|Layer 2 Switching
||Spanning Tree Protocol
Standard 802.1d spanning tree support
Fast convergence using 802.1w (Rapid Spanning Tree [RSTP]), enabled by default
Multiple spanning tree instances using 802.1s (MSTP); 16 instances are supported
Port grouping/link aggregation
Support for IEEE 802.3ad Link Aggregation Control Protocol (LACP)
? Up to 32 groups
? Up to 8 ports per group with 16 candidate ports for each (dynamic) 802.3ad LAG
Support for up to 4094 active VLANs simultaneously; port-based and 802.1Q tag-based VLANs; MAC-based VLAN
Private VLAN with promiscuous, isolated, and community port
Guest VLAN, unauthenticated VLAN, protocol-based VLAN, IP subnet-based VLAN, CPE VLAN
Dynamic VLAN assignment using RADIUS server along with 802.1x client authentication
Voice traffic is automatically assigned to a voice-specific VLAN and treated with appropriate levels of QoS. Auto voice capabilities deliver networkwide zero-touch deployment of voice endpoints and call control devices.
Multicast TV VLAN
Multicast TV VLAN allows the single multicast VLAN to be shared in the network while subscribers remain in separate VLANs. This feature is also known as Multicast VLAN Registration (MVR).
VLANs transparently cross over a service provider network while isolating traffic among customers.
Generic VLAN Registration Protocol (GVRP) and Generic Attribute Registration Protocol (GARP) enable automatic propagation and configuration of VLANs in a bridged domain.
Unidirectional Link Detection (UDLD)
UDLD monitors physical connection to detect unidirectional links caused by incorrect wiring or port faults to prevent forwarding loops and blackholing of traffic in switched networks.
DHCP relay at Layer 2
Relay of DHCP traffic to DHCP server in a different VLAN. Works with DHCP option 82.
IGMP (versions 1, 2, and 3) snooping
Internet Group Management Protocol (IGMP) limits bandwidth-intensive multicast traffic to only the requesters; supports 4K multicast groups (source-specific multicasting is also supported).
IGMP querier is used to support a Layer 2 multicast domain of snooping switches in the absence of a multicast router.
Head-of-line (HOL) blocking
|Layer 3 Routing
Wirespeed routing of IPv4 packets
Up to 7K routes and up to 256 IP interfaces
Wirespeed IPv6 static routing
Up to 7K routes and up to 256 IPv6 interfaces
Layer 3 interface
Configuration of Layer 3 interface on physical port, LAG, VLAN interface, or loopback interface
Support for classless interdomain routing
Support for Routing Information Protocol version 2 for dynamic routing
Virtual Router Redundancy Protocol (VRRP) delivers improved availability in a Layer 3 network by providing redundancy of the default gateway servicing hosts on the network. VRRP versions 2 and 3 are supported. Up to 255 virtual routers are supported
Policy-based routing (PBR)
Flexible routing control to direct packets to different next hop based on IPv4 or IPv6 ACL
Switch functions as an IPv4 DHCP server serving IP addresses for multiple DHCP pools/scopes.
Support for DHCP options
DHCP relay at Layer 3
Relay of DHCP traffic across IP domains
User Datagram Protocol (UDP) relay
Relay of broadcast information across Layer 3 domains for application discovery or relaying of BOOTP/DHCP packets
Up to 8 units in a stack. Up to 400 ports managed as a single system with hardware failover.
Fast stack failover delivers minimal traffic loss. Support link aggregation across multiple units in a stack.
Plug-and-play stacking configuration/management
Master/backup for resilient stack control
Hot swap of units in stack
Ring and chain stacking options, autostacking port speed, flexible stacking port options
High-speed stack interconnects
Cost-effective high-speed 10G fiber and copper interfaces. Support LAG as stacking interconnects for even higher bandwidth.
SSH is a secure replacement for Telnet traffic. SCP also uses SSH. SSH versions 1 and 2 are supported.
Secure Sockets Layer (SSL) encrypts all HTTPS traffic, allowing secure access to the browser-based management GUI in the switch.
IEEE 802.1X (authenticator role)
RADIUS authentication and accounting, MD5 hash, guest VLAN, unauthenticated VLAN, single/multiple host mode, and single/multiple sessions.
Supports time-based 802.1X dynamic VLAN assignment.
Web-based authentication provides network admission control through web browser to any host devices and operating systems.
STP BPDU Guard
A security mechanism to protect the networks from invalid configurations. A port enabled for Bridge Protocol Data Unit (BPDU) Guard is shut down if a BPDU message is received on that port. This avoids accidental topology loops.
STP Root Guard
This prevents edge devices not in the network administrator's control from becoming Spanning Tree Protocol root nodes.
Filters out DHCP messages with unregistered IP addresses and/or from unexpected or untrusted interfaces. This prevents rogue devices from behaving as a DHCP server.
IP Source Guard (IPSG)
When IP Source Guard is enabled at a port, the switch filters out IP packets received from the port if the source IP addresses of the packets have not been statically configured or dynamically learned from DHCP snooping. This prevents IP address spoofing.
Dynamic ARP Inspection (DAI)
The switch discards ARP packets from a port if there are no static or dynamic IP/MAC bindings or if there is a discrepancy between the source or destination address in the ARP packet. This prevents man-in-the-middle attacks.
IP/MAC/Port Binding (IPMB)
The preceding features (DHCP Snooping, IP Source Guard, and Dynamic ARP Inspection) work together to prevent DoS attacks in the network, thereby increasing network availability.
Secure Core Technology (SCT)
Makes sure that the switch will receive and process management and protocol traffic no matter how much traffic is received.
Secure Sensitive Data (SSD)
A mechanism to manage sensitive data (such as passwords, keys, and so on) securely on the switch, populating this data to other devices, and secure autoconfig. Access to view the sensitive data as plaintext or encrypted is provided according to the user-configured access level and the access method of the user.
Private VLAN provides security and isolation between switch ports, which helps ensure that users cannot snoop on other users' traffic; supports multiple uplinks.
Ability to lock source MAC addresses to ports and limit the number of learned MAC addresses.
Supports RADIUS and TACACS authentication. Switch functions as a client.
The RADIUS accounting functions allow data to be sent at the start and end of services, indicating the amount of resources (such as time, packets, bytes, and so on) used during the session.
Broadcast, multicast, and unknown unicast.
Denial-of-service (DoS) attack prevention.
Multiple user privilege levels in CLI
Level 1, 7, and 15 privilege levels.
Support for up to 2K entries on SG550XG models.
Support for up to 3K entries on all other models.
Time-based ACLs supported.
|Quality of Service (QoS)
8 hardware queues
Strict priority and weighted round-robin (WRR)
Class of service
Port based; 802.1p VLAN priority based; IPv4/v6 IP precedence/ToS/DSCP based; DiffServ; classification and remarking ACLs, trusted QoS
Queue assignment based on differentiated services code point (DSCP) and class of service (802.1p/CoS)
Ingress policer; egress shaping and ingress rate control; per VLAN, per port, and flow base; 2R3C policing
A TCP congestion avoidance algorithm is required to minimize and prevent global TCP loss synchronization.
||IEEE 802.3 10BASE-T Ethernet, IEEE 802.3u 100BASE-TX Fast Ethernet, IEEE 802.3ab 1000BASE-T Gigabit Ethernet, IEEE 802.3ad Link Aggregation Control Protocol, IEEE 802.3z Gigabit Ethernet, IEEE 802.3ae 10 Gbit/s Ethernet over fiber for LAN, IEEE 802.3an 10GBase-T 10 Gbit/s Ethernet over copper twisted pair cable, IEEE 802.3x Flow Control, IEEE 802.1D (STP, GARP, and GVRP), IEEE 802.1Q/p VLAN, IEEE 802.1w Rapid STP, IEEE 802.1s Multiple STP, IEEE 802.1X Port Access Authentication, IEEE 802.3af, IEEE 802.3at, IEEE 802.1AB Link Layer Discovery Protocol, IEEE 802.3az Energy Efficient Ethernet, RFC 768, RFC 783, RFC 791, RFC 792, RFC 793, RFC 813, RFC 826, RFC 879, RFC 896, RFC 854, RFC 855, RFC 856, RFC 858, RFC 894, RFC 919, RFC 920, RFC 922, RFC 950, RFC 951, RFC 1042, RFC 1071, RFC 1123, RFC 1141, RFC 1155, RFC 1157, RFC 1213, RFC 1215, RFC 1286, RFC 1350, RFC 1442, RFC 1451, RFC 1493, RFC 1533, RFC 1541, RFC 1542, RFC 1573, RFC 1624, RFC 1643, RFC 1700, RFC 1757, RFC 1867, RFC 1907, RFC 2011, RFC 2012, RFC 2013, RFC 2030, RFC 2131, RFC 2132, RFC 2233, RFC 2576, RFC 2616, RFC 2618, RFC 2665, RFC 2666, RFC 2674, RFC 2737, RFC 2819, RFC 2863, RFC 3164, RFC 3176, RFC 3411, RFC 3412, RFC 3413, RFC 3414, RFC 3415, RFC 3416, RFC 4330
IPv6 host mode IPv6 over Ethernet dual IPv6/IPv4 stack
IPv6 Neighbor and Router Discovery (ND), IPv6 Stateless Address Autoconfiguration, path MTU Discovery
Duplicate Address Detection (DAD) ICMPv6
IPv6 over IPv4 network with ISATAP tunnel support
USGv6 and IPv6 Gold Logo certified
Prioritize IPv6 packets in hardware
Drop or rate limit IPv6 packets in hardware
IPv6 First Hop Security
Neighbor binding table (snooping and static entries)
Neighbor binding integrity check
Multicast Listener Discovery (MLD v1/2) snooping
Deliver IPv6 multicast packets only to the required receivers
Web/SSL, Telnet Server/SSH, Ping, Traceroute, SNTP, TFTP, SNMP, RADIUS, Syslog, DNS client, DHCP Client, DHCP Autoconfig, IPv6 DHCP Relay, TACACS
IPv6 RFC supported
RFC 4443 (which obsoletes RFC 2463): ICMPv6
RFC 4291 (which obsoletes RFC 3513): IPv6 address architecture
RFC 4291: IP Version 6 Addressing Architecture
RFC 2460: IPv6 Specification
RFC 4861 (which obsoletes RFC 2461): Neighbor Discovery for IPv6
RFC 4862 (which obsoletes RFC 2462): IPv6 Stateless Address Autoconfiguration
RFC 1981: Path MTU Discovery
RFC 4007: IPv6 Scoped Address Architecture
RFC 3484: Default address selection mechanism
RFC 5214 (which obsoletes RFC 4214): ISATAP tunneling
RFC 4293; MIB IPv6: Textual Conventions and General Group
RFC 3595; Textual Conventions for IPv6 Flow Label
||Web user interface
Built-in switch configuration utility for easy browser-based device configuration (HTTP/HTTPS).
Supports simple and advanced mode, configuration, wizards, customizable dashboard, system maintenance, monitoring, online help, and universal search.
SNMP versions 1, 2c, and 3 with support for traps, and SNMP v3 User-based Security Model (USM) RMON
Embedded RMON software agent supports 4 RMON groups (history, statistics, alarms, and events) for enhanced traffic management, monitoring, and analysis
IPv4 and IPv6 dual stack
Coexistence of both protocol stacks to ease migration
? Web browser upgrade (HTTP/HTTPS) and TFTP and SCP
? Upgrade can be initiated through console port as well
? Dual images for resilient firmware upgrades
Traffic on a port or LAG can be mirrored to another port for analysis with a network analyzer or RMON probe. Up to 8 source ports can be mirrored to one destination port.
Traffic from a VLAN can be mirrored to a port for analysis with a network analyzer or RMON probe. Up to 8 source VLANs can be mirrored to one destination port.
Flow-based redirection and mirroring
Redirect or mirror traffic to a destination port or mirroring session based on flow
Remote Switch Port Analyzer (RSPAN)
Traffic can be mirrored across Layer 2 domain to a remote port on a different switch for easier troubleshooting
Switch can export sFlow sample to external collectors. sFlow provides visibility into network traffic down to flow level.
DHCP (options 12, 66, 67, 82, 129, and 150)
DHCP options facilitate tighter control from a central point (DHCP server), to obtain IP address, autoconfiguration (with configuration file download), DHCP Relay, and host name.
Autoconfiguration with Secure Copy (SCP) file download
Enables secure mass deployment with protection of sensitive data.
Config files can be edited with a text editor and downloaded to another switch, facilitating easier mass deployment.
Simplified configuration of QoS and security capabilities.
Automatically applies the intelligence delivered through the Smartports roles to the port based on the devices discovered over Cisco Discovery Protocol or LLDP-MED. This facilitates zero-touch deployments.
Secure Copy (SCP)
Securely transfer files to and from the switch.
Scriptable CLI. A full CLI as well as a menu CLI are supported.
Support for Cisco Active Advisor
Localization of GUI and documentation into multiple languages
Configurable multiple banners for web as well as CLI
Time-based port operation
Link up or down based on user-defined schedule (when the port is administratively up).
Traceroute; single IP management; HTTP/HTTPS; SSH; RADIUS; port mirroring; TFTP upgrade; DHCP client; Simple Network Time Protocol (SNTP); Xmodem upgrade; cable diagnostics; Ping; syslog; Telnet client; SSH client; automatic time settings from Management Station.
||Green (Power Efficiency)
Automatically turns power off on RJ-45 port when detecting link down. Active mode is resumed without loss of any packets when the switch detects the link is up.
Cable length detection
Adjusts the signal strength based on the cable length. Reduces the power consumption for shorter cables.
EEE compliant (802.3az)
Supports IEEE 802.3az on all 10 Gigabit copper ports.
Disable port LEDs
LEDs can be manually turned off to save on energy.
||Frame sizes up to 9 K bytes
The default MTU is 2 K
|MAC Table Size
The switch advertises itself using the Bonjour protocol.
LLDP (802.1ab) with LLDP-MED extensions
Link Layer Discovery Protocol (LLDP) allows the switch to advertise its identification, configuration, and capabilities to neighboring devices that store the data in a MIB. LLDP-MED is an enhancement to LLDP that adds the extensions needed for IP phones.
Cisco Discovery Protocol
The switch advertises itself using the Cisco Discovery Protocol. It also learns the connected device and its characteristics using Cisco Discovery Protocol.
||Green Power (mode)
EEE, Energy Detect, Short Reach
System Power Consumption
110 V = 20.0 W
220 V = 20.8 W
||24 x Fast Ethernet ports
4 x 10 Gigabit Ethernet (2 x 10GBase-T/SFP+ combo + 2 x SFP+)
||Cisco Standard RJ45 console port
||USB Type-A slot on the front panel of the switch for easy file and image management
||Unshielded twisted pair (UTP) Category 5 or better; fiber options (SMF and MMF); coaxial SFP+
||System, master, fan, RPS, stack ID, link/speed per port
||800 MHz (dual-core) ARM
||100 - 240 V; 47/63 Hz, internal, universal
||UL (UL 60950), CSA (CSA 22.2), CE mark, FCC Part 15 (CFR 47) Class A
|Temperature & Humidity
32 to 122°F / 0 to 50°C
-4 to 158°F / -20 to 70°C
10 to 90% non-condensing
10 to 90% non-condensing
32 to 86°F / 0 to 30°C: 35.2 dB
122°F / 50°C: 38.3 dB
|Minimum System Requirements
||Web browser: Mozilla Firefox version 34 or later; Microsoft Internet Explorer version 9 or later, Chrome version 40 or later, Safari version 5 or later.
Category 5 Ethernet network cable for 10/100 speeds at up to 100m; Category 5e Ethernet network cable for Gigabit speeds at up to 328'; Category 6a Ethernet network cable for 10 Gig speeds at up to 328'.
TCP/IP, network adapter, and network operating system (such as Microsoft Windows, Linux, or Mac OS X) installed.
||17.3 x 1.7 x 10.12" / 440 x 44 x 257 mm
||6.81 lb / 3.09 kg