Professional Documents
Culture Documents
Installation and Setup of Cisco SG500-52P - 500 Series Stackable Managed Switches
Installation and Setup of Cisco SG500-52P - 500 Series Stackable Managed Switches
cx)
(/downloads.html) (/forums.html)
DOWNLOADS FORUM
HOT DOWNLOADS
(http://clixtrac.com/goto/?99230) (http://clixtrac.com/goto/?99231) (http://clixtrac.com/goto/?199639)
WEB APPLICATION WEB MONITORING & FREE HYPER‐V BACKUP
SECURITY SCANNER SECURITY (HTTP://CLIXTRAC.COM/GOTO/?
(HTTP://CLIXTRAC.COM/GOTO/? (HTTP://CLIXTRAC.COM/GOTO/? 168777)
NETWORK SECURITY
SCANNER
(/component/banners/click/1.html)
Tweet (http://twitter.com/share)
The SG500 series Cisco switches are the next step up from the already popular SG300 Layer3 switches. Cisco introduced the SG Small
Business series switches to compete against DELL’s and HP’s offerings and take the same share of the market.
Cisco saw the massive gap between its entry level Catalyst switches (2960S & 3560) and the competition, and decided to hit them as
much as it could with the SG series switches.
(http://clixtrac.com/goto/?
The specifications on the newer SG 500 series switches are impressive: switching capacity starting from 28.8Gbps for the smallest 24 199642)
port SG500, up to 176Gbps for the largest models that include 10Gpbs uplinks, all with layer3 switching, stacking and power efficiency
capabilities!
RECOMMENDED
DOWNLOADS
Web Security
(http://clixtrac.com/goto/?
99233)
Free HyperV Backup
(http://clixtrac.com/goto/?
163765)
Server AntiSpam
(http://clixtrac.com/goto/?
99234)
Network Scanner
(http://clixtrac.com/goto/?
99235)
IDS Security Manager
(http://clixtrac.com/goto/?
99236)
WebProxy Monitor
Here are some highlights of the SG 500 Series:
(http://clixtrac.com/goto/?
99237)
HighPower Power over Ethernet Plus (PoE+), providing up to 30 watts per port
Network Analyzer Sniffer
Full IPv6 Support (http://clixtrac.com/goto/?
195370)
Advanced Layer 3 Traffic Management (InterVLANRouting) Cisco VPN Client
(/downloads/ciscotoolsa
Strong Security. Access Control Lists (ACLs), Voice VLAN, Guest VLAN and many more security features. applications.html)
Network Fax Server
Power Efficiency. Ability to automatic power shutoff ports not used, adjusting signal strength based on length of connecting cable
etc. (http://clixtrac.com/goto/?
100607)
Expandability. Offering 1G and 1G/5G Ethernet expansion slots. 10G expansion slots for the 500X series. Forensic Security Analysis
(http://clixtrac.com/goto/?
Limited lifetime warranty with nextbusinessday advanced replacement.
195375)
Web Vulnerability Scanner
(http://clixtrac.com/goto/?
For our readers' convenience, we've made the following downloads available directly from Firewall.cx: 191594)
Cisco SG500 Series Overview
Cisco SG500 Series Datasheet WEBSITE SCANNER
Cisco SG500 Quick Start Guide
These are easily accessible in our SG500 Datasheet Download (/downloads/ciscoproductdatasheetsaguides/ciscosg500series
switches.html) section.
The CLI mode is similar to that of the Cisco IOS Catalyst switches but it has its own logic, something we believe Cisco did deliberately to
ensure the SG series configuration experience is not ‘identical’ to the much more expensive and well known Catalyst switches. NETWORK ANALYZER
We found that the best way to configure the switch was to use the CLI interface for specific functions such as setting up IP Addresses,
creating and naming VLANs, setting default gateway, then using the web interface for configuring the trunk and access links, allowed
VLANs etc. When we completed the configuration and performed a ‘show runningconfig’ in CLI mode, we then understood that some of
the web configuration could have easily been done through CLI.
As with the SG200 & SG300 models, it is advised to always keep the firmware updated to the latest available version. Earlier SG300
firmware suffered from plenty of problems that could cause the switch to stop processing packets and required a reboot to restore
functionality.
(http://clixtrac.com/goto/?
Hopefully, we won’t be experiencing the same problems with the SG500 firmware. 195373)
(http://www.linkedin.com/groups?
(https://www.facebook.com/firewa
(http://twitter.com/firewallcx
(http://feeds.feedburne
CONNECT:home=&gid=1037867)
BEFORE YOU BEGIN
Both SG300 and SG500 series switches are layer3 capable, which means you can create multiple VLANs and route between them a
function called InterVLAN routing. For more information about InterVLAN routing, you can read our InterVLAN routing (/networking FACEBOOK ‐ LIKE US!
topics/vlannetworks/222intervlanrouting.html) article.
Most people are not aware that when an SG300 or SG500 switch is powered up for the first time, it defaults to Layer2 mode! In order to
create multiple VLANs, assign IP Addresses and enable Layer3 Switching, you must switch the SG300 & SG500 to router mode! When
POPULAR SECURITY
this is done all configuration is erased and the device is reset, losing any configuration performed.
ARTICLES
It is therefore highly advisable to always switch to router mode before any configuration is performed on the switch!
Implications of Unsecure
Webservers & Websites
(/generaltopics
reviews/security
SWITCHING TO ‘ROUTER’ MODE – ENABLING LAYER‐3 SWITCHING
articles/1072implications
To switch to router mode, connect to the serial port using the provided DB9 serial cable (read up on our serial cable articles for info on DB9 ofunsecurewebservers
connectors) and set the com port thus: andwebsitesfor
oganizations
115200 Baud Rate companies.html)
The Importance of
8 Data Bits
Automating Web Security
Penetration Testing
No Parity
(/generaltopics
1 Stop Bit reviews/security
articles/1074automation
No Flow Control webapplicationsecurity
testing.html)
When presented with the login prompt, use ‘cisco’ as the username and password. You will be requested to change the password before Choosing a Web Application
you perform any configuration: Security Scanner (/general
topicsreviews/security
User Name:ciscoPassword:***** articles/1083choosingweb
applicationsecurity
Please change your password from the default settings. Please change the password for better scanner.html)
protection of your network. Statistics Highlight the
State of Security of Web
Do you want to change the password (Y/N)[Y] ?Y Applications (/general
topicsreviews/security
Enter old password : ***** articles/1073stateof
Enter new password : ************ securityofweb
Confirm new password: ************ applications.html)
Comparing Netsparker
Cloud & Desktop based
Security Software (/general
When complete, the CLI prompt will be presented along with the familiar hash symbol. At the prompt, enter show system mode to view the topicsreviews/cloudbased
current mode: solutions/1079cloudbased
vsdesktopbasedsecurity
switch# show system mode solutions.html)
Feature State
CISCO PRESS REVIEW
Mode: Switch PARTNER
Without delay, let’s switch to router mode:
(/sitenews/316firewall
switch# set system mode router ciscopress.html)
Changing the switch working mode will *delete* the startup configuration file and reset the device
right after that. It is highly recommended that you will backup it before changing the mode, Notify me of new articles
continue ? (Y/N)[N] Y Name
Email
As the reset process begins, a number of messages will be displayed on the console and the switch will finally reboot:
Subscribe
switch# 02Feb2012 10:48:36 %AAAICONNECT: User CLI session for user cisco over console , source
0.0.0.0 destination 0.0.0.0 ACCEPTED, aggregated (1)
CISCO MENU
CISCO ROUTERS
02Feb2012 10:48:55 %FILEIDELETE: File Delete file URL flash://startupconfig
Resetting local unit (/ciscotechnical
knowledgebase/cisco
************************************************** routers.html)
***************** SYSTEM RESET ***************** CISCO SWITCHES
**************************************************
(/ciscotechnical
Boot1 Checksum Test...............................PASS
knowledgebase/cisco
switches.html)
Boot2 Checksum Test...............................PASS
CISCO VOIP/CCME
CALLMANAGER
Flash Image Validation Test.......................PASS
(/ciscotechnical
knowledgebase/cisco
voice.html)
CISCO FIREWALLS
BOOT Software Version 1.2.0.12 Built 23Nov2011 08:31:59
(/ciscotechnical
knowledgebase/cisco
# #
firewalls.html)
### ###
### ### CISCO WIRELESS
### ### (/ciscotechnical
# ### # # ### # knowledgebase/cisco
### ### ### ### ### ### wireless.html)
# ### ### ### # ### ### ### # CISCO SERVICES &
### ### ### ### ### ### ### ### ### TECHNOLOGIES
### ### ### ### ### ### ### ### ###
(/ciscotechnical
### ### ### ### ### ### ### ### ###
knowledgebase/cisco
# # ### # # # ### # #
servicestech.html)
### ###
### ### CISCO AUTHORS & CCIE
# # INTERVIEWS
(/ciscotechnical
knowledgebase/ccie
####### ### ####### ####### ##### experts.html)
######### ### ### ## ######### #########
### ### #### ### ### ###
### ### ### ### ### ### POPULAR CISCO
### ### #### ### ### ### ARTICLES
######### ### ## ### ######### ######### DMVPN Configuration (/cisco
####### ### ####### ####### ##### technical
knowledgebase/cisco
routers/901ciscorouter
dmvpnconfiguration.html)
Networking device with Marvell ARM CPU core. 256 MByte SDRAM. Cisco IP SLA (/cisco
ICache 16 KB. DCache 16 KB. L2 Cache 256 KB. Cache Enabled. technical
knowledgebase/cisco
routers/813ciscorouteripsla
MAC Address : 88:43:e1:ad:52:53. basic.html)
VLAN Security (/cisco
Autoboot in 2 seconds press RETURN or Esc. to abort and enter prom. technical
Preparing to decompress... knowledgebase/cisco
100% switches/818ciscoswitches
Decompressing SW from image1 vlansecurity.html)
100% 4507RE Installation (/cisco
technical
OK knowledgebase/cisco
Running from RAM... switches/948ciscoswitches
About to erase CDB. Terminal baud rate will now be set to default! 4507rewsx45sup7le
Board ID is 27 installation.html)
Device ID 0xdc7411ab CallManager Express Intro
(/ciscotechnical
********************************************************************* knowledgebase/cisco
*** Running SW Ver. 1.2.0.97 Date 02Feb2012 Time 10:12:46 *** voice/371ciscoccmepart
********************************************************************* 1.html)
Secure CME SRTP & TLS
HW version is V01 (/ciscotechnical
Base Mac address is: 88:43:e1:ad:52:53 knowledgebase/cisco
Dram size is : 256M bytes voice/956ciscovoicecme
Dram first block size is : 208896K bytes securevoip.html)
Dram first PTR is : 0x3000000 Cisco Password Crack (/cisco
Dram second block size is : 4096K bytes technical
Dram second PTR is : 0xFC00000 knowledgebase/cisco
Flash size is: 32M routers/358ciscotype7
02Feb2012 10:13:09 %CDBILOADCONFIG: Loading running configuration. passwordcrack.html)
02Feb2012 10:13:09 %CDBILOADCONFIG: Loading startup configuration. SitetoSite VPN (/cisco
Device configuration: technical
Slot 1 SG50052P knowledgebase/cisco
Device 0: GT_98DX3124 (TomCat) routers/867ciscoroutersite
Device 1: GT_98DX3124 (TomCat) tositeipsecvpn.html)
Unit Number 1 FREE CISCO LAB
PARTNER
02Feb2012 10:13:21 %EntityISENDENTCONFCHANGETRAP: entity configuration change trap.
02Feb2012 10:13:32 %INITIInitCompleted: Initialization task is completed
(http://clixtrac.com/goto/?
99238)
>
Unit Number 1 Master Enabled POPULAR LINUX
ARTICLES
Linux Init & RunLevels (/linux
Tapi Version: v1.9.5
knowledgebasetutorials/linux
Core Version: v1.9.5
administration/845linux
02Feb2012 10:13:39 %StackISTCKCFGCHNG: Configuration changed: chain
administrationrunlevels.html)
02Feb2012 10:13:39 %MLDPIMASTER: Switching to the Master Mode.
Linux Groups & Users (/linux
02Feb2012 10:13:43 %EnvironmentIFANSTATCHNG: FAN# 1 status changed operational.
knowledgebasetutorials/linux
02Feb2012 10:13:43 %EnvironmentIFANSTATCHNG: FAN# 2 status changed operational.
administration/842linux
02Feb2012 10:13:43 %EnvironmentIFANSTATCHNG: FAN# 3 status changed operational.
groupsuseraccounts.html)
02Feb2012 10:13:43 %EnvironmentIFANSTATCHNG: FAN# 4 status changed operational.
Linux Performance Monitoring
02Feb2012 10:13:43 %EnvironmentIFANSTATCHNG: FAN# 1 status changed operational.
(/linuxknowledgebase
02Feb2012 10:13:43 %EnvironmentIFANSTATCHNG: FAN# 2 status changed operational.
tutorials/linux
02Feb2012 10:13:43 %SNMPICDBITEMSNUM: Number of running configuration items loaded: 0
administration/837linux
02Feb2012 10:13:43 %EnvironmentIFANSTATCHNG: FAN# 3 status changed operational.
systemresource
02Feb2012 10:13:43 %EnvironmentIFANSTATCHNG: FAN# 4 status changed operational.
monitoring.html)
Linux Vim Editor (/linux
02Feb2012 10:13:43 %SNMPICDBITEMSNUM: Number of startup configuration items loaded: 0
knowledgebasetutorials/linux
02Feb2012 10:13:43 %EntityISENDENTCONFCHANGETRAP: entity configuration change trap.
administration/836linux
vi.html)
>lcli
Linux Samba (/linux
knowledgebase
At this point, it is necessary to login using the cisco username & password, then change the password as prompted. tutorials/systemandnetwork
Issuing the show system mode command will then confirm the switch is in router mode, which means we are in business: services/848linuxservices
samba.html)
switch# show system mode Linux DHCP Server (/linux
knowledgebase
Feature State tutorials/systemandnetwork
services/849linuxservices
Mode: Router dhcpserver.html)
Linux Bind DNS (/general
topicsreviews/linuxunix
related/829linuxbind
introduction.html)
Linux File & Folder
Permissions (/generaltopics
CREATING VLANS, ASSIGNING IP ADDRESSES, DEFAULT GATEWAY, DNS NAME‐SERVER & ENABLING IP ROUTING reviews/linuxunix
related/introductionto
The process of creating VLANs on the SG500 is similar to that of the Catalyst switches. First create your VLANs and then VLAN
linux/299linuxfilefolder
interfaces to configure IP addresses. Since VLAN 1, the Default VLAN is already created, we only require that we change its IP address
permissions.html)
to match our network. Keep in mind that the switch has VLAN 1 preconfigured with IP address 192.168.1.254, but also has DHCP
Linux OpenMosix (/general
enabled, so if the switch finds a DHCP server during startup it will automatically obtain an IP address. When the system uses its default
topicsreviews/linuxunix
IP address (192.168.1.254), the System LED shown below will flash continuously:
related/openmosixlinux
supercomputer.html)
Linux Network Config (/linux
knowledgebasetutorials/linux
administration/851linux
servicestcpip.html)
BANDWIDTH
MONITORING
(http://clixtrac.com/goto/?
99758)
RSS SUBSCRIPTION
Subscribe to Firewall.cx RSS
Feed by Email
(http://feedburner.google.com/fb/a/mailverify?
switch# configure terminal uri=firewallcx&loc=en_US)
switch(config)# interface vlan 1
switch(configif)# ip address 192.168.1.2 255.255.255.0
switch(configif)# exit
We’ve now set VLAN 1’s IP address to 192.168.1.2. Next step is to create VLAN2 & 5, our Voice VLAN & Guest VLAN, name them and
configure an IP address for each:
switch(config)# vlan 2
switch(config)# interface vlan 2
switch(configif)# name VoiceVLAN
switch(configif)# ip address 192.168.10.2 255.255.255.0
switch(configif)# exit
switch(config)# vlan 5
switch(config)# interface vlan 5
switch(configif)# name GuestVLAN
switch(configif)# ip address 192.168.50.2 255.255.255.0
switch(configif)# exit
The vlan 2 & vlan 5 command creates VLAN 2 and VLAN 5, however the switch’s prompt will not change, so do not be alarmed.
Finally, we set the switch’s hostname, configure the default gateway, nameserver for dns resolution and enable ip routing:
switch(config)# hostname SG500
SG500 (config)# ip defaultgateway 192.168.1.1
SG500 (config)# ip nameserver 192.168.1.1
SG500 (config)# ip routing
WEB CONFIGURATION
For those wishing to use the web interface to configure the switch, don’t despair as there are still plenty of features that can be configured
through the web interface. VLAN creation and IP address configuration are certainly a lot faster and easier through the CLI interface,
especially if you make a mistake and need to make corrections.
To access the web interface, enter the switch’s VLAN 1 IP address as configured previously. In our example, this is 192.168.1.2. You’ll
be greeted with the login screen and prompted to enter a valid username and password. Once entered, the Getting Started screen is
shown:
In our example, we’ve selected VLAN 2 (VLAN ID equals 2), our Voice VLAN, and configured all but one port to carry VLAN 2 traffic
as Tagged. When configuring a VLAN as Tagged traffic, the port automatically becomes a trunk port and the Trunk option above is
greyed out as you cannot disable it – a logical restriction. When configuring a VLAN to Untagged it then becomes the Native VLAN for
that port. If these concepts are new, we would highly recommend you read through our VLAN section (/networkingtopics/vlan
networks.html).
We’ve configured VLAN2 traffic as Tagged, which means we plan to connect an IP Phone to these ports and from there on a PC. VLAN 1
traffic is set as the Untagged traffic, or Native VLAN for all ports.
Finally, Port GE1 is forbidden to carry VLAN2 traffic. The reason for this is that we plan to connect our Internet router on port GE1 and
there is no reason for our Voice VLAN traffic to exist on that port, for security reasons of course.
When done, click on Apply to save the changes and continue with the rest of the VLAN port configuration.
The PortVLANMembership menu provides an overview of all port configuration, however, changes can only be made for one port at a
time:
Our screenshot shows no configuration has been made as VLAN2 and 5 are not configured for any port. Select the port of interest and
click on Join VLAN at the bottom of the page:
The small popup window will appear in which we can select a VLAN from the area on the right (under Select VLAN:), then choose the
tagging method for the selected VLAN and finally assign it to the port by clicking on the right arrow ‘>’:
Once complete, click on Apply to save the changes followed by Close to return to the menu, or select the next port to be configured from
the upper area of the page.
We should note that the PorttoVLAN is the fastest way to configure multiple switch ports simultaneously.
Configuration of the Voice VLAN settings is necessary to ensure the switch understands which VLAN will carry the traffic. Experience
shows its best to specify the Voice VLAN port under these settings, rather than leave it to the switch's discretion to figure it out.
In our example, VLAN ID 2 is our Voice VLAN, so we've changed the default VLAN ID from 1, to 2 and disabled the Dynamic Auto Voice
VLAN feature for security purposes.
Finally, click on Apply to save the changes.
Note: If problems are experienced with the IP Phones registering to CallManager or CallManager Express, make sure to Enable
the Dynamic Voice VLAN feature and setting it to Enable Auto Voice VLAN.
Move to SNTP Unicast menu option, enable the SNTP Client Unicast and add your preferred NTP server as shown below:
Click on Apply to save your changes.
Currently there is only the default account "cisco". Click on Add and enter the username and password:
Note the different User Levels available for the user being created. For full access, select level 15.
Once created, the cisco user can be deleted, however it is imperative the configuration is saved by clicking on the flashing Save button at
the top of the page.
Next, click on the Add button to add a new profile:
The popup window will allow you to define the access profile name, rule priority (the highest rule number takes priority over other access
profiles), management method, interface to which it applies and IP Addresses to which access is allowed or denied:
In our example we named our access profile AllAccess, set the rule priority to No.1 which takes precedence over other rules,
management method of All, permit action, interface VLAN 1 only and source IP of 192.168.1.0 / 24, which of course is the VLAN1
network.
When complete click on Apply and Close.
This action will return you to the Access Profiles section. We now select the Active Access Profile we just created (AllAccess) and click
on Apply. A popup window will request us to confirm this action. Click on OK:
If the session is disconnected, simply reconnect to the switch using VLAN1’s IP address.
Note: If configuring the switch for Telnet or SSH remote access, it is important not to forget to enable these services from the Security >
TCP/UDP Services menu option as shown below:
Again, do not forget to click on the flashing Save button at the top of the page:
CONFIGURATION BACKUP
To download the switch's configuration to a workstation for backup purposes, select File Management > Download/Backup
Configuration/Log from the main menu. Here, select HTTP method and Backup action. Finally select Running or Startup
Configuration depending on your requirements and Apply. You'll soon be prompted with the option to save the configuration file to your
hard disk drive:
This completes our introduction to the SG50052p PoE Switch and its basic configuration.
Back to Cisco Switches Section (/ciscotechnicalknowledgebase/ciscoswitches.html)
Firewall.cx Cisco Networking, VPN IPSec, Security, Cisco Switching, Cisco Routers, Cisco VoIP CallManager Express & UC500, Windows Server, Virtualization, HyperV, Web Security, Linux Administration