broadcasts. When the device is in this mode, there is no need to define a
Unicast SNTP server.
Client Broadcast Transmission (active mode)—The device, as an SNTP
client, periodically requests SNTP time updates. This mode works in either
of the following ways:
-SNTP Anycast Client ModeThe device broadcasts time request
packets to all SNTP servers in the subnet, and waits for a response.
-Unicast SNTP Server ModeThe device sends Unicast queries to a list
of manually-configured SNTP servers, and waits for a response.
The device supports having all of the above modes active at the same time and
selects the best system time received from an SNTP server, according to an
algorithm based on the closest stratum (distance from the reference clock).
Administration: Time Settings
Configuring System Time
75 Cisco Small Business 300 Series Managed Switch Administration Guide
6
Configuring System Time
Selecting Source of System Time
Use the System Time page to select the system time source. If the source is
manual, you can enter the time here.
!
CAUTION If the system time is set manually and the device is rebooted, the manual time
settings must be reentered.
To define system time:
STEP 1 Click Administration > Time Settings > System Time.
The following fields are displayed:
Actual Time (Static)—System time on the device. This shows the DHCP
time zone or the acronym for the user-defined time zone if these were
defined.
Last Synchronized Server—Address, stratum and type of the SNTP server
from which time was last taken.
STEP 2 Enter these parameters:
Clock Source Settings—Select the source used to set the system clock.
Main Clock Source (SNTP Servers)—If you enable this, the system time is
obtained from an SNTP server. To use this feature, you must also configure a
connection to an SNTP server in the SNTP Interface Settings page.
Optionally, enforce authentication of the SNTP sessions by using the SNTP
Authentication page.
Alternate Clock Source (PC via active HTTP/HTTPS sessions)—Select to
set the date and time from the configuring computer using the HTTP
protocol.
NOTE The Clock Source Setting needs to be set to either of the above in
order for RIP MD5 authentication to work. This also helps features that
associate with time, for example: Time Based ACL, Port, 802.1 port
authentication that are supported on some devices.
Administration: Time Settings
Configuring System Time
Cisco Small Business 300 Series Managed Switch Administration Guide 76
6
Manual Settings—Set the date and time manually. The local time is used when
there is no alternate source of time, such as an SNTP server:
Date—Enter the system date.
Local Time—Enter the system time.
Time Zone SettingsThe local time is used via the DHCP server or Time Zone
offset.
Get Time Zone from DHCP—Select to enable dynamic configuration of the
time zone and the DST from the DHCP server. Whether one or both of these
parameters can be configured depends on the information found in the
DHCP packet. If this option is enabled, you must also enable DHCP client on
the device.
NOTE The DHCP Client supports Option 100 providing dynamic time zone
setting.
Time Zone from DHCP—Displays the acronym of the time zone configured
from the DHCP server. This acronym appears in the Actual Time field
Time Zone Offset—Select the difference in hours between Greenwich
Mean Time (GMT) and the local time. For example, the Time Zone Offset for
Paris is GMT +1, while the Time Zone Offset for New York is GMT – 5.
Time Zone Acronym—Enter a user-defined name that represents the time
zone you have configured. This acronym appears in the Actual Time field.
Daylight Savings Settings—Select how DST is defined:
Daylight Savings—Select to enable Daylight Saving Time.
Time Set Offset—Enter the number of minutes offset from GMT ranging from
11440. The default is 60.
Daylight Savings Type—Click one of the following:
-
USA
—DST is set according to the dates used in the USA.
-
European
—DST is set according to the dates used by the European
Union and other countries that use this standard.
-
By Dates
—DST is set manually, typically for a country other than the USA
or a European country. Enter the following parameters:
-
Recurring
—DST occurs on the same date every year.
Selecting
By Dates
allows customization of the start and stop of DST:
Administration: Time Settings
Configuring System Time
77 Cisco Small Business 300 Series Managed Switch Administration Guide
6
-From—Day and time that DST starts.
-To—Day and time that DST ends.
Selecting
Recurring
allows different customization of the start and stop of
DST:
From—Date when DST begins each year.
-
Day
—Day of the week on which DST begins every year.
-
Week
Week within the month from which DST begins every year.
-
Month
—Month of the year in which DST begins every year.
-
Time
The time at which DST begins every year.
To—Date when DST ends each year. For example, DST ends locally every
fourth Friday in October at 5:00 am. The parameters are:
-
Day
—Day of the week on which DST ends every year.
-
Week
Week within the month from which DST ends every year.
-
Month
—Month of the year in which DST ends every year.
-
Time
The time at which DST ends every year.
STEP 3 Click Apply. The system time values are written to the Running Configuration file.
Adding a Unicast SNTP Server
Up to 16 Unicast SNTP servers can be configured.
NOTE To specify a Unicast SNTP server by name, you must first configure DNS server(s)
on the device (see DNS Settings). In order to add a Unicast SNTP server, check the
box to enable SNTP Client Unicast.
To add a Unicast SNTP server:
STEP 1 Click Administration > Time Settings > SNTP Unicast.
This page contains the following information for each Unicast SNTP server:
SNTP Server—SNTP server IP address. The preferred server, or hostname,
is chosen according to its stratum level.
Administration: Time Settings
Configuring System Time
Cisco Small Business 300 Series Managed Switch Administration Guide 78
6
Poll Interval—Displays whether polling is enabled or disabled.
Authentication Key ID—Key Identification used to communicate between
the SNTP server and device.
Stratum Level—Distance from the reference clock expressed as a
numerical value. An SNTP server cannot be the primary server (stratum
level1) unless polling interval is enabled.
Status—SNTP server status. The possible values are:
-Up—SNTP server is currently operating normally.
-Down—SNTP server is currently not available.
-Unknown—SNTP server is currently being searched for by the device.
-
In Process
—Occurs when the SNTP server has not fully trusted its own
time server (i.e. when first booting up the SNTP server).
Last Response—Date and time of the last time a response was received
from this SNTP server.
OffsetThe estimated offset of the server's clock relative to the local clock,
in milliseconds. The host determines the value of this offset using the
algorithm described in RFC 2030.
DelayThe estimated round-trip delay of the server's clock relative to the
local clock over the network path between them, in milliseconds. The host
determines the value of this delay using the algorithm described in RFC
2030.
Source—How SNTP server was defined, for example: manually or from
DHCPv6 server.
Interface—Interface on which packets are received.
STEP 2 To add a Unicast SNTP server, enable SNTP Client Unicast.
STEP 3 Click Add.
STEP 4 Enter the following parameters:
Server Definition—Select if the SNTP server is going to be identified by its
IP address or if you are going to select a well-known SNTP server by name
from the list.
NOTE To specify a well-known SNTP server, the device must be connected
to the Internet and configured with a DNS server or configured so that a DNS
server is identified by using DHCP. (See DNS Settings)
Administration: Time Settings
Configuring System Time
79 Cisco Small Business 300 Series Managed Switch Administration Guide
6
IP Version—Select the version of the IP address: Version 6 or Version 4.
IPv6 Address Type—Select the IPv6 address type (if IPv6 is used). The
options are
-Link LocalThe IPv6 address uniquely identifies hosts on a single
network link. A link local address has a prefix of FE80, is not routable, and
can be used for communication only on the local network. Only one link
local address is supported. If a link local address exists on the interface,
this entry replaces the address in the configuration.
-GlobalThe IPv6 address is a global Unicast IPV6 type that is visible and
reachable from other networks.
Link Local Interface—Select the link local interface (if IPv6 Address Type
Link Local is selected) from the list.
SNTP Server IP Address—Enter the SNTP server IP address. The format
depends on which address type was selected.
SNTP Server—Select the name of the SNTP server from a list of well-known
NTP servers. If other is chosen, enter name of SNTP server in the adjacent
field.
Poll Interval—Select to enable polling of the SNTP server for system time
information. All NTP servers that are registered for polling are polled, and the
clock is selected from the server with the lowest stratum level (distance from
the reference clock) that is reachable. The server with the lowest stratum is
considered to be the primary server. The server with the next lowest stratum
is a secondary server, and so forth. If the primary server is down, the device
polls all servers with the polling setting enabled, and selects a new primary
server with the lowest stratum.
Authentication—Select the check box to enable authentication.
Authentication Key ID—If authentication is enabled, select the value of the
key ID. (Create the authentication keys using the SNTP Authentication page.)
STEP 5 Click Apply. The STNP server is added, and you are returned to the main page.
Administration: Time Settings
Configuring System Time
Cisco Small Business 300 Series Managed Switch Administration Guide 80
6
Configuring the SNTP Mode
The device can be in active and/or passive mode (see SNTP Modes for more
information).
To enable receiving SNTP packets from all servers on the subnet and/or to enable
transmitting time requests to SNTP servers:
STEP 1 Click Administration > Time Settings > SNTP Multicast/Anycast.
STEP 2 Select from the following options:
SNTP IPv4 Multicast Client Mode (Client Broadcast Reception)—Select to
receive system time IPv4 Multicast transmissions from any SNTP server on
the subnet.
SNTP IPv6 Multicast Client Mode (Client Broadcast Reception)—Select to
receive system time IPv6 Multicast transmissions from any SNTP server on
the subnet.
SNTP IPv4 Anycast Client Mode (Client Broadcast Transmission)—Select to
transmit SNTP IPv4 synchronization packets requesting system time
information. The packets are transmitted to all SNTP servers on the subnet.
SNTP IPv6 Anycast Client Mode (Client Broadcast Transmission)—Select to
transmit SNTP IPv6 synchronization packets requesting system time
information. The packets are transmitted to all SNTP servers on the subnet.
STEP 3 If the system is in Layer 3 system mode, click Add to enter the interface for SNTP
reception/transmission.
Select an interface and select the reception/transmission options.
STEP 4 Click Apply to save the settings to the Running Configuration file.
Defining SNTP Authentication
SNTP clients can authenticate responses by using HMAC-MD5. An SNTP server is
associated with a key, which is used as input together with the response itself to
the MD5 function; the result of the MD5 is also included in the response packet.
The SNTP Authentication page enables configuration of the authentication keys
that are used when communicating with an SNTP server that requires
authentication.
Administration: Time Settings
Configuring System Time
81 Cisco Small Business 300 Series Managed Switch Administration Guide
6
The authentication key is created on the SNTP server in a separate process that
depends on the type of SNTP server you are using. Consult with the SNTP server
system administrator for more information.
Workflow
STEP 1 Enable authentication in the SNTP Authentication page.
STEP 2 Create a key in the SNTP Authentication page.
STEP 3 Associate this key with an SNTP server in the SNTP Unicast page.
To enable SNTP authentication and define keys:
STEP 1 Click Administration > Time Settings > SNTP Authentication.
STEP 2 Select SNTP Authentication to support authentication of an SNTP session
between the device and an SNTP server.
STEP 3 Click Apply to update the device.
STEP 4 Click Add.
STEP 5 Enter the following parameters:
Authentication Key ID—Enter the number used to identify this SNTP
authentication key internally.
Authentication Key—Enter the key used for authentication (up to eight
characters). The SNTP server must send this key for the device to
synchronize to it.
Trusted Key—Select to enable the device to receive synchronization
information only from a SNTP server by using this authentication key.
STEP 6 Click Apply. The SNTP Authentication parameters are written to the Running
Configuration file.
Time Range
Time ranges can be defined and associated with the following types of
commands, so that they are applied only during that time range:
ACLs
Administration: Time Settings
Configuring System Time
Cisco Small Business 300 Series Managed Switch Administration Guide 82
6
8021X Port Authentication
Port Stat
Time-Based PoE
There are two types of time ranges:
AbsoluteThis type of time range begins on a specific date or
immediately and ends on a specific date or extends infinitely. It is created in
the Time Range pages. A recurring element can be added to it.
Recurring — This type of time range contains a time range element that is
added to an absolute range, and begins and ends on a recurring basis. It is
defined in the Recurring Range pages.
If a time range includes both absolute and recurring ranges, the process
associated with it is activated only if both absolute start time and the recurring
time range have been reached. The process is deactivated when either of the time
ranges is reached.
The device supports a maximum of 10 absolute time ranges.
All time specifications are interpreted as local time (Daylight Saving Time does not
affect this).
To ensure that the time range entries take effect at the desired times, the system
time must be set.
The time-range feature can be used for the following:
Limit access of computers to the network during business hours (for
example), after which the network ports are locked, and access to the rest
of the network is blocked (see Chapter 9, “Configuring Ports and
Chapter 9, “Configuring LAG Settings”)
Limit PoE operation to a specified period.
Absolute Time Range
To define an absolute time range:
STEP 1 Click Administration > Time Settings > Time Range.
The existing time ranges are displayed.
STEP 2 To add a new time range, click Add.
STEP 3 Enter the following fields:
Administration: Time Settings
Configuring System Time
83 Cisco Small Business 300 Series Managed Switch Administration Guide
6
Time Range Name—Enter a new time range name.
Absolute Starting TimeTo define the start time, enter the following:
-Immediate—Select for the time range to start immediately.
-Date, Time—Enter the date and time that the Time Range begins.
Absolute Ending TimeTo define the start time, enter the following:
-Infinite—Select for the time range to never end.
-Date, Time—Enter the date and time that the Time Range ends.
STEP 4 To add a recurring time range, click Recurring Range.
Recurring Time Range
A recurring time element can be added to an absolute time range. This limits the
operation to certain time periods within the absolute range.
To add a recurring time range element to an absolute time range:
STEP 1 Click Administration > Time Settings > Recurring Range.
The existing recurring time ranges are displayed (filtered per a specific, absolute
time range.)
STEP 2 Select the absolute time range to which to add the recurring range.
STEP 3 To add a new recurring time range, click Add.
STEP 4 Enter the following fields:
Recurring Starting Time—Enter the date and time that the Time Range
begins on a recurring basis.
Recurring Ending Time—Enter the date and time that the Time Range ends
on a recurring basis.
7
Cisco Small Business 300 Series Managed Switch Administration Guide 84
Administration: Diagnostics
This section contains information for configuring port mirroring, running cable
tests, and viewing device operational information.
It covers the following topics:
Testing Copper Ports
Displaying Optical Module Status
Configuring Port and VLAN Mirroring
Viewing CPU Utilization and Secure Core Technology
Testing Copper Ports
The Copper Test page
displays the results of integrated cable tests performed on
copper cables by the Virtual Cable Tester (VCT).
VCT performs two types of tests:
Time Domain Reflectometry (TDR) technology tests the quality and
characteristics of a copper cable attached to a port. Cables of up to 140
meters long can be tested. These results are displayed in the Test Results
block of the Copper Test page.
DSP-based tests are performed on active GE links to measure cable length.
These results are displayed in the Advanced Information block of the
Copper Test page.
Preconditions to Running the Copper Port Test
Before running the test, do the following:
(Mandatory) Disable Short Reach mode (see the Port Management > Green
Ethernet > Properties page)
Administration: Diagnostics
Te s t i n g C o p p e r P o r ts
85 Cisco Small Business 300 Series Managed Switch Administration Guide
7
(Optional) Disable EEE (see the Port Management > Green Ethernet >
Properties page)
Use a CAT5 data cable when testing cables using (VCT).
Accuracy of the test results can have an error range of +/- 10 for Advanced Testing
and +/- 2 for basic testing.
!
CAUTION When a port is tested, it is set to the Down state and communications are
interrupted. After the test, the port returns to the Up state. It is not recommended
that you run the copper port test on a port you are using to run the web-based
switch configuration utility, because communications with that device are
disrupted.
To test copper cables attached to ports:
STEP 1 Click Administration > Diagnostics > Copper Test.
STEP 2 Select the port on which to run the test.
STEP 3 Click Copper Test.
STEP 4 When the message appears, click OK to confirm that the link can go down or
Cancel to abort the test.
The following fields are displayed in the Test Results block:
Last UpdateTime of the last test conducted on the port.
Test Results—Cable test results. Possible values are:
-OK—Cable passed the test.
-No Cable—Cable is not connected to the port.
-Open Cable—Cable is connected on only one side.
-Short Cable—Short circuit has occurred in the cable.
-Unknown Test Result—Error has occurred.
Distance to Fault—Distance from the port to the location on the cable where
the fault was discovered.
Operational Port Status—Displays whether port is up or down.
Administration: Diagnostics
Displaying Optical Module Status
Cisco Small Business 300 Series Managed Switch Administration Guide 86
7
If the port being tested is a Giga port, the Advanced Information block contains the
following information, which is refreshed each time you enter the page:
Cable Length: Provides an estimate for the length.
Pair—Cable wire pair being tested.
StatusWire pair status. Red indicates fault and Green indicates status OK.
Channel—Cable channel indicating whether the wires are straight or cross-
over.
Polarity—Indicates if automatic polarity detection and correction has been
activated for the wire pair.
Pair Skew—Difference in delay between wire pairs.
NOTE TDR tests cannot be performed when the port speed is 10Mbit/Sec.
Displaying Optical Module Status
The Optical Module Status page displays the operating conditions reported by
the SFP (Small Form-factor Pluggable) transceiver. Some information might not be
available for SFPs that do not support the digital diagnostic monitoring standard
SFF-8472.
MSA-compatible SFPs
The following FE SFP (100Mbps) transceivers are supported:
MFEBX1: 100BASE-BX-20U SFP transceiver for single-mode fiber, 1310 nm
wavelength, supports up to 20 km.
MFEFX1: 100BASE-FX SFP transceiver, for multimode fiber, 1310 nm
wavelength, supports up to 2 km.
MFELX1: 100BASE-LX SFP transceiver, for single-mode fiber, 1310 nm
wavelength, supports up to 10 km.
The following GE SFP (1000Mbps) transceivers are supported:
MGBBX1: 1000BASE-BX-20U SFP transceiver, for single-mode fiber, 1310
nm wavelength, supports up to 40 km.
Administration: Diagnostics
Configuring Port and VLAN Mirroring
87 Cisco Small Business 300 Series Managed Switch Administration Guide
7
MGBLH1: 1000BASE-LH SFP transceiver, for single-mode fiber, 1310 nm
wavelength, supports up to 40 km.
MGBLX1: 1000BASE-LX SFP transceiver, for single-mode fiber, 1310 nm
wavelength, supports up to 10 km.
MGBSX1:1000BASE-SX SFP transceiver, for multimode fiber, 850 nm
wavelength, supports up to 550 m.
MGBT1: 1000BASE-T SFP transceiver for category 5 copper wire, supports
up to 100 m.
To view the results of optical tests, click Administration > Diagnostics > Optical
Module Status.
This page contains the following fields:
Port—Port number on which the SFP is connected.
Temp eratureTemperature (Celsius) at which the SFP is operating.
Voltage—SFP’s operating voltage.
Current—SFP’s current consumption.
Output Power—Transmitted optical power.
Input Power—Received optical power.
Transmitter Fault—Remote SFP reports signal loss. Values are True, False,
and No Signal (N/S).
Loss of Signal—Local SFP reports signal loss. Values are True and False.
Data Ready—SFP is operational. Values are True and False
Configuring Port and VLAN Mirroring
Port mirroring is used on a network device to send a copy of network packets
seen on one device port, multiple device ports, or an entire VLAN to a network
monitoring connection on another port on the device. This is commonly used for
network appliances that require monitoring of network traffic, such as an intrusion-
detection system. A network analyzer connected to the monitoring port processes
the data packets for diagnosing, debugging, and performance monitoring. Up to
eight sources can be mirrored. This can be any combination of eight individual
ports and/or VLANs.
Administration: Diagnostics
Configuring Port and VLAN Mirroring
Cisco Small Business 300 Series Managed Switch Administration Guide 88
7
A packet that is received on a network port assigned to a VLAN that is subject to
mirroring is mirrored to the analyzer port even if the packet was eventually
trapped or discarded. Packets sent by the device are mirrored when Transmit (Tx)
mirroring is activated.
Mirroring does not guarantee that all traffic from the source port(s) is received on
the analyzer (destination) port. If more data is sent to the analyzer port than it can
support, some data might be lost.
VLAN mirroring is not active on a VLAN that was not manually created. For
example, if VLAN 23 was created by GVRP, and you manually created VLAN 34,
and you create port mirroring that includes VLAN 23, VLAN 34, or both, and later
on delete VLAN 34, the status in port mirroring is set to Not Ready, because the
VLAN34 is no longer in the database and VLAN23 was not created manually.
Only one instance of mirroring is supported system-wide. The analyzer port (or
target port for VLAN mirroring or port mirroring) is the same for all the mirrored
VLANs or ports.
To enable mirroring:
STEP 1 Click Administration > Diagnostics > Port and VLAN Mirroring.
This page contains the following fields:
Destination Port—Port to which traffic is to be copied; the analyzer port.
Source Interface—Interface, port, or VLAN from which traffic is sent to the
analyzer port.
TypeType of monitoring: incoming to the port (Rx), outgoing from the port
(Tx), or both.
Status— Displays one of the following values:
-Active—Both source and destination interfaces are up and forwarding
traffic.
-Not Ready—Either source or destination (or both) are down or not
forwarding traffic for some reason.
STEP 2 Click Add to add a port or VLAN to be mirrored.
STEP 3 Enter the parameters:
Administration: Diagnostics
Viewing CPU Utilization and Secure Core Technology
89 Cisco Small Business 300 Series Managed Switch Administration Guide
7
Destination Port—Select the analyzer port to where packets are copied. A
network analyzer, such as a PC running Wireshark, is connected to this port.
If a port is identified as an analyzer destination port, it remains the analyzer
destination port until all entries are removed.
Source Interface—Select the source port or source VLAN from where
traffic is to be mirrored.
Type—Select whether incoming, outgoing, or both types of traffic are
mirrored to the analyzer port. If Port is selected, the options are:
-Rx Only—Port mirroring on incoming packets.
-Tx Only—Port mirroring on outgoing packets.
-Tx and Rx—Port mirroring on both incoming and outgoing packets.
STEP 4 Click Apply. Port mirroring is added to the Running Configuration.
Viewing CPU Utilization and Secure Core Technology
This section describes the Secure Core Technology (SCT) and how to view CPU
usage.
The device handles the following types of traffic, in addition to end-user traffic:
Management traffic
Protocol traffic
Snooping traffic
Excessive traffic burdens the CPU, and might prevent normal device operation.
The device uses the Secure Core Technology (SCT) feature to ensure that the
device receives and processes management and protocol traffic, no matter how
much total traffic is received. SCT is enabled by default on the device and cannot
be disabled.
There are no interactions with other features.
To display CPU utilization:
Administration: Diagnostics
Viewing CPU Utilization and Secure Core Technology
Cisco Small Business 300 Series Managed Switch Administration Guide 90
7
STEP 1 Click Administration > Diagnostics > CPU Utilization.
The CPU Utilization page appears.
The CPU Input Rate field displays the rate of input frames to the CPU per second.
The window contains a graph of the CPU utilization. The Y axis is percentage of
usage, and the X axis is the sample number.
STEP 2 Select the Refresh Rate (time period in seconds) that passes before the statistics
are refreshed. A new sample is created for each time period
Administration: Diagnostics
Viewing CPU Utilization and Secure Core Technology
91 Cisco Small Business 300 Series Managed Switch Administration Guide
7
8
Cisco Small Business 300 Series Managed Switch Administration Guide 92
Administration: Discovery
This section provides information for configuring Discovery.
It covers the following topics:
Configuring Bonjour Discovery
LLDP and CDP
Configuring LLDP
Configuring CDP
Configuring Bonjour Discovery
As a Bonjour client, the device periodically broadcasts Bonjour Discovery protocol
packets to directly-connected IP subnet(s), advertising its existence and the
services that it provides; for example, HTTP, HTTPs, and Telnet. (Use the Security
> TCP/UDP Services page to enable or disable the device services.) The device
can be discovered by a network management system or other third-party
applications. By default, Bonjour is enabled on the Management VLAN. The
Bonjour console automatically detects the device and displays it.
Bonjour in Layer 2 System Mode
When the device is in Layer 2 system mode, Bonjour Discovery is enabled
globally; it cannot be enabled on a per-port or per-VLAN basis. The device
advertises all of the services that have been turned on by the administrator based
on the configuration on the Services page.
When Bonjour Discovery and IGMP are both enabled, the IP Multicast address of
Bonjour appears on the Adding IP Multicast Group Address page.
Administration: Discovery
Configuring Bonjour Discovery
93 Cisco Small Business 300 Series Managed Switch Administration Guide
8
When Bonjour Discovery is disabled, the device stops any service type
advertisements and does not respond to requests for service from network
management applications.
To globally enable Bonjour when the system is in Layer 2 system mode:
STEP 1 Click Administration > Discovery - Bonjour.
STEP 2 Select Enable to enable Bonjour Discovery globally on the device.
STEP 3 Click Apply. Bonjour is enabled or disabled on the device according to the
selection.
Bonjour in Layer 3 System Mode
In Layer 3 system mode, each interface (VLAN, port, or LAG) can be assigned an
IP address. When Bonjour is enabled, the device can send Bonjour Discovery
packets on all interfaces that have IP addresses. Bonjour can individually be
assigned on a per-port and/or per-VLAN basis. When Bonjour is enabled, the
device can send Bonjour Discovery packets to interfaces with IP addresses that
have been associated with Bonjour on the Bonjour Discovery Interface Control
table. (When the device is operating in Layer 3 system mode, go to IP
Configuration > Management and IP Interface > IPv4 Interface to configure an
IP address to an interface.)
If an interface, such as a VLAN, is deleted, Goodbye packets are sent to deregister
services the device is advertising from the neighboring cache table within the
local network. The Bonjour Discovery Interface Control Table shows interfaces
with IP addresses that are associated with the Bonjour feature. Any Bonjour
advertisement can only be broadcasted to interfaces listed in this table. (See the
Bonjour Discovery Interface Control Table on the Administration > Discovery -
Bonjour page. If the available services are changed, those changes are advertised,
deregistering services that are turned off and registering services that are turned
on. If an IP address is changed, that change is advertised.
If Bonjour is disabled, the device does not send Bonjour Discovery advertisements
and it does not listen for Bonjour Discovery advertisements sent by other devices.
To configure Bonjour when the device is in Layer 3 system mode:
STEP 1 Click Administration > Discovery - Bonjour.
STEP 2 Select Enable to enable Bonjour discovery globally.
Administration: Discovery
LLDP and CDP
Cisco Small Business 300 Series Managed Switch Administration Guide 94
8
STEP 3 Click Apply to update the Running Configuration file.
STEP 4 To enable Bonjour on an interface, click Add.
STEP 5 Select the interface, and click Apply.
NOTE Click Delete to disable Bonjour on an interface (this performs the delete operation
without any additional operation, such as Apply).
LLDP and CDP
LLDP (Link Layer Discovery Protocol) and CDP (Cisco Discovery Protocol) are link
layer protocols for directly-connected LLDP and CDP-capable neighbors to
advertise themselves and their capabilities to each other. By default, the device
sends an LLDP/CDP advertisement periodically to all its interfaces and terminates
and processes incoming LLDP and CDP packets as required by the protocols. In
LLDP and CDP, advertisements are encoded as TLV (Type, Length, Value) in the
packet.
The following CDP/LLDP configuration notes apply:
CDP/LLDP can be globally enabled or disabled and enabled/disabled per
port. The CDP/LLDP capability of a port is relevant only if CDP/LLDP is
globally enabled.
If CDP/LLDP is globally enabled, the device filters out incoming CDP/LLDP
packets from ports that are CDP/LLDP-disabled.
If CDP/LLDP is globally disabled, the device can be configured to discard,
VLAN-aware flooding, or VLAN-unaware flooding of all incoming CDP/LLDP
packets. VLAN-aware flooding floods an incoming CDP/LLDP packet to the
VLAN where the packet is received excluding the ingress port. VLAN-
unaware flooding floods an incoming CDP/LLDP packet to all the ports
excluding the ingress port. The default is to discard CDP/LLDP packets
when CDP/LLDP is globally disabled. You can configure the discard/
flooding of incoming CDP and LLDP packets from the CDP Properties page
and the LLDP Properties page respectively.
Auto Smartport requires CDP and/or LLDP to be enabled. Auto Smartport
automatically configures an interface based on the CDP/LLDP
advertisement received from the interface.
Administration: Discovery
Configuring LLDP
95 Cisco Small Business 300 Series Managed Switch Administration Guide
8
CDP and LLDP end devices, such as IP phones, learn the voice VLAN
configuration from CDP and LLDP advertisements. By default, the device is
enabled to send out CDP and LLDP advertisement based on the voice
VLAN configured at the device. Refer to the Voice VLAN and Auto Voice
VLAN sections for details.
NOTE CDP/LLDP does not distinguish if a port is in a LAG. If there are multiple ports in a
LAG, CDP/LLDP transmit packets on each port without taking into account the fact
that the ports are in a LAG.
The operation of CDP/LLDP is independent of the STP status of an interface.
If 802.1x port access control is enabled at an interface, the device transmits and
receives CDP/LLDP packets to and from the interface only if the interface is
authenticated and authorized.
If a port is the target of mirroring, then according to CDP/LLDP it is considered
down.
NOTE CDP and LLDP are link layer protocols for directly-connected CDP/LLDP capable
devices to advertise themselves and their capabilities. In deployments where the
CDP/LLDP-capable devices are not directly connected and are separated with
CDP/LLDP-incapable devices, the CDP/LLDP-capable devices may be able to
receive the advertisement from other device(s) only if the CDP/LLDP-incapable
devices flood the CDP/LLDP packets they receives. If the CDP/LLDP-incapable
devices perform VLAN-aware flooding, then CDP/LLDP-capable devices can hear
each other only if they are in the same VLAN. A CDP/LLDP-capable device may
receive advertisement from more than one device if the CDP