Cisco Sg3008 Manual
Have a look at the manual Cisco Sg3008 Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
IP Configuration IPv4 Management and Interfaces Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 275 17 -Delayed—The assignment of the IP address is delayed for 60 second if DHCP Client is enabled on startup in order to give time to discover DHCP address. -Not Received—Relevant for DHCP Address. When a DCHP Client starts a discovery process, it assigns a dummy IP address 0.0.0.0 before the real address is obtained. This dummy address has the status of “Not Received”. STEP 2Click Add. STEP 3Select one of the following fields: •Interface—Select Port, LAG, or VLAN as the interface associated with this IP configuration, and select an interface from the list. •IP Address Type—Select one of the following options: - Dynamic IP Address—Receive the IP address from a DHCP server. - Static IP Address—Enter the IP address. STEP 4SelectDynamic Address or Static Address. STEP 5If Static Address was selected, enter the IP Address for this interface, and enter one of the following: •Network Mask—IP mask for this address. •Prefix Length—Length of the IPv4 prefix. STEP 6Click Apply. The IPv4 address settings are written to the Running Configuration file. IPv4 Routes When the device is in Layer 3 system mode, this page enables configuring and viewing IPv4 static routes on the device. When routing traffic, the next hop is decided on according to the longest prefix match (LPM algorithm). A destination IPv4 address may match multiple routes in the IPv4 Static Route Table. The device uses the matched route with the highest subnet mask, that is, the longest prefix match.
IP Configuration IPv4 Management and Interfaces 276 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 17 To define an IP static route: STEP 1Click IP Configuration > IPv4 Management and Interfaces > IPv4 Routes. STEP 2Click Add. STEP 3Enter values for the following fields: •Destination IP Prefix—Enter the destination IP address prefix. •Mask—Select and enter information for one of the following: -Network Mask—The IP route prefix for the destination IP. -Prefix Length—The IP route prefix for the destination IP. •Route Type—Select the route type. - Reject—Rejects the route and stops routing to the destination network via all gateways. This ensures that if a frame arrives with the destination IP of this route, it is dropped. - Remote—Indicates that the route is a remote path. •Next Hop Router IP Address—Enter the next hop IP address or IP alias on the route. NOTEYou cannot configure a static route through a directly-connected IP subnet where the device gets its IP address from a DHCP server. •Metric—Enter the administrative distance to the next hop. The range is 1– 255. STEP 4Click Apply. The IP Static route is saved to the Running Configuration file. ARP The device maintains an ARP (Address Resolution Protocol) table for all known devices that reside in the IP subnets directly connected to it. A directly-connected IP subnet is the subnet to which an IPv4 interface of the device is connected. When the device is required to send/route a packet to a local device, it searches the ARP table to obtain the MAC address of the device. The ARP table contains both static and dynamic addresses. Static addresses are manually configured and do not age out. The device creates dynamic addresses from the ARP packets it receives. Dynamic addresses age out after a configured time.
IP Configuration IPv4 Management and Interfaces Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 277 17 NOTEIn Layer 2 mode, the IP, MAC address mapping in ARP Table is used by the device to forward traffic originated by the device. In Layer 3 mode, the mapping information is used for Layer 3 routing as well as to forward generated traffic. To define the ARP tables: STEP 1Click IP Configuration > IPv4 Management and Interfaces > ARP. STEP 2Enter the parameters. •ARP Entry Age Out—Enter the number of seconds that dynamic addresses can remain in the ARP table. A dynamic address ages out after the time it is in the table exceeds the ARP Entry Age Out time. When a dynamic address ages out, it is deleted from the table, and only returns when it is relearned. •Clear ARP Table Entries—Select the type of ARP entries to be cleared from the system. - All—Deletes all of the static and dynamic addresses immediately. - Dynamic—Deletes all of the dynamic addresses immediately. - Static—Deletes all of the static addresses immediately. - Normal Age Out—Deletes dynamic addresses based on the configured ARP Entry Age Out time. STEP 3Click Apply. The ARP global settings are written to the Running Configuration file. The ARP table displays the following fields: •Interface—The IPv4 Interface of the directly-connected IP subnet where the IP device resides. •IP Address—The IP address of the IP device. •MAC Address—The MAC address of the IP device. •Status—Whether the entry was manually entered or dynamically learned. STEP 4Click Add. STEP 5Enter the parameters: •IP Version—The IP address format supported by the host. Only IPv4 is supported. •VLAN—In Layer 2, displays the management VLAN ID.
IP Configuration IPv4 Management and Interfaces 278 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 17 For devices in Layer 2 mode, there is only one directly-connected IP subnet, which is always in the management VLAN. All the static and dynamic addresses in the ARP Table reside in the management VLAN. Interface—For devices in Layer 3 system mode, an IPv4 interface can be configured on a port, LAG or VLAN. Select the desired interface from the list of configured IPv4 interfaces on the device. •IP Address—Enter the IP address of the local device. •MAC Address—Enter the MAC address of the local device. STEP 6Click Apply. The ARP entry is saved to the Running Configuration file. ARP Proxy The Proxy ARP technique is used by the device on a given IP subnet to answer ARP queries for a network address that is not on that network. NOTEThe ARP proxy feature is only available when the device is in L3 mode. The ARP Proxy is aware of the destination of traffic, and offers another MAC address in reply. Serving as an ARP Proxy for another host effectively directs LAN traffic destination to the host. The captured traffic is then typically routed by the Proxy to the intended destination by using another interface, or by using a tunnel. The process in which an ARP-query-request for a different IP address, for proxy purposes, results in the node responding with its own MAC address is sometimes referred to as publishing. To enable ARP Proxy on all IP interfaces: STEP 1Click IP Configuration > IPv4 Management and Interfaces > ARP Proxy. STEP 2Select ARP Proxy to enable the device to respond to ARP requests for remotely- located nodes with the device MAC address. STEP 3Click Apply. The ARP proxy is enabled, and the Running Configuration file is updated.
IP Configuration IPv4 Management and Interfaces Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 279 17 UDP Relay/IP Helper The UDP Relay/IP Helper feature is only available when the device is in Layer 3 system mode. Switches do not typically route IP Broadcast packets between IP subnets. However, if this feature enables the device to relay specific UDP Broadcast packets, received from its IPv4 interfaces, to specific destination IP addresses. To configure the relaying of UDP packets received from a specific IPv4 interface with a specific destination UDP port, add a UDP Relay: STEP 1Click IP Configuration > IPv4 Management and Interfaces > UDP Relay/IP Helper. STEP 2Click Add. STEP 3Select the Source IP Interface to where the device is to relay UDP Broadcast packets based on a configured UDP destination port. The interface must be one of the IPv4 interfaces configured on the device. STEP 4Enter the UDP Destination Port number for the packets that the device is to relay. Select a well-known port from the drop-down list, or click the port radio button to enter the number manually. STEP 5Enter the Destination IP Address that receives the UDP packet relays. If this field is 0.0.0.0, UDP packets are discarded. If this field is 255.255.255.255, UDP packets are flooded to all IP interfaces. STEP 6Click Apply. The UDP relay settings are written to the Running Configuration file. DHCPv4 Snooping/Relay DHCPv4 Snooping DHCP snooping provides a security mechanism to prevent receiving false DHCP response packets and to log DHCP addresses. It does this by treating ports on the device as either trusted or untrusted. A trusted port is a port that is connected to a DHCP server and is allowed to assign DHCP addresses. DHCP messages received on trusted ports are allowed to pass through the device.
IP Configuration IPv4 Management and Interfaces 280 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 17 An untrusted port is a port that is not allowed to assign DHCP addresses. By default, all ports are considered untrusted until you declare them trusted (in the DHCP Snooping Interface Settings page). DHCPv4 Relay DHCP Relay relays DHCP packets to the DHCP server. DHCPv4 in Layer 2 and Layer 3 In Layer 2 system mode, the device relays DHCP messages received from VLANs on which DHCP Relay has been enabled. In Layer 3 system mode, the device can also relay DHCP messages received from VLANs that do not have IP addresses. Whenever DHCP Relay is enabled on a VLAN without an IP address, Option 82 is inserted automatically. This insertion is in the specific VLAN and does not influence the global administration state of Option 82 insertion. Transparent DHCP Relay For Transparent DHCP Relay where an external DHCP relay agent is being used, do the following: •Enable DHCP Snooping. •Enable Option 82 insertion. •Disable DHCP Relay. For regular DHCP Relay: •Enable DHCP Relay. •No need to enable Option 82 insertion. Option 82 Option 82 (DHCP Relay Agent Information Option) passes port and agent information to a central DHCP server, indicating where an assigned IP address physically connects to the network. The main goal of option 82 is to help to the DHCP server select the best IP subnet (network pool) from which to obtain an IP address. The following Option 82 options are available on the device:
IP Configuration IPv4 Management and Interfaces Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 281 17 •DHCP Insertion - Add Option 82 information to packets that do not have foreign Option 82 information. •DHCP Passthrough - Forward or reject DHCP packets that contain Option 82 information from untrusted ports. On trusted ports, DHCP packets containing Option 82 information are always forwarded. The following table shows the packet flow through the DHCP Relay, DHCP Snooping, and Option 82 modules: The following cases are possible: •DHCP client and DHCP server are connected to the same VLAN. In this case, a regular bridging passes the DHCP messages between DHCP client and DHCP server. •DHCP client and DHCP server are connected to different VLANs. In the case, only DHCP Relay can and does broadcast DHCP messages between DHCP client and DHCP server. Unicast DHCP messages are passed by regular routers and therefore if DHCP Relay is enabled on a VLAN without an IP address or if the device is not a router (Layer 2 device) then an external router is needed. DHCP Relay and only DHCP Relay relays DHCP messages to a DHCP server Interactions Between DHCPv4 Snooping, DHCPv4 Relay and Option 82 The following tables describe how the device behaves with various combinations of DHCP Snooping, DHCP Relay and Option 82. The following describes how DHCP request packets are handled when DHCP Snooping is not enabled and DHCP Relay is enabled. DHCP Relay VLAN with IP AddressDHCP Relay VLAN without IP Address Packet arrives without Option 82Packet arrives with Option 82Packet arrives without Option 82Packet arrives with Option 82
IP Configuration IPv4 Management and Interfaces 282 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 17 The following describes how DHCP request packets are handled when both DHCP Snooping and DHCP Relay are enabled: Option 82 Insertion DisabledPacket is sent without Option 82Packet is sent with the original Option 82Relay – inserts Option 82 Bridge – no Option 82 is insertedRelay – discards the packet Bridge – Packet is sent with the original Option 82 Option 82 Insertion EnabledRelay – is sent with Option 82 Bridge – no Option 82 is sentPacket is sent with the original Option 82Relay – is sent with Option 82 Bridge – no Option 82 is sentRelay – discards the packet Bridge – Packet is sent with the original Option 82 DHCP Relay VLAN with IP AddressDHCP Relay VLAN without IP Address Packet arrives without Option 82Packet arrives with Option 82Packet arrives without Option 82Packet arrives with Option 82 Option 82 Insertion DisabledPacket is sent without Option 82Packet is sent with the original Option 82Relay – inserts Option 82 Bridge – no Option 82 is insertedRelay – discards the packet Bridge – Packet is sent with the original Option 82 DHCP Relay VLAN with IP AddressDHCP Relay VLAN without IP Address
IP Configuration IPv4 Management and Interfaces Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 283 17 The following describes how DHCP Reply packets are handled when DHCP Snooping is disabled: Option 82 Insertion EnabledRelay – is sent with Option 82 Bridge – Option 82 is added (if port is trusted, behaves as if DHCP Snooping is not enabled)Packet is sent with the original Option 82Relay – is sent with Option 82 Bridge – Option 82 is inserted (if port is trusted, behaves as if DHCP Snooping is not enabled)Relay – discards the packet Bridge – Packet is sent with the original Option 82 DHCP Relay VLAN with IP AddressDHCP Relay VLAN without IP Address Packet arrives without Option 82Packet arrives with Option 82Packet arrives without Option 82Packet arrives with Option 82 DHCP Relay VLAN with IP AddressDHCP Relay VLAN without IP Address
IP Configuration IPv4 Management and Interfaces 284 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 17 Option 82 insertion disabledPacket is sent without Option 82Packet is sent with the original Option 82Relay – discards Option 82 Bridge – Packet is sent without Option 82Relay – 1. I f r e p l y originates in device, packet is sent without Option 82 2. If reply does not originate in device, packet is discarded Bridge – Packet is sent with the original Option 82 Option 82 insertion enabledPacket is sent without Option 82Relay – Packet is sent without Option 82 Bridge – Packet is sent with the Option 82Relay – discards Option 82 Bridge – Packet is sent without Option 82Relay – Packet is sent without Option 82 Bridge – Packet is sent with the Option 82 DHCP Relay VLAN with IP AddressDHCP Relay VLAN without IP Address