Cisco small business switches are configured via web based graphical user interface (GUI) as opposed to the IOS-based command line configuration used on Cisco's Enterprise and Service Provider switches. Cisco's command line configurations require a bit of a learning curve. But the web admin GUI makes the small business switches easier to configure.
The downside to the web GUI is there is a lag between some of the configuration screens. So I got to see the "Processing Data" graphic quite often when changing between admin screens. The delay isn't horrible, only a couple seconds here and there, but not as responsive as Cisco's IOS command line configuration. The menu lag is similar to what I've experienced on some of Cisco's RV series routers, such as the recently reviewed RV180.
Figure 5: Waiting for the admin page to change
If you want to configure the SG500-28P from the command line, a serial cable is included to connect to the console port. The SG500 can also be configured from the command line via a telnet or ssh if enabled.
There are 13 configuration menus listed on the left side of the web page, with numerous submenu options in each. A look at the screen presented upon login is shown in Figure 6 below.
Figure 6: Main admin screen
The SG500-28P is a complex switch. I think you get a good idea of what you can do with a device by looking at a list of its configuration options. In Table 2, I've listed the 13 menus and their sub-menus. (Note, to fit all the sub-menus into a single table, I abbreviated some of the options.)
Table 2: Menu tree
A nuance in configuring this switch is that you must save your configs for them to persist through a reboot or power loss. Applying your configs make them active, but you'll lose them in a reboot or power loss if you didn't save them. This is similar to the copy run start command in Cisco's IOS command line based devices. Fortunately, the GUI flashes a “Save” reminder in the top of the screen if there are newly applied configurations that haven't been saved.
For information and help on how to configure the SG500-28P, you'll have to refer to the Cisco 500 Series Admin Guide. This 469 page document is available on Cisco's website, but surprisingly not on the disk that comes with the switch. The manual outlines the features, but could use a few examples to better explain the configuration options. If you're a command line fan, you can download its guide, too.
Features - VLAN
The SG500-28P supports up to 4096 simultaneous VLANs. I found basic configuration of VLANs on this switch similar to the Linksys SRW2008 switch I used in the VLAN How To article I posted awhile back.
VLANs are created by giving them a number and optionally a name. Each port on the switch is then configured as an Access, Trunk or General port and given a Port VLAN ID (PVID). Access ports are members of a single VLAN with no tagging applied. Trunk ports are members of one or more untagged VLANs and zero or more tagged VLANs. General ports can be members of one or more untagged and tagged VLANs. The PVID identifies the port's native/untagged VLAN.
I had no problems segmenting the ports on the SG500-28P into several VLANs as well as setting up an 802.1q trunk to a NETGEAR GS108T switch. There is a handy copy function on the SG500 which allows you to configure VLAN settings on one port and copy it to multiple other ports. In Figure 7, you can see my VLAN port status for ports 1-16.
Figure 7: VLAN port status
Port 1 is a trunk port with a configuration of “1UP, 2T” which means it is an untagged (U) member of VLAN 1, its PVID (P) is VLAN 1, and it is a tagged (T) member of VLAN 2. Port 1 is my trunk to the GS108T. Ports 2-12 are “1UP” which means they are untagged members of VLAN 1 and their PVID is VLAN 1. Ports 13-16 are “2UP” which means they are untagged members of VLAN 2 and their PVID is VLAN 2.
Of course, the SG500-28P VLAN capability is more advanced than the SRW2008 or GS108T previously mentioned. The SG500-28P has options for Generic VLAN Registration Protocol (GVRP), VLAN grouping to enable traffic load balancing, Voice VLANs for detecting and separating VoIP traffic into a different VLAN and options for allowing Multicast traffic to pass between VLANs.
Layer 3 Switching
VLANs separate traffic into different groups, and a good network practice is to assign a different subnet to each VLAN. To pass traffic between subnets, routing needs to occur, either with a router or Layer 3 switch. Layer 3 switches are desirable as they can pass traffic between subnets much faster than routers.
The SG500-28P can be configured as a Layer 2 or Layer 3 switch. With Layer 3 switching enabled, virtual Layer 3 interfaces can be created per VLAN and physical interfaces (single ports and LAGs) can be converted from a switched interface to a Layer 3 interface. Both virtual and physical Layer 3 interfaces can be assigned IPv4 and IPv6 addresses on the SG500.
By default, the switch runs in Layer 2 mode. If you choose to use Layer 3 mode, enable this option first. When you covert the SG500-28P to Layer 3 mode, it reboots and erases itself, regardless of whether you did a config save, wiping out all your previous configurations. (I learned this the hard way!)
With the SG500-28P in Layer 3 mode, you can configure an IP address for each VLAN interface on the switch. Each VLAN interface establishes a directly connected route in the SG500's route table, which enables the switch to route directly between VLANs. Static routes can also be added, enabling routing between an external router, such as adding a default route to the router used to connect to the Internet.
I had no trouble configuring multiple VLANs, each with their own VLAN interface and IP address on the SG500-28P, as well as configuring a default static route. Figure 8 shows my two VLAN interfaces and their IP addresses.
Figure 8: IPv4 interfaces
Configuring a network with a Layer 3 switch involves multiple details in the switch, router and end devices, so I won't cover all my configurations. However, with the correct static routes on the SG500-28P and my router, as well as the appropriate configuration in my end devices, I found the SG500-28P routed traffic at Layer 3 as expected.
The SG500 also supports IPv6 addressing and switching. Virtual and physical interfaces can be addressed with both IPv4 and IPv6 addresses, and you can create static routes for both IPv4 and IPv6 routes. Further, the SG500 supports IPv6 tunneling using Intra-Site Automatic Tunnel Addressing Protocol (ISATAP). ISATAP tunneling is a method for passing IPv6 traffic through an IPv4 network.