Administration

This chapter contains the following sections:

System Settings

The system setting page allows you customize the settings on your switch. You can configure the following:

Procedure

Step 1

Click Administration > System Settings.

Step 2

View or modify the system settings.

  • System Description—Displays a description of the device.

  • System Location—Enter the physical location of the device.

  • System Contact—Enter the name of a contact person.

  • Host Name—Select the host name of this device. This is used in the prompt of CLI commands:

    • Use Default—The default hostname (System Name) of these switches is: switch123456, where 123456 represents the last three bytes of the device MAC address in hex format.

    • User Defined—Enter the hostname. Use only letters, digits, and hyphens. Host names can’t begin or end with a hyphen. No other symbols, punctuation characters, or blank spaces are permitted (as specified in RFC1033, 1034, 1035).

  • Custom Banner Settings—The following banners can be set:

    • Login Banner—Enter text to display on the Login page before login. Click Preview to view the results.

    • Welcome Banner—Enter text to display on the Login page after login. Click Preview to view the results.

      Note 

      When you define a login banner from the web-based configuration utility, it also activates the banner for the CLI interfaces (Console, Telnet, and SSH).

      The banner can contain up to 2000 characters.

Step 3

Click Apply to save the values in the Running Configuration file.

Console Settings

The console port speed can be set to one of the following speeds: 2400, 4800, 9600, 19200, 38400, 57600, and 115200.

To configure the console settings, follow these steps:

Procedure

Step 1

Click Administration > Console Settings.

Step 2

Select a value from the Console Port Baud Rate drop-down menu. The available values are 2400, 4800, 9600, 19200, 38400, 57600, and 115200 Bit/sec.

Step 3

Click Apply. The console port Baud rate is defined, and the Running Configuration is updated.

User Accounts

The User Accounts page enables entering additional users that are permitted to access to the device (read-only or read-write) or changing the passwords of existing users. A user accessing the device for the first time uses the cisco/cisco username and password. After providing the default credentials, you’re prompted to replace the default level 15 username and password, and you must provide a new username and password. The new password must comply with the password complexity rules.

To add a new user, follow these steps:

Procedure

Step 1

Click Administration > User Accounts.

Step 2

Click Add to add a new user or click Edit to modify a user.

Step 3

Enter the parameters.

  • User Name—Enter a new username from 0 through 31 characters. UTF-8 characters aren’t permitted.

  • Password—Enter a password (UTF-8 characters aren’t permitted).

  • Confirm Password—Enter the password again.

  • Password Strength Meter—Displays the strength of password. The password must comply with the minimum strength and complexity requirements shown on this page.

  • User Level—Select the privilege level of the user.

    • Read-Only CLI Access (1)—User can’t access the GUI, and can only access CLI commands that don’t change the device configuration.

    • Read/Write Management Access (15)—User can access the GUI, and can configure the device.
Step 4

Click Apply. The user is added to the Running Configuration file of the device.

Note 

The password is stored in the configuration files as a non-recoverable hash using Password Based Key Derivation Function 2 (PBKDF2) with Secure Hash Algorithm, and SHA-256 as the hashing algorithm.

Idle Session Timeout

The Idle Session Timeout configures the time intervals that the management sessions can remain idle before they timeout.

To set the idle session timeout for various types of sessions, complete these steps:

Procedure

Step 1

Click Administration > Idle Session Timeout.

Step 2

Select the timeout for the each type of session from the list.

  • HTTP Session Timeout

  • HTTPS Session Timeout

  • Console Session Timeout

  • Telnet Session Timeout

  • SSH Session Timeout

The default timeout value is 10 minutes. You must log in again to reestablish one of the chosen sessions.
Step 3

Click Apply to set the configuration settings on the device.

Time Settings

Synchronized system clocks provide a frame of reference between all devices on the network. Network time synchronization is critical because every aspect of managing, securing, planning, and debugging a network involves determining when events occur. Without synchronized clocks, accurately correlating log files between devices when tracking security breaches or network usage is impossible. Synchronized time also reduces confusion in shared file systems, as it is important for the modification times to be consistent, regardless of the machine on which the file systems reside. For these reasons, it is important that the time configured on all of the devices on the network is accurate.


Note

The device supports SNTP, and when enabled, the device dynamically synchronizes the device time with time from an SNTP server. The device operates only as an SNTP client, and cannot provide time services to other devices.

System Time

Use the System Time page to select the system time source. If the source is manual, you can enter the time here.


Caution

If the system time is set manually and the device is rebooted, the manual time settings must be reentered.

To define system time, complete these steps:

Procedure

Step 1

Click Administration > Time Settings > System Time.

The following fields are displayed:

  • Actual Time— Actual system time on the device.
Step 2

Enter the following parameters:

  • Clock Source Settings—Select the source used to set the system clock.

    • Main Clock Source (SNTP Servers)—If this is enabled, the system time is obtained from an SNTP server.

  • Manual Settings—Set the date and time manually. The local time is used when there’s no alternate source of time, such as an SNTP server:

    • Date—Enter the system date.

    • Local Time—Enter the system time.

  • Time Zone Settings

    • Time Zone Offset—Select the difference in hours between Greenwich Mean Time (GMT) and the local time. For example, the Time Zone Offset for Paris is GMT +1, while the Time Zone Offset for New York is GMT – 5.

    • Time Zone Acronym—Enter a name that represents this time zone. This acronym appears in the Actual Time field.

  • Daylight Savings Settings—Select how DST is defined:

    • Daylight Savings—Select to enable Daylight Saving Time.

    • Time Set Offset—Enter the number of minutes offset from GMT ranging 1—1440. The default is 60.

    • Daylight Savings Type—Click one of the following:

      USA—DST is set according to the dates used in the USA.

      European—DST is set according to the dates used by the European Union and other countries that use this standard.

      By dates—DST is set manually, typically for a country other than the USA or a European country. Enter the parameters described below.

      Recurring—DST occurs on the same date every year.

      Selecting By Dates allows customization of the start and stop of DST:

  • From—Day and time that DST starts.

  • To—Day and time that DST ends.
Step 3

Selecting Recurring allows different customization of the start and stop of DST:

  • From—Date when DST begins each year.

    • Day—Day of the week on which DST begins every year.

    • Week—Week within the month from which DST begins every year.

    • Month—Month of the year in which DST begins every year.

    • Time—The time at which DST begins every year.

  • To—Date when DST ends each year. For example, DST ends locally every fourth Friday in October at 5:00 a.m.. The parameters are:

    • Day—Day of the week on which DST ends every year.

    • Week—Week within the month from which DST ends every year.

    • Month—Month of the year in which DST ends every year.

    • Time—The time at which DST ends every year.
Step 4

Click Apply. The system time values are written to the Running Configuration file.

SNTP Settings

The switch can be configured to synchronize its system clock with an SNTP server specified on the SNTP Settings page.

To specify an SNTP server by name, you must first configure the DNS servers on the switch and enable the Main Clock Source (SNTP Servers) on the System Time page.

To add a SNTP server, complete the following steps:

Procedure

Step 1

Click Administration > Time Settings > SNTP Settings .

Step 2

Enter the following information:

  • Host Definition—Select whether to specify the SNTP server by IPv4 address or by host name.

  • SNTP Server IP Address/Name—Enter the IPv4 address or hostname of the SNTP server.
Step 3

Click Apply. The SNTP server is added, and the Running Configuration is updated

Time Range

Time ranges can be defined and associated with the following types of commands, so that they are applied only during that time range:

  • Port Stat

  • Time-Based PoE

There are two types of time ranges:

  • Absolute—This type of time range begins on a specific date or immediately and ends on a specific date or extends infinitely. It is created in the Time Range pages. A periodic element can be added to it.

  • Periodic—This type of time range contains a time range element that is added to an absolute range, and begins and ends on a periodic basis. It is defined in the Periodic Range pages.

If a time range includes both absolute and periodic ranges, the process associated with it is activated only if both absolute start time and the periodic time range have been reached. The process is deactivated when either of the time ranges are reached. The device supports a maximum of 20 absolute time ranges.

To ensure that the time range entries take effect at the desired times, the system time must be set.The time-range feature can be used for the following:

  • Limit access of computers to the network during business hours (for example), after which the network ports are locked, and access to the rest of the network is blocked (see Configuring Ports and Configuring LAG Settings)

  • Limit PoE operation to a specified period.

    Add these descriptions for time range

Procedure

Step 1

Click Administration > Time Settings > Time Range.

Step 2

In the Time Range Table, click Add to add a new time range or Edit or Delete to edit or delete an existing one.

Step 3

To add a new time range, click Add and configure the following:

  • Time Range Name—Enter a name for your time range

  • Absolute Starting Time—Select Immediate or enter a date and time.

  • Absolute Ending Time—Select Infinite or enter a date and time
Step 4

Click Apply to apply the new time range settings.

Periodic Time Range

A periodic time element can be added to an absolute time range. This limits the operation to certain time periods within the absolute range.

To add a periodic time range element to an absolute time range:

Procedure

Step 1

Click Administration > Time Settings > Periodic Range.

The existing periodic time ranges are displayed (filtered per a specific, absolute time range.)
Step 2

Select the absolute time range to which to add the periodic range.
Step 3

To add a new periodic time range, click Add.

Step 4

Enter the following fields:

  • Periodic Starting Time—Enter the day of the week, and time that the Time Range begins.

  • Periodic Ending Time—Enter the day of the week, and time that the Time Range ends.
Step 5

Click Apply.
Step 6

Click Time Range to access the Time Range.

System Log

This section describes the system logging, which enables the device to generate multiple independent logs. Each log is a set of messages describing system events.

The device generates the following local logs:

  • Log sent to the console interface.

  • Log written into a cyclical list of logged events in the RAM and erased when the device reboots.

  • Log written to a cyclical log-file saved to the Flash memory and persists across reboots.

In addition, you can send messages to remote SYSLOG servers in the form of SNMP traps and SYSLOG messages.

Log Settings

You can select the events to be logged by severity level. Each log message has a severity level concatenated with a dash (-) on each side. For example, the log message "SYSTEM-5-STARTUP: … " has a severity level of 5, meaning Notice.

The event severity levels are listed from the highest severity to the lowest severity, as follows:

  • Emergency—System is not usable.

  • Alert—Action is needed.

  • Critical—System is in a critical condition.

  • Error—System is in error condition.

  • Warning—System warning has occurred.

  • Notice—System is functioning properly, but a system notice has occurred.

  • Informational—Device information.

  • Debug—Detailed information about an event.

Selecting a severity level to be stored in a log causes all of the higher severity events to be automatically stored in the log. Lower severity events are not stored in the log. For example, if Warning is selected, all severity levels that are Warning and higher are stored in the log (Emergency, Alert, Critical, Error, and Warning). No events with severity level below Warning are stored (Notice, Informational, and Debug).

To set global log parameters, complete the following steps:

Procedure

Step 1

Click Administration > System Log > Log Settings.

Step 2

Enter the parameters.

Logging

Select to enable message logging.

Syslog Aggregator

Select the aggregation of SYSLOG messages and traps. If enabled, identical and contiguous SYSLOG messages and traps are aggregated over the specified Max. Aggregation Time and sent in a single message. The aggregated messages are sent in the order of their arrival. Each message states the number of times it was aggregated.

Max. Aggregation Time

Enter the interval of time that SYSLOG messages are aggregated.

RAM Memory Logging

Select the severity levels of the messages to be logged to the RAM.

Flash Memory Logging

Select the severity levels of the messages to be logged to the Flash memory.
Step 3

Click Apply. The Running Configuration file is updated.

Remote Log Servers

The Remote Log Servers page enables defining remote SYSLOG servers to which log messages are sent. For each server, you can configure the severity of the messages that it receives.

To define SYSLOG servers, follow these steps:

Procedure

Step 1

Click Administration > System Log > Remote Log Servers.

Step 2

Click Add.

Step 3

Enter the parameters.

Server Definition

Select whether to identify the remote log server by IP address or name.

IP Version

Select the supported IP format.

Log Server IP Address/Name

Enter the IP address or domain name of the log server.

UDP Port

Enter the UDP port to which the log messages are sent.

Facility

Select a facility value from which system logs are sent to the remote server. Only one facility value can be assigned to a server. If a second facility code is assigned, the first facility value is overridden.

Minimum Severity

Select the minimum level of system log messages to be sent to the server.
Step 4

Click Apply. The Add Remote Log Server page closes, the SYSLOG server is added, and the Running Configuration file is updated.

File Management

A File Management System is an application that is used to store, arrange and access the files that are on your device. The system files are files that contain information, such as: configuration information or firmware images. Various actions can be performed with these files, such as: selecting the firmware file from which the device boots, or copying files to or from an external device, such as an external server.

The following are some of the types of files are found on the device:

  • Running Configuration—Contains the parameters currently being used by the device to operate. This file is modified when you change parameter values on the device. If the device is rebooted, the Running Configuration is lost. To preserve any changes you made to the device, you must save the Running Configuration to the Startup Configuration, or another file type.

  • Startup Configuration—The parameter values that saved by copying another configuration (usually the Running Configuration) to the Startup Configuration. The Startup Configuration is retained in Flash and is preserved when the device is rebooted. At this time, the Startup Configuration is copied to RAM and identified as the Running Configuration.

  • Mirror Configuration—A copy of the Startup Configuration, created by the device when the following conditions exist:

    • The device has been operating continuously for 24 hours.

    • No configuration changes have been made to the Running Configuration in the previous 24 hours.

    • The Startup Configuration is identical to the Running Configuration.

      Only the system can copy the Startup Configuration to the Mirror Configuration. However, you can copy from the Mirror Configuration to other file types or to another device.

  • Backup Files—Manual copies of a files used for protection against system shutdown or for the maintenance of a specific operating state. For instance, you can copy the Mirror Configuration, Startup Configuration, or Running Configuration to a Backup file. The Backup exists in Flash or on a PC or USB drive and is preserved if the device is rebooted.

  • Firmware—The program that controls the operations and functionality of the device. More commonly referred to as the image.

  • Language File—The dictionary that enables the web-based configuration utility windows to be displayed in the selected language.

  • Logging File—SYSLOG messages stored in Flash memory.

Firmware Operations

The Firmware Operations page can be used to:

  • Update or backup the firmware image

  • Swap the active image.

The software images of the units in a stack must be identical to ensure proper stack operations. Stack units can be upgraded in any one of the following ways.

Procedure

Step 1

Click Administration > File Management > Firmware Operations.

The following fields are displayed:

  • Active Image—Displays the current, active firmware file.

  • Active Image Version Number—Displays the version of the current, active firmware file.
Step 2

Select the Operation Type from the following options:

  • Update Firmware

  • Backup Firmware

  • Swap Image
Step 3

Select the Transfer Method from the following options:

HTTP/HTTPS

For HTTP/HTTPS, enter the file name in the File Name field, or browse to locate and select the file.

TFTP

For TFTP, proceed with the TFTP Instructions below.

TFTP Instructions

Configure the following if you selected the TFTP as your copy method for the firmware operations.

TFTP Server IP Address/Name

 Select from the following options:

  • By IP Address

  • By Name

IP Version

 Select from the following options:

  • IP Version 6

  • IP Version 4

TFTP Server IP Address/Name

Enter the server IP address/name.

Source File Name

Enter the name of the source (0 - 128 characters used)
Step 4

Click Apply to save your settings.

File Operations

Procedure

Step 1

Click Administration > File Management > File Operations.

Step 2

Select the Operation Type from the following options:

  • Update File

  • Backup File

  • Duplicate
Step 3

Select the Destination File Type from the following options:

  • Running Configuration

  • Startup Configuration

  • Backup Configuration

  • Mirror Configuration

  • Logging File

  • Language File
Step 4

Select the Copy Method from the following options:

HTTP/HTTPS

For HTTP/HTTPS, enter the file name in the File Name field, or browse to locate and select the file.

TFTP

For TFTP, proceed with the TFTP Instructions below.

TFTP Instructions

Configure the following if you selected the TFTP as your update or backup method for the file operations.

TFTP Server Definition

 Select from the following options:

  • By IP Address

  • By Name

IP Version

 Select from the following options:

  • IP Version 6

  • IP Version 4

TFTP Server IP Address/Name

Enter the server IP address/name.

Source File Name

Enter the name of the source (0 - 160 characters used)
Step 5

In the File name section, click the Browse button to locate and select the file.

Step 6

Click Apply.

Configuration File Properties

The Configuration File Properties page displays the system files existing in the system.

Procedure

Step 1

Click Administration > File Management > Configuration File Properties.

Step 2

If required, select either the Startup Configuration, Backup Configuration, or both and click delete icon to delete these files.

DHCP Auto Configuration

The Auto Configuration/Image Update feature provides a convenient method to automatically configure switches in a network. This process enables the administrator to remotely ensure that the configuration of these devices in the network are up to date.

Procedure

Step 1

Click Administration > File Management > DHCP Auto Configuration.

Step 2

Configure the following:

Auto Configuration Via DHCP

Check to enable the auto configuration via DHCP. The Auto Configuration feature provides a convenient method to automatically configure switches in a network.

Step 3

Select the TFTP server settings.

Backup Server Definition

 Select from the following options:

  • By IP Address

  • By Name

IP Version

 Select from the following options:

  • IP Version 6

  • IP Version 4

Backup TFTP Server IP Address/Name

 Enter the name of the backup configuration file.

Backup Configuration File

Enter the name of the backup configuration file (0 - 160 characters used)

Last Auto Configuration TFTP Server IP Address

The address of the last auto configuration address is displayed.

Last Auto Configuration File Name

The name of the last auto configuration file is displayed.
Note 

DHCP Auto Configuration / Image is operational only when the IP Address configuration is dynamic.
Step 4

Click Apply to save your settings.

Cisco Business Dashboard Settings

Cisco Business Dashboard helps you monitor and manage your Cisco 100 to 500 Series network with the use of the Cisco Business Dashboard Manager. The Cisco Business Dashboard Manager is an add-on that automatically discovers your network, and allows you to configure and monitor all supported Cisco 100 to 500 Series devices such as Cisco switches, routers, and wireless access points.


Note

For detailed instructions on how to setup the Cisco Business Dashboard Manager and Agent, please consult the Cisco Business Dashboard Quick Start Guide.

https://cisco.com/go/cbd-docs

Complete the following steps on the switch graphical user interface (GUI) to enable an Agent connection to a Dashboard, configure the Organization and Network name, and other information required to allow connection to the Dashboard:

Procedure

Step 1

Click Administration > Cisco Business Dashboard Settings.

Step 2

Configure the following:

Connection Status

Displays the status of the Cisco Business Dashboard connection.

Agent Version

Displays the version of the Cisco Business Dashboard call home agent.

Callhome Agent Enabled

Check to enable call home agent for connecting to Cisco Business Dashboard.

Callhome Agent Log Level

Select the logging severity of call home agent.

Dashboard Connection Enabled

Check to enable connectivity.

Organization Name

Enter the organization name of the Cisco Business Dashboard Agent running on the device.

Network Name

Enter the site name of the Cisco Business Dashboard Agent.

Dashboard Definition

Define the address of the Cisco Business Dashboard. Select one of the following:

  • By IP address - this option requires you to enter a valid IP address to the IP Address/Name field.

  • By Name- this option requires you to enter a hostname to the IP Address/Name field.

IP Address/Name

Enter the name of IP address of the Cisco Business Dashboard.

Dashboard Port

Specify one of the following TCP ports to connect to the Dashboard.

  • Use Default (443).

  • User Defined (Range: 1-65535). This option is available only if a valid address is entered in the Dashboard Address field.
Access

Key ID

Specify the key ID to be used for the initial authentication between the Cisco Business Dashboard Agent running on the device and the Cisco Business Dashboard.

Access Key

Secret

Specify the secret to use for authentication. It can be Encrypted or in Plaintext format. The Plaintext format is specified as an alphanumeric string without white-spaces (up to 160 chars). The Key ID and Secret settings must be set together.

Step 3

Click Apply to save the setting to the running configuration.

Note 

The fields Organization Name, Network Name, Dashboard Address, Key ID cannot be modified if Dashboard Connection setting is enabled. To modify any of these settings clear the Dashboard Connection check box, click Apply, and redo steps 2-4 above.

Plug-n-Play (PNP)

Installation of new networking devices or replacement of devices can be expensive, time-consuming and error-prone when performed manually. Typically, new devices are first sent to a central staging facility where the devices are unboxed, connected to a staging network, updated with the right licenses, configurations and images; then packaged and shipped to the actual installation location. After these processes are completed, experts must travel to the installation locations to perform the installation. Even in scenarios where the devices are installed in the NOC/Data Center itself, there may not be enough experts for the sheer number of devices. All these issues contribute to delays in deployment and add to the operational costs.

Connecting to PNP Server

To allow the switch to connect to the PnP server, a discovery process takes place, in which the switch discovers the PNP server address/url. There are multiple discovery methods, and they are executed by the switch according to the sequence detailed below. If a PnP server is discovered by a certain method, the discovery process is completed and the rest of the methods are not executed:

  1. User configured address - the PnP server url or IP address are specified by the user.

  2. Address received from DHCP response option 43 - the PnP server url or IP address are received as part of option 43 in the DHCP response

  3. DNS resolution of hostname "pnpserver" - the PnP server IP addressed is obtained via DNS server resolution of hostname “pnpserver”.

  4. Cisco Plug and Play Connect - a redirection service that allows full “out of the box” PNP server discovery which runs over HTTPs.

The switch contacts the redirection service using the FQDN “devicehelper.cisco.com”.

Cisco PnP Connect Prerequisites

To allow Cisco Plug and Play Connect operation, the user needs to create devices and controller profiles in Plug and Play Connect (navigate to https://software.cisco.com and click the PnP Connect link). Note that a Cisco Smart Account is required to use PnP Connect. To create or update a Smart Account, see the Administration section of https://software.cisco.com.

In addition, the following prerequisites are required to be met on the switch itself:

  • The PNP server was not discovered by the other discovery methods

  • The device is able to successfully resolve the name devicehelper.cisco.com (either static configuration or using DNS server)

  • System time was set using one of the following methods

    • Time was updated by an SNTP server

    • Clock was set manually by user

    • Time was preserved across resets by Real Time Clock (RTC).

CA-Signed Certificate based Authentication

Cisco distributes certificates signed by a signing authorities in .tar file format and signs the bundle with Cisco Certificate Authority (CA) signature. This certificate bundle is provided by Cisco infoSec for public downloads on cisco.com.


Note

If the PNP server discovery is based on Cisco PnP Connect, the trustpool is downloaded from following: http://www.cisco.com/security/pki/trs/ios_core.p7b.

If the PNP server discovery is based on DHCP option 43, use the “T<Trust pool CA bundle URL>;” parameter in DHCP option 43 to provide the URL for downloading the trust pool. The certificates from this bundle can be installed on the Cisco device for server-side validation during SSL handshake. It is assumed that the server uses a certificate, which is signed by one of the CA that is available in the bundle.

The PnP agent uses the built-in PKI capability to validate the certificate bundle. As the bundle is signed by Cisco CA, the agent is capable of identifying a bundle that is tampered before installing the certificates on the device. After the integrity of the bundle is ensured by the agent, the agent installs the certificates on the device. After the certificates are installed on the device, the PnP agent initiates an HTTPs connection to the server without any additional steps from the server.


Note

The device also supports a built in certificate bundle which is installed as part of the bootup process. this bundle can be used to validate PNP server. If a Bundle is downloaded based on Cisco PnP Connect information then the certificates from the downloaded bundle are installed and the certificates based on the built in bundle are uninstalled.


Note

In addition to validating PNP certificate based on installed CA certificate the PNP Agent also validates that the certificate's Common Name/Subject Alternate Name (CN/SAN) matches the hostname/IP address of the PNP server. If they don't match validation of certificate is rejected.

Cisco PnP DHCP Option 43 Usage Guidelines

DHCP option 43 is a vendor specific identifier which is one of the methods that can be used by the PnP agent to locate and connect to the PnP server (see Cisco Plug-n-Play for more information).

The following provides Information on configuration of Option 43 to allow proper configuration on DHCP server.

Option 43 includes the following fields/parameters:

<DHCP-typecode><feature-opcode><version><debug-option>;<arglist>

The <arglist> parameter should use the following syntax:

B<IP address type>;I<IP address>;J<Port>;K<Transport protocol>;T<Trust pool CA bundle URL>;Z<SNTP server IP address>

The following table details the description and usage of option 43 fields

Parameter Description
DHCP-typecode DHCP sub-option type. The DHCP sub-option type for PnP is 5.
Feature-opcode Feature operation code – can be either Active (A) or Passive (P). The feature operation code for PnP is Active (A) which implies that PnP agent initiates a connection to the PnP server. If the PnP server cannot be reached, PnP agent retries until it makes a connection.
Version Version of template to be used by PnP agent. Must be 1.
Debug-option Turns ON or OFF the debug messages during the processing of the DHCP Option 43:

D – debug option is ON ; N – debug option is OFF.
K

Transport protocol to be used between PnP agent and PnP server:

4 - HTTP or 5 – HTTPS.
B

IP address type of PnP server IP address specified with the letter code

‘I’:

1 - host , 2- IPv4 , 3 - IPv6
I IP address or hostname of PnP server. If hostname is specified, DNS related options must be present in the DHCP server to allow for successful use of hostname.
T

URL of trust pool CA bundle. You can get the CA bundle from a Cisco Business Dashboard, or from a TFTP server.

  • When using Cisco Business Dashboard, use the following URL format:

    http://CBD IP address or domain name/ca/trustpool/CA_bundle_name

  • When using TFTP Server, use the following URL format: tftp://tftp server IP/CA_bundle_name

Z

SNTP server IP address. You must sync the clock before configuring a trust pool.

Note 

The switch clock is considered synchronized if it was updated by any SNTP server supported by the switch (by default, user configured or in Z parameter) or set manually by the user. This parameter is required when using trust pool security if the switch can not reach any other SNTP server. For example, for an out-of-the box switch with factory default configuration but no Internet connectivity to reach the default SNTP servers.

J

Port number http=80 https=443

Examples for Option 43 usage:

  • The following format is used for PnP connection setup using HTTP:

    option 43 ascii 5A1N;K4;B2;I10.10.10.3;J80

  • The following format is used for PnP connection setup on top of HTTPS, directly using a trust pool. HTTPS can be used when the trust pool CA bundle is downloaded from a Cisco Business Dashboard and the Cisco Business Dashboard server certificate was issued by a 3rd party (not self signed). In the example below “10.10.10.3” is the Cisco Business Dashboard IP address. Optionally, you can specify a domain name:

    option 43 ascii 5A1N;K5;B2;I10.10.10.3;J443;Thttp://10.10.10.3/ca/trustpool/ios.p7b;Z10.75.166.1

PNP Settings

To configure PNP settings, follow these steps:

Procedure

Step 1

Click Administration > PNP > PNP Settings.

Step 2

Configure PNP by entering information in the following fields:

PNP State

Check to enable.

PNP Transport / Settings Definition

Select one of the following options for locating configuration information, regarding the transport protocol to use, the PNP server address and the TCP port to use:

  • Auto—If this option is selected, the PNP settings are then taken from DHCP option 43. If settings aren’t received from DHCP option 43, the following default values are used: default transport protocol HTTP, DNS name "pnpserver" for PNP server and the port related to HTTP. If the “pnpserver” name is not resolved by DNS, then Cisco Plug and Play Connect service is used, using DNS name “devicehelper.cisco.com”. When selecting the Default Settings option, all fields in PNP Transport section are grayed out. If both PNP agent and DHCP Auto Configuration/Image Update are enabled on device - in case he DHCP reply includes, in addition to option 43, options related to config or image file name, then device ignores received option 43.

  • Static—Manually set the TCP port and server settings to use for PNP transport.

Transport Protocol

Select the transport protocol, HTTP or HTTPS.

TCP Port

Number of the TCP port. This is entered automatically by the system: 80 for HTTP.

Server Definition

Select whether to specify the PNP server By IP address or By name.

IP Version

Select the supported IP format.

  • Version 6—IPv6

  • Version 4—IPv4

Server IP Address/Name

Enter the IP address or domain name of the PNP server.
Step 3

Click Apply. The parameters are copied to the Running Configuration file.

PNP Session

The PNP Session screen displays the value of the PNP parameters currently in effect. The source of the parameter is displayed in parenthesis where relevant.

To display information about PNP parameters, follow these steps:

Procedure

Click Administration > PNP > PNP Session.

The following fields are displayed:

  • Administrative Status—Whether PNP is enabled or not.

  • Operational Status—Is PNP operational.

  • PNP Agent State—Indicates whether there’s an active PNP session. The possible values are Discovery Wait; Discovery; Not Ready; Disabled; Session; Session Wait.

  • Transport Protocol– Displays the PNP agent session information.

  • TCP Port—TCP port of the PNP session

  • Server Address—IP address of PNP server

Reboot

Some configuration changes, such as enabling jumbo frame support, require the system to be rebooted before they take effect. However, rebooting the device deletes the Running Configuration, so it’s critical to save the Running Configuration as the Startup Configuration before rebooting. Clicking Apply doesn’t save the configuration to the Startup Configuration. section.

To reboot the device, follow these steps:

Procedure

Step 1

Click Administration > Reboot.

Step 2

Click Reboot to reboot the device.

  • Reboot—Reboots the device. Since any unsaved information in the Running Configuration is discarded at reboot, you must click Save to preserve the current configuration across the boot process. If the Save option isn’t displayed, the Running Configuration matches the Startup Configuration and no action is necessary.

  • Restore to Factory Defaults—Reboots the device by using the factory default configuration. This process erases all except the Active Image, Inactive Image, Mirror configuration and Localization files.

  • Clear Startup Configuration File—Check to clear the startup configuration on the device for the next time it boots up.

Diagnostics

You can use diagnostics to test and verify the functionality of the hardware components of your system (chassis, supervisor engines, modules, and ASICs) while your device is connected to a live network. Diagnostics consists of packet-switching tests that test hardware components and verify the data path and control signals.

Copper Test


Caution

When a port is tested, it is set to the down state and communications are interrupted. After the test, the port returns to the Up state. It is not recommended that you run the copper port test on a port you are using to run the web-based switch configuration utility, because communications with that device are disrupted.

To test copper cables attached to ports:, follow these steps

Procedure

Step 1

Click Administration > Diagnostics > Copper Test.

Step 2

Select a port on which to run the test.
Step 3

Click Copper Test.

Step 4

When the message appears, click OK to confirm that the link can go down or Cancel to abort the test. The following fields are displayed in the Test Results block:

  • Test Results—Cable test results. Possible values are:

  • Cable Length—Estimated cable length. The cable length is Unknown when the green features are enabled.

  • Operational Port Status—Displays whether port is up or down.

Optical Module Status

The Optical Module Status page displays the operating conditions reported by the SFP (Small Form-factor Pluggable) transceiver.

The following GE SFP (1000Mbps) transceivers are supported:

  • MGBLH1: 1000BASE-LH SFP transceiver, for single-mode fiber, 1310 nm wavelength, supports up to 40 km.

  • MGBLX1: 1000BASE-LX SFP transceiver, for single-mode fiber, 1310 nm wavelength, supports up to 10 km.

  • MGBSX1:1000BASE-SX SFP transceiver, for multimode fiber, 850 nm wavelength, supports up to 550 m.

  • MGBT1: 1000BASE-T SFP transceiver for category 5 copper wire, supports up to 100 m.

  • GLC-SX-MMD - 1000BASE-SX short wavelength; with DOM

  • GLC-LH-SMD - 1000BASE-LX/LH long-wavelength; with DOM

  • GLC-BX-D - 1000BASE-BX10-D downstream bidirectional single fiber; with DOM

  • GLC-BX-U - 1000BASE-BX10-U upstream bidirectional single fiber; with DOM

  • GLC-TE - 1000BASE-T standard

The following XG SFP+ (10,000Mbps) transceivers are supported:

  • Cisco SFP-10G-SR

  • Cisco SFP-10G-LR

  • Cisco SFP-10G-SR-S

  • Cisco SFP-10G-LR-S

The following XG passive cables (Twinax/DAC) are supported:

  • Cisco SFP-H10G-CU1M

To view the results of optical tests, click Administration > Diagnostics > Optical Module Status.

This page displays the following fields:

  • Port—Port number on which the SFP is connected

  • Temperature—Temperature (Celsius) at which the SFP is operating

  • Voltage—SFPs operating voltage

  • Current—SFPs current consumption

  • Output Power—Transmitted optical power

  • Input Power—Received optical power

  • Loss of Signal—Local SFP reports signal loss. Values are True and False

CPU Utilization

To view the current CPU utilization and/or set the refresh rate:

Procedure

Step 1

Click Administration >Diagnostic > CPU Utilization.

The CPU Input Rate field displays the rate of input frames to the CPU per second. The window contains a graph displaying CPU utilization on the device. The Y axis is percentage of usage, and the X axis is the sample number.

Step 2

Check Enable to enable the CPU Utilization.

Step 3

Select the Refresh Rate (time period in seconds) that passes before the statistics are refreshed. A new sample is created for each time period.

The window containing a graph displaying CPU utilization on the device is displayed.

Tech-Support Information

This page provides a detailed log of the device status. This is valuable when the technical support are trying to help a user with a problem, since it gives the output of many show commands (including debug command) in a single command.

To view technical support information useful for debugging purposes:

Procedure

Step 1

Click Administration> Diagnostics > Tech-Support Information.

Step 2

Click Generate.

Note 

Generation of output from this command may take some time. When the information is generated, the tech-support information file will be download to default download directory of browser automatically.

Discovery Bonjour

As a Bonjour client, the device broadcasts Bonjour Discovery protocol packets to directly connected IP subnets. The device can be discovered by a network management system or other third-party applications. By default, Bonjour is enabled on the Management VLAN.

To configure Bonjour, follow these steps:

Procedure

Step 1

Click Administration > Discovery - Bonjour.

Step 2

Check Enable to enable Bonjour Discovery globally.

Step 3

Click Apply to update the Running Configuration file.

Note 

When Bonjour is enabled, it sends Bonjour Discovery packets to interfaces with IP addresses associated with Bonjour on the Bonjour Discovery Interface Control table.

Discovery LLDP

LLDP is a protocol that enables network managers to troubleshoot and enhance network management in multi-vendor environments. LLDP standardizes methods for network devices to advertise themselves to other systems, and to store discovered information. LLDP enables a device to advertise its identification, configuration, and capabilities to neighboring devices that then store the data in a Management Information Base (MIB).

LDP is a link layer protocol. By default, the device terminates and processes all incoming LLDP packets as required by the protocol. This section describes how to configure LLDP and covers the following topics:

Properties

The Properties page enables entering LLDP general parameters, such as enabling/disabling the feature globally. To enter LLDP properties, proceed as follows:

Procedure

Step 1

Click Administration > Discovery LLDP > Properties.

Step 2

Enter the parameters.

LLDP Status

Select to enable LLDP on the device (enabled by default).

LLDP Frames Handling

If LLDP isn’t enabled, select one of the following options:

  • Filtering—Delete the packet.

  • Bridging— (VLAN-aware flooding) Forwards the packet to all VLAN members.

  • Flooding—Forward the packet to all VLAN members

TLV Advertise Interval

Enter the rate in seconds at which LLDP advertisement updates are sent, or use the default.

Hold Multiplier

Enter the amount of time that LLDP packets are held before the packets are discarded, measured in multiples of the TLV Advertise Interval. For example, if the TLV Advertise Interval is 30 seconds, and the Hold Multiplier is 4, then the LLDP packets are discarded after 120 seconds.

Reinitializing Delay

Enter the time interval in seconds that passes between disabling and reinitializing LLDP, following an LLDP enable/disable cycle.

Transmit Delay

Enter the amount of time in seconds that passes between successive LLDP frame transmissions, due to changes in the LLDP local systems MIB.

Step 3

In the LED-MED Properties Fast Start Repeat Count field, enter the number of times LLDP packets are sent when the LLDP-MED Fast Start mechanism is initialized. This occurs when a new endpoint device links to the device. For a description of LLDP MED, refer to the LLDP MED Network Policy section.

Step 4

Click Apply. The LLDP properties are added to the Running Configuration file.

Port Settings

The LLDP Port Settings page enables LLDP and SNMP notification per port. The LLDP-MED TLVs can be configured in the LLDP MED Port Settings.

To define the LLDP port settings, follow these steps:

Procedure

Step 1

Click Administration > Discovery LLDP > Port Settings.

This page contains the port LLDP information.
Step 2

Select a port and click Edit.
Step 3

Configure the following fields:

Interface

Select the port to edit.

Administrative Status

Select the LLDP publishing option for the port.

  • Tx Only—Publishes but doesn’t discover.

  • Rx Only—Discovers but doesn’t publish.

  • Tx & Rx—Publishes and discovers.

  • Disable—Indicates that LLDP is disabled on the port.

Available/Selected Optional TLVs

Select the options to be published by the device:

  • Port Description—Information about the port.

  • System Name—System's assigned name.

  • System Description—Description of the network entity.

  • System Capabilities—Primary functions of the device, and whether these functions are enabled on the device.

  • 802.3 MAC-PHY—Duplex and bit rate capability and the current duplex and bit rate settings of the sending device.

  • 802.3 Link Aggregation—Whether the link (associated with the port on which the LLDP PDU is transmitted) can be aggregated.

  • 802.3 Maximum Frame Size—Maximum frame size capability of the MAC/PHY implementation

  • Management IP Address
Step 4

Enter the relevant information, and click Apply. The port settings are written to the Running Configuration file.

LLDP MED Network Policy

The LLDP-MED network policy is a related set of configuration settings for a specific real-time application such as voice, or video. A network policy, if configured, can be included in the outgoing LLDP packets to the attached LLDP media endpoint device. The media endpoint device must send its traffic as specified in the network policy it receives. For example, a policy can be created for VoIP traffic that instructs VoIP phone to:

  • Send voice traffic on VLAN 10 as tagged packet and with 802.1p priority 5.

  • Send voice traffic with DSCP 46.

Network policies are associated with ports by using the LLDP MED Port Settings. An administrator can manually configure one or more network policies and the interfaces where the policies are to be sent. It is the administrator's responsibility to manually create the VLANs and their port memberships according to the network policies and their associated interfaces.

To define an LLDP MED network policy, follow these steps:

Procedure

Step 1

Click Administration > Discovery LLDP > LLDP MED Network Policy.

This page contains previously-created network policies.
Step 2

Check Enable next to the LLDP MED Network Policy for Voice Application option to automatically generate and advertise a network policy for voice application based on the voice VLAN maintained by the device.

Step 3

Click Apply to add this setting to the Running Configuration file.

Step 4

To define a new policy, click Add.

Step 5

Enter the values:

  • Network Policy Number—Select the number of the policy to be created.

  • Application—Select the type of application (type of traffic) for which the network policy is being defined.

  • VLAN ID—Enter the VLAN ID to which the traffic must be sent.

  • VLAN Tag—Select whether the traffic is Tagged or Untagged.

  • User Priority—Select the traffic priority applied to traffic defined by this network policy. This is the CoS value.

  • DSCP Value—Select the DSCP value to associate with application data sent by neighbors. This value informs them how they must mark the application traffic they send to the device.

Step 6

Click Apply. The network policy is defined.

Note 

You must manually configure the interfaces to include the desired manually-defined network policies for the outgoing LLDP packets using the LLDP MED Port Settings.

LLDP MED Port Settings

The LLDP MED Port Settings page enables configuration of the LLDP-MED TLVs. Network policies are configured using the LLDP MED Network Policy page.


Note

If LLDP-MED Network Policy for Voice Application is enabled and Auto Voice VLAN is in operation, then the device automatically generates an LLDP-MED Network Policy for Voice Application for all the LLDP ports. LLDP-MED enabled and are members of the voice VLAN.

To configure LLDP MED on each port, proceed as follows:

Procedure

Step 1

Click Administration > Discovery LLDP > LLDP MED Port Settings.

This page displays the following LLDP MED settings for all ports :

  • User-Defined Network Policy—Policies are defined for types of traffic in LLDP MED Network Policy. The following information is displayed for the policy on the port:

    • Active—Is the type of traffic active on the port.

    • Application—Type of traffic for which the policy is defined.

  • Location—Whether Location TLV is transmitted.

  • PoE—Whether PoE-PSE TLV is transmitted.

  • Inventory—Whether Inventory TLV is transmitted.
Step 2

The message at the top of the page indicates whether the generation of the LLDP MED Network Policy for the voice application is automatic or not. Click on the link to change the mode.

Step 3

To associate additional LLDP MED TLV and/or one or more user-defined LLDP MED Network Policies to a port, select it, and click Edit.
Step 4

Enter the parameters:

  • Interface—Select the interface to configure.

  • LLDP MED Status—Enable/disable LLDP MED on this port.

  • Selected Optional TLVs—Select the TLVs that can be published by the device by moving them from the Available Optional TLVs list to the Selected Optional TLVs list.

  • Selected Network Policies—Select the LLDP MED policies to be published by LLDP by moving them from the Available Network Policies list to the Selected Network Policies list. To include one or more user-defined network policies in the advertisement, you must also select Network Policy from the Available Optional TLVs.

    Note 

    The following fields must be entered in hexadecimal characters in the exact data format that is defined in the LLDP-MED standard (ANSI-TIA-1057_final_for_publication.pdf):

    • Location Coordinate—Enter the coordinate location to be published by LLDP.

    • Location Civic Address—Enter the civic address to be published by LLDP.

    • Location ECS ELIN—Enter the Emergency Call Service (ECS) ELIN location to be published by LLDP.
Step 5

Click Apply. The LLDP MED port settings are written to the Running Configuration file.

LLDP Port Status

The LLDP Port Status page contains the LLDP global information for every port.

Procedure

Step 1

To view the LLDP port status, click Administration > Discovery LLDP > LLDP Port Status.

Information for all ports is displayed.
Step 2

Select a specific port and click LLDP Local Information Detail to see the details of the LLDP and LLDP-MED TLVs sent out to the port.

Step 3

Select a specific port and click LLDP Neighbor Information Detail to see the details of the LLDP and LLDP-MED TLVs received from the port.

LLDP Port Status Global Information

  • Chassis ID Subtype—Type of chassis ID (for example, MAC address).

  • Chassis ID—Identifier of chassis. Where the chassis ID subtype is a MAC address, the MAC address of the device appears.

  • System Name—Name of device.

  • System Description—Description of the device (in alpha-numeric format).

  • Supported System Capabilities—Primary functions of the device, such as Bridge, WLAN AP, or Router.

  • Enabled System Capabilities—Primary enabled function(s) of the device.

  • Port ID Subtype—Type of the port identifier that is shown.

LLDP Port Status Table

  • Interface—Port identifier.

  • LLDP Status—LLDP publishing option.

  • LLDP MED Status—Enabled or disabled.

  • Local PoE ((Power Type, Power Source, Power Priority, Power Value)—Local PoE information advertised.

  • Remote PoE (Power Type, Power Source, Power Priority, Power Value)—PoE information advertised by the neighbor.

  • # of neighbors—Number of neighbors discovered.

  • Neighbor capability of 1st device—Displays the primary functions of the neighbor; for example: Bridge or Router.

LLDP Local Information

To view the LLDP local port status advertised on a port, follow these steps:

Procedure

Step 1

Click Administration > Discovery LLDP > LLDP Local Information.

Step 2

Select the interface and port for which the LLDP local information is to be displayed.

The LLDP Local Information page contains the following fields:

Global

  • Chassis ID Subtype—Type of chassis ID. (For example, the MAC address.)

  • Chassis ID—Identifier of chassis. Where the chassis ID subtype is a MAC address, the MAC address of the device appears.

  • System Name—Name of device.

  • System Description—Description of the device (in alpha-numeric format).

  • Supported System Capabilities—Primary functions of the device, such as Bridge, WLAN AP, or Router.

  • Enabled System Capabilities—Primary enabled function(s) of the device.

  • Port ID Subtype—Type of the port identifier that is shown.

  • Port ID—Identifier of port.

  • Port Description—Information about the port, including manufacturer, product name and hardware/software version.

Management Address

  • Address Subtype—Type of management IP address that is listed in the Management Address field, for example, IPv4.

  • Address—Returned address most appropriate for management use, typically a Layer 3 address.

  • Interface Subtype—Numbering method used for defining the interface number.

  • Interface Number—Specific interface associated with this management address.

MAC/PHY Details

  • Auto-Negotiation Supported—Port speed auto-negotiation support status. The possible values are True and False.

  • Auto-Negotiation Enabled—Port speed auto-negotiation active status. The possible values are True and False.

  • Auto-Negotiation Advertised Capabilities—Port speed auto-negotiation capabilities, for example, 1000BASE-T half duplex mode, 100BASE-TX full duplex mode.

  • Operational MAU Type—Medium Attachment Unit (MAU) type. The MAU performs physical layer functions, including digital data conversion from the Ethernet interfaces’ collision detection and bit injection into the network; for example, 100BASE-TX full duplex mode.

802.3 Details

  • 802.3 Maximum Frame Size - The maximum supported IEEE 802.3 frame size.

802.3 Link Aggregation

  • Aggregation Capability—Indicates whether the interface can be aggregated.

  • Aggregation Status—Indicates whether the interface is aggregated.

  • Aggregation Port ID—Advertised aggregated interface ID.

MED Details

  • Capabilities Supported—MED capabilities enabled on the port.

  • Current Capabilities—MED TLVs advertised by the port.

  • Device Class—LLDP-MED endpoint device class. The possible device classes are:

    • Endpoint Class 1—Indicates a generic endpoint class, offering basic LLDP services.

    • Endpoint Class 2—Indicates a media endpoint class, offering media streaming capabilities as well as all Class 1 features.

    • Endpoint Class 3—Indicates a communications device class, offering all Class 1 and Class 2 features plus location, 911, Layer 2 switch support and device information management capabilities.

  • PoE Device Type—Port PoE type, for example, PD/PSE.

  • PoE Power Source—Port’s power source.

  • PoE Power Priority—Port’s power priority.

  • PoE Power Value—Port’s power value.

  • Hardware Revision –Hardware version.

  • Firmware Revision—Firmware version.

  • Software Revision—Software version.

  • Serial Number—Device serial number.

  • Manufacturer Name—Device manufacturer name.

  • Model Name—Device model name.

  • Asset ID—Asset ID.

Location Information

Enter the following data structures in hexadecimal as described in section 10.2.4 of the ANSI-TIA-1057 standard:

  • Civic—Civic or street address.

  • Coordinates—Location map coordinates—latitude, longitude, and altitude.

  • ECS ELIN—Device’s Emergency Call Service (ECS) Emergency Location Identification Number (ELIN).

Network Policy Table

  • Application Type—Network policy application type, for example, Voice.

  • VLAN ID—VLAN ID for which the network policy is defined.

  • VLAN Type—VLAN type, Tagged or Untagged, for which the network policy is defined.

  • User Priority—Network policy user priority.

  • DSCP—Network policy DSCP.

LLDP Neighbor

The LLDP Neighbor Information page contains information that was received from neighboring devices. After timeout (based on the value received from the neighbor Time To Live TLV during which no LLDP PDU was received from a neighbor), the information is deleted.

To view the LLDP neighbors information, follow these steps:

Procedure

Step 1

Click Administration > Discovery LLDP > LLDP Neighbor .

Step 2

Select a local port, and click Go.

The following fields are displayed:

  • Local Port—Number of the local port to which the neighbor is connected.

  • Chassis ID Subtype—Type of chassis ID (for example, MAC address).

  • Chassis ID—Identifier of the 802 LAN neighboring device's chassis.

  • Port ID Subtype—Type of the port identifier that is shown.

  • Port ID—Identifier of port.

  • System Name—Published name of the device.

  • Time to Live—Time interval (in seconds) after which the information for this neighbor is deleted.
Step 3

Select a local port, and click Details.

The LLDP Neighbor Information page contains the following fields:

Port Details

  • Local Port—Port number.

Basic Details

  • Chassis ID Subtype—Type of chassis ID (for example, MAC address).

  • Chassis ID—Identifier of the 802 LAN neighboring device chassis.

  • Port ID Subtype—Type of the port identifier that is shown.

  • Port ID—Identifier of port.

  • System Name—Name of system that is published.

  • System Description—Description of the network entity (in alpha-numeric format). This includes the system name and versions of the hardware, operating system, and networking software supported by the device. The value equals the sysDescr object.

  • Supported System Capabilities—Primary functions of the device. The capabilities are indicated by two octets. Bits 0 through 7 indicate Other, Repeater, Bridge, WLAN AP, Router, Telephone, DOCSIS cable device, and station, respectively. Bits 8 through 15 are reserved.

  • Enabled System Capabilities—Primary enabled function(s) of the device.

Management Address Table

  • Address Subtype—Managed address subtype; for example, MAC or IPv4.

  • Address—Managed address.

  • Interface Subtype—Port subtype.

  • Interface Number—Port number.

MAC/PHY Details

  • Auto-Negotiation Supported—Port speed auto-negotiation support status. The possible values are True and False.

  • Auto-Negotiation Enabled—Port speed auto-negotiation active status. The possible values are True and False.

  • Auto-Negotiation Advertised Capabilities—Port speed auto-negotiation capabilities, for example, 1000BASE-T half duplex mode, 100BASE-TX full duplex mode.

  • Operational MAU Type—Medium Attachment Unit (MAU) type. The MAU performs physical layer functions, including digital data conversion from the Ethernet interfaces’ collision detection and bit injection into the network; for example, 100BASE-TX full duplex mode.

802.3 Details

  • 802.3 Maximum Frame Size—Advertised maximum frame size that is supported on the port.

802.3 Link Aggregation

  • Aggregation Capability—Indicates if the port can be aggregated.

  • Aggregation Status—Indicates if the port is currently aggregated.

  • Aggregation Port ID—Advertised aggregated port ID.

MED Details

  • Capabilities Supported—MED capabilities enabled on the port.

  • Current Capabilities—MED TLVs advertised by the port.

  • Device Class—LLDP-MED endpoint device class. The possible device classes are:

    • Endpoint Class 1—Indicates a generic endpoint class, offering basic LLDP services.

    • Endpoint Class 2—Indicates a media endpoint class, offering media streaming capabilities as well as all Class 1 features.

    • Endpoint Class 3—Indicates a communications device class, offering all Class 1 and Class 2 features plus location, 911, Layer 2 switch support and device information management capabilities.

  • PoE Device Type—Port PoE type, for example, PD/PSE.

  • PoE Power Source—Port’s power source.

  • PoE Power Priority—Port’s power priority.

  • PoE Power Value—Port’s power value.

  • Hardware Revision –Hardware version.

  • Firmware Revision—Firmware version.

  • Software Revision—Software version.

  • Serial Number—Device serial number.

  • Manufacturer Name—Device manufacturer name.

  • Model Name—Device model name.

  • Asset ID—Asset ID.

802.1 VLAN and Protocol

  • PVID—Advertised port VLAN ID.

VLAN ID Table

  • VID—Port and Protocol VLAN ID.

  • VLAN Name—Advertised VLAN names.

Location Information

Enter the following data structures in hexadecimal as described in section 10.2.4 of the ANSI-TIA-1057 standard:

  • Civic—Civic or street address.

  • Coordinates—Location map coordinates—latitude, longitude, and altitude.

  • ECS ELIN—Device’s Emergency Call Service (ECS) Emergency Location Identification Number (ELIN).

Network Policy Table

  • Application Type—Network policy application type, for example, Voice.

  • VLAN ID—VLAN ID for which the network policy is defined.

  • VLAN Type—VLAN type, Tagged or Untagged, for which the network policy is defined.

  • User Priority—Network policy user priority.

  • DSCP—Network policy DSCP.
Step 4

Click Refresh to refresh the data in the LLDP Neighbor table.

LLDP Statistics

The LLDP Statistics page displays LLDP statistical information per port.

To view the LLDP statistics, follow these steps:

Procedure

Step 1

Click Administration > Discovery LLDP > LLDP Statistics.

For each port, the fields are displayed:

  • Interface—Identifier of interface.

  • Tx Frames (Total)—Number of transmitted frames.

  • Rx Frames

    • Total—Number of received frames

    • Discarded—Total number of received frames that discarded

    • Errors—Total number of received frames with errors

  • Rx TLVs

    • Discarded—Total number of received TLVs that discarded

    • Unrecognized—Total number of received TLVs that unrecognized.

  • Neighbor's Information Deletion Count—Number of neighbor age outs on the interface.
Step 2

Click Refresh to view the latest statistics.

LLDP Overloading

LLDP adds information as LLDP and LLDP-MED TLVs into the LLDP packets. LLDP overload occurs when the total amount of information to be included in an LLDP packet exceeds the maximum PDU size supported by an interface.

The LLDP Overloading page displays the number of bytes of LLDP/LLDP-MED information, the number of available bytes, and the overloading status of every interface.

To view LLDP overloading information:

Procedure

Step 1

Click Administration > Discovery LLDP > LLDP Overloading.

In the LLDP Overloading Table, the following information is displayed for each port:

  • Interface—Port identifier.

  • Total Bytes In-Use—Total number of bytes of LLDP information in each packet

  • Available Bytes Left—Total amount of available bytes left for other LLDP information in each packet.

  • Status—Whether TLVs are being transmitted or if they are overloaded.
Step 2

To view the overloading details for a port, select it and click Details.

This page contains the following information for each TLV sent on the port:

  • LLDP Mandatory TLVs

    • Size (Bytes)—Total mandatory TLV byte size

    • Status—If the mandatory TLV group is being transmitted, or if the TLV group was overloaded.

  • LLDP MED Capabilities

    • Size (Bytes)—Total LLDP MED capabilities packets byte size

    • Status—If the LLDP MED capabilities packets sent, or if they overloaded.

  • LLDP MED Location

    • Size (Bytes)—Total LLDP MED location packets byte size

    • Status—If the LLDP MED locations packets sent, or if they overloaded.

  • LLDP MED Network Policy

    • Size (Bytes)—Total LLDP MED network policies packets byte size

    • Status—If the LLDP MED network policies packets sent, or if they overloaded.

  • LLDP MED Extended Power via MDI

    • Size (Bytes)—Total LLDP MED extended power via MDI packets byte size.

    • Status—If the LLDP MED extended power via MDI packets sent, or if they overloaded.

  • 802.3 TLVs

    • Size (Bytes)—Total LLDP MED 802.3 TLVs packets byte size.

    • Status—If the LLDP MED 802.3 TLVs packets sent, or if they overloaded.

  • LLDP Optional TLVs

    • Size (Bytes)—Total LLDP MED optional TLVs packets byte size.

    • Status—If the LLDP MED optional TLVs packets sent, or if they overloaded.

  • LLDP MED Inventory

    • Size (Bytes)—Total LLDP MED inventory TLVs packets byte size.

    • Status—If the LLDP MED inventory packets sent, or if they overloaded.

  • Total

    • Total (Bytes)—Total number of bytes of LLDP information in each packet.

    • Available Bytes Left—Total number of available bytes left to send for additional LLDP information in each packet.

Discovery - CDP

Cisco Discovery Protocol is a Layer 2, media-independent, and network-independent protocol that networking applications use to learn about nearby, directly connected devices. Cisco Discovery Protocol is enabled by default. Each device configured for Cisco Discovery Protocol advertises at least one address at which the device can receive messages and sends periodic advertisements (messages) to the well-known multicast address 01:00:0C:CC:CC:CC. Devices discover each other by listening at that address. They also listen to messages to learn when interfaces on other devices are up or go down.

Advertisements contain time-to-live information, which indicates the length of time a receiving device should hold Cisco Discovery Protocol information before discarding it. Advertisements supported and configured in Cisco software are sent, by default, every 60 seconds on interfaces that support Subnetwork Access Protocol (SNAP) headers. Cisco devices never forward Cisco Discovery Protocol packets. Cisco devices that support Cisco Discovery Protocol store the information received in a table. Information in this table is refreshed every time an advertisement is received, and information about a device is discarded after three advertisements from that device are missed.

This section describes how to configure CDP.

Properties

Similar to LLDP, the Cisco Discovery Protocol (CDP) is a link layer protocol for directly connected neighbors to advertise themselves and their capabilities to each other. Unlike LLDP, CDP is a Cisco proprietary protocol. To configure the CDP properties, complete the following steps:

Procedure

Step 1

Click Administration > Discovery - CDP > Properties.

Step 2

Enter the parameters.

CDP Status

Select to enable CDP on the device.

CDP Frames Handling

If CDP is not enabled, select the action to be taken if a packet that matches the selected criteria is received:

  • Bridging—(VLAN-aware flooding) Forwards the packet based on the VLAN

  • Filtering—Deletes the packet

  • Flooding—(VLAN-unaware flooding) Forwards incoming CDP packets to all the ports excluding the ingress ports

CDP Voice VLAN Advertisement

Select to enable the device to advertise the voice VLAN in CDP on all of the ports that are CDP enabled, and are member of the voice VLAN.

CDP Mandatory TLVs Validation

If selected, incoming CDP packets not containing the mandatory TLVs are discarded and the invalid error counter is incremented.

CDP Version

Select the version of CDP to use.

CDP Hold Time

Amount of time that CDP packets are held before the packets are discarded, measured in multiples of the TLV Advertise Interval. For example, if the TLV Advertise Interval is 30 seconds, and the Hold Multiplier is 4, then the CDP packets are discarded after 120 seconds. The following options are possible:

  • Use Default—Use the default time (180 seconds)

  • User Defined—Enter the time in seconds.

CDP Transmission Rate

The rate in seconds at which CDP advertisement updates are sent. The following options are possible:

  • Use Default—Use the default rate (60 seconds)

  • User Defined—Enter the rate in seconds.

Device ID Format

Select the format of the device ID (MAC address or serial number, hostname).

Source Interface

IP address to be used in the TLV of the frames. The following options are possible:

  • Use Default—Use the IP address of the outgoing interface.

  • User Defined—Use the IP address of the interface (in the Interface field) in the address TLV.

Interface

IF User Defined was selected for Source Interface, select the interface.

Syslog Voice VLAN Mismatch

Check to send a SYSLOG message when a voice VLAN mismatch is detected. This means that the voice VLAN information in the incoming frame does not match what the local device is advertising.

Syslog Native VLAN Mismatch

Check to send a SYSLOG message when a native VLAN mismatch is detected. This means that the native VLAN information in the incoming frame does not match what the local device is advertising.

Syslog Duplex Mismatch

Check to send a SYSLOG message when duplex information is mismatched. This means that the duplex information in the incoming frame does not match what the local device is advertising.

Step 3

Click Apply. The CDP properties are defined.

CDP Interface Settings

The Interface Settings page enables you to enable/disable CDP per port. By setting these properties, it’s possible to select the types of information to be provided to devices that support the protocol.

To define the CDP interface settings:

Procedure

Step 1

Click Administration > Discovery - CDP > Interface Settings.

This page displays the following CDP information for each interface.

  • Entry No.—Port identifier.

  • CDP Status—CDP publishing option for the port.

  • Reporting Conflicts with CDP Neighbors—Status of the reporting options that are enabled/disabled in the Edit page (Voice VLAN/Native VLAN/Duplex).

  • No. of Neighbors—Number of neighbors detected.

    The bottom of the page has four buttons:

  • Copy Settings—Select to copy a configuration from one port to another.

  • Edit—Fields explained in Step 2 below.

  • CDP Local Information Details—Takes you to the CDP Local Information .

  • CDP Neighbor Information Details—Takes you to the CDP Neighbors Information.

Step 2

Select a port and click Edit.

This page provides the following fields:

  • Interface—Select the interface to be defined.

  • CDP Status—Select to enable/disable the CDP publishing option for the port.

    Note 

    The next three fields are operational when the device has been set up to send traps to the management station.

  • Syslog Voice VLAN Mismatch—Select to enable sending a SYSLOG message when a voice VLAN mismatch is detected. This means that the voice VLAN information in the incoming frame doesn’t match what the local device is advertising.

  • Syslog Native VLAN Mismatch—Select to enable sending a SYSLOG message when a native VLAN mismatch is detected. This means that the native VLAN information in the incoming frame doesn’t match what the local device is advertising.

  • Syslog Duplex Mismatch—Select to enable sending a SYSLOG message when duplex information mismatch is detected. This means that the duplex information in the incoming frame doesn’t match what the local device is advertising.

Step 3

Enter the relevant information, and click Apply. The port settings are written to the Running Configuration.

CDP Local Information

To view information that is advertised by the CDP protocol about the local device:

Procedure

Click Administration > Discovery - CDP > CDP Local Information. The following fields are displayed:

Interface

Number of the local port.

CDP State

Displays whether CDP is enabled or not.

Device ID TLV

  • Device ID Type—Type of the device ID advertised in the device ID TLV

  • Device ID—Device ID advertised in the device ID TLV

System Name TLV

System Name—System name of the device.

Address TLV

Address—IP addresses (advertised in the device address TLV).

Port TLV

Port ID—Identifier of port advertised in the port TLV.

Port ID

Identifier of port advertised in the port TLV.

Capabilities TLV

Capabilities—Capabilities advertised in the port TLV).

Version TLV

Version—Information about the software release on which the device is running.

Platform TLV

Platform—Identifier of platform advertised in the platform TLV.

Native VLAN TLV

Native VLAN—The native VLAN identifier advertised in the native VLAN TLV.

Full/Half Duplex TLV

Duplex—Whether port is half or full-duplex advertised in the full/half duplex TLV.

Appliance TLV

  • Appliance ID—Type of device attached to port advertised in the appliance TLV

  • Appliance VLAN ID—VLAN on the device used by the appliance, for instance if the appliance is an IP phone, this is the voice VLAN.

Extended Trust TLV

Extended Trust—Enabled indicates that the port is trusted, and the packets received are marked. In this case, packets received on such a port aren’t re-marked. Disabled indicates that the port isn’t trusted in which case, the following field is relevant.

CoS for Untrusted Ports TLV

CoS for Untrusted Ports—If Extended Trust is disabled on the port, this field displays the Layer 2 CoS value, meaning, an 802.1D/802.1p priority value. This is the COS value with which all packets received on an untrusted port are remarked by the device.

Power Available TLV (Only applicable for PoE models)

  • Request ID—Last power request ID received echoes the Request-ID field last received in a Power Requested TLV. It’s 0 if no Power Requested TLV was received since the interface last transitioned to Up.

  • Power Management ID—Value incremented by 1 (or 2, to avoid 0) each time any one of the following events occurs:

    Available Power or Management Power Level change

    A Power Requested TLV is received with a Request-ID that is different from the last-received set.

    The interface transitions to Down.

  • Available Power—Amount of power consumed by port

  • Management Power Level—Displays the supplier's request to the pod device.

CDP Neighbors Information

The CDP Neighbors Information page displays CDP information received from neighboring devices.

Information is deleted, after timeout (based on the value received from Time To Live TLV during which no CDP PDU was received).

To view the CDP neighbors information, proceed as follows:

Procedure

Step 1

Click Administration > Discovery - CDP > CDP Neighbor Information.

Step 2

To select a filter, check the Filter checkbox, select a Local interface, and click Go.

The filter is applied on the list, and Clear Filter is activated to enable stopping the filter.

The CDP Neighbor Information page contains the following fields for the link partner (neighbor):

Device ID

Neighbors device ID.

Local Interface

Number of the local port to which the neighbor is connected.

Advertisement Version

CDP protocol version.

Time to Live

Time interval (in seconds) after which the information for this neighbor is deleted.

Capabilities

Capabilities advertised by neighbor.

Platform

Information from Platform TLV of neighbor.

Neighbor Interface

Outgoing interface of the neighbor.
Step 3

Select a device, and click Details.

This page contains the following fields about the neighbor (actual field display depends on what the neighbor is advertising):

Device ID

Neighbors device ID.

Local Interface

Number of the local port to which the neighbor is connected.

Advertisement Version

CDP protocol version.

Time to Live (sec)

Time interval (in seconds) after which the information for this neighbor is deleted.

Capabilities

Capabilities advertised by neighbor.

Platform

Information from Platform TLV of neighbor.

Neighbor Interface

Outgoing interface of the neighbor.

Native VLAN

Neighbors native VLAN.

Duplex

Whether neighbors interface is half or full-duplex.

Addresses

Neighbors addresses.

Power Drawn

Amount of power consumed by neighbor on the interface.

Version

Neighbors software version.

Note

Disconnects on the Clear Table button all connected devices if from CDP.

CDP Statistics

The CDP Statistics page displays information regarding CDP frames that sent or received from a port. CDP packets are received from devices attached to the switches interfaces, and are used for the Smartport feature.

To view CDP statistics, follow these steps:

Procedure

Step 1

Click Administration > Discovery - CDP > CDP Statistics.

The following fields are displayed for every interface:

Packets Received/Packets Transmitted:

  • Version 1—Number of CDP version 1 packets received/transmitted.

  • Version 2—Number of CDP version 2 packets received/transmitted.

  • Total—Total number of CDP packets received/transmitted.

    CDP Error Statistics:

  • Illegal Checksum—Number of packets received with illegal checksum value.

  • Other Errors—Number of packets received with errors other than illegal checksums.

  • Neighbors Over Maximum—Number of times that packet information couldn’t be stored in cache because of lack of room.
Step 2

To clear all counters on all interfaces, click Clear All Interface Counters. To clear all counters on an interface, select it and click Clear Interface Counters.

Locate Device

This feature enables flashing all network port LEDs on a specific device in the network to locate the device physically. This feature is useful for locating a device within a room with many interconnected devices. When this feature is activated, all network port LEDs on the device flash for a configured duration (one minute by default).

Procedure

Step 1

Click Administration > Locate Device.

Step 2

Enter values in the following fields:

  • Duration—Enter for how long (in seconds) the port’s LEDs flash.

  • Remaining Time—This field is only displayed if the feature is currently activated. It displays the remaining time during which the LED flashes.

Step 3

Click Start to activate the feature.

When the feature is activated the Start button is replaced by the Stop button, which allows you to stop the LED blinking before the defined timer expires.

Ping

The Ping utility tests if a remote host can be reached and measures the round-trip time for packets sent.

Ping operates by sending Internet Control Message Protocol (ICMP) echo request packets to the target host and waiting for an ICMP response, sometimes called a pong. It measures the round-trip time and records any packet loss.

To ping a host, follow these steps:

Procedure

Step 1

Click Administration > Ping.

Step 2

Configure ping by entering the fields:

Option Description

Host Definition

Select whether to specify the source interface by its IP address or name. This field influences the interfaces that are displayed in the Source IP field, as described below.

IP Version

If the source interface is identified by its IP address, select either IPv4 or IPv6 to indicate that it will be entered in the selected format.

Host IP Address/Name

Enter the IP address or hostname of the host to be pinged.

Number of Pings

The number of times the ping operation is performed. Select to use the default or specify your own value.
Step 3

Click Activate Ping to ping the host. The ping status appears and a message is added to the list of messages, indicating the result of the ping operation.

Step 4

View the results of ping in the Ping Counters and Status section of the page:

  • Number of Sent Packets—Number of packets sent by ping

  • Number of Received Packets—Number of packets received by ping

  • Packet Loss—Percentage of packets lost in ping process

  • Minimum Round Trip Time—Shortest time for packet to return

  • Maximum Round Trip Time—Longest time for packet to return

  • Average Round Trip Time—Average time for packet to return

  • Status—Fail, Ping aborted, Ping in progress by another process, or succeed.

Traceroute

Traceroute discovers the IP routes forwarded by sending an IP packet to the target host and back to the device. The Traceroute page shows each hop between the device and a target host, and the round-trip time to each such hop.

Procedure

Step 1

Click Administration > Traceroute.

Step 2

Configure Traceroute by entering information in the following fields:

  • Host Definition—Select whether hosts are identified by their IP address or name.

  • Host IP Address/Name—Enter the host address or name.

  • TTL—Enter the maximum number of hops that Traceroute permits. This is used to prevent a case where the sent frame gets into an endless loop. The Traceroute command terminates when the destination is reached or when this value is reached. To use the default value (30), select Use Default.

Step 3

Click Activate Traceroute. The operation is performed.

Note 

A pop-up will appear indicating if you would like to stop the traceroute. Click Stop Traceroute to stop the process.