Cisco Systems ESW 500 User's Manual
Contents
1. Urtagged Unt agqed Urtagyed Urtagged Urtegged Mit Urtagqed 193514 The Port to VLAN Page contains the following fields e VLAN ID Selects the VLAN ID ESW 500 Series Switches Administration Guide 223 Configuring VLANs Defining VLAN Properties STEP 2 STEP 3 STEP 4 VLAN Name Displays the VLAN name VLAN Type Indicates the VLAN type The possible field values are Dynamic Indicates the VLAN was dynamically created through GVRP Static Indicates the VLAN is user defined Default Indicates the VLAN is the default VLAN Ports Indicates that ports are described in the page EtherChannels Indicates that EtherChannels are described in the page Interface Displays the interface configuration being displayed Interface Status Indicates the interface s membership status in the VLAN The possible field values are Untagged Indicates the interface is an untagged VLAN member Packets forwarded by the interface are untagged Tagged Indicates the interface is a tagged member of a VLAN AIl packets forwarded by the interface are tagged The packets contain VLAN information Exclude Excludes the interface from the VLAN However the interface can be added to the VLAN through GARP Forbidden Denies the interface VLAN membership even if GARP indicates the port is to be added Select VLAN ID from drop down list and then EDIT port2. ESW 500 Series Switches Administration Guide 113 Configuring Device Security Defining Authentication Modifying an Authentication Profile STEP 1 Click Security gt Authentication gt Profiles The Profiles Page opens STEP 2 Click the Edit Button The Edit Authentication Profile Page opens Edit Authentication Profile Page Edit Authentication Profile Profile Name l Authentication Method Optional Methods Selected Methods Local None RADIUS 5 TACACS zj Apply The Edit Authentication Profile Page contains the following fields e Profile Name Displays the Authentication profile name e Authentication Methods Defines the user authentication methods The possible field values are Loca Authenticates the user at the device level The device checks the user name and password for authentication RADIUS Authenticates the user at the RADIUS server JACACS Authenticates the user at the TACACS server None indicates that no authentication method is used to authenticate the device STEP 3 Define the relevant fields STEP 4 Click Apply The authentication profile is defined the device is updated ESW 500 Series Switches Administration Guide 114 Configuring Device Security Defining Authentication Mapping Authentication Profiles After authentication profiles are defined authentication profiles can be applied to management access methods For
3. STEP 1 Click Security gt Authentication gt TACACS The 7ACACS Page opens TACACS Page A cisco C System Darhbooet LOW 420 TACACS Default Parameters Source IP Address 2000 Key String Timeout fer Reply oe Authentication Timeeut Single C Stabs How Source d IPAddress PMO Wp adden Port fer Reply Connection Deion o Ad 193457 The 7TACACS Page contains the following fields e Source IP Address Displays the device source IP address used for the TACACS session between the device and the TACACS server e Key String Defines the authentication and encryption key for TACACS server The key must match the encryption key used on the TACACS server e Timeout for Reply Displays the amount of time that passes before the connection between the device and the TACACS server times out The field range is 1 30 seconds The following parameters are configured for each TACACS Sserver e HostIP Address Displays the TACACS Server IP address e Priority Displays the order in which the TACACS servers are used The default is 0 e Source IP Address Displays the device source IP address used for the TACACS session between the device and the TACACS Server e Authentication Port Displays the port number through which the TACACS session occurs The default is port 49 ESW 500 Series Switches Administration Guide 118 Configuring Device Security Defining Authentication
4. e Timeout for Reply Displays the amount of time in seconds that passes before the connection between the device and the TACACS times out The field range is 1 1000 seconds e Single Connection Maintains a single open connection between the device and the TACACS server when selected e Status Displays the connection status between the device and the TACACS server The possible field values are Connected Indicates there is currently a connection between the device and the TACACS server Not Connected indicates there is no current connection between the device and the TACACS server STEP 2 Click the Add button The Add TACACS Server Page opens Add TACACS Server Page Add TACACS Server HostIPAddess Priority i Source IP Address D C Use Default Key String D C Use Default Authentication Port fo Timeout for Reply f E F sec Use Default Single Connection oO Apply The Add TACACS Server Page contains the following fields e HostIP Address Defines the TACACS Server IP address e Priority Defines the order in which the TACACS servers are used The default is 0 e Source IP Address Defines the device source address used for the TACACS session between the device and the TACACS server The possible values are User Defined Allows the user to define the source Address ESW 500 Series Switches Administration Guide 119 Configuring Device Se
5. Select the destination port Configure the port as Other Connect the destination port to a computer with Wireshack network protocol analyzer Go to Maintenance gt Diagnostics gt SPAN Port Monitoring Configure the destination port and source port together with traffic type Monitor the source ports traffic by Wireshack ESW 500 Series Switches Administration Guide 96 Managing Smart Ports Configuring Smart Ports for Other STEP 1 STEP 2 STEP 3 STEP 4 STEPS For more information on configuring SPAN Port Mirroring see Chapter 19 Managing Device Diagnostics To remove any previous Smart Ports configuration from a port configure smart ports for other Open the Switch Configuration Utility The web application automatically opens to the System Dashboard Page Click Smart Ports Wizard under Ports on the System Dashboard Page The Smart Ports Setting Page opens Smart Ports Settings Page Smart Ports Setting R Select Port s for Profile Ae e A A a A e e A A A A e A a a A a A e a A ee nnn a a a o dt wo a SelectAll Assign Profile Select a port or range of ports Select Other in the Assign Profile drop down list Click Next the Other page opens ESW 500 Series Switches Administration Guide 97 Managing Smart Ports Configuring Smart Ports for Other Smart Ports Other Page Ports g VLAN Port Mode Access VLAN ID I Macro Description Other Back
6. ESW 500 Series Switches Administration Guide 58 Managing Device Information Understanding the Dashboards System Dashboard ESW 540 48 Page aloe 2 cisco Heath sed Monitoring You can edit a specific port on the switch by clicking on that port from the device view The System Dashboard page contains the following port indicators in the device graphical representation e Green Indicates the port is currently operating The System Dashboard pages contains the links to the following Ports e Smart Ports Wizard Opens the Smart Ports Wizard page e VLAN Configuration Opens the VLAN Properties Page Health and Monitoring e System Information Opens the System Information Page e Health Opens the Health Page e SPAN Port Mirroring Opens the SPAN Port Mirroring Page ESW 500 Series Switches Administration Guide 59 Managing Device Information Defining System Information Common Tasks e PoE Settings Opens the PoE Settings Page PoE switches only e Restart Reset Opens the Restart Reset Page e Save Configuration Opens the Save Configuration Page Help e Device Help Opens the online help More help at Cisco com Provides a link to online Technical Support Defining System Information The System Information Page contains parameters for configuring general device information To open the System Information Page ESW 500 Series Switches Adminis
7. The Policy Table Page contains the following field e Policy Name Displays the user defined policy name STEP 2 Click the Add button The Add QoS Policy Profile Page opens ESW 500 Series Switches Administration Guide Configuring Quality of Service Defining Advanced QoS Mode Add QoS Policy Profile Page Add QoS Policy Profile lew Poliey Name o L Class Map Trust CoS DSCP Action Set New Value 0 53 Police Type Aggregate Policer Ingress Committed Information Rate CIR Kbits per Second Ingress Committed Burst Size CES Bytes Lxceed Action The Add QoS Policy Profile Page contains the following fields New Policy Name Specifies the user defined policy name Class Map Selects the user defined class maps which can be associated with the policy Action Defines the action attached to the rule The possible field value is e Trust CoS DSCP Determines the queue to which the packet is assigned dependent on the CoS tag and DSCP tag e Set Defines the Trust configuration manually The possible field values are DSCP inthe New Value box the possible values are 0 63 Queue In the New Value box the possible values are 1 4 CoS Inthe New Value box the possible values are 0 7 Police Enables Policer functionality Type Policer type for the policy Possible values are Aggregate Configures the class to use a configured aggr
8. Access The port belongs to a single untagged VLAN When a portis in Access mode the packet types which are accepted on the port packet type cannot be designated It is also not possible to enable disable ingress filtering on an access port Trunk The port belongs to VLANs in which all ports are tagged except for an optional single native VLAN Customer The port belongs to VLANs In Customer mode the added tag provides a VLAN ID to each customer ensuring private and segregated network traffic e PVID Assigns a VLAN ID to untagged packets The possible values are 1 to 4095 Packets classified to the Discard VLAN are dropped e Frame Type Packet type accepted on the port Possible values are Admit Tag Only Indicates that only tagged packets are accepted on the port Admit All Indicates that both tagged and untagged packets are accepted on the port ESW 500 Series Switches Administration Guide 231 Configuring VLANs Defining GVRP Settings e Ingress Filtering Ingress filtering discards packets which do not include an ingress port The possible values are Enable Ingress filtering is activated on the port Disable Ingress filtering is not activated on the port STEP 4 Define the relevant fields STEP 5 Click Apply The VLAN Interface settings are modified and the device is updated Defining GVRP Settings GARP VLAN Registration Protocol GVRP is specifical
9. STEP 2 Define the relevant fields STEP 3 Click Apply The MSTP Instance configuration is defined and the device is updated Defining MSTP Interface Settings Network Administrators can define MSTP Instances settings using the MSTP Interface Settings Page ESW 500 Series Switches Administration Guide 294 Configuring Spanning Tree Defining Multiple Spanning Tree STEP 1 Click VLAN amp Port Settings gt Spanning Tree STP gt MSTP gt Interface Settings The MSTP Interface Settings Page opens MSTP Interface Settings Page stierft cisco sien Osses ESWA Interface Settings t y Monte 4 Oeece betestace Port State Type Role Mode beterlace Pibosity Path Cow Designated Bridge ID 1wa Designated Pert ID Designated Cont Forward Tramsiiems 1wa Remain Hops The MSTP Interface Settings Page contains the following fields e Instance ID Lists the MSTP instances configured on the device Possible field range is 1 15 e Interface Displays the interface for which the MSTP settings are displayed The possible field values are Port Specifies the port for which the MSTP settings are displayed EtherChanne Specifies the EtherChannel for which the MSTP settings are displayed e PortState Indicates the MSTP status on the specific port The possible field values are Disabled ndicates that STP is currently disabled on the port Blocking ndicates that th
10. e Broadcast Mode Specifies the Broadcast mode currently enabled on the interface The possible field values are Multicast amp Broadcast Counts Broadcast and Multicast traffic together Broadcast Only Counts only Broadcast traffic Unknown Unicast Multicast amp Broadcast Counts Unknown Unicast Broadcast and Multicast traffic together This option is available on GE ports only On FE devices this option can only be set globally for the device from the Storm Contro Page Relevant on ESW 540 ESW 520 and ESW 520 8p devices e Broadcast Rate Threshold Displays the maximum rate packets per second at which unknown packets are forwarded ForFE ports the rate is 70 100 000 Kbps For GE ports the rate is 3 500 100 000 Kbps STEP 3 Modify the relevant fields STEP 4 Click Apply Storm control is modified and the device is updated Defining Port Security Network security can be increased by limiting access ona specific port only to users with specific MAC addresses The MAC addresses can be dynamically learned or statically configured Locked port security monitors both received and learned packets that are received on specific ports Access to the locked portis limited to users with specific MAC addresses These addresses are either manually defined on the port or learned on that port up to the point when it is ESW 500 Series Switches Administration Guide 141 Configuring Device Securit
11. ESW 500 Series Switches Administration Guide 320 Configuring Quality of Service Defining General Settings Edit Bandwidth Page Edit Bandwidth Interface Port gi FtherChannel Enable Egi ess Shaping Rate o Commimed information Rate CIR Committed Vurst Size CBS Enable ingi ess Rate Limit ingress Rate Limit The Edit Bandwidth Page contains the following fields Interface Indicates whether the interface for which bandwidth settings are edited is a port ora EtherChannel Enable Egress Shaping Rate Indicates if shaping is enabled on the interface The possible field values are Checked Enables egress shaping on the interface Unchecked Disables egress shaping on the interface e Committed Information Rate CIR Defines CIR as the queue shaping type The possible field values are ForFE ports the rate is 64 62 500 Kbps ForGE ports the rate is 64 1 000 000 Kbps Committed Burst Size CbS Defines CbS as the queue shaping type CbS is supported only on GE interfaces The possible field value is 4096 16 769 020 bytes Enable Ingress Rate Limit Indicates if rate limiting is defined on the interface The possible field values are Checked Enables ingress rate limiting on the interface Unchecked Disables ingress rate limiting on the interface Ingress Rate Limit Defines the amount of bandwidth assigned to the interface ESW 500 Series Swi
12. EtherChanne Queries the VLAN database by EtherChannel number STEP 3 Click Query The results appear in the Query Results table Query Results The Query Results table contains the following fields e MAC Address Indicates the MAC address found during the query e VLAN ID Displays the VLAN ID to which the IP address is attached in the DHCP Snooping Database e IP Address Indicates the IP address found during the query e Interface Indicates the specific interface connected to the address found during the query e Type Displays the IP address binding type The possible field values are Static Indicates the IP address is static Dynamic Indicates the IP address is defined as a dynamic address in the DHCP database Learned Indicates the IP address is dynamically defined by the DHCP server This field appears as a read only field in the table e Lease Time Displays the lease time The Lease Time defines the amount of time the DHCP Snooping entry is active Addresses whose lease times are expired are deleted from the database The possible values are 10 4294967295 seconds In the Add DHCP Snooping Entry Page select Infinite if the DHCP Snooping entry never expires STEP 4 Click Add The Add DHCP Snooping Entry Page opens ESW 500 Series Switches Administration Guide 193 Configuring Device Security Defining DHCP Snooping STEP 5 STEP 6 STEP 7 STEPS Add DHC
13. MD5 Password Users should enter a password that is encrypted using the HMAC MD5 96 authentication method ESW 500 Series Switches Administration Guide 349 Configuring SNMP Configuring SNMP Security SHA Password Users should enter a password that is encrypted using the HMAC SHA 96 authentication method None No user authentication is used Password Define the local user password Local user passwords can contain up to 159 characters This field is available if the Authentication Method is a password Authentication Key Defines the HMAC MD5 96 or HMAC SHA 96 authentication level The authentication and privacy keys are entered to define the authentication key If HMAC MD5 96 is selected then16 bytes are required and if HMAC SHA 96 then 20 bits are required This field is available if the Authentication Method is a key Privacy Key Defines the Privacy Key LSB If only authentication is required 16 20 bytes are defined If both privacy and authentication are required 36 40 bytes are defined Each byte in hexadecimal character strings is two hexadecimal digits This field is available if the Authentication Method is a key Modifying SNMP Users The Edit SNMP User Page provides information for assigning SNMP access control privileges to SNMP groups Edit SNMP User Page Edit SNMP User User Name fa Engine ID E Group Hame E Authentication Method l None Password l Authenticatio
14. The Edit VLAN Page contains information for enabling VLAN guest authentication and includes the following fields VLAN ID Displays the VLAN ID VLAN Name Defines the VLAN name Disable Authentication Indicates whether unauthorized users can access a Guest VLAN The possible field values are Checked Enables unauthorized users to use the Guest VLAN Unchecked Disables unauthorized users from using the Guest VLAN Port List Available ports on the device Select ports from this list to include in the VLAN VLAN Members Ports included in the VLAN ESW 500 Series Switches Administration Guide 222 Configuring VLANs Defining VLAN Properties STEP 3 Define the relevant fields STEP 4 Inthe Port List select the ports to include in the VLAN and click the adjacent right arrow The selected ports then appear in the VLAN Members list STEP 5 Click Apply The VLAN Settings are defined and the device is updated Defining VLAN Membership The Port to VLAN Page contains a table that maps VLAN parameters to ports Ports are assigned VLAN membership by toggling through the Port Control settings STEP 1 Click VLAN amp Port Settings gt VLAN Management gt Port to VLAN The Port to VLAN Page opens Port to VLAN Page othtcthte cisco Switch Configuration Uti Intertace betertace Status Type j Untagjed System Untagged Untagged Urtagyed Untagged eB ene ee men
15. g g a The LACP Page contains fields for configuring LACP EtherChannels e LACP System Priority Indicates the global LACP priority value The possible range is 1 65535 The default value is 1 e Port Defines the port number to which timeout and priority values are assigned e PortPriority Defines the LACP priority value for the port The field range is 1 65535 e LACP Timeout Administrative LACP timeout The possible field values are Short Defines a short timeout value Long Defines a long timeout value This is the default value STEP 2 Define the relevant fields STEP 3 Click Apply The LACP EtherChannels are defined and the device is updated ESW 500 Series Switches Administration Guide 432 Aggregating Ports Configuring LACP STEP 1 STEP 2 STEP 3 STEP 4 Modify LACP Parameter Settings Click VLAN amp Port Settings gt Port Management gt LACP The LACP Page opens Click the Edit button The Edit LACP Page opens Edit LACP Page Edit LACP Port gl v LACP Port Priority LACP Timeout Long Apply The Edit LACP Page contains the following fields e Port Defines the port number to which timeout and priority values are assigned e LACP Port Priority Defines the LACP priority value for the port The field range is 1 65535 e LACP Timeout Administrative LACP timeout The possible field values are Short Defines a short timeout
16. Alternate Provides an alternate path to the root device from the root interface Backup Provides a backup path to the designated port path toward the Spanning Tree leaves Backup ports occur only when two ports are connected ina loop by a point to point link Backup ports also occur whena LAN has two or more connections connected to a shared segment Disabled ndicates the port is not participating in the Spanning Tree e Mode Indicates the current Spanning Tree mode The possible field values are STP Indicates that Classic STP is enabled on the port RTSP Indicates that Rapid STP is enabled on the port MSTP Indicates that MSTP is enabled on the port ESW 500 Series Switches Administration Guide 296 Configuring Spanning Tree Defining Multiple Spanning Tree e Interface Priority Defines the interface priority for specified instance The priority value is between 0 240 The priority value is provided in increments of 16 The default value is 128 e Path Cost Indicates the port contribution to the Spanning Tree instance The range is 1 200 000 000 e Designated Bridge ID Indicates the bridge ID number that connects the link or shared LAN to the root e Designated Port ID Indicates the Port ID number on the designated bridge that connects the link or the shared LAN to the root e Designated Cost Indicates that the default path cost is assigned according to the m
17. Disable Fast Link is disabled Auto Fast Link mode is enabled a few seconds after the interface becomes active e PortStatus Indicates the RSTP status on the specific port The possible field values are Disabled ndicates that STP is currently disabled on the port Blocking ndicates that the port is currently blocked and cannot forward traffic or learn MAC addresses Listening Indicates that the port is in Listening mode The port cannot forward traffic nor can it learn MAC addresses Learning Indicates that the portis in Learning mode The port cannot forward traffic however it can learn new MAC addresses Forwarding ndicates that the port is in Forwarding mode The port can forward traffic and learn new MAC addresses ESW 500 Series Switches Administration Guide 286 Configuring Spanning Tree Defining Rapid Spanning Tree e Point to Point Operational Status Indicates the Point to Point operating state The possible values are Enable Enables Point to Point on the interface Disable Disables Point to Point on the interface e Activate Protocol Migration Click the Activate button to run a Protocol Migration Test The test identifies the STP mode of the interface connected to the selected interface STEP 2 Define the relevant fields STEP 3 Click Apply The Rapid Spanning Tree Settings are defined and the device is updated Modifying RTSP STEP 1 Cl
18. ESW 500 Series Switches Administration Guide 252 Configuring IP Information Domain Name System STEP 2 STEPS STEP 4 Checked Removes the selected DNS server Unchecked Maintains the current DNS server list DNS Server Details e DNS Server Displays the DNS server s IP address up to four DNS servers can be defined e Active Server Specifies the DNS server that is currently active Click the Add button The Add DNS Server Page opens Add DNS Server Page Add DNS Server DHS Server IP Addres iC R Set DNS Server Active Apply The Add DNS Server Page allows system administrators to define new DNS servers The Add DNS Server Page page contains the following fields e DNS Server IP Address Enter the DNS server s IP address e SetDNS Server Active Defines active status of the new DNS Server The possible values are Checked This new server becomes the active DNS Server Unchecked This new server is not the active DNS Server Define the relevant fields Click Apply The DNS server is added and the device is updated Mapping DNS Hosts The Host Mapping Page provides information for defining DNS Host Mapping To define the DNS Host Mapping ESW 500 Series Switches Administration Guide 253 Configuring IP Information Domain Name System STEP 1 Click Monitor amp Device Properties gt System Management gt Domain Name System DNS gt
19. Edit QoS Aggregate Policer Page Edit QoS Aggregate Policer Aggregate Policer Name bn o Ingress Committed Information Rate CIR Booo Kbits per Second Ingress Committed Burst Size CBS bo S i Bytes per second Exceed Action Nne H Apply The Edit QoS Aggregate Policer Page contains the following fields e Aggregate Policer Name Specifies the Aggregate Policer Name e Ingress Committed Information Rate CIR Defines the CIR in Kbits per second e Ingress Committed Burst Size CbS Defines the CbS in bytes per second e Exceed Action Action assigned to incoming packets exceeding the CIR Possible values are Drop Drops packets exceeding the defined CIR value Remark DSCP Remarks packet s DSCP values exceeding the defined CIR value None Forwards packets exceeding the defined CIR value Modify the relevant fields Click Apply QoS aggregate policer settings are modified and the device is updated Configuring Policy Table Inthe Policy Table Page QoS policies are set up and assigned to interfaces To set up QoS policies ESW 500 Series Switches Administration Guide 332 Configuring Quality of Service Defining Advanced QoS Mode STEP 1 Click Quality of Service gt Advanced Mode gt Policy Table The Policy Table Page opens Policy Table Page cisco Switch Configuration Utiity Policy Hamme J gerecsimag J ewitch map rovtermap J verce map 195583
20. Indicates the amount of time in seconds before the neighboring device CDP information is aged out The field default is 180 seconds e Version Indicates the software version of the neighboring device Defining the Bonjour Discovery Protocol Bonjour is a service discovery protocol that enables automatic discovery of computers devices and services on IP networks Bonjour s multicast Domain Name System mDNS service allows the device to publish device services by sending and receiving UDP packets only to the following multicast address 224 0 0 251 and to port number 5353 ESW 500 Series Switches Administration Guide 68 Managing Device Information Defining the Bonjour Discovery Protocol The Bonjour screen contains information for enabling disabling Bonjour on the device specifying aService Type and the related port used for publishing devices over the network A Service Type is the type of service registration performed as part of the device system start up It is intended to assure the uniqueness of the published service and proclaims the related information The Service Types that are provided for Bonjour are HTTP HTTPS and Cisco Config a Cisco specific Service Type To enable Bonjour on the device STEP 1 Click Monitor amp Device Properties gt Bonjour The Bonjour Page opens Bonjour Page e Small Business Save Configuration Logout About Help cisco Switch Configuration Utility System Dashboard ESW 540
21. amp Statistics m a VLAN amp Port Settings CDP CDP Status Enable v Device ID Local Interface Advertise Version Time to Live Capabilities Platform Port ID SEP0015C60C3205 e2 160 HP Cisco IP Phone 7960 Port 1 SEPOO1F6C7F33C9 e3 Cisco IP Phone 7945 Port 1 SEPOOODEDOBF784 e4 Cisco IP Phone 7905 Port 1 SEPO01F6C7F37E0 e5 Cisco IP Phone 7945 Port 1 UC520 atiI0 cbeyond net e20 Cisco UC520 16U 4FXO K9 FastEtherr 00211 bfe7453 gl ESw 540 24P g24 The CDP Page contains the following fields e CDP Status Indicates if CDP is enabled on the device The possible field values are Enable Enables CDP on the device This is the default value Disable Disables CDP on the device e Voice VLAN Indicates the VLAN ID advertised by the device The Voice VLAN is advertised when a local 802 1Q interface has been configured to send and receive VoIP packets The field default value is 100 ESW 500 Series Switches Administration Guide 370 Configuring SNMP Managing Cisco Discovery Protocol STEP 2 STEP 3 STEP 4 Device ID Indicates the device ID TLV which is advertised by neighboring devices Local Interface Indicates the receiving port number Advertise Version Indicates the CDP version advertised by the neighboring device Time to Live Indicates the amount of time in seconds before the neighboring device CDP information is aged out The field default is 180 second
22. e Group Name Defines the user defined group to which privileges are applied The field range is up to 30 characters e Security Model Defines the SNMP version attached to the group The possible field values are SNMPv1 SNMPvl is defined for the group SNMPv2 SNMPvz2 is defined for the group SNMPv3 SNMPv3 is defined for the group e Security Level Defines the security level attached to the group Security levels apply to SNMPv3 only The possible field values are ESW 500 Series Switches Administration Guide 353 Configuring SNMP Configuring SNMP Security No Authentication Neither the Authentication nor the Privacy security levels are assigned to the group Authentication Authenticates SNMP messages and ensures the SNMP messages origin is authenticated Privacy Encrypts SNMP message e Operation Defines the group access right which are per view The possible field values are Default Defines the default group access rights DefaultSuper Defines the default group access rights for administrator Read The management access is restricted to read only and changes cannot be made to the assigned SNMP view Write The management access is read write and changes canbe made to the assigned SNMP view Notify Sends traps for the assigned SNMP view Modifying SNMP Group Profile Settings STEP 1 Click Monitor amp Device Properties gt SNMP
23. Configuring SNMP Defining Trap Management STEP 2 e UDP Port Displays the UDP port used to send notifications The default is 162 e Filter Name Defines if the SNMP filter for which the SNMP Notification filter is defined e Timeout Indicates the amount of time seconds the device waits before re sending informs The default is 15 seconds e Retries Indicates the amount of times the device re sends an inform request The default is 3 attempts Click the Add button The Add SNMP Notification Recipient Page opens Add SNMP Notification Recipient Page Add SNMP Notification Recipient Recipient IP Address Hotification Type Traps z SHMPv1 2 Community String l Notification Version l SNMPY1 z SHMPu3 User Name l Security Level NoAuthentication J UDP Port 162 Filter Hame fa Timeout E i Sec Retries A Apply The Add SNMP Notification Recipient Page contains information for defining filters that determine whether traps are sent to specific users and the trap type sent SNMP notification filters provide the following services e Identifying Management Trap Targets e Trap Filtering e Selecting Trap Generation Parameters ESW 500 Series Switches Administration Guide 363 Configuring SNMP Defining Trap Management e Providing Access Control Checks The Add SNMP Notification Recipient Page contains the following fields e Recipient IP Address Indicates th
24. Displays the port number on which the cable is tested e Temperature Displays the temperature in Celsius at which the cable is operating e Voltage Displays the voltage at which the cable is operating e Current Displays the current at which the cable is operating e Output Power Indicates the rate at which the output power is transmitted e Input Power Indicates the rate at which the input power is transmitted e Transmitter Fault Indicates if a fault occurred during transmission e Loss of Signal Indicates if a signal loss occurred in the cable e Data Ready Indicates the data status ESW 500 Series Switches Administration Guide 437 Managing Device Diagnostics Configure Span Port Mirroring Configure Span Port Mirroring Port Mirroring monitors and mirrors network traffic by forwarding copies of incoming and outgoing packets from one port to a monitoring port Port mirroring can be used as diagnostic tool and or a debugging feature Port mirroring also enables switch performance monitoring Network administrators configure port mirroring by selecting a specific port to copy all packets and different ports from which the packets are copied To enable port mirroring STEP 1 Click Maintenance gt Diagnostics gt S PAN Port Mirroring The SPAN Port Mirroring Page opens ONTE nares 3 casco Switch Configuration The SPAN Port Mirroring page contains the following fields
25. Retry Frequency Try to activate inactive addresses at a specified interval The possible values are 10 600 seconds Never Never try to activate inactive addresses Retry Now Try to activate inactive addresses immediately ESW 500 Series Switches Administration Guide 200 Configuring Device Security Defining DHCP Snooping Query By STEP 2 Inthe Query By section select and define the preferred filter for searching the IP Source Guard Database e MAC Address Queries the database by MAC address e IP Address Queries the database by IP address e VLAN Queries the database by VLAN ID e Interface Queries the database by interface number The possible field values are Port Queries the database by a specific port number EtherChanne Queries the VLAN database by EtherChannel number STEP 3 Click Query The results appear in the Query Results table Query Results The Query Results table contains the following fields e Interface Displays the interface number e Status Displays the current interface status The possible field values are Active Indicates the interface is currently active Inactive ndicates the interface is currently inactive e IP Address Indicates IP address of the interface e VLAN Indicates if the address is associated with a VLAN e MAC Address Displays the MAC address of the interface e Type Displays the IP address type
26. STEP 6 Click Apply VLAN Membership is modified and the device is updated ESW 500 Series Switches Administration Guide 225 Configuring VLANs Assigning Ports to Multiple VLANs Assigning Ports to Multiple VLANs Before enabling VLANs for the switch you must first assign each port to the VLAN group s in which it will participate By default all ports are assigned to VLAN 1 as untagged ports Add a portas a tagged portif you wantit to carry traffic for one or more VLANs and any intermediate network devices or the host at the other end of the connection supports VLANs Then assign ports on the other VLAN aware network devices along the path that will carry this traffic to the same VLAN s either manually or dynamically using GVRP However if you want a port on this switch to participate in one or more VLANs but none of the intermediate network devices nor the host at the other end of the connection supports VLANs then you should add this port to the VLAN as an untagged port Note VLAN tagged frames can pass through VLAN aware or VLAN unaware network interconnection devices but the VLAN tags should be stripped off before passing it on to any end node host that does not support VLAN tagging The VLAN To Port Page contains fields for configuring VLANs to ports The network administrator allows the user to assign a single port to multiple VLANS To add VLAN membership to a port ESW 500 Series Switches Administration Guide
27. The STP Properties Page contains parameters for enabling STP on the device The S7P Properties Page is divided into three areas Global Settings Bridge Settings and Designated Root ESW 500 Series Switches Administration Guide 215 Configuring Spanning Tree Defining STP Properties STEP 1 Click VLAN amp Port Settings gt Spanning Tree STP gt Properties The STP Properties Page opens STP Properties Page cisco Switch Configuration Utility Properties Global Settings Spanning Tree State rr STP Operation Mode deve STP w UPOU Handling rosg Path Cost Default Values ise Bridge Settings Priesity sse Melle Time Max Age Seep D Forward Delay Designated Reet Bridge Root Bridge ID Root Peat Root Path Cow Tepelegy Changes Counm I Tonsinme henne vy 193550 The S7P Properties Page contains the following fields Global Settings The Global Settings area contains device level parameters e Spanning Tree State Indicates if STP is enabled on the device The possible field values are Enable Enables STP onthe device This is the default value Disable Disables STP onthe device e STP Operation Mode Indicates the STP mode that is enabled on the device The possible field values are Classic STP Enables Classic STP on the device This is the default value ESW 500 Series Switches Administration Guide 276 Configuring Spanning Tree Defining
28. The possible field values are Dynamic ndicates the IP address is dynamically created Static Indicates the IP address is a static IP address Learned Indicates the IP address is dynamically defined by the DHCP server This field appears as a read only field in the table e Reason Displays the reason an IP source address is inactive The possible field options are No Problem indicates the IP address is active ESW 500 Series Switches Administration Guide 201 Configuring Device Security Defining Dynamic ARP Inspection VLAN Indicates that DHCP Snooping is not enabled on the VLAN Trusted Port Indicates the port is a trusted port Resource Problem Indicates that the TCAM is full STEP 4 Define the relevant fields Click Apply and the device is updated Defining Dynamic ARP Inspection Dynamic Address Resolution Protocol ARP is a TCP IP protocol for translating IP addresses into MAC addresses Classic ARP does the following Permits two hosts on the same network to communicates and send packets Permits two hosts on different packets to communicate via a gateway Permits routers to send packets via a host to a different router on the same network Permits routers to send packets to a destination host via a local host ARP Inspection intercepts discards and logs ARP packets that contain invalid IP to MAC address bindings This eliminates man in the middle attacks wher
29. User Hame Current Port Control Authorized Admin Port Control forceAuthorized z Enable Guest VLAN Oo Authentication Method l 802 1x Only z Enable Periodic Reauthentication f Reauthentication Period e00 Reauthenticate Now O Authenticator State Force Authorized Quiet Period Eo S i Sec Resending EAP po i Sec Max EAP Requests ke 4 Sec Supplicant Timeout po Sec Server Timeout DoS Sec Termination Cause Not terminated yet Apy e The Port Authentication Settings Page contains the following fields e Port Indicates the port on which port based authentication is enabled e UserName Displays the user name e Current Port Control Displays the current port authorization state e Admin Port Control Defines the admin port authorization state The possible field values are ESW 500 Series Switches Administration Guide 152 Configuring Device Security Defining 8021x auto Enables port based authentication on the device The interface moves between an authorized or unauthorized state based onthe authentication exchange between the device and the client forceAuthorized ndicates the interface is in an authorized state without being authenticated The interface re sends and receives normal traffic without client port based authentication forceUnauthorized Denies the selected interface system access by moving the interface into unauthorized state The device cannot provide
30. actions and rules for specific ingress ports Your switch supports up to 256 ACLs Packets entering aningress port with an active ACL are either admitted or denied entry If they are denied entry the user can disable the port ACLs are composed of Access Control Entries ACEs that are made of the filters that determine traffic classifications The total number of ACEs that can be defined in all ACLs together is 256 The Access Control section contains the following pages e Defining MAC Based ACL e Defining IP Based ACL e Defining ACL Binding Defining MAC Based ACL The MAC Based ACL Page allows a MAC based Access Control List ACL to be defined The table lists Access Control Elements ACE rules which can be added only if the ACL is not bound to an interface To define the MAC Based ACL STEP 1 Click Security gt Access Control Lists ACL gt MAC Based ACL The MAC Based ACL Page opens ESW 500 Series Switches Administration Guide 160 Configuring Device Security Defining Access Control MAC Based ACL Page ethectlts cisco MAC Based ACL a y O Paley Source Destimason VLAN ID Inner VLAN S82 1p S02 1p Mak MAC Address Mash MAC Address Mee MMO 23s Aw WOOK Any t The MAC Based ACL Page contains the following fields ACL Name Displays the user defined MAC based ACLs Priority Indicates the ACE priority which determines which ACE is matched to a packet on a first match basis The possibl
31. cisco B Epton estos esw Views Mrt A Derce F View Mame Deima 3 C Object iD Subties 1 13616318 1 t 1 1 The SNMP Views Page contains the following fields e View Name Displays the user defined views The options are as follows Default Displays the default SNMP view for read and read write views DefaultSuper Displays the default SNMP view for administrator views ESW 500 Series Switches Administration Guide 346 Configuring SNMP Configuring SNMP Security e Object ID Subtree Indicates the device feature OID that is included or excluded in the selected SNMP view e View Type Indicates if the defined OID branch that are included or excluded in the selected SNMP view STEP 2 Click the Add button The Add SNMP View Page opens Add SNMP View Page Add SNMP View View Ilame Object Subtree Select from List Included The Add SNMP View Page contains parameters for defining and configuring new SNMP view The Add SNMP View Page contains the following fields e View Name Defines the user defined view name e Object ID Subtree Indicates the device feature OID included or excluded in the selected SNMP view The options to select the Object are as follows Select from List Select the Subtree from the list provided Pressing the Up and Down buttons allows you to change the priority by moving the selected subtree up or down in the list Inse
32. e Destination Port Defines the port to which the source port s traffic is mirrored ESW 500 Series Switches Administration Guide 438 Managing Device Diagnostics Configure Span Port Mirroring D NOTE The destination port must be configured with a Smart Port role of Other using the Smart Port Wizard before configuring for port mirroring e Source Port Defines the port from which traffic is to be analyzed e Type Indicates the port mode configuration for port mirroring The possible field values are Rx Only Defines the port mirroring for receive traffic only on the selected port Tx Only Defines the port mirroring on transmitting ports This is the default value Tx and Rx Defines the port mirroring on both receiving and transmitting ports e Status Indicates if the portis currently monitored The possible field values are Active Indicates the portis currently monitored NotReady Indicates the port is not currently monitored Click the Add button The Add Port Mirroring page opens Add Port Mirroring Source Port gl v Type Tx Only v Apply The Add Port Mirroring page contains the follow ing fields e Source Port Defines the port from which traffic is to be analyzed e Type Indicates the port mode configuration for port mirroring The possible field values are Rx Only Defines the port mirroring on receiving ports This is the defa
33. files on the switch Valid characters A Z a z 0 9 _ The Software Upgrade Page contains parameters for downloading system files To perform a software upgrade STEP 1 Click Maintenance gt File Management gt Software Upgrade The Software Upgrade Page opens Software Upgrade Page O Satay gt cisco Switch Configuration Utility TFIP Serves Seaurce File bendeoten The Software Upgrade Page contains the following fields e UPGRADE Specifies that firmware is downloaded for a firmware upgrade ESW 500 Series Switches Administration Guide 374 Managing System Files Save Configuration e BACKUP Specifies that firmware is uploaded for a firmware backup e via TFTP Indicates that the upgrade file is found ona TFTP Server e via HTTP Indicates that the upgrade file is found on a HTTP server e File Type Specifies the file type of the downloaded file for TFTP download only The possible field values are Software Image Downloads the Image file BootCode Downloads the Boot file D NOTE Bootimage upgrade is supported by TFTP protocol but not supported by HTTP protocol e TFTP Server Specifies the TFTP Server IP Address from which files are downloaded e Source File Specifies the file to be downloaded This field is applicable for UPGRADE only e Destination File Specifies the file name on the TFTP server where the uploaded file
34. if the source IP address 149 36184198 and the wildcard mask is 255 36184 00 the first eight bits of the IP address are ignored while the last eight bits are used e Destination P Address Matches the destination port IP address to which packets are addressed to the ACE Wildcard Mask Defines the destination IP address of the wildcard mask e Select either Match DSCP or Match IP Precedence e Match DSCP Matches the packet to the DSCP tag value e Match IP Precedence Matches the packet IP Precedence value to the ACE Either the DSCP value or the IP Precedence value is used to match packets to ACLs The possible field range is 0 7 e Traffic Class Indicates the traffic class to which the packet is matched e Action Indicates the action assigned to the packet matching the ACL Packets are forwarded or dropped In addition the port can be shut down a trap can be sent to the network administrator or packet is assigned rate limiting restrictions for forwarding The options are as follows Permit Forwards packets which meet the ACL criteria Deny Drops packets which meet the ACL criteria Shutdown Drops packet that meets the ACL criteria and disables the port to which the packet was addressed Ports are reactivated from the Port Management page ESW 500 Series Switches Administration Guide 176 Configuring Device Security Defining Access Control STEP 3 Define the relevant
35. 0 0 0 0 32 as a Source Address Addresses in this block refer to source hosts on this network e 127 0 0 0 8 Used as the Internet host loopback address e 192 0 2 0 24 Used as the TEST NET in documentation and example codes e 224 0 0 0 4 As a Source IP Address Used in Multicast address assignments and This formerly known as Class D Address Space e 240 0 0 0 4 Except 255 255 255 255 32 as a Destination Address Reserved address range and is formerly known as Class E Address Space To define Martian Addresses ESW 500 Series Switches Administration Guide 183 Configuring Device Security Defining DoS Prevention STEP 1 Click Security gt DoS Prevention gt Martian Addresses The Martian Addresses Page opens Martian Addresses Page sthevtlee cisco si Martian Addresses include Reserved Martan Addiesses O IP Address Mak z 19348 The Martian Addresses Page contains the following fields e Include Reserved Martian Addresses Indicates that packets arriving from Martian addresses are dropped Enabled is the default value When enabled the following IP addresses are included 0 0 0 0 8 except 0 0 0 0 32 127 0 0 0 8 192 0 2 0 24 224 0 0 0 4 240 0 0 0 4 except 255 255 255 255 32 e IP Address Displays the IP addresses for which DoS attack is enabled e Mask Displays the Mask for which DoS attack is enabled e Delete To remove a Martian address click
36. 1 Click Quality of Service gt General gt CoS to Queue The Cos to Queue Page opens Cos to Queue Page othtethte cisco s i IN E Ea 25 i 193870 The Cos to Queue Page contains the following fields e Restore Defaults Restores all queues to the default CoS settings The possible field values are Checked Restores all queues to the default CoS settings Unchecked Maintain the CoS settings currently defined e Class of Service Specifies the CoS VLAN CoS priority tag values where zero is the lowest and 7 is the highest e Queue Defines the traffic forwarding queue to which the CoS priority is mapped Four traffic priority queues are supported where Queue 4 is the highest and Queue 1 is the lowest STEP 2 Define the relevant mapping STEP 3 Click Apply CoS to queues are mapped and the device is updated ESW 500 Series Switches Administration Guide 317 Configuring Quality of Service Defining General Settings Mapping DSCP to Queue The DSCP to Queue Page enables mapping DSCP values to specific queues To map DCSP to Queues STEP 1 Click Quality of Service gt General gt DSCP to Queue The DSCP to Queue Page opens DSCP to Queue Page i cisco DSOP in Quewe DSCPin Ouewe DSOPih Queue o p i En 2 i 28 2 x x L b c CUu a The DSCP to Queue Page contains the following fields e DSCP In Indicates the Differentiated Serv
37. 153 Configuring Device Security Defining 8021x STEP 3 STEP 4 Unchecked Port authentication according to the Reauthentication settings above e Authenticator State Specifies the port authorization state The possible field values are as follows Initialize Enables port based authentication on the device The interface moves between an authorized or unauthorized state based on the authentication exchange between the device and the client Force Authorized ndicates the controlled port state is set to Force Authorized forward traffic Force Unauthorized ndicates the controlled port state is set to Force Unauthorized discard traffic Quiet Period Specifies the number of seconds that the switch remains in the quiet state following a failed authentication exchange Range 0 65535 Resending EAP Specifies the number of seconds that the switch waits fora response to an EAP request identity frame from the supplicant client before resending the request Max EAP Requests Displays the total amount of EAP requests sent If a response is not received after the defined period the authentication process is restarted The field default is 2 retries Supplicant Timeout Displays the number of seconds that lapses before EAP requests are resent to the supplicant Range 1 65535 The field default is 30 seconds Server Timeout Specifies the number of seconds that lapses b
38. 180 Watts 24 Devices 16 Devices 12 Devices ESW 520 48P 380 Watts 48 Devices 32 Devices 24 Devices ESW 540 24P 280 Watts 24 Devices 24 Devices 18 Devices In these scenarios a device would be a wireless access point IP phone video surveillance camera or other such device Refer to the information that came with your specific device for power consumption information Refer to additional sections in this guide for details on further PoE configuration Saving the Configuration After any changes always make sure to save the switch configuration Click Maintenance gt File management gt Save Configuration The Save Configuration page opens ESW 500 Series Switches Administration Guide 40 Getting Started Performing Common Configuration Tasks Save Configuration Page ctfCenfen TOUET men cisco Switch Config Save Configuration Somce File Mame RueregCortgemton Destination FileName Rete ompa zea t0424 The Save Configuration Page contains the following fields Source File Name Indicates the device configuration file to copy and the intended usage of the copied file Running Startup or Backup Destination File Name Indicates the device configuration file to copy to and the intended usage of the file Running Startup or Backup Define the relevant fields and then Click Apply The Configuration Files are updated Another option to quickly save the Running Configurati
39. 1st 3rd and 5th octets of the MAC address are checked while the 2nd 4th and 6th octets are ignored e Destination MAC Address MAC Address Matches the destination MAC address to which packets are addressed to the ACE Wildcard Mask ndicates the destination MAC Address wild card mask Wildcards are used to mask all or part of a destination MAC Address Wild card masks specify which octets are used and which octets are ignored A wild card mask of ff ff ff ff fftf indicates that no octet is important A wildcard of 00 00 00 00 00 00 indicates that all the octets are important For example if the destination IP address 09 00 07 A9 B2 EB and the wildcard mask is 00 ff 00 ff 00 ff the 1st 3rd and 5th octets of the MAC address are checked while the 2nd 4th and 6th octets are ignored e VLAN ID Matches the packet s VLAN ID to the ACE The possible field values are 1 to 4095 e Inner VLAN Matches the ACE to the inner VLAN ID of a double tagged packet e 8021p Displays the packet tag value e 8021p Mask Displays the wildcard bits to be applied to the CoS e Ethertype Displays the Ethernet type of the packet e Action Indicates the ACL forwarding action The possible field values are Permit Forwards packets which meet the ACL criteria Deny Drops packets which meet the ACL criteria Shutdown Drops packet that meet the ACL criteria and disables the port to which the packet was ad
40. 226 Configuring VLANs Assigning Ports to Multiple VLANs STEP 1 Click VLAN amp Port Settings gt VLAN Management gt VLAN to Port The VLAN To Port Page opens VLAN To Port Page alali cisco VLANs EtherChannel 195516 The VLAN To Port Page contains the following fields e Ports Indicates that ports are described in the page e EtherChannels Indicates that EtherChannels are described in the page e Port Displays the port number e Mode Indicates the port mode The possible values are General indicates the port belongs to VLANs and each VLAN is user defined as tagged or untagged full IEEE802 1q mode Access Indicates a port belongs to a single untagged VLAN Trunk Indicates the port belongs to VLANs in which all VLANs are tagged except for one VLAN that is untagged Customer The port belongs to a VLAN in which all ports are untagged ESW 500 Series Switches Administration Guide Configuring VLANs Assigning Ports to Multiple VLANs e Join VLAN Defines the VLANs to which the interface is joined Pressing the J oin VLAN button displays the oin VLAN to Port Page Select the VLAN to which to add the port select the VLANs to be tagged or untagged and click gt gt To remove the VLAN allocation to the port select the VLAN already assigned to the port and click lt lt e VLANs Specifies the VLAN in which the port is a member EtherChannel if
41. 3652 2 Man 2002 122807 32 Mar 2008 12 27 46 2 Mar 2008 120906 22 Mar 2009 17090 2Mar 2008 1203 58 2 Mar 2008 11 S607 2Mar 2008 17 4201 2 Mar 2008 11 4810 Severity letermationsl efor atvonal Warners intermational Warren Waren efermational international informations eformational informational etormational iefermational formational intermetions Desctiption BAAALCONNECT Mew http conection tor weer sto toun SUK SUp gi ASTAWPORTSTATUS gif STP status Forwarding SUMK4AUp Veet RUN Dow gi7 SUNK WOewn Vien AAA HOISCONNECT http connection Dr uter cisto source AAA CONNECT thew http connection for user osto sour AAA LOISCONNECT http connection for user cista source SAAAL CONNECT New http connection for user cisco sour RAAALOISOONNECT hip connection fr user cisto source KAMA FOISCONNECT Mtp connection for user crac source WAAALCONNECT New littp connection for user creo tours BAAAL CONNECT New http connection for user cico poor BAAALOISOCOMMECT http connection fr user cata source The System Messages Memory Page contains the following fields e Log Index Displays the log entry number e Log Time Displays the time at which the log entry was generated e Severity Displays the event severity e Description Displays the log message text Clearing Message Logs Message Logs can be cleared from the System Messages Memory Page To clear the System Messages Memory Page 1
42. 800 17 UDP are selected in the Select from List drop down list The possible field range is 0 65535 TCP Flags Filters packets by TCP EtherChannel Filtered packets are either forwarded or dropped Filtering packets by TCP EtherChannels increases packet control which increases network security Once the box is checked there are other parameters that can be selected from the dropdown menu Urg Urgent Ack Acknowledgement ESW 500 Series Switches Administration Guide 172 Configuring Device Security Defining Access Control Psh Push Rst Reset Syn Synchronize Fin Final e ICMP Indicates if ICMP packets are permitted on the network The possible field values are as follows e ICMP Code Indicates and ICMP message code for filtering ICMP packets ICMP packets that are filtered by ICMP message type canalso be filtered by the ICMP message code e ICMP Type Filters packets by IGMP message or message types e IGMP Filters packets by IGMP message or message types e Source IP Address Matches the source port IP address from which packets are addressed to the ACE Wildcard Mask Defines the source IP address wildcard mask Wildcard masks specify which bits are used and which bits are ignored A wild card mask of 255 255 255 255 indicates that no bit is important A wildcard of 0 0 0 0 indicates that all the bits are important For example if the source IP address 149 361
43. 8P Bonjour v Monitor amp Device Properties System Management gt SNMP Enable Bonjour CDP Active Bonjour Services gt Maintenance gt Statistics gt VLAN amp Port Settings HTTPS gt Security CiscoConfig gt Quality of Service aow HTTP The Bonjour page contains the following fields e Enable Bonjour Specifies whether the switch can publish device services via Bonjour using the mDNS service The possible field values are Checked Enables Bonjour on the device Bonjour is enabled by default Unchecked Disables Bonjour on the device e Active Bonjour Services Specifies the Bonjour services supported by the device By default all three serves are published ESW 500 Series Switches Administration Guide 69 Managing Device Information TCAM Utilization STEP 2 STEP 3 STEP 4 HTTP Specifies the Service Type selected is HTTP This service is enabled by default and can be user disabled but not deleted The service uses the default port 80 The port can be changed using the menu CLI HTTPS Specifies the Service Type selected is secured HTTP This service is enabled by default and can be user disabled but not deleted The service uses the default port 443 The port can be changed using the menu CLI CiscoConfig Specifies the Service Type selected is CiscoConfig the Cisco Configuration Service This service uses the default HTTP port 80 CiscoConfig
44. A NA N A 128 100 N A NIA NWA NA Nia NWA NIA N A 128 100 N A N A NA N A Nia NWA NA NIA 128 100 N A N A N A N A N A N A N A N A N A NA NIA NIA g The MSTP Interface Table Page contains the following fields e Instance Defines the VLAN group to which the interface is assigned e Interface Indicates the port or EtherChannel for which the MSTP settings are displayed e Role Indicates the port role assigned by the STP algorithm in order to provide to STP paths The possible field values are Root Provides the lowest cost path to forward packets to root device Designated Indicates the port or EtherChannel via which the designated device is attached to the LAN Alternate Provides an alternate path to the root device from the root interface Backup Provides a backup path to the designated port path toward the Spanning Tree leaves Backup ports occur only when two ports are connected ina loop by a point to point link Backup ports also occur ESW 500 Series Switches Administration Guide 298 Configuring Spanning Tree Defining Multiple Spanning Tree whena LAN has two or more connections connected to a shared segment Disabled ndicates the port is not participating in the Spanning Tree Mode Indicates the current Spanning Tree mode The possible field values are STP Indicates that Classic STP is enabled on the device RSTP indicates that Rapid STP is
45. Address Displays the device MAC address e Software Version Displays the software version number e Boot Version Indicates the system boot version currently running on the device e Jumbo Frame Indicates if J umbo Frames are enabled J umbo Frames become active after resetting the device umbo Frames are not available on ESW 520 devices The possible field values are Enable Enables J umbo Frames on the device Disable Disables J umbo Frames on the device e Unique Device Identifier Displays the Unique Device Identifier UDI The UDI provides a unique indentifier for Cisco devices The device comes with the UDI preconfigured The UDI is composed of three parts including PID The Product Identifier PID is an alphanumeric identifier that identifies the specific Cisco hardware VID The Version Identifier VID provides tracking for the Customer Orderable PID version The VD indicates the number reportable customer versions SN The Serial Number SN is unique to device and identifies the device and the Field Replaceable Unit FRU STEP 2 Define the relevant fields STEP 3 Click Apply The system information is defined and the device is updated Viewing Device Health The Health Page displays physical device information including information about the device s power and ventilation sources ESW 500 Series Switches Administration Guide 62 Managing Device Informatio
46. Administration Guide 180 Configuring Device Security Defining DoS Prevention STEP 4 Click Apply The ACL binding is defined and the device is updated Defining DoS Prevention Denial of Service DOS increases network security by preventing packets with invalid IP addresses from entering the network DoS eliminates packets from malicious networks which can compromise a network s stability The device provides a Security Suite that allows administrators to match discard and redirect packets based on packet header values Packets which are redirected are analyzed for viruses and Trojans DoS enables network managers to e Deny packets that contain reserved IP addresses e Prevent TCP connections from a specific interface e Discard echo requests from a specific interface e Discard IP fragmented packets from a specific interface The DoS Prevention section contains the following pages e DoS Global Settings e Defining Martian Addresses DoS Global Settings The Global Settings Page allows network managers to enable and define global DoS attack prevention parameters on the device To open the Global Settings Page ESW 500 Series Switches Administration Guide 181 Configuring Device Security Defining DoS Prevention STEP 1 Click Security gt DoS Prevention gt Global Settings The G oba Settings Page opens Global Settings Page Security Suite Status Denial ef Service Protection Stacteldte abt Dist t
47. Cisco network you will need to manually change VLAN settings ESW 500 Series Switches Administration Guide 32 Getting Started Performing Common Configuration Tasks Properties Page othicthts cisco Configuring individual ports using Cisco Smartport Roles Smartport Roles make it easy to provision switch ports by automatically applying the appropriate configuration for attached IP phones access points or other devices to optimize network performance The ESW 500 series switches support the predefined roles listed below Role Description Desktop e Optimized for desktop connectivity e Configurable VLAN setting e Portsecurity enabled to limit unauthorized access to the network IP Phone e Optimized Quality of Service QoS for IP phone desktop Desktop configurations e Voice traffic is placed on Cisco Voice VLAN e Configurable data VLAN e QoS level assures voice over IP VoIP traffic takes precedence e Portsecurity enabled to limit unauthorized access to the network ESW 500 Series Switches Administration Guide 33 Getting Started Performing Common Configuration Tasks Role Description Router e Configured for optimal connection to a router or firewall for WAN connectivity Switch e Configured as an uplink port to another switch or router Layer 2 port for fast convergence Enables 8021Q trunking Access Point Configured for optimal connection to a wireless acces
48. Default Restores the device to the factory default configuration STEP 3 After the switch has completed rebooting and is up and running relaunch the Switch Configuration Utility and log back into the switch ESW 500 Series Switches Administration Guide 46 Getting Started Performing Common Configuration Tasks D NOTE If using CCA to launch the Switch Configuration Utility right click on switch gt Device Manager Refresh the topology screen to get the latest IP address for the switch Manual Reset The Switch can be reset by inserting a pin or paper clip into the RESET opening Pressing the manual reset for 0 to 10 seconds reboots the switch Pressing the manual reset for longer than 10 seconds results in the switch being reset to factory defaults Logging Off the Device Click Logout at the top of the page The system logs off The Switch Configuration Utility closes and the Log In page opens ESW 500 Series Switches Administration Guide 47 Getting Started Using The Switch Console Port Using The Switch Console Port The switch features a menu based console interface for basic configuration of the switch and management of your network The switch can be configured using the menu based interface through the console port or through a telnet connection This section describes console interface configuration TIP Configuration of the switch through the Console Port requires advanced skills This
49. Defines the SNMP version attached to the group The possible field values are SNMPv1I SNMPvl is defined for the group SNMPv2 SNMPvz2 is defined for the group SNMPv3 SNMPv3 is defined for the group e Security Level Defines the security level attached to the group Security levels apply to SNMP v3 only The possible field values are No Authentication ndicates that neither the Authentication nor the Privacy security levels are assigned to the group Authentication Authenticates SNMP messages and ensures the SNMP messages origin is authenticated ESW 500 Series Switches Administration Guide 352 Configuring SNMP Configuring SNMP Security Privacy Encrypts SNMP message e Operation Defines the group access right which are per view The possible field values are Read The management access is restricted to read only and changes cannot be made to the assigned SNMP view Write The management access is read write and changes canbe made to the assigned SNMP view Notify Sends traps for the assigned SNMP view STEP 2 Click the Add button The Add SNMP Group Profile Page opens Add SNMP Group Profile Page Add SNMP Group Profile Group lame SeeurtyModel SNMP I Security Lewel Operation C Read Notify The Add SNMP Group Profile Page allows network managers to define new SNMP Group profiles The Add SNMP Group Profile Page contains the following fields
50. FVO Type Filtering Accert t Aime Al Enide Accets Aant Al Enable Aant Al Enable Aant AJ Ensbie Aime Al Enable Admet Al Enable Aan AS Enable Aant Ad Enide Aime Al Enable Aant Al Enable AmE Ad Enable Aant Aa Ensbie The VLAN Interface Setting Page contains the following fields e Copy From Entry Number Copies VLAN configuration from the specified table entry e To Entry Number s Assigns the copied VLAN configuration to the specified table entry e Ports Indicates that ports are described in the page e EtherChannels Indicates that EtherChannels are described in the page ESW 500 Series Switches Administration Guide 229 Configuring VLANs Defining Interface Settings e Interface The port number included in the VLAN e Interface VLAN Mode Indicates the port mode Possible values are Genera The port belongs to VLANs and each VLAN is user defined as tagged or untagged full 802 1Q mode Access The port belongs to a single untagged VLAN When a portis in Access mode the packet types which are accepted on the port packet type cannot be designated It is also not possible to enable disable ingress filtering on an access port Trunk The port belongs to VLANs in which all ports are tagged except for an optional single native VLAN Customer The port belongs to VLANs In Customer mode the added tag provides a VLAN ID to each customer ensuring private and segr
51. HP Cico IP Phora SPAT SPONSHDISSE0 2 5 HP Cites IP Phare SPASC g 2 1s S10 ESw 5m3 24P LL set Ossis The CDP Page contains the following fields The following fields are configurable by the user e CDP Status Indicates if CDP is enabled on the device The possible field values are Enable Enables CDP on the device This is the default value Disable Disables CDP on the device ESW 500 Series Switches Administration Guide 65 Managing Device Information Managing Cisco Discovery Protocol Voice VLAN The Voice VLAN field displays the current Voice VLAN used by the switch The default is VLAN 100 This VLAN carries the voice traffic and is also advertised through the CDP to the other elements in the network The user can change the Voice VLAN via this screen The following fields display Neighbors Information and are Read only Device ID Indicates the device ID that is advertised by neighboring devices Local Interface Indicates the receiving port number Advertise Version Indicates the CDP version advertised by the neighboring device Time to Live Indicates the amount of time in seconds before the neighboring device CDP information is aged out The field default is 180 seconds Capabilities Indicates the device capabilities advertised by the neighboring devices There are 11 capabilities whereby each capability is represented by a one letter code A neighbor device can ad
52. IP v4 traffic is permitted NOTE IP Source Guard must be enabled globally in the P Source Guard Properties Page before it can be enabled on the device interfaces If a portis trusted filtering of static IP addresses can be configured although IP Source Guard is not active in that condition If a port s status changes from untrusted to trusted the static IP address filtering entries remain but become inactive ESW 500 Series Switches Administration Guide 197 Configuring Device Security Defining DHCP Snooping STEP 1 Click Security gt DHCP Snooping gt IP Source Guard gt Interface Settings The P Source Guard Interface Settings Page opens IP Source Guard Interface Settings Page Cece Switch Configutation Joe ee interface Settings D Pom EtherChannel lntertace Statue Oussdied a Orsadied Orsadied Onsanien tc Disabled Jadid D D D D Ors D D D The P Source Guard Interface Settings Page contains the following radio buttons and fields e Ports Displays the port on which the IP source guard is enabled e EtherChannels Displays the EtherChannels on which the IP source guard is enabled e Interface Indicates the port s or EtherChannel s number e Status Indicates if IP Source Guard is enabled or disabled Enable indicates that IP Source Guard is enabled on the interface Disable Indicates that IP Source Guard is disabled on the interface This is t
53. Inspection STEP 1 Click Security gt ARP Inspection gt ARP Inspection List The ARP Inspection List Page opens ARP Inspection List Page etlteolic Smet Guangan cisco Switch Configuration Utility ARP Inspection List ARP lespection List Name a Static ARP Table L P Ad rens MAC Address Owe Joo ads The ARP Inspection List Page contains the following fields e ARP Inspection List Name Pull down lists name of the Inspection List Delete and Add Buttons Delete or Add user defined ARP Inspection Lists Static ARP Inspection Table IP Address Specifies IP address included in ARP Binding Lists which is checked against ARP requests and replies MAC Address Specifies MAC address included in ARP Binding Lists which is checked against ARP requests and replies A NOTE The Binding list cannot be added until an ARP listis added STEP 2 Click Add under ARP Inspection List Name The Add ARP list Page opens ESW 500 Series Switches Administration Guide 208 Configuring Device Security Defining Dynamic ARP Inspection Add ARP list Page Add ARP list STEP 3 Define the fields and click Apply The new ARP Inspection List is added and the device is updated Adding a Binding List entry STEP 1 SelectanARP Inspection List Name from the drop down list STEP 2 Click Add under Static ARP Table The Add ARP Binding Page opens Add ARP Binding Page Add ARP Binding ARP
54. Messages Flash The System Messages Flash Page opens STEP 2 Click Clear Logs The message logs are cleared Remote Log Servers The Syslog Servers Page contains information for configuring the Remote Log Servers New log servers and the minimum severity level of events sent to them may be added STEP 1 Click Maintenance gt System Logging gt Syslog Servers The Syslog Servers Page opens Syslog Servers Page cisco Switch Configuration i O Servet UDP Pert Facility Description Minimum Severity Dee At The Syslog Servers Page contains the following fields ESW 500 Series Switches Administration Guide 391 Managing System Logs Remote Log Servers Server Specifies the server IP address to which logs can be sent UDP Port Defines the UDP port to which the server logs are sent The possible range is 1 to 65535 The default value is 514 Facility Defines a user defined application from which system logs are sent to the remote server Only one facility can be assigned to a Single server If a second facility level is assigned the first facility is overridden All applications defined for a device utilize the same facility on a server The field default is Local 7 The possible field values are Local 0 Local 7 Description Provides a user defined server description Minimum Severity Indicates the minimum severity level for logs that are sent to the server For example if Notice
55. Priority Defines the rule priority When the packet is matched to a rule user groups are either granted permission or denied device management access The rule number is essential to matching packets to rules as packets are matched on a first fit basis The rule priorities are assigned in the Profile Rules Page e Management Method Defines the management method for which the rule is defined Users with this access profile can access the device using the management method selected The possible field values are All Assigns all management methods to the rule Telnet Assigns Telnet access to the rule If selected users accessing the device using Telnet meeting access profile criteria are permitted or denied access to the device SNMP Assigns SNMP access to the rule If selected users accessing the device using SNMP meeting access profile criteria are permitted or denied access to the device ESW 500 Series Switches Administration Guide 136 Configuring Device Security Defining Traffic Control HTTP Assigns HTTP access to the rule If selected users accessing the device using HTTP meeting access profile criteria are permitted or denied access to the device Secure HTTP SSL Assigns HTTPS access to the rule If selected users accessing the device using HTTPS meeting access profile criteria are permitted or denied access to the device Secure Telnet SSH Assigns SSH access to the rul
56. Rule Priority Oo Source MAC Address Wildcard Mask Deut MAC Address Wildcard Mask VLAN ID Inner VLAN 802 1p 802 4p Mank Prhertype Action The Add MAC Based ACL Page contains the following fields e ACL Name Displays the user defined MAC based ACLs e New Rule Priority Indicates the ACE priority which determines which ACE is matched to a packet on a first match basis The possible field values are 1 2147483647 e Source MAC Address ESW 500 Series Switches Administration Guide 162 Configuring Device Security Defining Access Control MAC Address Matches the source MAC address from which packets are addressed to the ACE Wildcard Mask ndicates the source MAC Address wild card mask Wildcards are used to mask all or part of a source MAC Address Wild card masks specify which octets are used and which octets are ignored A wild card mask of ff ffff ff ffff indicates that no octet is important A wildcard of 00 00 00 00 00 00 indicates that all the octets are important For example if the source MAC address 09 00 07 A9 B2 EB and the wildcard mask is 00 ff 00 ff 00 ff the 1st 3rd and 5th octets of the MAC address are checked while the 2nd 4th and 6th octets are ignored e Destination MAC Address MAC Address Matches the destination MAC address to which packets are addressed to the ACE Wildcard Mask ndicates the destination MAC Address wi
57. STEP 6 STEP 7 STEP 8 Trunk Native VLAN ID Indicates the VLAN to which the port belongs The default is VLAN 1 the user can change this VLAN by selecting one of the created VLANs via the drop down list Port Security Mode Defines the locked port type The field value is Dynamic Lock Max MAC Addresses Indicates the maximum number of MAC addresses that can be learned on the port A maximum of three MAC addresses can be learned on the port Port Security Action Indicates the action applied to packets arriving on a locked port The value is Discard Discards packets from any unlearned source This is the default value Violation Trap Every Indicates that traps are sent every 60 seconds Broadcast Storm Control Indicates the percentage of Broadcast Storm Control enabled on the port The value is 10 of the port speed Spanning Tree Port Fast Indicates Fast Link is enabled on the port If Fast Link mode is enabled for a port the Port State is automatically placed in the Forwarding state when the port link is up Fast Link optimizes the STP protocol convergence STP convergence can take 30 60 seconds in large networks Spanning Tree BPDU Guard Indicates if BPDU Guard is enabled on the interface QoS Policy Indicates that the default QoS policy settings are applied to the port The Default policy is voice map Macro Description Indicates the type of device connected to the port For
58. STP Properties Rapid STP Enables Rapid STP on the device Multiple STP Enables Multiple STP on the device e BPDU Handling Determines how BPDU packets are managed when STP is disabled on the port or device BPDUs are used to transmit spanning tree information The possible field values are Filtering Filters BPDU packets when spanning tree is disabled on an interface Flooding Floods BPDU packets when spanning tree is disabled on an interface This is the default value e Path Cost Default Values Specifies the method used to assign default path costs to STP ports The possible field values are Short Specifies 1 through 65 535 range for port path costs Long Specifies 1 through 200 000 000 range for port path costs The default path costs assigned to an interface varies according to the selected method This is the default value The Bridge Settings area contains the following fields e Priority Specifies the bridge priority value When switches or bridges are running STP each is assigned a priority After exchanging BPDUs the device with the lowest priority value becomes the Root Bridge The default value is 32768 The bridge priority value is provided in increments of 4096 For example 4096 8192 12288 etc The range is 0 to 61440 e Hello Time Specifies the device Hello Time The Hello Time indicates the amount of time in seconds a root bridge waits between configuration
59. Select Routerin the Assign Profile drop down list STEP 5 Click Next The Smart Port Router Settings Page opens ESW 500 Series Switches Administration Guide 85 Managing Smart Ports Configuring Smart Ports for Routers Smart Port Router Settings Page Router Ports VLAN Port Mode Trunk Native VLAN ID l Trunk Allowed VLANs Ad Delete Broadcast Storm Control 10 QoS Policy router map Macro Description Router Back Apply Trunk ports are not added automatically as members in all the VLANs Please use this page to add the Trunk Allowed VLANs manually The Edit Smart Port Router Page contains the following fields Ports Indicates the port to which Smart Port wizard settings are applied VLAN Port Mode Indicates the VLAN port mode enabled on the port The possible value is Trunk indicates the port belongs to VLANs in which all VLANs are tagged except for one VLAN that is untagged This is the default setting for ports that are connected to routers Trunk Native VLAN ID Defines the VLAN receiving untagged packets at ingress Trunk Allowed VLANs Defines VLANs that are allowed to receive untagged packets at egress Broadcast Storm Control Indicates if the percentage of Broadcast Storm Control enabled on the port The default value is 10 of the port speed QoS Policy Indicates that the default QoS policy settings are applied to the p
60. System Dashboard Device Name The System Dashboard page for your device opens ESW 500 Series Switches Administration Guide 52 Managing Device Information Understanding the Dashboards System Dashboard ESW 520 24 Page ahji Seat annenss cisco Switch Configuration ESW 500 Series Switches Administration Guide 53 Managing Device Information Understanding the Dashboards System Dashboard ESW 520 24P Page cisco Switch Configuration IASI ESW 500 Series Switches Administration Guide 54 Managing Device Information Understanding the Dashboards System Dashboard ESW 520 48 Page cisco 193644 ESW 500 Series Switches Administration Guide 55 Managing Device Information Understanding the Dashboards System Dashboard ESW 520 48P Page Afifi s Euunass cisco Switch Configuration Common Tasks E Sen 199655 ESW 500 Series Switches Administration Guide 56 Managing Device Information Understanding the Dashboards System Dashboard ESW 540 24 Page cisco Switch Configuration Stitity System Dashboard ESW 540 24 oes em ee eee Common Tasks wu 10 RRA ESW 500 Series Switches Administration Guide oy Managing Device Information Understanding the Dashboards System Dashboard ESW 540 24P Page cisco Switch Configuration Litinty LAN Contgueat Common Tasks PoE Setngt f tarbais lee 1923857
61. System Files DHCP Auto Configuration DHCP Auto Configuration Dynamic Host Configuration Protocol DHCP provides a framework for passing configuration information to hosts on a TCP IP network The DHCP Auto Configuration Page allows network managers to change the configuration file and store it on the TFTP server in their network This configuration file is downloaded automatically to all the switches in the network on which DHCP Auto Configuration is enabled The DHCP Auto Configuration Page contains the following fields e Auto Configuration Via DHCP Indicates whether or not DHCP Auto Configuration is enabled in the device Enable Enables DHCP Auto Configuration on the device This is the default value Disable Disables DHCP Auto Configuration on the device e Renew DHCP Address When enabled specifies that the device will connect to the DHCP Server and renew the IP Address after clicking Apply Checked Enables automatic renewal of IP Address on the device Unchecked Disables automatic renewal of IP Address on the device This is the default value e Force Auto Configuration From DHCP When enabled specifies that the Auto Configuration process will take place when the switch is connected to the DHCP Server to renew its IP Address Checked Enables auto configuration when the switch is connected to the DHCP Server Unchecked Disables auto configuration when the switch is con
62. The Add DHCP Server Page contains the following field DHCP Server IP Address Defines the IP address assigned to the DHCP server STEP 3 Define the relevant fields STEP 4 Click Apply The DHCP Server is defined and the device is updated Defining DHCP Relay Interfaces Enabling Relay functionality provides multiple interfaces to be configured for establishing a DHCP Configuration with multiple DHCP servers to ensure redundancy IP Addresses are controlled and distributed one by one to avoid storming the device To define the DHCP Relay configuration ESW 500 Series Switches Administration Guide 245 Configuring IP Information Defining DHCP Relay Interfaces STEP 1 Click Monitor amp Device Properties gt System Management gt IP Addressing gt DHCP Relay gt DHCP Interfaces The DHCP Interfaces Page opens DHCP Interfaces Page jiajie cisco Switch Config 193629 The DHCP Interfaces Page contains the following fields e Check Box Removes DHCP relay from an interface The possible field values are Checked Check this box and press Delete to remove the selected DHCP Relay interface Unchecked Maintains the selected DHCP Relay interface Interface Displays the interface selected for relay functionality STEP 2 Click the Add button The Add DHCP Interface Page opens ESW 500 Series Switches Administration Guide Configuring IP Information Managing ARP Add DH
63. The Edit Smart Port Other Page contains the following fields e Ports Indicates the port to which Smart Port wizard settings are applied e VLAN Port Mode Indicates the VLAN port mode enabled on the port The possible value is Trunk indicates the port belongs to VLANs in which all VLANs are tagged except for one VLAN that is untagged This is the default setting for ports that are connected to routers e Trunk Native VLAN ID Defines the VLAN receiving untagged packets at ingress The default value is VLAN 1 the user can change it to any other created VLAN through a drop down list e Macro Description Displays Other which indicates the port has no Wizard configured STEP 6 Selecta VLAN inthe VLAN ID drop down list STEP 7 Click Apply The port settings are saved and the device is updated ESW 500 Series Switches Administration Guide 98 Configuring System Time Defining System Time Configuring System Time The device supports the Simple Network Time Protocol SNTP SNTP assures accurate network device clock time synchronization up to the millisecond Time synchronization is performed by a network SNTP server The device operates only as an SNTP client and cannot provide time services to other systems This section provides information for configuring the system time and includes the following topics e Defining System Time e Defining SNTP Settings e Defining SNTP Authentication Defining Sy
64. VLAN tags are attached to the VLAN by either the end station or the network device VLAN tags also contain VLAN network priority information Combining VLANs and Generic Attribute Registration Protocol GARP allows network managers to define network nodes into Broadcast domains The VLAN Management section contains the following topics This section contains the following topics e Defining VLAN Properties e Defining VLAN Membership e Assigning Ports to Multiple VLANs e Defining Interface Settings e Defining GVRP Settings e Defining Protocol Groups e Defining a Protocol Port ESW 500 Series Switches Administration Guide 219 Configuring VLANs Defining VLAN Properties Defining VLAN Properties The VLAN Properties Page provides information and global parameters for configuring and working with VLANs To define VLAN properties STEP 1 Click VLAN amp Port Settings gt VLAN Management gt Properties The VLAN Properties Page opens VLAN Properties Page othicthts cisco The VLAN Properties Page contains the following fields e VLAN ID Displays the VLAN ID e VLAN Name Displays the user defined VLAN name e Type Displays the VLAN type The possible field values are Dynamic Indicates the VLAN was dynamically created through GVRP Static Indicates the VLAN is user defined Default Indicates the VLAN is the default VLAN ESW 500 Series Switches Administration Guide 2
65. Your Internet Quotient TransPath WebEx and the WebEx logo are registered trademarks of Cisco Systems Inc and or its affiliates in the United States and certain other countries All other trademarks mentioned in this document or website are the property of their respective owners The use of the word partner does not imply a partnership relationship between Cisco and any other company 0809R 2009 Cisco Systems Inc All rights reserved OL 19128 01 Contents Chapter Getting Started Introduction Typical Installation Methods Default Configuration settings on the ESW 500 Series Switches Physical Connectivity Connecting to the Switch Using the Default Static IP Address Using a Dynamic IP Address Allocated to the Switch By DHCP Using the Cisco Configuration Assistant CCA Navigating The Cisco Switch Configuration Utility Using the Management Buttons Performing Common Configuration Tasks Checking the Software Version Checking the System Information Viewing what Devices are Attached to the Switch Configuring the VLAN Settings for the Switch Configuring individual ports using Cisco Smartport Roles Smartport Roles Checking the Device Power Consumption Saving the Configuration Upgrading the Firmware on the Switch Resetting the Device Manual Reset Logging Off the Device Using The Switch Console Port Selecting Menu Options and Actions Chapter Managing Device Information Understanding the Dashboards Ports Health and Monitori
66. a phone and a PC STEP 1 Openthe Switch Configuration Utility The web application automatically opens to the System Dashboard Page STEP 2 Click Smart Ports Wizard under Ports on the System Dashboard Page The Smart Ports Setting Page opens Smart Ports Setting Page Smart Ports Setting Select Port s for Profile SelectAll Clear All Assign Profile IP Phone Desktop i STEP 3 Selecta portor range of ports STEP 4 Select P Phone Desktop inthe Assign Profile drop down list Click Next The Smart Ports IP Phones and Desktop Settings Page opens ESW 500 Series Switches Administration Guide 77 Managing Smart Ports Configuring Smart Ports for IP Phones and Desktops Smart Ports IP Phones and Desktop Settings Page IP Phone Desktop Ports qi VLAN Port Mode Trunk Data VLAN 1 Voice VLAN 100 Port Security Mode Dynamic Lock Max MAC Addresses 1 Port Security Action Discard Violation Trap Every GO Sec Broadcast Storm Control 10 Spanning Tree Port Fast Enabled Spanning Tree BPDU Guard Enabled QoS Policy vorce map Macro Description P Phone Desktop The Smart Ports IP Phones and Desktop Settings Page contains the following fields Ports Indicates the port to which Smart Port wizard settings are applied VLAN Port Mode Indicates the VLAN port mode enabled on the port The possible value is Trunk indicates the port belongs to VLANs in which all VLANs are tagged except
67. another For example DST begins on the 25th October 2007 5 00 am the two fields will be 25 Oct 07 and 5 00 The possible field values are Date The date at which DST begins The possible field range is 1 31 Month The month of the year in which DST begins The possible field range is J an Dec Year The year in which the configured DST begins Time The time at which DST begins The field format is Hour Minute for example 05 30 e To Indicates the time that DST ends in countries other than USA or Europe in the Day Month Year format in one field and time in another For example DST ends on the 23rd March 2008 12 00 am the two fields will be 23 Mar 08 and 12 00 The possible field values are Date The date at which DST ends The possible field range is 1 31 ESW 500 Series Switches Administration Guide 101 Configuring System Time Defining System Time Month The month of the year in which DST ends The possible field range is J an Dec Year The year in which the configured DST ends Time The time at which DST starts The field format is Hour M inute for example 05 30 e Recurring Select if the DST period in countries other than USA or European is constant from year to year The possible field values are e From Indicates the day and time that DST begins each year For example DST begins locally every second Sunday in April at 5 00 am The possible field values
68. are refreshed The possible field values are No Refresh Indicates that the CPU utilization statistics are not refreshed 15 Sec Indicates that the CPU utilization statistics are refreshed every 15 seconds ESW 500 Series Switches Administration Guide 441 Managing Device Diagnostics Monitoring CPU Utilization 30 Sec indicates that the CPU utilization statistics are refreshed every 30 seconds 60Sec indicates that the CPU utilization statistics are refreshed every 60 seconds e Usage Percentages Graph s y axis indicates the percentage of the CPU s resources consumed by the device e Time Graph s x axis indicates the time in 15 30 and 60 second intervals that usage samples are taken ESW 500 Series Switches Administration Guide
69. are sent Inform ndicates informs are sent Community String Identifies the community string of the trap manager Notification Version Determines the trap type The possible field values are SNMP VI Indicates SNMP Version 1 traps are sent SNMP V2 Indicates SNMP Version 2 traps are sent UDP Port Displays the UDP port used to send notifications The default is 162 Filter Name Indicates if the SNMP filter for which the SNMP Notification filter is defined Timeout Indicates the amount of time seconds the device waits before re sending informs The default is 15 seconds Retries Indicates the amount of times the device re sends an inform request The default is 3 attempts TheSNMP v3 Notification Recipienttable area contains the following fields Recipients IP Indicates the IP address to whom the traps are sent Notification Type Defines the notification sent The possible field values are Trap indicates traps are sent Inform ndicates informs are sent User Name Displays the SNMP user names Security Level Defines the means by which the packet is authenticated The possible field values are No Authentication ndicates the packet is neither authenticated nor encrypted Authentication ndicates the packet is authenticated Privacy Indicates the packet is both authenticated and encrypted ESW 500 Series Switches Administration Guide 362
70. authentication services to the client through the interface Enable Guest VLAN Specifies whether the Guest VLAN is enabled on the device The possible field values are Checked Enables using a Guest VLAN for unauthorized ports If a Guest VLAN is enabled the unauthorized port automatically joins the VLAN selected in the VLAN Listfield Unchecked Disables port based authentication on the device This is the default Authentication Method Defines the user authentication method The possible field values are 8021x Only Enables only 802 1x authentication on the device MAC Only Enables only MAC Authentication on the device 8021x amp MAC Enables 8021x MAC Authentication on the device In the case of 8021x MAC 802 1x takes precedence Enable Periodic Reauthentication Permits port reauthentication during the specified Reauthentication Period see below The possible field values are Checked Enables immediate port reauthentication This is the default value Unchecked Disables port reauthentication Reauthentication Period Specifies the number of seconds in which the selected portis reauthenticated Range 300 4294967295 The field default is 3600 seconds Reauthenticate Now Specifies that authentication is applied on the device when the Apply button is pressed Checked Enables immediate port reauthentication ESW 500 Series Switches Administration Guide
71. bution retuins eyviem to factory default settings Restore Detaut 193427 STEP 11 Click on Reset Reboot and the switch should reboot with the new image STEP 12 After the switch has completed rebooting and is up and running log back in STEP 13 Ensure the software has been upgraded by clicking on About at the top of the Dashboard page A version page will appear Switch Configuration Utility Vernon 2 1 16 Mroduet S i E cisco ESW 500 Series Switches Administration Guide 45 Getting Started Performing Common Configuration Tasks Resetting the Device The Restart Reset Page enables the device to be reset from a remote location Save all changes to the Running Configuration file before resetting the device by clicking on Maintenance gt File Management gt Save Configuration Define the relevant fields and then click Apply This prevents losing the current device configuration To reset the device STEP 1 Click Monitor amp Device Properties gt System Management gt Restart Reset The Restart Reset Page opens Restart Reset Page lnii cisco Dersten Daston cowg Restart Reset S qyhonaer amp Device P Reset the device hy selecting Reser Reset Reboot The Restore Default button retuine system to factory default settings STEP 2 Click one of the available Reset commands e Reset Reboot Resets the device Ensure the device configuration has been saved e Restore
72. combo port with copper cable 3 1000M ComboF combo port with optic fiber cable 1000M FiberOptics Indicates the port has a fiber optic port connection e Port Status Displays the port connection status The possible field values are Up Portis connected Down Portis disconnected e Port Speed Displays the current port speed e Duplex Mode Displays the port duplex mode This field is configurable only when auto negotiation is disabled and the port speed is set to 10M or 100M This field cannot be configured on EtherChannels The possible field values are Full Indicates that the interface supports transmission between the device and the client in both directions simultaneously Half indicates that the interface supports transmission between the device and the client in only one direction at a time e PVE Indicates that this port is protected by an uplink so that the forwarding decisions are overwritten by those of the port that protects it e EtherChannel Defines if the portis part of a Link Aggregation Group EtherChannel STEP 2 To copy the settings from one interface to another enter the specific interface numbers in the Copy From Entry Number and To Entry Number s fields STEP 3 Click Apply The Port Settings are defined and the device is updated ESW 500 Series Switches Administration Guide 214 Configuring Ports Port Settings Modifying Port Setting
73. defining class maps One IP ACL and or one MAC ACL comprise a class map Class maps are configured to match packet criteria and are matched to packets ona first fit basis For example Class Map A is assigned to packets based only on an IP based ACL or a MAC based ACL Class Map B is assigned to packets based on both an IP based and a MAC based ACL STEP 1 Click Quality of Service gt Advanced Mode gt Class Mapping The Class Mapping Page opens Class Mapping Page Ajiji nat Suess r cisco Switch Config Depten Dasson sws Class Mapping 193578 The Class Mapping Page contains the follow ing fields e Class Map Name Selects an existing Class Map by name e ACL1 Contains a list of the user defined ACLs e Match Criteria used to match IP addresses and or MAC addresses with an ACL s address The possible field values are ESW 500 Series Switches Administration Guide 327 Configuring Quality of Service Defining Advanced QoS Mode AND Both the ACL 1 and the IP based ACL 2 must match a packet OR Either the ACL 1 orthe ACL 2 must match a packet e ACL 2 Contains a list of the user defined ACLs STEP 2 Click the Add button The Add QoS Class Map Page opens Add QoS Class Map Page Add QoS Class Map Class Map Hame Ow ace Match MAC ACL Preferred ACL The Add QoS Class Map Page contains the following fields e Class Map Name Defines anew Class Map name e IP ACL Matches
74. destination address for inbound traffic is found in the database the packets intended for that address are forwarded directly to the associated port Otherwise the traffic is flooded to all ports The Dynamic Page contains parameters for querying information in the Dynamic MAC Address Table including the interface type MAC addresses and VLAN The Dynamic MAC Address table contains information about the aging time before a dynamic MAC address is erased The Dynamic MAC Address table contains address parameters by which packets are directly forwarded to the ports The Dynamic Address Table can be sorted by interface VLAN and MAC Address ESW 500 Series Switches Administration Guide 259 Defining Address Tables Defining Dynamic Addresses STEP 1 Click VLAN amp Port Settings gt Address Tables gt Dynamic The Dynamic Page opens Dynamic Page stesti cisco Switch Configuration Ui C VLAN O A trow Table Sert Key viai VLANIO MAC baterlace VLANI ODtPatJabalO g2 LANI DOMED gi WANI ODictcedis g WANI Q1iMe7Ece gi VAN Wa g VLAN 100 G000GedI7444 gt VLAN 100 MIS g Bok Net 193540 The Dynamic Page contains the following fields e Aging Interval Specifies the amount of time in seconds the MAC address remains in the Dynamic MAC Address table before it is timed out if no traffic from the source is detected The default value is 300 seconds e Clear Table If checked clears the MAC a
75. enabled on the device MSTP Indicates that MSTP is enabled on the port Type Indicates if the portis a point to point port or a port connected toa hub The possible field values are Boundary Port indicates the portis a boundary port A Boundary port attaches MST bridges to LAN in an outlying region If the portis a boundary port it also indicates whether the device on the other side of the link is working in RSTP or STP mode Master Port indicates the port is a master port A Master port provides connectivity from a MSTP region to the outlying CIST root Internal indicates the port is an internal port Port Priority Defines the interface priority for specified instance The default value is 128 The priority value is between 0 240 The priority value is provided in increments of 16 Path Cost Indicates the port contribution to the Spanning Tree instance The range should always be 1 200 000 000 Port State Indicates the MSTP status on the specific port The possible field values are Disabled Indicates that STP is currently disabled onthe port The port forwards traffic while learning MAC addresses Blocking ndicates that the port is currently blocked and cannot forward traffic or learn MAC addresses Listening indicates that the port is in Listening mode The port cannot forward traffic nor can it learn MAC addresses Learning ndicates that the port is in Learning
76. example console users can be authenticated by one authentication profile while Telnet users are authenticated by another authentication profile Authentication methods are selected using arrows The order in which the methods are selected is the order by which the authentication methods are used The Mapping Profiles Page contains parameters for mapping authentication methods To map authentication profiles STEP 1 Click Security gt Authentication gt Mapping Profiles The Mapping Profiles Page opens Mapping Profiles Page sthtcttes cisco Mapping Profiles Console Comets Cetea Sf Telnet Metanni Cote Secure Telnet SSH eison eina Seome HTTP Optional Methods Selected Methods Res i TACACS gt hone HTP Optional Methods Selected Methods haces Laesi 1AcacS The Mapping Profiles Page contains the following fields e Console Indicates that Authentication profiles are used to authenticate console users e Telnet Indicates that Authentication profiles are used to authenticate Telnet users ESW 500 Series Switches Administration Guide 115 Configuring Device Security Defining Authentication e Secure Telnet SSH Indicates that Authentication profiles are used to authenticate Secure Shell SSH users SSH provides clients secure and encrypted remote connections to a device e Secure HTTP Configures the device Secure HTTP settings Optional Methods Lists available authentic
77. for one VLAN that is untagged This is the default setting for ports that are connected to desktops and IP phones Data VLAN Defines a specific VLAN as the Data VLAN Data VLANs only carry data packets and receive a lower priority than voice traffic Voice VLAN Indicates which VLAN is the Voice VLAN Voice VLANs allows network administrators enhance VoIP service by configuring access ports to carry IP voice traffic from IP phones on specific VLANs Port Security Mode Defines the locked port type The possible field value is Dynamic Lock Locks the port with current learned addresses The dynamic addresses associated with the port are not aged out or relearned on the portas long as the port is locked ESW 500 Series Switches Administration Guide 78 Managing Smart Ports Configuring Smart Ports for IP Phones and Desktops STEP 5 STEP 6 STEP 7 Max MAC Addresses Indicates the maximum number of MAC addresses that can be learned on the port A maximum of 3 MAC addresses can be learned on the port Port Security Action Indicates the action applied to packets arriving on a locked port The possible field value is Discard Discards packets from any unlearned source This is the default value Violation Trap Every Indicates that traps are sent every 60 seconds Broadcast Storm Control Indicates if the percentage of Broadcast Storm Control enabled on the port The default value is 10
78. gt Protocol Group The Protocol Group Page opens Protocol Group Page cisco Switch Configuration Ut wi Protocol Group CI Frame Type Protocel Value Group ID Alexi Delete ee The Protocol Group Page contains the following fields e Frame Type Displays the packet type e Protocol Value Displays the User defined protocol name e Group ID Hex Defines the Protocol group ID to which the interface is added Range is 1 2147483647 STEP 2 Click the Add Button The Add Protocol Group Page opens ESW 500 Series Switches Administration Guide 236 Configuring VLANs Defining Protocol Groups Add Protocol Group Page Add Protocol Group Frame Type Ethernet Protocol Value IP Protocol Value lt a Ethernet Based Protocol Value Hex Format Group ID The Add Protocol Group Page provides information for configuring new VLAN protocol groups The Add Protocol Group Page contains the following fields e Frame Type Displays the packet type e Protocol Value Defines the User defined protocol value The options are as follows Protocol Value The possible values are IP IPX or ARP Ethernet Based Protocol Value Specify the value in hexadecimal format e Group ID Defines the Protocol group ID to which the interface is added The possible value range is 1 2147483647 in hexadecimal format STEP 3 Define the relevant fields STEP 4 Click Apply The Proto
79. gt Security gt Groups The SNMP Groups Page opens STEP 2 Click the Edit Button The Edit SNMP Group Profile Page opens Edit SNMP Group Profile Page Edit SNMP Group Profile Group Name Defauk Security Model SNMPO Security Levet Operetion V Read Default The Edit SNMP Group Profile Page contains the following fields ESW 500 Series Switches Administration Guide 354 Configuring SNMP Configuring SNMP Security e Group Name Displays the user defined group to which access control rules are applied The field range is up to 30 characters e Security Model Defines the SNMP version attached to the group The possible field values are SNMPv1I SNMPvl is defined for the group SNMPv2 SNMPvz2 is defined for the group SNMPv3 SNMPv3 is defined for the group e Security Level Defines the security level attached to the group Security levels apply to SNMPv3 only No Authentication Neither the Authentication nor the Privacy security levels are assigned to the group Authentication Authenticates SNMP messages and ensures the SNMP messages origin is authenticated Privacy Encrypts SNMP message e Operation Defines the group access rights The options for Read Write and Notify operations are as follows Default Defines the default group access rights DefaultSuper Defines the default group access rights for administrator Read The managem
80. is important A wildcard of 00 00 00 00 00 00 indicates that all the octets are important For example if the source MAC address 09 00 07 A9 B2 EB and the wildcard mask is 00 ff 00 ff 00 ff the 1st 3rd and 5th octets of the MAC address are checked while the 2nd 4th and 6th octets are ignored e Destination MAC Address MAC Address Matches the destination MAC address to which packets are addressed to the ACE Wildcard Mask ndicates the destination MAC Address wild card mask Wildcards are used to mask all or part of a destination MAC Address Wild card masks specify which octets are used and which octets are ignored A wild card mask of ff ff ff ff fftf indicates that no octet is important A wildcard of 00 00 00 00 00 00 indicates that all the octets are important For example if the destination IP address 09 00 07 A9 B2 EB and the wildcard mask is 00 ff 00 ff 00 ff the 1st 3rd and 5th octets of the MAC address are checked while the 2nd 4th and 6th octets are ignored e VLAN ID Matches the packet s VLAN ID to the ACE The possible field values are 1 to 4095 e Inner VLAN Matches the ACE to the inner VLAN ID of a double tagged packet e 8021p Displays the packet tag value e 802 1p Mask Displays the wildcard bits to be applied to the CoS e Ethertype Displays the Ethernet type of the packet e Action Indicates the ACL forwarding action The possible field values are Permit For
81. is selected all logs from a Notice severity and higher are sent to the remote server The following are the available log severity levels Emergency The highest warning level If the device is down or not functioning properly an emergency log message is saved to the specified logging location Alert The second highest warning level An alert log is saved if there is aserious device malfunction for example all device features are down Critical The third highest warning level A critical log is saved if a critical device malfunction occurs for example two device ports are not functioning while the rest of the device ports remain functional Error A device error has occurred for example if a single port is offline Warning The lowest level of a device warning The device is functioning but an operational problem has occurred Notice The system is functioning properly but system notice has occurred Informational Provides device information Debug Provides debugging messages STEP 2 Click the Add button The Add Syslog Server Page opens ESW 500 Series Switches Administration Guide 392 Managing System Logs Remote Log Servers Add Syslog Server Page Add Syslog Server Log Server IP Address lL UDP Port 14 Facility Local 7 z Description f Minimum Severity Informational z Ay e The Add Syslog Server Page contains fields for defining new Remot
82. list of interfaces e User Name Displays the user name e Current Port Control Displays the current port authorization state e Guest VLAN Displays the Guest VLAN e Authentication Method Displays the authentication method in use The possible field values are 8021x Only Enables only 802 1x authentication on the device MAC Only Enables only MAC Authentication on the device ESW 500 Series Switches Administration Guide 150 Configuring Device Security Defining 8021x STEP 2 8021x amp MAC Enables 8021x MAC Authentication on the device In the case of 8021x MAC 802 1x takes precedence Periodic Reauthentication Enables port reauthentication The default value is disabled Reauthentication Period Specifies the number of seconds in which the selected portis reauthenticated Range 300 4294967295 The field default is 3600 seconds Authenticator State Specifies the port authorization state The possible field values are as follows Force Authorized ndicates the controlled port state is set to Force Authorized forward traffic Force Unauthorized ndicates the controlled port state is set to Force Unauthorized discard traffic Initialize Enables port based authentication on the device The interface moves between an authorized or unauthorized state based on the authentication exchange between the device and the client Quiet Period Specifies
83. messages The default is 2 seconds The range is 1 to 10 seconds e Max Age Specifies the device Maximum Age Time The Maximum Age Time indicates the amount of time in seconds that the device can wait without receiving a configuration message before attempting to redefine its own configuration The default max age is 20 seconds The range is 6 to 40 seconds e Forward Delay Specifies the device forward delay time The Forward Delay Time indicates the amount of time in seconds a bridge remains in a learning state before forwarding packets The default is 15 seconds The range is 4 to 30 seconds The Designated Root area contains the following fields ESW 500 Series Switches Administration Guide 277 Configuring Spanning Tree Defining Spanning Tree Interface Settings e Bridge ID Identifies the Bridge Priority and MAC address e Root Bridge ID Identifies the Root Bridge priority and MAC address e Root Port Indicates the port number that offers the lowest cost path from this bridge to the Root Bridge It is significant when the Bridge is not the Root e Root Path Cost The cost of the path from this bridge to the root e Topology Changes Counts Indicates the total amount of STP state changes that have occurred e Last Topology Change Indicates the amount of time that has elapsed since the bridge was initialized or reset and the last topographic change occurred The time is displayed in a day hou
84. mode The port cannot forward traffic however it can learn new MAC addresses ESW 500 Series Switches Administration Guide 299 Configuring Spanning Tree Defining Multiple Spanning Tree Forwarding ndicates that the port is in Forwarding mode The port can forward traffic and learn new MAC addresses e Designated Cost Indicates that the default path cost is assigned according to the method selected on the Spanning Tree Global Settings page e Designated Bridge ID Indicates the bridge ID number that connects the link or shared LAN to the root e Designated Port ID Indicates the Port ID number on the designated bridge that connects the link or the shared LAN to the root e Remain Hops Indicates the hops remaining to the next destination STEP 3 Define the relevant fields STEP 4 Click Apply The MSTP Interface configuration is defined and the device is updated ESW 500 Series Switches Administration Guide 300 Configuring Quality of Service Configuring Quality of Service Network traffic is usually unpredictable and the only basic assurance that can be offered is best effort traffic delivery To overcome this challenge Quality of Service QoS is applied throughout the network This ensures that network traffic is prioritized according to specified criteria and that specific traffic receives preferential treatment QoS in the network optimizes network performance and entails two basic fa
85. must change to a new username and password Only afterthe change has been made can you operate the device through the web browser Every time you log in using cisco as the username and password you will be redirected to the Change Username Password Page STEP 8 Click Apply The Switch Configuration Utility System Dashboard Page opens ESW 500 Series Switches Administration Guide 19 Getting Started Connecting to the Switch Switch Configuration Utility System Dashboard afiafi cisco Switch Configuratio MMY System Dashboard ESW 520 48P Heahh and Meemering I Port Miot 192405 STEP 9 Click Monitor amp Device Properties gt System Management gt IP Addressing gt IP v4 Interface The P v4 Interface page opens ESW 500 Series Switches Administration Guide 20 Getting Started Connecting to the Switch IP v4 Interface Page jfi ani z cisco Switch Config IPv4 Interface Get Dynamic IP from DHCP Server D Static IP Address Management VLAN W Address Network Mast Prefix Length User Defined Detaut Gateway Actio Default Geteway Ramoave ther Uefined 18240 NOTE Itis expected that the IP address to be assigned to the switch is known prior to installation based on the network topology STEP 10 Select the Static IP address radio button and enter the IP Address Network Mask and User Defined Default Gateway These must match the IP addressing subnet in the network in w
86. network traffic to determine which hosts want to receive multicast traffic IGMP Snooping can be enabled only if Bridge Multicast Filtering is enabled The possible field values are Checked Enables IGMP Snooping on the device Unchecked Disables IGMP Snooping on the device e VLAN ID Specifies the VLAN ID ESW 500 Series Switches Administration Guide 263 Configuring Multicast Forwarding IGMP Snooping STEP 2 STEP 3 STEP 1 STEP 2 IGMP Snooping Status Indicates if IGMP snooping is enabled on the specific VLAN The possible field values are Enabled IGMP Snooping is enabled on the VLAN Disabled GMP Snooping is not enabled on the VLAN Host Timeout Indicates the amount of the time the Host waits to receive a message before it times out The default value is 260 seconds MRouter Timeout Indicates the amount of the time the Multicast router waits to receive a message before it times out The default value is 300 seconds Leave Timeout Indicates the amount of time the host waits after requesting to leave the IGMP group and not receiving a J oin message from another station before timing out If a Leave Timeout occurs the switch notifies the Multicast device to stop sending traffic The Leave Timeout value is either user defined or an Immediate Leave value The default timeout is 10 seconds Define the relevant fields Click Apply The IGMP Snooping Parameters are updat
87. of unrecognized EAPOL frames that have been received by on this port e Length Error Frames Received Indicates the number of EAPOL frames with an invalid Packet Body Length received on this port e Last Frame Version Indicates the protocol version number attached to the most recently received EAPOL frame e Last Frame Source Indicates the source MAC address attached to the most recently received EAPOL frame Managing RMON Statistics The RMON section contains the following pages e Viewing RMON Statistics e Configuring RMON History e Defining RMON Events Control e Defining RMON Alarms ESW 500 Series Switches Administration Guide 405 Viewing Statistics Managing RMON Statistics Viewing RMON Statistics The RMON Statistics Page contains fields for viewing information about device utilization and errors that occurred on the device To view the RMON statistics STEP 1 Click Statistics gt RMON Remote Management gt Statistics The RMON Statistics Page opens RMON Statistics Page ethectle cisco Switch Configuration U Heondcant Packets Received Meticast Packets Recetved CRC amp Align Exrece Undersize Packet Oversize Packets Fragment Jaten CoGnicon Frames of 64 Dytes Frames oi 65 te 127 Bytes Frames of 128 to 255 Bytes Frames of 256 to 511 Bytes Frames of 512 to 1023 Bytes Frames of 1024 te 1637 Bytes The RMON Statistics Page contains the following fields e Port
88. options are as follows Static Attaches the interface to the Multicast group as a static member Forbidden Forbidden interfaces are not included the Multicast group even if IGMP snooping designated the interface to join a Multicast group Excluded The interface is not part of a Multicast group Dynamic Attaches the interface or EtherChannel dynamically to the Multicast group Define the relevant fields ESW 500 Series Switches Administration Guide 271 Configuring Multicast Forwarding Defining Unregistered Multicast Settings STEP 5 Click Apply The Multicast Forward All settings are modified and the device is updated Defining Unregistered Multicast Settings Multicast frames are generally forwarded to all ports in the VLAN If IGMP Snooping is enabled the device learns about the existence of Multicast groups and monitors which ports have joined what Multicast group Multicast groups can also be statically enabled This enables the device to forward the Multicast frames from a registered Multicast group only to ports that are registered to that Multicast group The Unregistered Multicast Page contains fields to handle Multicast frames that belong to Unregistered Multicast groups Unregistered Multicast groups are the groups that are not known to the device All Unregistered Multicast frames are still forwarded to all ports on the VLAN After a port has been set to Forwarding Filtering then
89. packets to IP based ACLs first then matches packets to MAC based ACLs e Match Criteria used to match IP addresses and or MAC addresses with an ACL s address The possible field values are AND Both the MAC based and the IP based ACL must match a packet OR Either the MAC based or the IP based ACL must match a packet e MAC ACL Matches packets to MAC based ACLs first then matches packets to IP based ACLs e Preferred ACL Defines if packets are first matched to an IP based ACL ora MAC based ACL The possible field values are IP Based ACLs Matches packets to IP based ACLs first then matches packets to MAC based ACLs ESW 500 Series Switches Administration Guide 328 Configuring Quality of Service Defining Advanced QoS Mode MAC Based ACLs Matches packets to MAC based ACLs first then matches packets to IP based ACLs STEP 3 Define the relevant fields STEP 4 Click Apply QoS mapping is added and the device is updated Defining Aggregate Policer A policy is a collection of classes each of which is a combination of a class map and a QoS action to apply to matching traffic Classes are applied in a first fit manner within a policy Before configuring policies for classes whose match criteria are defined in a class map a class map must first be defined or the name of the policy map to be created added to or modified must first be specified Class policies can be configured ina p
90. should only be attempted by trained personnel Selecting Menu Options and Actions Within the Console Interface menus list options in numeric order Actions appear at the end of the page To select menu options and actions use the following keys on your keyboard Key Function Arrow keys Move the cursor up down left or right Number key Press the menu number and then press Enter key to select a menu option Tab Move the cursor from one field to the next on an editing page Enter Select an option that is highlighted by the cursor Esc Return to the previous menu or page or move cursor from editable fields to Action list Use the following steps to connect to the switch using the console STEP 1 Power up the ESW 500 Series switch STEP 2 Connectit to the network if required STEP 3 Use the console cable supplied with the switch to connect the serial port on the PC to the console port on the switch ESW 500 Series Switches Administration Guide 48 Getting Started Using The Switch Console Port STEP 4 Onthe PC launch a terminal emulation program such as HyperTerminal bundled with Windows or Putty freeware and configure a new connection with the following settings e Speed or Bits Per Second 115200 e Data Bits 8 e Stop Bit 1 e Parity None e Flow Control None e Serial Port Choose the appropriate serial or COM porton the PC that the console cable is co
91. the EtherChannels are described in the page e Interface Displays the interface port or EtherChannel for which the Bandwidth settings are made ESW 500 Series Switches Administration Guide 319 Configuring Quality of Service Defining General Settings e Ingress Rate Limit Indicates the traffic limit for ingress interfaces The possible field values are Status Enables or disables rate limiting for ingress interfaces Disable is the default value Rate Limit Defines the rate limit for ingress ports Defines the amount of bandwidth assigned to the interface For FE ports the rate is 62 100 000 Kips For GE ports the rate is 62 1 000 000 Kbps e Egress Shaping Rates Indicates the traffic shaping type if enabled for egress ports The possible field values are C R Defines Committed Information Rate CIR as the queue shaping type The possible field values are For FE ports the rate is 64 62 500 Kbps For GE ports the rate is 64 1 000 000 Kbps CbS Defines Committed Burst Size CbS as the queue shaping type CbS is supported only on GE interfaces The possible field value is 4096 16 769 020 bytes Status Enables or disables rate limiting for egress interfaces Disable is the default value Modifying Bandwidth Settings STEP 2 Click Quality of Service gt General gt Bandwidth The Bandwidth Page opens STEP 3 Click the Edit button The Edit Bandwidth Page opens
92. the IP Precedence value is used to match packets to ACLs The possible field range is 0 7 e Action Indicates the action assigned to the packet matching the ACL Packets are forwarded or dropped In addition the port can be shutdown a trap can be sent to the network administrator or packet is assigned rate limiting restrictions for forwarding The options are as follows Permit Forwards packets which meet the ACL criteria Deny Drops packets which meet the ACL criteria Shutdown Drops packet that meets the ACL criteria and disables the port to which the packet was addressed Ports are reactivated from the Port Management page ESW 500 Series Switches Administration Guide 178 Configuring Device Security Defining Access Control STEP 4 Define the relevant fields STEP 5 Click Apply The IP Based ACL is modified and the device is updated Defining ACL Binding When an ACL is bound to an interface all the ACE rules that have been defined are applied to the selected interface Whenever an ACL is assigned ona portora EtherChannel flows from that ingress interface that do not match the ACL are matched to the default rule which is Drop unmatched packets To bind ACLs to an interface STEP 1 Click Security gt Access Control Lists ACL gt ACL Binding The ACL Binding Page opens ACL Binding Page sthecttts cisco roweg ACL Binding Copy trom Entry Number I Porte UtherChannels CI bet
93. the port contribution to the root path cost The path cost is adjusted to a higher or lower value and is used to forward traffic when a path being rerouted Priority Priority value of the port The priority value influences the port choice when a bridge has two ports connected ina loop The priority range is between 0 240 The priority value is provided in increments of 16 Designated Bridge ID Indicates the bridge priority and the MAC Address of the designated bridge Designated Port ID Indicates the selected port s priority and interface Designated Cost Indicates the cost of the port participating in the STP topology Ports with a lower cost are less likely to be blocked if STP detects loops Forward Transitions Indicates the number of times the port has changed from the Blocking state to Forwarding state EtherChannel Indicates the EtherChannel to which the port belongs If a port is amember of a EtherChannel the EtherChannel settings override the port settings STEP 2 Define the relevant fields STEP 3 Click Apply STP is enabled on the interface and the device is updated ESW 500 Series Switches Administration Guide 281 Configuring Spanning Tree Defining Spanning Tree Interface Settings Modifying Interface Settings STEP 1 Click VLAN amp Port Settings gt Spanning Tree STP gt Interface Settings The Interface Settings Page opens STEP 2 Click the Edit button The Edt I
94. the port is a member of a EtherChannel the EtherChannel number is displayed A member of a EtherChannel cannot be configured to a VLAN but that same EtherChannel can be configured to a VLAN STEP 2 Inthe VLAN To Porttable click J oin VLAN in the relevant port entry The oin VLAN To Port Page opens J oin VLAN To Port Page Join VLAN to Port e1 Select VLAN 1 1 2 a 3 a B Tagging Tagged Unagged STEP 3 Define the selected VLAN as Jagged or Untagged STEP 4 From the left list select the relevant VLAN and click gt gt The selected VLAN then appears in the right list Up to 20 VLANs at a single time may be joined to the port STEP 5 Click Apply VLAN to Port setting is defined and the device is updated ESW 500 Series Switches Administration Guide Configuring VLANs Defining Interface Settings Defining Interface Settings The VLAN Interface Setting Page provides parameters for managing ports that are part of a VLAN The port default VLAN ID PVID is configured on the VLAN Port Settings page All untagged packets arriving to the device are tagged by the ports PVID STEP 1 Click VLAN amp Port Settings gt VLAN Management gt Interface Settings The VLAN Interface Settings Page opens VLAN Interface Setting Page tlietdte cisco Interface Settings Copy hom Leary Number te Lavy Numbers Example 1 3 5 0 Porm EtherChanuele Interface frame ingress Wntertace Wan mode
95. the specified table entry e Ports Indicates that ports are described onthe page e EtherChannels Indicates that EtherChannels are described on the page e Interface Interface described by the GVRP settings entry ESW 500 Series Switches Administration Guide Configuring VLANs Defining GVRP Settings STEP 2 STEP 3 STEP 1 STEP 2 e GVRP State Indicates if GVRP is enabled on the interface The possible field values are Enabled Enables GVRP on the selected interface Disabled Disables GVRP on the selected interface e Dynamic VLAN Creation Indicates if Dynamic VLAN creation is enabled on the interface The possible field values are Enabled Enables Dynamic VLAN creation on the interface Disabled Disables Dynamic VLAN creation on the interface e GVRP Registration Indicates if VLAN registration through GVRP is enabled on the device The possible field values are Enabled Enables GVRP registration on the device Disabled Disables GVRP registration on the device Define the relevant fields Click Apply The GVRP Settings are defined and the device is updated Modifying GVRP Settings Click VLAN amp Port Settings gt VLAN Management gt GVRP Settings The GVRP Settings Page opens Click the Edit button The Edit GVRP Page opens ESW 500 Series Switches Administration Guide 234 Configuring VLANs Defining GVRP Settings ST
96. this port s configuration is valid for any VLAN it is a member of or will be a member of To define unregistered Multicast settings ESW 500 Series Switches Administration Guide 272 Configuring Multicast Forwarding Defining Unregistered Multicast Settings STEP 1 Click VLAN amp Port Settings gt Multicast gt Unregistered Multicast The Unregistered Multicast Page opens Unregistered Multicast Page Pons O UtherGhannets Interface Unregestered Multicast g F crmarting g The Unregistered Multicast Page contains the following fields e Ports Indicates the port for which the unregistered Multicast parameters are displayed e EtherChannels Specifies the EtherChannel for which the Unregistered Multicast settings are displayed e Interface Displays the interface ID e Unregistered Multicast Indicates the forwarding status of the selected interface The possible values are Forwarding Enables forwarding of Unregistered Multicast frames to the selected VLAN interface This is the default setting Filtering Enables filtering of Unregistered Multicast frames to the selected VLAN interface STEP 2 Click Edit The Edit Unregistered Multicast Page opens ESW 500 Series Switches Administration Guide 273 Configuring Multicast Forwarding Defining Unregistered Multicast Settings Edit Unregistered Multicast Page Edit Unregistered Multicast Interface v1 Unregiste
97. window opens that prompts you to change your username and password from the default Choose a new username and password then click Apply Switch Configuration Utility System Dashboard Afiafi cisco Switch Configuratlow sity System Dashboard ESW 520 48P Help Sgu 192405 STEP 11 You are now ready to proceed with additional switch configuration ESW 500 Series Switches Administration Guide 28 Getting Started Navigating The Cisco Switch Configuration Utility Navigating The Cisco Switch Configuration Utility The Cisco Switch Configuration Utility is a web based device manager that is used to provision the switch You must have IP connectivity between the PC and the switch to configure the switch The following section describes how to navigate within the interface Switch Configuration Utility System Dashboard Page ahia t Saai Dusas Pro lt cisco Switch Config The following table lists the interface components with their corresponding numbers Component Description 1 Navigation Pane The navigation pane provides easy navigation through the configurable device features The main branches expand to provide the subfeatures 2 Device View The device view contains a graphical representation of the device faceplate including the device status and port LEDs Clicking on a port will open up the Edit Port Page 3 Getting Started The getting started links allow you to navigate through the Links diffe
98. with Windows Vista Ultimate or Windows XP Service Pack 1 or later installed and CCA version 2 2 or higher installed The Cisco Configuration Assistant can be used to connect to and configure the switch when there is an existing or new Smart Business Communications System SBCS or with other Cisco Small Business Pro products such as the SA 500 Series Security Appliance or the AP 541 Access Point The ESW 500 series switch obtains the management IP address via DHCP after it is connected to the network To begin installing the switch using CCA perform the following steps ESW 500 Series Switches Administration Guide 24 Getting Started Connecting to the Switch STEP 1 STEP 2 STEP Ss STEP 4 STEP 5 Power on the ESW 500 series switch Connect one of the designated uplink ports on the ESW 500 series switch to the expansion port on the UC520 or one of the switch ports on the SR520 Connect the PC with CCA installed to any access switch port on the ESW 500 or alternately the UC500 or Small Business Pro router Launch CCA To verify you have CCA version 2 2 or higher click Help gt About The version page opens CCA Version page Connect to an existing community or create a new one For more information on how to create a community refer to the How to create a CCA community VOD at https www myciscocommunity com docs DOC 1423 UC500 System _Level_Features ESW 500 Series Switches Adminis
99. with the rest of the network The following diagram illustrates three common installation scenarios PSTN y VOICE 193403 In the first two scenarios called VOICE and SECURITY DATA you are adding an ESW 500 switch to a new or existing Cisco Smart Business Communications Systems SBCS network deployment This deploymentis either a VOICE network with UC520 being the anchor device or SECURITY DATA network with the SR520 being the anchor device ESW 500 Series Switches Administration Guide 13 Getting Started Typical Installation Methods NOTE In the third scenario called Heterogeneous Network you are adding an ESW 500 switch to a network which does not have any Cisco Small Business products Default Configuration settings on the ESW 500 Series Switches The ESW 500 series switches ship with a default configuration that enables simplified installation and plug and play when connected into a Cisco Small Business network such as SBCS The default settings are as follows e Management VLAN is VLAN 1 e Management IP Address is obtained via DHCP by default If the switch times out ona Dynamic Host Configuration Protocol DHCP response it falls back to a static IP address 192 16810 2 with subnet mask of 255 255 255 0 e Voice VLAN is VLAN 100 e Cisco Discovery Protocol CDP is enabled on all ports Physical Connectivity Physical connections to the switch are described in the tables and graphics on the next
100. 02 1X Properties Page strafte cisco ElSe Darhtosd ESW520 i Properties Port Cased Awhesticailon State Oosie Authouticat es Method here Gaest VLAN Gaest VLAN ID 193472 The 8021X Properties Page contains the following fields e Port Based Authentication State Enables Port based Authentication on the device The possible field values are Enable Enables port based authentication on the device Disable Disables port based authentication on the device e Authentication Method Defines the user authentication methods The possible field values are RADIUS None indicates port authentication is performed first via the RADIUS server If no response is received from RADIUS for example if the server is down then the Wone option is used and the session is permitted RADIUS Authenticates the user at the RADIUS server None No authentication method is used to authenticate the port e Guest VLAN Specifies whether the Guest VLAN is enabled on the device The possible field values are ESW 500 Series Switches Administration Guide 148 Configuring Device Security Defining 8021x Checked Enables using a Guest VLAN for unauthorized ports If a Guest VLAN is enabled the unauthorized port automatically joins the VLAN selected in the VLAN Listfield Unchecked Disables use of a Guest VLAN for unauthorized ports This is the default e Guest VLAN ID Con
101. 20 Configuring VLANs Defining VLAN Properties e Authentication Indicates whether unauthorized users can access a Guest VLAN The possible field values are Enable Enables unauthorized users to use the Guest VLAN Disable Disables unauthorized users from using the Guest VLAN STEP 2 Click the Add button The Add VLAN Range Page opens Add VLAN Range Page Add VLAN Range vean VLAN ID VLAN Mame O Range VLAN Range p Apply The Add VLAN Range Page allows network administrators to define and configure new VLANs and contains the following fields e VLAN Specifies that a specific VLAN is to be defined The possible field values are VLAN ID Defines the VLAN ID VLAN Name Defines a VLAN name e Range Specifies that a range of VLAN IDs is to be defined The possible field values are VLAN Range Defines the lower and upper bounds of the VLAN range STEP 3 Define the relevant fields STEP 4 Click Apply The VLAN Settings are defined and the device is updated ESW 500 Series Switches Administration Guide 221 Configuring VLANs Defining VLAN Properties Modifying VLANs STEP 1 Click VLAN amp Port Settings gt VLAN Management gt Properties The VLAN Properties Page opens STEP 2 Click Edit The Edit VLAN Page opens Edit VLAN Page Edit VLAN VLAH ID 2 VLAN Hame fvLAN2 Disable Authentication 7 Port List VLAN Members
102. 3 Configuring SNMP Security Defining the SNMP Engine ID Defining SNMP Views Defining SNMP Users Modifying SNMP Users Define SNMP Groups Modifying SNMP Group Profile Settings Defining SNMP Communities Modifying SNMP Community Settings Defining Trap Management Defining Trap Settings Configuring Station Management 319 320 322 324 324 325 327 329 331 332 335 337 339 340 341 343 343 343 343 344 344 346 348 350 351 354 355 358 359 359 361 ESW 500 Series Switches Administration Guide Contents Modifying SNMP Notifications Defining SNMP Filter Settings Managing Cisco Discovery Protocol Chapter Managing System Files Software Upgrade Save Configuration Copy Configuration Via TFTP Via HTTP Active Image DHCP Auto Configuration Chapter Managing Power over Ethernet Devices Defining PoE Settings Chapter Managing System Logs Enabling System Logs Viewing the Device Memory Logs Clearing Message Logs Viewing the System Flash Logs Clearing Flash Logs Remote Log Servers Modifying Syslog Server Settings Chapter Viewing Statistics Viewing Ethernet Statistics Defining Interface Statistics Resetting Interface Statistics Counters Viewing Etherlike Statistics Resetting Etherlike Statistics Counters Viewing GVRP Statistics 365 370 373 374 375 377 379 379 381 382 382 386 386 388 389 390 391 394 397 397 397 399 399 401 401 ESW 500 Series Sw
103. 68 10 54 Priority 0 Source IP Adkhess Pom Use Default Authentication Port 1817 Accounting Port 1813 Humber of Retries Muse Default Timeout for Reply Sec hse Default Dead Time Min Ese Default Key String Alphanumeric Mise Default Usage Type All v Apply The Edit RADIUS Server Page contains the following fields e IP Address Defines the RADIUS Server IP address e Priority Displays the server priority The possible values are 0 65535 where 1 is the highest value The RADIUS Server priority is used to configure the server query order e Source IP Address Defines the source IP address that is used for communication with RADIUS servers e Authentication Port Displays the authentication port The authentication port is used to verify the RADIUS server authentication The authentication port default is 1812 ESW 500 Series Switches Administration Guide 126 Configuring Device Security Defining Access Methods e Accounting Port Indicates the port used to send login and logout messages to the RADIUS server The accounting port default is 1813 e Number of Retries Defines the number of transmitted requests sent to RADIUS server before a failure occurs The possible field values are 1 10 Three is the default value e Timeout for Reply Defines the amount of the time in seconds the device waits for an answer from the RADIUS server before retrying the query or sw
104. 84198 and the wildcard mask is 255 36184 00 the first eight bits of the IP address are ignored while the last eight bits are used e Destination IP Address Matches the destination port IP address to which packets are addressed to the ACE Wildcard Mask Defines the destination IP address of the wildcard mask Select either Match DSCP or Match IP Precedence e Match DSCP Matches the packet to the DSCP tag value The possible field range is 0 63 e Match IP Precedence Matches the packet IP Precedence value to the ACE Either the DSCP value or the IP Precedence value is used to match packets to ACLs The possible field range is 0 7 ESW 500 Series Switches Administration Guide 173 Configuring Device Security Defining Access Control e Traffic Class Indicates the traffic class to which the packets are matched The possible field values are Checked Matches packets to traffic classes Unchecked Does not match packets to traffic classes e Action Indicates the action assigned to the packet matching the ACL Packets are forwarded or dropped In addition the port can be shut down a trap can be sent to the network administrator or packet is assigned rate limiting restrictions for forwarding The options are as follows Permit Forwards packets which meet the ACL criteria Deny Drops packets which meet the ACL criteria Shutdown Drops packet that meets the ACL criteria
105. 93918 STEP 1 Click Maintenance gt System Logging gt System Messages Memory The System Messages Memory Page opens STEP 2 Click the Clear Logs button The message logs are cleared ESW 500 Series Switches Administration Guide 389 Managing System Logs Viewing the System Flash Logs Viewing the System Flash Logs The System Messages Flash Page contains information about log entries saved to the Log File in FLASH including the time the log was generated the event severity and a description of the log message The Message Log is available after reboot To view the Flash Logs STEP 1 Click Maintenance gt System Logging gt System Messages Flash The System Messages Flash Page opens System Messages Flash Page vapaja Seve Muneta Pe cisco Switch Configuration Hity System Messages Flash Leg index Log Time Severity Description The System Messages Flash Page contains the following fields e Log Index Displays the log entry number e Log Time Displays the time at which the log entry was generated e Severity Displays the event severity e Description Displays the log message text ESW 500 Series Switches Administration Guide 390 Managing System Logs Remote Log Servers Clearing Flash Logs Flash Logs can be cleared from the System Messages Flash Page To Clear the System Messages Flash Page STEP 1 Click Maintenance gt System Logging gt System
106. ADIUS server before retrying the query or Switching to the next server The possible field values are 1 30 Three is the default value Dead Time Defines the amount of time minutes that a RADIUS server is bypassed for service requests The range is 0 2000 The Dead Time default is 0 minutes Key String Defines the default key string used for authenticating and encrypting all RADIUS communications between the device and the RADIUS server This key must match the RADIUS encryption Usage Type Specifies the RADIUS server authentication type The default value is Login The possible field values are Login indicates that the RADIUS server is used for authenticating user name and passwords 8021X indicates that the RADIUS server is used for 8021X authentication All Indicates that the RADIUS server is used for authenticating user name and passwords and 8021X port authentication Use Default Uses the default value for the parameter STEP 3 Define the relevant fields ESW 500 Series Switches Administration Guide 125 Configuring Device Security Defining Authentication STEP 4 Click Apply The RADIUS Server is added and the device is updated Modifying RADIUS Server Settings STEP 1 Click Security gt Authentication gt RADIUS The RADIUS Page opens STEP 2 Click the Edit button The Edit RADIUS Server Page opens Edit RADIUS Server Page Edit RADIUS Server P Address 192 1
107. ADIUS server using the Extensible Authentication Protocol EAP Port Authentication includes ESW 500 Series Switches Administration Guide 146 Configuring Device Security Defining 8021x e Authenticators Specifies the port which is authenticated before permitting system access e Supplicants Specifies host connected to the authenticated port requesting to access the system services e Authentication Server Specifies the external server for example the RADIUS server that performs the authentication on behalf of the authenticator and indicates whether the supplicant is authorized to access system services Port based authentication creates two access states e Controlled Access Permits communication between the supplicant and the system if the supplicant is authorized e Uncontrolled Access Permits uncontrolled communication regardless of the port state The 8021x section contains the following pages e Defining 8021X Properties e Defining Port Authentication e Defining Authentication e Defining Authenticated Host Defining 802 1X Properties The 8021X Properties Page provides parameters for enabling port authentication and selecting the authentication method To define port based authentication ESW 500 Series Switches Administration Guide 147 Configuring Device Security Defining 8021x STEP 1 Click Security gt 8021X gt Properties The 802 1X Properties Page opens 8
108. CACS The 7ACACS Page opens Click the Edit Button The Edit TACACS Server Page opens ESW 500 Series Switches Administration Guide 120 Configuring Device Security Defining Authentication Edit TACACS Server Page Edit TACACS Server Host IP Address pain Priority E Source IP Address ti C C COC Y XXX O Use Default Key String C i C Use Default Authentication Port m Timeout for Reply EE sec D Use Default Status Not Connected Single Connection m The Edit TACACS Server Page contains the following fields Host IP Address Defines the TACACS Server IP address Priority Defines the order in which the TACACS Sservers are used The default is 0 Source IP Address Defines the device source address used for the TACACS session between the device and the TACACS server Key String Defines the authentication and encryption key for TACACS server The key must match the encryption key used on the TACACS server Authentication Port Defines the port number through which the TACACS session occurs The default is port 49 Timeout for Reply Defines the amount of time that passes before the connection between the device and the TACACS server times out The field range is 1 30 seconds Status Displays the connection status between the device and the TACACS server The possible field values are Connected Indicates there is currently a connection between the device and the
109. CP Interface Page Add DHCP Interface Interface vian 1 z The Add DHCP Interface Page contains the following field e Interface Selects the interface to define DHCP Relay The possible field value is VLAN Defines the DHCP Relay on the selected VLAN STEP 3 Select the Interface on which to define a DHCP Relay STEP 4 Click Apply A DHCP Relay Interface is defined and the device is updated Managing ARP The Address Resolution Protoco ARP is a TCP IP protocol that converts IP addresses into physical addresses The ARP table is used to maintain a correlation between each MAC address and its corresponding IP address The ARP table can be filled in statically by the user When a static ARP entry is defined a permanent entry is put in the table which the system uses to translate IP addresses to MAC addresses To define ARP ESW 500 Series Switches Administration Guide 247 Configuring IP Information Managing ARP STEP 1 Click Monitor amp Device Properties gt System Management gt IP Addressing gt ARP The ARP Page opens ARP Page othtcthts cisco ARP Entry Age Out scone Cleat ARP Table Entries tere interlace IP Addie MAC Adres Status VLAN 1 t32 168 107 WMieBteett gt Dyname The ARP Page contains the following fields e ARP Entry Age Out Defines the amount of time seconds that pass between ARP requests about an ARP table entry After this period the entry is delete
110. Configuring Smart Ports for Desktops The Smart Ports for Desktops Page allows network administrators to define port settings for personal desktop users To configure ports for desktop users using the Smart Ports Wizard ESW 500 Series Switches Administration Guide 73 Managing Smart Ports Configuring Smart Ports for Desktops STEP 1 Openthe Switch Configuration Utility The web application automatically opens to the System Dashboard Page System Dashboard Page stheettes cisco System Dashboard ESW 520 48 Healt and Montorlng wus Meiring Help 193854 STEP 2 Click Smart Ports Wizard under Ports on the System Dashboard Page The Smart Ports Setting Page opens ESW 500 Series Switches Administration Guide 74 Managing Smart Ports Configuring Smart Ports for Desktops Smart Ports Setting Page Smart Ports Setting Select Port s for Profile SelectAll Clear All Assign Profile STEP 3 Selecta portor range of ports STEP 4 Select Desktop in the Assign Profile drop down list Click Next The Smart Ports Desktop Settings Page opens Smart Ports Desktops Settings Page Desktop amp Ports VLAN Pert Mode VLAN ID Port Secerity Mode Max MAC Addresses Port Security Actes Violation Trap Every Breadcast Stem Commol Spanning Tree Port Fast Spanning Tree BPOU Geacd QoS Policy Macro Desctipties Back The Smart Ports Desktops Settings Page contains the following fiel
111. DSCP mappings STEP 4 Click Apply The DSCP mappings are defined and the device is updated ESW 500 Series Switches Administration Guide Configuring SNMP SNMP Versions Configuring SNMP The Simple Network Management Protocol SNMP provides a method for managing network devices SNMP Versions The device supports the following SNMP versions SNMP v1 and v2 SNMP agents maintain a list of variables that are used to manage the device The variables are defined in the Management Information Base MIB The MIB presents the variables controlled by the agent The SNMP agent defines the MIB specification format as well as the format used to access the information over the network Access rights to the SNMP agents are controlled by access Strings SNMP v3 SNMP v3 also applies access control and a new traps mechanism to SNMP v1 and SNMP v2 PDUs In addition User Security Model USM is defined for SNMP v3 and includes e Authentication Provides data integrity and data origin authentication e Privacy Protects against disclosure message content Cipher Block Chaining CBC is used for encryption Either authentication is enabled on an SNMP message or both authentication and privacy are enabled ona SNMP message However privacy cannot be enabled without authentication e Timeliness Protects against message delay or message redundancy The SNMP agent compares the incoming message to the message time info
112. Defines the specific port for which RMON statistics are displayed e EtherChannel Defines the specific EtherChannel for which RMON statistics are displayed e Refresh Rate Defines the amount of time that passes before the interface Statistics are refreshed The possible field values are ESW 500 Series Switches Administration Guide 406 Viewing Statistics Managing RMON Statistics 15 Sec Indicates that the RMON statistics are refreshed every 15 seconds 30 Sec Indicates that the RMON statistics are refreshed every 30 seconds 60 Sec Indicates that the RMON statistics are refreshed every 60 seconds No Refresh Indicates that the RMON statistics are not refreshed Received Bytes Octets Displays the number of octets received on the interface since the page was last refreshed This number includes bad packets and FCS octets but excludes framing bits Drop Events Displays the number packets that were dropped Received Packets Displays the number of packets received on the interface including bad packets Multicast and broadcast packets since the page was last refreshed Broadcast Packets Received Displays the number of good broadcast packets received on the interface since the page was last refreshed This number does not include Multicast packets Multicast Packets Received Displays the number of good Multicast packets received on the interface since the page was las
113. Displays the log number e Log Time Displays the time when the log entry was entered e Description Displays the log entry description To return to the RMON Events Page click the RMON Events Control button Defining RMON Alarms The RMON Alarms Page contains fields for setting network alarms Network alarms occur when a network problem or event is detected Rising and falling thresholds generate events To set RMON alarms ESW 500 Series Switches Administration Guide 417 Viewing Statistics Configuring RMON History STEP 1 Click Statistics gt RMON Remote Management gt Alarms The RMON Alarms Page opens RMON Alarms Page stiall cisco Alarms m Alam Counter Rising Falling L Enty Commies Hasse Interface Value Sampie Type Rising Evest Threshold i Threshold The RMON Alarms Page contains the following fields e Alarm Entry Indicates the alarm entry number e Counter Name Displays the selected MIB variable e Interface Displays the interface port or EtherChannel for which RMON statistics are displayed The possible field values are Port Displays the RMON statistics for the selected port EtherChanne Displays the RMON statistics for the selected EtherChannel Counter Value Displays the current counter value for the particular alarm e Sample Type Defines the sampling method for the selected variable and comparing the value against the thresholds The possib
114. EP 2 Click the Add button The Add Access Profile Page opens ESW 500 Series Switches Administration Guide 129 Configuring Device Security Defining Access Methods Add Access Profile Page Add Access Profile Access Prof e Name Rule Priority Management Method v linterface EtherChannel VLAN m Network Mask Source IP Address ny Prefix Length Action The Add Access Profile Page contains the following fields e Access Profile Name Defines the access profile name The access profile name can contain up to 32 characters e Rule Priority Defines the rule priority When the packet is matched to a rule user groups are either granted permission or denied device management access The rule number is essential to matching packets to rules as packets are matched on a first fit basis The rule priorities are assigned in the Profile Rules Page e Management Method Defines the management method for which the rule is defined Users with this access profile can access the device using the management method selected The possible field values are All Assigns all management methods to the rule Telnet Assigns Telnet access to the rule If selected users accessing the device using Telnet meeting access profile criteria are permitted or denied access to the device Secure Telnet SSH Assigns SSH access to the rule If selected users accessing the device using Telnet meeting access profile cri
115. EP 3 STEP 4 Edit GVRP Page Edit GVRP Interface Pon gi O EtherChannel GVRP State Disable v Dynamic VLAN Creation Enable GVRP Regist ation Enable The Edit GVRP Page contains the following fields Interface Port or EtherChannel described by the GVRP settings entry GVRP State Indicates if GVRP is enabled on the interface The possible field values are Enable Enables GVRP on the selected interface Disable Disables GVRP on the selected interface Dynamic VLAN Creation Indicates if Dynamic VLAN creation is enabled on the interface The possible field values are Enable Enables Dynamic VLAN creation on the interface Disable Disables Dynamic VLAN creation on the interface GVRP Registration Indicates if VLAN registration through GVRP is enabled on the device The possible field values are Enable Enables GVRP registration on the device Disable Disables GVRP registration on the device Define the relevant fields Click Apply GVRP settings are modified and the device is updated ESW 500 Series Switches Administration Guide 235 Configuring VLANs Defining Protocol Groups Defining Protocol Groups The Protocol Group Page contains information which describes the protocol names and the VLAN Ethernet type Interfaces can be classified as a specific protocol based interface STEP 1 Click VLAN amp Port Settings gt VLAN Management
116. EP 3 STEP 4 STEP 5 If your PC is using a static IP address make note of your current IP address settings and record them for future use Place the PC on the same subnet of the switch by configuring the PC with the following parameters e Static IP address 1921681011 e Subnet mask 255 255 255 0 e Default gateway 19216810 2 D NOTE Details on how to change the IP address on your PC are dependent upon the type of architecture and operating system installed Use your PC s local Help and Support functionality and search for IP Addressing Opena web browser Cisco recommends Internet Explorer version 6 or higher or Firefox version 3 Accept any requests to install Active X plugin Enter http 19216810 2 in the address bar and press Enter The Log n page opens ESW 500 Series Switches Administration Guide 18 Getting Started Connecting to the Switch Log In page T cisco Swich Configuration Utility STEP 6 Enter a user name and password The default user name is c sco and the default password is c sco Passwords are both case sensitive and alpha numeric Click Log In STEP 7 While the system is verifying the login attempt the Log In Progress Indicator appears The indicator dots rotate clockwise to indicate that the system is still working If the login attempt is successful the Change Username Password Page opens A NOTE After logging in using the default username and password you
117. EtherChannels Specifies the EtherChannel for which the Trusted Interface settings are displayed e Interface Displays the interface on which edits can be made e Trust Enables or disables ARP Inspection Trust mode on the interface The possible field values are Enable indicates the port or EtherChannel is a trusted interface and ARP inspection is not performed on the ARP requests replies sent to from the interface Disable indicates the port or EtherChannel is not a trusted interface and ARP inspection is performed on the ARP requests replies sent to from the interface This is the default value ESW 500 Series Switches Administration Guide 206 Configuring Device Security Defining Dynamic ARP Inspection STEP 2 Click Edit The Edit Interface Settings Page opens Edit Interface Settings Page Edit Interface Settings Interface Por gi O EtherChannel Trust Status Disable STEP 3 Define the fields STEP 4 Click Apply The Trusted Interface s configuration is modified and the device is updated Defining ARP Inspection List The ARP Inspection List Page provides information for creating static ARP Binding Lists ARP Binding Lists contain the List Name IP address and MAC address which are validated against ARP requests and replies To add an ARP Inspection List entry ESW 500 Series Switches Administration Guide Configuring Device Security Defining Dynamic ARP
118. Host Mapping The Host Mapping Page opens Host Mapping Page cisco Switch Configuration Uf w Host Mapping C Hos Nimes IP Address oo 185536 The Host Mapping Page contains the follow ing fields e HostNames Displays a user defined default domain name When defined the default domain name is applied to all unqualified host names The Host Name field can contain up to 158 characters e IP Address Displays the DNS host IP address STEP 2 Click the Add button The Add Host Name Page opens The Add Host Name Page provides information for defining DNS Host Mapping ESW 500 Series Switches Administration Guide 254 Configuring IP Information Domain Name System Add Host Name Page Add Host Name Host ILane IP Address IP Address 2 optional IP Adi ews 3 optional IP Addr eas 4 optional The Add Host Name Page contains the following fields e HostName Displays a user defined default domain name When defined the default domain name is applied to all unqualified host names The Host Name field can contain up to 158 characters e IP Address Displays the DNS host IP address e IP Address 2 optional Indicates the second network assigned to the interface The address must be a valid address specified in hexadecimal e IP Address 3 optional Indicates the third network assigned to the interface The address must be a valid address specified in hexadecimal e IP Addr
119. Inspection List Name IP Address MAC Address STEP 3 Define the fields STEP 4 Click Apply The add ARP Binding entry is added and the device is updated ESW 500 Series Switches Administration Guide 209 Configuring Device Security Defining Dynamic ARP Inspection Assigning ARP Inspection VLAN Settings The ARP Inspection VLAN Settings Page contains fields for enabling ARP Inspection on VLANs In the Enabled VLAN table users assign static ARP Inspection Lists to enabled VLANs When a packet passes through an untrusted interface which is enabled for ARP Inspection the device performs the following checks in order e Determines if the packet s IP address and MAC address exist in the static ARP Inspection list If the addresses match the packet passes through the interface e Ifthe device does not find a matching IP address but DHCP Snooping is enabled on the VLAN the device checks the DHCP Snooping database for the IP address VLAN match If the entry exists in the DHCP Snooping database the packet passes through the interface e If the packet s IP address is not listed in the ARP Inspection List or the DHCP Snooping database the device rejects the packet NOTE To define ARP Inspection on VLANs ARP Inspection List s must be defined before continuing In the following example the List Name field is empty on the Add VLAN Settings page If you add a list in the steps above then the list will be populated w
120. Interval Indicates the time in seconds that samplings are taken from the ports The field range is 1 3600 The default is 1800 seconds equal to 30 minutes Define the relevant fields Click Apply The entry is added to the RMON History Contro Page and the device is updated Modifying RMON History Settings Click Statistics gt RMON Remote Management gt History The RMON History Control Page opens STEP 2 Click the Edit button The Edit RMON History Page opens ESW 500 Series Switches Administration Guide 410 Viewing Statistics Configuring RMON History STEP 3 STEP 4 Edit RMON History Page Edit RMON History History Entry No 15 Source interface Port gt_ EtherChannel Owner Max No of Samples to Keep 50 Sarnpling titer val 10 Apply The Edit RMON History Page contains the following fields History Entry No Displays the entry number for the History Control Table page Source Interface Displays the interface port or EtherChannel from which the history samples are taken The possible field values are Port Specifies the port from which the RMON information is taken EtherChanne Specifies the EtherChannel from which the RMON information is taken Owner Displays the RMON station or user that requested the RMON information The field range is 0 20 characters Max No of Samples to Keep Indicates the number of samples to save Sampling Interv
121. Itis not necessary to configure your switch in this manner STEP 1 Click onthe System Dashboard and then on the Smartports Wizard The Smart Ports Wizard opens To change a port from the default setting to a different role highlight the appropriate port on this page by clicking on it then select a different profile from the drop down list under Assign Profile Smart Ports Setting Wizard Smart Ports Setting Select Port s for Profile Assign Profile Next STEP 2 Configure ports 4 6 for Access Points ESW 500 Series Switches Administration Guide 35 Getting Started Performing Common Configuration Tasks Smart Ports Setting Wizard Smart Ports Setting Select Port s for Profile Assign Profile Next STEP 3 Click Next The Access Pointwindow opens To ensure all VLANs in the network are trunked to the Wireless Access Points select the drop down list beside Trunk Allowed VLANs Select vlan 100 from the drop down list to allow voice over wireless Smart Ports Settings Wizard Access Point Access Point Ports oe VLAN Pest Mode Trunk Trunk Native VLAN ID 10 Excluded VLAN Allowed VLANs 1 100 Mow feclude AM Created VLANs Exide Broadcast Steam Coamol 10 QeS Policy gereratmap Macro Desctiptien Accest Pont Bsk soem Rems marked as gray wil not be configured as allowed VLANs STEP 4 Click Allow to ensure that VLAN100 shows up in the allowed list and then click Ap
122. Managing Smart Ports Configuring Smart Ports for Other STEP 6 STEP 7 STEP 8 e Spanning Tree Port Fast Indicates Fast Link is enabled on the port If Fast Link mode is enabled for a port the Port State is automatically placed in the Forwarding state when the port link is up Fast Link optimizes the STP protocol convergence STP convergence can take 30 60 seconds in large networks e Spanning Tree BPDU Guard Indicates if BPDU Guard is enabled onthe interface e QoS Policy Indicates that the default QoS policy settings are applied to the port The Default policy is voice map e Macro Description Indicates the type of device connected to the port For VS cameras this field is always VS Camera Select a VLAN in the VLAN ID dropdown box Click Apply The Server port settings are saved and the device is updated Click OK The Smart ports Setting page opens Configuring Smart Ports for Other STEP 1 STEP 2 STEP 3 STEP 4 The Smart Port Other Page allows network administrators to remove any previous Smart Ports configuration from a port You can also use the smart ports for other setting to analyze network traffic You can analyze network traffic passing through ports or by using SPAN to send a copy of the traffic to another port on the switch or on another switch that has been connected to a network analyzer or other monitoring or security device The following are the steps to set up port mirroring
123. Modifying Profile Rules Defining Traffic Control Defining Storm Control Modifying Storm Control Defining Port Security Modifying Port Security Defining 802 1x Defining 802 1X Properties Defining Port Authentication Modifying 8021X Security Defining Authentication Modifying Authentication Settings Authenticated Hosts Defining Access Control Defining MAC Based ACL Adding Rule to MAC Based ACL Modifying MAC Based ACL Defining IP Based ACL Modifying IP Based ACL Adding an IP Based Rule Defining ACL Binding Modifying ACL Binding Defining DoS Prevention DoS Global Settings 115 117 120 122 126 127 128 131 135 137 138 140 141 145 146 147 149 152 155 157 158 160 160 164 166 168 174 177 179 180 181 181 ESW 500 Series Switches Administration Guide Contents Defining Martian Addresses Defining DHCP Snooping Defining DHCP Snooping Properties Defining DHCP Snooping on VLANs Defining Trusted Interfaces Binding Addresses to the DHCP Snooping Database Query By Query Results Defining IP Source Guard Configuring IP Source Guard Properties Defining IP Source Guard Interface Settings Querying the IP Source Binding Database TCAM Resources Query By Query Results Defining Dynamic ARP Inspection Defining ARP Inspection Properties Defining ARP Inspection Trusted Interfaces Defining ARP Inspection List Static ARP Inspection Table Adding a Binding List entry Assigning ARP Inspection VLAN Settings En
124. N receiving untagged packets at ingress e Excluded VLANs Defines VLANs that are excluded from receiving untagged packets at egress e Allowed VLANs Defines VLANs that are allowed to receive untagged packets at egress e Broadcast Storm Control Indicates if the percentage of Broadcast Storm Control enabled on the port The default value is 10 of the port speed e QoS Policy Indicates that the default QoS policy settings are applied to the port The name of the default QoS policy is general map e Macro Description Indicates the type of device connected to the port For access points this field is always Access Point STEP 6 Selecta VLAN inthe Trunk Native VLAN ID drop down list ESW 500 Series Switches Administration Guide 81 Managing Smart Ports Configuring Smart Ports for Switches STEP 7 STEP 8 STEP 9 Select which trunks are permitted in the VLAN using the Allow and Exclude buttons Click Apply The Access Point port settings are saved and the device is updated Click OK The Smart ports Setting page opens Configuring Smart Ports for Switches STEP 1 STEP 2 STEP 3 The Smart Ports Switch Settings Page allows network administrators to manage network settings between switches To configure smart ports for switches Open the Switch Configuration Utility The web application automatically opens to the System Dashboard Page Click Smart Ports Wizard under Ports on the
125. Other Allows network administrators to remove any previous Smart ports configurations from a port ESW 500 Series Switches Administration Guide 72 Managing Smart Ports Configuring Smart Ports for Desktops D NOTE By default the user ports are configured as IP Phone Desktop for PoE switches and Desktop for non PoE switches For devices other than IP Phone and Desktop users need to configure the smartport role per device e g switch access point etc A port willbe deactivated or has degraded service by connecting a switch or an access point to IP phone desktop smartport respectively because of mismatched port role For example if the network administrator knows that ports 1 10 are access points for a WLAN network the Smart Ports Wizard is applied to the ports and the ports are configured with the most common Settings for WLAN networks Note the following when using the Smart Ports wizard e During the Boot Process the Smart Port wizard commands are saved in the Running Configuration file This ensures that if the device is reset the Smart Port wizard settings are applied to the ports when the device restarts e Ports are enabled for the Smart Port wizards by default However the initial configuration of the Smart Ports wizards can only occur if the Startup Configuration file is empty e Ifthe network administrator modifies the port configuration manually the Smart ports Wizard may not operate correctly
126. P 1 Click Quality of Service gt QoS Statistics gt Aggregate Policer The Aggregate Policer Statistics Page opens Ajurli nw t cisco Switch Configuration UIN EJ System Dasteowa EW i By Marae amp Dewce P Aggregate Policer Mactmance 196562 STEP 2 Click Clear Counters The Aggregate Policer statistics counters are cleared Queues Statistics The Queues Statistics Page contains parameters for viewing queue Statistics including statistics forwarded and dropped packets based on interface queue and drop precedence NOTE The Queues Statistics Page is applicable to Gigabit devices only and will not appear in all switches To view the Queues Statistics page ESW 500 Series Switches Administration Guide 307 Configuring Quality of Service Managing QoS Statistics STEP 1 Click Quality of Service gt QoS Statistics gt Queues Statistics The Queues Statistics Page opens Queues Statistics Page alevele ove uxo Sateh Carignan iy 103564 The Queues Statistics Page contains the following fields e Set Displays the counter set The possible field values are 1 Displays the statistics for Set 1 Set 1 contains all interfaces and all queues with a high DP 2 Displays the statistics for Set 2 Set2 contains all interfaces and all queues with a low DP e Port Displays the port for which the queue statistics are displayed e Queue Displays the queue from which packets were f
127. P Snooping Entry Page Add DHCP Snooping Entry Type Dynarme Static MAC Address VLAN ID iv IP Add ess Ports CtherChannets Interface gi Leave Time 10 Sec infinite C Apply The window displays the following fields e Type Displays the IP address binding type The possible field values are Static Indicates the IP address is static Dynamic indicates the IP address is defined as a dynamic address in the DHCP database e VLAN ID Displays the VLAN ID to which the IP address is attached in the DHCP Snooping Database e IP Address Indicates the IP address found during the query e Interface Indicates the specific interface connected to the address found during the query Lease Time Displays the lease time Define the fields Click Apply The bound address is added to the DHCP Snooping database and the device is updated Click Delete to delete the data from the Query Results Table To remove dynamic addresses from the Query Results table click Clear Dynamic ESW 500 Series Switches Administration Guide 194 Configuring Device Security Defining DHCP Snooping Defining IP Source Guard IP Source Guard is a security feature that restricts the client IP traffic to those source IP addresses configured in the DHCP Snooping Binding Database and in manually configured IP source bindings For example IP Source Guard can help prevent traffic attacks cau
128. P is currently disabled on the port The port forwards traffic while learning MAC addresses Blocking ndicates that the port is currently blocked and cannot forward traffic or learn MAC addresses Listening indicates that the port is in Listening mode The port cannot forward traffic nor can it learn MAC addresses Learning ndicates that the port is in Learning mode The port cannot forward traffic however it can learn new MAC addresses Forwarding ndicates that the portis in Forwarding mode The port can forward traffic and learn new MAC addresses e Port Role Displays the portrole assigned by the STP algorithm to provide to STP paths The possible field values are Root Provides the lowest cost path to forward packets to the root switch ESW 500 Series Switches Administration Guide 280 Configuring Spanning Tree Defining Spanning Tree Interface Settings Designated The port or EtherChannel through which the designated Switch is attached to the LAN Alternate Provides an alternate path to the root switch from the root interface Backup Provides a backup path to the designated port path toward the Spanning Tree leaves Backup ports occur only when two ports are connected ina loop by a point to point link or when a LAN has two or more connections connected to a shared segment Disabled The portis not participating in the Spanning Tree Path Cost Indicates
129. Pel Power Consumption M Total PoE Power Available M xe Pon Admin Stans Prictity Power Allocaion im Power Consumption mi 7 Enadie to 15400 Enadle Enatle Enadle Enable Enadle Enatie g p 6 y 193423 Click Edit to change a PoE setting The number of PoE devices supported on a switch depends on the power requirements for each device and the switch model in question To help illustrate this the PoE Device Support table shows the recommended number of POE devices for 3 different scenarios Scenario 1 Assumes the POE devices connected to the switch are all IEEE 802 3af Class 2 devices which draw less than 7 5W per device Scenario 2 Assumes the POE devices connected to the switch are a mix of IEEE 802 3af Class 2 amp Class 3 devices devices which on average draw less than 11W per device Scenario 3 Assumes the POE devices connected to the switch are all IEEE 802 3af Class 3 devices which draw less than 15 4W per device ESW 500 Series Switches Administration Guide 39 Getting Started Performing Common Configuration Tasks PoE Device Support ESW 500 Total Scenario 1 Scenario 2 PoE Scenario 3 PoE Series Power PoE Devices Devices Devices drawing Switch drawing lt 7W drawing lt 11W lt 15 4 W ESW 520 8P 60 Watts Up to 15 4 Watts to each port up to the total budget ESW 540 8P 120 Watts Up to 15 4 Watts to each port up to the total budget ESW 520 24P
130. Properties The MSTP Properties Page contains information for defining global MSTP settings including region names MSTP revisions and maximum hops To define MSTP STEP 1 Click VLAN amp Port Settings gt Spanning Tree STP gt MSTP gt Properties The MSTP Properties Page opens MSTP Properties Page Ahal cisco Region Name Revision Max Hops The MSTP Properties Page contains the following fields e Region Name Provides a user defined STP region name e Revision Defines unsigned 16 bit number that identifies the revision of the current MST configuration The revision number is required as part of the MST configuration The possible field range 0 65535 e Max Hops Indicates the total number of hops that occur in a specific region before the BPDU is discarded Once the BPDU is discarded the port ESW 500 Series Switches Administration Guide 290 Configuring Spanning Tree Defining Multiple Spanning Tree information is aged out The possible field range is 1 40 The field default is 20 hops e IST Master Identifies the region s master STEP 2 Define the relevant fields STEP 3 Click Apply The MSTP properties are defined and the device is updated Defining MSTP Instance to VLAN MSTP maps VLANs into STP instances Packets assigned to various VLANs are transmitted along different paths within Multiple Spanning Tree Regions MST Regions Regions are one or more Multiple Spanning Tr
131. RADIUS and Local and the RADIUS server is not available then the user is authenticated locally ESW 500 Series Switches Administration Guide 111 Configuring Device Security Defining Authentication STEP 1 Click Security gt Authentication gt Profiles The Profiles Page opens Profiles Page cisco Switch Co C Profile tame Methods oneole Def Local Network Default Local TAARI The Profiles Page contains the following fields e Profile Name Displays the Profile name defined for the Login Table e Methods Defines the user authentication methods The order of the authentication methods defines the order in which authentication is attempted For example if the authentication method order is RADIUS Local the system first attempts to authenticate the user on a RADIUS server If there is no available RADIUS server then authentication is attempted on the local data base Note that if the RADIUS server is available but authentication fails then the user is denied access The possible field values are Loca Authenticates the user at the device level The device checks the user name and password for authentication RADIUS Authenticates the user at the RADIUS server TACACS Authenticates the user at the TACACS server None Indicates that no authentication method is used to authenticate the user STEP 2 Click the Add button The Add Authentication Profile Page opens ESW 500 S
132. SIS Distributes IP routing information throughout a single Autonomous System in IP networks ANY Matches the protocol to any protocol e Source Port Defines the TCP UDP source port to which the ACE is matched This field is active only if 800 6 TCP or 800 17 UDP are selected in the Select from List drop down list The possible field range is 0 65535 e Destination Port Defines the TCP UDP destination port This field is active only if 800 6 TCP or 800 17 UDP are selected in the Select from List drop down list The possible field range is 0 65535 e Flag Set Sets the indicated TCP EtherChannel that can be triggered e ICMP Type Filters packets by ICMP message type The field values is 0 255 e ICMP Code Indicates and ICMP message code for filtering ICMP packets ICMP packets that are filtered by ICMP message type canalso be filtered by the ICMP message code e IGMP Type Filters packets by IGMP message or message types e Source ESW 500 Series Switches Administration Guide 170 Configuring Device Security Defining Access Control IP Address Displays the source port IP address to which packets are addressed to the ACE Wildcard Mask Displays the source IP address wildcard mask Wildcard masks specify which bits are used and which bits are ignored A wild card mask of 255 255 255 255 indicates that no bit is important A wildcard of 0 0 0 0 indicates that all the bits are importa
133. STEP 3 Define the fields STEP 4 Click Apply The new ARP VLAN configuration is defined and the device is updated ESW 500 Series Switches Administration Guide Configuring Ports Port Settings Configuring Ports Port Settings The Port Settings Page contains fields for defining port parameters To define port settings STEP 1 Click VLAN amp Port Settings gt Port Management gt Port Settings The Port Settings Page opens Port Settings Page cisco Switch Configuration Utiity Port Settings ipsa insect vil aha Copy hom Entry Namber Vo Entry Humbert Example 1 5 10 So Intortace Pom Type Con Bet ROY PVE EdherChannel Don HOODS copper TODDS copper OM copper NODS copper ot 2 338 to 5 6 7 9 a 39 ioes Da espe Da amp 1000s Comoe WOOOMecpeer Ue N S Fe TOO copper Da ODOM copper Sea EtG Iocs Da OOM cspper Da RRRRREEEERRREREREE The Port Settings Page contains the following fields e Copy From Entry Number Copies the port configuration from the specified table entry e To Entry Number s Assigns the copied port configuration to the specified table entry e Interface Displays the port number ESW 500 Series Switches Administration Guide 213 Configuring Ports Port Settings e Port Type Displays the port type The possible field values are 100M Copper 1000M Copper copper cable 1000M ComboC
134. Switches Administration Guide 340 Configuring Quality of Service Defining QoS Basic Mode e Trust Mode Displays the trust mode If a packet s CoS tag and DSCP tag are mapped to different queues the Trust Mode determines the queue to which the packet is assigned Possible values are CoS Sets trust mode to CoS on the device The CoS mapping determines the packet queue DSCP Sets trust mode to DSCP on the device The DSCP mapping determines the packet queue e Always Rewrite DSCP Rewrites the packet DSCP tag according to the QoS DSCP Rewriting configuration A ways Rewrite DSCP can only be selected if the Trust Mode is set to DSCP Rewriting DSCP Values Inthe DSCP Mapping Page define the Differentiated Services Code Point DSCP tag to use in place of the incoming DSCP tags STEP 2 Click DSCP Rewrite The DSCP Mapping Page opens ESW 500 Series Switches Administration Guide 341 Configuring Quality of Service Defining QoS Basic Mode DSCP Mapping Page DSCP Mapping DSCP in DSCP Out DSCPin DSCP Ow DSCPin DSCP Out DSCPin DSCP Out me 16 y 32 v wy 33 way 34 35 35 37 38 35 4 3 v BY 34 v 48 49 s Si 52 s 54 55 56 7 s8 so 60 6 48 v 49 vy s The DSCP Mapping Page contains the following fields e DSCP In Indicates the DSCP value in the incoming packet e DSCP Out Indicates the DSCP value in the outgoing packet STEP 3 Define the
135. Switches Administration Guide 348 Configuring SNMP Configuring SNMP Security e Authentication Indicates the Authentication method used STEP 2 Click the Add button The Add SNMP Group Membership Page opens Add SNMP Group Membership Page Add SNMP Group Membership User Name Engine ID Local ORemote Group Hame fa Authentication Method None z Password l Authentication Key l Privacy Key _ ee Apply The Add SNMP Group Membership Page provides information for assigning SNMP access control privileges to SNMP groups The Add SNMP Group Membership Page contains the following fields e UserName Provides a user defined local user list e Engine ID Indicates either the local or remote SNMP entity to which the user is connected Changing or removing the local SNMP Engine ID deletes the SNMP v3 User Database Local Indicates that the user is connected to a local SNMP entity Remote Indicates that the user is connected to a remote SNMP entity If the Engine ID is defined remote devices receive inform messages e Group Name Contains a list of SNMP groups to which the SNMP user belongs SNMP groups are defined in the SNMP Group Profile Page e Authentication Method Indicates the Authentication method used The possible field values are MD5 Key Users are authenticated using a valid HMAC MD5 key SHA Key Users are authenticated using a valid HMAC SHA 96 key
136. System Dashboard Page The Smart Ports Setting Page opens Smart Ports Setting Page Smart Ports Setting Select Port s for Profile SelectAll Clear All Assign Profile Select a port or range of ports ESW 500 Series Switches Administration Guide 82 Managing Smart Ports Configuring Smart Ports for Switches STEP 4 Select Switchin the Assign Profile drop down list Click Next The Smart Ports Switch Setting Page opens Smart Ports Switch Settings Page Ports gi VLAN Port Mode Trunk Native VLAN ID i Add Delete Trunk Allowed VLANs iv RSTP Link Type Point to Point 005 Policy switch map Macro Description Switch Bax Apply Trunk ports are not added automatically as members in all the VLANs Please use this page to add the Trunk Allowed VLANs manually The Smart Ports Switch Settings Page contains the following fields Ports Indicates the port to which Smart Port wizard settings are applied VLAN Port Mode Indicates the VLAN port mode enabled on the port The possible field value is Trunk Indicates the port belongs to VLANs in which all VLANs are tagged except for one VLAN that is untagged This is the default setting for ports that are connected to switches Trunk Native VLAN ID Defines the VLAN receiving untagged packets at ingress Trunk Allowed VLANs Defines VLANs that are allowed to receive untagged packets at egress RSTP Link Typ
137. TACACS Server Not Connected indicates there is no current connection between the device and the TACACS server ESW 500 Series Switches Administration Guide 121 Configuring Device Security Defining Authentication e Single Connection Maintains a single open connection between the device and the TACACS server when selected e Use Default Indicates that the factory default value is used STEP 3 Define the relevant fields STEP 4 Click Apply The TACACS settings are modified and the device is updated Defining RADIUS Remote Authorization Dial In User Service RADIUS servers provide additional security for networks RADIUS servers provide a centralized authentication method for web access The default parameters are user defined and are applied to newly defined RADIUS servers If new default parameters are not defined the system default values are applied to newly defined RADIUS servers To define RADIUS STEP 1 Click Security gt Authentication gt RADIUS The RADIUS Page opens RADIUS Page shit cisco RADIUS Accounting Sore ihe Doimi Parameters Detault Reties Default Timeout for Reply Default Dead Time Default Key String Source IP Address 090 rm P Sowce Authentication oe Number of Timeout Dead Key Usage on Hi Addon Prteahy IP Addvess Pon Retles toc Reply Tie Sting Type 188460 The RADIUS Page contains the following fields ESW 500 Series Switches Administr
138. TCAM resources which are used For example if more ACLs and policy maps are defined the system uses more TCAM resources ESW 500 Series Switches Administration Guide 71 Managing Smart Ports Managing Smart Ports The Smart Ports wizards provide network managers with quick and simple solution to configuring the devices by understanding and automatically configuring the port settings for various network devices including Desktop Allows network administrators to define settings for personal desktop users IP Phone and Desktop Allows network administrators to define settings between the switch and the IP Phone This helps ensure proper network management for voice traffic The Smart Port IP Phone and Desktop wizard allows network mangers to connect a phone and a PC Access Point Allows network administrators to manage the connection between the device and wireless access points Switch Allows network administrators to manage network settings between switches Router Allows network administrators to manage network settings between routers Guest Allows network administrators to define a port that is connected to a guest Server Allows network administrators to define a port that is connected to a server Printer Allows network administrators to define a port that is connected to a printer VS Camera Allows network administrators to define a port that is connected to aVS camera
139. The falling counter value that triggers the falling threshold alarm Rising and Falling The rising and falling counter values that trigger the alarm Interval Defines the alarm interval time in seconds e Owner Displays the device or user that defined the alarm Define the relevant fields Click Apply The RMON alarms are modified and the device is updated ESW 500 Series Switches Administration Guide 423 Aggregating Ports Aggregating Ports EtherChannels optimize port usage by linking a group of ports together to forma single aggregated group EtherChannels multiply the bandwidth between the devices increase port flexibility and provide link redundancy The device supports both static EtherChannels and Link Aggregation Control Protocol LACP EtherChannels LACP EtherChannels negotiate aggregating port links with other LACP ports located on a different device If the other device ports are also LACP ports the devices establish a EtherChannel between them Ensure the following All ports within a EtherChannel must be the same media type A VLAN is not configured on the port The port is not assigned to a different EtherChannel Auto negotiation mode is not configured on the port The port is in full duplex mode All ports in the EtherChannel have the same ingress filtering and tagged modes All ports in the EtherChannel have the same back pressure and flow control modes All ports in the EtherChann
140. Upik Select All Clear All Assign Profile ne STEP 5 Click Next The Smartports Guest Settings Page opens ESW 500 Series Switches Administration Guide 87 Managing Smart Ports Configuring Smart ports for Guests Smartports Guest Settings Page Guest 3 Ports g3 VLAN Port Mode Access Trunk Native VLAN ID fa Broadcast Storm Control 10 Spanning Tree Port Fast Enabled Spanning Tree BPDU Guard Enabled QoS Policy guest map Macro Description Guest Back Appr The Smartports Guest Settings Page contains the follow ing fields Ports Indicates the port to which Smart ports Wizard settings are applied VLAN Port Mode Indicates the VLAN port mode enabled on the port The value is Access indicates the value is Access Trunk Native VLAN ID Defines the VLAN receiving untagged packets at ingress The default value is VLAN 1 The user can change it to any other created VLAN through a drop down list Broadcast Storm Control Indicates the percentage of Broadcast Storm Control enabled on the port The value is 10 of the port speed Spanning Tree Port Fast Indicates Fast Link is enabled on the port If Fast Link mode is enabled for a port the Port State is automatically placed in the Forwarding state when the port link is up Fast Link optimizes the STP protocol convergence STP convergence can take 30 60 seconds in large networks Spanning Tree BPDU Guard Ind
141. VE Indicates that this portis protected by an uplink so that the forwarding decisions are overwritten by those of the port that protects it Make the appropriate selections and click Apply The device is updated ESW 500 Series Switches Administration Guide 218 Configuring VLANs Configuring VLANs VLANs are logical subgroups with a Local Area Network LAN which combine user Stations and network devices into a single unit regardless of the physical LAN segment to which they are attached VLANs allow network traffic to flow more efficiently within subgroups VLANs use software to reduce the amount of time it takes for network changes additions and moves to be implemented VLANs have no minimum number of ports and can be created per unit per device or through any other logical connection combination since they are software based and not defined by physical attributes VLANs function at Layer 2 Since VLANs isolate traffic within the VLAN a Layer 3 router working at a protocol level is required to allow traffic flow between VLANs Layer 3 routers identify segments and coordinate with VLANs VLANs are Broadcast and Multicast domains Broadcast and Multicast traffic is transmitted only in the VLAN in which the traffic is generated VLAN tagging provides a method of transferring VLAN information between VLAN groups VLAN tagging attaches a 4 byte tag to packet headers The VLAN tag indicates to which VLAN the packets belong
142. abled The default is 10 seconds STEP 3 Modify the relevant fields STEP 4 Click Apply The authentication settings are defined and the device is updated Authenticated Hosts The Authenticated Hosts Page contains a list of authenticated users ESW 500 Series Switches Administration Guide 158 Configuring Device Security Defining 8021x STEP 1 Click Security gt 8021X gt Authenticated Hosts The Authenticated Host Page opens Authenticated Hosts Page cisco Switch Configuration 193477 The Authenticated Hosts Page contains the following fields e UserName Lists the supplicants that were authenticated and are permitted on each port e Port Displays the port number e Session time Displays the amount of time in seconds the supplicant was logged on the port e Authentication Method Displays the method by which the last session was authenticated The possible field values are Remote Indicates the 8021x authentication is not used on this port port is forced authorized None Indicates the supplicant was not authenticated ESW 500 Series Switches Administration Guide 159 Configuring Device Security Defining Access Control RADIUS Indicates the supplicant was authenticated by a RADIUS server e MAC Address Displays the supplicant MAC address Defining Access Control Access Control Lists ACL allow network managers to define classification
143. abled VLAN Table Chapter Configuring Ports Port Settings Modifying Port Settings Chapter Configuring VLANs Defining VLAN Properties Modifying VLANs Defining VLAN Membership Modifying VLAN Membership 183 185 186 188 189 191 192 193 195 195 197 199 200 201 201 202 203 205 207 208 209 210 211 213 213 215 219 220 222 223 224 ESW 500 Series Switches Administration Guide Contents Assigning Ports to Multiple VLANs Defining Interface Settings Modifying VLAN Interface Settings Defining GVRP Settings Modifying GVRP Settings Defining Protocol Groups Modifying Protocol Groups Defining a Protocol Port Chapter Configuring IP Information IP Addressing Defining DHCP Relay Defining DHCP Relay Interfaces Managing ARP ARP Table Modifying ARP Settings Domain Name System Defining DNS Servers Default Parameters DNS Server Details Mapping DNS Hosts Chapter Defining Address Tables Defining Static Addresses Defining Dynamic Addresses Query By Section Chapter Configuring Multicast Forwarding IGMP Snooping Modifying IGMP Snooping Defining Multicast Group 226 229 230 232 234 236 237 238 241 241 243 245 247 249 250 251 251 252 253 256 256 259 262 262 264 266 ESW 500 Series Switches Administration Guide Contents Modifying a Multicast Group Defining Multicast Forwarding Modifying Multicast Forwarding Defining Unregistered Mul
144. accept SNTP traffic from a server To define SNTP global settings STEP 1 Click Monitor amp Device Properties gt System Management gt Time gt SNTP Settings The SW7P Settings Page opens SNTP Settings Page othtstlte cisco SNTP Settings Luable SNIP Broadcast Recepten Unicast SNTP Servers C SMTP Server Poll Interval Emcryption Key ID Prefereece State Last Respenne OSet Delay 0 Secondary Urknown 31 12 188000 0 The SNTP Settings Page contains the following fields e Enable SNTP Broadcast Reception Enables polling the selected SNTP Server for system time information e SNTP Server Indicates the SNTP server IP address Up to eight SNTP servers can be defined e Poll Interval Defines the interval in seconds at which the SNTP server is polled for system time information By default the poll interval is 1024 seconds ESW 500 Series Switches Administration Guide 103 Configuring System Time Defining SNTP Settings e Encryption Key ID Indicates the Key Identification used to communicate between the SNTP server and device The range is 1 4294967295 e Preference The SNTP server providing SNTP system time information The possible field values are Primary The primary server provides SNTP information Secondary The backup server provides SNTP information In progress The SNTP Server is currently sending or receiving SNTP information Unknown The progress of th
145. ached clients are denied access to the network Multi Session Enables number of specific authorized hosts to get access to the port Filtering is based on the source MAC address ESW 500 Series Switches Administration Guide 155 Configuring Device Security Defining 8021x e Action on Violation Defines the action to be applied to packets arriving in single host mode from a host whose MAC address is not the supplicant MAC address The possible field values are Forward Forwards the packet Discard Discards the packets This is the default value Shut Down Discards the packets and shuts down the port The ports remains shut down until reactivated or until the device is reset e Traps Indicates if traps are enabled for Multiple Hosts The possible field values are Enable indicates that traps are enabled for Multiple hosts Disable indicates that traps are disabled for Multiple hosts e Trap Frequency Defines the time period by which traps are sent to the host The Trap Frequency 1 1000000 field can be defined only if multiple hosts are disabled The default is 10 seconds e Status Indicates the host status If there is an asterisk the port is either not linked or is down The possible field values are WNotinAuto Mode Indicates the port is not linked or is down Unauthorized ndicates that either the port control is Force Unauthorized and the port link is do
146. acter Erone ret Contgret Use Defeat ean hon The Engine D Page contains the following fields Local Engine ID 10 64 Hex characters Indicates the local device engine ID The field value is a hexadecimal string Each byte in hexadecimal character strings consists of two hexadecimal digits Use Default Uses the device generated Engine ID The default Engine ID is based on the device MAC address and is defined per standard as e First 4 octets first bit 1 the rest is IANA Enterprise number e Fifth octet Setto 3 to indicate the MAC address that follows e Last 6 octets MAC address of the device The possible values are Checked Use the default Engine ID Unchecked Use a user defined Engine ID STEP 2 Define the relevant fields ESW 500 Series Switches Administration Guide Configuring SNMP Configuring SNMP Security STEP 3 Click Apply The SNMP Engine ID is defined and the device is updated Defining SNMP Views SNMP Views provide access or block access to device features or feature aspects For example a view displays that the SNMP Group A has Read Only R O access to Multicast groups while SNMP Group B has Read Write R W access to Multicast groups Feature access is granted via the MIB name or MIB Object ID To define SNMP views STEP 1 Click Monitor amp Device Properties gt SNMP gt Security gt Views The SNMP Views Page opens SNMP Views Page othiethte
147. age opens Interface Statistics Page otfecedes SMM Pyomess Pe cisco Switch Confi Interface Interfaco Receive Statistics Total Bytes Ocreni Unicast Packets Matticast Packets Broadcast Packets Packets with Errors O Transmit Statistics Total Bytes Octet Unicast Packets Multicast Packets Broadcat Packets Sam caren The nterface Statistics Page contains the following fields e Interface Indicates the interface for which statistics are displayed The possible field values are Port Defines the specific port for which Ethernet statistics are displayed EtherChanne Defines the specific EtherChannel for which Ethernet Statistics are displayed e Refresh Rate Defines the amount of time that passes before the interface Statistics are refreshed The possible field values are 15 Sec Indicates that the Ethernet statistics are refreshed every 15 seconds 30Sec Indicates that the Ethernet statistics are refreshed every 30 seconds ESW 500 Series Switches Administration Guide 398 Viewing Statistics Viewing Ethernet Statistics 60 Sec Indicates that the Ethernet statistics are refreshed every 60 seconds No Refresh Indicates that the Ethernet statistics are not refreshed The Receive Statistics area contains the following fields Total Bytes octets Displays the number of octets received on the interface since the page was last refreshed This number i
148. al Indicates the time in seconds that samplings are taken from the ports The field range is 1 3600 The default is 1800 seconds equal to 30 minutes Define the relevant fields Click Apply The history control settings are modified and the device is updated Viewing the RMON History Table The RMON History Table Page contains interface specific statistical network samplings Each table entry represents all counter values compiled during a single sample ESW 500 Series Switches Administration Guide 411 Viewing Statistics Configuring RMON History STEP 1 Click Statistics gt RMON Remote Management gt History The RMON History Control Page opens STEP 2 Click the History Table button The RMON History Table Page opens RMON History Table Page Ajali cisco 1 System Osrtooad ES History History Enty tte Owner Sample Drop eng Received Dioadcast Meticastt CRC Align Uedersize Oversize Fr Me Event Oem Packet Packets Packets Exrers Packets Packers 197m The RMON History Table Page contains the following fields e History Entry No Displays the entry number for the History Control Table page e Owner Displays the RMON station or user that requested the RMON information The field range is 0 20 characters e Sample No Indicates the sample number from which the statistics were taken e Drop Events Indicates the number of dropped packets due to lack of network resources durin
149. alue against the thresholds The possible field values are Delta Subtracts the last sampled value from the current value The difference in the values is compared to the threshold Absolute Compares the values directly with the thresholds at the end of the sampling interval Rising Threshold Displays the rising counter value that triggers the rising threshold alarm The rising threshold is presented on top of the graph bars Each monitored variable is designated a color ESW 500 Series Switches Administration Guide 422 Viewing Statistics Configuring RMON History STEP 3 STEP 4 Rising Event Selects an event which is defined in the Events table that triggers the rising threshold alarm The Events Table is displayed in the AMON Events Page Falling Threshold Displays the falling counter value that triggers the falling threshold alarm The falling threshold is graphically presented on top of the graph bars Each monitored variable is designated a color Falling Event Selects an event which is defined in the Events table that triggers the falling threshold alarm The Events Table is displayed in the RMON Events Page Startup Alarm Displays the trigger that activates the alarm generation Rising is defined by crossing the threshold from a low value threshold to a higher value threshold Rising Alarm The rising counter value that triggers the rising threshold alarm Falling Alarm
150. ame into a numeric IP address For example www ipexample com is translated into 192 87 56 2 DNS servers maintain databases of domain names and their corresponding IP addresses The Domain Name System contains the following pages e Defining DNS Servers e Mapping DNS Hosts Defining DNS Servers The DNS Servers Page contains fields for enabling and activating specific DNS servers To enable a DNS client ESW 500 Series Switches Administration Guide Configuring IP Information Domain Name System STEP 1 Click Monitor amp Device Properties gt System Management gt Domain Name System DNS gt DNS Servers The DNS Servers Page opens DNS Servers Page ethils cisco Switch Configuration Ut Enable DHS Detautt Pat ammeter Delati Domain Masse Type O DNS Server Active Serves 193534 The DNS Servers Page contains the following fields e Enable DNS Enables translating the DNS names into IP addresses The possible field values are Checked Translates the domains into IP addresses Unchecked Disables translating domains into IP addresses Default Parameters e Default Domain Name Specifies the user defined DNS server name 1 158 characters e Type Displays the IP address type The possible field values are DHCP The IP address is dynamically created Static The IP address is a static IP address e Remove Removes DNS servers The possible field values are
151. an ACE rule click the rule s checkbox and click the Delete Rule button STEP 2 Click the Add ACL button The Add P Based ACL Page opens ESW 500 Series Switches Administration Guide 171 Configuring Device Security Defining Access Control Add IP Based ACL Page Add IP Based ACL ACL Name faci2 TU New Rule Priority fi 1 Protocol amp ICMP z Protocol ID To Match l CAny Source Port Any Destination Port oO Any TCP Flags gt Se Se ICMP ICMP Code l Any IGMP Select from List DVMRP IGMP Type Any Source IP Address al WildCard mask l OAny Destination IP Address al WildCard mask l OAny Traffic Class 7 Match DSCP l OMatch IP Precedence Action l Permit z Apply The Add IP Based ACL Page contains the following fields ACL Name Defines the user defined IP based ACLs New Rule Priority Indicates the rule priority which determines which rule is matched to a packet on a first match basis Protocol Creates an ACE based on a specific protocol For a list of available protocols see the Protocol field description in the P Based ACL Page above Source Port Defines the TCP UDP source port to which the ACE is matched This field is active only if 800 6 TCP or 800 17 UDP are selected in the Select from List drop down list The possible field range is 0 65535 Destination Port Defines the TCP UDP destination port This field is active only if 800 6 TCP or
152. and disables the port to which the packet was addressed Ports are reactivated from the Port Management page STEP 3 Define the relevant fields STEP 4 Click Apply The IP Based ACL is defined and the device is updated Modifying IP Based ACL STEP 1 Click Security gt Access Control Lists ACL gt IP Based ACL The P Based ACL Page opens STEP 2 Click the Edit button The Edit IP Based ACL Page opens ESW 500 Series Switches Administration Guide 174 Configuring Device Security Defining Access Control Edit IP Based ACL Page Edit IP Based ACL ACL Hame acl2 New Rule Priority fi 1 Protocol ICMP J Protocol ID To Match OAny Source Port Any Destination Port Any TCP Flags 7 Urg Set X Ack Set z Psh Se ICMP OSelect from List Echo Reply ICMP Code P oa IGMP Select from List DVYMRFP I IGMP Type Any Source IP Address ne WildCard mask OAny Destination IP Address Aoo WildCard mask OAny Traffic Class 7 Match DSCP EA Match IP Precedence l Action l Permit Apy e The Edit IP Based ACL Page contains the following fields ACL Name Displays the user defined based ACLs New Rule Priority Indicates the rule priority which determines which rule is matched to a packet on a first match basis Protocol Creates an ACE based ona Specific protocol Fora list of available protocols see the Protocol field description in the ACL Page above Source Por
153. are Day The day of the week from which DST begins every year The possible field range is Sunday Saturday Week The week within the month from which DST begins every year The possible field range is First 2 3 4 Last Month The month of the year in which DST begins every year The possible field range is J an Dec Time The time at which DST begins every year The field format is Hour Minute for example 02 10 e To Indicates the day and time that DST ends each year For example DST ends locally every fourth Friday in October at 5 00 am The possible field values are Day The day of the week at which DST ends every year The possible field range is Sunday S aturday Week The week within the month at which DST ends every year The possible field range is First 2 3 4 Last Month The month of the year in which DST ends every year The possible field range is J an Dec Time The time at which DST ends every year The field format is Hour Minute for example 05 30 STEP 2 Define the relevant fields STEP 3 Click Apply The Time Settings are defined and the device is updated ESW 500 Series Switches Administration Guide 102 Configuring System Time Defining SNTP Settings Defining SNTP Settings The SNTP Settings Page contains information for enabling SNTP servers as well as adding new SNTP servers In addition the SW7P Settings Page enables the device to request and
154. at traps are sent every 60 seconds Broadcast Storm Control Indicates the percentage of Broadcast Storm Control enabled on the port The value is 10 of the port speed Spanning Tree Port Fast Indicates Fast Link is enabled on the port If Fast Link mode is enabled for a port the Port State is automatically placed in the ESW 500 Series Switches Administration Guide 90 Managing Smart Ports Configuring Smart ports for Printers STEP 6 STEP 7 STEP 8 Forwarding state when the port link is up Fast Link optimizes the STP protocol convergence STP convergence can take 30 60 seconds in large networks e Spanning Tree BPDU Guard Indicates if BPDU Guard is enabled on the interface e QoS Policy Indicates that the default QoS policy settings are applied to the port The Default policy is voice map e Macro Description Indicates the type of device connected to the port For servers this field is always Server Select a VLAN in the VLAN ID dropdown box Click Apply The Server port settings are saved and the device is updated Click OK The Smart ports Setting page opens Configuring Smart ports for Printers STEP 1 STEP 2 STEP 3 STEP 4 The Smart ports Setting Page allows network administrators to define settings between the device and a printer To configure ports using the printer Open the Small Business Pro web application The web application automatically opens to the Ports ar
155. ation below shows a MAC address of 00211BFE7218 ESW 540 24P K9 pepa Oams SO eatamaaaaatial Once you have the correct IP address that has been assigned to the switch you can begin configuring the switch Opena web browser Cisco recommends Internet Explorer version 6 or higher or Firefox version 3 or higher Enter the IP address that has been assigned to the switch in the address bar and press Enter The Log n page opens ESW 500 Series Switches Administration Guide 22 Getting Started Connecting to the Switch Log In page T cisco Switch Configuration Utility STEP 2 Entera user name and password The default user name is c sco and the default password is cisco Passwords are both case sensitive and alpha numeric STEP 3 Click Log In The Switch Configuration Utility System Dashboard Page opens STEP 4 A window opens that prompts you to change your username and password from the default Choose a new username and password then click Apply ESW 500 Series Switches Administration Guide 23 Getting Started Connecting to the Switch Switch Configuration Utility System Dashboard ajiaji cisco Switch Configuration U Nity System Dashboard ESW 520 48P Heahh and Meemering Meroe g STEP 5 You are now ready to proceed with additional switch configuration Using the Cisco Configuration Assistant CCA A NOTE To perform an installation using CCA you must have a PC
156. ation Guide 122 Configuring Device Security Defining Authentication Radius Accounting Defines the authentication method used for RADIUS session accounting Possible field values are 8021x 8021x authentication is used to initiate accounting Login Login authentication is used to initiate accounting Both Both 802 1x and login authentication are used to initiate accounting None No authentication is used to initiate accounting Default Retries Provides the default retries Default Timeout for Reply Provides the device default Timeout for Reply Default Dead Time Provides the device default Dead Time Default Key String Provides the device default Default Key String Source IP Address Defines the source IP address that is used for communication with RADIUS servers The following parameters are configured for each RADIUS server IP Address Displays the Authentication Server IP addresses Priority Indicates the server priority The possible values are 0 65535 where 1 is the highest value The RADIUS Server priority is used to configure the server query order Source IP Address Displays the Authentication port s IP address Authentication Port Identifies the authentication port The authentication portis used to verify the RADIUS server authentication The authentication port default is 1812 Accounting Port Indicates the port used to send login and logout mes
157. ation methods Loca Authenticates the user at the device level The device checks the user name and password for authentication No authentication method canbe added under Local RADIUS Remote Authorization Dial In User Service RADIUS servers provide additional security for networks TACACS Terminal Access Controller Access Control System TACACS provides centralized security user access validation None Indicates that no authentication method is used to authenticate the device No authentication method can be added under None Selected Methods Selects authentication methods from the methods offered in the Optional methods area e HTTP Configures the device HTTP settings Optional Methods Lists available authentication methods Loca Authenticates the user at the device level The device checks the user name and password for authentication No authentication method canbe added under Local RADIUS Remote Authorization Dial In User Service RADIUS servers provide additional security for networks TACACS Terminal Access Controller Access Control System TACACS provides centralized security user access validation None Indicates that no authentication method is used to authenticate the device No authentication method can be added under None Selected Methods Selects authentication methods from the methods offered in the Optional methods area STEP 2 Define the relevant fie
158. atistics ESW 500 Series Switches Administration Guide 399 Viewing Statistics Viewing Ethernet Statistics To view Etherlike Statistics STEP 1 Click Statistics gt Ethernet gt Etherlike The Etherlike Page opens Etherlike Page streift cisco Rehesh Rote Homerom Frame Check Sequence FCS Errors Single Collision Frames Late Collisions Oversize Packets leternal MAC Receive Enore Recetved Pause Frames Tranamitted Pame Frames Cosar Counters The Etherlike Page contains Ethernet like interface statistics The Etherlike Page contains the following fields e Interface Indicates the interface for which statistics are displayed The possible field values are Port Defines the specific port for which Etherlike statistics are displayed EtherChanne Defines the specific EtherChannel for which Etherlike Statistics are displayed e Refresh Rate Defines the amount of time that passes before the Etherlike Statistics are refreshed The possible field values are 15 Sec Indicates that the Etherlike statistics are refreshed every 15 seconds 30Sec Indicates that the Etherlike statistics are refreshed every 30 seconds ESW 500 Series Switches Administration Guide 400 Viewing Statistics Viewing Ethernet Statistics STEP 1 STEP 2 60 Sec Indicates that the Etherlike statistics are refreshed every 60 seconds No Refresh Indicates that the Ethe
159. ays the VLAN ID e Ports Displays the Multicast Forwarding ports status e EtherChannels Displays the Multicast Forwarding status of all of the device s EtherChannels e Interface Indicates the port or EtherChannel whose Multicast forwarding configuration is described e Interface Status Displays the interface status The options are as follows Static Attaches the port to the Multicast group as static member Forbidden Forbidden ports are not included the Multicast group even if IGMP snooping designated the port to join a Multicast group Excluded The portis not part of a Multicast group ESW 500 Series Switches Administration Guide 270 Configuring Multicast Forwarding Defining Multicast Forwarding STEP 2 STEP 3 STEP 4 Dynamic Attaches the port to the Multicast group as dynamic member Modifying Multicast Forwarding Click VLAN amp Port Settings gt Multicast gt Forward The Multicast Forward Page opens Click the Edit button The Edit Multicast Forward All Page opens Edit Multicast Forward All Page Edit Multicast Forward All VLAN ID 1 Interface g1 Interface Status Static z Ay O The Edit Multicast Forward All Page contains the following fields e VLAN ID Displays the VLAN ID e interface Displays the port or EtherChannel attached to the Multicast Group e Interface Status Displays the interface status of the port or EtherChannel The
160. bilities to its partner Current Auto Negotiation Displays the Auto Negotiation status on the port ESW 500 Series Switches Administration Guide 216 Configuring Ports Port Settings e Admin Advertisement Specifies the capabilities to be advertised by the Port The possible field values are Max Capability Indicates that all port speeds and Duplex mode settings can be accepted 10 Half ndicates that the portis advertising a 10 mbps speed and half Duplex mode setting 10 Full indicates that the port is advertising a 10 mbps speed and full Duplex mode setting 100 Half Indicates that the port is advertising a 100 mbps speed and half Duplex mode setting 100 Full indicates that the port is advertising a 100 mbps speed and full Duplex mode setting 1000 Full ndicates that the port is advertising a 1000 mbps speed and full Duplex mode setting e Current Advertisement The port advertises its capabilities to its neighbor port to start the negotiation process The possible field values are those specified in the Admin Advertisement field e Neighbor Advertisement Displays the neighbor port the port to which the selected interface is connected advertises its capabilities to the port to start the negotiation process The possible values are those specified in the Admin Advertisement field e Admin Back Pressure Enables Back Pressure mode on the port Back Pressure mode is
161. bject ID List There are two configuration options Selectfrom List Select the OID from the list provided Pressing the Up and Down buttons allows you to change the priority by moving the selected subtree up or down in the list Object D Enter an OID not offered in the Se ect from Listoption e Filter Type Indicates whether OID based informs or traps are sent to trap recipients Excluded Restricts sending OID traps or informs Included Sends OID traps or informs STEP 3 Define the relevant fields STEP 4 Click Apply The SNMP Notification Filter is added to the list and the device is updated ESW 500 Series Switches Administration Guide 369 Configuring SNMP Managing Cisco Discovery Protocol Managing Cisco Discovery Protocol STEP 1 The Cisco Discovery Protoco CDP is a Cisco proprietary protocol that enables devices to advertise their existence to other devices by CDP sending out periodic updates to a Multicast address In addition CDP allows devices to receive information about other devices on the same LAN or on the remote WAN side The system supports CDP versions 1 and 2 To enable CDP on the device Click Monitor amp Device Properties gt CDP The CDP Page opens CDP Page a Small Business Pro Logout About Help cisco Switch Configuration L C System Dashboard ESW 520 gMonitor amp Device Properties System Management a SNMP Dew Voice VLAN 100 a Maintenance
162. ces Defining PoE Settings STEP 1 Click VLAN amp Port Settings gt Port Management gt PoE Settings The PoE Settings Page opens PoE Settings Page stleje cisco Switch Configuralion PoE Settings Total Pet Power Consumption M Total PoE Power Available WW Por Admin Status Prictity Power Allocation mW Power Consumption mW Enable Low 0 E 2 Enadle Enadle s Enadle J Enable Enable 7 Ea 5 Enadle Enable sls Enadle Enadle 193615 The PoE Settings Page displays the currently configured PoE ports and contains the following information e Total PoE Power Consumption W Displays the total amount of power consumed by PoE ports e Total PoE Power Available W Displays the total amount of power available to PoE ports e Port Displays the selected port number e Admin Status Indicates whether PoE is enabled or disabled on the port The possible values are Enable Enables PoE on the port This is the default setting Disable Disables PoE on the port ESW 500 Series Switches Administration Guide 383 Managing Power over Ethernet Devices Defining PoE Settings Priority Indicates the PoE port priority The possible values are Critical High and Low The default is Low Power Allocation mW Indicates the power in milliwatts allocated to the port The range i
163. ches Administration Guide 309 Configuring Quality of Service Defining General Settings Defining General Settings The QoS General Settings section contains the following pages Defining CoS Defining QoS Queue Mapping CoS to Queue Mapping DSCP to Queue Configuring Bandwidth VLAN Rate Limit Defining CoS The CoS Page contains fields for enabling or disabling CoS Basic or Advanced mode In addition the default CoS for each port or EtherChannel is definable ESW 500 Series Switches Administration Guide 310 Configuring Quality of Service Defining General Settings STEP 1 Click Quality of Service gt General gt CoS The CoS Page opens CoS Page stisli cisco imeitaco Default Cos g x p p 6 e y P P b The CoS Page contains the following fields e QoS Mode Indicates if QoS is enabled on the device The possible values are Advanced Enables Advanced mode QoS on the device Basic Enables QoS onthe device Disable Disables QoS onthe device e Ports Indicates that the CoS configuration of the ports are described in the page e EtherChannels Indicates that the CoS configuration of the EtherChannels are described in the page e Interface Indicates the interface for which the CoS information is displayed e Default CoS Displays the default CoS value for incoming packets for which a VLAN tag is not defined The possible field values are 0 7 The de
164. cific protocol The possible field values are ICMP Internet Control Message Protocol ICMP The ICMP allows the gatew ay or destination host to communicate with the source host For example to report a processing error IGMP Internet Group Management Protocol IGMP Allows hosts to notify their local switch or router that they want to receive transmissions assigned to aspecific multicast group IP Internet Protocol IP Specifies the format of packets and their addressing method IP addresses packets and forwards the packets to the correct port TCP Transmission Control Protocol TCP Enables two hosts to communicate and exchange data streams TCP guarantees packet delivery and guarantees packets are transmitted and received in the order the are sent EGP Exterior Gateway Protocol EGP Permits exchanging routing information between two neighboring gateway hosts in an autonomous systems network IGP Interior Gateway Protocol IGP Allows for routing information exchange between gateways in an autonomous network UDP User Datagram Protocol UDP Communication protocol that transmits packets but does not guarantee their delivery HMP Host Mapping Protocol HMP Collects network information from various networks hosts HMP monitors hosts spread over the internet as well as hosts in a single network RDP Remote Desktop Protoco RDP Allows a clients to communicate with the Terminal Server
165. cilities e Classifying incoming traffic into handling classes based on an attribute including The ingress interface Packet content A combination of these attributes e Providing various mechanisms for determining the allocation of network resources to different handling classes including The assignment of network traffic to a particular hardware queue The assignment of internal resources Traffic shaping The terms Class of Service CoS and QoS are used in the following context e CoS provides varying Layer 2 traffic services CoS refers to classification of traffic to traffic classes which are handled as an aggregate whole with no per flow settings CoS is usually related to the 8021p service that classifies flows according to their Layer 2 priority as set in the VLAN header e QoS refers to Layer 2 traffic and above QoS handles per flow settings even within a single traffic class The QoS facility involves the following elements e Access Control Lists ACLs Used to decide which traffic is allowed to enter the system and which is to be dropped Only traffic that meets this criteria are subject to CoS or QoS settings ACLs are used in QoS and network security ESW 500 Series Switches Administration Guide 301 Configuring Quality of Service Managing QoS Statistics e Traffic Classification Classifies each incoming packet as belonging to a given traffic class based on the packet contents a
166. ck Security gt Access Control Lists ACL gt MAC Based ACL The MAC Based ACL Page opens STEP 2 Select an existing ACL from the ACL Name drop down list STEP 3 Click the Add Rule button The Add Rule Page opens Add MAC Based Rule Page Add MAC Based Rule ACL Hame New Rule Priority Souree MAC Addresa Wildcard Mask Oany Dest MAC Address Wildcard Mask Oany VLAN ID inner VLAN 802 1p 902 1p Mask Prhertype Action The Add MAC Based Rule Page contains the following fields e ACL Name Displays the user defined MAC based ACLs e New Rule Priority Indicates the ACE priority which determines which ACE is matched to a packet on a first match basis The possible field values are 1 2147483647 e Source MAC Address ESW 500 Series Switches Administration Guide 164 Configuring Device Security Defining Access Control MAC Address Matches the source MAC address from which packets are addressed to the ACE Wildcard Mask ndicates the source MAC Address wild card mask Wildcards are used to mask all or part of a source MAC Address Wild card masks specify which octets are used and which octets are ignored A wild card mask of ff ffff ff ffff indicates that no octet is important A wildcard of 00 00 00 00 00 00 indicates that all the octets are important For example if the source MAC address 09 00 07 A9 B2 EB and the wildcard mask is 00 ff 00 ff 00 ff the
167. col Group is added and the device is updated Modifying Protocol Groups The Edit Protocol Group Page provides information for configuring existing VLAN protocol groups STEP 1 Click VLAN amp Port Settings gt VLAN Management gt Protocol Group The Protocol Group Page opens STEP 2 Click the Edit Button The Edit Protocol Group Page opens ESW 500 Series Switches Administration Guide 237 Configuring VLANs Defining a Protocol Port Edit Protocol Group Page Edit Protocol Group Frame Type Ethernet Protocol Value alb1 Group ID Hex i ti t SC S Apply The Edit Protocol Group Page contains the following fields e Frame Type Displays the packet type e Protocol Value Displays the User defined protocol value e Group ID Hex Defines the Protocol group ID to which the interface is added The possible value range is 1 2147483647 in hexadecimal format STEP 3 Define the relevant fields STEP 4 Click Apply The Protocol group is modified and the device is updated Defining a Protocol Port The Protoco Port Page adds interfaces to Protocol groups To define the protocol port ESW 500 Series Switches Administration Guide Configuring VLANs Defining a Protocol Port STEP 1 Click VLAN amp Port Settings gt VLAN Management gt Protocol Port The Protocol Port Page opens Protocol Port Page ahal a Byun cisco Switch Configuration Utility wi Protocol Por
168. curity Defining Authentication STEP 3 STEP 4 STEP 1 STEP 2 Use Default Uses the default value for the parameter If Use Default check box is selected the global value of 0 0 0 0 is used and interpreted as a request to use the IP address of the outgoing IP interface e Key String Defines the authentication and encryption key for TACACS server The key must match the encryption key used on the TACACS server The possible values are User Defined Allows the user to define the Key String value Use Default Uses the default value for the parameter If Use Default check box is selected the global value is used which is an empty String e Authentication Port Defines the port number through which the TACACS session occurs The default is port 49 e Timeout for Reply Defines the amount of time that passes before the connection between the device and the TACACS server times out The field range is 1 30 seconds User Defined Allows the user to define the Timeout for Reply value Use Default Uses the default value for the parameter If Use Default check box is selected the default is 5 seconds e Single Connection Enables a single open connection between the device and the TACACS server when selected Define the relevant fields Click Apply The TACACS server is added and the device is updated Modifying TACACS Settings Click Security gt Authentication gt TA
169. d from the table The range is 1 40000000 where zero indicates that entries are never cleared from the cache The default value is 60 000 seconds e Clear ARP Table Entries Indicates the type of ARP entries that are cleared on all devices The possible values are None ARP entries are not cleared A All ARP entries are cleared Dynamic Only dynamic ARP entries are cleared Static Only static ARP entries are cleared ESW 500 Series Switches Administration Guide 248 Configuring IP Information Managing ARP ARP Table e Interface Indicates the interface for which the ARP parameters are defined e IP Address Indicates the station IP address which is associated with the MAC address e MAC Address Indicates the station MAC address whichis associated in the ARP table with the IP address e Status Indicates the ARP Table entry status Possible field values are Dynamic indicates the ARP entry was learned dynamically Static Indicates the ARP entry is a static entry STEP 2 Click Add The Add ARP Page opens Add ARP Page Add ARP VLAN P Addi ess 0000 MAC Adiress The Add ARP Page contains the following fields e VLAN Indicates the ARP enabled interface e IP Address Indicates the station IP address which is associated with the MAC address filled in below e MAC Address Indicates the station MAC address whichis associated in the ARP table w
170. d Aggregated Policer Statistics ESW 500 Series Switches Administration Guide Configuring Quality of Service Managing QoS Statistics STEP 1 Click Quality of Service gt QoS Statistics gt Aggregate Policer The Aggregate Policer Page opens Aggregate Policer Page othtethte cisco Switch Configuration U EJ System Dasttowd CSW paat s Pena Aggregate Policer A Martens Ea ora D Aggregate Policor Name in profile bytes Outet profile bytes Dote A 196562 The Aggregate Policer Page contains the following fields e Aggregate Policer Name Indicates the port or EtherChannel on which the packets were received e In profile Bytes Displays the total number of in profile packets that were received e Out of profile Bytes Displays the total number of out of profile packets that were received ESW 500 Series Switches Administration Guide Configuring Quality of Service Managing QoS Statistics STEP 2 Click the Add button The Add Aggregate Policer Page opens Add Aggregate Policer Ayy eyste Police Name The Add Aggregate Policer Page includes one field the Aggregate Policer Name STEP 3 Define the relevant fields STEP 4 Click Apply The Aggregate Police defined and the device is updated ESW 500 Series Switches Administration Guide 306 Configuring Quality of Service Managing QoS Statistics Resetting Aggregate Policer Statistics Counters STE
171. d Interfaces configuration is defined and the device is updated Binding Addresses to the DHCP Snooping Database The Binding Database Page contains parameters for querying and adding IP addresses to the DHCP Snooping Database To bind addresses to the DHCP Snooping database ESW 500 Series Switches Administration Guide 191 Configuring Device Security Defining DHCP Snooping STEP 1 Click Security gt DHCP Snooping gt Binding Database The Binding Database Page opens Binding Database Page halt cisco Binding Database Query by LI MAC Address CI IP Addresa CI VLAN CI interface tretwren o Osy 0 MAC Address VLAN ID IP Address terface Type Lease Time Back Ment Dalet 7 Aes STEP 2 Define any of the following fields as a query filter Query By e MAC Address Indicates the MAC addresses recorded in the DHCP Database The Database can be queried by MAC address e IP Address Indicates the IP addresses recorded in the DHCP Database The Database can be queried by IP address e VLAN Indicates the VLANs recorded in the DHCP Database The Database can be queried by VLAN e Interface Contains a list of interface by which the DHCP Database canbe queried The possible field values are Ports Queries the VLAN database by a port number ESW 500 Series Switches Administration Guide 192 Configuring Device Security Defining DHCP Snooping
172. d on individual ports or EtherChannels To enable IP Source Guard ESW 500 Series Switches Administration Guide 195 Configuring Device Security Defining DHCP Snooping STEP 1 Click Security gt DHCP Snooping gt IP Source Guard gt Properties The P Source Guard Properties Page opens IP Source Guard Properties Page hut noes cisco Switch Configuration Utility C System Oashdoerd E The P Source Guard Properties Page contains the following fields e IP Source Guard Status Enables the use of IP Source Guard status on the device Enable indicates that IP Source Guard is enabled for the device Disable indicates that IP Source Guard is disabled for the device STEP 2 Enable or Disable use of IP Source Guard on the device STEP 3 Click Apply The IP Source Guard configuration is modified and the device is updated ESW 500 Series Switches Administration Guide 196 Configuring Device Security Defining DHCP Snooping Defining IP Source Guard Interface Settings In the P Source Guard Interface Settings Page IP Source Guard can be enabled on DHCP Snooping untrusted interfaces permitting the transmission of DHCP packets allowed by DHCP Snooping If source IP address filtering is enabled packet transmission is permitted as follows e Pv4 traffic Only IP v4 traffic with a source IP address that is associated with the specific port is permitted e Non IPv4 traffic All non
173. ddress table STEP 2 Define the relevant fields STEP 3 Click Apply Dynamic addressing is defined and the device is updated ESW 500 Series Switches Administration Guide 260 Defining Address Tables Defining Dynamic Addresses Query By Section Inthe Query By section select the preferred option for sorting the addresses table e Interface Specifies the interface for which the table is queried The query can search for a specific port or EtherChannel e MAC Address Specifies the MAC address for which the table is queried e VLAN ID Specifies the VLAN ID for which the table is queried e Address Table Sort Key Specifies the means by which the Dynamic MAC Address Table is sorted The address table canbe sorted by address VLAN or interface STEP 4 Define the relevant fields STEP 5 Click Query The Dynamic MAC Address Table is queried and the results are displayed ESW 500 Series Switches Administration Guide 261 Configuring Multicast Forwarding IGMP Snooping Configuring Multicast Forwarding The Multicast section contains the following pages e IGMP Snooping e Defining Multicast Group e Defining Multicast Forwarding e Defining Unregistered Multicast Settings IGMP Snooping When IGMP Snooping is enabled globally all IGMP packets are forwarded to the CPU The CPU analyzes the incoming packets and determines e Which ports want to join which Multicast groups e Which po
174. des Auto sensing technology enables each port to automatically detect the speed of the device connected to it and adjust its speed and duplex accordingly These ports are typically used for devices such as PCs servers IP phones and Access Points and are highlighted RED in the examples 2 Uplink Ports These ports are typically used for connecting to other switches routers or network backbone devices and are highlighted in YELLOW inthe examples The mini GBIC ports are a type of uplink port 3 Imini GBIC Ports The mini G BIC Gigabit Interface Converter portis a connection pointfor a mini GBIC expansion module allowing the switch to be uplinked via fiber to another switch Each mini GBIC port provides a link to a high speed network segment or individual workstation at speeds of up to 1000 Mbps The mini GBIC ports are highlighted in GREEN in the examples ESW 500 Series Switches Administration Guide 15 Getting Started Typical Installation Methods ESW 520 24 24P ESW 520 48 48P ESW 540 24 24P ESW 540 48 ESW 500 Series Switches Administration Guide 16 Getting Started Connecting to the Switch Connecting to the Switch NOTE STEP 1 STEP 2 This section contains information for starting the Switch Configuration Utility to provision the switch features There are four different options to connect to the switch three of which launch the Switch Configuratio
175. device belongs is defined A configuration consists of the name revision and region to which the device belongs Network Administrators can define MSTP Instances settings using the MSTP Instance Settings Page Click VLAN amp Port Settings gt Spanning Tree STP gt MSTP gt Instance Settings The MSTP Instance Settings Page opens MSTP Instance Settings Page ot ecadty cisco Instance Settings Instance ID Baldge Prioriny Designated Root Beidge II 2708 00 2t 15 Jen Reet Pon Reet Path Cost Beidge ID Rematntes Hops Aeoty The MSTP Instance Settings Page contains the following fields e Instance ID Lists the MSTP instances configured on the device e Included VLAN Maps the selected VLAN to the selected instance Each VLAN belongs to one instance e Bridge Priority Specifies the selected spanning tree instance device priority The field range is 0 61440 ESW 500 Series Switches Administration Guide 293 Configuring Spanning Tree Defining Multiple Spanning Tree e Designated Root Bridge ID Indicates the priority and MAC address of the bridge with the lowest path cost to the instance ID e Root Port Indicates the selected instance s root port e Root Path Cost Indicates the selected instance s path cost e Bridge ID Indicates the priority and MAC address of the selected instance e Remaining Hops Indicates the number of hops remaining to the next destination
176. dressed ESW 500 Series Switches Administration Guide 165 Configuring Device Security Defining Access Control STEP 4 Define the relevant fields STEP 5 Click Apply The ACL Rule is defined and the device is updated Modifying MAC Based ACL STEP 1 Click Security gt Access Control Lists ACL gt MAC Based ACL The MAC Based ACL Page opens STEP 2 Click the Edit button The Rule Settings Page opens Rule Settings Page Rule Settings ACL Hame ACLI Rute Priority 1 Souce MAC Adhess 000000117233 Wildcard Mask OAny Dem MAC Address 00 00 00 11 22 34 Wildcard Mask T Oan VLAN ID 1 inner VLAN 2021p 802 1p Mask Lthertype Action The Rule Settings Page contains the following fields e ACL Name Displays the user defined MAC based ACLs e Rule Priority Indicates the rule priority which determines which rule is matched to a packet ona first match basis e Source MAC Address MAC Address Matches the source MAC address from which packets are addressed to the ACE ESW 500 Series Switches Administration Guide 166 Configuring Device Security Defining Access Control STEP 3 Wildcard Mask Indicates the source MAC Address wild card mask Wildcards are used to mask all or part of asource MAC Address Wild card masks specify which octets are used and which octets are ignored A wild card mask of ff ffff ff ffff indicates that no octet
177. ds e Port Indicates the port to which Smart Port wizard settings are applied e VLAN Port Mode Indicates the VLAN port mode enabled on the port The possible value is ESW 500 Series Switches Administration Guide 15 Managing Smart Ports Configuring Smart Ports for Desktops STEP 5 Access Indicates a port belongs to a single untagged VLAN This is the default setting for ports that are connected to desktops VLAN ID Indicates the VLAN to which the port belongs Port Security Mode Defines the locked port type The possible field value is Dynamic Lock Locks the port with current learned addresses The dynamic addresses associated with the port are not aged out or relearned on the portas long as the port is locked Max MAC Addresses Indicates the maximum number of MAC addresses that can be learned on the port The field default is 1 Port Security Actions Indicates the action applied to packets arriving ona locked port The possible field value is Discard Discards packets from any unlearned source This is the default value Violation Trap Every Indicates that traps are sent every 60 seconds Broadcast Storm Control Indicates if the percentage of Broadcast Storm Control enabled on the port The default value is 10 of the port speed Spanning Tree Port Fast Indicates if Fast Link is enabled on the port If Fast Link mode is enabled for a port the Port State is aut
178. e Displays the Rapid Spanning Tree Link type The default value for switches is point to point QoS Policy Indicates that the default QoS policy settings are applied to the port The name of the default QoS policy is switch map ESW 500 Series Switches Administration Guide 83 Managing Smart Ports Configuring Smart Ports for Routers e Macro Description Indicates the type of device connected to the port For switches this field is always Switch STEP 5 Selecta VLAN inthe Trunk Native VLAN ID drop down list STEP 6 Select which trunks are permitted in the VLAN using the Add and Delete buttons STEP 7 Click Apply The switching port settings are saved and the device is updated STEP 8 Click OK The Smart ports Setting page opens Configuring Smart Ports for Routers The Smart Port Router Page allows network administrators to manage network settings between routers To configure smart ports for routers STEP 1 Openthe Switch Configuration Utility The web application automatically opens to the System Dashboard Page STEP 2 Click Smart Ports Wizard under Ports on the System Dashboard Page The Smart Ports Setting Page opens ESW 500 Series Switches Administration Guide 84 Managing Smart Ports Configuring Smart Ports for Routers Smart Ports Setting Page Smart Ports Setting Select Port s for Profile SelectAll Clear All Assign Profile STEP 3 Selecta portor range of ports STEP 4
179. e If selected users accessing the device using Telnet meeting access profile criteria are permitted or denied access to the device e Interface Defines the interface on which the access profile is defined The possible field values are Port Specifies the port on which the access profile is defined EtherChanne Specifies the EtherChannel on which the access profile is defined VLAN Specifies the VLAN on which the access profile is defined e Source IP Address Defines the interface source IP address to which the access profile applies The Source IP Address field is valid for a subnetwork e Network Mask Determines what subnet the source IP Address belongs to in the network e Prefix Length Defines the number of bits that comprise the source IP address prefix or the network mask of the source IP address e Action Defines the action attached to the rule The possible field values are Permit Permits access to the device Deny Denies access to the device This is the default STEP 3 Define the relevant fields STEP 4 Click Apply The profile rules are defined and the device is updated Defining Traffic Control The Traffic Control section contains the following pages ESW 500 Series Switches Administration Guide 137 Configuring Device Security Defining Traffic Control NOTE e Defining Storm Control e Defining Port Security Defining Storm Control Storm Co
180. e Extended Feature page contains the following fields Cable Status Displays the cable status Speed Indicates the speed at which the cable is transmitting packets Link Status Displays the current link status Pair The pair of cables under test Distance to Fault Indicates the distance between the port and where the cable error occurred Status Displays the cable status Cable length Displays the cable length Channel Displays the cable s channel Polarity Automatic polarity detection and correction permits on all RJ 45 ports for automatic adjustment of wiring errors Pair Skew Reaction or transmission time in nanoseconds for the selected cable pair and given cable length ESW 500 Series Switches Administration Guide 436 Managing Device Diagnostics Performing GBIC Uplink Testing STEP 3 Click Done to close the window Performing GBIC Uplink Testing The GBIC Uplink Page allows network managers to perform tests on Fiber Optic cables Optical transceiver diagnostics can be performed only when the link is present During the port test the port moves to a downstate STEP 1 Click Maintenance gt Diagnostics gt GBIC Uplink Ports The GB C Uplink Ports Page opens othectlts cisco Pet Temperance Voltage Coment Output Power input Power Trasemitte Fault Lose of Signal Date Ready p ws wS ws ws NS Ns Fae The GBIC Uplink Ports page contains the following fields e Port
181. e IP address to whom the traps are sent e Notification Type Defines the notification sent The possible field values are Trap ndicates traps are sent Inform ndicates informs are sent Either SNMPv1 2 or SNMPv3 may be used as the version of traps with only one version enabled at a single time The SNMPv1 2 Notification Recipient area contains the following fields e SNMPv1 2 Enables SNMPv1 2 as the Notification version If SNMP v1 2 is enabled the Community String and Notification Version fields are enabled for configuration e Community String Identifies the community string of the trap manager e Notification Version Determines the trap type The possible field values are SNMP VI Indicates SNMP Version 1 traps are sent SNMP V2 Indicates SNMP Version 2 traps are sent The SNMP v3 Notification Recipient area contains the following fields e SNMPv3 Enables SNMPv3 as the Notification version If SNMP v3 is enabled the User Name and Security Level fields are enabled for configuration e User Name Defines the userto whom SNMP notifications are sent e Security Level Defines the means by which the packet is authenticated The possible field values are No Authentication Indicates the packet is neither authenticated nor encrypted Authentication ndicates the packet is authenticated Privacy Indicates the packet is both authenticated and encrypted The UDP Port N
182. e Log Servers The Add Syslog Server Page contains the following fields Log Server IP Address Specifies the server to which logs can be sent UDP Port Defines the UDP port to which the server logs are sent The possible range is 1 to 65535 The default value is 514 Facility Defines a user defined application from which system logs are sent to the remote server Only one facility can be assigned to a single server If a second facility level is assigned the first facility is overridden All applications defined for a device utilize the same facility on a server The field default is Local 7 The possible field values are Local 0 Local 7 Description Provides a user defined server description Minimum Severity Indicates the minimum severity level of logs that are sent to the server For example if Notice is selected all logs from a Notice severity and higher are sent to the remote server The following are the available log severity levels Emergency The highest warning level If the device is down or not functioning properly an emergency log message is saved to the specified logging location Alert The second highest warning level An alert log is saved if there is aserious device malfunction for example all device features are down ESW 500 Series Switches Administration Guide 393 Managing System Logs Remote Log Servers STEP 3 STEP 4 STEP 1 STEP 2 Critical The
183. e SNTP information currently being sent is unknown For example the device is currently trying to locate an interface e Status The operating SNTP server status The possible field values are Up The SNTP Server is currently operating normally Down Indicates that a SNTP server is currently not available For example the SNTP server is currently not connected or is currently down Unknown Indicates that the device sntp client is currently looking for sntp server e Last Response Indicates the last time a response was received from the SNTP server e Offset Indicates the difference in minutes between DST and the local standard time T he default time is 60 minutes e Delay Indicates the amount of time it takes to reach the SNTP server STEP 2 Click the Add button The Add SNTP Server Page opens ESW 500 Series Switches Administration Guide 104 Configuring System Time Defining SNTP Authentication Add SNTP Server Page Add SNTP Server SHTP Server IP Address _lEnahte Poll intervat Licryption Key ID The Add SNTP Server Page contains the following fields e SNTP Server The SNTP server s IP address e Enable Poll Interval Select whether or not the device polls the selected SNTP server for system time information e Encryption Key ID Select if Key Identification is used to communicate between the SNTP server and device The range is 1 4294967295 STEP 3 Define t
184. e STP settings are displayed EtherChannels Display the RSTP configurations of device EtherC hannels Port Role Indicates the port role assigned by the STP algorithm in order to provide to STP paths The possible field values are Root Provides the lowest cost path to forward packets to root switch ESW 500 Series Switches Administration Guide 285 Configuring Spanning Tree Defining Rapid Spanning Tree Designated Indicates that the port or EtherChannel via which the designated switch is attached to the LAN Alternate Provides an alternate path to the root switch from the root interface Backup Provides a backup path to the designated port path toward the Spanning Tree leaves Backup ports occur only when two ports are connected ina loop by a point to point link Backup ports also occur whena LAN has two or more connections connected to a shared segment Disable Indicates the port is not participating in the Spanning Tree e Mode Indicates the current Spanning Tree mode The possible field values are STP Indicates that Classic STP is enabled on the port RSTP Indicates that Rapid STP is enabled on the port e Fast Link Operational Status Indicates if Fast Link is enabled or disabled for the port or EtherChannel If Fast Link is enabled for a port the port is automatically placed in the forwarding state The possible field values are Enable Fast Link is enabled
185. e enabled for the Smart Port wizards by default However the initial configuration of the Smart Ports wizards can only occur if the Startup Configuration file is empty Click Smart ports Wizard under Ports on the Ports are enabled for the Smart Port wizards by default Select a port or range of ports Select Printerin the Assign Role dropdown box ESW 500 Series Switches Administration Guide 91 Managing Smart Ports Configuring Smart ports for Printers Smart ports Setting Page Smart Ports Setting Select Port s for Profile Select All Clear All Assign Profile Printer STEP 5 Click Next The Smartports Printer Settings Page opens Smartports Printer Settings Page Printer Ports e8 VLAN Port Mode Access Trunk Native VLAN ID MH Port Security Mode Dynamic Lock Max MAC Addresses 3 Port Security Action Discard Violation Trap Every 60 Sec Broadcast Storm Control 10 Spanning Tree Port Fast Enabled Spanning Tree BPDU Guard Enabled QoS Policy general map Macro Description Printer i aoe The Smartports Printer Settings Page contains the following fields e Ports Indicates the port to which Smart ports Wizard settings are applied e VLAN Port Mode Indicates the VLAN port mode enabled on the port The value is Access Indicates the value is Access ESW 500 Series Switches Administration Guide 92 Managing Smart Ports Configuring Smart ports for Printers
186. e false ARP packets are inserted into the subnet Packets are classified as e Trusted Indicates that the interface IP and MAC address are recognized and recorded in the ARP Inspection List Trusted packets are forward without ARP Inspection Untrusted Indicates that the packet arrived from an interface that does not have a recognized IP and MAC addresses The packet is checked for Source MAC Compares the packet s source MAC address in the Ethernet header against the sender s MAC address in the ARP request This check is performed on both ARP requests and responses Destination MAC Compares the packet s destination MAC address in the Ethernet header against the destination interface s MAC address This check is performed for ARP responses P Addresses Checks the ARP body for invalid and unexpected IP addresses Addresses include 0 0 0 0 255 255 255 255 and all IP Multicast addresses ESW 500 Series Switches Administration Guide 202 Configuring Device Security Defining Dynamic ARP Inspection If the packet s IP address was not found in the ARP Inspection List and DHCP snooping is enabled for a VLAN a search of the DHCP Snooping Database is performed If the IP address is found the packet is valid and is forwarded NOTE ARP inspection is performed only on untrusted interfaces The ARP Inspection section contains the following topics e Defining ARP Inspection Properties e Defi
187. e field values are 1 2147483647 Source MAC Address Defines the source MAC address to match the ACE Source MAC Mask Defines the source MAC mask to match the ACE Destination MAC Address Defines the destination MAC address to match the ACE Destination MAC Mask Defines the destination MAC mask to the which packets are matched VLAN ID Matches the packet s VLAN ID to the ACE The possible field values are 1 to 4093 Inner VLAN Matches the ACE to the inner VLAN ID of a double tagged packet 8021p Displays the packet tag value ESW 500 Series Switches Administration Guide 161 Configuring Device Security Defining Access Control e 8021p Mask Displays the wildcard bits to be applied to the CoS e Ethertype Displays the Ethernet type of the packet e Action Indicates the ACL forwarding action For example the port can be shut down a trap can be sent to the network administrator or packet is assigned rate limiting restrictions for forwarding Possible field values are Permit Forwards packets which meet the ACL criteria Deny Drops packets which meet the ACL criteria Shutdown Drops packet that meet the ACL criteria and disables the port to which the packet was addressed Ports are reactivated from the Edit Interface Settings Page STEP 2 Click the Add ACL button The Add MAC Based ACL Page opens Add MAC Based ACL Page Add MAC Based ACL ACL Marne New
188. e opens Add RADIUS Server Page Host IP Address Priority Source IP Aiki ese Ainhentication Port Accounting Port Humber of Retries Timeout for Reply Dead Time Key String Usage Type Add RADIUS Server Sec Min Alphanumenc Mise Default F Use Default E Use Default Muse Default Mise Default The Add RADIUS Server Page contains the following fields e HostIP Address Displays the RADIUS Server IP address ESW 500 Series Switches Administration Guide 124 Configuring Device Security Defining Authentication Priority Displays the server priority The possible values are 0 65535 where 1 is the highest value The RADIUS Server priority is used to configure the server query order Source IP Address Defines the source IP address that is used for communication with RADIUS servers Authentication Port Identifies the authentication port The authentication port is used to verify the RADIUS server authentication The authentication port default is 1812 Accounting Port Indicates the port used to send login and logout messages to the RADIUS server The accounting port default is 1813 Number of Retries Defines the number of transmitted requests sent to RADIUS server before a failure occurs The possible field values are 1 10 Three is the default value Timeout for Reply Defines the amount of the time in seconds the device waits for an answer from the R
189. e opens Click the Edit button The Edit EtherChannel Page opens Edit EtherChannel Page Edit EtherChannel Ether Channel 1 Description FtherChannel Type Admin Status Cimrent PrherChannel Status Reactivate Suspended Pther Channel Operations Status Active Admin Auto Negotiation Enable Current Auto Negotiation Ainin Advertisement Max Capability 10 Full 100 Full 1000 Fu Cunrent Advertisement Unknown Neighbor Advertisement Unknown Admin Speed Current EtherChannel Speed Admin How Control Disable Current flow Control PVE None The Edit EtherChannel Page contains the following fields ESW 500 Series Switches Administration Guide 429 Aggregating Ports Defining EtherC hannel Settings EtherChannel Displays the EtherChannel ID number Description Displays the user defined port name EtherChannel Type Indicates he port types that comprise the EtherChannel Admin Status Enables or disables traffic forwarding through the selected EtherChannel Current EtherChannel Status Indicates if the EtherChannel is currently operating Reactivate Suspended EtherChannel Reactivates a port if the EtherChannel has been disabled through the locked port security option or through Access Control List configurations Operational Status Indicates whether the EtherChannel is currently operational or non operational Admin Auto Negotiation Enables or disables Auto Negotiation on the E
190. e port is currently blocked and cannot forward traffic or learn MAC addresses ESW 500 Series Switches Administration Guide 295 Configuring Spanning Tree Defining Multiple Spanning Tree Listening indicates that the port is in Listening mode The port cannot forward traffic nor can it learn MAC addresses Learning indicates that the port is in Learning mode The port cannot forward traffic however it can learn new MAC addresses Forwarding ndicates that the portis in Forwarding mode The port can forward traffic and learn new MAC addresses e Type Indicates if the port is a point to point port ora port connected toa hub The possible field values are Boundary Port indicates the portis a boundary port A Boundary port attaches MST bridges to LAN in an outlying region If the portis a boundary port it also indicates whether the device on the other side of the link is working in RSTP or STP mode Master Port indicates the port is a master port A Master port provides connectivity from a MSTP region to the outlying CIST root Internal indicates the port is an internal port e Role Indicates the port role assigned by the STP algorithm in order to provide to STP paths The possible field values are Root Provides the lowest cost path to forward packets to root device Designated indicates the port or EtherChannel via which the designated device is attached to the LAN
191. e sent The possible range is 1 to 65535 The default value is 514 Facility Defines a user defined application from which system logs are sent to the remote server Only one facility can be assigned to a single server If a second facility level is assigned the first facility is overridden All applications defined for a device utilize the same facility on a server The field default is Local 7 The possible field values are Local 0 Local 7 Description Provides a user defined server description Severity to Include Indicates the minimum severity level for logs that are sent to the server For example if Notice is selected all logs from a Notice severity and higher are sent to the remote server The following are the available log severity levels Emergency The highest warning level If the device is down or not functioning properly an emergency log message is saved to the specified logging location Alert The second highest warning level An alert log is saved if there is aserious device malfunction for example all device features are down Critical The third highest warning level A critical log is saved if a critical device malfunction occurs for example two device ports are not functioning while the rest of the device ports remain functional Error A device error has occurred for example if a single port is offline Warning The lowest level of a device warning The device is fu
192. econds STEP 2 Define the relevant fields STEP 3 Click Apply The DHCP Snooping configuration is defined and the device is updated Defining DHCP Snooping on VLANs The DHCP Snooping VLAN Settings Page allows network managers to enable DHCP snooping on VLANs To enable DHCP Snooping ona VLAN ensure DHCP Snooping is enabled on the device To define DHCP Snooping on VLANs ESW 500 Series Switches Administration Guide 188 Configuring Device Security Defining DHCP Snooping STEP 1 Click Security gt DHCP Snooping gt VLAN Settings The DHCP Snooping VLAN STEP 2 Settings Page opens DHCP Snooping VLAN Settings Page cisco Switch Configuration Uti E System Dente cows VLAN Settings The DHCP Snooping VLAN Settings Page contains the following fields e VLAN ID Indicates the VLAN to be added to the Enabled VLAN list e Enabled VLANs Contains a list of VLANs for which DHCP Snooping is enabled Enter the VLAN name from the VLAN ID list and click Add This VLAN name then appears in the Enabled VLANs list Defining Trusted Interfaces The Trusted Interfaces Page allows network managers to define Trusted interfaces The device transfers all DHCP requests to trusted interfaces To define trusted interfaces ESW 500 Series Switches Administration Guide 189 Configuring Device Security Defining DHCP Snooping STEP 1 Click Security gt DHCP Snooping gt Trusted Interfaces The T
193. ed and the device is updated Modifying IGMP Snooping Click VLAN amp Port Settings gt Multicast gt IGMP Snooping The GMP Snooping Page opens Click the Edit button The Edit IGMP Snooping Page ESW 500 Series Switches Administration Guide 264 Configuring Multicast Forwarding IGMP Snooping Edit IGMP Snooping Page Edit IGMP Snooping VLAN ID fi z IGMP Status Enable Disable z Auto Learn Disable z Host Timeout 260 MRouter Timeout 300 Leave Timeout i 0 Immediate Leave Apy The Edit IGMP Snooping Page contains the following fields VLAN ID Specifies the VLAN ID IGMP Status Enable Indicates if IGMP snooping is enabled on the VLAN The possible field values are Enable Enables IGMP Snooping on the VLAN Disable Disables IGMP Snooping on the VLAN Auto Learn Indicates if Auto Learn is enabled on the device If Auto Learn is enabled the devices automatically learns where other Multicast groups are located The possible field values are Enable Enables auto learn Disable Disables auto learn Host Timeout Indicates the amount of time host waits to receive a message before timing out The default time is 260 seconds MRouter Timeout Indicates the amount of the time the Multicast router waits to receive a message before it times out The default value is 300 seconds Leave Timeout Indicates the amount of time the host wait
194. ee bridges by which frames can be transmitted In configuring MSTP the MST region to which the device belongs is defined A configuration consists of the name revision and region to which the device belongs The VLAN page enables mapping VLANs to MSTP Instances ESW 500 Series Switches Administration Guide Configuring Spanning Tree Defining Multiple Spanning Tree STEP 1 Click VLAN amp Port Settings gt Spanning Tree STP gt MSTP gt Instance to VLAN The nstance to VLAN Page opens Instance to VLAN Page ni cisco Switch Configuration HHS Instance To VLAN Instance ID VLAN WAN 17 153556 The nstance to VLAN Page contains the following fields VLAN Indicates the VLAN for which the MSTP instance ID is defined e Instance ID 0 15 Indicates the MSTP instance ID assigned to the VLAN The possible field range is 0 15 STEP 2 Map the VLANs to Instance IDs STEP 3 Click Apply The MSTP VLAN mapping is defined and the device is updated ESW 500 Series Switches Administration Guide 292 Configuring Spanning Tree Defining Multiple Spanning Tree STEP 1 Defining MSTP Instance Settings MSTP maps VLANs into STP instances Packets assigned to various VLANs are transmitted along different paths within Multiple Spanning Tree Regions MST Regions Regions are one or more Multiple Spanning Tree bridges by which frames can be transmitted In configuring MSTP the MST region to which the
195. efore the switch resends a request to the authentication server Range 1 65535 The field default is 30 seconds Termination Cause Indicates the reason for which the port authentication was terminated if applicable Modify the relevant fields Click Apply The port authentication settings are defined and the device is updated ESW 500 Series Switches Administration Guide 154 Configuring Device Security Defining 8021x Defining Authentication The 8021X Authentication Page allows network managers to configure advanced port based authentication settings for specific ports and VLANs STEP 1 Click Security gt 8021X gt Authentication The 802 1X Authentication Page opens 802 1X Authentication Page Ahal cisco C System Cartoon SWS Authentication Action an Tiap Pon Host Authentication Violation Traps Froqeency il li g Em far Esa ES en 1475 The 8021X Authentication Page contains the following fields e Port Displays the port number for which the Multiple Hosts configuration is displayed e Host Authentication Defines the Host Authentication mode The possible field values are Single Only the authorized host can access the port Multiple Host Multiple hosts can be attached to a single 802 1x enabled port Only one host must be authorized for all hosts to access the network If the host authentication fails or an EAPOL logoff message is received all att
196. egate policer selected from the drop down list An aggregate policer is defined if the policer is shared with multiple classes Traffic from two ESW 500 Series Switches Administration Guide Configuring Quality of Service Defining Advanced QoS Mode STEP 3 STEP 4 STEP 1 STEP 2 different ports can be configured for policing purposes An aggregate policer can be applied to multiple classes in the same policy map but cannot be used across different policy maps Single Configures the class to use manually configured information rates and exceed actions e Aggregate Policer Specifies the Aggregate Policer Name e Ingress Committed Information Rate CIR Defines the CIR in Kbps This field is only relevant when the Police value is Single e Ingress Committed Burst Size CbS Defines the CbS in bytes This field is only relevant when the Police value is Single e Exceed Action Action assigned to incoming packets exceeding the CIR This field is only relevant when the Police value is Single Possible values are Drop Drops packets exceeding the defined CIR value Outof Profile DSCP Remarks packet s DSCP values exceeding the defined CIR value None Forwards packets exceeding the defined CIR value Define the relevant fields Click Apply The QoS policy profile is added and the device is updated Modifying the QoS Policy Profile Click Quality of Service gt Advanced Mode
197. egated network traffic e PVID Assigns a VLAN ID to untagged packets The possible values are 1 to 4095 Packets classified to the Discard VLAN are dropped e Frame Type Packet type accepted on the port Possible values are Admit Tag Only ndicates that only tagged packets are accepted on the port Admit All Indicates that both tagged and untagged packets are accepted on the port e Ingress Filtering Ingress filtering discards packets which do not include an ingress port The possible values are Enable Ingress filtering is activated on the port Disable Ingress filtering is not activated on the port Modifying VLAN Interface Settings STEP 2 Click VLAN amp Port Settings gt VLAN Management gt Interface Settings The VLAN Interface Settings Page opens STEP 3 Click the Edit button The Edit VLAN Port Page opens ESW 500 Series Switches Administration Guide 230 Configuring VLANs Defining Interface Settings Edit VLAN Port Page Edit Port Interface gi S VLAN Mode General PVID l Frame Type Admit All z Ingress Filtering Enable z Apply The Edit VLAN Port Page contains the following fields e Interface The port or EtherChannel associated with this VLAN interface configuration e VLAN Mode Indicates the port mode Possible values are General The port belongs to VLANs and each VLAN is user defined as tagged or untagged full 802 1Q mode
198. eing lost To open the Restart Reset Page Click Monitor amp Device Properties gt System Management gt Restart Reset The Restart Reset Page opens Restart Reset Page strili cisco Restart Reset Reset the device hy selecting Reser Roset Reboot The Restore Default bunan retuine system to factory default senings The following resets the device Reset Reboot Resets the device Ensure the device configuration has been saved e Restore Default The device is restored to the factory default configuration ESW 500 Series Switches Administration Guide 64 Managing Device Information Managing Cisco Discovery Protocol Managing Cisco Discovery Protocol The Cisco Discovery Protocol CDP is a Cisco proprietary protocol that enables devices to advertise their existence to other devices by CDP sending out periodic updates to a Multicast address In addition CDP allows devices to receive information about other devices on the same LAN or on the remote WAN side The system supports CDP versions 1 and 2 To enable CDP on the device STEP 1 Click Monitor amp Device Properties gt CDP The CDP Page opens CDP Page sjej SO cisco Switch Configuration Utility Voice VLAN Neighbors Table Device ID Local Interface Advertise Version Time to Live Capabilities Ptattoem SPOSSIGAT D8 5 2 5 HP Lirkeye IP Phare GPA SPOORECIGADS 6 2 175 HP Likes IP Phone SPA SFODSDIDECIRA 7 2 ts
199. el have the same priority All ports in the EtherChannel have the same transceiver type The device supports up to 64 EtherChannels and eight ports in each EtherChannel Ports can be configured as LACP ports only if the ports are not part of a previously configured EtherChannel Ports added to a EtherChannel lose their individual port configuration When ports are removed from the EtherChannel the original port configuration is applied to the ports This section contains information for configuring ports and contains the following topics ESW 500 Series Switches Administration Guide 424 Aggregating Ports Defining EtherChannel Management e Defining EtherChannel Management e Configuring LACP e Defining EtherChannel Settings Defining EtherChannel Management Ports added to a EtherChannel lose their individual port configuration When ports are removed from the EtherChannel the original port configuration is applied to the ports To define EtherChannel management STEP 1 Click VLAN amp Port Settings gt Port Management gt EtherChannel Management The EtherChannel Management Page opens EtherChannel Management Page Ajali cisco opm Oeteod esw EtherChannel Management EtherChannel Mame Lis State Member EtherChannel 1 Link Not Present EtherChannel 2 Link Net Prenent EtherChannet 3 Link Net Present EtherChannel 4 Link Not Present EtherChannel Link Not Present EtherChannel Link Net Prevent Ethe
200. ent STEP 1 Click Monitor amp Device Properties gt SNMP gt Trap Management gt Filter Settings The Filter Settings Page opens Filter Settings Page Filter Type 123607 The Filter Settings Page contains the following fields e Filter Name Contains a list of user defined notification filters e ObjectID Subtree Displays the OID for which notifications are sent or blocked If a filter is attached to an OID traps or informs are generated and sent to the trap recipients e Filter Type Indicates whether informs or traps are sent regarding the OID to the trap recipients Excluded Restricts sending OID traps or informs ncluded d Sends OID traps or informs STEP 2 Click the Add button The Add SNMP Notification Filter Page opens ESW 500 Series Switches Administration Guide 368 Configuring SNMP Defining Trap Management Add SNMP Notification Filter Page Add SNMP Notification Filter Filter Hame D ip New Object Identifier Tree Select from List Jicmp Object ID n tep udp Filter Type included z The Add SNMP Notification Filter Page contains the following fields e Filter Name Defines notification filters e New Object Identifier Tree Displays the OID for which notifications are sent or blocked If a filter is attached to an OID traps or informs are generated and sent to the trap recipients Object IDs are selected from either the Select from List or the O
201. ent access is restricted to read only and changes cannot be made to the assigned SNMP view Write The management access is read write and changes canbe made to the assigned SNMP view Notify Sends traps for the assigned SNMP view STEP 3 Define the relevant fields STEP 4 Click Apply The SNMP Group Profile is modified and the device is updated Defining SNMP Communities The Access rights are managed by defining communities in the SNMP Communities Page W hen the community names are changed access rights are also changed SNMP communities are defined only for SNMP v1 and SNMP v2c ESW 500 Series Switches Administration Guide 355 Configuring SNMP Configuring SNMP Security To define SNMP Communities STEP 1 Click Monitor amp Device Properties gt SNMP gt Security gt Communities The SNMP Communities Page opens SNMP Communities Page Ajralib cisco Communities Basic Table C Management Staten Comment Swing Accom Mede View Name Advanced Table D Management Staten Comment Seing Group Name Delete The SNMP Communities Page is divided into the following tables e Basic Table e Advanced Table The SNMP Communities Basic Table area contains the following fields e Management Station Displays the management station IP address for which the basic SNMP community is defined e Community String Displays the password used to authenticate the management station to the device e Acce
202. er Page opens ESW 500 Series Switches Administration Guide 330 Configuring Quality of Service Defining Advanced QoS Mode Add QoS Aggregate Policer Page Add QoS Aggregate Policer Aggregate Policer Hame Ingress Committed Information Rate CIR Bo i Kbits per Second Ingress Committed Burst Size CBS po SS i Bytes per second Exceed Action Nme H Apply The Add QoS Aggregate Policer Page contains the following fields e Aggregate Policer Name Specifies the Aggregate Policer Name e Ingress Committed Information Rate CIR Defines the CIR in Kbits per second e Ingress Committed Burst Size CbS Defines the CbS in bytes per second e Exceed Action Action assigned to incoming packets exceeding the CIR Possible values are Drop Drops packets exceeding the defined CIR value Remark DSCP Remarks packet s DSCP values exceeding the defined CIR value None Forwards packets exceeding the defined CIR value STEP 3 Define the relevant fields STEP 4 Click Apply The Aggregate policer is added and the device is updated Modifying QoS Aggregate Policer STEP 1 Click Quality of Service gt Advanced Mode gt Aggregate Policer The Aggregate Policer Page opens STEP 2 Click the Edit Button The Edit QoS Aggregate Policer Page opens ESW 500 Series Switches Administration Guide 331 Configuring Quality of Service Defining Advanced QoS Mode STEPS STEP 4
203. eries Switches Administration Guide 112 Configuring Device Security Defining Authentication Add Authentication Profile Page Add Authentication Profile Profile Name l Authentication Method Optional Methods Selected Methods Local None RADIUS BJ TACACS E Apply The Add Authentication Profile Page contains the following fields e Profile Name Defines the Authentication profile name e Authentication Method Defines the user authentication methods The order of the authentication methods defines the order in which authentication is attempted For example if the authentication method order is RADIUS Local the system first attempts to authenticate the user ona RADIUS server If there is no available RADIUS server then authentication is attempted on the local data base Note that if the RADIUS server is available but authentication fails then the user is denied access The possible field values are Loca Authenticates the user at the device level The device checks the user name and password for authentication No option can be inserted below Local RADIUS Authenticates the user at the RADIUS server TACACS Authenticates the user at the TACACS server None Indicates that no authentication method is used to authenticate the user No option can be inserted below None STEP 3 Define the relevant fields STEP 4 Click Apply The authentication profile is defined the device is updated
204. eshold alarm Rising and Falling The rising and falling counter values that trigger the alarm Interval Sec Defines the alarm interval time in seconds e Owner Displays the device or user that defined the alarm STEP 2 Click the Add button The Add RMON Alarm Page opens ESW 500 Series Switches Administration Guide 419 Viewing Statistics Configuring RMON History Add RMON Alarm Page Add RMON Alarm Alarm Entry 1 interface Pot gi EtherChannel Counter Name Total Bytes Octets Receive Sample Type Absolute ising Threshold 100 ising Fert v Falling Threshold 20 Falling Event v Startup Alarm Rising and Falhng Inter wal 100 Owner The Add RMON Alarm Page contains the following fields e Alarm Entry Indicates the alarm entry number e Interface Displays the interface port or EtherChannel for which RMON Statistics are displayed The possible field values are Ports Displays the RMON statistics for the selected port EtherChannels Displays the RMON statistics for the selected EtherChannel e Counter Name Displays the selected MIB variable e Sample Type Defines the sampling method for the selected variable and comparing the value against the thresholds The possible field values are Delta Subtracts the last sampled value from the current value The difference in the values is compared to the threshold Absolute Compares the va
205. ess 4 optional Indicates the fourth network assigned to the interface The address must be a valid address specified in hexadecimal STEP 3 Define the relevant fields STEP 4 Click Apply The DNS Host settings are defined and the device is updated ESW 500 Series Switches Administration Guide 255 Defining Address Tables Defining Static Addresses Defining Address Tables MAC addresses are stored in either the Static Address or the Dynamic Address databases A packet addressed to a destination stored in one of the databases is forwarded immediately to the port The Dynamic Address Table can be sorted by interface VLAN and MAC Address MAC addresses are dynamically learned as packets from sources arrive at the device Addresses are associated with ports by learning the ports from the frames source address Frames addressed to a destination MAC address that is not associated with any port are flooded to all ports of the relevant VLAN Static addresses are manually configured In order to prevent the bridging table from overflowing dynamic MAC addresses from which no traffic is seen for a certain period are erased This section contains information for defining both static and dynamic Forwarding Database entries and includes the following topics e Defining Static Addresses e Defining Dynamic Addresses Defining Static Addresses A static address can be assigned to a specific interface on this switch Static addr
206. ess l Bridge Multicast MAC Address l Apply The Add Multicast Group Page contains the following fields e VLAN ID Displays the VLAN ID ESW 500 Series Switches Administration Guide 267 Configuring Multicast Forwarding Defining Multicast Group e Bridge Multicast IP Address Displays the IP address attached to the Multicast Group e Bridge Multicast MAC Address Displays the MAC address attached to the Multicast Group STEP 3 Define the relevant fields STEP 4 Click Apply The Multicast Group is added and the device is updated Modifying a Multicast Group STEP 1 Click VLAN amp Port Settings gt Multicast gt Multicast Group The Multicast Group Page opens STEP 2 Click the Edit button The Edit Multicast Group Page opens Edit Multicast Group Page Edit Multicast Group VLAN ID 1 Bridge IP Multicast 224 239 129 1 1 1 Bridge Mac Multicast 01005e010101 Interface g3 Interface Status l None z Ay O The Edit Multicast Group Page contains the following fields e VLAN ID Displays the VLAN ID e Bridge IP Multicast Displays the IP address attached to the Multicast Group e Bridge MAC Multicast Displays the MAC address attached to the Multicast Group e Interface Displays the interface attached to the Multicast Group e Interface Status Defines the interface status The options are as follows ESW 500 Series Switches Administration Guide 268 Configurin
207. esses are bound to the assigned interface and cannot be moved Whena static address is seen on another interface the address will be ignored and will not be written to the address table To define static addresses ESW 500 Series Switches Administration Guide 256 Defining Address Tables Defining Static Addresses STEP 1 Click VLAN amp Port Settings gt Address Tables gt Static The Static Page opens Static Page thistle cisco C VLANI MAC Addie Interface Status 1 beln gi Permanent Doite Ass Baa Neat 193598 The Static Page contains the following fields e VLAN ID Displays the VLAN ID number to which the entry refers MAC Address Displays the MAC address to which the entry refers Interface Displays the interface to which the entry refers Port The specific port number to which the forwarding database parameters refer EtherChanne The specific EtherChannel number to which the forwarding database parameters refer e Status Displays how the entry was created The possible field values are Permanent The MAC address is permanent Delete on Reset The MAC address is deleted when the device is reset ESW 500 Series Switches Administration Guide Defining Address Tables Defining Static Addresses Delete on Timeout The MAC address is deleted when a timeout occurs Secure The MAC Address is defined for locked ports STEP 2 Click
208. etface ACL Name Type 199dAA The ACL Binding Page contains the following fields e Copy From Entry Number Copies the ACL binding configuration from the specified table entry ESW 500 Series Switches Administration Guide 179 Configuring Device Security Defining Access Control STEP 1 STEP 2 e To Entry Number s Assigns the copied ACL binding configuration to the specified table entry e Ports EtherChannels Indicates the interface to which the ACL is bound For each entry an interface has a bound ACL e Interface Indicates the interface to which the associated ACL is bound e ACL Name Indicates the ACL which is bound to the associated interface e Type Indicates the ACL type to which is bound to the interface Modifying ACL Binding Click Security gt Access Control Lists ACL gt ACL Binding The ACL Binding Page opens Click the Edit button The Edit ACL Binding Page opens Edit ACL Binding Page Edit ACL Binding liter face Oport et v O EtherChannel Select MAC Based ACL None v O Select IP Based ACL The Fait ACL Binding Page contains the following fields e Interface Indicates the interface to which the ACL is bound e SelectMAC Based ACL Indicates the MAC based ACL which is bound to the interface e SelectIP Based ACL Indicates the IP based ACL which is bound to the interface STEP 3 Define the relevant fields ESW 500 Series Switches
209. ethod selected on the Spanning Tree Global Settings page e Forward Transitions Indicates the number of times the port has changed from Forwarding state to Blocking state e Remain Hops Indicates the hops remaining to the next destination TIP The Apply button can be used to make changes to a single interface Port or EtherC hannel instead of using the Interface Table button to make changes to multiple Ports or EtherChannels STEP 2 Click the Interface Table button The MSTP Interface Table Page opens ESW 500 Series Switches Administration Guide 297 Configuring Spanning Tree Defining Multiple Spanning Tree MSTP Interface Table Page Instance 1 z Interface Ports EtherChannels Interface Table gl g2 g3 g4 g5 g6 g7 Interface Port Path Port Designated Designated Designated Rei Priority Cost State Cost Bridge ID Port ID Hoy Role Mode Type NIA NIA NA N A WA NA NIA NIA NA NA N A N A N A N A N A N A NA N A NA NA NWA NA NIA NA Nia N A N A N A N A N A N A N A N A N A N A NA N A 128 100 NIA NIA NA NA Nia WA NA N A 128 100 N A N A NA NA Nia N A NA N A 128 100 NIA NIA NA NA Nia WA NA N A 128 100 NIA NIA NA N A Nia NWA NA N A 128 100 N A NIA NWA N A Nia N
210. fault CoS is 0 ESW 500 Series Switches Administration Guide 311 Configuring Quality of Service Defining General Settings STEP 2 STEP 3 STEP 1 STEP 2 STEP 3 STEP 4 e Restore Defaults Restores the factory CoS default settings to the selected port Checked Restores the factory QoS default settings to ports after clicking the Apply button Unchecked Maintains the current QoS settings Define the relevant fields Click Apply The QoS Mode is defined and the device is updated Modifying Interface Priorities Click Quality of Service gt General gt CoS The CoS Page opens Click the Edit button The Fat Interface Priority Page opens Edit Interface Priority Page Edit Interface Priority interface Port ol v O EtherChannel Set Default User Priority O Y Apply The Edit Interface Priority Page contains the following fields e Interface Indicates whether the interface is a port or EtherChannel e Set Default User Priority Defines the default CoS value for incoming packets for which a VLAN tag is not defined The possible field values are 0 7 The default CoS is 0 Modify the Interface priority Click Apply The Interface priority is set and the device is updated ESW 500 Series Switches Administration Guide 312 Configuring Quality of Service Defining General Settings Defining QoS Queue The Queue Page contains fields for defining the QoS queue forwa
211. fields STEP 4 Click Apply The IP Based ACL is modified and the device is updated Adding an IP Based Rule STEP 1 Click Security gt Access Control Lists ACL gt IP Based ACL The P Based ACL Page opens STEP 2 Select an ACL from the ACL Name drop down list STEP 3 Click the Add Rule button The Add IP Based Rule Page opens Add IP Based Rule Page Add IP Based Rule ACL Hame acl2 Hew Rule Priority fin Protocol amp ICMP z Protocol ID To Match OAny Source Port Any Destination Port oO Any TCP Flags gt Urg Bet J Ack Set J Psh Set z Rst Set J Syn Set z Fin Set ICMP OSelect from List Echo Reply O ICMP Type Any ICMP Code l Any IGMP Select from List DVMRP IGMP Type l Any Source IP Address al WildCard mask l OAny Destination IP Address al WildCard mask CAny Traffic Class 7 OMatch DSCP l OMatch IP Precedence l Action l Permit z Apy The Add IP Based Rule Page contains the following fields e ACL Name Displays the user defined IP based ACLs e New Rule Priority Indicates the rule priority which determines which rule is matched to a packet ona first match basis e Protocol Creates an ACE based ona Specific protocol For a list of available protocols see the Protocol field description in the P Based ACL Page above ESW 500 Series Switches Administration Guide 177 Configuring Device Security Defining Access Control e Sou
212. g Multicast Forwarding Defining Multicast Forwarding Static Attaches the interface to the Multicast group as static member in the Static Row The interface has joined the Multicast group statically in the Current Row Forbidden Forbidden interfaces are not included the Multicast group even if IGMP Snooping designated the interface to join a Multicast group Excluded The portis not part of a Multicast group Dynamic The portreceived an IGMP J oin report for this group and is a dynamic member of the group The multicast flow for this group will be forwarded to the port STEP 3 Change the Interface Status STEP 4 Click Apply The Multicast Group parameters are modified and the device is updated Defining Multicast Forwarding The Multicast Forward Page contains fields for attaching ports or EtherChannels to a device that is attached to a neighboring Multicast router switch Once IGMP Snooping is enabled Multicast packets are forwarded to the appropriate port or VLAN To define Multicast forward settings ESW 500 Series Switches Administration Guide 269 Configuring Multicast Forwarding Defining Multicast Forwarding STEP 1 Click VLAN amp Port Settings gt Multicast gt Forward The Multicast Forward Page opens Multicast Forward Page etheetles cisco EtherChannets Interface Status if The Multicast Forward Page contains the following fields e VLAN ID Displ
213. g the sampling interval This may not represent the exact number dropped packets but rather the number of times dropped packets were detected e Received Bytes Octets Displays the number of octets received on the interface since the page was last refreshed This number includes bad packets and FCS octets but excludes framing bits ESW 500 Series Switches Administration Guide 412 Viewing Statistics Configuring RMON History Received Packets Displays the number of packets received on the interface since the page was last refreshed including bad packets Multicast and Broadcast packets Broadcast Packets Displays the number of good Broadcast packets received on the interface since the page was last refreshed This number does not include Multicast packets Multicast Packets Displays the number of good Multicast packets received on the interface since the page was last refreshed CRC Align Errors Displays the number of CRC and Align errors that have occurred on the interface since the page was last refreshed Undersize Packets Displays the number of undersized packets less than 64 octets received on the interface since the page was last refreshed Oversize Packets Displays the number of oversized packets over 1518 octets received on the interface since the page was last refreshed Fragments Displays the number of fragments packets with less than 64 octets excluding framing bits but includ
214. gt QoS Policy Profile The Policy Table Page opens Click the Edit button The Edit QoS Policy Profile Page opens ESW 500 Series Switches Administration Guide 335 Configuring Quality of Service Defining Advanced QoS Mode Edit QoS Policy Profile Page Edit Qos Policy Profile Policy Hame Cameramap Class Map Trust CoS DSCP Action Set New Value Police Type Aggregate Policer Ingress Committed Information Rate CIRK3 12 582 912 Kbits per Second Inge ees Committed Bur st Size CBSH3 000 19 173 960 Bytes Exceed Action F Class Map Trust Set Amribute Set Value Type ee CIR CBS Exceed Action Delete The Edit QoS Policy Profile Page contains the following fields e Policy Name Displays the user defined policy name e Class Map Displays the user defined name of the class map e Action Defines the action attached to the rule The possible field value is e Trust CoS DSCP Determines the queue to which the packet is assigned dependent on the CoS tag and DSCP tag e Set Defines the Trust configuration manually The possible field values are DSCP inthe New Value box the possible values are 0 63 Queue applicable only to Gigabyte devices CoS inthe New Value box the possible values are 0 7 applicable only to Gigabyte devices e Police Enables Policer functionality ESW 500 Series Switches Administration Guide 336 Configur
215. h Defines the PoE priority level as high Critical Defines the PoE priority level as Critical This is the highest PoE priority level Power Allocation Indicates the power in milliwatts allocated to the port The range is 0 15 400 Power Consumption Indicates the amount of power in milliwatts assigned to the powered device connected to the selected interface Devices are classified by the powered device and the classification information used The possible power ranges and their corresponding classes are 440 to 12950 Powered device Class 0 Indicates that the portis assigned a power consumption level of 0 44 to 12 95 watts This is the default 440 to 3840 Powered device Class 1 Indicates that the port is assigned a power consumption level of 0 44 to 3 84 watts 3840 to 6490 Powered device Class 2 Indicates that the port is assigned a power consumption level of 3 84 to 6 49 watts 6490 to 12950 Powered device Class 3 Indicates that the portis assigned a power consumption level of 6 49 to 12 95 watts Overload Counter Indicates the total power overload occurrences Short Counter Indicates the total power shortage occurrences Denied Counter Indicates times the powered device was denied power Absent Counter Indicates the times the power supply was stopped to the powered device because the powered device was no longer detected Invalid Signature Counter Indicate the ti
216. h the access profile is defined VLAN Specifies the VLAN on which the access profile is defined e Source IP Address Defines the interface source IP address to which the access profile applies The Source IP Address field is valid for a subnetwork e Network Mask Determines what subnet the source IP Address belongs to in the network e Prefix Length Defines the number of bits that comprise the source IP address prefix or the network mask of the source IP address e Action Defines the action attached to the rule The possible field values are Permit Permits access to the device Deny Denies access to the device This is the default Define the relevant fields Click Apply The profile rule is added and the device is updated Modifying Profile Rules Click Security gt Access Method gt Profile Rules The Profile Rules Page opens Click the Edit button The Edit Profile Rule Page opens ESW 500 Series Switches Administration Guide 135 Configuring Device Security Defining Access Methods Edit Profile Rule Page Edit Profile Rule Access Proffe Mame Default Priority Management Method v DO mtertae yi EtherChannel VLAN a Network Mask Source P Addresas Prefix Length Action The Edit Profile Rule Page contains the following fields e Access Profile Name Defines the access profile name The access profile name can contain up to 32 characters e
217. hboring port e Interface Indicates the interface type advertised by the neighboring port The possible field values are Ethernet Indicates the neighboring interface is an Ethernet port Fast Ethernet Indicates the neighboring interface is an Fast Ethernet port Giga Ethernet Indicates the neighboring interface is an Giga Ethernet port e Port ID outgoing port Indicates the neighboring device s port from which the CDP packet was sent e Version Indicates the software version installed on the neighboring device ESW 500 Series Switches Administration Guide 372 Managing System Files Managing System Files This section contains information for defining file maintenance and includes both configuration file management as well as device access The File Management section contains the following topics Software Upgrade Save Configuration Copy Configuration File Active Image DHCP Auto Configuration The configuration file structure consists of the following configuration files Startup Configuration File Contains the commands required to reconfigure the device to the same settings as when the device is powered down or rebooted Running Configuration File Contains all configuration file commands as well as all commands entered during the current session After the device is powered down or rebooted all commands stored in the Running Configuration file are lost During the startup
218. he Add SNTP Authentication Page opens ESW 500 Series Switches Administration Guide 106 Configuring System Time Defining SNTP Authentication Add SNTP Authentication Page Add SNTP Authentication Encryption Key ID l Authentication Key l Trusted Key EJ Apply The Add SNTP Authentication Page contains the following fields e Encryption Key ID Defines the Key Identification used to authenticate the SNTP server and device The range is 1 4294967295 e Authentication Key Defines the key used for authentication e Trusted Key Indicates if an encryption key is used Unicast Anycast or elected Broadcast to authenticate the SNTP server STEP 3 Define the relevant fields STEP 4 Click Apply The SNTP Authentication is defined and the device is updated ESW 500 Series Switches Administration Guide 107 Configuring Device Security Passwords Management Configuring Device Security The Security Suite contains the following topics Passwords Management Defining Authentication Defining Access Methods Defining Traffic Control Defining 8021x Defining Access Control Defining DoS Prevention Defining DHCP Snooping Defining Dynamic ARP Inspection Passwords Management This section contains information for defining passwords Passwords are used to authenticate users accessing the device By default a single user name is defined cisco with a password of cisco D NOTE When a
219. he GVRP Page opens GVRP Page sthecitte cisco Amibute Coume Received Tranamimed The GVRP Page is divided into two areas GVRP Statistics Table and GVRP Error Statistics Table The following fields are relevant for both tables e Interface Indicates the interface for which statistics are displayed The possible field values are Port Defines the specific port for which GVRP statistics are displayed EtherChanne Defines the specific EtherChannel for which GVRP Statistics are displayed e Refresh Rate Indicates the amount of time that passes before the GVRP statistics are refreshed The possible field values are 15 Sec Indicates that the GVRP statistics are refreshed every 15 seconds ESW 500 Series Switches Administration Guide 402 Viewing Statistics Viewing Ethernet Statistics STEP 1 STEP 2 30Sec Indicates that the GVRP statistics are refreshed every 30 seconds 60 Sec Indicates that the GVRP statistics are refreshed every 60 seconds No Refresh Indicates that the GVRP statistics are not refreshed The GVRP Received Transmitted Table contains the following fields e Join Empty Displays the device GVRP J oin Empty statistics e Empty Displays the device GVRP Empty statistics e Leave Empty Displays the device GVRP Leave Empty statistics e JoinIn Displays the device GVRP J oin In statistics e Leave In Displays the device GVRP Leave in stati
220. he VLAN STEP 3 Define the relevant fields STEP 4 Click Apply The VLAN Rate Limit is modified and the device is updated Defining Advanced QoS Mode Advanced QoS mode provides rules for specifying flow classification and assigning rule actions that relate to bandwidth management The rules are defined in classification control lists CCL ESW 500 Series Switches Administration Guide 324 Configuring Quality of Service Defining Advanced QoS Mode CCLs are setaccording to the classification defined in the ACL and they cannot be defined until a valid ACL is defined When CCLs are defined ACLs and CCLs can be grouped together in a more complex structure called policies Policies can be applied to an interface Policy ACLs CCLs are applied in the sequence they appear within the policy Only a single policy can be attached to a port In advanced QoS mode ACLs can be applied directly to an interface However a policy and ACL cannot be simultaneously applied to an interface After assigning packets to a specific queue services such as configuring output queues for the scheduling scheme or configuring output shaping for burst size CIR or CbS per interface or per queue can be applied The Advanced Mode section contains the following topics e Configuring DSCP Mapping e Defining Class Mapping e Defining Aggregate Policer e Configuring Policy Table e Defining Policy Binding Configuring DSCP Mapping The DSCP Map
221. he default value STEP 2 Click Edit The Edit Interface Settings Page opens ESW 500 Series Switches Administration Guide 198 Configuring Device Security Defining DHCP Snooping Edit Interface Settings Page Edit Interface Settings merae pPot gi O BtherChannel Status Disable Apply STEP 3 Define the fields STEP 4 Click Apply The new IP Source Guard Interface configuration is added and the device is updated Querying the IP Source Binding Database The P Source Guard Binding Database Page enables network managers to query and view information about inactive addresses recorded in the DHCP Database To query the IP Source Guard Database ESW 500 Series Switches Administration Guide 199 Configuring Device Security Defining DHCP Snooping STEP 1 Click Security gt DHCP Snooping gt IP Source Guard gt Binding Database The P Source Guard Binding Database Page opens IP Source Guard Binding Database Page othtethts mae e cisco Switch Configuration Utiity Interface Status IPAddiow VLAN MAC Address Type Resson 18350 The P Source Guard Binding Database Page contains the follow ing fields TCAM Resources e Insert Inactive The IP Source Guard Database uses the TCAM resources for managing the database If TCAM resources are not available IP source guard addresses may become inactive The switch can try to activate inactive addresses in various time intervals
222. he file e File Name Name of the source configuration file STEP 2 Define the relevant fields and filenames STEP 3 Click Apply The Copy configuration is defined and the device is updated Active Image The Active Image Page allows network managers to select the Image files Images are activated only after the device is reset ESW 500 Series Switches Administration Guide 379 Managing System Files Active Image STEP 1 Click Maintenance gt File Management gt Active Image The Active Image Page opens Active Image Page ethtettts cisco Switch Configuration tii Active Image Active image Versten Number Ades Reset Version bemdes Image 2 10022 mage v 10022 Ape 183614 The Active Image Page contains the following fields e Active Image Indicates the Image file which is currently active on the device e Version Number Indicates the image version number currently active on the device e After Reset The Image file which is active after the device is reset The possible field values are Image 1 Activates Image file 1 after the device is reset Image 2 Activates Image file 2 after the device is reset e Version Number Indicates the image version number that is active after the device is reset STEP 2 Define the relevant fields STEP 3 Click Apply The active image is defined and the device is updated ESW 500 Series Switches Administration Guide 380 Managing
223. he network firewall ESW 500 Series Switches Administration Guide 185 Configuring Device Security Defining DHCP Snooping The DHCP Snooping Tab e contains the untrusted interfaces MAC address IP address Lease Time VLAN ID and interface information The DHCP Snooping section contains the following topics Defining DHCP Snooping Properties Defining DHCP Snooping on VLANs Defining Trusted Interfaces Binding Addresses to the DHCP Snooping Database Defining IP Source Guard Defining DHCP Snooping Properties The DHCP Snooping Properties Page contains parameters for enabling DHCP Snooping on the device To define the DHCP Snooping general properties ESW 500 Series Switches Administration Guide 186 Configuring Device Security Defining DHCP Snooping STEP 1 Click Security gt DHCP Snooping gt Properties The DHCP Snooping Properties Page opens DHCP Snooping Properties Page cisco Switch Configuration ti ty Properties Enable DHCP Smeeping Option E Passe ough Verity MAC Add ess Backep Database Database Update Interval 193491 The DHCP Snooping Properties Page contains the following fields e Enable DHCP Snooping Indicates if DHCP Snooping is enabled on the device The possible field values are Checked Enables DHCP Snooping on the device Unchecked Disables DHCP Snooping on the device This is the default value e Option 82 Passthrough Indicates if
224. he relevant fields STEP 4 Click Apply The SNTP Server is added and the device is updated Defining SNTP Authentication The SNTP Authentication Page provides parameters for performing authentication of the SNTP server ESW 500 Series Switches Administration Guide 105 Configuring System Time Defining SNTP Authentication STEP 1 Click Monitor amp Device Properties gt System Management gt Time gt SNTP Authentication The SNTP Authentication Page opens SNTP Authentication Page cisco Switch Configuration Utilty Jeon Outeowe Se 9 SNTP Authentication Enable SMTP Authentication D tocyption Key ID Authentication Key Trusted Key Deote Asa 193448 The SNTP Authentication Page contains the following fields e Enable SNTP Authentication Indicates if authenticating an SNTP session between the device and an SNTP server is enabled on the device The possible field values are Checked Authenticates SNTP sessions between the device and SNTP server Unchecked Disables authenticating SNTP sessions between the device and SNTP server e Encryption Key ID Indicates the Key Identification used to authenticate the SNTP server and device The range is 1 4294967295 e Authentication Key Displays the key used for authentication e Trusted Key Indicates the encryption key used Unicast Anycast or elected Broadcast to authenticate the SNTP server STEP 2 Click the Add button T
225. hertion lnvaset Trojan Back Ovitice Trojan 192488 The Global Settings Page contains the following fields e Security Suite Status Indicates if DoS security is enabled on the device The possible field values are e Enable Enables DoS security e Disable Disables DoS security on the device This is the default value e Denial of Service Protection Indicates if any of the services listed below are enabled If the service protection is disabled the Stache draht Distribution Invasor Trojan and Back Orifice Trojanfields are disabled e Stacheldraht Distribution Discards TCP packets with source TCP port equal to 16660 e Invasor Trojan Discards TCP packets with destination TCP port equal to 2140 and source TCP port equal to 1024 ESW 500 Series Switches Administration Guide 182 Configuring Device Security Defining DoS Prevention e Back Orifice Trojan Discards UDP packets with destination UDP port equal to 31337 and source UDP port equal to 1024 STEP 2 Define the relevant fields STEP 3 Click Apply The DoS prevention global settings are defined and the device is updated Defining Martian Addresses Martian Address Filtering enables discarding IP packets from invalid IP addresses Martian addresses include packets from a source IP addresses outside or not used within the configured network Martian addresses include any address within the following ranges e 0 0 0 0 8 Except
226. hich the ESW 500 switch will be deployed Click Apply A NOTE The PC loses the connection to the switch at this point STEP 11 Now that you have finished using the PC to connect to the switch and made the switch part of your network you can reconfigure the PC to its original IP address configuration and physical configuration as part of your network STEP 12 You are now ready to proceed with additional switch configuration ESW 500 Series Switches Administration Guide 21 Getting Started Connecting to the Switch NOTE STEP 1 D NOTE If you will be using this PC for further switch configuration it will need to be on the same subnet as the switch Using a Dynamic IP Address Allocated to the Switch By DHCP If this method of obtaining an IP address is used you will need to have access toa configuration device that would allow you to see what IP addresses the DHCP server allocates Prior to choosing this method of installation speak with your network administrator to ensure you will have the correct information available to you By default the IP address of the device is assigned dynamically Log onto the DHCP server and check the IP address corresponding to the Media Access Control MAC address of the switch On the 24 and 48 port models the MAC address is on the back panel of the switch next to the power adapter On the 8 port models the MAC address is on the bottom of the device The illustr
227. icates if BPDU Guard is enabled on the interface QoS Policy Indicates that the default QoS policy settings are applied to the port The name of the default QoS policy is router map Macro Description Indicates the type of device connected to the port For guests this field is always Guest STEP 6 Selecta VLAN inthe VLAN ID dropdown box STEP 7 Click Apply The guest port settings are saved and the device is updated STEP 8 Click OK The Smart ports Setting page opens ESW 500 Series Switches Administration Guide 88 Managing Smart Ports Configuring Smart ports for Servers Configuring Smart ports for Servers The Smart ports Setting Page allows network administrators to define settings between the device and a Server To configure ports using the Server STEP 1 Openthe Small Business Pro web application The web application automatically opens to the Ports are enabled for the Smart Port wizards by default However the initial configuration of the Smart Ports wizards can only occur if the Startup Configuration file is empty STEP 2 Click Smart ports Wizard under Ports on the Ports are enabled for the Smart Port wizards by default STEP 3 Selecta portor range of ports STEP 4 Select Serverin the Assign Role dropdown box Smart ports Setting Page Smart Ports Setting Select Port s for Profile Select All Clear All Assign Profile Next STEP 5 Click Next The Smart ports Server Setting
228. icates the port which is polled for statistics e Refresh Rate Defines the amount of time that passes before the EAP Statistics are refreshed The possible field values are 15 Sec indicates that the EAP statistics are refreshed every 15 seconds 30 Sec Indicates that the EAP statistics are refreshed every 30 seconds 60 Sec Indicates that the EAP statistics are refreshed every 60 seconds No Refresh Indicates that the EAP statistics are not refreshed e Frames Received Indicates the number of valid EAPOL frames received on the port ESW 500 Series Switches Administration Guide 404 Viewing Statistics Managing RMON Statistics e Frames Transmitted Indicates the number of EAPOL frames transmitted via the port e Start Frames Received Indicates the number of EAPOL Start frames received on the port e Log off Frames Received Indicates the number of EAPOL Logoff frames that have been received on the port e Respond ID Frames Received Indicates the number of EAP Resp Id frames that have been received on the port e Respond Frames Received Indicates the number of EAP Resp Id frames that have been received on the port e Request ID Frames Transmitted Indicates the number of EAP Req Id frames transmitted via the port e Request Frames Transmitted Indicates the number of EAP Request frames transmitted via the port e Invalid Frames Received Indicates the number
229. ices Code Point DSCP value in the incoming packet The following values are reserved and cannot be changed 3 11 19 27 35 43 51 and 59 e Queue Defines the traffic forwarding queue to which the DSCP priority is mapped STEP 2 Define the relevant mapping STEP 3 Click Apply DSCP to queues are mapped and the device is updated ESW 500 Series Switches Administration Guide 318 Configuring Quality of Service Defining General Settings Configuring Bandwidth The Bandwidth Page allows network managers to define the bandwidth settings for specified egress and ingress interfaces Rate Limits and Shaping are defined per interface e Rate Limit sets the maximum bandwidth allowed on ingress interfaces e Shaping Rate sets the maximum bandwidth allowed on egress interfaces On GE ports traffic shape for burst traffic CbS can also be defined STEP 1 Click Quality of Service gt General gt Bandwidth The Bandwidth Page opens Bandwidth Page asco Switch Configuration Bandwidth Poms O EherChannels imeriaco ingress Rate Limit Egress Shaping Rates Status Rate Limit Stane CR CDS g Disse 0 Cisatle 0 rn 2 Disable Ot reno iili p a i D D D is Dea D C D D n The Bandwidth Page contains the following fields e Ports Indicates thatthe bandwidth settings of the ports are described in the page e EtherChannels Indicates that the bandwidth settings of
230. ick VLAN amp Port Settings gt Spanning Tree STP gt RSTP The RS7P Page opens STEP 2 Click the Edit button The Edt Rapid Spanning Tree Page opens Edit Rapid Spanning Tree Page Edit Rapid Spanning Tree Interface Pon gi EtherChannel Role Disable Mode STP Fast Link Operational Status Disable Port State Disabled Point to Point Admin Status Auto w Point to Point Operational Status Enable Activate Protocol Migration Test D Apply The Edit Rapid Spanning Tree Page contains the following fields e Interface Specifies whether Rapid STP is enabled is enabled ona portor EtherChannel ESW 500 Series Switches Administration Guide 287 Configuring Spanning Tree Defining Rapid Spanning Tree e Role Indicates the port role assigned by the STP algorithm in order to provide to STP paths The possible field values are Root Provides the lowest cost path to forward packets to root switch Designated Indicates that the port or EtherChannel via which the designated switch is attached to the LAN Alternate Provides an alternate path to the root switch from the root interface Backup Provides a backup path to the designated port path toward the Spanning Tree leaves Backup ports occur only when two ports are connected ina loop by a point to point link Backup ports also occur whena LAN has two or more connections connected to a shared segment Disable Indicates the port is not partic
231. ics are displayed Resetting RMON Statistics Counters Click Statistics gt RMON Remote Management gt Statistics The RMON Statistics Page opens Click the Clear Counters button The RMON statistics counters are cleared Configuring RMON History This section contains the following topics e Defining RMON History Control e Viewing the RMON History Table Defining RMON History Control The RMON History Control Page contains information about samples of data taken from ports For example the samples may include interface definitions or polling periods To view RMON history information 1 Click Statistics gt RMON Remote Management gt History The RMON History Control Page opens ESW 500 Series Switches Administration Guide Viewing Statistics Configuring RMON History RMON History Control Page i cisco History Source Sampling Sampling Canvent Number Emy No imertace Interval Requested of Samples Owns The RMON History Control Page contains the following fields History Entry No Number automatically assigned to the table entry number Source Interface Displays the interface port or EtherChannel from which the history samples were taken The possible field values are Port Specifies the port from which the RMON information was taken EtherChanne l Specifies the EtherChannel from which the RMON information was taken Sampling Interval Indicates the time in seconds tha
232. ies Switches Administration Guide 132 Configuring Device Security Defining Access Methods e Interface Indicates the interface type to which the rule applies The possible field values are Port Attaches the rule to the selected port EtherChanne Attaches the rule to the selected EtherChannel VLAN Attaches the rule to the selected VLAN e Management Method Defines the management method for which the rule is defined Users with this access profile can access the device using the management method selected The possible field values are All Assigns all management methods to the rule Te lnet Assigns Telnet access to the rule If selected users accessing the device using Telnet meeting access profile criteria are permitted or denied access to the device SNMP Assigns SNMP access to the rule If selected users accessing the device using SNMP meeting access profile criteria are permitted or denied access to the device HTTP Assigns HTTP access to the rule If selected users accessing the device using HTTP meeting access profile criteria are permitted or denied access to the device Secure HTTP SSL Assigns HTTPS access to the rule If selected users accessing the device using HTTPS meeting access profile criteria are permitted or denied access to the device Secure Telnet SSH Assigns SSH access to the rule If selected users accessing the device using Telnet meeting access profile cri
233. ifying Management Trap Targets e Trap Filtering e Selecting Trap Generation Parameters e Providing Access Control Checks Traps indicating status changes are issued by the switch to specified trap managers Specify the trap managers so that key events are reported by this switch to the management station Specify up to eight management stations that receive authentication failure messages and other trap messages from the switch Click Monitor amp Device Properties gt SNMP gt Trap Management gt Station Management The Station Management Page opens Station Management Page PL 7h 5m cisco Switch Config J aptem Dato swi Station Management SNMP v1 2 Notification Recipient my Recipients Netification Community Metificatien UDP Filet Typs Sting Venion Port Mame Timeu Ratios SNMP v3 Notification Recipient Recipients Notification User Security UDP Filter P Type Name Level Port Mame Timeout Reiles _ Oese 133604 The Station Management Page contains two areas the SNMP v1 2 Notification Recipientand the SNMP v3 Notification Recipienttable ESW 500 Series Switches Administration Guide 361 Configuring SNMP Defining Trap Management The SNMPv1 2 Notification Recipienttable area contains the following fields Recipients IP Indicates the IP address to which the traps are sent Notification Type Defines the notification sent The possible field values are Trap ndicates traps
234. iguration is to click Save Configuration atthe top of the page This link is initially grayed out Once switch configuration changes are made the link becomes active ESW 500 Series Switches Administration Guide 376 Managing System Files Copy Configuration Copy Configuration The configuration files control the operation of the switch and contain the functional settings at the device and the port level Configuration files are one of the following types e Factory Default Contains preset default parameter definitions which are downloaded with a new or upgraded version e Running Configuration Contains the parameter definitions currently defined on the device This includes any configuration changes made since the device was Started or rebooted e Starting configuration Contains the commands required to reconfigure the device to the same settings as when the device is powered down or rebooted e Backup configuration Contains a copy of the system configuration for protection against system shutdown or for maintenance of a specific operating state File names cannot contain slashes or the leading letter of the file name should not be a period and the maximum length for file names on the TFTP server is 127 characters or 31 characters for files on the switch Valid characters A Z a z 0 9 he H a h ESW 500 Series Switches Administration Guide 377 Managing System Files Copy Configurati
235. ile field then click Apply The Software Upgrade page shows the progress of the download ESW 500 Series Switches Administration Guide 42 Getting Started Performing Common Configuration Tasks For HTTP Click Browse and navigate to the file name of the image STEP 6 Once the download is complete click on Maintenance gt File Management gt Active Image The Active mage page opens Active Image Page Ahil NaS GUSE cisco Switch Configuratio 3 System Darhdosed ESW 54 Active Image Montor amp Drace Proper Active image Version Number After Reset Version Humber 100235 me o 193426 STEP 7 Choose the new image from the drop down list under After Resetand click Apply STEP 8 Save the switch configuration Click Maintenance gt File Management gt Save Configuration The Save Configuration page opens ESW 500 Series Switches Administration Guide 43 Getting Started Performing Common Configuration Tasks Save Configuration Page Aftale cisco n a E a STEP 9 Keep the defaults for Source File Name and Destination File Name and click Apply STEP 10 Reset the switch by clicking on Monitor amp Device Properties gt System Management gt Restart Reset ESW 500 Series Switches Administration Guide 44 Getting Started Performing Common Configuration Tasks Restart Reset Page othtetht cisco Reset the device by selecting Reser Reset Reboot The Restore Default
236. imit Page opens Add VLAN Rate Limit Page Add VLAN Rate Limit VLAN ID Rate Limit CIR kbits sec Burst Sire CS D Bytes Apply The Add VLAN Rate Limit Page contains the following fields e VLAN ID Defines the VLAN on which to apply the Rate Limit e Rate Limit CIR Defines the maximum rate CIR in Kbits per second Kbps that forwarding traffic is permitted in the VLAN e Burst Size CbS Defines the maximum burst size CbS in bytes that forwarding traffic is permitted through the VLAN STEP 3 Define the relevant fields STEP 4 Click Apply The VLAN Rate Limit is added and the device is updated ESW 500 Series Switches Administration Guide 323 Configuring Quality of Service Defining Advanced QoS Mode Modifying the VLAN Rate Limit STEP 1 Click Quality of Service gt General gt VLAN Rate Limit The VLAN Rate Limit Page opens STEP 2 Click the Edit button The VLAN Rate Limit Page opens Edit VLAN Rate Limit Page Edit VLAN Rate Limit VLAN i I Rate Lim CIR 3 kbils sec Burst Sire CS 3000 Bytes Apply The VLAN Rate Limit Page contains the following fields e VLAN ID Defines the VLAN on which to apply the Rate Limit e Rate Limit CIR Defines the maximum rate CIR in kbits per second Kbps that forwarding traffic is permitted in the VLAN e Burst Size CbS Defines the maximum burst size CbS in bytes that forwarding traffic is permitted through t
237. ing FCS octets received onthe interface since the page was last refreshed J abbers Displays the total number of received packets that were longer than 1518 octets This number excludes frame bits but includes FCS octets that had either a bad Frame Check Sequence FCS with an integral number of octets FCS Error ora bad FCS with a non integral octet Alignment Error number The field range to detect jabbers is between 20 ms and 150 ms Collisions Displays the number of collisions received on the interface since the page was last refreshed Utilization Displays the percentage of the interface utilized Defining RMON Events Control The RMON Events Page contains fields for defining RMON events To view RMON events ESW 500 Series Switches Administration Guide 413 Viewing Statistics Configuring RMON History STEP 1 Click Statistics gt RMON Remote Management gt Events The RMON Events Page opens RMON Events Page Ahal cisco Events O Event Entry Community Description Type Time Owner The RMON Events Page contains the following fields e Event Entry Displays the event index number e Community Displays the SNMP community string e Description Displays the event description e Type Describes the event type Possible values are None No action occurs Log The device adds a log entry Trap The device sends a trap Log and Trap The device adds a log entr
238. ing Quality of Service Defining Advanced QoS Mode e Type Policer type for the policy Possible values are Aggregate Configures the class to use a configured aggregate policer selected from the drop down list An aggregate policer is defined if the policer is shared with multiple classes Traffic from two different ports can be configured for policing purposes An aggregate policer can be applied to multiple classes in the same policy map but cannot be used across different policy maps Single Configures the class to use manually configured information rates and exceed actions e Aggregate Policer Specifies the Aggregate Policer Name e Ingress Committed Information Rate CIR Defines the CIR in Kbps This field is only relevant when the Police value is Single e Ingress Committed Burst Size CbS Defines the CbS in bytes This field is only relevant when the Police value is Single e Exceed Action Action assigned to incoming packets exceeding the CIR This field is only relevant when the Police value is Single Possible values are Drop Drops packets exceeding the defined CIR value Out Of Profile DSCP Remarks packet s DSCP values exceeding the defined CIR value None Forwards packets exceeding the defined CIR value STEP 3 Define the relevant fields STEP 4 Click Apply The QoS policy profile is modified and the device is updated Defining Policy Binding In the Polic
239. ion IP Addressing Configuring IP Information The IP address and default gateway can be either dynamically or statically configured In Layer 2 a static IP address is configured on the IP v4 Interface Page The Management VLAN is set to VLAN 1 by default but can be modified This section provides information for defining device IP addresses and includes the following topics e P Addressing e Defining DHCP Relay e Defining DHCP Relay Interfaces e ARP e Domain Name System IP Addressing The IP address and default gateway can be either dynamically or statically configured In Layer 2 a static IP address is configured on the P v4 Interface Page The Management VLAN is set to VLAN 1 by default but can be modified The PV4 Interface Page contains fields for assigning IPv4 addresses Packets are forwarded to the default IP when frames are sent to a remote network The configured IP address must belong to the same IP address subnet of one of the IP interfaces ESW 500 Series Switches Administration Guide 241 Configuring IP Information IP Addressing STEP 1 Click Monitor amp Device Properties gt System Management gt IP Addressing gt IP v4 Interface The P v4 Interface Page opens IP v4 Interface Page Ajiji ami z cisco Switch Config IPv4 Interface L System Oerhooan ESW4D Get Dynamic from DHCP Server Static IP Address Management VLAN W Addes Network Mask Protix Length Use
240. ion mode The possible field values are Single Only the authorized host can access the port Multiple Host Multiple hosts can be attached to a single 802 1x enabled port Only one host must be authorized for all hosts to access the network If the host authentication fails or an EAPOL logoff message is received all attached clients are denied access to the network Multi Session Enables number of specific authorized hosts to get access to the port Filtering is based on the source MAC address e Action on Violation Defines the action to be applied to packets arriving in single host mode from a host whose MAC address is not the supplicant MAC address The possible field values are Forward Forwards the packet ESW 500 Series Switches Administration Guide 157 Configuring Device Security Defining 8021x Discard Discards the packets This is the default value Shut Down Discards the packets and shuts down the port The ports remains shut down until reactivated or until the device is reset e Enable Traps Indicates if traps are enabled for Multiple Hosts The possible field values are Checked Indicates that traps are enabled for Multiple hosts Unchecked Indicates that traps are disabled for Multiple hosts e Trap Frequency Defines the time period by which traps are sent to the host The Trap Frequency 1 1000000 field can be defined only if multiple hosts are dis
241. ipating in the Spanning Tree e Mode Indicates the current Spanning Tree mode The possible field values are STP Indicates that Classic STP is enabled on the port RSTP Indicates that Rapid STP is enabled on the port e Fast Link Operational Status Indicates if Fast Link is enabled or disabled for the port or EtherChannel If Fast Link is enabled for a port the port is automatically placed in the forwarding state Enable Fast Link is enabled Disable Fast Link is disabled Auto Fast Link mode is enabled a few seconds after the interface becomes active e Port State Indicates the RSTP status on the specific port The possible field values are Disabled ndicates that STP is currently disabled on the port Blocking ndicates that the port is currently blocked and cannot forward traffic or learn MAC addresses Listening Indicates that the port is in Listening mode The port cannot forward traffic nor can it learn MAC addresses Learning Indicates that the portis in Learning mode The port cannot forward traffic however it can learn new MAC addresses ESW 500 Series Switches Administration Guide 288 Configuring Spanning Tree Defining Multiple Spanning Tree Forwarding ndicates that the portis in Forwarding mode The port can forward traffic and learn new MAC addresses e Point to Point Admin Status Indicates whether a point to point link is established o
242. is enabled by default Check Enable in the Enab e Bonjourfield to enable Bonjour on the device Check HTTP and or HTTPS and or CiscoConfig in the Active Bonjour Services field Click Apply Bonjour is enabled and the device is updated TCAM Utilization The 7CAM Utilization Page display the availability of Ternary Content Addressable Memory TCAM resources TCAM is used for high speed searching and performs security QoS and other types of applications In contrast with binary CAM TCAM allows a third matching state of X or Don t Care bits in data searches The first two bit types are 0 and 1 adding more flexibility to searches However the need to encode three possible states instead of two also adds greater resource costs The maximum number of rules that may be allocated by all applications on the device is 1024 Some applications allocate rules upon their initiation Additionally applications that initialize during system boot use some of their rules during the startup process TCAM Allocation To view TCAM Resources ESW 500 Series Switches Administration Guide 70 Managing Device Information TCAM Utilization STEP 1 Click Monitor amp Device Properties gt System Management gt TCAM Utilization The TCAM Utilization Page opens TCAM Utilization Page othictlts cisco 199661 The 7CAM Utilization Page contains the following field e TCAM Utilization Indicates the percentage of the available
243. is saved This field is applicable for BACKUP only STEP 2 Define the relevant fields STEP 3 Click Apply Firmware upgrade is defined and the device is updated Save Configuration Inthe Save Configuration Page network administrators can save configuration files on the device In the Save Configuration Page network administrators can copy configuration files from one device to another These steps can be done from the Menu Based CLI or from the web interface e Copy image from TFTP to device e Change active image on device e Reboot device ESW 500 Series Switches Administration Guide 375 Managing System Files Save Configuration STEP 1 STEP 2 STEP 3 D Click Maintenance gt File Management gt Save Configuration The Save Configuration Page opens Save Configuration Page aftale cisco Save Configuration Semce File Mame fureg Coreg Destination FileName Emra 185612 The Save Configuration Page contains the following fields Source File Name Indicates the device configuration file to copy and the intended usage of the copied file Running Startup or Backup Destination File Name Indicates the device configuration file to copy to and the intended usage of the file Running Startup or Backup Define the relevant fields Click Apply The Configuration Files are updated NOTE Another option to quickly save the Running Configuration to the Startup Conf
244. itches Administration Guide 10 Contents Resetting GVRP Statistics Counters Viewing EAP Statistics Managing RMON Statistics Viewing RMON Statistics Resetting RMON Statistics Counters Configuring RMON History Defining RMON History Control Viewing the RMON History Table Defining RMON Events Control Modifying RMON Event Log Settings Viewing the RMON Events Logs Defining RMON Alarms Modifying RMON Alarm Settings Chapter Aggregating Ports Defining EtherChannel Management Defining EtherChannel Settings Modifying EtherChannel Settings Configuring LACP Chapter Managing Device Diagnostics Ethernet Port Testing Performing GBIC Uplink Testing Configure Span Port Mirroring Monitoring CPU Utilization 403 403 405 406 408 408 408 411 413 415 416 417 421 424 425 427 429 431 434 434 437 438 440 ESW 500 Series Switches Administration Guide 11 Getting Started Introduction Getting Started Introduction Thank you for choosing the Cisco Small Business Pro ESW 500 Series Switch The ESW 500 series is a family of Ethernet switches that addresses network infrastructure and access needs of small business customers for voice data PCs Servers and video applications They are simple to deploy and manage for use with IP phones Access Points IP cameras and Network Attached Storage servers as well as most any Ethernet device The ESW 500 series includes seven Fast Ethernet and GigE switche
245. itching to the next server The possible field values are 1 30 Three is the default value e Dead Time Defines the amount of time minutes that a RADIUS server is bypassed for service requests The range is 0 2000 The Dead Time default is 0 minutes e Key String Defines the default key string used for authenticating and encrypting all RADIUS communications between the device and the RADIUS server This key must match the RADIUS encryption e Usage Type Specifies the RADIUS server authentication type The default value is Login The possible field values are Login indicates that the RADIUS server is used for authenticating user name and passwords 8021X indicates that the RADIUS server is used for 8021X authentication All indicates that the RADIUS server is used for authenticating user name and passwords and 8021X port authentication e Use Default Uses the default value for the parameter STEP 3 Define the relevant fields STEP 4 Click Apply The RADIUS Server is modified and the device is updated Defining Access Methods The access method section contains the following pages e Defining Access Profiles ESW 500 Series Switches Administration Guide 127 Configuring Device Security Defining Access Methods e Defining Profile Rules Defining Access Profiles Access profiles are profiles and rules for accessing the device Access to management functions can be limited to
246. ith all the entries To define ARP Inspection on VLANs ESW 500 Series Switches Administration Guide 210 Configuring Device Security Defining Dynamic ARP Inspection STEP 1 Click Security gt ARP Inspection gt VLAN Settings The ARP Inspection VLAN Settings Page opens ARP Inspection VLAN Settings Page cisco Switch Configuration Ut The ARP Inspection VLAN Settings Page contains the following fields e VLAN ID A user defined VLAN ID to add to the Enabled VLANs list e List Name Contains a list of VLANs in which ARP Inspection is enabled Enabled VLAN Table e VLAN ID Indicates the VLAN which is bound to the ARP Inspection List e List Name Displays names of static ARP Inspection Lists that were assigned to VLANs These lists are defined in the ARP nspection List Page STEP 2 Enter the name of a VLAN ID from the VLAN ID list and click Add This VLAN ID then appears in the list The Add ARP VLAN Settings Page opens ESW 500 Series Switches Administration Guide 211 Configuring Device Security Defining Dynamic ARP Inspection Add ARP VLAN Settings Page Add VLAN Settings VLAN ID it v List Name Defauk The Add ARP VLAN Settings Page contains the following fields e VLAN ID Selectthe VLAN which includes the specified ARP Inspection List e List Name Selecta static ARP Inspection List to assign to the VLAN These lists are defined in the ARP nspection List Page
247. ith the IP address STEP 3 Define the relevant fields STEP 4 Click Apply The ARP Settings are defined and the device is updated ESW 500 Series Switches Administration Guide 249 Configuring IP Information Managing ARP Modifying ARP Settings STEP 1 Click Monitor amp Device Properties gt System Management gt IP Addressing gt ARP The ARP Page opens STEP 2 Click the Edit button The Fait ARP Page opens STEP 3 STEP 4 Edit ARP Page Edit ARP VLAN 1 IP Adh ess 192 1568 107 MAC Ahh ess Status Dynarmec The Edit ARP Page contains the following fields e VLAN Indicates the ARP enabled interface e IP Address Indicates the station IP address which is associated with the MAC address filled in below e MAC Address Indicates the station MAC address whichis associated in the ARP table with the IP address e Status Defines the ARP Table entry status Possible field values are Dynamic ndicates the ARP entry is learned dynamically Static Indicates the ARP entry is a static entry Define the relevant fields Click Apply The ARP Settings are modified and the device is updated ESW 500 Series Switches Administration Guide 250 Configuring IP Information Domain Name System Domain Name System Domain Name System DNS converts user defined domain names into IP addresses Each time a domain name is assigned the DNS service translates the n
248. ivacy and authentication are required 32 bytes are defined Each byte in hexadecimal character strings is two hexadecimal digits Each byte can be separated by a period ora colon This field is available if the Authentication Method is a key Privacy Key Defines the Privacy Key LSB If only authentication is required 20 bytes are defined If both privacy and authentication are required 36 bytes are defined Each byte in hexadecimal character strings is two hexadecimal digits Each byte can be separated by a period or colon This field is available if the Authentication Method is a key Define the relevant fields Click Apply The SNMP User is modified and the device is updated Define SNMP Groups The SNMP Groups Page provides information for creating SNMP groups and assigning SNMP access control privileges to SNMP groups Groups allow network managers to assign access rights to specific device features or features aspects ESW 500 Series Switches Administration Guide 351 Configuring SNMP Configuring SNMP Security STEP 1 Click Monitor amp Device Properties gt SNMP gt Security gt Groups The SNMP Groups Page opens SNMP Groups Page thistle cisco O Geoup hese Security Medel Security Level Operation Read Wise Nesty No Autherbeaton Defaut The SNMP Groups Page contains the following fields e Group Name Displays the user defined group to which privileges are applied e Security Model
249. k topology convergence can take between 30 60 seconds This time may delay detecting possible loops and propagating status topology changes Rapid Spanning Tree Protocol RSTP detects and uses network topologies that allow a faster STP convergence without creating forwarding loops ESW 500 Series Switches Administration Guide 284 Configuring Spanning Tree Defining Rapid Spanning Tree STEP 1 Click VLAN amp Port Settings gt Spanning Tree STP gt RSTP The RS7P Page opens RSTP Page Ahali aeiae cisco Switch Configuration Utility C System Deshtowd ES Copy hom Esay Number te Lawy Numbers Example 1 3 590 Pot EtherChannels Fat Lit Pon Polntto Pett Activate tntesface Pest Role Mode Operational States States Operational Steve Protocol Migra g1 Desatle STP Owai Disstied Enable raa 2 g Disatie STP Disable Disstied Enable aeoe Dsstie st sadie Disstied Enable acar Des able str Js abie Destied Enatte Actuate hadh D Ora atle Cea atte re adie C ha abie D C C D Des atie D n The RS7TP Page contains the following fields Copy From Entry Number Indicate the port from which the STP interface setting are copied To Entry Number s Indicate the port to which the STP interface setting are copied Ports or EtherChannels Radio Buttons Indicates the port for which the STP settings are displayed Interface Indicates the Port or EtherChannels for which th
250. l the EtherChannel to which the selected interface is connected advertises its capabilities to the EtherChannel to start the negotiation process The possible values are those specified in the Admin Advertisement field Admin Speed The configured speed at which the EtherChannel is operating Current EtherChannel Speed The current speed at which the EtherChannel is operating Admin Flow Control Enables or disables flow control or enables the auto negotiation of flow control on the EtherChannel Current Flow Control The user designated Flow Control setting PVE Indicates if this EtherChannel s ports are protected by an uplink so that the forwarding decisions are overwritten by those of the ports that protect them Configuring LACP Aggregate ports can be linked into link aggregation port groups Each group is comprised of ports with the same speed set to full duplex operations Aggregated Links can be manually setup or automatically established by enabling Link Aggregation Control Protocol LACP on the relevant links Aggregate ports can be linked into link aggregation port groups Each group is comprised of ports with the same speed To define LACP ESW 500 Series Switches Administration Guide 431 Aggregating Ports Configuring LACP STEP 1 Click VLAN amp Port Settings gt Port Management gt LACP The LACP Page opens LACP Page Pert Port Prictity LACP Timeout gt a a p
251. l by using the gt gt button to add or the lt lt button to remove items e EtherChannel Members Displays the ports which are members of the selected EtherChannel STEP 3 Define the relevant fields STEP 4 Click Apply The EtherChannel membership is defined and the device is updated Defining EtherChannel Settings EtherChannels optimize port usage by linking a group of ports together to forma single aggregated group EtherChannels multiply the bandwidth between the devices increase port flexibility and provide link redundancy The EtherChannel Settings Page contains fields for configuring parameters for configured EtherChannels The device supports up to eight ports per EtherChannel and eight EtherChannels per system The device support Private VLAN Edge which can be enabled for specific EtherC hannels on the Edit EtherChannel Settings Page ESW 500 Series Switches Administration Guide 427 Aggregating Ports Defining EtherChannel Settings STEP 1 Click VLAN amp Port Settings gt Port Management gt EtherChannel Settings The EtherChannel Settings Page opens EtherChannel Settings Page stfjrafjts cisco EtherChannel Settings Copy hess Entry Number to Entry Mamdes s Acemple 1 9 5 10 EtherChanmel Descida Type State Speed ae om And PvE t EtherChanne t 2 EtherChanre The EtherChannel Settings Page contains the following fields Copy From Entry Number Copies the EtherChannel co
252. ld card mask Wildcards are used to mask all or part of a destination MAC Address Wild card masks specify which octets are used and which octets are ignored A wild card mask of ff ff ff ff fftf indicates that no octet is important A wildcard of 00 00 00 00 00 00 indicates that all the octets are important For example if the destination IP address 09 00 07 A9 B2 EB and the wildcard mask is 00 ff 00 ff 00 ff the 1st 3rd and 5th octets of the MAC address are checked while the 2nd 4th and 6th octets are ignored e VLAN ID Matches the packet s VLAN ID to the ACE The possible field values are 1 to 4095 e Inner VLAN Matches the ACE to the inner VLAN ID of a double tagged packet e 8021p Displays the packet tag value e 8021p Mask Displays the wildcards bits to be applied to the CoS e Ethertype Displays the Ethernet type of the packet e Action Indicates the ACL forwarding action The possible field values are Permit Forwards packets which meet the ACL criteria Deny Drops packets which meet the ACL criteria Shutdown Drops packet that meet the ACL criteria and disables the port to which the packet was addressed ESW 500 Series Switches Administration Guide 163 Configuring Device Security Defining Access Control STEP 3 Define the relevant fields STEP 4 Click Apply The MAC Based ACL is defined and the device is updated Adding Rule to MAC Based ACL STEP 1 Cli
253. lds STEP 3 Click Apply Mapping Profiles is defined and the device is updated ESW 500 Series Switches Administration Guide 116 Configuring Device Security Defining Authentication Defining TACACS The devices provide Terminal Access Controller Access Control System TACACS client support TACACS provides centralized security for validation of users accessing the device TACACS provides a centralized user management system while still retaining consistency with RADIUS and other authentication processes TACACS provides the following services e Authentication Provides authentication during login and via user names and user defined passwords e Authorization Performed at login Once the authentication session is completed an authorization session starts using the authenticated user name The TACACS server checks the user privileges The TACACS protocol ensures network integrity through encrypted protocol exchanges between the device and TACACS server The TACACS default parameters are user assigned defaults The default settings are applied to newly defined TACACS servers If default values are not defined the system defaults are applied to the new TACACS new servers The JACACS Page contains fields for assigning the Default Parameters for the TACACS servers To define TACACS ESW 500 Series Switches Administration Guide 117 Configuring Device Security Defining Authentication
254. le field values are Delta Subtracts the last sampled value from the current value The difference in the values is compared to the threshold ESW 500 Series Switches Administration Guide 418 Viewing Statistics Configuring RMON History Absolute Compares the values directly with the thresholds at the end of the sampling interval Rising Threshold Displays the rising counter value that triggers the rising threshold alarm The rising threshold is presented on top of the graph bars Each monitored variable is designated a color Rising Event Selects an event which is defined in the Events table that triggers the rising threshold alarm The Events Table is displayed in the RMON Events page Falling Threshold Displays the falling counter value that triggers the falling threshold alarm The falling threshold is graphically presented on top of the graph bars Each monitored variable is designated a color Falling Event Selects an event which is defined in the Events table that triggers the falling threshold alarm The Events Table is displayed in the RMON Events Page Startup Alarm Displays the trigger that activates the alarm generation Rising is defined by crossing the threshold from a low value threshold to a higher value threshold Rising Alarm The rising counter value that triggers the rising threshold alarm Falling Alarm The falling counter value that triggers the falling thr
255. led on the port If Fast Link mode is enabled for a port the Port State is automatically placed in the Forwarding state when the port link is up Fast Link optimizes the STP protocol ESW 500 Series Switches Administration Guide 279 Configuring Spanning Tree Defining Spanning Tree Interface Settings convergence STP convergence can take 30 60 seconds in large networks The possible values are Enabled Port Fastis enabled Disable Port Fast is disabled Auto Port Fast mode is enabled a few seconds after the interface becomes active e Root Guard Prevents devices outside the network core from being assigned the spanning tree root Root Guard may be enabled or disabled e BPDU Guard Indicates if BPDU Guard is enabled on the interface BPDU Guard protects the network from invalid configurations It is usually used either when fast link ports ports connected to clients are enabled or when STP is disabled If a BPDU message is received the port shuts down and the device generates an appropriate SNMP trap The possible field values are Enable Enables BPDU guard on the selected port or EtherChannel Disable Disables BPDU guard on the selected port or EtherChannel This is the default value e PortState Displays the current STP state of a port If enabled the port state determines what forwarding action is taken on traffic Possible port states are Disabled Indicates that ST
256. licy Name Selecta Policy to associate with the interface Define the relevant fields Click Apply The QoS Policy Binding is defined and the device is updated Modifying QoS Policy Binding Settings Click Quality of Service gt Advanced Mode gt Policy Binding The Policy Binding Page opens Click the Edit button The Edit QoS Policy Binding Page opens Edit QoS Policy Binding Page Edit Qos Policy Binding Interface gl Policy Name geners map Apply The Edit QoS Policy Binding Page contains the following fields ESW 500 Series Switches Administration Guide 339 Configuring Quality of Service Defining QoS Basic Mode e Interface Displays the interface to which the entry refers e Policy Name Displays the Policy name associated with the interface STEP 3 Define the relevant fields STEP 4 Click Apply The QoS policy binding is modified and the device is updated Defining QoS Basic Mode The Basic Mode Page contains information for enabling Trust on the device Packets entering a QoS domain are classified at the edge of the QoS domain To define the Trust configuration STEP 1 Click Quality of Service gt Basic Mode The Basic Mode Page opens Basic Mode Page thrift cisco Treat stete is disabled while the systems is met ia QoS Basit mode Tisa Mode Always Rewsite DSP _OSCPRewne Apoy The Basic Mode Page contains the following fields ESW 500 Series
257. lues directly with the thresholds at the end of the sampling interval e Rising Threshold Displays the rising counter value that triggers the rising threshold alarm The rising threshold is presented on top of the graph bars Each monitored variable is designated a color ESW 500 Series Switches Administration Guide 420 Viewing Statistics Configuring RMON History STEP 3 STEP 4 STEP 1 STEP 2 e Rising Event Selects an event which is defined in the Events table that triggers the rising threshold alarm The Events Table is displayed in the AMON Events Page e Falling Threshold Displays the falling counter value that triggers the falling threshold alarm The falling threshold is graphically presented on top of the graph bars Each monitored variable is designated a color e Falling Event Selects an event which is defined in the Events table that triggers the falling threshold alarm The Events Table is displayed in the RMON Events Page e Startup Alarm Displays the trigger that activates the alarm generation Rising is defined by crossing the threshold from a low value threshold to a higher value threshold Rising Alarm The rising counter value that triggers the rising threshold alarm Falling Alarm The falling counter value that triggers the falling threshold alarm Rising and Falling The rising and falling counter values that trigger the alarm e Interval Defines the ala
258. ly provided for automatic distribution of VLAN membership information among VLAN aware bridges GVRP allows VLAN aware bridges to automatically learn VLANs to bridge ports mapping without having to individually configure each bridge and register VLAN membership The Global System EtherChannel information displays the same field information as the ports but represents the EtherChannel GVRP information To define GVRP ESW 500 Series Switches Administration Guide 232 Configuring VLANs Defining GVRP Settings STEP 1 Click VLAN amp Port Settings gt VLAN Management gt GVRP Settings The GVRP Settings Page opens GVRP Settings Page Alili cisco GVRP Settings GVRP Global State Custs Copy hom Entry Number Pons Ethet hannels lnterface GVRP State Enabled Enabled Enatled Enabled Enabled Enatled Enabled Enabled Enatied Enatled Fehler Dyn GvnP VLAN Creation Registration Featied Enabled Enabled Enatled Enathed Enabled Enatled Enabled Enabled Gxampte E The GVRP Settings Page contains the following fields 4 3 5 10 e GVRP Global Status Indicates if GVRP is enabled on the device The possible field values are Enable Enables GVRP on the device Disable Disables GVRP on the device e Copy From Entry Number Copies GVRP parameters from the specified table entry e To Entry Number s Assigns the copied GVRP parameters to
259. mes an invalid signature was received Signatures are the means by which the powered device identifies itself to the PSE Signature are generated during powered device detection Classification or maintenance Define the relevant fields Click Apply The PoE Settings are defined and the device is updated ESW 500 Series Switches Administration Guide 385 Managing System Logs Enabling System Logs Managing System Logs The System Logs enable viewing device events in real time and recording the events for later usage System Logs record and manage events and report errors or informational messages Event messages have a unique format as per the SYSLOG protocols recommended message format for all error reporting For example Syslog and local device reporting messages are assigned a Severity code and include a message mnemonic which identifies the source application generating the message It allows messages to be filtered based on their urgency or relevancy Each message severity determines the set of event logging devices that are sent per each event logging This section contains the following pages e Enabling System Logs e Viewing the Device Memory Logs e Viewing the System Flash Logs e Viewing Remote Logs Enabling System Logs Inthe System Messages Settings Page define the levels of event severity that are recorded to the system event logs The event severity levels are listed on this page in descending orde
260. n Viewing Device Health STEP 1 Click Monitor amp Device Properties gt System Management gt Health The Health Page opens Health Page map p cisco Switch Configuration Utilty D Sytem Gasnboars 2SW Health Power Suppty Status Fan Status PS RPS Fant Fan2 Fand Fam Fans Net Present or ow Not Presert Not Presert Not Present 193660 The Health Page contains the following fields e Power Supply Status Displays the power supply status Power supply 1 is displayed as PS in the interface while the redundant power supply is displayed as RPS The possible field values are OK Indicates the power supply is operating normally Fail Indicates the power supply is not operating normally Not Present Indicates a redundant power supply is not connected e Fan Status Displays the fan status The device has five fans Each fan is denoted as fan plus the fan number The possible field values are OK Indicates the fan is operating normally Fail indicates the fan is not operating normally ESW 500 Series Switches Administration Guide 63 Managing Device Information Resetting the Device Not Present Indicates the fan is not present Resetting the Device STEP 1 The Restart Resetpage enables the device to be reset from a remote location Save all changes to the Running Configuration file before resetting the device This prevents the current device configuration from b
261. n Key l Privacy Key l Apply The Edit SNMP User Page contains the following fields User Name Displays the user defined group to which access control rules are applied Provides a user defined local user list Engine ID Indicates the local device engine ID ESW 500 Series Switches Administration Guide 350 Configuring SNMP Configuring SNMP Security STEP 3 STEP 4 Group Name SNMP group which can be chosen from the list to which the SNMP user belongs SNMP groups are defined in the SNMP Group Profile page Authentication Method Indicates the Authentication method used The possible field values are MD5 Key Users are authenticated using a valid HMAC MD5 key SHA Key Users are authenticated using a valid HMAC SHA 96 key MD5 Password Users should enter a password that is encrypted using the HMAC MD5 96 authentication method SHA Password Users should enter a password that is encrypted using the HMAC SHA 96 authentication method None No user authentication is used Password Define the local user password Local user passwords can contain up to 159 characters This field is available if the Authentication Method is a password Authentication Key Defines the HMAC MD5 96 or HMAC SHA 96 authentication level The authentication and privacy keys are entered to define the authentication key If only authentication is required 16 bytes are defined If both pr
262. n Utility They are e Using the default static IP address of the switch e Using Cisco Configuration Assistant e Using a dynamic IP address allocated to the switch via DHCP from DHCP server e Using the Console The first three options to connect to the switch will open the ESW 500 Series Switch Configuration Utility which is a web based device manager used to provision the switch The console option uses a terminal emulation program such as HyperTerminal bundled with Windows or Putty freeware Using the Console does not launch the Switch Configuration Utility and is recommended for advanced users only Using the Console is discussed at the end of this chapter Using the Default Static IP Address To start configuring the switch follow these steps Make sure that there are no devices connected to the switch the switch is not connected to the network and then power up the switch by connecting the power cord A NOTE Ifthe switch was previously connected to the network it may have obtained an IP address from a DHCP server To perform a static IP address installation disconnect all devices and remove the switch from the network Then perform a power cycle of the switch by unplugging the power cable waiting 5 seconds and plugging it back in Connect a PC to port 1 of the switch with an ethernet cable ESW 500 Series Switches Administration Guide 17 Getting Started Connecting to the Switch ST
263. n the port Ports defined as Full Duplex are considered Point to Point port links The possible field values are Enable Device establishes point to point full duplex links Disable Device establishes shared half duplex links Auto Device automatically determines the state e Point to Point Operational Status Indicates the Point to Point operating state e Activate Protocol Migration Test Enables a Protocol Migration Test The test identifies the STP mode of the interface connected to the selected interface The possible field values are Checked Enable Protocol Migration Unchecked Disable Protocol Migration STEP 3 Define the relevant fields STEP 4 Click Apply The Rapid Spanning Tree Settings are modified and the device is updated Defining Multiple Spanning Tree MSTP provides differing load balancing scenarios For example while port A is blocked in one STP instance the same port is placed in the Forwarding State in another STP instance The MS7P Properties page contains information for defining global MSTP settings including region names MSTP revisions and maximum hops The MSTP section contains the following pages e Defining MSTP Properties e Defining MSTP Instance to VLAN e Defining MSTP Instance Settings ESW 500 Series Switches Administration Guide 289 Configuring Spanning Tree Defining Multiple Spanning Tree e Defining MSTP Interface Settings Defining MSTP
264. n todat 18341A From this page you can configure the hostname of the switch location and contact information for support Also you can view important information such as the system uptime software version MAC Address and Serial Number SN Viewing what Devices are Attached to the Switch To view what devices there are attached to the switch click Monitor amp Device Properties gt CDP The CDP page opens ESW 500 Series Switches Administration Guide 31 Getting Started Performing Common Configuration Tasks CDP Page saloja Saat eee cisco Switch Configuration Utility Device ID Local Interface Advertise Version Time to Live Capabilities Ptattoem SPOME OS 6 2 t5 HP Linksys IP Phora SPA SFODEwDIQaD3S 6 2 175 HP Lirik pyt IP Phone SPA SFODISBIDECAIRA 7 2 6 HP Cisco IP Phora SPAS SPONSZIDESEM 2 135 HP Cisco IP Phare SPASO O Esw naer q 2 is S10 esw Sa 24aP Sack _ ent Oosie Review the ports for connecting IP Phones PCs Access Points and the uplink to the Cisco UC520 or SR520 You can change the Voice VLAN from the default of 100 if required Configuring the VLAN Settings for the Switch To add or edit the default VLAN settings click on VLAN amp Port Settings gt VLAN Management gt Properties The Properties page opens A NOTE If the ESW 500 series switch is being deployed into a Cisco SBCS network the installation is plug and play If the switch is being deployed into a non
265. nables users to establish a DHCP configuration with multiple DHCP servers to ensure redundancy The DHCP servers act as a DHCP relay if the parameter is not equal to 0 0 0 0 DHCP requests are relayed only if their SEC field is greater or equal to the threshold value This allows local DHCP Servers to respond first To define the DHCP Relay configuration ESW 500 Series Switches Administration Guide Configuring IP Information Defining DHCP Relay STEP 1 Click Monitor amp Device Properties gt System Management gt IP Addressing gt DHCP Relay gt DHCP Server The DHCP Server Page opens DHCP Server Page cisco Switch Configuration Uti y DHCP Server DHCP Relay Ouse Optics 82 Deste w The DHCP Server Page Server contains the following fields e DHCP Relay Enable or disable DHCP Server on the device The possible values are Enable Enables DHCP Relay on the device Disable Disables DHCP Relay on the device e Option 82 Indicates if Option 82 is enabled for DHCP The possible values are Enable Enables Option 82 for DHCP Disable Disables Option 82 for DHCP J DHCP Server Display the IP address of the DHCP server STEP 2 Click the Add button The Add DHCP Server Page opens ESW 500 Series Switches Administration Guide Configuring IP Information Defining DHCP Relay Interfaces Add DHCP Server Page Add DHCP Server DHCP Server IP Address
266. namic ARP Inspection e Log Buffer Interval Defines the minimal interval between successive Syslog messages The possible field values are Retry Frequency Frequency at which the log is updated The possible range is 0 86400 seconds 0 seconds specifies immediate transmissions of Syslog messages The default value is 5 seconds Never Log is never updated STEP 2 Define the fields STEP 3 Click Apply The ARP Inspection settings are modified and the device is updated Defining ARP Inspection Trusted Interfaces The ARP Inspection Trusted Interfaces Page allows network managers to define trusted and untrusted interfaces These settings are independent of the trusted interface settings defined for DHCP snooping ARP Inspection is enabled only on untrusted interfaces To define trusted interfaces ESW 500 Series Switches Administration Guide 205 Configuring Device Security Defining Dynamic ARP Inspection STEP 1 Click Security gt ARP Inspection gt Trusted Interfaces The ARP Inspection Trusted Interfaces Page opens ARP Inspection Trusted Interfaces Page otfeeafe Sau cisco Switch Configuration L System Dashtoard E gt By Montor amp Dece Trusted Interfaces Ports EtherChannels litertace Trust Obid 199502 The ARP Inspection Trusted Interfaces Page contains the following fields e Ports Specifies the Port on which ARP Inspection Trust mode canbe enabled e
267. ncludes bad packets and FCS octets but excludes framing bits Unicast Packets Displays the number of good Unicast packets received on the interface since the page was last refreshed Multicast Packets Displays the number of good Multicast packets received on the interface since the page was last refreshed Broadcast Packets Displays the number of good broadcast packets received on the interface since the page was last refreshed Packets with Errors Displays the number of packets with errors The Transmit Statistics area contains the following fields Total Bytes octets Displays the number of octets transmitted on the interface since the page was last refreshed This number includes bad packets and FCS octets but excludes framing bits Unicast Packets Displays the number of good Unicast packets transmitted on the interface since the page was last refreshed Multicast Packets Displays the number of good Multicast packets transmitted on the interface since the page was last refreshed Broadcast Packets Displays the number of good broadcast packets transmitted on the interface since the page was last refreshed Resetting Interface Statistics Counters STEP 1 Click Statistics gt Ethernet gt Interface The Ethernet Interface Page opens STEP 2 Click the Clear Counters button The interface statistics counters are cleared Viewing Etherlike Statistics The Etherlike Page contains interface st
268. nctioning but an operational problem has occurred Notice The system is functioning properly but system notice has occurred Informational Provides device information Debug Provides debugging messages STEP 3 Define the relevant fields ESW 500 Series Switches Administration Guide 395 Managing System Logs Remote Log Servers STEP 4 Click Apply The Syslog Server settings are modified and the device is updated ESW 500 Series Switches Administration Guide 396 Viewing Statistics Viewing Ethernet Statistics Viewing Statistics This section describes device statistics for RMON interfaces GVRP EAP and Etherlike statistics This section contains the following topics e Viewing Ethernet Statistics e Managing RMON Statistics e Managing QoS Statistics Viewing Ethernet Statistics The Ethernet section contains the following pages e Defining Interface Statistics e Viewing Etherlike Statistics e Viewing GVRP Statistics e Viewing EAP Statistics Defining Interface Statistics The nterface Statistics Page contains statistics for both received and transmitted packets The nterface Statistics Page is divided into three areas General Information Receive Statistics and Transmit Statistics ESW 500 Series Switches Administration Guide 397 Viewing Statistics Viewing Ethernet Statistics STEP 1 Click Statistics gt Ethernet gt Interface The nterface Statistics P
269. nd or the context e Assignment to Hardware Queues Assigns incoming packets to forwarding queues Packets are sent to a particular queue for handling as a function of the traffic class to which they belong as defined by the classification mechanism e Traffic Class Handling Attributes Applies QoS CoS mechanisms to different classes including Bandwidth Management The Quality of Service section contains the following topics e Managing QoS Statistics e Defining General Settings e Defining Advanced QoS Mode Managing QoS Statistics The QoS Statistics section contains the following pages e Policer Statistics e Aggregated Policer Statistics e Queues Statistics Policer Statistics The Policer Statistics Page indicates the amount of in profile and out of profile packets that are received on an interface To add policer statistics ESW 500 Series Switches Administration Guide 302 Configuring Quality of Service Managing QoS Statistics STEP 1 Click Quality of Service gt QoS Statistics gt Policer Statistics The Po icer Statistics Page opens Policer Statistics Page sthectlts cisco betertace Policy Clave Map te Prefile Bytes Otol Profile Bytes Dente ji Add 193560 The Policer Statistics Page contains the following fields e Interface Displays the interface port or EtherChannel for which Policer Statistics are displayed e Policy Displays the policy for which the statistic
270. nected to the DHCP Server ESW 500 Series Switches Administration Guide 381 Managing Power over Ethernet Devices Defining PoE Settings Managing Power over Ethernet Devices Power over Ethernet PoE provides power to devices over existing LAN cabling without updating or modifying the network infrastructure Power over Ethernet removes the necessity of placing network devices next to power sources Power over Ethernet can be used in the following applications e IP Phones e Wireless Access Points e IP Gateways e Audio and Video Remote Monitoring Powered Devices are devices which receive power from the device power supplies for example IP phones Powered Devices are connected to the device via Ethernet ports Guard Band protects the device from exceeding the maximum power level For example if 400W is maximum power level and the Guard Band is 20W if the total system power consumption exceeds 380W no additional PoE components can be added The accumulated PoE components power consumption is rounded down for display purposes therefore remove value after decimal point This section contains the following section e Defining PoE Settings Defining PoE Settings The PoE Settings Page contains system PoE information for enabling PoE on the device monitoring the current power usage and enabling PoE traps To configure PoE Settings ESW 500 Series Switches Administration Guide 382 Managing Power over Ethernet Devi
271. new Local User is added the default user name cisco will be overwritten To define Passwords ESW 500 Series Switches Administration Guide 108 Configuring Device Security Passwords Management STEP 1 Click Security gt Users and Passwords gt User Authentication The User Authentication Page opens User Authentication Page cisco Switch Configuration GENY 103450 The User Authentication Page contains the following fields e UserName Displays the user name STEP 2 Click the Add button The Add Local User Page opens Add Local User Page Add Local User User Name Password Confirm Password l o L Aay O The Add Local User Page contains the following fields ESW 500 Series Switches Administration Guide 109 Configuring Device Security Passwords Management STEP 3 STEP 4 STEP 1 STEP 2 e UserName Specifies the user name e Password Specifies the new password The password is not displayed As itis entered an corresponding to each character is displayed in the field Range 1 159 characters e Confirm Password Confirms the new password The password entered into this field must be exactly the same as the password entered in the Password field Define the relevant fields Click Apply The local user settings are modified and the device is updated Modifying the Local User Settings Click Security gt Users and Passwords gt User Au
272. nfiguration from the specified table entry To Entry Number s Assigns the copied EtherChannel configuration to the specified table entry EtherChannel Displays the EtherChannel ID number Description Displays the user defined port name Type Displays the port types that comprise the EtherChannel Status Indicates if the EtherChannel is currently operating Speed Displays the configured speed at which the EtherChannel is operating Auto Negotiation Displays the current Auto Negotiation setting Auto Negotiation is a protocol between two link partners that enables a port to advertise its transmission rate and flow control abilities to its partner ESW 500 Series Switches Administration Guide 428 Aggregating Ports Defining EtherChannel Settings STEP 2 STEP 3 STEP 1 STEP 2 e Flow Control Displays the current Flow Control setting Flow control may be enabled disabled or be in auto negotiation mode Flow control operates when the ports are in full duplex mode e PVE Indicates that this EtherChannel s ports are protected by an uplink so that the forwarding decisions are overwritten by those of the ports that protect them Define the relevant fields Click Apply The EtherChannel Settings are defined and the device is updated Modifying EtherChannel Settings Click VLAN amp Port Settings gt Port Management gt EtherChannel Settings The EtherChannel Settings Pag
273. ng Common Tasks 12 12 13 14 14 17 17 24 29 29 30 30 30 31 32 33 34 38 40 41 46 47 47 48 48 52 52 59 59 60 ESW 500 Series Switches Administration Guide Contents Help 60 Defining System Information 60 Viewing Device Health 62 Resetting the Device 64 Managing Cisco Discovery Protocol 65 Defining the Bonjour Discovery Protocol 68 TCAM Utilization 70 Chapter Managing Smart Ports 72 Configuring Smart Ports for Desktops 73 Configuring Smart Ports for IP Phones and Desktops 77 Configuring Smart Ports for Access Points 80 Configuring Smart Ports for Switches 82 Configuring Smart Ports for Routers 84 Configuring Smart ports for Guests 87 Configuring Smart ports for Servers 89 Configuring Smart ports for Printers 91 Configuring Smart ports for VS Camera 94 Configuring Smart Ports for Other 96 Chapter Configuring System Time 99 Defining System Time 99 Defining SNTP Settings 103 Defining SNTP Authentication 105 Chapter Configuring Device Security 108 Passwords Management 108 Modifying the Local User Settings 110 Defining Authentication 111 Defining Profiles 111 Modifying an Authentication Profile 114 ESW 500 Series Switches Administration Guide 4 Contents Mapping Authentication Profiles Defining TACACS Modifying TACACS Settings Defining RADIUS Modifying RADIUS Server Settings Defining Access Methods Defining Access Profiles Defining Profile Rules
274. ning ARP Inspection Trusted Interfaces e Defining ARP Inspection List e Assigning ARP Inspection VLAN Settings Defining ARP Inspection Properties The ARP nspection Properties Page provides parameters for enabling and setting global Dynamic ARP Inspection parameters as well as defining ARP Inspection Log parameters To define ARP Inspection properties ESW 500 Series Switches Administration Guide 203 Configuring Device Security Defining Dynamic ARP Inspection STEP 1 Click Security gt ARP Inspection gt Properties The ARP Inspection Properties Page opens ARP Inspection Properties Page sthialte cisco Enable ARP beepection ARP bengectlon Vatbdate Log Better Interval The ARP Inspection Properties Page contains the following fields e Enable ARP Inspection Enables ARP Inspection on the device The possible field values are Checked Enables ARP Inspection on the device Unchecked Disables ARP Inspection on the device This is the default value e ARP Inspection Validate Enables ARP Inspection Validation on the device The possible field values are Checked Enables ARP Inspection Validation on the device Source MAC Destination MAC and IP addresses are checked in ARP requests and responses Unchecked Disable ARP Inspection Validation on the device This is the default value ESW 500 Series Switches Administration Guide Configuring Device Security Defining Dy
275. nnected to STEP 5 Save these settings and open a connection using the terminal emulation software If a blinking cursor appears press Tab and enter the default username cisco and press Tab again and enter the default password cisco Press Enter to continue STEP 6 The switch main menu opens i System Configuration Hen The System Configuration Menu line should be highlighted STEP 7 Press Enter The page changes to System Configuration Menu IP Configuration ESW 500 Series Switches Administration Guide 49 Getting Started Using The Switch Console Port STEP 8 Scroll down to option 6 IP Configuration and press Enter The IP Configuration Menu opens 1 IPv4 Address Configuratio STEP 9 Highlight option 1 IP v4 Address Configuration and press Enter The IPv4 Address Configuration Menu opens 1 IPv4 Address Settings STEP 10 Highlight option 1 IP v4 Address Settings and press Enter The IPv4 Address Settings page opens ESW 500 Series Switches Administration Guide 50 Getting Started Using The Switch Console Port STEPI STEP 2 STEP 3 STEP 4 The current IP address setting for the ESW 500 series switch is shown If the switch is already connected to the network and obtained an IP address via DHCP this is the IP address which is used to launch the ESW 500 Switch Configuration Utility If you need to change the IP address to a static IP address perform the following
276. nnection between the switch and wireless access points To configure smart ports for access points STEP 1 Openthe Switch Configuration Utility The web application automatically opens to the System Dashboard Page STEP 2 Click Smart Ports Wizard under Ports on the System Dashboard Page The Smart Ports Setting Page opens Smart Ports Setting Page Smart Ports Setting Select Port s for Profile SelectAll Clear All Assign Profile STEP 3 Selecta portor range of ports STEP 4 Select Access Points in the Assign Profile drop down list STEP 5 Click Next The Smart Ports Access Point Settings Page opens ESW 500 Series Switches Administration Guide 80 Managing Smart Ports Configuring Smart Ports for Access Points Smart Ports for Access Points Settings Page Access Point amp Pots ob VLAN Pert Mode Trs Trunk Native VLAN ID 100 iaclude AM Created VLANs Brea cast Steam Coal QeS Policy Macro Desctiptien The Smart Ports for Access Points Settings Page contains the following fields e Ports Indicates the port to which Smart Port wizard settings are applied e VLAN Port Mode Indicates the VLAN port mode enabled on the port The possible value is Trunk Indicates the port belongs to VLANs in which all VLANs are tagged except for one VLAN that is untagged This is the default setting for ports that are connected to access points e Trunk Native VLAN ID Defines the VLA
277. ns the following fields ESW 500 Series Switches Administration Guide 357 Configuring SNMP Configuring SNMP Security e Access Mode Defines the access rights of the community The possible field values are Read Only Management access is restricted to read only and changes cannot be made to the community Read Write Management access is read write and changes can be made to the device configuration but not to the community SNMP Admin User has access to all device configuration options as well as permissions to modify the community e View Name Contains a list of user defined SNMP views e Advanced Enables SNMP Advanced mode for a selected community and contains the following field e Group Name Defines advanced SNMP communities group names STEP 3 Define the relevant fields STEP 4 Click Apply The SNMP Community is defined and the device is updated Modifying SNMP Community Settings STEP 1 Click Monitor amp Device Properties gt SNMP gt Security gt Communities The SNMP Communities Page opens STEP 2 Click the Edit Button The Edit SNMP Community Page Edit SNMP Community Page Edit SNMP Community SHMP Management fii Community String ComString z Basic Access Mode Read Only z MV View Name Default z Advanced Group Name o2 J Apply The Edit SNMP Community Page contains the following fields e SNMP Management Defines the management
278. nt For example if the source IP address 149 36 184198 and the wildcard mask is 255 36184 00 the first eight bits of the IP address are ignored while the last eight bits are used e Destination IP Address Displays the destination IP address to which packets are addressed to the ACE Wildcard Mask Displays the destination IP address wildcard mask e DCSP Matches the packets DSCP value e P Prec Matches the packet IP Precedence value to the ACE Either the DSCP value or the IP Precedence value is used to match packets to ACLs The possible field range is 0 7 e Action Indicates the action assigned to the packet matching the ACL Packets are forwarded or dropped In addition the port can be shut down a trap can be sent to the network administrator or packet is assigned rate limiting restrictions for forwarding The options are as follows Permit Forwards packets which meet the ACL criteria Deny Drops packets which meet the ACL criteria Shutdown Drops packet that meets the ACL criteria and disables the port to which the packet was addressed Ports are reactivated from the Port Management page Match IP Precedence Matches the packet IP Precedence value to the ACE Either the DSCP value or the IP Precedence value is used to match packets to ACLs The possible field range is 0 7 e Delete ACL button To remove an ACL click the Delete ACL button e Delete Rule button To remove
279. nted Dynamne Lock Lented Dynama Lock Lented Dyname Lock Lented Dyna Lock 1 199470 e Ports Radio Button Indicates the Port on which port security is configured e EtherChannels Radio Button Indicates the EtherChannel on which port security is configured e Interface Displays the port or EtherChannel name e Interface Status Indicates the port security status The possible field values are Unlocked ndicates the portis currently unlocked This is the default value Locked indicates the portis currently locked e Learning Mode Defines the locked port type The Learning Mode field is enabled only if Locked is selected in the Interface Status field In order to change the Learning Mode the Lock Interface must be set to Unlocked Once the mode is changed the Lock Interface can be reinstated The possible field values are ESW 500 Series Switches Administration Guide 143 Configuring Device Security Defining Traffic Control Classic Lock Locks the port using the classic lock mechanism The portis immediately locked regardless of the number of addresses that have already been learned Limited Dynamic Lock Locks the port by deleting the current dynamic MAC addresses associated with the port The port learns up to the maximum addresses allowed on the port Both relearning and aging MAC addresses are enabled D NOTE For the port transitioning from classic lock to limi
280. nterface Settings Page opens Edit Interface Settings Page Edit Interface Settings Interface gi STP Enable Port Fast Enabled Lradle Root Guard Enable BPDU Gua d Port State Speed 1000M Path Cost 2000000 v Or sabled Default Path Cost Priosny 128 Designated Bridge ID N A Designated Port ID NIA Designated Cost N A Forward Transitions N A Ethe Charnel The Edit Interface Settings Page contains the following fields e Interface Selects the port number on which Spanning Tree is configured e STP Enables or disables STP on the port The possible field values are Enable Enables STP onthe port Disable Disables STP onthe port e PortFast Indicates if Fast Link is enabled on the port If Fast Link mode is enabled for a port the Port State is automatically placed in the Forwarding state when the port link is up Fast Link optimizes the STP protocol convergence STP convergence can take 30 60 seconds in large networks The possible values are ESW 500 Series Switches Administration Guide 282 Configuring Spanning Tree Defining Spanning Tree Interface Settings Enabled Enables Port Fast on the port Disabled Disables Port Fast on the port Auto Enables Port Fast mode a few seconds after the interface becomes active e Enable Root Guard Enable the prevention of a devices outside the network core from being assigned the spanning tree root The possible field val
281. ntrol enables limiting the amount of Multicast and Broadcast frames accepted and forwarded by the device When Layer 2 frames are forwarded Broadcast and Multicast frames are flooded to all ports on the relevant VLAN This occupies bandwidth and loads all nodes connected on all ports A Broadcast Storm is a result of an excessive amount of broadcast messages simultaneously transmitted across a network by a single port Forwarded message responses are heaped onto the network straining network resources or causing the network to time out Storm Control is enabled per all ports by defining the packet type and the rate the packets are transmitted The system measures the incoming Broadcast and Multicast frame rates separately on each port and discards the frames when the rate exceeds a user defined rate Storm Controlis enabled perportonGE devices and persystem onFE devices not applicable to ESW 520 8P devices The Storm Control Page provides fields for configuring Broadcast Storm Control To define storm control ESW 500 Series Switches Administration Guide 138 Configuring Device Security Defining Traffic Control STEP 1 Click Security gt Traffic Control gt Storm Control The Storm Control Page opens Storm Control Page othtetliy cisco BE 0 ri EFNEW Aa on TS Storm Control Vabnows Unicast Group Comtol Rate Threshold Copy hiom Entry Number to Entry umbes ted Maanga t3510 Pon Enable Broadcast C
282. of the port speed Spanning Tree Port Fast Indicates if Fast Link is enabled on the port If Fast Link mode is enabled for a port the Port State is automatically placed in the Forwarding state when the port link is up Fast Link optimizes the STP protocol convergence STP convergence can take 30 60 seconds in large networks Fast Port is enabled by default Spanning Tree BPDU Guard Indicates if BPDU Guard is enabled on the interface BPDU Guard protects the network from invalid configurations It is usually used either when fast link ports ports connected to clients are enabled or when STP is disabled If a BPDU message is received the port shuts down and the device generates an appropriate SNMP trap BPDU guard is enabled by default QoS Policy Indicates that the default QoS policy settings are applied to the port The Default policy is voice map Macro Description Indicates the type of device connected to the port For IP Phones Desktops this field is always P Phones Desktops Select a VLAN in the Data VLAN drop down list Click Apply The IP Phone Desktop port settings are saved and the device is updated Click OK The Smart ports Setting page opens ESW 500 Series Switches Administration Guide 79 Managing Smart Ports Configuring Smart Ports for Access Points Configuring Smart Ports for Access Points The Smart Ports for Access Points Page allows network administrators to manage the co
283. olicy map only if the classes have defined match criteria An aggregate policer can be applied to multiple classes in the same policy map but an aggregate policer cannot be used across different policy maps Define an aggregate policer if the policeris shared with multiple classes Policers in one port cannot be shared with other policers in another device Traffic from two different ports can be aggregated for policing purposes To define Aggregate Policers ESW 500 Series Switches Administration Guide 329 Configuring Quality of Service Defining Advanced QoS Mode STEP 1 Click Quality of Service gt Advanced Mode gt Aggregate Policer The Aggregate Policer Page opens Aggregate Policer Page sthtcttts cisco Aggregate Ingress Ingress Police Name OR cps Faced Action Ode i A The Aggregate Policer Page contains the following fields Aggregate Policer Name Specifies the Aggregate Policer Name Ingress CIR Defines the Committed Information Rate CIR in Kbits per second Ingress CbS Defines the Committed Burst Size CbS in bytes per second Exceed Action Action assigned to incoming packets exceeding the CIR Possible values are Drop Drops packets exceeding the defined CIR value Remark DSCP Remarks packet s DSCP values exceeding the defined CIR value None Forwards packets exceeding the defined CIR value STEP 2 Click the Add button The Add QoS Aggregate Polic
284. omatically placed in the Forwarding state when the port link is up Fast Link optimizes the STP protocol convergence STP convergence can take 30 60 seconds in large networks Port Fast is enabled by default Spanning Tree BPDU Guard Indicates if BPDU Guard is enabled on the interface BPDU Guard protects the network from invalid configurations It is usually used either when fast link ports ports connected to clients are enabled or when STP is disabled If a BPDU message is received the port shuts down and the device generates an appropriate SNMP trap Spanning Tree BPDU Guard is enabled by default QoS Policy Indicates that the default QoS policy settings are applied to the port The name of the default QoS policy is general map Macro Description Indicates the type of device connected to the port For desktops this field is always Desktop Select a VLAN in the VLAN ID drop down list ESW 500 Series Switches Administration Guide 76 Managing Smart Ports Configuring Smart Ports for IP Phones and Desktops STEP 6 Click Apply The Desktop port settings are saved and the device is updated Configuring Smart Ports for IP Phones and Desktops The Smart Ports for IP Phones and Desktops Page allows network administrators to define settings between the switch and the IP Phone This helps ensure proper network management for voice traffic The Smart Port IP Phone and Desktop wizard allows network mangers to connect
285. on STEP 1 Click Maintenance gt File Management gt Copy Configuration File The Copy Configuration File Page opens Copy Configuration File Page othiilts cisco Hf Copy Configuration File vie TIP vie HTTP J BACKUP Source File Name Destination File Type Marrrgante Vina Je 185613 The Copy Configuration File Page contains the following fields e viaTFTP Download and upload files using TFTP e via HTTP Download and upload files using HTTP Via TFTP e UPGRADE Specifies that the configuration file is associated with a upgrade e BACKUP Specifies that the configuration file contains the system backup configuration e TFTP Server Specifies the TFTP Server IP Address for downloading or uploading the file e Source File Name Name of the configuration file ESW 500 Series Switches Administration Guide 378 Managing System Files Active Image e Destination File Type Specifies the type of configuration file to be created The possible values are Running Config Contains the configuration currently valid on the device Starting Config Contains the configuration which will be valid following system startup or reboot The Startup configuration is only active after the device is reset Backup Config Contains a copy of the system configuration for restoration following a shutdown or a fault Via HTTP Use the Browse button to navigate to t
286. on operational The possible field values are Up Indicates the port is currently operating Down Indicates the port is currently not operating Current Port Status Displays the port connection status Reactivate Suspended Port Reactivates a port if the port has been disabled through the locked port security option or through Access Control List configurations Operational Status Indicates whether the portis currently active or inactive Admin Speed Displays the configured rate for the port The port type determines what speed setting options are available You can designate Admin Speed only when the port auto negotiation is disabled Current Port Speed Displays the current port speed Admin Duplex Defines the port duplex mode This field is configurable only when auto negotiation is disabled and the port speed is set to 10M or 100M This field cannot be configured on EtherChannels The possible field values are Full Indicates that the interface supports transmission between the device and the client in both directions simultaneously Half ndicates that the interface supports transmission between the device and the client in only one direction at a time Current Duplex Mode Displays the port current duplex mode Auto Negotiation Enables or Disables Auto Negotiation on the port Auto Negotiation enables a port to advertise its transmission rate duplex mode and flow control a
287. on If SNMP v3is enabled the User Name and Security Level fields are enabled for configuration e User Name Defines the userto whom SNMP notifications are sent e Security Level SNMP v3 Defines the means by which the packet is authenticated The possible field values are No Authentication Indicates the packet is neither authenticated nor encrypted Authentication ndicates the packet is authenticated Privacy Indicates the packet is both authenticated and encrypted The UDP Port Notification Recipient area contains the following fields e UDP Port Displays the UDP port used to send notifications The default is 162 e Filter Name Indicates if the SNMP filter for which the SNMP Notification filter is defined e Informs Timeout Indicates the amount of time seconds the device waits before re sending informs The default is 15 seconds e Informs Retries Indicates the amount of times the device re sends an inform request The default is 3 attempts Define the relevant fields Click Apply The SNMP Notification Receivers are modified and the device is configured Defining SNMP Filter Settings The Filter Settings Page permits filtering traps based on OIDs Each OID is linked to a device feature or a feature aspect The Filter Settings Page also allows network managers to filter notifications ESW 500 Series Switches Administration Guide 367 Configuring SNMP Defining Trap Managem
288. on Type l Traps SHMPv1 2 Community String c omStr3 Notification Version l SNMPy1 SHMPu3 User Name Security Level NoAuthentication J UDP Port 162 Filter Hame fa Informs Timeout eo Informs Retries Apply The Edit SNMP Notification Recipient Page contains the following fields e Recipient IP Address Indicates the IP address to whom the traps are sent e Notification Type Defines the notification sent The possible field values are Trap ndicates traps are sent Inform ndicates informs are sent Either SNMP v1 2 or SNMPv3 may be used as the version of traps with only one version enabled at a single time The SNMP v1 2 Notification Recipient area contains the following fields e SNMPv1 2 Enables SNMP v1 2 as the Notification version If SNMP v1 2 is enabled the Community String and Notification Version fields are enabled for configuration e Community String SNMP v1 2 Identifies the community string of the trap manager e Notification Version SNMP v1 2 Determines the trap type The possible field values are ESW 500 Series Switches Administration Guide 366 Configuring SNMP Defining Trap Management STEPS STEP 4 SNMP VI Indicates SNMP Version 1 traps are sent SNMP V2 Indicates SNMP Version 2 traps are sent The SNMPv3 Notification Recipient area contains the following fields e SNMPv3 Enables SNMPv3 as the Notification versi
289. on to the Startup Configuration is to click Save Configuration at the top of the page This link is initially grayed out Once switch configuration changes are made the link becomes active Upgrading the Firmware on the Switch The following steps show how to download install and make a new firmware release the active image on the switch ESW 500 Series Switches Administration Guide 41 Getting Started Performing Common Configuration Tasks STEP 1 STEP 2 STEP 3 STEP 4 Ensure the PC has IP connectivity to the ESW 500 series switch The switch can be upgraded through the TFTP or HTTP protocol If you choose to use TFTP the PC needs to have a TFTP server running on it A free TFTP server can be downloaded from http w w w solarwinds com downloads index aspx Download the latest ESW 500 series software file from ww w cisco com go esw500help If you choose to use TFTP make sure it is stored in the root directory of the TFTP server running on your PC Download the software image from the PC to the ESW 500 series switch Click on Maintenance gt File Management gt Software Upgrade The Software Upgrade page opens Software Upgrade Page ajel Satay cisco Switeh Configuration Utility Software Upgrade UPGRADE BACKUP Ove TIP via HTTP File Type TEIP Serves Sauce File i mar STEP5 ForTFTP Enterthe PC IP address in the TFTP Serverfield the exact filename for the image in Source F
290. ontrai Broadcast Rate Thiesteld Broadcast Mode t t Enabied 10000 Broadcast Onity 2 Enebied 1000 Browdcant Oniy a Enwi 10000 Brosicert O Enabled 100 Brosdcast Ory TR ER E 8 E FE Enabea 100 Broadcast Ont Enabied 10000 Broadcast On Enabied 10000 Browicant O Enabled 10000 Brosdcast Orv 9 Enabled 1000 Broadcast Ont The Storm Control Page contains the following fields Unknown Unicast Group Control On ESW 520 devices sets the Unknown Unicast Control as the Broadcast Mode globally defined on the device Rate Threshold On FE devices sets the maximum rate packets per second at which unknown packets are forwarded The range rate is 3500 100 000 Kbps Copy From Entry Number Copies the storm control configuration from the specified table entry To Entry Number s Assigns the copied storm control configuration to the specified table entry Port Indicates the port from which storm control is enabled Enable Broadcast Control Indicates if Broadcast packet types are forwarded on the specific interface The possible field values are Enable Enables Broadcast packet types to be forwarded This is the default value ESW 500 Series Switches Administration Guide 139 Configuring Device Security Defining Traffic Control Disable Disables Broadcast packet types to be forwarded e Broadcast Rate Threshold Indicates the maximum rate kilobits per second at which unknown packe
291. or Paris is GMT 1 ESW 500 Series Switches Administration Guide 100 Configuring System Time Defining System Time while the local time in New York is GMT 5 There are two types of daylight settings either by aspecific date ina particular year or a recurring setting irrespective of the year For a specific setting in a particular year complete the Daylight Savings area and for a recurring setting complete the Recurring area e Daylight Savings Enables the Daylight Savings Time DST on the device based on the devices location The possible field values are USA The device switches to DST 2 a m on the second Sunday of March and reverts to standard time at 2 a m on the first Sunday in November European The device switches to DST at 1 00 am on the last Sunday in March and reverts to standard time at 1 00 am on the last Sunday in October The European option applies to EU members and other European countries using the EU standard Other The DST definitions are user defined based on the device locality If Other is selected the Fromand 7o fields must be defined e Time Set Offset 1 1440 Indicates the difference in minutes between DST and the local standard time The default time is 60 minutes The following fields are active for non USA and European countries e From Indicates the time that DST ends in countries other than USA or Europe in the Day Month Year format in one field and time in
292. or defining SNMP notification parameters ESW 500 Series Switches Administration Guide 359 Configuring SNMP Defining Trap Management STEP 1 Click Monitor amp Device Properties gt SNMP gt Trap Management gt Trap Settings The Trap Settings Page opens Trap Settings Page Affi cisco Enable SUMP Neaifications Enable Atheetication Re iications Apply The Trap Settings Page contains the following fields e Enable SNMP Notification Specifies whether the device can send SNMP notifications The possible field values are Checked Enables SNMP notifications Unchecked Disables SNMP notifications e Enable Authentication Notification Specifies whether SNMP authentication failure notification is enabled on the device The possible field values are Checked Enables the device to send authentication failure notifications Unchecked Disables the device from sending authentication failure notifications STEP 2 Define the relevant fields STEP 3 Click Apply The SNMP Trap settings are defined and the device is updated ESW 500 Series Switches Administration Guide 360 Configuring SNMP Defining Trap Management STEP 1 Configuring Station Management The Station Management Page contains information for defining filters that determine whether traps are sent to specific users and the trap type sent SNMP notification filters provide the following services e Ident
293. ort The name of the default QoS policy is router map Macro Description Indicates the type of device connected to the port For routers this field is always Router STEP 6 Selecta VLAN inthe Trunk Native VLAN ID drop down list ESW 500 Series Switches Administration Guide 86 Managing Smart Ports Configuring Smart ports for Guests STEP 7 Select with trunks are permitted in the VLAN using the Add and Delete buttons STEP 8 Click Apply The routing port settings are saved and the device is updated STEP 9 Click OK The Smart ports Setting page opens Configuring Smart ports for Guests The Smart Ports Setting Page allows network administrators to manage network settings between the switch and a guest in the company It is recommended that this connection be restricted to specific applications To configure Smart ports for a guest STEP 1 Openthe Small Business Pro web application The web application automatically opens to the Ports are enabled for the Smart Port wizards by default However the initial configuration of the Smart Ports wizards can only occur if the Startup Configuration file is empty STEP 2 Click Smart ports Wizard under Ports on the Ports are enabled for the Smart Port wizards by default STEP 3 Selecta portor range of ports STEP 4 Select Guestin the Assign Profile dropdown box Smart ports Setting Page Smart Ports Setting Select Port s for Profile aia see Tere aO 16 s
294. orwarded or tail dropped Drop Precedence Displays the drop precedence assigned to the packets forwarded or tail dropped for which statistics are displayed e Total packets Displays the total number of packets forwarded or tail dropped e TD packets Displays the percentage of packets that were tail dropped ESW 500 Series Switches Administration Guide 308 Configuring Quality of Service Managing QoS Statistics STEP 2 Click the Add button The Add Queues Statistics Page opens Add Queues Statistics Select Counter Set Sel 1 Interface Pon gi OAI Pons Quere 1 Diop Precedence low Adding Queues Statistics The Add Queues Statistics Page contains the following fields Select Counter Set Selects the counter set Interface Defines the ports for which statistics are displayed The possible field values are Port Selects the port or which statistics are displayed All Ports Specifies that statistics are displayed for all ports Queue Selects the queue for which statistics are displayed Drop Precedence Selects the drop precedence assigned to the packets forwarded or tail dropped for which statistics are displayed STEP 3 Define the relevant fields STEP 4 Click Apply The Queues Statistics are defined and the device is updated Resetting Queue Statistics Counters To clear the statistics counters click the Clear Counters button ESW 500 Series Swit
295. otfuctfae CISCO ADMINISTRATION GUIDE Cisco Small Business Pro ESW 500 Series Switches otfectdus Americas Headquarters Asia Pacific Headquarters Europe Headquarters Cisco Systems Inc Cisco Systems USA Pte Ltd Cisco Systems International BV Cc l S Cc O m San Jose CA Singapore Amsterdam The Netherlands Cisco has more than 200 offices worldwide Addresses phone numbers and fax numbers are listed on the Cisco Website at www cisco com go offices CCDE CCENT Cisco Eos Cisco Lumin Cisco Nexus Cisco StadiumVision Cisco TelePresence Cisco WebEx the Cisco logo DCE and Welcome to the Human Network are trademarks Changing the Way We Work GAP Live Play and Learn and Cisco Store are service marks and Access Registrar Aironet AsyncOS Bringing the Meeting To You Catalyst CCDA CCDP CCIE CCIP CCNA CCNP CCSP CCVP Cisco the Cisco Certified Internetwork Expert logo Cisco IOS Cisco Press Cisco Systems Cisco Systems Capital the Cisco Systems logo Cisco Unity Collaboration Without Limitation EtherFast EtherSwitch Event Center Fast Step Follow Me Browsing FormShare GigaDrive HomeLink Internet Quotient IOS iPhone iQuick Study IronPort the IronPort logo LightStream Linksys MediaTone MeetingPlace MeetingPlace Chime Sound MGX Networkers Networking Academy Network Registrar PCNow PIX PowerPanels ProConnect ScriptShare SenderBase SMARTnet Spectrum Expert StackWise The Fastest Way to Increase
296. otification Recipient area contains the following fields e UDP Port Displays the UDP port used to send notifications The default is 162 ESW 500 Series Switches Administration Guide 364 Configuring SNMP Defining Trap Management e Filter Name Defines if the SNMP filter for which the SNMP Notification filter is defined e Timeout Indicates the amount of time seconds the device waits before re sending informs The default is 15 seconds e Retries Indicates the amount of times the device re sends an inform request The default is 3 attempts STEP 3 Define the relevant fields STEP 4 Click Apply The SNMP Notification Recipient settings are defined and the device is updated Modifying SNMP Notifications The Edit SNMP Notification Recipient Page allows system administrators to define notification settings The Edit SNMP Notification Recipient Page is divided into four areas Notification Recipient SNMP v1 2 Notification Recipient SNMPv3 Notification Recipient and UDP Port Notification Recipient STEP 1 Click Monitor amp Device Properties gt SNMP gt Trap Management gt Station Management STEP 2 Click the Edit button The Edit SNMP Notification Recipient Page opens ESW 500 Series Switches Administration Guide 365 Configuring SNMP Defining Trap Management Edit SNMP Notification Recipient Page Edit SNMP Notification Recipient Recipient IP Address l Lada Hotificati
297. over the network DPR Matches the packet to the nter Domain Policy Routing IDPR protocol RSVP Matches the packet to the ReSerVation Protoco RSVP GRE Matches the packet to the Generic Routing Encapsulation GRE protocol ESP Matches the packet to the Encapsulating Security Payload ESP protocol ESW 500 Series Switches Administration Guide 169 Configuring Device Security Defining Access Control AH Authentication Header AH Provides source host authentication and data integrity EIGRP Enhanced Interior Gateway Routing Protocol EIGRP Provides fast convergence support for variable length subnet mask and supports multiple network layer protocols OSPF The Open Shortest Path First OSPF protocol is a link state hierarchical Interior Gateway Protocol IGP for network routing Layer Two 2 Tunneling Protocol an extension to the PPP protocol that enables ISPs to operate Virtual Private Networks VPNs PIP IP over P IPIP Encapsulates IP packets to create tunnels between two routers This ensure that IPIP tunnel appears as a single interface rather than several separate interfaces IPIP enables tunnel intranets occur the internet and provides an alternative to source routing PIM Matches the packet to Protocol Independent Multicast PIM L2TP Matches the packet to Layer 2 Internet Protoco L2IP ISIS Intermediate System Intermediate System I
298. ping Page enables mapping Differentiated Services Code Point DS CP values from incoming packets to DSCP values in outgoing packets The DSCP values can be modified only within the queue range This information is important when traffic exceeds user defined limits To map DSCP values ESW 500 Series Switches Administration Guide 325 Configuring Quality of Service Defining Advanced QoS Mode STEP 1 Click Quality of Service gt Advanced Mode gt DSCP Mapping The DSCP Mapping Page opens DSCP Mapping Page cisco Switch Configuration Ut sree Severs EN DSCP Mapping Mentai amp Doves P Martenas OSCP in DSOP Out DSCP in DSOP Out 0 0 G x a9 0 mv gt DESG Ry 0 7 w DSCP in OSCP Out a 2a 59 a se w A o a a ow a o The DSCP Mapping Page contains the following fields e DSCP In Indicates the DSCP value in the incoming packet which will be mapped to an outgoing packet e DSCP Out Sets a mapped DSCP value in the outgoing packet for the corresponding incoming packet STEP 2 Define the relevant mapping STEP 3 Click Apply DSCP incoming values are mapped to DSCP outgoing values and the device is updated ESW 500 Series Switches Administration Guide 326 Configuring Quality of Service Defining Advanced QoS Mode Defining Class Mapping The Class Mapping Page contains parameters for
299. ply ESW 500 Series Switches Administration Guide 36 Getting Started Performing Common Configuration Tasks Smart Ports Settings Wizard Access Point Access Point Ports VLAN Port Mode Trunk Native VLAN ID feclude AM Created VLANs EI Broadcast Steam Control 10 OeS Policy gererabmap Macio Desctiptien Access Pont Back j pdapiy mi Rems marked st gay will net be configured st allowed VLANS STEP 5 A confirmation page opens Review your changes and click OK Smart Ports Settings Wizard Access Point Setting Status Access Point Setting Status Successful ports e406 Por All Selected VLAN Port Mode v VLAN Membership Broadcast Storm Control Quality of Service Unchanged Ports OK STEP 6 Return to the System Dashboard and click on the Smart Ports Wizard The icons for ports 4 6 should appear as follows ESW 500 Series Switches Administration Guide 37 Getting Started Performing Common Configuration Tasks Smart Ports Setting Smart Ports Setting Select Port s for Profile Select All Clear Al Assign Profite Checking the Device Power Consumption Check the overview of the power consumption on the switch Click System Dashboard gt PoE Settings The PoE Settings page opens ESW 500 Series Switches Administration Guide 38 Getting Started Performing Common Configuration Tasks PoE Settings Page pati Switch Configu l PoE Settings Total
300. printers this field is always Printer Select a VLAN in the VLAN ID dropdown box Click Apply The Server port settings are saved and the device is updated Click OK The Smart ports Setting page opens ESW 500 Series Switches Administration Guide 93 Managing Smart Ports Configuring Smart ports for VS Camera Configuring Smart ports for VS Camera The Smart ports Setting Page allows network administrators to define settings between the device and a video surveillance camera To configure ports using a VS camera STEP 1 Openthe Small Business Pro web application The web application automatically opens to the Ports are enabled for the Smart Port wizards by default However the initial configuration of the Smart Ports wizards can only occur if the Startup Configuration file is empty STEP 2 Click Smart ports Wizard under Ports on the Ports are enabled for the Smart Port wizards by default STEP 3 Selecta portor range of ports STEP 4 Select VS Camera inthe Assign Role dropdownbox Smart ports Setting Page Smart Ports Setting Select Port s for Profile Select All Clear All Assign Profile Next STEP 5 Click Next The Smartports VS Camera Settings Page opens ESW 500 Series Switches Administration Guide 94 Managing Smart Ports Configuring Smart ports for VS Camera Smart ports VS Camera Settings Page VS Camera Ports e8 VLAN Port Mode Access Trunk Native VLAN ID Ma Por
301. process all commands in the Startup file are copied to the Running Configuration File and applied to the device During the session allnew commands entered are added to the commands existing in the Running Configuration file Commands are not overwritten To update the Startup file before powering down the device the Running Configuration file must be copied to the Startup Configuration file The next time the device is restarted the commands are copied back into the Running Configuration file from the Startup Configuration file Backup Configuration File Contains a backup copy of the device configuration The Backup file is generated when the Running Configuration file or the Startup file is copied to the Backup file The commands copied into the file replaces the existing commands saved in the Backup file The Backup file contents can be copied to either the Running configuration or the Startup Configuration files ESW 500 Series Switches Administration Guide 373 Managing System Files Software Upgrade e Image Files Software upgrades are used when a new version file is downloaded Software Upgrade Firmware files are downloaded as required for upgrading the firmware version or for backing up the system configuration File names cannot contain slashes or the leading letter of the file name should not be a period and the maximum length for file names on the TFTP server is 127 characters or 31 characters for
302. r Defined Detaut Gateway Actio Detautt Geteway 102258101 Ramove ther Definod 18240 The Pv4 Interface Page contains the following fields Get Dynamic IP from DHCP Server Retrieves the IP addresses using DHCP Static IP Address Permanent IP addresses are defined by the administrator IP addresses are either configured on the Default VLAN or are user defined Management VLAN Sets the management VLAN The switch uses this VLAN to watch for management packets from Telnet and web browser management sessions Management VLAN is set to 1 or 100 by default IP Address The currently configured IP address Network Mask Displays the currently configured IP address mask Prefix Length Specifies the prefix length The range is 5 128 64 in the case EUI 64 parameter is used User Defined Default Gateway Manually defined default gateway IP address ESW 500 Series Switches Administration Guide Configuring IP Information Defining DHCP Relay e Active Default Gateway Active default gateway s IP Address e Remove User Defined Removes the selected IP address from the interface The possible field values are Checked Removes the IP address from the interface Unchecked Maintains the IP address assigned to the Interface STEP 2 Define the relevant fields STEP 3 Click Apply The IP information is defined and the device is updated Defining DHCP Relay The DHCP Server Page e
303. r from the highest severity to the lowest When a severity level is selected to appear ina log all higher severity events will automatically be selected to appear in the log Conversely when a security level is not selected no lower severity events will appear in the log For example if Warning is selected all severity levels higher and including Warning will appear in the log Additionally no events with a lower severity level than Warning will be listed To define Log Global Parameters ESW 500 Series Switches Administration Guide 386 Managing System Logs Enabling System Logs STEP 1 Click Maintenance gt System Logging gt System Messages Settings The System Messages Settings Page opens System Messages Settings Page Enable Legging Sewarity Memory Lage Flash Loge Emergency E e The System Messages Settings Page contains the follow ing fields e Enable Logging Indicates if message logging is enabled globally in the device e Severity The following are the available severity levels Emergency The system is not functioning Alert The system needs immediate attention Critical The system is in a critical state Error A system error has occurred Warning A system warning has occurred Notice The system is functioning properly but system notice has occurred Informational Provides device information ESW 500 Series Switches Administration Guide 387 Managing Sys
304. r minute second format for example 2 days 5 hours 10 minutes and 4 seconds STEP 2 Define the relevant fields STEP 3 Click Apply STP is enabled and the device is updated Defining Spanning Tree Interface Settings Network administrators can assign STP settings to specific interfaces in the STP Interface Settings Page To assign STP settings to an interface ESW 500 Series Switches Administration Guide 278 Configuring Spanning Tree Defining Spanning Tree Interface Settings STEP 1 Click VLAN amp Port Settings gt Spanning Tree STP gt Interface Settings The STP Interface Settings Page opens Interface Settings Page ajiaji Pemes Pe a cisco Switch m The STP nterface Settings Page contains the following fields Copy From Entry Number Indicate the port from which the STP interface setting are copied To Entry Number s Indicate the port to which the STP interface setting are copied Interface Displays the STP Interface settings of device ports Ports Display the STP Interface settings of device ports EtherChannels Display the STP Interface settings of device EtherC hannels Port Indicates the port or EtherChannel on which STP is enabled STP Indicates if STP is enabled on the port The possible field values are Enable indicates that STP is enabled on the port Disables Indicates that STP is disabled on the port Port Fast Indicates if Fast Link is enab
305. rChannel 7 Link Net Present EtherChannel Lath Net Present Bott Active The EtherChannel Management Page contains the following fields e EtherChannel Displays the EtherChannel number e Name Displays the EtherChannel name ESW 500 Series Switches Administration Guide 425 Aggregating Ports Defining EtherChannel Management e Link State Displays the link operational status e Member Displays the ports configured to the EtherChannel Modifying LAG Membership STEP 1 Click VLAN amp Port Settings gt Port Management gt EtherChannel Management The EtherChannel Management Page opens STEP 2 Click the Edit button The Edit EtherChannel Management Page opens Edit EtherChannel Management Page Edit EtherChannel Management EtherChannel fi EtherChannel Hame l LACP o Port List EtherChannel members The Edit EtherChannel Management Page contains the following fields e EtherChannel Displays the EtherChannel number e EtherChannel Name Displays the EtherChannel name e LACP Indicates that LACP is enable on the EtherChannel The possible field values are Checked Enables LACP onthe EtherChannel Unchecked Disables LACP onthe EtherChannel This is the default value ESW 500 Series Switches Administration Guide 426 Aggregating Ports Defining EtherC hannel Settings e Port List Contains a list of ports than can be added to a EtherChanne
306. rce Port Defines the TCP UDP source port to which the ACE is matched This field is active only if 800 6 TCP or 800 17 UDP are selected in the Select from List drop down list The possible field range is 0 65535 e Destination Port Defines the TCP UDP destination port This field is active only if 800 6 TCP or 800 17 UDP are selected in the Select from List drop down list The possible field range is 0 65535 e TCP Flags Filters packets by TCP EtherChannel Filtered packets are either forwarded or dropped Filtering packets by TCP EtherChannels increases packet control which increases network security e ICMP Indicates if ICMP packets are permitted on the network The possible field values are as follows e ICMP Code Indicates and ICMP message code for filtering ICMP packets ICMP packets that are filtered by ICMP message type canalso be filtered by the ICMP message code e IGMP Filters packets by IGMP message or message types e Source IP Address Matches the source port IP address to which packets are addressed to the ACE e Dest IP Address Matches the destination port IP address to which packets are addressed to the ACE e Traffic Class Indicates the traffic class to which the packet is matched e Select either Match DSCP or Match IP e Match DSCP Matches the packet to the DSCP tag value e Match IP Precedence Matches the packet IP Precedence value to the ACE Either the DSCP value or
307. rding types ESW 500 Series Switches Administration Guide 313 Configuring Quality of Service Defining General Settings STEP 1 Click Quality of Service gt General gt Queue The Queue Page opens Queue Page non Gigabit devices stlecatts cisco Switch Configuration Unity 193563 ESW 500 Series Switches Administration Guide 314 Configuring Quality of Service Defining General Settings Queue Page Gigabit devices sthicthes cisco 193569 The Queue Page contains the following fields Fast Ethernet Select whether traffic scheduling on Fast Ethernet interfaces is based on either Strict Priority or WRR This field is applicable to FE devices only not applicable to ESW 520 8P devices The possible field values are Strict Priority ndicates that traffic scheduling for the selected queue is based strictly on the queue priority WRR Indicates that traffic scheduling for the selected queue is based Strictly on the WRR If WRR is selected the predetermined weights 1 2 4 and 8 are assigned to queues 1 2 3 and 4 respectively Queue Displays the queue for which the queue Settings are displayed The possible field range is 1 4 WRR Weight Displays the WRR weight assigned to the queue by the user of WRR Bandwidth Indicates the amount of bandwidth assigned to the queue These values represent the of the WRR Weight configured by the user ESW 500 Se
308. red Multicast Forwarding STEP 3 Define the Unregistered Multicastfield STEP 4 Click Apply The Multicast Forward All settings are saved and the device is updated ESW 500 Series Switches Administration Guide Configuring Spanning Tree Defining STP Properties Configuring Spanning Tree The Spanning Tree Protocol STP provides tree topography for any arrangement of bridges STP also provides one path between end stations on a network eliminating loops Loops occur when alternate routes exist between hosts Loops in an extended network can cause bridges to forward traffic indefinitely resulting in increased traffic and reducing network efficiency The device supports the following Spanning Tree versions e Classic STP Provides a single path between end stations avoiding and eliminating loops e Rapid STP Detects and uses network topologies that provide faster convergence of the spanning tree without creating forwarding loops e Multiple STP Provides full connectivity for packets allocated to any VLAN Multiple STP is based on the RSTP In addition Multiple STP transmits packets assigned to different VLANs through different MST regions MST regions act as a single bridge The Spanning Tree section contains the following topics e Defining STP Properties e Defining Spanning Tree Interface Settings e Defining Rapid Spanning Tree e Defining Multiple Spanning Tree Defining STP Properties
309. rent device features Using the Management Buttons Device Management buttons and icons provide an easy method of configuring device information ESW 500 Series Switches Administration Guide 29 Getting Started Performing Common Configuration Tasks Performing Common Configuration Tasks Once the Switch Configuration Utility has been launched and you have logged into the switch these are some examples of the common configuration tasks you can perform Use the menus in the left navigation panel to choose a specific area of configuration Checking the Software Version To check the version of the software on the switch click About at the top of the page Software Version Page Small Business Pro Switch Configuration Utility Version 2 1 16 on ID Number Afiafi cisco En d Supply available in Help Menu under About Cisco Unified Personal Communicator Checking the System Information Click on Monitor amp Device Properties gt System Management gt System Information The System nformation page opens ESW 500 Series Switches Administration Guide 30 Getting Started Performing Common Configuration Tasks System Information Page cisco Switch Configuration Uff System Information System Mame TNO AP System location Synem Contaci System Object ID tS6t 409s 100 System Up Tine Odert Dhexee Parter S peconce Baso MAC Address 0020 1b te Thee Software Version toon Boot Versio
310. reviously learned MAC addresses are not deleted but are converted to a static MAC address e Max Entries Specifies the number of MAC addresses that can be learned on the port The Max Entries field is enabled only if Locked is selected in the Interface Status field In addition the Limited Dynamic Lock mode is selected The possible range is 1 128 The default is 1 e Action on Violation Indicates the action to be applied to packets arriving ona locked port The possible field values are Discard Discards packets from any unlearned source This is the default value Forward Forwards packets from an unknown source without learning the MAC address Shutdown Discards packets from any unlearned source and shuts down the port The port remains shut down until reactivated or until the device is reset e Enable Trap Enables traps when a packet is received ona locked port The possible field values are Checked Enables traps Unchecked Disables traps e Trap Frequency Displays the amount of time in seconds between traps The default value is 10 seconds STEP 3 Modify the relevant fields STEP 4 Click Apply Port security is modified and the device is updated Defining 802 1x Port based authentication enables authenticating system users ona per port basis via a external server Only authenticated and approved system users can transmit and receive data Ports are authenticated via the R
311. ries Switches Administration Guide 315 Configuring Quality of Service Defining General Settings STEP 2 STEP 3 Giga Ethernet Enables configuring traffic scheduling on GE interfaces This field heading is applicable to FE devices only The fields below are applicable to both FE and GE devices Queue Displays the queue for which the queue settings are displayed for GE interfaces The possible field range is 1 4 Strict Priority Indicates that traffic scheduling for the selected queue is based strictly on the queue priority WRR Indicates that traffic scheduling for the selected queue is based strictly on the WRR If WRR is selected on FE Devices the default WRR Weight of 1 2 4 and 8 are assigned to queues 1 2 3 and 4 respectively If WRR is selected on GE Devices the default WRR Weight of 10 10 35 and 45 are assigned to queues 1 2 3 and 4 respectively WRR Weight Displays the WRR weight assigned to the queue by the user of WRR Bandwidth Indicates the amount of bandwidth assigned to the queue These values represent the of the WRR Weight configured by the user Define the queues Click Apply The queues are defined and the device is updated Mapping CoS to Queue The Cos to Queue Page contains fields for classifying CoS settings to traffic queues ESW 500 Series Switches Administration Guide 316 Configuring Quality of Service Defining General Settings STEP
312. rlike statistics are not refreshed Frame Check Sequence FCS Errors Displays the number of FCS errors received on the selected interface Single Collision Frames Displays the number of single collision frames received on the selected interface Late Collisions Displays the number of late collision frames received on the selected interface Excessive Collisions Displays the number of excessive collision frames received on the selected interface Available on non gigabit switches only Oversize Packets Displays the number of oversized packets over 1518 octets received on the interface since the page was last refreshed Internal MAC Receive Errors Displays the number of internal MAC received errors on the selected interface Received Pause Frames Displays the number of received paused frames on the selected interface Transmitted Pause Frames Displays the number of paused frames transmitted from the selected interface Resetting Etherlike Statistics Counters Click Statistics gt Ethernet gt Etherlike The Ether like Page opens Click the Clear Counters button The interface statistics counters are cleared Viewing GVRP Statistics The GVRP Page contains statistics for GVRP communication on the device To view GVRP statistics ESW 500 Series Switches Administration Guide 401 Viewing Statistics Viewing Ethernet Statistics STEP 1 Click Statistics gt Ethernet gt GVRP T
313. rm interval time in seconds e Owner Displays the device or user that defined the alarm Define the relevant fields Click Apply The RMON alarm is added and the device is updated Modifying RMON Alarm Settings Click Statistics gt RMON Remote Management gt Alarms The AMON Alarms Page opens Click the Edit Button The Edit RMON Alarm Page opens ESW 500 Series Switches Administration Guide 421 Viewing Statistics Configuring RMON History Edit RMON Alarm Page Edit RMON Alarm Alarm Entry 1 Interface C Port 33 dc EtherChannel 91 gt Counter Hame Total Bytes Octets Receive z Counter Value Sample Type Absolute E Rising Threshold Rising Event 1 Default Description E Falling Threshold Falling Event E Startup Alarm Rising Alarm E Interval Sec Owner Apply The Edit RMON Alarm Page contains the following fields Alarm Entry Indicates the alarm entry number Interface Displays the interface port or EtherChannel for which RMON statistics are displayed The possible field values are Port Displays the RMON statistics for the selected port EtherChanne Displays the RMON statistics for the selected EtherChannel Counter Name Displays the selected MIB variable Counter Value Displays the current counter value for the particular alarm Sample Type Defines the sampling method for the selected variable and comparing the v
314. rmation e Key Management Defines key generation key updates and key use The device supports SNMP notification filters based on Object IDs OID OIDs are used by the system to manage device features SNMP v3 supports the following features ESW 500 Series Switches Administration Guide 343 Configuring SNMP Configuring SNMP Security e Security e Feature Access Control e Traps The device generates the following trap e Copy trap The SNMP section contains the following topics e Configuring SNMP Security e Defining Trap Management Configuring SNMP Security The Security section contains the following topics e Defining the SNMP Engine ID e Defining SNMP Views e Defining SNMP Users e Define SNMP Groups e Defining SNMP Communities Defining the SNMP Engine ID The Engine D Page provides information for defining the device engine ID The Engine ID must be defined before SNMPv3 is enabled Select a default Engine ID that is comprised of Enterprise number and the default MAC address Verify that the Engine ID is unique for the administrative domain This prevents two devices in a network from having the same Engine ID ESW 500 Series Switches Administration Guide 344 Configuring SNMP Configuring SNMP Security STEP 1 Click Monitor amp Device Properties gt SNMP gt Security gt Engine ID The Engine ID Page opens Engine ID Page Ajralib cisco Engine ID Local Engine ID 00 44 Hex Char
315. rnet Ports Page contains the following fields e Port Displays the port list e Test Result Displays the cable test results Possible values are No Cable Indicates that a cable is not connected to the port Open Cable indicates that a cable is connected on only one side Short Cable Indicates that a short has occurred in the cable OK Indicates that the cable passed the test e Cable Fault Distance Indicates the distance from the port where the cable error occurred e Last Update Indicates the last time the cable tests were updated e Cable Length Indicates the cable length This test can only be performed when the portis up and operating at 1 Gbps ESW 500 Series Switches Administration Guide 435 Managing Device Diagnostics Ethernet Port Testing STEP 2 Click the Test button to run the cable test A popup message appears that states The operation will shut down the tested port for a short period continue Click OK to continue or Cancel to stop the test The results of the test appear on the line associated with the port you tested Click on the Advanced button to open up the Copper Cable Extended Feature Screen Copper Cable Extended Feature Cable Status Unknown Test Result Speed 100M8 s Link Status Up Pair Distance to Faut Status CableLength Channel Polarity Pair Skew Unkenerwn length 3 6 Unienerwn langin 45 Unkenerwn langin 7 8 Unkenerwn langin The Copper Cabl
316. roup Page contains the following fields ESW 500 Series Switches Administration Guide Configuring Multicast Forwarding Defining Multicast Group e Enable Bridge Multicast Filtering Indicates if Bridge Multicast Filtering is enabled on the device Bridge Multicast Filtering can be enabled only if IGMP Snooping is enabled The possible field values are Checked Enables Multicast Filtering on the device Unchecked Disables Multicast Filtering on the device e VLAN ID Specifies the VLAN ID e Bridge Multicast Address Identifies the Multicast group MAC address e Ports Displays the Multicast Group ports status e EtherChannels Displays the Multicast Group status of all of the device s EtherChannels e Interface Displays the interface on which the Multicast service is configured e Interface Status Displays the interface status The options are as follows Static Attaches the interface to the Multicast group as static member in the Static Row The interface has joined the Multicast group statically in the Current Row Forbidden Forbidden interfaces are not included the Multicast group even if IGMP Snooping designated the interface to join a Multicast group None The interface is not part of a Multicast group STEP 2 Click the Add button The Add Multicast Group Page opens Add Multicast Group Page Add Multicast Group VLAN ID l 1 Bridge Multicast IP Addr
317. rt Enables a Subtree not included to be entered e View Type Indicates if the defined OID branch will be included or excluded in the selected SNMP view The options to select the Subtree are as follows Included Includes the defined OID branch Excluded Excludes the defined OID branch STEP 3 Define the relevant fields STEP 4 Click Apply The SNMP views are defined and the device is updated ESW 500 Series Switches Administration Guide 347 Configuring SNMP Configuring SNMP Security Defining SNMP Users The SNMP Users Page provides information for creating SNMP users and assigning SNMP access control privileges to SNMP users Groups allow network managers to assign access rights to specific device features or feature aspects STEP 1 Click Monitor amp Device Properties gt SNMP gt Security gt Users The SNMP Users Page opens SNMP Users Page shitie cisco C UserName Group tame ELogine 1 Authentication The SNMP Users Page contains the following fields e UserName Displays the user defined user name to which access control rules are applied The field range is up to 30 characters e Group Name User defined SNMP group to which the SNMP user belongs SNMP groups are defined in the SNMP Group Profile Page D NOTE Users can only be added to groups that have been provisioned with SNMPv3 e Engine ID Indicates the local remote device engine ID ESW 500 Series
318. rts have Multicast routers generating IGMP queries e Which routing protocols are forwarding packets and Multicast traffic Ports requesting to join a specific Multicast group issue an IGMP report specifying that Multicast group is accepting members This results in the creation of the Multicast filtering database Configuring IGMP Snooping requires steps involving multiple pages of the switch configuration utility Overall steps are STEP 1 Goto VLAN amp Port Settings gt Multicast gt IGMP Snooping Enabling IGMP Snooping Status STEP 2 Goto VLAN amp Port Settings gt M ulticast gt M ulticast Group Enabling Bridge Multicast Filtering STEP 3 Goto VLAN amp Port Settings gt Multicast gt Unregistered Multicast Update the applicable ports to Filtering ESW 500 Series Switches Administration Guide 262 Configuring Multicast Forwarding IGMP Snooping D NOTE In addition to the ESW500 switch configuration PIM router for example the UC500 is configured in upstream router To enable IGMP Snooping STEP 1 Click VLAN amp Port Settings gt Multicast gt IGMP Snooping The GMP Snooping Page opens IGMP Snooping Page Afiafi cisco Unabe IGMP Snooping Status D Mitouter Leave Timeout Timeout MP Hout VIAN Snooping States Times 1 Ousted 20 30 Ousted XD The GMP Snooping Page contains the following fields e Enable IGMP Snooping Status Indicates that the device monitors
319. rusted Interfaces Page opens Trusted Interfaces Page Mirali nan err cisco Switch Configuration Trusted Interfaces Poms O EtherChannels fetestace Trust Disabled Eat J Desabied Est Dadia Z3 p Diss id Eat j ES Draba hdt Desabled Eat Disabled Eat j Desadled Eat Disabled iaa The Trusted Interfaces Page contains the following fields e Ports Displays the ports which can be defined as trusted e EtherChannels Displays the EtherChannels which can be defined as trusted Trusted Interface Table e Interface Contains a list of existing interfaces e Trust Indicates whether the interface is a Trusted interface STEP 2 From the global Interface field select either Ports or EtherChannels radio button STEP 3 Inthe table select an interface and click Edit The Ed t Trusted Interface Page opens ESW 500 Series Switches Administration Guide 190 Configuring Device Security Defining DHCP Snooping STEP 4 STEP 5 Edit Trusted Interface Page Edit Trusted Interfaces Interface Pon gi O EtherChannel Trust Status Disable The Edit Trusted Interface Page contains the following field e Interface Contains a list of existing interfaces e Trust Status Indicates whether the interface is a Trusted Interface Enable interface is in trusted mode Disable nterface is in untrusted mode Define the fields Click Apply The Truste
320. s STEP 1 Click VLAN amp Port Settings gt Port Management gt Port Settings The Port Settings Page opens STEP 2 Clicka specific entry s Edit button The Edit Port Page opens Edit Port Page Port Description Port Type Admin Status Cumrent Port Status Reactivate Suspended Port Operational Status Admin Speed Cw ent Port Speed Admin Duplex Cw enmt Duplex Mode Auto tlegotiation Cw em Auto Hegotiation Admin Advertisement Curent Advertisement Neighbor Advertisement Admin Back Pressure Cunt em Back Pressure Admin Flow Control Cunt ent Flow Cont ol Admin MDL MDX Current MDIMDIX Ether Channel PVE Edit Port gi 1000M copper Up v Down Acta Enable Max Capability 10 Half 10 Full 100 Half 100 Full 1000 Full Unknown Unknown Disable AUTO None The Edit Port Page contains the following fields Port Displays the port number Description Use this field to optionally define a name for the port Port Type Displays the port type The possible field values are ESW 500 Series Switches Administration Guide Configuring Ports Port Settings 100M Copper 1000M Copper copper cable 1000M ComboC combo port with copper cable 3 1000M ComboF combo port with optic fiber cable 1000M FiberOptics Indicates the port has a fiber optic port connection Admin Status Indicates whether the port is currently operational or n
321. s Capabilities Indicates the device capabilities advertised by the neighboring devices The possible field values are R Router T Trans Bridge B Source Route Bridge S Switch H Host I IGMP r Repeater P Phone D Remote C CVTA M Two port MAC Relay Platform Indicates product name and model number of the neighboring device Port ID Indicates the neighboring device s port from which the CDP packet was sent Select Enab e in the CDP Status field to enable the Cisco Discovery Protocol on the device Define a VLAN ID to be advertised by the device in the Voice VLAN field Click Apply CDP is enabled and the device is updated To view additional neighboring device CDP information ESW 500 Series Switches Administration Guide 371 Configuring SNMP Managing Cisco Discovery Protocol STEP 1 Click Monitor amp Device Properties gt CDP The CDP Page opens STEP 2 Click Details The CDP Neighbor Details Page opens CDP Neighbor Details Page Neighbors Details Device ID 00211 bfe7458 Advertisement Version 2 IP Address 192 168 10 82 Platform ESW 540 24P Capabilities SID Interface g1 Port ID outgoing port g24 Time To Live 140 sec Version 1 0 0 16 In addition to the fields in the CDP Page the CDP Neighbor Details Page contains the following additional fields e IP Address Indicates the address TLV advertised by the neig
322. s Modifying VLAN Membership Click VLAN amp Port Settings gt VLAN Management gt Port to VLAN The Portto VLAN Page opens Click the Edit button The Edit Interface Status Page opens ESW 500 Series Switches Administration Guide 224 Configuring VLANs Defining VLAN Properties Edit Interface Status Page Edit Interface Status VLAN ID VLAN Name Interface Interface Status Tagged Type Dynamic Static Apply The Edit Interface Status Page contains the following fields e VLAN ID Displays the VLAN ID e VLAN Name Displays the VLAN name e Interface Defines the port or EtherChannel attached to the VLAN e Interface Status Defines the current interface s membership status in the VLAN The possible field values are Untagged Indicates the interface is an untagged VLAN member Packets forwarded by the interface are untagged Tagged Indicates the interface is a tagged member of a VLAN AIl packets forwarded by the interface are tagged The packets contain VLAN information Exclude Excludes the interface from the VLAN However the interface can be added to the VLAN through GARP Forbidden Denies the interface VLAN membership even if GARP indicates the port is to be added e Type Indicates the VLAN type Dynamic indicates the VLAN was dynamically created through GARP Static indicates the VLAN is user defined STEP 5 Define the relevant fields
323. s after requesting to leave the IGMP group and not receiving a J oin message from another station before timing out If a Leave Timeout occurs the switch notifies the Multicast device to stop sending traffic The Leave Timeout value is either user defined or an Immediate Leave value The default timeout is 10 seconds STEP 3 Define the relevant fields ESW 500 Series Switches Administration Guide 265 Configuring Multicast Forwarding Defining Multicast Group STEP 4 Click Apply The IGMP Snooping Parameters are modified and the device is updated Defining Multicast Group The Multicast Group Page displays the ports and EtherChannels that are members of Multicast service groups The Port and EtherChannel tables also reflect the manner in which the port or EtherC hannels joined the Multicast group Ports canbe added either to existing groups or to new Multicast service groups The Multicast Group Page permits new Multicast service groups to be created The Multicast Group Page also assigns ports to a specific Multicast service address group To define Multicast group STEP 1 Click VLAN amp Port Settings gt Multicast gt Multicast Group The Multicast Group Page opens Multicast Group Page thiol cisco opts Dasto esw Multicast Group Enable Bridge Mutticast Filtering VLAN 10 I Bridge Mutticast Address v _ Osse j Aaa Ports EtherChannels tmtestace lntertoce Status 193645 The Multicast G
324. s 0 15 400 Power Consumption mW Indicates the amount of power in milliwatts assigned to the powered device connected to the selected interface Devices are classified by the powered device and the classification information used STEP 2 Click the Edit button The Edit PoE Settings Page opens Edit PoE Settings Page Edit PoE Settings Port Fnahie PoF Power Priority Level Powe Allocation Power Consumption Overload Counter Short sunter Denied Counter Absent Courter ineeld Signature Counter 0 The Edit PoE Settings Page contains the following fields Port Indicates the specific interface for which PoE parameters are defined and assigned to the powered interface connected to the selected port Enable PoE Enables or disables PoE on the port The possible values are Checked Enables PoE on the port This is the default setting Unchecked Disables PoE on the port e Power Priority Level Determines the port priority if the power supply is low The field default is low For example if the power supply is running at 99 usage and port 1 is prioritized as high but port 3 is prioritized as low port 1 is prioritized to receive power and port 3 may be denied power The possible field values are ESW 500 Series Switches Administration Guide Managing Power over Ethernet Devices Defining PoE Settings STEP 3 STEP 4 Low Defines the PoE priority level as low Hig
325. s Page opens ESW 500 Series Switches Administration Guide 89 Managing Smart Ports Configuring Smart ports for Servers Smart ports Server Settings Page Server 9 Ports e8 VLAN Port Mode Access Trunk Native VLAN ID fa Port Security Mode Dynamic Lock Max MAC Addresses 3 Port Security Action Discard Violation Trap Every 60 Sec Broadcast Storm Control 10 Spanning Tree Port Fast Enabled Spanning Tree BPDU Guard Enabled QoS Policy general map Macro Description Server The Smart ports Server Settings Page contains the following fields Ports Indicates the port to which Smart ports Wizard settings are applied VLAN Port Mode Indicates the VLAN port mode enabled on the port The value is Access Indicates the value is Access Trunk Native VLAN ID Indicates the VLAN to which the port belongs The default is VLAN 1 the user can change this VLAN by selecting one of the created VLANs via the drop down list Port Security Mode Defines the locked port type The field value is Dynamic Lock Max MAC Addresses Indicates the maximum number of MAC addresses that can be learned on the port A maximum of three MAC addresses can be learned on the port Port Security Action Indicates the action applied to packets arriving ona locked port The value is Discard Discards packets from any unlearned source This is the default value Violation Trap Every Indicates th
326. s are displayed e Class Map Displays the class map for which the statistics are displayed e In Profile Bytes Displays the total number in profile bytes received on the interface e Out of Profile Bytes Displays the total number out profile bytes received on the interface e Clear Counters Clicking this button will open a pop up window that informs you This will clear all statistics counters would you like to proceed You have the option of clicking OK to continue or Cancel to go back STEP 2 Click the Add button The Add Policer Statistics Page opens ESW 500 Series Switches Administration Guide 303 Configuring Quality of Service Managing QoS Statistics STEP 3 STEP 4 Add Policer Statistics Interface Port et O EtherChannel Policy Neme vorce map w Claes Map Harno VolP data class v Apply The Add Policer Statistics Page contains the following fields e Interface Select either the Port or EtherChannel radio button to select the interface e Policy Name Select the policy Name from the pull down list e Class Map Name Select the Class Map Name from the pull down list Define the relevant fields Click Apply The Policer Statistics is defined and the device is updated Add Aggregated Policer Statistics The Aggregated Policer Statistics Page indicates the amount of in profile and out of profile packets that are received per aggregate policer name To ad
327. s in both 24 and 48 port configurations with PoE and non PoE options The ESW 500 series also includes two 8 port PoE switches in Fast Ethernet and GigE models The switch models covered in this guide are ESW 500 Series Switch Port Configuration ESW 520 8P 8 Port 10 100 PoE ESW 540 8P 8 Port 10 100 1000 PoE ESW 520 24 24 Port 10 100 ESW 520 24P 24 Port 10 100 PoE ESW 520 48 48 Port 10 100 ESW 520 48P 48 Port 10 100 PoE ESW 540 24 24 Port 10 100 1000 ESW 540 24P 24 Port 10 100 1000 PoE ESW 540 48 48 Port 10 100 1000 This section provides information about the different methods to connect to the switch as well as some examples of a typical installation It also provides an introduction to the user interface and includes the following e Typical Installation Methods page 13 e Connecting to the Switch page 17 Using the Default Static IP Address page 17 Using a Dynamic IP Address Allocated to the Switch By DHCP page 22 Using the Cisco Configuration Assistant CCA page 24 e Navigating The Cisco Switch Configuration Utility page 29 ESW 500 Series Switches Administration Guide 12 Getting Started Typical Installation Methods e Performing Common Configuration Tasks page 30 e Using The Switch Console Port page 48 Typical Installation Methods The first step in any installation scenario is to connect to the switch and configure basic connectivity to ensure it communicates
328. s point Configurable VLAN Guest e Configured fora guest in a company where the user would need to be restricted to specific applications Server e Configured for optimal connection to a server Printer e Configured for optimal connection to a printer VS Camera e Configured for optimal connection to a Video Surveillance Camera Other e An Other Smartports role allows for flexible connectivity of non specified devices Configurable VLAN No security No QoS policy Smartport Roles Default Smartport Roles applied to the individual ports for each type of device are as follows Layer 2 Switch Ports Uplink Ports ESW 500 Desktop IP Phone SwitchSmartport Series Smartport Role Desktop Role Smartport Role ESW 520 8P 1 8 G1 ESW 540 8P 1 8 G1 ESW 520 24 1 24 G1 G4 ESW 520 24P 1 24 G1 G4 ESW 520 48 1 48 G1 G4 ESW 520 48P 1 48 G1 G4 ESW 540 24 1 10 13 22 11 12 23 24 ESW 540 24P 1 10 13 22 11 12 23 24 ESW 540 48 1 22 25 46 23 24 47 48 ESW 500 Series Switches Administration Guide 34 Getting Started Performing Common Configuration Tasks D NOTE The G inthe port tables denotes 10 100 1000 Gigabit copper or GBIC ports on the ESW520 series switches and denotes the single G1 interface on the 8 port versions of the switch The following steps show one example of using the Smart Ports Setting Wizard to configure access points
329. s with this access profile can access the device using the management method selected The possible field values are All Assigns all management methods to the rule TJelnet Assigns Telnet access to the rule If selected users accessing the device using Telnet meeting access profile criteria are permitted or denied access to the device SNMP Assigns SNMP access to the rule If selected users accessing the device using SNMP meeting access profile criteria are permitted or denied access to the device ESW 500 Series Switches Administration Guide 134 Configuring Device Security Defining Access Methods STEP 3 STEP 4 STEP 1 STEP 2 HTTP Assigns HTTP access to the rule If selected users accessing the device using HTTP meeting access profile criteria are permitted or denied access to the device Secure HTTP SSL Assigns HTTPS access to the rule If selected users accessing the device using HTTPS meeting access profile criteria are permitted or denied access to the device Secure Telnet SSH Assigns SSH access to the rule If selected users accessing the device using Telnet meeting access profile criteria are permitted or denied access to the device e Interface Defines the interface on which the access profile is defined The possible field values are Port Specifies the port on which the access profile is defined EtherChanne Specifies the EtherChannel on whic
330. sages to the RADIUS server The accounting port default is 1813 Number of Retries Defines the number of transmitted requests sent to RADIUS server before a failure occurs The possible field values are 1 10 Three is the default value Timeout for Reply Defines the amount of the time in seconds the device waits for an answer from the RADIUS server before retrying the query or Switching to the next server The possible field values are 1 30 Three is the default value ESW 500 Series Switches Administration Guide 123 Configuring Device Security Defining Authentication e Dead Time Defines the amount of time minutes thata RADIUS server is bypassed for service requests The range is 0 2000 The Dead Time default is 0 minutes e Key String Defines the default key string used for authenticating and encrypting all RADIUS communications between the device and the RADIUS server This key must match the RADIUS encryption e Usage Type Specifies the RADIUS server authentication type The default value is Login The possible field values are Login indicates that the RADIUS server is used for authenticating user name and passwords 8021X indicates that the RADIUS server is used for 8021X authentication All Indicates that the RADIUS server is used for authenticating user name and passwords and 8021X port authentication STEP 2 Click the Add button The Add RADIUS Server Pag
331. sed when a host tries to use the IP address of its neighbor e DHCP snooping must be enabled on the device s untrusted interfaces and on the relevant VLAN in order to activate the IP source guard feature e IP Source Guard must be enabled globally in the P Source Guard Properties Page before it can be enabled on the device interfaces e IP Source Guard uses Ternary Content Addressable Memory TCAM resources requiring use of 1 TCAM rule per 1 IP Source Guard address entry If the number of IP Source Guard entries exceeds the number of available TCAM rules new IP source guard addresses remain inactive e IP Source Guard cannot be configured on routed ports e If IP Source Guard and MAC address filtering is enabled ona port Port Security cannot be activated on the same port e Ifa portis trusted filtering of static IP addresses can be configured although IP Source Guard is not active in that condition e If aport s status changes from untrusted to trusted the static IP address filtering entries remain but become inactive The IP Source Guard section contains the following topics e Configuring IP Source Guard Properties e Defining IP Source Guard Interface Settings e Querying the IP Source Binding Database Configuring IP Source Guard Properties The P Source Guard Properties Page allows network managers to enable the use of IP Source Guard on the device IP Source Guard must be enabled for the device before itcan be enable
332. ss Mode Displays the access rights of the community e View Name Displays the SNMP view The SNMP Communities Advanced Table area contains the following fields ESW 500 Series Switches Administration Guide 356 Configuring SNMP Configuring SNMP Security STEP 2 e Management Station Displays the management station IP address for which the Advanced SNMP community is defined e Community String Displays the password used to authenticate the management station to the device e Group Name Displays advanced SNMP communities group name Click the Add button The Add SNMP Community Page opens Add SNMP Community Page Add SNMP Community SNMP Management Station All 0 0 0 0 Community String Basic Access Mode ReadOnly O ViewName Advanced Group Name The Add SNMP Community Page allows network managers to define and configure new SNMP communities The Add SNMP Community Page contains the following fields e SNMP Management Station Defines the management station IP address for which the SNMP community is defined There are two definition options Define the management station IP address All which includes all management station IP addresses e Community String Defines the password used to authenticate the management station to the device Configure either the Basic Mode or the Advanced Mode e Basic Enables SNMP Basic mode for a selected community and contai
333. station IP address for which the SNMP community is defined ESW 500 Series Switches Administration Guide 358 Configuring SNMP Defining Trap Management e Community String Defines the password used to authenticate the management station to the device Configure either the Basic Mode or the Advanced Mode e Basic Enables SNMP Basic mode for a selected community and contains the following fields e Access Mode Defines the access rights of the community The possible field values are Read Only Management access is restricted to read only and changes cannot be made to the community Read Write Management access is read write and changes can be made to the device configuration but not to the community SNMP Admin User has access to all device configuration options as well as permissions to modify the community e View Name Contains a list of user defined SNMP views e Advanced Enables SNMP Advanced mode for a selected community and contains the following fields Group Name Defines advanced SNMP communities group names STEP 3 Define the relevant fields STEP 4 Click Apply The SNMP Community settings are defined and the device is updated Defining Trap Management This section contains the following topics e Defining Trap Settings e Configuring Station Management e Defining SNMP Filter Settings Defining Trap Settings The Trap Settings Page contains parameters f
334. stem Time The System Time Page contains fields for defining system time parameters for both the local hardware clock and the external SNTP clock If the system time is kept using an external SNTP clock and the external SNTP clock fails the system time reverts to the local hardware clock Daylight Savings Time can be enabled on the device To define system time ESW 500 Series Switches Administration Guide 99 Configuring System Time Defining System Time STEP 1 Click Monitor amp Device Properties gt System Management gt Time gt System Time The System Time Page opens System Time Page Glock Sowce Local Senings Date Local Time Time Zene Otteet omt D Daylight Sacing usa fucpean ove Time Set Ofset f ir roman perme re owm ets tee tte tee ott ane 199445 The System Time Page contains the following fields e Clock Source Indicates the source used to set the system clock The possible field values Use Local Settings The system time is set on the local device This is the default value Use SNTP Server Sets the system time via an SNTP server e Date Indicates the system date The field format is DD MMM YY for example 12 Dec 08 e Local Time Indicates the system time The field format is HH MM SS for example 21 15 03 e Time Zone Offset Indicates the difference between Greenwich Mean Time GMT and local time For example the Time Zone Offset f
335. steps Use the Right arrow key to highlight Edit then press Enter The IP v4 Address field should be highlighted Using the arrow keys to navigate around the window and the enter key to apply changes modify the IP v4 Address Subnet mask and Default Gateway Change the DHCP Client field to be Disable by pressing the space bar Press the ESC key press the right arrow to highlight Save and press Enter to save all changes ESW 500 Series Switches Administration Guide 51 Managing Device Information Understanding the Dashboards Managing Device Information This section provides information for defining both basic and advanced system information This section contains the following topics Understanding the Dashboards Defining System Information Viewing Device Health Managing Cisco Discovery Protocol Defining the Bonjour Discovery Protocol TCAM Utilization Understanding the Dashboards The System Dashboard page is the main window and contains links for configuring ports viewing device health information common device tasks and viewing online help Ports Includes Smartports Wizard and VLAN Configuration Health and Monitoring Includes System Information Health and SPAN Port Mirroring Common Tasks Includes PoE Settings PoE switches only Restart Reset and Save Configuration Help Includes online Device Help and More help at Cisco com To open the System Dashboard Page Click
336. stics e Leave All Displays the device GVRP Leave all statistics The GVRP Error Statistics Table contains the following fields e Invalid Protocol ID Displays the device GVRP Invalid Protocol ID statistics e Invalid Attribute Type Displays the device GVRP Invalid Attribute ID Statistics e Invalid Attribute Value Displays the device GVRP Invalid Attribute Value Statistics e Invalid Attribute Length Displays the device GVRP Invalid Attribute Length Statistics e Invalid Event Displays the device GVRP Invalid Events statistics Resetting GVRP Statistics Counters Click Statistics gt Ethernet gt GVRP The GVRP Page opens Click Clear Counters The GVRP statistics counters are cleared Viewing EAP Statistics The EAP Page contains information about EAP packets received ona specific port ESW 500 Series Switches Administration Guide 403 Viewing Statistics Viewing Ethernet Statistics To view the EAP Statistics STEP 1 Click Statistics gt Ethernet gt EAP The EAP Page opens EAP Page ltali cisco Pon Reiresh Rate Arres Frames Received Frames Tramemitied Start Frames Received Leg off Frames Received Respond ID Frames Received Respond Frames Recetved Request ID Frames Tramenined O Request Frames Transmitted invalid Frames Recehved Length Giver Frames Received 0 Last Frame Version Lant Frame Source The EAP Page contains the following fields e Port Ind
337. t Defines the TCP UDP source port to which the ACE is matched This field is active only if 800 6 TCP or 800 17 UDP are selected in the Select from List drop down list The possible field range is 0 65535 Destination Port Defines the TCP UDP destination port This field is active only if 800 6 TCP or 800 17 UDP are selected in the Select from List drop down list The possible field range is 0 65535 TCP Flags Filters packets by TCP EtherChannel Filtered packets are either forwarded or dropped Filtering packets by TCP EtherChannels increases packet control which increases network security ICMP Indicates if ICMP packets are permitted on the network The possible field values are as follows ESW 500 Series Switches Administration Guide 175 Configuring Device Security Defining Access Control e ICMP Code Indicates and ICMP message code for filtering ICMP packets ICMP packets that are filtered by ICMP message type canalso be filtered by the ICMP message code e IGMP Filters packets by IGMP message or message types e Source P Address Matches the source port IP address from which packets are addressed to the ACE Wildcard Mask Defines the source IP address wildcard mask Wildcard masks specify which bits are used and which bits are ignored A wild card mask of 255 255 255 255 indicates that no bit is important A wildcard of 0 0 0 0 indicates that all the bits are important For example
338. t C tetesface Protocol Geoup ID VLAN IO The Protocol Port Page contains the following fields e Interface Port or EtherChannel number added to a protocol group e Protocol Group ID Protocol group ID to which the interface is added Protocol group IDs are defined in the Protocol Group Table e VLAN ID Attaches the interface to a user defined VLAN ID Protocol ports can either be attached to a VLAN ID ora VLAN name STEP 2 Click the Add Button The Add Protocol Port to VLAN Page opens The Add Protocol Port to VLAN Page provides parameters for adding protocol port configurations ESW 500 Series Switches Administration Guide 239 Configuring VLANs Defining a Protocol Port Add Protocol Port to VLAN Page Add Protocol Port to VLAN Interface Port gi O EtherChannel Group 1D v VLAN ID vLAN Name The Add Protocol Port to VLAN Page contains the following fields Interface Port or EtherChannel number added to a protocol group Group ID Protocol group ID to which the interface is added Protocol group IDs are defined in the Protocol Group Table VLAN ID Attaches the interface to a user defined VLAN ID VLAN Name Attaches the interface to a user defined VLAN Name STEP 3 Define the relevant fields STEP 4 Click Apply The protocol ports are mapped to VLANs and the device is updated ESW 500 Series Switches Administration Guide 240 Configuring IP Informat
339. t Security Mode Dynamic Lock Max MAC Addresses 3 Port Security Action Discard Violation Trap Every 60 Sec Broadcast Storm Control 10 Spanning Tree Port Fast Enabled Spanning Tree BPDU Guard Enabled QoS Policy video surveillance map Macro Description VSCamera ie avo The Smart ports Server Settings Page contains the following fields Ports Indicates the port to which Smart ports Wizard settings are applied VLAN Port Mode Indicates the VLAN port mode enabled on the port The value is Access Indicates the value is Access Trunk Native VLAN ID Indicates the VLAN to which the port belongs The default is VLAN 1 the user can change this VLAN by selecting one of the created VLANs via the drop down list Port Security Mode Defines the locked port type The field value is Dynamic Lock Max MAC Addresses Indicates the maximum number of MAC addresses that can be learned on the port A maximum of three MAC addresses can be learned on the port Port Security Action Indicates the action applied to packets arriving ona locked port The value is Discard Discards packets from any unlearned source This is the default value Violation Trap Every Indicates that traps are sent every 60 seconds Broadcast Storm Control Indicates the percentage of Broadcast Storm Control enabled on the port The value is 10 of the port speed ESW 500 Series Switches Administration Guide 95
340. t refreshed CRC amp Align Errors Displays the number of CRC and Align errors that have occurred on the interface since the page was last refreshed Undersize Packets Displays the number of undersized packets less than 64 octets received on the interface since the page was last refreshed Oversize Packets Displays the number of oversized packets over 1518 octets received on the interface since the page was last refreshed Fragments Displays the number of fragments packets with less than 64 octets excluding framing bits but including FCS octets received on the interface since the page was last refreshed J abbers Displays the total number of received packets that were longer than 1518 octets This number excludes frame bits but includes FCS octets that had either a bad Frame Check Sequence FCS with an integral number of octets FCS Error ora bad FCS with a non integral octet Alignment Error number The field range to detect jabbers is between 20 ms and 150 ms ESW 500 Series Switches Administration Guide 407 Viewing Statistics Configuring RMON History STEP 2 STEP 1 STEP 2 e Collisions Displays the number of collisions received on the interface since the page was last refreshed e Frames of xx Bytes Number of frames containing the specified number of bytes that were received on the interface since the page was last refreshed Select either Portor EtherChanne The RMON statist
341. t samplings are taken from the ports The field range is 1 3600 The default is 1800 seconds equal to 30 minutes Sampling Requested Displays the number of samples to be saved The field range is 1 65535 The default value is 50 Current Number of Samples Displays the current number of samples taken Owner Displays the RMON station or user that requested the RMON information The field range is 0 20 characters STEP 3 Click the Add button The Add RMON History Page opens ESW 500 Series Switches Administration Guide 409 Viewing Statistics Configuring RMON History STEP 4 STEP 5 STEP 1 Add RMON History Page Add RMON History Hew History Entry 2 Source interface Pon gi EtherChannel Owner Max No of SamplestoKeep 50 Sampling Interval 1000 Apply The Add RMON History Page contains the following fields New History Entry Number automatically assigned to the table entry number Source Interface Select the interface port or EtherChannel from which the history samples will be taken The possible field values are Ports Specifies the port from which the RMON information is taken EtherChanne Specifies the EtherChannel from which the RMON information is taken Owner Displays the RMON station or user that requested the RMON information The field range is 0 20 characters Max No of Samples to Keep Indicates the number of samples to save Sampling
342. tached to the rule The possible field values are Permit Permits access to the device Deny Denies access to the device This is the default STEP 3 Define the relevant fields STEP 4 Click Apply The access profile is added and the device is updated Defining Profile Rules Access profiles can contain up to 128 rules that determine which users can manage the switch module and by which methods Users can also be blocked from accessing the device Rules are composed of filters including ESW 500 Series Switches Administration Guide 131 Configuring Device Security Defining Access Methods e Rule Priority e Interface e Management Method e IP Address e Prefix Length e Forwarding Action To define profile rules STEP 1 Click Security gt Access Method gt Profile Rules The Profile Rules Page opens Profile Rules Page throttles eA iy cisco Switch Configi i Profile Rules Access Profile Name Corso Ow m Management Sowce C Pilority tmertace Method IP Abiron a 193465 The Profile Rules Page contains the following fields e Access Profile Name Displays the access profile to which the rule is attached e Priority Defines the rule priority When the packet is matched to a rule user groups are either granted permission or denied device management access The rule number is essential to matching packets to rules as packets are matched on a first fit basis ESW 500 Ser
343. tains a list of VLANs The Guest VLAN is selected from the VLAN list STEP 2 Define the relevant fields STEP 3 Click Apply The 8021X properties are defined and the device is updated Defining Port Authentication The 8021X Port Authentication Page provides parameters for defining 8021X on ports ESW 500 Series Switches Administration Guide 149 Configuring Device Security Defining 8021x STEP 1 Click Security gt 8021X gt Port Authentication The 802 1X Port Authentication Page opens 802 1X Port Authentication Page etleenlte cisco L Synem Dashtosd ES 0 Mostar Dece Prpatesi POT Authentication Copy fom Entry Nember te Entry Numberg User Current Guest Authentication Periodic Reauthentication Asthenticatot Oule State Post Name Pon Contei VLAN Method Reawthentication Patted Disable G2 10 Orly Des able 0 initialize Dreatle 80D 1s Or Dee atte 3600 Drestle HD 1s On Create Cisatle 002 te On Disate Orsatie G02 te Only Orsatie Cesathe Or Dis atie Disable 2 15 Ori Orsatie Disabie O02 te On Disatie Dsatie Orly Disate OCisable G02 1s Or Cesathe Dsadie On Oisatie 1853473 The 8021X Port Authentication Page contains the following fields e Copy From Entry Number Copies the port authentication configuration from the specified table entry e To Entry Number s Assigns the copied port authentication configuration to the specified table entry e Port Displays the
344. tches Administration Guide 321 Configuring Quality of Service Defining General Settings For FE ports the rate is 62 100 000 Kbps For GE ports the rate is 62 1 000 000 Kbps STEP 4 Modify the relevant fields STEP 5 Click Apply The bandwidth settings are modified and the device is updated Configuring VLAN Rate Limit Rate limiting per VLAN allows network administrators to limit traffic on VLANs Rate limiting is calculated separately for each packet processor in a unit QoS rate limiting has priority over VLAN rate limiting For example if a packet is subject to QoS rate limits but is also subject to VLAN rate limiting and the rate limits conflict the QoS rate limits take precedence To define the VLAN Rate Limit STEP 1 Click Quality of Service gt General gt VLAN Rate Limit The VLAN Rate Limit Page opens VLAN Rate Limit Page othectle cisco Switch Configuration Util The VLAN Rate Limit Page contains the following fields ESW 500 Series Switches Administration Guide 322 Configuring Quality of Service Defining General Settings e VLAN Indicates the VLAN on which the Rate Limit is applied e Rate Limit Defines the maximum rate CIR in kbits per second bps that forwarding traffic is permitted in the VLAN e Burst Size Defines the maximum burst size CbS in bytes that forwarding traffic is permitted through the VLAN STEP 2 Click the Add button The Add VLAN Rate L
345. ted dynamic lock previously learned MAC addresses are not deleted but are converted to a static MAC address e Max Entries Specifies the number of MAC addresses that can be learned on the port The Max Entries field is enabled only if Locked is selected in the Interface Status field In addition the Limited Dynamic Lock mode is selected The possible range is 1 128 The default is 1 e Action Indicates the action to be applied to packets arriving on a locked port The possible field values are Discard Discards packets from any unlearned source This is the default value Forward Forwards packets from an unknown source without learning the MAC address Shutdown Discards packets from any unlearned source and shuts down the port The port remains shut down until reactivated or until the device is reset e Trap Enables traps when a packet is received ona locked port The possible field values are Enable Enables traps Disable Disables traps e Trap Frequency Sec Displays the amount of time in seconds between traps The default value is 10 seconds STEP 2 Define the relevant fields STEP 3 Click Apply Port security is defined and the device is updated ESW 500 Series Switches Administration Guide 144 Configuring Device Security Defining Traffic Control Modifying Port Security STEP 1 Click Security gt Traffic Control gt Port Security The Port Sec
346. tem Logs Viewing the Device Memory Logs Debug Provides detailed information about the log If a Debug error occurs contact Customer Tech Support e Memory Logs The selected Severity types will appear in chronological order in all system logs that are saved in RAM Cache After restart these logs are deleted e Flash Logs The selected Severity types will be sent to the Logging file kept in FLASH memory After restart this log is not deleted STEP 2 Define the relevant fields STEP 3 Click Apply The global log parameters are set and the device is updated Viewing the Device Memory Logs The System Messages Memory Page contains all system log entries in chronological order that are saved in RAM Cache After restart these log entries are deleted To open the System Messages Memory Page ESW 500 Series Switches Administration Guide 388 Managing System Logs Viewing the Device Memory Logs STEP 1 Click Maintenance gt System Logging gt System Messages Memory The System Messages Memory Page opens System Messages Memory Page cisco Switch Config System Messages Memory Logindex Log Time 27 IIMS 2147 E IOE 21713558 2179 2147 2s 1 2147 68672 2I A57 217857 247 476 2147 485576 23474677 214748578 1 1 1 t 1 1 244783570 12 t 1 1 1 1 1 1 1 MeD 1422335 2 Mare 13 56 20 DMa 2009 1356 20 DMD 1344 2 Mor 2008 1354 51 My 208 1254 31 M 2009 13
347. teria are permitted or denied access to the device ESW 500 Series Switches Administration Guide 130 Configuring Device Security Defining Access Methods HTTP Assigns HTTP access to the rule If selected users accessing the device using HTTP meeting access profile criteria are permitted or denied access to the device Secure HTTP HTTPS Assigns HTTPS access to the rule If selected users accessing the device using HTTPS meeting access profile criteria are permitted or denied access to the device SNMP Assigns SNMP access to the rule If selected users accessing the device using SNMP meeting access profile criteria are permitted or denied access to the device e Interface Defines the interface on which the access profile is defined The possible field values are Port Specifies the port on which the access profile is defined EtherChanne Specifies the EtherChannel on which the access profile is defined VLAN Specifies the VLAN on which the access profile is defined e Source IP Address Defines the interface source IP address to which the access profile applies The Source IP Address field is valid for a subnetwork e Network Mask Determines what subnet the source IP Address belongs to in the network e Prefix Length Defines the number of bits that comprise the source IP address prefix or the network mask of the source IP address e Action Defines the action at
348. teria are permitted or denied access to the device e Source IP Address Defines the interface source IP address to which the rule applies e Prefix Length Defines the number of bits that comprise the source IP address prefix or the network mask of the source IP address e Action Defines the action attached to the rule The possible field values are Permit Permits access to the device Deny Denies access to the device This is the default STEP 2 Click the Add button The Add Profile Rule Page opens ESW 500 Series Switches Administration Guide 133 Configuring Device Security Defining Access Methods Add Profile Rule Page Add Profile Rule Access Profile llame Ovlault Rule Priority Managemem Method All v litertace Port EtherChannel VLAN Network Mask C Source IP Addi ens Ty Prefix Length Action The Add Profile Rule Page contains the following fields e Access Profile Name Defines the access profile name The access profile name can contain up to 32 characters e Rule Priority Defines the rule priority When the packet is matched to a rule user groups are either granted permission or denied device management access The rule number is essential to matching packets to rules as packets are matched on a first fit basis The rule priorities are assigned in the Profile Rules Page e Management Method Defines the management method for which the rule is defined User
349. the Add button The Add Static MAC Address Page opens Add Static MAC Address Page Add Static MAC Address interface Port g C amp therChannel MAC Address vianio 1 O VLAN Name Status Permanent The Add Static MAC Address Page contains the following fields e Interface Defines the interface to which the entry refers Port The specific port number to which the forwarding database parameters refer EtherChanne The specific EtherChannel number to which the forwarding database parameters refer e MAC Address Defines the MAC address to which the entry refers e VLAN ID Defines the VLAN ID number to which the entry refers e VLAN Name Defines the VLAN name to which the entry refers e Status Defines how the entry is created The possible field values are Permanent The MAC address is permanent Delete on Reset The MAC address is deleted when the device is reset Delete on Timeout The MAC address is deleted when a timeout occurs Secure The MAC Address is defined for locked ports ESW 500 Series Switches Administration Guide Defining Address Tables Defining Dynamic Addresses STEP 3 Define the relevant fields STEP 4 Click Apply The Static MAC Address is added and the device is updated Defining Dynamic Addresses The Dynamic Address Table contains the MAC addresses learned by monitoring the source address for traffic entering the switch When the
350. the CDP Neighbors Details Page contains the following additional fields e Device ID Indicates the name of the neighbor device and either the MAC address or the serial number of the device ESW 500 Series Switches Administration Guide 67 Managing Device Information Defining the Bonjour Discovery Protocol e Advertisement Version Indicates the CDP version advertised by the neighboring device e Native VLAN Defines the ID number of the VLAN on the neighbor device e Duplex Displays the duplex state of connection between the current device and the neighbor device The possible field values are Full indicates that the interface supports transmission between the device and the client in both directions simultaneously Half indicates that the interface supports transmission between the device and the client in only one direction at a time e IP Address Indicates the IP address advertised by the neighboring device e Platform Indicates the product name and number of the neighboring device e Capabilities Indicates the device type of the neighbor This device can be a router a bridge a transparent bridge a source routing bridge a switch a host an IGMP device or a repeater e Interface Indicates the protocol and port number of the port on the current device e PortID outgoing port Indicates the neighboring device s port from which the CDP packet was sent e Time to Live
351. the device forwards or rejects packets that include Option 82 information while DHCP Snooping is enabled Checked Device forwards packets containing Option 82 information Unchecked Device rejects packets containing Option 82 information e Verify MAC Address Indicates if the MAC address is verified The possible field values are ESW 500 Series Switches Administration Guide 187 Configuring Device Security Defining DHCP Snooping Checked Verifies on an untrusted port that the source MAC address of the Layer 2 header matches the client hardware address as appears in the DHCP Header part of the payload Unchecked Disables verifying that the source MAC address of the Layer 2 header matches the client hardware address as appears in the DHCP Header This is the default value e Backup Database Indicates if the DHCP Snooping Database learning and update is enabled All changes to the binding storage file are implemented only if the device s system clock is synchronized with the SNTP Server The possible field values are Checked Enables backing up of the allotted IP address in the DHCP Snooping Database Unchecked Disables backing up to the allotted IP address in the DHCP Snooping Database This is the default value e Database Update Interval Indicates how often the DHCP Snooping Database is backed up The possible field range is 600 86400 seconds The field default is 1200 s
352. the entry s checkbox and click the delete button STEP 2 Click the Add button The Add Martian Addresses Page opens ESW 500 Series Switches Administration Guide 184 Configuring Device Security Defining DHCP Snooping Add Martian Addresses Page Add Martian Addresses IP Address wooo New IP Address Mask Prefix Length The Add Martian Addresses Page contains the following fields e P Address Enter the Martian IP addresses for which DoS attack is enabled The possible values are One of the addresses in the Martian IP address list New IP Address Enter an IP Address that is not on the list e Mask Enter the Mask for which DoS attack is enabled e Prefix Length Defines the IP route prefix for the destination IP STEP 3 Define the relevant fields STEP 4 Click Apply The martian addresses are added and the device is updated Defining DHCP Snooping DHCP Snooping enables network administrators to differentiate between trusted interfaces connected to the DHCP servers and untrusted interfaces connected to a DHCP client DHCP Snooping filters untrusted messages DHCP Snooping creates and maintains a DHCP Snooping Table which contains information received from untrusted packets Interfaces are untrusted if the packet is received from an interface from outside the network or from a interface beyond the network firewall Trusted interfaces receive packets only from within the network or t
353. the number of seconds that the switch remains in the quiet state following a failed authentication exchange Range 0 65535 Resending EAP Specifies the number of seconds that the switch waits fora response to an EAP request identity frame from the supplicant client before resending the request Max EAP Requests Indicates the total amount of EAP requests sent If a response is not received after the defined period the authentication process is restarted The field default is 2 retries Supplicant Timeout Displays the number of seconds that lapses before EAP requests are resent to the supplicant Range 1 65535 The field default is 30 seconds Server Timeout Specifies the number of seconds that lapses before the switch resends a request to the authentication server Range 1 65535 The field default is 30 seconds Termination Cause Indicates the reason for which the port authentication was terminated Define the relevant fields ESW 500 Series Switches Administration Guide 151 Configuring Device Security Defining 8021x STEP 3 Click Apply The 8021X port authentication settings are defined and the device is updated Modifying 8021X Security STEP 1 Click Security gt 8021X gt Port Authentication The 802 LX Properties Page opens STEP 2 Click the Edit button The Port Authentication Settings Page opens Port Authentication Settings Page Port Authentication Settings Port E
354. thentication The User Authentication Page opens Click the Edit Button The Edit Local User Page opens Edit Local User Page Edit Local User User Name l ews z Password Confirm Password The Edit Local User Page contains the following fields e UserName Specifies the user name e Password Specifies the new password The password is not displayed As it entered an corresponding to each character is displayed in the field Range 1 159 characters e Confirm Password Confirms the new password The password entered into this field must be exactly the same as the password entered in the Password field ESW 500 Series Switches Administration Guide 110 Configuring Device Security Defining Authentication STEP 3 Define the relevant fields STEP 4 Click Apply The local user settings are modified and the device is updated Defining Authentication The Authentication section contains the following pages Defining Profiles Mapping Authentication Profiles Defining TACACS Defining RADIUS Defining Profiles Authentication profiles allow network administrators to assign authentication methods for user authentication User authentication can be performed locally or on an external server User authentication occurs in the order the methods are selected If the first authentication method is not available the next selected method is used For example if the selected authentication methods are
355. therChannel Auto negotiation is a protocol between two link partners that enables a EtherChannel to advertise its transmission rate and flow control the flow control default is disabled abilities to its partner Current Auto Negotiation Displays the current Auto Negotiation setting Admin Advertisement Specifies the capabilities to be advertised by the EtherChannel The possible field values are Max Capability Indicates that all EtherChannel speeds and Duplex mode settings can be accepted 10 Half ndicates that the EtherChannel is advertising a 10 Mbps speed and half Duplex mode setting 10 Full ndicates that the EtherChannel is advertising a 10 Mbps speed and full Duplex mode Setting 100 Half Indicates that the EtherChannel is advertising a 100 Mbps speed and half Duplex mode setting 100 Full indicates that the EtherChannel is advertising a 100 Mbps speed and full Duplex mode setting 1000 Full ndicates that the EtherChannel is advertising a 1000 Mbps speed and full Duplex mode setting Current Advertisement Indicates the admin advertisement status The EtherChannel advertises its capabilities to its neighbor EtherChannel to start ESW 500 Series Switches Administration Guide 430 Aggregating Ports Configuring LACP the negotiation process The possible field values are those specified in the Admin Advertisement field Neighbor Advertisement The neighbor EtherChanne
356. third highest warning level A critical log is saved if a critical device malfunction occurs for example two device ports are not functioning while the rest of the device ports remain functional Error A device error has occurred for example if a single port is offline Warning The lowest level of a device warning The device is functioning but an operational problem has occurred Notice The system is functioning properly but system notice has occurred Informational Provides device information Debug Provides debugging messages Define the relevant fields Click Apply The Add Syslog Server Page closes the syslog server is added and the device is updated Modifying Syslog Server Settings Click Maintenance gt System Logging gt Syslog Servers The Sys og Servers Page opens Click the Edit button The Edit Syslog Server Page opens Edit Syslog Server Page Edit Syslog Server Server 10 0 0 0 E UDP Port 514 Facility Local 7 z Description Severity To Include Informational z Apply e The Edit Syslog Server Page contains fields for modifying Remote Log Server settings ESW 500 Series Switches Administration Guide 394 Managing System Logs Remote Log Servers The Edit Syslog Server Page contains the following fields Server Specifies the name of the Remote Log Server to which logs canbe sent UDP Port Defines the UDP port to which the server logs ar
357. ticast Settings Chapter Configuring Spanning Tree Defining STP Properties Global Settings Defining Spanning Tree Interface Settings Modifying Interface Settings Defining Rapid Spanning Tree Modifying RTSP Defining Multiple Spanning Tree Defining MSTP Properties Defining MSTP Instance to VLAN Defining MSTP Instance Settings Defining MSTP Interface Settings Chapter Configuring Quality of Service Managing QoS Statistics Policer Statistics Add Aggregated Policer Statistics Resetting Aggregate Policer Statistics Counters Queues Statistics Adding Queues Statistics Resetting Queue Statistics Counters Defining General Settings Defining CoS Modifying Interface Priorities Defining QoS Queue Mapping CoS to Queue Mapping DSCP to Queue 268 269 271 272 275 275 276 278 282 284 287 289 290 291 293 294 301 302 302 304 307 307 309 309 310 310 312 313 316 318 ESW 500 Series Switches Administration Guide Contents Configuring Bandwidth Modifying Bandwidth Settings Configuring VLAN Rate Limit Modifying the VLAN Rate Limit Defining Advanced QoS Mode Configuring DSCP Mapping Defining Class Mapping Defining Aggregate Policer Modifying QoS Aggregate Policer Configuring Policy Table Modifying the QoS Policy Profile Defining Policy Binding Modifying QoS Policy Binding Settings Defining QoS Basic Mode Rewriting DSCP Values Chapter Configuring SNMP SNMP Versions SNMP v1 and v2 SNMP v
358. traffic when a path being rerouted e Default Path Cost Defines the default path cost as the Path Cost field setting The possible field values are ESW 500 Series Switches Administration Guide 283 Configuring Spanning Tree Defining Rapid Spanning Tree Checked Path Cost is the default value Unchecked Path Cost is user defined Priority Priority value of the port The priority value influences the port choice when a bridge has two ports connected in a loop The priority value is between 0 240 The priority value is provided in increments of 16 Designated Bridge ID Indicates the bridge priority and the MAC Address of the designated bridge Designated Port ID Indicates the selected port s priority and interface Designated Cost Indicates the cost of the port participating in the STP topology Ports with a lower cost are less likely to be blocked if STP detects loops Forward Transitions Indicates the number of times the port has changed from the Blocking state to Forwarding state EtherChannel Indicates the EtherChannel to which the port belongs If a port is a member of a EtherChannel the EtherChannel settings override the port settings STEP 3 Define the relevant fields STEP 4 Click Apply The interface settings are modified and the device is updated Defining Rapid Spanning Tree Wh ile the classic spanning tree prevents Layer 2 forwarding loops ina general networ
359. tration Guide 25 Getting Started Connecting to the Switch Connect page a E E A a I ESU2SG D8 1 2 Cimon eseo t Eine AY cotere TA psctement C ma morore 0 19340 Bets Dix STEP 6 Once you have connected to the community the 7opo ogy View opens and displays the ESW 500 Series Switch Right click on the switch and it displays three options e Device Manager e Properties e Annotation You can now continue with configuring the switch by two different options use CCA to do all of the configuration or use the Device Manager to go to the switch Configuration Utility Additional information is described in detail in the appropriate CCA user documentation This procedure uses the Device Manager ESW 500 Series Switches Administration Guide 26 Getting Started Connecting to the Switch CCA Topology View page 3ps mate moe bale 4 ci BOESBULSEGPDSXY J 32 a Kt Poneto STEP 7 Click on Device Manager The Log In page will launch in a new browser window Log In page TAT cisco Switch Configuration Utility STEP 8 Enter a user name and password The default user name is c sco and the default password is c sco Passwords are both case sensitive and alpha numeric STEP 9 Click Log In The Switch Configuration Utility System Dashboard Page opens ESW 500 Series Switches Administration Guide 27 Getting Started Connecting to the Switch STEP 10 A
360. tration Guide 60 Managing Device Information Defining System Information STEP 1 Click Monitor amp Device Properties gt System Management gt System Information The System Information Page opens System Information Page cisco Switch Configuration Uliity System Mame System Lecation Systema Contact System Object ID 13614 51 100 System Up Time O dwys 2 hours Z3 manda 20 wecorets Vase MAC Addiess itr tt Software Version Boot Version Unique Device bdentSes ro ESwWAD N 189650 The System Information Page contains the following fields e System Name Displays the user configured name of the system e System Location Defines the location where the system is currently running The field range is from 0 160 characters e System Contact Defines the name of the contact person The field range is 0 160 characters e Login Banner Defines a user configurable message of up to 1000 characters e System Object ID Displays the vendor s authoritative identification of the network management subsystem contained in the entity e System Up Time Displays the amount of time that has elapsed since the last device reset The system time is displayed in the following format Days Hours ESW 500 Series Switches Administration Guide 61 Managing Device Information Viewing Device Health Minutes and Seconds For example 41 days 2 hours 22 minutes and 15 seconds e Base MAC
361. ts are forwarded ForFE ports the rate is 70 100 000 Kbps For GE ports the rate is 3 500 100 000 Kbps e Broadcast Mode Specifies the Broadcast mode currently enabled on the device The possible field values are Multicast amp Broadcast Counts Broadcast and Multicast traffic together Broadcast Only Counts only Broadcast traffic Unknown Unicast Counts only Unknown Unicast Relevant on ESW 540 ESW 520 and ESW 520 8p devices STEP 2 Define the relevant fields STEP 3 Click Apply Storm control is enabled and the device is updated Modifying Storm Control STEP 1 Click Security gt Traffic Control gt Storm Control The Storm Control Page opens STEP 2 Click the Edit Button The Edit Storm Control Page opens Edit Storm Control Page Edit Storm Control Port gi Enable Broadcast Control 7 Broadcast Mode Broadcast Only Broadcast Rate Ihreshota 10000 Kbits sec Apply The Edit Storm Control Page contains the following fields ESW 500 Series Switches Administration Guide 140 Configuring Device Security Defining Traffic Control e Port Indicates the port from which storm control is enabled e Enable Broadcast Control Indicates if Broadcast packet types are forwarded on the specific interface The possible field values are Checked Enables Broadcast packet types to be forwarded Unchecked Disables Broadcast packet types to be forwarded
362. two pages Uplink Ports ESW 500 Series Switch Copper SFP mini GBIC Layer 2 Ethernet Ports ESW 520 8P GEl GE1 1 8 ESW 540 8P GE1 GE1 1 8 ESW 520 24 24P GE1 GE4 GE3 GE4 1 24 ESW 520 48 48P GE1 GE2 GE3 GE4 1 48 ESW 540 24 24P 11 12 23 24 GE1 GE4 1 10 13 22 ESW 540 48 23 24 47 48 GE1 GE4 1 22 25 46 On the 8 port devices the Uplink and the GBIC ports can not be used at the same time ESW 500 Series Switches Administration Guide 14 Getting Started Typical Installation Methods The ESW 540 24 24P and ESW 540 48 use shared ports When connecting to uplink ports the GE ports take precedence over the Copper ports For example on an ESW 540 24 if you plug a device into GEL you cannot use port 11 The other port relationships are shown in the following table ESW 500 Series Switch JGEPort Takes Precedence Over Copper Port ESW 540 24 24P GEL 11 ESW 540 24 24P GE2 23 ESW 540 24 24P GE3 12 ESW 540 24 24P GE4 24 ESW 540 48 GEL 23 ESW 540 48 GE2 47 ESW 540 48 GE3 24 ESW 540 48 GE4 48 Compare the following table with the four examples of switch front panels that are on the next page Port Description 1 Switch Ports The switch is equipped with auto sensing Ethernet 802 3 netw ork ports which use R 45 connectors The Ethernet ports support netw ork speeds of 10 Mbps 100 Mbps or 1000 Mbps They can operate in half and full duplex mo
363. ues are Checked Enables Root Guard on the selected port or EtherChannel Unchecked Disables Root Guard on the selected port or EtherChannel This is the default value e Enable BPDU Guard Protects the network from invalid configurations The possible field values are Checked Enables BPDU Guard on the selected port or EtherChannel Unchecked Disables BPDU Guard on the selected port or EtherChannel This is the default value e Port State Displays the current STP state of a port If enabled the port state determines what forwarding action is taken on traffic Possible port states are Disabled Indicates that STP is currently disabled on the port The port forwards traffic while learning MAC addresses Blocking ndicates that the port is currently blocked and cannot forward traffic or learn MAC addresses Listening indicates that the port is in Listening mode The port cannot forward traffic nor can it learn MAC addresses Learning indicates that the port is in Learning mode The port cannot forward traffic however it can learn new MAC addresses Forwarding ndicates that the portis in Forwarding mode The port can forward traffic and learn new MAC addresses e Speed Indicates the speed at which the port is operating e Path Cost Defines the port contribution to the root path cost The path cost is adjusted to a higher or lower value and is used to forward
364. ult value ESW 500 Series Switches Administration Guide 439 Managing Device Diagnostics Monitoring CPU Utilization Tx Only Defines the port mirroring on transmitting ports Txand Rx Defines the port mirroring on both receiving and transmitting ports STEP 2 Define the relevant fields Click Apply Port mirroring is added and the device is updated To Delete an entry click on the the selected entry in the table and then press Delete Monitoring CPU Utilization The CPU Utilization page contains information about the system s CPU utilization A NOTE The CPU Utilization page requires that the J ava applet be installed and properly configured prior to executing the test To observe the CPU Utilization ESW 500 Series Switches Administration Guide 440 Managing Device Diagnostics Monitoring CPU Utilization STEP 1 Click Maintenance gt Diagnostics gt CPU Utilization The CPU Utilization Page opens ahiahi haven A cisco Smich Configuration CPU Utilization ete w Mehesh Aor arn The CPU Utilization page contains the follow ing fields e CPU Utilization Displays CPU resource utilization information The possible field values are Enabled Enables viewing CPU utilization information This is the default value Disabled Disables viewing the CPU utilization information e Refresh Rate Amount of time that passes before the statistics
365. urity Page opens STEP 2 Click the Edit Button The Edit Port Security Page opens Edit Port Security Page Edit Port Security Interface Port git EtherChannel Lock Interface LJ Learning Mode Classic Lock v Max Lntries Action on Violation Enable Trap Trap Frequency The Edit Port Security Page contains the follow ing fields e Interface Select the port or EtherChannel name e Lock Interface Indicates the port security status The possible field values are Unchecked Indicates the portis currently unlocked This is the default value Checked Indicates the portis currently locked e Learning Mode Defines the locked port type The Learning Mode field is enabled only if Locked is selected in the Interface Status field In order to change the Learning Mode the Lock Interface must be set to Unlocked Once the mode is changed the Lock Interface can be reinstated The possible field values are Classic Lock Locks the port using the classic lock mechanism The portis immediately locked regardless of the number of addresses that have already been learned Limited Dynamic Lock Locks the port by deleting the current dynamic MAC addresses associated with the port The port learns up to the ESW 500 Series Switches Administration Guide 145 Configuring Device Security Defining 8021x maximum addresses allowed on the port Both relearning and aging MAC addresses are enabled P
366. used with Half Duplex mode to disable ports from receiving messages The Back Pressure mode is configured for ports currently in the Half Duplex mode e Current Back Pressure Displays the Back Pressure mode on the port e Admin Flow Control Enables or disables flow control or enables the auto negotiation of flow control on the port Select from Enable Disable Auto Negotiation e Current Flow Control Displays the current Flow Control setting Select from Enable Disable Auto Negotiation e Admin MDI MDIX Displays the Media Dependent Interface MDI Media Dependent Interface with Crossover MDIX status on the port Hubs and switches are deliberately wired opposite the way end stations are wired so that when a hub or switch is connected to an end station a straight through ESW 500 Series Switches Administration Guide 217 Configuring Ports Port Settings STEP 3 Ethernet cable can be used and the pairs are matched up properly When two hubs or switches are connected to each other or two end stations are connected to each other a crossover cable is used to ensure that the correct pairs are connected The possible field values are MDIX Use for hubs and switches Auto Use to automatically detect the cable type MDI Use for end stations Current MDI MDIX Displays the current MDI MDIX setting EtherChannel Defines if the portis part of a Link Aggregation Group EtherChannel P
367. user groups User groups are defined for interfaces according to IP addresses or IP subnets Access profiles contain management methods for accessing and managing the device The device management methods include e All e Telnet e Secure Telnet SSH e HTTP Secure HTTP HTTPS e SNMP Management access to different management methods may differ between user groups For example User Group 1 can access the switch module only via an HTTPS session while User Group 2 canaccess the switch module via both HTTPS and Telnet sessions The Access Profile Page contains the currently configured access profiles and their activity status Assigning an access profile to an interface denies access via other interfaces If an access profile is assigned to any interface the device can be accessed by all interfaces To define access profiles ESW 500 Series Switches Administration Guide 128 Configuring Device Security Defining Access Methods STEP 1 Click Security gt Access Method gt Access Profiles The Access Profiles Page opens Access Profiles Page threat j aay cisco Switch Configuration UHIN Access Profiles D Access Prete Mame rearea None Conecle Onty The Access Profiles Page contains the following fields e Access Profile Name Defines the access profile name The access profile name can contain up to 32 characters e Current Active Access Profile Defines the access profile currently active ST
368. value Long Defines a long timeout value This is the default value Define the relevant fields Click Apply The LACP Parameters settings are modified and the device is updated ESW 500 Series Switches Administration Guide 433 Managing Device Diagnostics Ethernet Port Testing Managing Device Diagnostics This section contains information for running diagnostic procedures on the switch and includes the following topics e Ethernet Ports e GBIC Uplink Ports e SPAN Port Mirroring e CPU Utilization Ethernet Port Testing The Ethernet Ports Page contains fields for performing tests on copper cables Cable testing provides information about where errors occurred in the cable the last time a cable test was performed and the type of cable error that occurred The tests use Time Domain Reflectometry TDR technology to test the quality and characteristics of a copper cable attached to a port Cables up to 100 meters long can be tested Cables are tested when the ports are in the down state with the exception of the Approximated Cable Length test To test cables ESW 500 Series Switches Administration Guide 434 Managing Device Diagnostics Ethernet Port Testing STEP 1 Click Maintenance gt Diagnostics gt Ethernet Ports The Ethernet Ports Page opens Port Tenemi Cable Fatihte taut tpdew Date 2s 1 a gt a a oo ee gt a wu w T 7 za a we 7 Cod on we E The Ethe
369. vertise more than one capability which is presented as a series of one letter codes for example S ID represents Switch Remotely Managed Device The list of capabilities follows AR Router 7 Trans Bridge B Source Route Bridge S Switch H Host IGMP r Repeater P VoIP Phone D Remotely Managed Device C CVTA M Two port Mac Relay Platform Indicates product name and model number of the neighboring device ESW 500 Series Switches Administration Guide 66 Managing Device Information Managing Cisco Discovery Protocol e Port ID Indicates the neighboring device s port from which the CDP packet was sent STEP 2 Select Enable in the CDP Status field to enable the Cisco Discovery Protocol on the device STEP 3 Define a VLAN ID to be advertised by the device in the Voice VLAN field STEP 4 Click Apply CDP is enabled and the device is updated To view additional neighboring device CDP information STEP 1 Click Monitor amp Device Properties gt CDP The CDP Page opens STEP 2 Click Details The CDP Neighbors Details Page opens CDP Neighbors Details Page Neighbors Details Device ID irena Advertisement Version 2 Native VLAN 1 Duplex Full IP Address 10 5 234 214 Platform ESW 520 48 Capabilities SID Interface g9 Port ID outgoing port g1 Time To Live 125 sec Version 216 In addition to the fields in the CDP Page
370. wards packets which meet the ACL criteria Deny Drops packets which meet the ACL criteria Shutdown Drops packet that meet the ACL criteria and disables the port to which the packet was addressed Define the relevant fields ESW 500 Series Switches Administration Guide 167 Configuring Device Security Defining Access Control STEP 4 Click Apply The MAC Based ACL is modified and the device is updated Defining IP Based ACL The P Based ACL Page page contains information for defining IP Based ACLs including defining the ACEs defined for IP Based ACLs To define an IP based ACL STEP 1 Click Security gt Access Control Lists ACL gt IP Based ACL The P Based ACL Page opens IP Based ACL Page cisco Switch Configuration Pag Sat pe ered Se fag hypes m thee baing enter tg Ack Poh Pet Syn Par Get je rege eeented ss 1 inet as ahd Soa car py Rule Protocel Seance Port Dost Pon Flag ICMP ICMP IOMP Pibeaity Set Type Code Type SIS Dedtination IP Addiess Mask IP Adtress Any Any Any Any 199482 The P Based ACL Page contains the following fields e ACL Name Displays the user defined IP based ACLs e Rule Priority Indicates the rule priority which determines which rule is matched to a packet on a first match basis ESW 500 Series Switches Administration Guide 168 Configuring Device Security Defining Access Control e Protocol Creates an ACE based ona spe
371. wing Statistics Configuring RMON History Edit RMON Events Page Edit RMON Events Event Entry No ga Community Default Community Description Default Description Type Log and Trap E Owner l The Edit RMON Events Page contains the following fields e Entry Event No Displays the event entry index number e Community Displays the SNMP community string e Description Displays the user defined event description e Type Describes the event type Possible values are None No action occurs Log The device adds a log entry Trap The device sends a trap Log and Trap The device adds a log entry and sends a trap e Owner Displays the device or user that defined the event STEP 3 Define the relevant fields STEP 4 Click Apply The event control settings are modified and the device is updated Viewing the RMON Events Logs The RMON Events Log Page contains a list of RMON events STEP 1 Click Statistics gt RMON Remote Management gt Events The RMON Events Page opens STEP 2 Click the Events Log button The RMON Events Log Page opens ESW 500 Series Switches Administration Guide 416 Viewing Statistics Configuring RMON History RMON Events Log Page othtethe cisco Switch Configuration Ut Evesa Log Ne Leg Time Oesctiption The RMON Events Log Page contains the following fields e Event Displays the RMON Events Log entry number e Log No
372. wn or the port control is Auto buta client has not been authenticated via the port Force Authorized ndicates that the port control is Forced Authorized and clients have full port access Single host Lock Indicates that the port control is Auto and only a single client has been authenticated via the port Multiple Hosts Indicates that the port control is Auto and Multiple Hosts mode is enabled One client has been authenticated Multiple Sessions indicates that the port control is Auto and Multiple Sessions mode is enabled At least one client has been authenticated e Number of Violations Indicates the number of packets that arrived on the interface in single host mode from a host whose MAC address is not the supplicant MAC address ESW 500 Series Switches Administration Guide 156 Configuring Device Security Defining 8021x Modifying Authentication Settings STEP 1 Click Security gt 8021X gt Authentication The 802 1X Port Authentication Page opens STEP 2 Click the Edit button The Edit Authentication Page opens Edit Authentication Page Edit Host Authentication Post gi Host Authemication fylultiple Host Action om Violation Enable Traps Trap lrequency The Edit Authentication Page contains the following fields e Port Displays the port number for which advanced port based authentication is enabled e Host Authentication Defines the Host Authenticat
373. y Defining Traffic Control locked When a packet is received ona locked port and the packet source MAC address is not tied to that port either it was learned on a different port or it is unknown to the system the protection mechanism is invoked and can provide various options Unauthorized packets arriving at a locked port are either Forwarded Discarded with no trap Discarded with a trap Cause the port to be shut down Locked port security also enables storing a list of MAC addresses in the configuration file The MAC address list can be restored after the device has been reset Disabled ports are activated from the Port Security Page NOTE To configure port lock 8021x multiple host mode must be enabled To define port security ESW 500 Series Switches Administration Guide 142 Configuring Device Security Defining Traffic Control STEP 1 Click Security gt Traffic Control gt Port Security The Port Security Page opens Port Security Page The Port Security Page contains the following fields Ae ie cisco Switch Configi Port Security 5 Porh EtherChanmets Wtertace tetertace Status Leaning Mede Maxtemles Actes Trap Locted Lemted Dynaeruc Lock Disca Erste amp Locked Lented Dynama Discard Enable 6 Locked Lented Dynarnec Discard Enatie Leched ented Oyeme Oiod Embe amp Locked Lented Dynamne k Discard Enable Lented Dynama Oucard En Lented Dynamic Lock Lented Dynermc Lock Le
374. y Binding Page QoS policies are associated with specific interfaces ESW 500 Series Switches Administration Guide 337 Configuring Quality of Service Defining Advanced QoS Mode STEP 1 Click Quality of Service gt Advanced Mode gt Policy Binding The Po icy Binding Page opens Policy Binding Page cisco Switch Configuration OWY Policy Binding beterface Pelicy Mame qo perent map iy vet perar map pili gt LY i EERRREEEE gora map pip ie e Qerem map parers map perar map o a oO a o 0 parers map b it SY Sy ee praa map o0 gerera map o S c E Bl gares map Qerers map ih Parma map BRB generat map 5 garer map 193536 The Policy Binding Page contains the following fields e interface Displays the interface to which the entry refers e Policy Name Displays a Policy name associated with the interface STEP 2 Click the Add button The Add QoS Policy Binding Page opens ESW 500 Series Switches Administration Guide 338 Configuring Quality of Service Defining Advanced QoS Mode STEP 3 STEP 4 STEP STEP 2 Add QoS Policy Binding Page Add Qos Policy Binding interface Port gi OEtherChannel Policy llame generabrnap The Add QoS Policy Binding Page contains the following fields e Interface Select either the Port or EtherChannel radio button to select the interface e Po
375. y and sends a trap e Time Displays the date and time that the event occurred e Owner Displays the device or user that defined the event The Add button adds the configured RMON event to the Event Table ESW 500 Series Switches Administration Guide 414 Viewing Statistics Configuring RMON History The Delete button deletes the selected RMON event STEP 2 Click the Add button The Add RMON Events Page opens Add RMON Events Page Add RMON Events Event Entry 1 Community Default Community Description Default Description Type None z Owner L Ay o The Add RMON Events Page contains the following fields e Event Entry Indicates the event entry index number e Community Displays the SNMP community string e Description Displays a user defined event description e Type Describes the event type Possible values are None No action occurs Log The device adds a log entry Trap The device sends a trap Log and Trap The device adds a log entry and sends a trap e Owner Displays the device or user that defined the event STEP 3 Define the relevant fields STEP 4 Click Apply The RMON event is added and the device is updated Modifying RMON Event Log Settings STEP 1 Click Statistics gt RMON Remote Management gt Events The RMON Events Page opens STEP 2 Click Edit The Edit RMON Events Page opens ESW 500 Series Switches Administration Guide 415 Vie
Download Pdf Manuals
Related Search