Cisco SG550XG-8F8T User Manual

Assisting in initial device configuration, including system location, contact, and host name.

Assisting in configuring VLANs, including trunk and access port modes for ports.

Creating new Access Control Lists (ACLs) by defining name, type, and action on match criteria.

Updating or backing up firmware images and swapping active images using various transfer methods.

Automatically configuring switches and upgrading firmware using remote TFTP/SCP servers.

Handling master unit failure, backup unit switchover, and slave unit behavior during failures.

Selecting stack ports for devices and configuring unit IDs after reset.

Displaying global and per-port settings, including link flap prevention, jumbo frames, and port types.

Enabling automatic port reactivation after shutdown due to error conditions.

Configuring Link Aggregation Groups (LAGs) to bundle physical ports into a single logical channel.

Using the Power over Ethernet (PoE) feature to deliver electrical power to connected devices over copper cables.

Configuring various types of VLANs, including creating VLANs, setting interface modes, and managing port membership.

Configuring voice VLANs for IP phones, VoIP endpoints, and voice systems.

Setting parameters for enabling STP, RSTP, or MSTP, including BPDU handling and path cost.

Configuring STP on a per-port basis and viewing information learned by the protocol.

Assigning static MAC addresses to specific physical interfaces and VLANs, which do not expire.

Acquiring MAC addresses by monitoring source addresses of frames and deleting them after aging time.

Configuring IPv4 Multicast, including IGMP snooping, interface settings, VLAN settings, and proxy.

Configuring IPv6 Multicast, including MLD snooping, interface settings, VLAN settings, and proxy.

Configuring IPv4 interface addresses, routes, RIPv2, access lists, VRRP, ARP, and DHCP.

Configuring IPv6 global parameters, interfaces, tunnels, addresses, router configuration, and neighbors.

Routing selected packets to a next hop address based on packet fields using ACLs for classification.

Establishing a TACACS+ server for centralized security, authentication, authorization, and accounting.

Using RADIUS servers for centralized 802.1X or MAC-based network access control.

Defining access rules for various management methods like Telnet, SSH, HTTP, and SNMP.

Assigning authentication methods for management access, locally or via TACACS+/RADIUS servers.

Protecting sensitive data like passwords and keys using encryption, access control, and user authentication.

Establishing secure SSH sessions for remote users, supporting password or public key authentication.

Using the device as an SSH client to securely transfer files and manage network devices.

Limiting the number of frames entering the device to prevent traffic storms.

Limiting access on ports to users with specific MAC addresses for network security.

Restricting unauthorized clients from connecting to a LAN via publicity-accessible ports.

Preventing traffic attacks by validating client IP traffic against the DHCP Snooping Binding database.

Enabling IP communication within a Layer 2 domain by mapping IP addresses to MAC addresses and preventing cache poisoning.

Securing link operations in an IPv6-enabled network using Neighbor Discovery and DHCPv6 messages.

Defining read permissions and default read modes for user sessions on management channels.

Configuring parameters for handling and security of sensitive data, including encryption and passphrase control.

Selecting SSH user authentication methods (password, public key) and setting credentials.

Enabling SSH server authentication and defining trusted servers by their IP address or name.

Describing IPv6 FHS features for securing link operations based on Neighbor Discovery and DHCPv6 messages.

Guarding against RA messages by filtering and validating received RA, CPA, and ICMPv6 redirect messages.

Validating received Neighbor Discovery protocol messages and performing egress filtering.

Treating trapped DHCPv6 messages, filtering received messages, and validating them.

Establishing binding of neighbors by learning IPv6 addresses from NDP and DHCPv6 messages.

Validating source IPv6 addresses of NDP and DHCPv6 messages using the Neighbor Binding table.

Protecting against IPv6 router spoofing, address resolution spoofing, and DHCPv6 server spoofing.

Defining traffic flows using ACLs for traffic filtering and actions, enabling traffic classification.

Creating MAC-based ACLs to filter traffic based on Layer 2 fields.

Creating IPv4-based ACLs to check IPv4 packets based on IP protocol, ports, and addresses.

Creating IPv6-based ACLs to check pure IPv6 traffic based on protocol, addresses, and ports.

Binding ACLs to interfaces (ports, LAGs, VLANs) to apply ACE rules for packet filtering.

Optimizing network performance by classifying traffic, assigning to queues, and managing bandwidth.

Defining trusted domains and marking packets with 802.1p priority or DSCP for QoS treatment.

Applying per-flow QoS using policies, class maps, and policers for granular traffic control.

Configuring a list of authorized client devices and activating 802.1x features using MAC authentication.