Skip to content
Click here to open the documentation of locally-managed switches, including the CLI and API guides.

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=switch-management-ports

Port settings

The Port settings page allows the configuration of individual switch ports and displays information for each port.

Basic settings

The basic information displayed for each port is as follows:

  • Port: Shows the port number.
  • Label: Shows the label, if any, assigned to the port.

  • Flow control: Shows the current flow control status of the port. The possible settings are as follows:

    • Enabled: Flow control is turned on.
    • Disabled: Flow control is turned off.
    • Not set: Use flow control settings from the local switch configuration.

  • Speed/Duplex: Show the port's current speed and duplex setting. The possible settings are as follows:

    • Auto: Automatically negotiates the speed and duplex settings between connected ports.
    • 10M/Half: Ten Mbps, half-duplex.
    • 10M/Full: Ten Mbps, full-duplex.
    • 100M/Half: One hundred Mbps, half-duplex.
    • 100M/Full: One hundred Mbps, full-duplex.
    • 1G/Full: One Gbps, full-duplex.
    • Disabled: Turns off the port.
    • Not set: Use speed and duplex settings from the local switch configuration.

  • Untagged VLAN: Shows the untagged VLAN assigned to the port. You can only assign one untagged VLAN to a port.

  • Tagged VLAN: Shows the tagged VLANs assigned to the port. You can assign multiple tagged VLANs to a single port.
  • Configuration source: This shows the origin of the port's configuration.
  • Conflicts: Shows conflicts between the Sophos Central and local switch configuration.

You can combine multiple Ethernet or SFP links into a single logical link between two network devices for greater throughput and high availability. You can also configure different port speeds for the LAG ports, which you can use to create VLAN configurations at the site or switch level.

Click LAG ports to view the LAG ports.

In addition to the basic settings displayed for each port, the Member ports column shows the ports included in each LAG port.

Click a LAG port to configure the following settings:

  • Type: Choose the type of LAG port from the following options:

    • Not set: Use LAG port settings from the local switch configuration.
    • Disabled: The LAG port is turned off.
    • Static: The LAG port is turned on with the Flow control and Speed/Duplex settings you specify.
    • LACP: Recommended. The LAG port is turned on and Link Aggregation Control Protocol (LACP) controls the LAG settings. See LACP.

  • Ports: Select at least two ports you want to include in the LAG port.

Click Save to save your settings and create the LAG port.

Click LACP settings to configure the following LACP settings:

  • System priority: The system's LACP priority. The device with the lowest system priority decides which ports participate in the LAG port. It must be between 0 and 65535. The default is 32768.

  • System policy: Determines how the LAG port distributes the network traffic. Choose from the following options:

    • src-mac: The switch distributes traffic using the source MAC address. Packets from different hosts use different ports in the channel, but packets from the same host use the same port.
    • dest-mac: The switch distributes traffic using the destination MAC address. Packets to the same destination use the same port, but packets to different destinations use different ports.
    • src-dest-mac: The switch distributes traffic based on the source and destination MAC addresses.
    • src-ip: The switch distributes traffic using the source IP address.
    • dest-ip: The switch distributes traffic using the destination IP address.
    • src-dest-ip: The switch distributes traffic using the source and destination IP addresses.
    • dest-l4-port: The switch distributes traffic using the destination Layer 4 port.
    • src-l4-port: The switch distributes traffic using the source Layer 4 port.

You can also configure the timeout for each port in LACP settings. The timeout determines how frequently LACP protocol data units (PDUs) are sent between peers and how long a link can go without receiving a packet before another link is chosen. Choose from the following values:

  • Not set: Use the LACP timeout setting configured locally on the switch.
  • Short: Sends an LACP PDU every second, and the timeout value is three seconds.
  • Long: Sends an LACP PDU every 30 seconds, and the timeout value is 90 seconds.

Advanced settings

Using Advanced settings, you can configure Port isolation, EEE, and Jumbo frame settings per port.

  • Port isolation: When you turn on Port isolation, the switch port can only communicate with upstream ports. Downstream communication isn't allowed.
  • EEE: Energy Efficient Ethernet (EEE) is an IEEE 802.3az standard that reduces the power consumption of physical devices during periods of low link utilization.

  • Jumbo frame: Jumbo frames allow the transmission of packets larger than the standard ethernet maximum transmission unit (MTU) size of 1,500 bytes, extending the ethernet packet size to 10,000 bytes.

    The switch supports jumbo frame sizes up to 10,240 bytes. You must configure jumbo frames on all devices in the network, and you must ensure that none of them exceed the maximum jumbo frame size.

To configure advanced port settings, do as follows:

  1. Click Advanced settings.
  2. In the ports table, find the port you want to configure.

  3. Using the drop-down menu, set the Isolation status. The following options are available:

    • Enable: Port is isolated.
    • Disable: Port isn't isolated.
    • Not set: Use the Isolation status settings configured locally on the switch.

    Set port isolation status.

  4. Using the drop-down menu, set the EEE status. The following options are available:

    • Enable: Turn on EEE.
    • Disable: Turn off EEE.
    • Not set: Use the EEE settings configured locally on the switch.

    Set EEE status.

  5. Enter the maximum frame size in bytes to configure the Jumbo frame. The available range is 1,522 to 10,240.

    Set jumbo frame.

To display the Jumbo frames size for all ports, click the cog Cog. at the top of the column and turn on Show per port setting.

Show jumbo frame per port.

Port mirroring

You can configure port mirroring on Sophos Switch. Port mirroring allows the switch to send traffic to multiple ports without affecting the device on the original destination port.

You can configure the following settings:

  • Session ID: A number identifying the mirror session.
  • Destination port: The port to which you want to send mirrored traffic.
  • Egress: Mirrors traffic originating from the selected ports and sends it to the destination port.
  • Ingress: Mirrors traffic destined for the selected ports and sends it to the destination port.
  • Ingress and Egress: Turn on or off packet ingress to the destination port.
  • Session status: Turns the session on or off. Choose Not set to use settings configured locally on the switch.
  • Configuration source: This shows whether the configuration came from Sophos Central or locally from the switch.

After you configure your port mirroring settings, click Update to save your changes.

Click Clear to remove all port mirroring settings.

Loopback detection

Loopback detection (LBD) protects against loops by sending loop protocol packets out of ports with loop protection turned on. When a switch receives a loop protocol packet that it sent, it shuts down the port that received the packet.

To turn LBD on or off, set Status to On or Off. Choose Not set to use settings configured locally on the switch.

After turning LBD on or off, click Update to save your changes.

You can see the status of LBD ports and whether or not they're shut down by LBD.

PoE

The PoE tab lets you manage and monitor the PoE port settings for your switches.

Power budget

You can set and monitor the total power available from the switch.

Total power budget lets you enter the amount of power the switch can provide to all PoE ports. Enter the total amount of power you want the switch to provide to devices and click Update.

Configuration source shows the origin of the PoE settings.

PoE port settings

The PoE port settings tab shows the switch's PoE port settings.

To change the PoE settings for the switch's ports, use the drop-down lists for each port and feature you want to configure. Make your changes, then click Update to save the settings.

Tip

When you configure PoE settings at the site level, the confirmation window includes a drop-down list that lets you see, select, and deselect the switches to which the configuration applies.

You can configure the following PoE port settings:

  • Port: The number of the port on the switch. The switch assigns these PoE parameters to the powered device connected to the selected port.

  • Enabled: This shows whether LLDP is turned on or off for the specified port. LLDP lets the switch discover powered devices and learn their classification.

    • Enable: LLDP is on, and the port provides power to the powered device.
    • Disable: LLDP is off, and the port has stopped delivering power to the powered device.
    • Not set: Use LLDP settings from the local switch configuration.

  • Priority: Select the port priority. The priority helps the switch decide which ports to power when the power supply is limited. For example, if the power supply runs at 99% usage, and Port 1's priority is high, but Port 6's priority is low, then Port 1 is prioritized to receive power, and the switch may stop powering Port 6. Choose from the following settings:

    • Low: These ports are the first to have PoE power turned off when the power supply is limited.
    • Medium: The default setting. The switch stops powering these ports if it's still low on power after turning off all low-priority ports.
    • High: The switch stops powering these ports if it's still low on power after turning off all low-priority and medium-priority ports.
    • Critical: When the power supply is limited, the switch maintains power for these ports by turning off PoE power for all other ports in order of priority.
    • Not set: Use the priority setting from the local switch configuration.

  • Power limit type: Choose how the switch limits PoE to individual ports. Choose from the following settings:

    • Auto: The switch assigns a class to the port that defines the maximum power it can provide to the powered device.
    • Manual: Lets you manually set the User power limit (W).
    • Not set: Use the power limit setting from the local switch configuration.

  • User power limit (W): The maximum power, in watts, that the switch can deliver to the specified port.

  • Status: Shows the port's PoE status. It can be one of the following statuses:

    • Searching: The default status. The switch is currently searching for a powered device.
    • Delivering: The port is delivering power to the powered device.
    • Disabled: PoE is turned off for the specified port.
    • Testing: The switch is testing the powered device. For example, to confirm a powered device receives power from the power supply.
    • Test Fail: The powered device has failed the test. For example, a port can't have PoE turned on and can't deliver power to the powered device.
    • Fault: The switch has detected a fault on the powered device when it forces the port on. For example, if the power supply voltage is out of range, a short occurs, or a communication error with the powered devices occurs.

  • Class: Shows the maximum power the Power Sourcing Equipment can deliver to the powered device. The maximum power for each class is as follows:

    • Class 0: 15.4 watts.
    • Class 1: 4.0 watts.
    • Class 2: 7.0 watts.
    • Class 3: 15.4 watts.
    • Class 4: 30.0 watts.
    • Class 5: 45.0 watts.

  • Output voltage (V): The voltage, in volts, being delivered to the powered device.

  • Output current (mA): The current, in milliamps, being delivered to the powered device.
  • Output power (W): The total power, in watts, being delivered to the powered device.
  • Configuration source: Shows the origin of the port's PoE settings.

PoE keepalive

PoE keepalive allows the switch to check the status of powered devices and restart them by cycling the PoE power to the port. You can set PoE keepalive globally or individually per PoE port.

Global settings

Select On or Off to turn PoE keepalive on or off globally.

Configuration source shows the origin of the PoE keepalive settings shown.

Advanced configuration

You can configure and monitor PoE keepalive settings for individual ports on the Advanced configuration tab. You can sort each setting by clicking the column header.

To change the PoE settings for the switch's ports, select the ports you want to configure and click Edit. Make your changes, then click Apply to save the settings.

The PoE keepalive settings are as follows:

  • Port: The number of the port on the switch.
  • Status: This shows whether PoE keepalive is turned on or off for the specified port.

  • Mode: The PoE keepalive mode for the specified port. Choose from the following settings:

    • Auto: The switch uses LLDP to check the status of a powered device. It switches to ping when it can't reach the powered device using LLDP.
    • Force Ping: The switch pings the powered device to determine its online status.
    • Not set: Use the PoE keepalive mode from the local switch configuration.

  • IP address: You can specify an IP address for the switch to check for PoE keepalive mode.

  • Ping interval: The time, in seconds, between pings. It must be between 1 and 3600.
  • Ping: Maximum number: The maximum number of failed pings before the switch restarts the powered device. It must be between 1 and 255.

  • Action type: The response to take when a powered device goes offline. Choose from the following options:

    • Reboot with Syslog: The switch restarts the powered device and generates a syslog message.
    • Syslog: The switch generates a syslog message when a powered device goes offline but doesn't restart it.
    • Not set: Use the action type from the local switch configuration.

  • Power recovery interval: The time, in seconds, that the switch turns off PoE to the port during a restart. It must be between 1 and 600.

  • Maximum number of restarts: The maximum restart attempts when a powered device remains offline. You can uncheck the box to allow the switch to restart unresponsive powered devices continuously.
  • Restart count: The number of times the switch has tried restarting a powered device.
  • PoE startup time: The time, in seconds, after a restart before the switch starts checking the status of a powered device. It must be between 50 and 1200.
  • LLDP retention time: The amount of time, in seconds, the switch keeps LLDP packets before they expire. It must be between 30 and 600.
  • Configuration source shows the origin of the PoE keepalive settings shown.