Features
• Ease of Management and Deployment
• High Reliability and Resiliency
• Strong Security
• Networkwide Automatic Voice Deployment
• IPv6 Support
• Advanced Layer 3 Traffic Management
• Compact Design
• Power Efficiency
• Peace of Mind and Investment Protection
Performance
Switching capacity and forwarding rate
All switches are wire speed and nonblocking
Capacity in Millions of Packets per Second (mpps) (64-bytepackets)
14.88
Switching Capacity in Gigabits per Second (Gbps)
20.0
Layer 2 Switching
Spanning Tree Protocol
Standard 802.1d Spanning Tree support
Fast convergence using 802.1w (Rapid Spanning Tree [RSTP]),enabled by default
Multiple Spanning Tree instances using 802.1s (MSTP); 8instances are supported
Per-VLAN Spanning Tree Plus (PVST+) and Rapid PVST+(RPVST+); 126 instances are supported
Port grouping/link aggregation
Support for IEEE 802.3ad Link Aggregation Control Protocol(LACP)
• Up to 8 groups
• Up to 8 ports per group with 16 candidate ports for each(dynamic) 802.3ad link aggregation
VLAN
Support for up to 4,094 VLANs simultaneously
Port-based and 802.1Q tag-based VLANs; MAC-based VLAN;protocol-based VLAN; IP subnet-based VLAN
Management VLAN
Private VLAN with promiscuous, isolated, and community port
Private VLAN Edge (PVE), also known as protected ports, withmultiple uplinks
Guest VLAN, unauthenticated VLAN
Dynamic VLAN assignment via RADIUS server along with 802.1xclient authentication
CPE VLAN
Voice VLAN
Voice traffic is automatically assigned to a voice-specificVLAN and treated with appropriate levels of QoS. Auto voice capabilitiesdeliver network wide zero-touch deployment of voice endpoints and call controldevices
Multicast TV VLAN
Multicast TV VLAN allows the single multicast VLAN to beshared in the network while subscribers remain in separate VLANs. This featureis also known as Multicast VLAN Registration (MVR)
VLAN Translation
Support for VLAN One-to-One Mapping. In VLAN One-to-OneMapping, on an edge interface customer VLANs (C-VLANs) are mapped to serviceprovider VLANs (S-VLANs) and the original C-VLAN tags are replaced by thespecified S-VLAN
Q-in-Q
VLANs transparently cross a service provider network whileisolating traffic among customers
Selective Q-in-Q
Selective Q-in-Q is an enhancement to the basic Q-in-Qfeature and provides, per edge interface, multiple mappings of differentC-VLANs to separate S-VLANs
Selective Q-in-Q also allows configuring of Ethertype (TagProtocol Identifier [TPID]) of the S-VLAN tag
Layer 2 protocol tunneling over Q-in-Q is also supported
Generic VLAN Registration Protocol (GVRP)/Generic AttributeRegistration Protocol (GARP)
Generic VLAN Registration Protocol (GVRP) and GenericAttribute Registration Protocol (GARP) enable automatic propagation andconfiguration of VLANs in a bridged domain
Unidirectional Link Detection (UDLD)
UDLD monitors physical connection to detect unidirectionallinks caused by incorrect wiring or cable/port faults to prevent forwardingloops and black holing of traffic in switched networks
Dynamic Host Configuration Protocol (DHCP) Relay at Layer 2
Relay of DHCP traffic to DHCP server in different VLAN;works with DHCP Option 82
Internet Group Management Protocol (IGMP) versions 1, 2, and3 snooping
IGMP limits bandwidth-intensive multicast traffic to onlythe requesters; supports 2K multicast groups (source-specific multicasting isalso supported)
IGMP Querier
IGMP querier is used to support a Layer 2 multicast domainof snooping switches in the absence of a multicast router
Head-of-Line (HOL) blocking
HOL blocking prevention
Loopback Detection
Loopback detection provides protection against loops bytransmitting loop protocol packets out of ports on which loop protection hasbeen enabled. It operates independently of STP
Layer 3
IPv4 routing
Wirespeed routing of IPv4 packets
Up to 990 static routes and up to 128 IP interfaces
IPv6 routing
Wirespeed routing of IPv6 packets
Layer 3 Interface
Configuration of Layer 3 interface on physical port, LinkAggregation (LAG), VLAN interface, or loopback interface
Classless Interdomain Routing (CIDR)
Support for classless interdomain routing
Policy-Based Routing (PBR)
Flexible routing control to direct packets to different nexthop based on IPv4 or IPv6 Access Control List (ACL)
DHCP Server
Switch functions as an IPv4 DHCP server serving IP addressesfor multiple DHCP pools/scopes
Support for DHCP options
DHCP relay at Layer 3
Relay of DHCP traffic across IP domains
User Datagram Protocol (UDP) relay
Relay of broadcast information across Layer 3 domains forapplication discovery or relaying of Bootstrap Protocol (BOOTP)/DHCP packets
Stacking
Hardware stacking
Up to 4 units in a stack. Up to 200 ports managed as asingle system with hardware failover
Stacking is supported on the following models
CBS350-24T-4X, CBS350-24P-4X, CBS350-24FP-4X, CBS350-48T-4X,CBS350-48P-4X, CBS350-48FP-4X
CBS350-8MP-2X, CBS350-24MGP-4X, CBS350-12NP-4X,CBS350-24NGP-4X, CBS350-48NGP-4X
CBS350-8XT, CBS350-12XS, CBS350-12XT, CBS350-16XTS,CBS350-24XS, CBS350-24XT, CBS350-24XTS, CBS350-48XT-4X
High availability
Fast stack failover delivers minimal traffic loss. Supportlink aggregation across multiple units in a stack
Plug-and-play stacking configuration/management
Master/backup for resilient stack control
Autonumbering
Hot swap of units in stack
Ring and chain stacking options, auto stacking port speed,flexible stacking port options
High-speed stack interconnects
Cost-effective high-speed 10G fiber interfaces.
Security
Secure Shell (SSH) Protocol
SSH is a secure replacement for Telnet traffic. Secure CopyProtocol (SCP) also uses SSH. SSH v1 and v2 are supported
Secure Sockets Layer (SSL)
SSL support: Encrypts all HTTPS traffic, allowing highlysecure access to the browser-based management GUI in the switch
IEEE 802.1X (Authenticator role)
802.1X: Remote Authentication Dial-In User Service (RADIUS)authentication and accounting, MD5 hash; guest VLAN; unauthenticated VLAN,single/multiple host mode and single/multiple sessions
Supports time-based 802.1X; dynamic VLAN assignment
Web-based authentication
Web-based authentication provides network admission controlthrough web browser to any host devices and operating systems
STP Bridge Protocol Data Unit (BPDU) Guard
A security mechanism to protect the network from invalidconfigurations. A port enabled for BPDU Guard is shut down if a BPDU message isreceived on that port. This avoids accidental topology loops
STP Root Guard
This prevents edge devices not in the networkadministrator’s control from becoming Spanning Tree Protocol root nodes
STP loopback guard
Provides additional protection against Layer 2 forwardingloops (STP loops)
DHCP snooping
Filters out DHCP messages with unregistered IP addressesand/or from unexpected or untrusted interfaces. This prevents rogue devicesfrom behaving as DHCP Servers.
IP Source Guard (IPSG)
When IP Source Guard is enabled at a port, the switchfilters out IP packets received from the port if the source IP addresses of thepackets have not been statically configured or dynamically learned from DHCPsnooping. This prevents IP address spoofing.
Dynamic ARP Inspection (DAI)
The switch discards ARP packets from a port if there are nostatic or dynamic IP/MAC bindings or if there is a discrepancy between thesource or destination addresses in the ARP packet. This preventsman-in-the-middle attacks.
IP/MAC/Port Binding (IPMB)
The preceding features (DHCP Snooping, IP Source Guard, andDynamic ARP Inspection) work together to prevent DOS attacks in the network,thereby increasing network availability
Secure Core Technology (SCT)
Makes sure that the switch will receive and processmanagement and protocol traffic no matter how much traffic is received
Secure Sensitive Data (SSD)
A mechanism to manage sensitive data (such as passwords,keys, and so on) securely on the switch, populating this data to other devices,and secure autoconfig. Access to view the sensitive data as plaintext orencrypted is provided according to the user-configured access level and theaccess method of the user.
Trustworthy systems
Trustworthy systems provide a highly secure foundation forCisco products
Run-time defenses (Executable Space Protection [X-Space],Address Space Layout Randomization [ASLR], Built-In Object Size Checking[BOSC])
Private VLAN
Private VLAN provides security and isolation between switchports, which helps ensure that users cannot snoop on other users’ traffic;supports multiple uplinks
Layer 2 isolation Private VLAN Edge (PVE) with communityVLAN
PVE (also known as protected ports) provides Layer 2isolation between devices in the same VLAN, supports multiple uplinks
Port security
Ability to lock source MAC addresses to ports and limits thenumber of learned MAC addresses
RADIUS/TACACS+
Supports RADIUS and TACACS authentication. Switch functionsas a client
RADIUS accounting
The RADIUS accounting functions allow data to be sent at thestart and end of services, indicating the amount of resources (such as time,packets, bytes, and so on) used during the session
Storm control
Broadcast, multicast, and unknown unicast
DoS prevention
Denial-of-Service (DOS) attack prevention
Multiple user privilege levels in CLI
Level 1, 7, and 15 privilege levels
ACLs
Support for up to 1,024 rules
Drop or rate limit based on source and destination MAC, VLANID, IPv4 or IPv6 address, IPv6 flow label, protocol, port, DifferentiatedServices Code Point (DSCP)/IP precedence, Transmission Control Protocol/UserDatagram Protocol (TCP/UDP) source and destination ports, 802.1p priority,Ethernet type, Internet Control Message Protocol (ICMP) packets, IGMP packets,TCP flag; ACL can be applied on both ingress and egress sides
Time-based ACLs supported
Quality of Service
Priority levels
8 hardware queues
Scheduling
Strict priority and Weighted Round-Robin (WRR)
Class of service
Port based; 802.1p VLAN priority-based; IPv4/v6 IPprecedence/Type of Service (ToS)/DSCP-based; Differentiated Services(DiffServ); classification and remarking ACLs, trusted QoS
Queue assignment based on DSCP and class of service(802.1p/CoS)
Rate limiting
Ingress policer; egress shaping and rate control; per VLAN,per port, and flow based; 2R3C policing
Congestion avoidance
A TCP congestion avoidance algorithm is required to minimizeand prevent global TCP loss synchronization
iSCSI traffic optimization
A mechanism for giving priority to iSCSI traffic over othertypes of traffic
Standards
IEEE 802.3 10BASE-T Ethernet, IEEE 802.3u 100BASE-TX FastEthernet, IEEE 802.3ab 1000BASE-T Gigabit Ethernet, IEEE 802.3ad LinkAggregation Control Protocol, IEEE 802.3z Gigabit Ethernet, IEEE 802.3ae 10Gbit/s Ethernet over fiber for LAN, IEEE 802.3an 10GBase-T 10 Gbit/s Ethernetover copper twisted pair cable, IEEE 802.3x Flow Control, IEEE 802.1D (STP, GARP,and GVRP), IEEE 802.1Q/p VLAN, IEEE 802.1w Rapid STP, IEEE 802.1s Multiple STP,IEEE 802.1X Port Access Authentication, IEEE 802.3af, IEEE 802.3at, IEEE802.1AB Link Layer Discovery Protocol, IEEE 802.3az Energy Efficient Ethernet,RFC 768, RFC 783, RFC 791, RFC 792, RFC 793, RFC 813, RFC 826, RFC 879, RFC896, RFC 854, RFC 855, RFC 856, RFC 858, RFC 894, RFC 919, RFC 920, RFC 922,RFC 950, RFC 951, RFC 1042, RFC 1071, RFC 1123, RFC 1141, RFC 1155, RFC 1157,RFC 1213, RFC 1215, RFC 1286, RFC 1350, RFC 1442, RFC 1451, RFC 1493, RFC 1533,RFC 1541, RFC 1542, RFC 1573, RFC 1624, RFC 1643, RFC 1700, RFC 1757, RFC 1867,RFC 1907, RFC 2011, RFC 2012, RFC 2013, RFC 2030, RFC 2131, RFC 2132, RFC 2233,RFC 2576, RFC 2616, RFC 2618, RFC 2665, RFC 2666, RFC 2674, RFC 2737, RFC 2819,RFC 2863, RFC 3164, RFC 3176, RFC 3411, RFC 3412, RFC 3413, RFC 3414, RFC 3415,RFC 3416, RFC 4330
IPv6
IPv6
IPv6 host mode; IPv6 over Ethernet; Dual IPv6/IPv4 stack
IPv6 neighbor and router discovery (ND); IPv6 statelessaddress autoconfiguration; Path Maximum Transmission Unit (MTU) discovery
Duplicate Address Detection (DAD); ICMP version 6
DHCPv6 stateful client
IPv6 over IPv4 network with Intrasite Automatic TunnelAddressing Protocol (ISATAP) tunnel support
USGv6 and IPv6 Gold Logo certified
IPv6 QoS
Prioritize IPv6 packets in hardware
IPv6 ACL
Drop or rate limit IPv6 packets in hardware
IPv6 First Hop Security
RA guard
ND inspection
DHCPv6 guard
Neighbor binding table (snooping and static entries)
Neighbor binding integrity check
Multicast Listener Discovery (MLD v1/2) snooping
Deliver IPv6 multicast packets only to the requiredreceivers
IPv6 applications
Web/SSL, Telnet server/SSH, ping, traceroute, Simple NetworkTime Protocol (SNTP), Trivial File Transfer Protocol (TFTP), SNMP, RADIUS,syslog, Domain Name System (DNS) client, Telnet Client, DHCP Client, DHCPAutoconfig, IPv6 DHCP Relay, Terminal Access Controller Access Control SystemPlus (TACACS+)
IPv6 RFCs supported
RFC 4443 (which obsoletes RFC2463): ICMP version 6
RFC 4291 (which obsoletes RFC 3513): IPv6 addressarchitecture
RFC 4291: IPv6 addressing architecture
RFC 2460: IPv6 specification
RFC 4861 (which obsoletes RFC 2461): neighbor discovery forIPv6
RFC 4862 (which obsoletes RFC 2462): IPv6 stateless addressautoconfiguration
RFC 1981: path MTU discovery
RFC 4007: IPv6 scoped address architecture
RFC 3484: default address selection mechanism
RFC 5214 (which obsoletes RFC 4214): ISATAP tunneling
RFC 4293: MIB IPv6: textual conventions and general group
RFC 3595: textual conventions for IPv6 flow label
Management
Web user interface
Built-in switch configuration utility for easy browser-baseddevice configuration (HTTP/HTTPS).
Supports simple and advanced mode, configuration, wizards,customizable dashboard, system maintenance, monitoring, online help, anduniversal search
SNMP
SNMP versions 1, 2c, and 3 with support for traps, and SNMPversion 3 User-based Security Model (USM)
Standard Management Information Bases (MIBs)
lldp-MIB
lldpextdot1-MIB
lldpextdot3-MIB
lldpextmed-MIB
rfc2674-MIB
rfc2575-MIB
rfc2573-MIB
rfc2233-MIB
rfc2013-MIB
rfc2012-MIB
rfc2011-MIB
RFC-1212
RFC-1215
SNMPv2-CONF
SNMPv2-TC
p-bridge-MIB
q-bridge-MIB
rfc1389-MIB
rfc1493-MIB
rfc1611-MIB
rfc1612-MIB
rfc1850-MIB
rfc1907-MIB
rfc2571-MIB
rfc2572-MIB
rfc2574-MIB
rfc2576-MIB
rfc2613-MIB
rfc2665-MIB
rfc2668-MIB
rfc2737-MIB
rfc2925-MIB
rfc3621-MIB
rfc4668-MIB
rfc4670-MIB
trunk-MIB
tunnel-MIB
udp-MIB
ianaifty-MIB
ianaprot-MIB
ip-forward-MIB
ip-MIB
RFC1155-SMI
RFC1213-MIB
SNMPv2-MIB
SNMPv2-SMI
SNMPv2-TM
RMON-MIB
rfc1724-MIB
rfc1213-MIB
rfc1757-MIB
Private MIBs
CISCOSB-MIB
CISCOSB-ssh-MIB
CISCOSB-phy-MIB
CISCOSB-mri-MIB
CISCOSB-cli-MIB
CISCOSB-cdb-MIB
CISCOSB-tbi-MIB
CISCOSB-env_mib
CISCOSB-aaa-MIB
CISCOSB-dlf-MIB
CISCOSB-fft-MIB
CISCOSB-ip-MIB
CISCOSB-mng-MIB
CISCOSB-PoE-MIB
CISCOSB-udp-MIB
CISCOSB-eee-MIB
CISCOSB-ssl-MIB
CISCOSB-tbp-MIB
CISCOSMB-MIB
CISCO-SMI-MIB
CISCOSB-CDP-MIB
CISCOSB-sct-MIB
CISCO-TC-MIB
CISCO-VTP-MIB
CISCO-CDP-MIB
Remote Monitoring (RMON)
Embedded RMON software agent supports 4 RMON groups(history, statistics, alarms, and events) for enhanced traffic management,monitoring, and analysis
IPv4 and IPv6 dual stack
Coexistence of both protocol stacks to ease migration
Firmware upgrade
Web browser upgrade (HTTP/HTTPS) and TFTP and upgrade overSCP running over SSH
Dual images for resilient firmware upgrades
Port mirroring
Traffic on a port can be mirrored to another port foranalysis with a network analyzer or RMON probe. Up to 8 source ports can bemirrored to one destination port.
VLAN mirroring
Traffic from a VLAN can be mirrored to a port for analysiswith a network analyzer or RMON probe. Up to 8 source VLANs can be mirrored toone destination port.
DHCP (options 12, 66, 67, 82, 129, and 150)
DHCP options facilitate tighter control from a central point(DHCP server) to obtain IP address, autoconfiguration (with configuration filedownload), DHCP relay, and hostname
Secure Copy (SCP)
Securely transfer files to and from the switch
Autoconfiguration with Secure Copy (SCP) file download
Enables secure mass deployment with protection of sensitivedata
Text-editable config files
Config files can be edited with a text editor and downloadedto another switch, facilitating easier mass deployment
Smartports
Simplified configuration of QoS and security capabilities
Auto Smartports
Applies the intelligence delivered through the Smartportroles and applies it automatically to the port based on the devices discoveredover Cisco Discovery Protocol or LLDP-MED. This facilitates zero-touchdeployments
Textview CLI
Scriptable command-line interface. A full CLI as well as amenu-based CLI is supported. User privilege levels 1, 7, and 15 are supportedfor the CLI
Cloud services
Support for Cisco Business Dashboard and Cisco ActiveAdvisor
Embedded Probe for Cisco Business Dashboard
Support for embedded probe for Cisco Business Dashboardrunning on the switch. Eliminates the need to set up a separate hardware orvirtual machine for the Cisco Business Dashboard Probe on site.
Cisco Network Plug and Play (PnP) agent
The Cisco Network Plug and Play solution provides a simple,secure, unified, and integrated offering to ease new branch or campus devicerollouts or for provisioning updates to an existing network. The solutionprovides a unified approach to provision Cisco routers, switches, and wirelessdevices with a near-zero-touch deployment experience
Supports Cisco PnP Connect
Localization
Localization of GUI and documentation into multiplelanguages
Login banner
Configurable multiple banners for web as well as CLI
Other management
Traceroute; single IP management; HTTP/HTTPS; SSH; RADIUS;port mirroring; TFTP upgrade; DHCP client; BOOTP; SNTP; Xmodem upgrade; cablediagnostics; ping; syslog; Telnet client (SSH secure support); automatic timesettings from Management Station
Green (power efficiency)
Energy Detect
Automatically turns power off on RJ-45 port when detectinglink down. Active mode is resumed without loss of any packets when the switchdetects the link up
Cable length detection
Adjusts the signal strength based on the cable length.Reduces the power consumption for shorter cables.
EEE Compliant (802.3az)
Supports IEEE 802.3az on all copper Gigabit Ethernet ports
Disable port LEDs
LEDs can be manually turned off to save on energy
Time-based port operation
Link up or down based on user-defined schedule (when theport is administratively up)
Time-based PoE
PoE power can be on or off based on user-defined schedule tosave energy
General
Jumbo frames
Frame sizes up to 9K bytes. The default MTU is 2K bytes
MAC table
16K addresses
Discovery
Bonjour
The switch advertises itself using the Bonjour protocol
Link Layer Discovery Protocol (LLDP) (802.1ab) with LLDP‑MEDextensions
LLDP allows the switch to advertise its identification,configuration, and capabilities to neighboring devices that store the data in aMIB. LLDP-MED is an enhancement to LLDP that adds the extensions needed for IPphones
Cisco Discovery Protocol
The switch advertises itself using the Cisco DiscoveryProtocol. It also learns the connected device and its characteristics via CiscoDiscovery Protocol
Power Consumption
(Worst Case)
System Power Consumption
110V=12.55W
220V=12.56W
Heat Dissipation (BTU/hr)
42.86
Ports
Total System Ports
10 Gigabit Ethernet
RJ-45 Ports
8 Gigabit Ethernet
Combo Ports(RJ 45 + Small form-factor pluggable [SFP])
2 Gigabit Ethernet combo
Console port
Cisco Standard mini USB Type-B / RJ45 console port
USB slot
USB Type-A slot on the front panel of the switch for easyfile and image management
Buttons
Reset button
Cabling type
Unshielded Twisted Pair (UTP) Category 5e or better for1000BASE-T
LEDs
System, Link/Act, PoE, Speed
Flash
256 MB
CPU
800 MHz ARM
DRAM
512 MB
Packet buffer
All numbers are aggregate across all ports as the buffersare dynamically shared:
Packet Buffer
1.5 MB
Supported SFP modules
MGBSX1
Multimode fiber
1000 Mbps
500 m
MGBLX1
Single-mode fiber
1000 Mbps
10 km
MGBLH1
Single-mode fiber
1000 Mbps
40 km
MGBT1
UTP cat 5e
1000 Mbps
100 m
GLC-SX-MMD
Multimode fiber
1000 Mbps
550 m
GLC-LH-SMD
Single-mode fiber
1000 Mbps
10 km
GLC-BX-U
Single-mode fiber
1000 Mbps
10 km
GLC-BX-D
Single-mode fiber
1000 Mbps
10 km
GLC-TE
UTP cat 5e
1000 Mbps
100 m
SFP-H10GB-CU1M
Copper coax
10 Gig
1 m
SFP-H10GB-CU3M
Copper coax
10 Gig
3 m
SFP-H10GB-CU5M
Copper coax
10 Gig
5 m
SFP-10G-SR
Multimode fiber
10 Gig
26 m - 400 m
SFP-10G-LR
Single-mode fiber
10 Gig
10 km
SFP-10G-SR-S
Multimode fiber
10 Gig
26 m - 400 m
SFP-10G-LR-S
Single-mode fiber
10 Gig
10 km
Environmental
Unit Dimensions
268 x 185 x 44 mm (10.56 x 7.28 x 1.73 in)
Unit Weight
1.7 kg (3.75 lb)
Power
100-240V 50-60 Hz, external
Certification
UL (UL 60950), CSA (CSA 22.2), CE mark, FCC Part 15 (CFR 47)Class A
Environment
Operating temperature
23° to 122°F (-5° to 50°C)
Storage temperature
-13° to 158°F (-25° to 70°C)
Operating humidity
10% to 90%, relative, noncondensing
Storage humidity
10% to 90%, relative, noncondensing
Acoustic noise and Mean Time Between Failure (MTBF)
FAN (Number)
Fanless
Acoustic Noise
N/A
MTBF at 25°C (hours)
2,171,669
Minimum Requirements
Web browser: Chrome, Firefox, Edge, Safari
Category 5e Ethernet network cable
TCP/IP, network adapter, and network operating system (suchas Microsoft Windows, Linux, or Mac OS X) installed
Package Contents
Cisco Business 350 Series Managed Switch
Power Cord (Power adapter for select 8-port and 16-portSKUs)
Mounting Kit
Quick Start Guide
![Buy Now Buy Now](buy.gif)