User Guide for the Catalyst Express 500 Switches, 12.2(25)FY
Customization
Downloads: This chapterpdf (PDF - 552.0KB) The complete bookPDF (PDF - 2.09MB) | Feedback

Customization

Table Of Contents

Customization

Optimize Ports through Smartports Port Roles

What Are Smartports Port Roles

Recommended Smartports Assignments

Avoid Smartports Mismatches

Apply Roles to Ports

Customize Port Role Attributes

Change VLAN Memberships

Change the Server Priorities

Update Basic Port Settings

Control Access to the Switch

Isolate Traffic and Users through VLANs

What Is a VLAN

VLAN Types

Cisco-Guest and Cisco-Voice VLANs

Create, Modify, and Delete VLANs

Advanced VLAN Configuration

Increase Connection Bandwidth through EtherChannels

What Is an EtherChannel

Create, Modify, and Delete an EtherChannel

Update the Switch IP Information

Update Basic Administrative Settings

Enable the Switch for Remote Management

What Is SNMP

Configuring SNMP

Supported MIBs

When You Are Done


Customization


Read this chapter to understand the concepts and tasks necessary to customize the switch features to better suit your network needs. The tasks in this chapter are independent, unless otherwise noted, and are listed in no particular order.

Before You Begin

Before you can customize the switch settings, the switch must first have an IP address. If it does not have one, make sure that you have followed the steps to set up the switch in the Getting Started Guide for the Catalyst Express 500 Switches.

Chapter Topics

Optimize Ports through Smartports Port Roles

Customize Port Role Attributes

Update Basic Port Settings

Control Access to the Switch

Isolate Traffic and Users through VLANs

Increase Connection Bandwidth through EtherChannels

Update the Switch IP Information

Update Basic Administrative Settings

Enable the Switch for Remote Management

When You Are Done

Optimize Ports through Smartports Port Roles

These are the concepts and procedures for using Smartports port roles:

What Are Smartports Port Roles

Recommended Smartports Assignments

Avoid Smartports Mismatches

Apply Roles to Ports

What Are Smartports Port Roles


Tip Use Smartports port roles immediately after switch initial setup. The switch ports are then correctly configured before they are connected to devices.


The Smartports port roles are Cisco-recommended configurations for the switch ports. These configurations (referred to as port roles) optimize the switch connections and ensure security and transmission quality and reliability to traffic from the switch ports. They also prevent many problems caused by port misconfigurations.

The port roles (Table 3-1) are based on the type of devices to be connected to the switch ports. For example, the Desktop port role is specifically for switch ports that will be connected to desktop and laptop PCs.

Figure 3-1 shows different types of devices connected to the Catalyst Express switches. Through Smartports port roles, each connection from the switches is optimized for its attached device.

Figure 3-2 is an example of the Smartports window on the device manager. It shows port roles applied to the ports. Only port 22 does not have a port role applied to it.

Table 3-1 Smartports Port Roles 

Port Role
Description

Apply this role to ports that will be connected to desktop devices, such as desktop PCs, workstations, notebook PCs, and other client-based hosts.

Note Do not apply this role to ports that will be connected to switches, routers, or access points.

Apply this role to ports that will be connected to IP phones.

A desktop device, such as a PC, can be connected to the IP phone. Both the IP phone and connected PC would have access to the network and the Internet through the switch port.

This role prioritizes voice traffic over data traffic to ensure clear voice reception on the IP phones.

Apply this role to ports that will be connected to other switches.

Apply this role to ports that will be connected to WAN devices that connect to the Internet, such as routers and Layer 3 switches with routing service capabilities, firewalls, or virtual private network concentrators.

Apply this role to ports that will be connected to non-PoE and PoE-capable wireless access points. The access point can provide network access to up to 30 mobile (wireless) users.

Apply this role to ports that will be connected to servers that provide network services, such as exchange servers, collaborative servers, terminal servers, file servers, Dynamic Host Configuration Protocol (DHCP) servers, IP PBX server, and so on.

This role is for Gigabit or non-Gigabit ports, depending on the server type to be connected.

This role prioritizes server traffic as trusted, critical, business, or standard, depending on the function of the server.

Apply this role to ports that will be connected to a printer, such as a network printer.

This role prevents printer traffic from affecting voice and critical data traffic.

Apply this role to ports that will be connected to desktop devices and to access points to provide guest wireless access.

This role provides guests and visitors temporary access to the Internet but prevents them from accessing your internal network.

Apply this role to ports if you do not want to apply a specialized Smartports role on the port. This role can be used on connections to guest or visitor devices, printers, desktops, servers, and IP phones.

Note Do not apply this role to ports that will be connected to sniffer or intrusion detection system devices.


Figure 3-1 Smartports Port Roles in a Catalyst Express Network

Figure 3-2 Smartports Window

Recommended Smartports Assignments

The recommended port role assignments (Table 3-2) depend on the switch model and the port type. These assignments reflect the type of device connections intended for the switch model. If you decide to use most of the switch ports with their intended port roles, accept the recommended port roles, and change only the ports that need a different port role.

Immediately after initial setup, you can choose to have the recommended port roles applied to the ports. If you decline, the Other port role is applied to all ports.

Table 3-2 Recommended Smartports Assignments

Switch Model
Port Type and Number
Recommended Port Role

WS-CE500-24TT

Fast Ethernet ports 1 to 24

Desktop

Gigabit Ethernet or SFP module ports 1 and 2

Switch

WS-CE500-24LC

Fast Ethernet ports 1 to 4

Access Point

Fast Ethernet ports 5 to 24

Desktop

Gigabit Ethernet or SFP module ports 1 and 2

Switch

WS-CE500-24PC

Fast Ethernet ports 1 to 24

IP Phone+Desktop

Gigabit Ethernet or SFP module ports 1 and 2

Switch

WS-CE500G-12TC

Gigabit Ethernet ports 1 to 8

Server

Gigabit Ethernet or SFP module ports 9 to 12

Switch


Avoid Smartports Mismatches

A Smartports mismatch is when an attached device does not match the Smartports role applied to the switch port. Mismatches can have adverse effects on devices and your network. For example, mismatches

Affect the behavior of the attached device

Lower network performance (reduce the level of QoS) on voice, wireless, switch, and router traffic

Reduce restrictions on guest access to the network

Reduce protection from denial of service (DoS) attacks on the network

Disable or shut down the port

We recommend always checking which Smartports role is applied to a port before attaching a device to the port or reconnecting devices that have been moved.

Apply Roles to Ports

Prerequisite

Before using Smartports, decide which switch port will be connected to which device type.



NoteWe recommend that you do not change specific port settings after enabling a Smartports role on a port. Any port setting changes can alter the effectiveness of the Smartports role.

Do not apply the Desktop port role on ports that are connected to routers or to other switches.


Use the Smartports window (Figure 3-2) to apply port roles to the switch ports. To display this window, choose Configure > Smartports from the device manager menu. You also can click Smartports from the device manager tool bar. See the device manager online help for additional guidelines and procedures.

Customize Port Role Attributes

These are the concepts and procedures for refining (customizing) port roles:

Change VLAN Memberships

Change the Server Priorities

Change VLAN Memberships

Prerequisite

Before changing VLAN memberships, you should understand what a VLAN is, its purpose, and how to create a VLAN. You should also understand the use of two special VLANs supported on the switch: Cisco-Guest and Cisco-Voice. For this information, see the "What Is a VLAN" section and the "VLAN Types" section.


Each switch port is a member of a VLAN. Devices attached to switch ports that belong to the same VLAN share the same data broadcasts and system resources. Communication between VLANs requires a Layer 3 device (such as a router or a Layer 3 switch).

Depending on your network requirements, it might be sufficient to assign all ports to the default VLAN, which is named default. A small network might only need one VLAN.

If the switch has only the default VLAN, ports applied with the Guest or IP Phone+Desktop port role can also belong to the default VLAN. However, if additional VLANs have been created:

Ports applied with the Guest port role must belong to the Cisco-Guest VLAN.

Ports applied with the IP Phone+Desktop port role must belong to the Cisco-Voice VLAN. These ports must be assigned to the Cisco-Voice VLAN for voice traffic. At the same time, these ports can also belong to an access VLAN for regular data traffic.

For more information about these special VLANs, see the "Cisco-Guest and Cisco-Voice VLANs" section. For information about creating VLANs, see the "Create, Modify, and Delete VLANs" section.

Use the Smartports Customize window (Figure 3-3) to assign ports to VLANs. To display this window, choose Configure > Smartports from the device manager menu, and then click the Customize button on the Smartports window. See the device manager online help for additional guidelines and procedures.

Figure 3-3 Smartports Customize Window

Change the Server Priorities

For ports applied with the Server port role, you can classify the priority of servers based on the server traffic. Use the Smartports Customize window (Figure 3-3) to change server priorities.

These are server priorities, from least to highest priority:

Standard

This server type is treated with the lowest priority compared to other server types. An example of a standard server is a web server or print server.

Business

This server type receives higher priority than a standard server but less priority than a critical or trusted server. An example of a business server is a server where business records are kept.

This is the default server type.

Critical

This server type typically provides the organization with more critical traffic than a business server and therefore has higher priority than business-type servers. An example of a critical server is a server for business transactions.

Trusted

This server type is for use with a voice-over-IP server. All traffic from this server type receives voice-quality priority as well as the same priority given to critical-type servers. An example of a trusted server is Cisco CallManager.


Update Basic Port Settings

The basic port settings determine how data is received and sent between the switch and the attached device. You can change these settings to fit your network needs and to troubleshoot network problems. The settings on a switch port should be compatible with the port settings of the connected device.

Use the Port Settings window (Figure 3-4) to change basic port settings. To display this window, choose Configure > Port Settings from the device manager menu. See the device manager online help for additional guidelines and procedures.

Figure 3-4 Port Settings Window

These are the basic settings for the switch ports:

Description

The description of the switch port. The limit is 18 characters.

We recommend providing a port description to help identify the port during monitoring and troubleshooting. The description can be the location of the connected device or the name of the person using the connected device.

Enable

The state of the switch port. The default is Enable.

Disable the port to administratively (manually) shut it down.

Speed

The operating speed of the switch port. Choose the speed or choose Auto (autonegotiation) if the connected device can negotiate the link speed with the switch port. The default is Auto.

We recommend using the default so that the speed setting on the switch port automatically matches the setting on the connected device. Change the switch port speed if the connected device requires a specific speed.

Duplex

The duplex mode of the switch port. Choose the duplex mode:

Auto (autonegotiation) if the connected device can negotiate with the switch

Full (full duplex) if both devices can send data at the same time

Half (half duplex) if one or both devices cannot send data at the same time

The default is Auto.

Note On Gigabit Ethernet ports only, you cannot set the port to half duplex if the port speed is set to Auto.

We recommend using the default so that the duplex setting on the switch port automatically matches the setting on the connected device. Change the duplex mode on the switch port if the connected device requires a specific mode.

Auto-MDIX

Whether the automatic medium-dependent interface crossover (auto-MDIX) feature will automatically detect the required cable connection type (straight-through or crossover) and configure the connection appropriately. The default is Enable.

This setting is not available on the SFP module ports.

Note To reenable auto-MDIX, first set the duplex mode and speed to Auto.

PoE

Whether PoE will be supplied to a connected device. Choose either:

Auto (automatically) to automatically provide power when an IEEE 802.af-compliant or Cisco pre-standard device is connected.

Never from the drop-down list.

The default is Auto.

Note This setting is available only on PoE ports.


Control Access to the Switch

Username-and-password pairs prevent unauthorized access by those who could guess the password. We recommend that the switch has at least one username-and-password pair to secure access to the device manager.

During initial setup, you can enter one username-and-password pair. You must enter both a username and password.

After initial setup, you can add, modify, and delete username-and-password pairs from the Users and Passwords window (Figure 3-5).

Many users can have the same password. However, a username can only have one password.

You can modify passwords but not usernames. If you no longer want a specific username, you must first delete it, and then add the new username. Deleting a password also deletes the username.

To display the Users and Passwords window, choose Configure > Users and Passwords from the device manager menu. See the device manager online help for additional guidelines and procedures.

Figure 3-5 Users and Passwords Window

Isolate Traffic and Users through VLANs

These are the concepts and procedures for configuring VLANs:

What Is a VLAN

VLAN Types

Cisco-Guest and Cisco-Voice VLANs

Create, Modify, and Delete VLANs

Advanced VLAN Configuration

What Is a VLAN

A virtual local area network (VLAN) is a logical segment of network users and resources grouped by function, team, or application. This segmentation is without regard to the physical location of the users and resources. For example, VLANs can be based on the departments in your company or by sets of users who communicate mostly with each other.

Using VLANs, you can isolate different types of traffic (such as voice and data) to preserve the quality of the transmission and to minimize excess traffic among the logical segments. You can also use VLANs to isolate different types of users. For example, you can restrict specific data broadcasts to specific logical workgroups for security purposes, such as keeping information about employee salaries only to devices in a VLAN created for payroll-related communications.

An added benefit to using VLANs is that it reduces the amount of administrative effort required to constantly examine requests to network resources.

Note that a key concept about VLANs is that they isolate parts of your network. Therefore, devices that are attached to the switch ports in the same VLAN (network users in the same VLAN) can communicate only with each other and can share the same data.

Devices attached to switch ports in different VLANs cannot communicate with each other through the switch. Inter-VLAN communication requires a router or Layer 3 switch. The router or Layer 3 switch must be configured to allow routing across VLANs (inter-VLAN routing), and additional security policies must be set.

If your network is also using a DHCP server, ensure that the server is accessible to devices in all VLANs.

Figure 3-6 is an example network using VLANs based on different network traffic and network users. Organizing a network around these factors helps define the size and membership of the VLANs in the network.

Figure 3-6 VLANs in a Catalyst Express Network

Using VLANs to Isolate Different Traffic Types

Isolating data traffic from delay-sensitive traffic, such as voice traffic, ensures the quality of the voice transmission. In Figure 3-6, switch ports connected to the IP phones belong to the Cisco-Voice VLAN, a special VLAN supported on the switches. This VLAN automatically provides Voice over IP (VoIP) services on these connections, meaning priority is given to voice traffic over regular IP data traffic. Voice traffic from the phone and IP phone service requests to an IP PBX server have priority over traffic from the desktop devices attached to the IP phones.

To further isolate data traffic from voice traffic, data traffic from the attached desktop devices can be assigned to a separate VLAN.

Using VLANs to Group Users

The network in Figure 3-6 provides access to three types of network users: wired employees, wireless (or mobile) employees, and wired and wireless company visitors. Each user type requires different access levels to the company network.

VLANs and security policies on a router or Layer 3 switch can enforce privileges and restrictions to different user types. In Figure 3-6:

VLAN 5 offers employee-level access to the company resources. This kind of network access requires a direct connection to the specific switch ports.

Cisco-Guest VLAN offers Internet-only access to company visitors. Visitors with wired or wireless connections to switch ports are assigned to this VLAN, which automatically restricts guest access to only the Internet.

VLAN 9, which has one or more switch ports connected to the access point, enforces security policies to identify the wireless user (for example, as employee or a guest) and to determine what the user can do on the network (for example, access only the Internet or access other network resources).

VLAN Types

The switch ships with a default VLAN to which each switch port initially belongs. The switch supports a maximum of 32 VLANs, including the default VLAN.

Every VLAN is identified by its name and ID number. The default VLAN is named default. During initial setup, you can assign the default VLAN ID. The ID can be from 1 to 1001 where 1 is the default ID. After initial setup, you cannot change the name or ID of the default VLAN.

You can assign switch ports to either the default VLAN or to VLANs that you have created. Using only the default VLAN might be sufficient based on the size and requirements of your network. We recommend that you first determine your VLAN needs before creating VLANs.

The default VLAN is, by default, the management VLAN. After initial setup, you can designate any VLAN on the switch as the management VLAN. The purpose of the management VLAN is to ensure unlimited administrative access to all users, devices, and traffic on the network. Because all network traffic flows through the switch, you should assign one of the switch ports to the management VLAN.

Depending on the type of device that is connected to the switch port:

A switch port applied with one of these port roles—Desktop, IP Phone+Desktop, Printer, Server, Guest, and Other—can belong only to an access VLAN. The access VLAN provides the attached device with the specific access designed for that VLAN (for example, access only to personnel records).

A switch port applied with one of these port roles—Switch, Router, and Access Point—can send and receive traffic for all VLANs configured on the switch, one of which can be identified as a native vlan. On this port, any traffic that is received or sent without the VLAN explicitly identified is assumed to belong to the native VLAN.

Both the switch port and the attached device port must be in the same native VLAN.

A complete discussion about using VLANs is provided in Cisco LAN Switching Fundamentals published by Cisco Press.

Cisco-Guest and Cisco-Voice VLANs

It is important to note that you can assign all ports, regardless of their Smartports role, to the default VLAN (default). If your network requires segregating either or both voice and guest traffic and if you create additional VLANs, you must also create these VLANs:

Cisco-Guest—The VLAN to which all ports that are applied with the Guest port role must be assigned. This VLAN ensures that all guest and visitor traffic is segregated from the rest of your network traffic and resources.

Cisco-Voice—The VLAN to which all ports that are applied with the IP Phone+Desktop port role must be assigned. This VLAN ensures that all voice traffic has better quality of service and is not mixed with data traffic.


Note The VLAN names, Cisco-Guest and Cisco-Voice, are case sensitive.

Only ports with the Guest port role can be assigned to the Cisco-Guest VLAN. Only ports with the IP Phone+Desktop port role can be assigned to the Cisco-Voice VLAN.


Create, Modify, and Delete VLANs

Prerequisites

Using only the default VLAN might be sufficient based on the size and requirements of your network. We recommend that you first determine your VLAN needs before creating VLANs. If you decide to create additional VLANs, you must also create VLANs specifically for guest and voice traffic. The names for these VLANs, Cisco-Guest and Cisco-Voice, are case sensitive. For more information, see the "Cisco-Guest and Cisco-Voice VLANs" section.


To create a VLAN, you must give the VLAN a name and a unique ID number. You can create up to 32 VLANs.

You can modify the name of a VLAN but not its number. You cannot modify or delete the default VLAN.

After creating VLANs, you can then assign the appropriate ports to those VLANs. Before assigning ports to VLANs, make sure that each port is applied with the appropriate port role. For more information, see the "Optimize Ports through Smartports Port Roles" section and the "Change VLAN Memberships" section.

Use the VLANs window (Figure 3-7) to create, modify, and delete VLANs. To display this window, choose Configure > VLANs from the device manager menu. See the device manager online help for additional guidelines and procedures.

Figure 3-7 VLANs Window

Advanced VLAN Configuration

The advanced VLAN options are the Spanning Tree Protocol (STP) and Internet Group Management Protocol (IGMP) snooping features on the switch ports. These options are enabled by default.

We recommend that you leave these options enabled for the benefits that they provide:

STP prevents network loops by enabling only one active path for traffic to use. STP also provides a redundant path if the active path becomes unavailable.

IGMP snooping reduces duplicate and excess traffic on the network by forwarding IP multicast traffic to specific switch ports rather than by flooding all ports. With IGMP snooping, only ports that are members of specific IP multicast groups receive multicast messages. The result is a more efficient use of bandwidth.


Note Disabling STP can affect connectivity to the network. Disabling IGMP snooping can adversely affect the network performance.


Use the VLANs Advanced window (Figure 3-8) to change the STP and IGMP snooping settings. To display this window, choose Configure > VLANs from the device manager menu, and then click the Advanced button on the VLANs window. See the device manager online help for additional guidelines and procedures.

Figure 3-8 VLANs Advanced Window

Increase Connection Bandwidth through EtherChannels

These are the concepts and procedures for configuring EtherChannels:

What Is an EtherChannel

Create, Modify, and Delete an EtherChannel

What Is an EtherChannel

An EtherChannel (or port group) is a group of two or more Fast Ethernet or Gigabit Ethernet switch ports bundled into a single logical link, creating a higher bandwidth link between two switches. The switch supports up to six EtherChannels.

Figure 3-9 shows two EtherChannels. Two full-duplex 10/100/1000-Mbps ports on Switches A and C create an EtherChannel with a bandwidth of up to 4 Gbps between both switches. Similarly, two full-duplex 10/100 ports on Switches B and D create an EtherChannel with a bandwidth of up to 400 Mbps between both switches.

If one of the ports in the EtherChannel becomes unavailable, traffic is carried over to the remaining ports within the EtherChannel. Note how redundancy is accomplished without EtherChannels in Figure 1-1 and Figure 3-6.

Figure 3-9 EtherChannels between Catalyst Express Switches

Create, Modify, and Delete an EtherChannel

Prerequisite

All ports in an EtherChannel must have the same characteristics:

All are either 10/100 ports or all 10/100/1000 ports. You cannot group a mix of 10/100 and 10/100/1000 ports in an EtherChannel.

All have the same speed and duplex mode settings. A mismatch in speed or duplex disables the EtherChannel.

All are enabled. A disabled port in an EtherChannel is treated as a link failure, and its traffic is transferred to one of the remaining ports in the EtherChannel.

All are applied with the Smartports Switch port role and belong to the same VLAN. For information about port roles and VLAN memberships, see the "Optimize Ports through Smartports Port Roles" section and the "Change VLAN Memberships" section.


You can create up to six EtherChannels, and you can configure each EtherChannel in either:

IEEE 802.3ad (LACP) mode—This allows the switch to create one end of the EtherChannel if the other switch requests it.

Static mode—This mode requires you to check that both ends of the EtherChannel have the same configuration and then to manually create the EtherChannel.

Use the EtherChannels window (Figure 3-10) to create, modify, and delete EtherChannels. To display this window, choose Configure > EtherChannels from the device manager menu. See the device manager online help for additional guidelines and procedures.

Figure 3-10 EtherChannels Window

Update the Switch IP Information

The Express Setup network settings enable the switch to operate with its standard default settings and to be managed through the device manager. Existing settings were set during initial setup. You would need to change these settings if you want to move the switch to a different management VLAN or to a different network.

Use the Express Setup window (Figure 3-11) to update the switch IP information. To display this window, choose Configure > Express Setup from the device manager menu. See the device manager online help for additional guidelines and procedures.

Figure 3-11 Express Setup Window (after initial setup)

These are the switch network settings:

Management Interface (VLAN ID)

The name and ID of the management VLAN through which the switch will be managed. Select an existing VLAN to be the management VLAN.

The default name for the management VLAN is default. The management VLAN ID was set during initial set up.

Note Make sure that the switch and your network management station are in the same VLAN. Otherwise, you cannot manage the switch from your management station. If they are in different VLANs, a router or Layer 3 switch is needed to communicate between VLANs.

The management VLAN is the broadcast domain where management traffic is sent between specific users or devices. It provides broadcast control and security for management traffic that should be limited to a specific group of users (such as the administrators of your network). It also ensures secure, administrative access to all devices in the network at all times.

For more information about management VLANs and about VLANs in general, see the "VLAN Types" section.

IP Assignment Mode

The IP assignment mode determines if the switch IP information will be manually assigned (static) or be automatically assigned by a Dynamic Host Configuration Protocol (DHCP) server. The default is Static.

We recommend that you select Static and manually assign the IP address for the switch. You can then use the same IP address whenever you want to access the device manager.

If you select DHCP, the DHCP server automatically assigns an IP address, subnet mask, and default gateway to the switch. As long as the switch is not restarted, the switch continues to use the same information, and you can use the same IP address to access the device manager.

Note If you manually assign the switch IP address and your network uses a DHCP server, make sure that the IP address that you give to the switch is not within the range of addresses that the DHCP server will automatically assign to other devices. This prevents IP address conflicts between the switch and another device.

IP Address

The IP address is a unique identifier for the switch in a network. The format is four numbers separated by periods. Each number can be from 0 to 255.

This field is enabled only if the IP assignment mode is Static.

Note Make sure that the IP address that you assign to the switch is not being used by another device in your network.

The IP address and the default gateway cannot be the same.

You cannot assign the switch with an IP address in the 10.0.0.0 network.

Subnet Mask List

The subnet mask is the network address that identifies the subnetwork (subnet) to which the switch belongs. Subnets segment the devices in a network into smaller groups. The default is 255.255.255.0.

This field is enabled only if the IP assignment mode is Static.

Default Gateway

The IP address for the default gateway. A gateway is a router or a dedicated network device that enables the switch to communicate with devices in other networks or subnetworks. The IP address should be part of the same subnet as the switch IP address.

If all of your devices are in the same network and a default gateway is not used, you do not need to enter an IP address in this field.

This field is enabled only if the IP assignment mode is Static.

Note You must specify a default gateway if your network management station and the switch are in different networks or subnetworks. Otherwise, the switch and your network management station cannot communicate with each other.

The IP address and the default gateway cannot be the same.


Update Basic Administrative Settings

The Express Setup optional settings identify and synchronize the switch so that it can be managed properly. Existing settings might have been set during initial setup. Update these settings if you need to change the switch name or its system clock.

Use the Express Setup window (Figure 3-11) to update the switch administrative settings. To display this window, choose Configure > Express Setup from the device manager menu. See the device manager online help for additional guidelines and procedures.

These are the basic administrative settings:

.

Host Name

A name for the switch. The name can have up to 31 alphanumeric characters. The name cannot contain a ?, a space, or a tab. The default is Switch.

We recommend entering either the name, location, or IP address of the switch to help identify the switch during monitoring or troubleshooting.

System Date

This is the date that the switch automatically read from the network management station or was manually set during initial setup.

System Time

This is the time that the switch automatically read from the network management station or was manually set during initial setup.

Time Zone

This is the time zone that the switch automatically read from the network management station or was manually set during initial setup.

Daylight Saving Time

The check box is automatically enabled only when the selected time zone is in U.S., Europe, or Australia. This check box is disabled for all of the other time zones.


Enable the Switch for Remote Management


Note This section is for advanced users with experience in managing networks.


These are the concepts and procedures for using SNMP:

What Is SNMP

Configuring SNMP

Supported MIBs

What Is SNMP

The switch supports Simple Network Management Protocol (SNMP) versions 1, 2C, and 3. SNMP allows the switch to be remotely managed through other network management software.

SNMP is based on three concepts: SNMP managers (or management stations), SNMP agents (or network devices), and the Management Information Base (MIB). For the MIBs supported on the switch, see the "Supported MIBs" section.

The SNMP manager runs SNMP management software. Network devices to be managed, such as bridges, routers, servers, and workstations, are equipped with an agent software module. The agent provides access to a local MIB of objects that reflects the resources and activity of the device. The agent also responds to manager commands to retrieve values from the MIB and to set values in the MIB. The agent and MIB are on the switch. To configure SNMP on the switch, you define the relationship between the manager and the agent.

Both SNMPv1 and v2C use a community-based form of security. SNMP managers can access the agent MIB through passwords referred to as community strings. SNMPv1 and v2C are generally used for network monitoring without network control.

SNMPv3 provides network monitoring and control. It provides secure access to devices by a combination of authenticating and encrypting packets over the network. The security model used by SNMPv3 is an authentication strategy that is set up for a user and the group in which the user resides. A security level is the permitted level of security within a security model. A combination of a security model and a security level determines which security mechanism is used for an SNMP packet.

Note the following about SNMPv3 objects:

Each user belongs to a group.

A group defines the access policy for a set of users.

An access policy defines which SNMP objects can be accessed for reading, writing, and creating.

A group determines the list of notifications that its users can receive.

A group also defines the security model and the security level for its users.

An SNMP view is a list of MIBs that a group can access.

Data can be securely collected from SNMP devices without fear of the data being tampered with or corrupted.

Confidential information, for example, SNMP Set command packets that change a router configuration, can be encrypted to prevent the contents from being exposed on the network.

Configuring SNMP

Enable SNMP if you plan to have the switch managed through another network management application. By default, SNMP is disabled.

Other general SNMP settings include the name of the switch or the network administrator and the switch location. System name and system contact information appear in the Switch Information area on the Dashboard.

Community strings are forms of passwords to the switch Management Information Base (MIB). You can create community strings that allow a remote manager read-only or read-write access to the switch.

The Read-Only community string operates as a password that enables the switch to validate Get (read-only) requests from a network management station. If you set the SNMP read community, users can access MIB objects, but cannot change them.

The Read-Write community string operates as a password that enables the switch to validate Set (read-write) requests from a network management station. If you set the SNMP write community, users can access and change MIB objects.

Advanced SNMP settings include displaying the SNMP object identifiers (OIDs) of objects that can be accessed, displaying the attributes of the v1defaultGroup SNMP group, and changing the users of the v1defaultGroup SNMP group.

Use the SNMP window (Figure 3-12) to update change the SNMP settings. To display this window, choose Configure > SNMP from the device manager menu. See the device manager online help for additional guidelines and procedures.

Figure 3-12 SNMP Window

Supported MIBs

BRIDGE-MIB

CISCO-ENVMON-MIB

CISCO-PRODUCTS-MIB

CISCO-SYSLOG-MIB

ENTITY-MIB

RFC1213-MIB (MIB II)

RFC1398-MIB (ETHERNET-MIB)

RFC1573-MIB (IF-MIB)

RMON-MIB (statistics, history, alarms, and events groups only)

When You Are Done

Monitor the performance of your network and the switch, as described in "Monitoring."