Cisco SG220-26P-K9-NA PoE+ Smart Switch with 26 x Gigabit Managed Ethernet Ports

Management options for the Cisco SG220-26P Smart Switch include Simple Network Management Protocol (SNMP), a Command-Line Interface (CLI), a web-based interface, and the Cisco FindIT utility.

Cisco Discovery Protocol (CDP) and Link Layer Discovery Protocol-Media Endpoint Discovery (LLDP-MED) automatically detects the devices connected to your network, then automatically configures the switch with the appropriate settings and instructs end devices on the appropriate voice VLAN or QoS parameters to use. In addition, the Cisco FindIT Network Discovery Utility discovers Cisco devices on the network and display basic information, such as serial numbers and IP addresses.

Using SNMP (Simple Network Management Protocol), you can set up and manage all switches and other Cisco devices in your network remotely.

With the ability to maintain two images in permanent storage instead of only a single image, you can perform software upgrades without taking the network offline or worrying about an outage because of a bad image file.

Configures the device, validating the configuration, and then save the configuration to take effect after reboot. Additionally, a mirror configuration file provides automatic backup of the latest stable configuration file.

The SG220-26P provides native support for IPv6, making it easier to migrate to the next generation of networking applications and operating systems without an equipment upgrade.

Support for network security applications such as IEEE 802.1X and port security can tightly limit access to specific segments of your network. Guest virtual LANs (VLANs) let you provide internet connectivity to nonemployee users while isolating critical business services from guest traffic. Extensive ACLs can restrict sensitive portions of the network from unauthorized users and guard against network attacks. Security mechanisms such as broadcast/multicast/unknown unicast storm control and Bridge Protocol Data Unit (BPDU) guard can protect the network from invalid configurations or malicious intent. Denial of service (DOS) attack prevention helps to increase uptime in the event of a network attack. Finally, RADIUS, TACACS+, local database authentication, and secure management communication over SSL, SSH, and SNMPv3 can help protect management sessions.

Embedded QoS intelligence prioritizes delay-sensitive services such as voice and video and simplifies unified communications deployments, helping to ensure consistent network performance for all services. For example, automated voice VLAN capabilities let you plug any IP phone (including third-party phones) into your IP telephony network and receive an immediate dial tone. The switch automatically configures the device with the right VLAN and QoS parameters to prioritize voice traffic.

Energy Efficient Ethernet (IEEE 802.3az) and Energy Detect support help you save operational expenses and reduce your environmental footprint. PoE power can be on or off based on user-defined schedule to save energy. Support the granular power negotiation with CDP/LLDP communication with PD devices after IEEE classification.

Support for up to 8,192 MAC addresses.

Standard 802.1d Spanning Tree support, enabled by default
Fast convergence using 802.1w (Rapid Spanning Tree [RSTP])
Multiple Spanning Tree instances using 802.1s (MSTP)
16 instances are supported

Support for IEEE 802.3ad Link Aggregation Control Protocol (LACP)
Up to 8 groups
Up to 8 ports per group with 16 candidate ports for each (dynamic) 802.3ad link aggregation
Load balance based on source and destination MAC address, or source and destination MAC/IP

Support for up to 256 VLANs simultaneously
Port-based and 802.1q tag-based VLANs
Management VLAN
Guest VLAN

Voice traffic is automatically assigned to a voice-specific VLAN and treated with appropriate levels of QoS.

VLANs transparently cross a service provider network while isolating traffic among customers.

Protocols for automatically propagating and configuring VLANs in a bridged domain.

Supports HOL blocking prevention.

Provides protection against loops by transmitting loop protocol packets out of ports on which loop protection has been enabled. Loopback detection operates independently of STP.

Automatically adjusts transmit and receive pairs if an incorrect cable type (crossover or straight-through) is installed.

Drop or rate limit based on source and destination MAC, VLAN ID or IP address, protocol, port, Differentiated Services Code Point (DSCP)/IP precedence, TCP/UDP source and destination ports, 802.1p priority, Ethernet type, Internet Control Message Protocol (ICMP) packets, IGMP packets, and TCP flag. Supports up to 512 rules.

Creates the ability to lock source MAC addresses to ports, and limits the number of learned MAC addresses.

RADIUS authentication
Guest VLAN
Single-host, multiple-host, and multisession mode

Protects the network from invalid configurations. A port enabled for BPDU Guard is shut down if a BPDU message is received on that port.

Provides additional protection against Layer 2 forwarding loops (STP loops).

A secure replacement for Telnet traffic. SCP also uses SSH. Both SSH version 1 and version 2 are supported.

Encrypts all HTTPS traffic, allowing highly secure access to the browser-based management GUI in the switch.

Supports RADIUS and TACACS authentication (switch functions as a client), storm control (broadcast, multicast, and unknown unicast), and DOS attack prevention.

Supports 8 hardware queues per port.

Strict priority and Weighted Round-Robin (WRR) queue assignment based on DSCP and class of service (802.1p/CoS).

Port-based; 802.1p VLAN priority-based; IPv4/v6 IP precedence, Type of Service (ToS), and DSCP-based; Differentiated Services (DiffServ); classification and re-marking ACLs, trusted QoS.

Ingress policer; egress shaping and rate control; per VLAN, per port, and flow-based.

A TCP congestion avoidance algorithm is required to reduce and prevent global TCP loss synchronization.

Limits bandwidth-intensive multicast traffic to only the requesters. Supports 256 multicast groups.

Used to support a Layer 2 multicast domain of snooping switches in the absence of a multicast router.

IPv6 host mode
IPv6 over Ethernet
IPv6/IPv4 Dual Stack
IPv6 neighbor and router discovery (ND)
IPv6 stateless address auto-configuration
Path Maximum Transmission Unit (MTU) discovery
Duplicate Address Detection (DAD)
ICMP version 6

Drop or rate limit IPv6 packets in hardware.

Prioritize IPv6 packets in hardware.

Deliver IPv6 multicast packets only to the required receivers.

Supports Web/SSL, Telnet server/SSH, DHCP Client, DHCP Autoconfig, CDP, and LLDP.

Built-in switch configuration utility for easy browser-based device configuration (HTTP/HTTPS). Supports configuration, system dashboard, system maintenance, and monitoring.

Config files can be edited with a text editor and downloaded to another switch, facilitating easier mass deployment.

Scriptable CLI; a full CLI is supported. User privilege levels 1 and 15 are supported for the CLI.

SNMP versions 1, 2c, and 3 with support for traps, and SNMP version 3 User-based Security Model (USM).

Embedded RMON software agent supports 4 RMON groups (history, statistics, alarms, and events) for enhanced traffic management, monitoring, and analysis.

Coexistence of both protocol stacks to ease migration.

Traffic on a port or VLAN can be mirrored to another port for analysis with a network analyzer or RMON probe. Up to 8 source ports can be mirrored to one destination port. Four sessions are supported.

Web browser upgrade (HTTP/HTTPS) and Trivial File Transfer Protocol (TFTP). Dual images for resilient firmware upgrades.

DHCP options facilitate tighter control from a central point (DHCP server) to obtain IP address, auto-configuration (with configuration file download), DHCP relay, and hostname.

Supports Simple Network Time Protocol (SNTP).

Configurable multiple banners for web as well as CLI.

Includes HTTP/HTTPS, TFTP upgrade, DHCP client, BOOTP, cable diagnostics, ping, traceroute, and syslog.

The switch advertises itself using the Bonjour protocol.

LLDP allows the switch to advertise its identification, configuration, and capabilities to neighboring devices that store the data in a MIB. LLDP-MED is an enhancement to LLDP that adds the extensions needed for IP phones.

The switch advertises itself using the Cisco Discovery Protocol. Display brief information for connected Cisco network devices, IP phones, and wireless access points.

Supports 802.3az Energy Efficient Ethernet on all ports; substantially reduces power consumption when link bandwidth is not at full utilization.

Automatically turns power off on Gigabit Ethernet and 10/100 RJ-45 ports when detecting a link down. Active mode is resumed without loss of any packets when the switch detects the link up

LEDs can be manually turned off to save on energy.

Link up or down based on user-defined schedule (when the port is administratively up).