Cisco SG 300-20 User Manual

Process for upgrading or backing up firmware, boot code, or importing language files via HTTP or TFTP.

Configures which firmware image will be active after the switch reboots.

Enables backup of configuration files or flash log to another device, and restoration from another device.

Provides instructions on how to reboot the switch, including saving configurations and factory resets.

Performs integrated cable tests on copper cables for fault detection using TDR or DSP-based methods.

Configures global and per-port settings like speed, duplex, auto-negotiation, and port status.

Sets PoE mode (Port Limit/Class Limit) and configures PoE traps for power usage monitoring.

Manages per-port PoE settings, including power limits, priority, and class assignment.

Explains how to create new VLANs, specifying VLAN ID, name, and type (Dynamic, Static, Default).

Configures VLAN parameters for interfaces, including port mode (General, Access, Trunk) and PVID.

Manages port membership to VLANs, covering untagged/tagged frames and port registration.

Enables STP, RSTP, or MSTP globally and configures BPDU handling and bridge priority.

Configures STP settings per port, including edge port, path cost, priority, and port state.

Supports selective multicast forwarding (IPv4) by monitoring IGMP packets and enabling IGMP Querier functionality.

Supports selective multicast forwarding (IPv6) by building Multicast membership lists.

Covers IP addressing modes (Layer 2/3), IP address assignment rules, and IPv6 concepts.

Assigns Link Local or Global IPv6 addresses to an IPv6 interface, managing prefix length and EUI-64.

Configures static IPv4 routes on the switch for Layer 3 routing decisions.

Acts as a DHCP Relay agent, listening for and relaying DHCP messages between servers and clients.

Configures DHCP Relay status and IP addresses of DHCP servers for relaying messages.

Manages user accounts, including adding new users, setting passwords, and defining complexity rules.

Defines password complexity rules: minimum length, character classes, and password aging.

Configures TACACS+ client for centralized security, authentication, and authorization via a TACACS+ server.

Adds TACACS+ servers individually, configuring IP address, priority, key string, and authentication port.

Sets default and individual RADIUS server parameters for centralized authentication and authorization.

Assigns authentication methods (Local, RADIUS, TACACS+) to management access methods like SSH, Telnet, HTTP.

Limits management access via profiles, defining rules for access methods, interfaces, and source IP addresses.

Creates rules within access profiles to permit or deny access based on criteria like management method and interface.

Limits the number of frames entering the switch and defines frame types counted for storm protection.

Increases security by limiting port access to specific MAC addresses, using Classic Lock or Limited Dynamic Lock.

Provides port-based access control, enabling authentication for hosts via 802.1x or MAC-based methods.

Defines 802.1X parameters, including unauthenticated VLANs, port authentication, and host authentication.

Globally enables 802.1X and sets user authentication methods like RADIUS or None for ports.

Configures port authentication parameters, including port control, authentication method, and guest VLAN settings.

Defines 802.1X operation modes on ports: Single, Multiple Host, or Multiple Sessions.

Protects the network from malicious attacks by preventing packets with specific IP address parameters.

Activates security suite with predefined rules to protect against malicious attacks like SYN floods.

Configures reserved IP addresses indicating attacks, discarded by the switch for DoS prevention.

Filters TCP packets with SYN flags destined for specific IP addresses/ports to mitigate SYN flood attacks.

Limits the number of incoming SYN packets to mitigate SYN flood attacks against servers.

Blocks ICMP packets from specific sources to reduce network load during ICMP flood DoS attacks.

Blocks fragmented IP packets to prevent potential DoS attacks.

Ordered lists of classification filters and actions (ACEs) to permit or deny traffic based on patterns.

Creates ACLs to filter traffic based on Layer 2 fields, checking MAC addresses for frame matches.

Creates ACLs to check IPv4 packets, matching IP protocol, ports, addresses, and flags.

Creates ACLs to check pure IPv6-based traffic, matching IPv6 protocol, ports, and addresses.

Binds ACLs to interfaces, applying ACE rules to incoming packets and matching them to a default drop rule.

Adds ACEs to MAC-based ACLs, defining priority, action (Permit/Deny), and criteria.

Adds ACEs to IPv4 ACLs, specifying priority, action, protocol, IP addresses, and ports.

Adds ACEs to IPv6 ACLs, specifying priority, action, protocol, IPv6 addresses, and ports.

Sets the QoS mode (Disable, Basic, Advanced) and defines default CoS priority for interfaces.

Uses policies to support per-flow QoS, consisting of class maps, policers, and bindings to ports.

Steps to configure Advanced QoS: select mode, map DSCP, create ACLs, class maps, policies, and bind them.

Defines traffic flows with ACLs, creating class maps that match packet criteria for QoS application.

Measures traffic rates matching rules and enforces limits (CIR, CBS) using single or aggregate policers.

Creates and manages advanced QoS policies, consisting of class maps and aggregates, bound to interfaces.

Adds class maps to policies, defining packet types and selecting actions for ingress CoS/802.1p/DSCP values.

Defines ingress rate limits and egress shaping values (CIR, CBS) to manage traffic rates.

Creates SNMP groups with security models and associates them with users/communities for access.

Defines SNMPv3 users with login credentials, context, scope, and associates them with groups.