Features

• Ease of Management and Deployment

• High Reliability and Resiliency

• Strong Security

• Networkwide Automatic Voice Deployment

• IPv6 Support

• Advanced Layer 3 Traffic Management

• Compact Design

• Power Efficiency

• Peace of Mind and Investment Protection

Performance

Switching capacity and forwarding rate

All switches are wire speed and nonblocking

Capacity in Millions of Packets per Second (mpps) (64-bytepackets)

14.88

Switching Capacity in Gigabits per Second (Gbps)

20.0

Layer 2 Switching

Spanning Tree Protocol

Standard 802.1d Spanning Tree support

Fast convergence using 802.1w (Rapid Spanning Tree [RSTP]),enabled by default

Multiple Spanning Tree instances using 802.1s (MSTP); 8instances are supported

Per-VLAN Spanning Tree Plus (PVST+) and Rapid PVST+(RPVST+); 126 instances are supported

Port grouping/link aggregation

Support for IEEE 802.3ad Link Aggregation Control Protocol(LACP)

• Up to 8 groups

• Up to 8 ports per group with 16 candidate ports for each(dynamic) 802.3ad link aggregation

VLAN

Support for up to 4,094 VLANs simultaneously

Port-based and 802.1Q tag-based VLANs; MAC-based VLAN;protocol-based VLAN; IP subnet-based VLAN

Management VLAN

Private VLAN with promiscuous, isolated, and community port

Private VLAN Edge (PVE), also known as protected ports, withmultiple uplinks

Guest VLAN, unauthenticated VLAN

Dynamic VLAN assignment via RADIUS server along with 802.1xclient authentication

CPE VLAN

Voice VLAN

Voice traffic is automatically assigned to a voice-specificVLAN and treated with appropriate levels of QoS. Auto voice capabilitiesdeliver network wide zero-touch deployment of voice endpoints and call controldevices

Multicast TV VLAN

Multicast TV VLAN allows the single multicast VLAN to beshared in the network while subscribers remain in separate VLANs. This featureis also known as Multicast VLAN Registration (MVR)

VLAN Translation

Support for VLAN One-to-One Mapping. In VLAN One-to-OneMapping, on an edge interface customer VLANs (C-VLANs) are mapped to serviceprovider VLANs (S-VLANs) and the original C-VLAN tags are replaced by thespecified S-VLAN

Q-in-Q

VLANs transparently cross a service provider network whileisolating traffic among customers

Selective Q-in-Q

Selective Q-in-Q is an enhancement to the basic Q-in-Qfeature and provides, per edge interface, multiple mappings of differentC-VLANs to separate S-VLANs

Selective Q-in-Q also allows configuring of Ethertype (TagProtocol Identifier [TPID]) of the S-VLAN tag

Layer 2 protocol tunneling over Q-in-Q is also supported

Generic VLAN Registration Protocol (GVRP)/Generic AttributeRegistration Protocol (GARP)

Generic VLAN Registration Protocol (GVRP) and GenericAttribute Registration Protocol (GARP) enable automatic propagation andconfiguration of VLANs in a bridged domain

Unidirectional Link Detection (UDLD)

UDLD monitors physical connection to detect unidirectionallinks caused by incorrect wiring or cable/port faults to prevent forwardingloops and black holing of traffic in switched networks

Dynamic Host Configuration Protocol (DHCP) Relay at Layer 2

Relay of DHCP traffic to DHCP server in different VLAN;works with DHCP Option 82

Internet Group Management Protocol (IGMP) versions 1, 2, and3 snooping

IGMP limits bandwidth-intensive multicast traffic to onlythe requesters; supports 2K multicast groups (source-specific multicasting isalso supported)

IGMP Querier

IGMP querier is used to support a Layer 2 multicast domainof snooping switches in the absence of a multicast router

Head-of-Line (HOL) blocking

HOL blocking prevention

Loopback Detection

Loopback detection provides protection against loops bytransmitting loop protocol packets out of ports on which loop protection hasbeen enabled. It operates independently of STP

Layer 3

IPv4 routing

Wirespeed routing of IPv4 packets

Up to 990 static routes and up to 128 IP interfaces

IPv6 routing

Wirespeed routing of IPv6 packets

Layer 3 Interface

Configuration of Layer 3 interface on physical port, LinkAggregation (LAG), VLAN interface, or loopback interface

Classless Interdomain Routing (CIDR)

Support for classless interdomain routing

Policy-Based Routing (PBR)

Flexible routing control to direct packets to different nexthop based on IPv4 or IPv6 Access Control List (ACL)

DHCP Server

Switch functions as an IPv4 DHCP server serving IP addressesfor multiple DHCP pools/scopes

Support for DHCP options

DHCP relay at Layer 3

Relay of DHCP traffic across IP domains

User Datagram Protocol (UDP) relay

Relay of broadcast information across Layer 3 domains forapplication discovery or relaying of Bootstrap Protocol (BOOTP)/DHCP packets

Stacking

Hardware stacking

Up to 4 units in a stack. Up to 200 ports managed as asingle system with hardware failover

Stacking is supported on the following models

CBS350-24T-4X, CBS350-24P-4X, CBS350-24FP-4X, CBS350-48T-4X,CBS350-48P-4X, CBS350-48FP-4X

CBS350-8MP-2X, CBS350-24MGP-4X, CBS350-12NP-4X,CBS350-24NGP-4X, CBS350-48NGP-4X

CBS350-8XT, CBS350-12XS, CBS350-12XT, CBS350-16XTS,CBS350-24XS, CBS350-24XT, CBS350-24XTS, CBS350-48XT-4X

High availability

Fast stack failover delivers minimal traffic loss. Supportlink aggregation across multiple units in a stack

Plug-and-play stacking configuration/management

Master/backup for resilient stack control

Autonumbering

Hot swap of units in stack

Ring and chain stacking options, auto stacking port speed,flexible stacking port options

High-speed stack interconnects

Cost-effective high-speed 10G fiber interfaces.

Security

Secure Shell (SSH) Protocol

SSH is a secure replacement for Telnet traffic. Secure CopyProtocol (SCP) also uses SSH. SSH v1 and v2 are supported

Secure Sockets Layer (SSL)

SSL support: Encrypts all HTTPS traffic, allowing highlysecure access to the browser-based management GUI in the switch

IEEE 802.1X (Authenticator role)

802.1X: Remote Authentication Dial-In User Service (RADIUS)authentication and accounting, MD5 hash; guest VLAN; unauthenticated VLAN,single/multiple host mode and single/multiple sessions

Supports time-based 802.1X; dynamic VLAN assignment

Web-based authentication

Web-based authentication provides network admission controlthrough web browser to any host devices and operating systems

STP Bridge Protocol Data Unit (BPDU) Guard

A security mechanism to protect the network from invalidconfigurations. A port enabled for BPDU Guard is shut down if a BPDU message isreceived on that port. This avoids accidental topology loops

STP Root Guard

This prevents edge devices not in the networkadministrator’s control from becoming Spanning Tree Protocol root nodes

STP loopback guard

Provides additional protection against Layer 2 forwardingloops (STP loops)

DHCP snooping

Filters out DHCP messages with unregistered IP addressesand/or from unexpected or untrusted interfaces. This prevents rogue devicesfrom behaving as DHCP Servers.

IP Source Guard (IPSG)

When IP Source Guard is enabled at a port, the switchfilters out IP packets received from the port if the source IP addresses of thepackets have not been statically configured or dynamically learned from DHCPsnooping. This prevents IP address spoofing.

Dynamic ARP Inspection (DAI)

The switch discards ARP packets from a port if there are nostatic or dynamic IP/MAC bindings or if there is a discrepancy between thesource or destination addresses in the ARP packet. This preventsman-in-the-middle attacks.

IP/MAC/Port Binding (IPMB)

The preceding features (DHCP Snooping, IP Source Guard, andDynamic ARP Inspection) work together to prevent DOS attacks in the network,thereby increasing network availability

Secure Core Technology (SCT)

Makes sure that the switch will receive and processmanagement and protocol traffic no matter how much traffic is received

Secure Sensitive Data (SSD)

A mechanism to manage sensitive data (such as passwords,keys, and so on) securely on the switch, populating this data to other devices,and secure autoconfig. Access to view the sensitive data as plaintext orencrypted is provided according to the user-configured access level and theaccess method of the user.

Trustworthy systems

Trustworthy systems provide a highly secure foundation forCisco products

Run-time defenses (Executable Space Protection [X-Space],Address Space Layout Randomization [ASLR], Built-In Object Size Checking[BOSC])

Private VLAN

Private VLAN provides security and isolation between switchports, which helps ensure that users cannot snoop on other users’ traffic;supports multiple uplinks

Layer 2 isolation Private VLAN Edge (PVE) with communityVLAN

PVE (also known as protected ports) provides Layer 2isolation between devices in the same VLAN, supports multiple uplinks

Port security

Ability to lock source MAC addresses to ports and limits thenumber of learned MAC addresses

RADIUS/TACACS+

Supports RADIUS and TACACS authentication. Switch functionsas a client

RADIUS accounting

The RADIUS accounting functions allow data to be sent at thestart and end of services, indicating the amount of resources (such as time,packets, bytes, and so on) used during the session

Storm control

Broadcast, multicast, and unknown unicast

DoS prevention

Denial-of-Service (DOS) attack prevention

Multiple user privilege levels in CLI

Level 1, 7, and 15 privilege levels

ACLs

Support for up to 1,024 rules

Drop or rate limit based on source and destination MAC, VLANID, IPv4 or IPv6 address, IPv6 flow label, protocol, port, DifferentiatedServices Code Point (DSCP)/IP precedence, Transmission Control Protocol/UserDatagram Protocol (TCP/UDP) source and destination ports, 802.1p priority,Ethernet type, Internet Control Message Protocol (ICMP) packets, IGMP packets,TCP flag; ACL can be applied on both ingress and egress sides

Time-based ACLs supported

Quality of Service

Priority levels

8 hardware queues

Scheduling

Strict priority and Weighted Round-Robin (WRR)

Class of service

Port based; 802.1p VLAN priority-based; IPv4/v6 IPprecedence/Type of Service (ToS)/DSCP-based; Differentiated Services(DiffServ); classification and remarking ACLs, trusted QoS

Queue assignment based on DSCP and class of service(802.1p/CoS)

Rate limiting

Ingress policer; egress shaping and rate control; per VLAN,per port, and flow based; 2R3C policing

Congestion avoidance

A TCP congestion avoidance algorithm is required to minimizeand prevent global TCP loss synchronization

iSCSI traffic optimization

A mechanism for giving priority to iSCSI traffic over othertypes of traffic

Standards

IEEE 802.3 10BASE-T Ethernet, IEEE 802.3u 100BASE-TX FastEthernet, IEEE 802.3ab 1000BASE-T Gigabit Ethernet, IEEE 802.3ad LinkAggregation Control Protocol, IEEE 802.3z Gigabit Ethernet, IEEE 802.3ae 10Gbit/s Ethernet over fiber for LAN, IEEE 802.3an 10GBase-T 10 Gbit/s Ethernetover copper twisted pair cable, IEEE 802.3x Flow Control, IEEE 802.1D (STP, GARP,and GVRP), IEEE 802.1Q/p VLAN, IEEE 802.1w Rapid STP, IEEE 802.1s Multiple STP,IEEE 802.1X Port Access Authentication, IEEE 802.3af, IEEE 802.3at, IEEE802.1AB Link Layer Discovery Protocol, IEEE 802.3az Energy Efficient Ethernet,RFC 768, RFC 783, RFC 791, RFC 792, RFC 793, RFC 813, RFC 826, RFC 879, RFC896, RFC 854, RFC 855, RFC 856, RFC 858, RFC 894, RFC 919, RFC 920, RFC 922,RFC 950, RFC 951, RFC 1042, RFC 1071, RFC 1123, RFC 1141, RFC 1155, RFC 1157,RFC 1213, RFC 1215, RFC 1286, RFC 1350, RFC 1442, RFC 1451, RFC 1493, RFC 1533,RFC 1541, RFC 1542, RFC 1573, RFC 1624, RFC 1643, RFC 1700, RFC 1757, RFC 1867,RFC 1907, RFC 2011, RFC 2012, RFC 2013, RFC 2030, RFC 2131, RFC 2132, RFC 2233,RFC 2576, RFC 2616, RFC 2618, RFC 2665, RFC 2666, RFC 2674, RFC 2737, RFC 2819,RFC 2863, RFC 3164, RFC 3176, RFC 3411, RFC 3412, RFC 3413, RFC 3414, RFC 3415,RFC 3416, RFC 4330

IPv6

IPv6

IPv6 host mode; IPv6 over Ethernet; Dual IPv6/IPv4 stack

IPv6 neighbor and router discovery (ND); IPv6 statelessaddress autoconfiguration; Path Maximum Transmission Unit (MTU) discovery

Duplicate Address Detection (DAD); ICMP version 6

DHCPv6 stateful client

IPv6 over IPv4 network with Intrasite Automatic TunnelAddressing Protocol (ISATAP) tunnel support

USGv6 and IPv6 Gold Logo certified

IPv6 QoS

Prioritize IPv6 packets in hardware

IPv6 ACL

Drop or rate limit IPv6 packets in hardware

IPv6 First Hop Security

RA guard

ND inspection

DHCPv6 guard

Neighbor binding table (snooping and static entries)

Neighbor binding integrity check

Multicast Listener Discovery (MLD v1/2) snooping

Deliver IPv6 multicast packets only to the requiredreceivers

IPv6 applications

Web/SSL, Telnet server/SSH, ping, traceroute, Simple NetworkTime Protocol (SNTP), Trivial File Transfer Protocol (TFTP), SNMP, RADIUS,syslog, Domain Name System (DNS) client, Telnet Client, DHCP Client, DHCPAutoconfig, IPv6 DHCP Relay, Terminal Access Controller Access Control SystemPlus (TACACS+)

IPv6 RFCs supported

RFC 4443 (which obsoletes RFC2463): ICMP version 6

RFC 4291 (which obsoletes RFC 3513): IPv6 addressarchitecture

RFC 4291: IPv6 addressing architecture

RFC 2460: IPv6 specification

RFC 4861 (which obsoletes RFC 2461): neighbor discovery forIPv6

RFC 4862 (which obsoletes RFC 2462): IPv6 stateless addressautoconfiguration

RFC 1981: path MTU discovery

RFC 4007: IPv6 scoped address architecture

RFC 3484: default address selection mechanism

RFC 5214 (which obsoletes RFC 4214): ISATAP tunneling

RFC 4293: MIB IPv6: textual conventions and general group

RFC 3595: textual conventions for IPv6 flow label

Management

Web user interface

Built-in switch configuration utility for easy browser-baseddevice configuration (HTTP/HTTPS).

Supports simple and advanced mode, configuration, wizards,customizable dashboard, system maintenance, monitoring, online help, anduniversal search

SNMP

SNMP versions 1, 2c, and 3 with support for traps, and SNMPversion 3 User-based Security Model (USM)

Standard Management Information Bases (MIBs)

lldp-MIB

lldpextdot1-MIB

lldpextdot3-MIB

lldpextmed-MIB

rfc2674-MIB

rfc2575-MIB

rfc2573-MIB

rfc2233-MIB

rfc2013-MIB

rfc2012-MIB

rfc2011-MIB

RFC-1212

RFC-1215

SNMPv2-CONF

SNMPv2-TC

p-bridge-MIB

q-bridge-MIB

rfc1389-MIB

rfc1493-MIB

rfc1611-MIB

rfc1612-MIB

rfc1850-MIB

rfc1907-MIB

rfc2571-MIB

rfc2572-MIB

rfc2574-MIB

rfc2576-MIB

rfc2613-MIB

rfc2665-MIB

rfc2668-MIB

rfc2737-MIB

rfc2925-MIB

rfc3621-MIB

rfc4668-MIB

rfc4670-MIB

trunk-MIB

tunnel-MIB

udp-MIB

ianaifty-MIB

ianaprot-MIB

ip-forward-MIB

ip-MIB

RFC1155-SMI

RFC1213-MIB

SNMPv2-MIB

SNMPv2-SMI

SNMPv2-TM

RMON-MIB

rfc1724-MIB

rfc1213-MIB

rfc1757-MIB

Private MIBs

CISCOSB-MIB

CISCOSB-ssh-MIB

CISCOSB-phy-MIB

CISCOSB-mri-MIB

CISCOSB-cli-MIB

CISCOSB-cdb-MIB

CISCOSB-tbi-MIB

CISCOSB-env_mib

CISCOSB-aaa-MIB

CISCOSB-dlf-MIB

CISCOSB-fft-MIB

CISCOSB-ip-MIB

CISCOSB-mng-MIB

CISCOSB-PoE-MIB

CISCOSB-udp-MIB

CISCOSB-eee-MIB

CISCOSB-ssl-MIB

CISCOSB-tbp-MIB

CISCOSMB-MIB

CISCO-SMI-MIB

CISCOSB-CDP-MIB

CISCOSB-sct-MIB

CISCO-TC-MIB

CISCO-VTP-MIB

CISCO-CDP-MIB

Remote Monitoring (RMON)

Embedded RMON software agent supports 4 RMON groups(history, statistics, alarms, and events) for enhanced traffic management,monitoring, and analysis

IPv4 and IPv6 dual stack

Coexistence of both protocol stacks to ease migration

Firmware upgrade

Web browser upgrade (HTTP/HTTPS) and TFTP and upgrade overSCP running over SSH

Dual images for resilient firmware upgrades

Port mirroring

Traffic on a port can be mirrored to another port foranalysis with a network analyzer or RMON probe. Up to 8 source ports can bemirrored to one destination port.

VLAN mirroring

Traffic from a VLAN can be mirrored to a port for analysiswith a network analyzer or RMON probe. Up to 8 source VLANs can be mirrored toone destination port.

DHCP (options 12, 66, 67, 82, 129, and 150)

DHCP options facilitate tighter control from a central point(DHCP server) to obtain IP address, autoconfiguration (with configuration filedownload), DHCP relay, and hostname

Secure Copy (SCP)

Securely transfer files to and from the switch

Autoconfiguration with Secure Copy (SCP) file download

Enables secure mass deployment with protection of sensitivedata

Text-editable config files

Config files can be edited with a text editor and downloadedto another switch, facilitating easier mass deployment

Smartports

Simplified configuration of QoS and security capabilities

Auto Smartports

Applies the intelligence delivered through the Smartportroles and applies it automatically to the port based on the devices discoveredover Cisco Discovery Protocol or LLDP-MED. This facilitates zero-touchdeployments

Textview CLI

Scriptable command-line interface. A full CLI as well as amenu-based CLI is supported. User privilege levels 1, 7, and 15 are supportedfor the CLI

Cloud services

Support for Cisco Business Dashboard and Cisco ActiveAdvisor

Embedded Probe for Cisco Business Dashboard

Support for embedded probe for Cisco Business Dashboardrunning on the switch. Eliminates the need to set up a separate hardware orvirtual machine for the Cisco Business Dashboard Probe on site.

Cisco Network Plug and Play (PnP) agent

The Cisco Network Plug and Play solution provides a simple,secure, unified, and integrated offering to ease new branch or campus devicerollouts or for provisioning updates to an existing network. The solutionprovides a unified approach to provision Cisco routers, switches, and wirelessdevices with a near-zero-touch deployment experience

Supports Cisco PnP Connect

Localization

Localization of GUI and documentation into multiplelanguages

Login banner

Configurable multiple banners for web as well as CLI

Other management

Traceroute; single IP management; HTTP/HTTPS; SSH; RADIUS;port mirroring; TFTP upgrade; DHCP client; BOOTP; SNTP; Xmodem upgrade; cablediagnostics; ping; syslog; Telnet client (SSH secure support); automatic timesettings from Management Station

Green (power efficiency)

Energy Detect

Automatically turns power off on RJ-45 port when detectinglink down. Active mode is resumed without loss of any packets when the switchdetects the link up

Cable length detection

Adjusts the signal strength based on the cable length.Reduces the power consumption for shorter cables.

EEE Compliant (802.3az)

Supports IEEE 802.3az on all copper Gigabit Ethernet ports

Disable port LEDs

LEDs can be manually turned off to save on energy

Time-based port operation

Link up or down based on user-defined schedule (when theport is administratively up)

Time-based PoE

PoE power can be on or off based on user-defined schedule tosave energy

General

Jumbo frames

Frame sizes up to 9K bytes. The default MTU is 2K bytes

MAC table

16K addresses

Discovery

Bonjour

The switch advertises itself using the Bonjour protocol

Link Layer Discovery Protocol (LLDP) (802.1ab) with LLDP‑MEDextensions

LLDP allows the switch to advertise its identification,configuration, and capabilities to neighboring devices that store the data in aMIB. LLDP-MED is an enhancement to LLDP that adds the extensions needed for IPphones

Cisco Discovery Protocol

The switch advertises itself using the Cisco DiscoveryProtocol. It also learns the connected device and its characteristics via CiscoDiscovery Protocol

Power Consumption

(Worst Case)

System Power Consumption

110V=12.55W

220V=12.56W

Heat Dissipation (BTU/hr)

42.86

Ports

Total System Ports

10 Gigabit Ethernet

RJ-45 Ports

8 Gigabit Ethernet

Combo Ports(RJ 45 + Small form-factor pluggable [SFP])

2 Gigabit Ethernet combo

Console port

Cisco Standard mini USB Type-B / RJ45 console port

USB slot

USB Type-A slot on the front panel of the switch for easyfile and image management

Buttons

Reset button

Cabling type

Unshielded Twisted Pair (UTP) Category 5e or better for1000BASE-T

LEDs

System, Link/Act, PoE, Speed

Flash

256 MB

CPU

800 MHz ARM

DRAM

512 MB

Packet buffer

All numbers are aggregate across all ports as the buffersare dynamically shared:

Packet Buffer

1.5 MB

Supported SFP modules

MGBSX1

Multimode fiber

1000 Mbps

500 m

MGBLX1

Single-mode fiber

1000 Mbps

10 km

MGBLH1

Single-mode fiber

1000 Mbps

40 km

MGBT1

UTP cat 5e

1000 Mbps

100 m

GLC-SX-MMD

Multimode fiber

1000 Mbps

550 m

GLC-LH-SMD

Single-mode fiber

1000 Mbps

10 km

GLC-BX-U

Single-mode fiber

1000 Mbps

10 km

GLC-BX-D

Single-mode fiber

1000 Mbps

10 km

GLC-TE

UTP cat 5e

1000 Mbps

100 m

SFP-H10GB-CU1M

Copper coax

10 Gig

1 m

SFP-H10GB-CU3M

Copper coax

10 Gig

3 m

SFP-H10GB-CU5M

Copper coax

10 Gig

5 m

SFP-10G-SR

Multimode fiber

10 Gig

26 m - 400 m

SFP-10G-LR

Single-mode fiber

10 Gig

10 km

SFP-10G-SR-S

Multimode fiber

10 Gig

26 m - 400 m

SFP-10G-LR-S

Single-mode fiber

10 Gig

10 km

Environmental

Unit Dimensions

268 x 185 x 44 mm (10.56 x 7.28 x 1.73 in)

Unit Weight

1.7 kg (3.75 lb)

Power

100-240V 50-60 Hz, external

Certification

UL (UL 60950), CSA (CSA 22.2), CE mark, FCC Part 15 (CFR 47)Class A

Environment

Operating temperature

23° to 122°F (-5° to 50°C)

Storage temperature

-13° to 158°F (-25° to 70°C)

Operating humidity

10% to 90%, relative, noncondensing

Storage humidity

10% to 90%, relative, noncondensing

Acoustic noise and Mean Time Between Failure (MTBF)

FAN (Number)

Fanless

Acoustic Noise

N/A

MTBF at 25°C (hours)

2,171,669

Minimum Requirements

Web browser: Chrome, Firefox, Edge, Safari

Category 5e Ethernet network cable

TCP/IP, network adapter, and network operating system (suchas Microsoft Windows, Linux, or Mac OS X) installed

Package Contents

Cisco Business 350 Series Managed Switch

Power Cord (Power adapter for select 8-port and 16-portSKUs)

Mounting Kit

Quick Start Guide