Skip to content
Click here to open the documentation of locally-managed switches, including the CLI and API guides.

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=switch-management-discovery

Discovery

Use the Discovery tab to view and configure Cisco Discovery Protocol (CDP), Link Layer Discovery Protocol (LLDP), and the MAC, ARP, and Neighbor tables.

Settings

Use the Settings tab to configure CDP and LLDP global settings.

CDP settings

Cisco Discovery Protocol (CDP) is a proprietary protocol for collecting device information from devices connected directly to Sophos Switch.

Settings with Not set as the value aren't configured in Sophos Central. The switch uses its local configuration.

Select Enabled or Disabled to turn the following settings on or off:

  • Status: Turn CDP on or off.
  • Voice VLAN advertisement: The switch advertises the voice VLAN on all CDP-enabled ports that are members of the voice VLAN.
  • Mandatory TLV validation: The switch discards incoming CDP packets that don't contain the mandatory TLVs.
  • Notify voice VLAN mismatch: The switch generates a syslog message if the voice VLAN information in the incoming frame and the local device don't match.
  • Notify VLAN mismatch: The switch generates a syslog message if the native VLAN information in the incoming frame and the local device don't match.
  • Notify duplex mismatch: The switch generates a syslog message if the duplex information in the incoming frame and the local device don't match.

You can configure the following CDP settings:

  • Device ID format: Select the format of the device ID from the drop-down list. The available options are MAC address or Serial number.
  • Version: Select the CDP version from the drop-down list. The available options are v1 or v2.
  • Hold time: This is the duration in seconds that CDP packets are held before being discarded. The value must be from 10 to 255.
  • Transmission interval: The rate in seconds at which CDP advertisement updates are sent. The value must be from 5 to 254.

Configuration source shows the origin of the CDP settings.

  • Click Update to save configuration changes.
  • Click Clear to delete any unsaved changes.

LLDP settings

Link Layer Discovery Protocol (LLDP) is the IEEE 802.1AB standard for switches to advertise their identity, significant capabilities, and neighbors on the LAN.

Settings with Not set as the value aren't configured in Sophos Central. The switch uses its local configuration.

You can configure the following LLDP settings:

  • Status: Select Enabled or Disabled to turn LLDP on or off.
  • Transmission interval: The interval at which LLDP advertisement updates are sent. The default is 30. The range is from 5 to 32768.

  • Holdtime multiplier: The number of times to multiply the Transmission interval to determine how long the switch holds LLDP packets before discarding them. The default is 4. The range is from 2 to 10.

    Example

    When the Transmission interval is 30 seconds and the Holdtime multiplier is 4, then the switch discards LLDP packets after 120 seconds.

  • Reinitialization delay: The time in seconds before reinitializing LLDP. The default is 2. The range is from 1 to 10.

  • Transmit delay: The time in seconds between successive LLDP frame transmissions. The default is 2. The range is from 1 to 8191.

Configuration source shows the origin of the LLDP settings.

  • Click Update to save configuration changes.
  • Click Clear to delete any unsaved changes.

Ports

Use the Ports tab to configure CDP settings on individual ports using the drop-down lists.

Settings with Not set as the value aren't configured in Sophos Central. The switch uses its local configuration.

The following settings are available for per-port configuration:

  • CDP Status: Turn CDP on or off.
  • Notify VLAN mismatch: The switch generates a syslog message if the native VLAN information in the incoming frame and the local device don't match.
  • Notify voice VLAN mismatch: The switch generates a syslog message if the voice VLAN information in the incoming frame and the local device don't match.
  • Notify duplex mismatch: The switch generates a syslog message if the duplex information in the incoming frame and the local device don't match.

Configuration source shows the origin of the port's settings.

  • Click Update to save configuration changes.
  • Click Clear to delete any unsaved changes.

Self

On the Self tab, you can see the information the switch advertises to its neighbors in the Device details and Ports information tables.

Device details

The Device details table shows the CDP and LLDP information for the switch.

You can see the following CDP information:

  • System name: The switch's hardware name
  • Capabilites: The switch's networking capabilities
  • CDP version: The switch's CDP version
  • Platform: The switch's manufacturer and model
  • Software: The switch's firmware version

You can see the following LLDP information

  • System name: The switch's name
  • System description: The switch's hardware name
  • Chassis ID subtype: The type of information used for the Chassis ID
  • Chassis ID: The switch's chassis id
  • Port ID subtype: The type of information used for the port ID
  • Supported capabilities: The switch's networking capabilities
  • Capabilities turned on: The switch's networking capabilities that are turned on

Ports information

The Ports information table shows the configured settings for each port.

You can see the following port information:

  • Port: The port to which the settings apply
  • CDP status: Shows whether CDP is on or off
  • Device ID: The port's hardware address
  • Address: The port's IP address
  • VLAN: The port's VLAN ID
  • Voice VLAN: The voice VLAN configured on the port
  • Duplex: The port's duplex setting
  • Extended trust: Shows whether the port trusts QoS markings from neighbor devices
  • CoS for untrusted ports: Shows the CoS prioority applied to traffic on untrusted ports
  • Power consumption: The PoE power consumed by a connected device
  • Power request ID: The ID assigned during power negotiation with a connected device
  • Power management ID: The ID used to manage power allocation to a connected device
  • Available power: The PoE power the switch can deliver on that port
  • Neighbour: Shows whether the switch detects a neighbor on that port

Neighbours

On the Neighbours tab, you can see the device information of CDP- and LLDP-enabled neighbor devices connected directly to Sophos Switch. Open Shortest Path First (OSPF) uses this information when deciding on traffic routing.

CDP

The CDP table shows the following information gathered from neighbor devices:

  • Port: The port to which the neighbor is connected
  • Device ID: The neighbor's device ID
  • System name: The neighbor's name
  • Self interface: The switch's interface that connects to the neighbor
  • Version: The neighbor's CDP version
  • TTL: The Time To Live (TTL) for the neighbor's information
  • Neighbour interface: The neighbor's interface that connects to the switch
  • Address: The neighbor's IP address
  • Capabilites: The neighbor's networking capabilities
  • Software: The neighbor's software version
  • Platform: The neighbor's manufacturer and model
  • Self VLAN: The VLAN ID
  • Voice VLAN: The voice VLAN ID
  • Duplex: The neighbor's duplex setting
  • Extended trust: Shows whether the neighbor trusts QoS markings from the switch
  • CoS for untrusted ports: Shows the CoS prioority applied to traffic on untrusted ports
  • Management address: The neighbor's management IP address
  • Power consumption: The PoE power consumed by a connected device
  • Power request ID: The ID assigned during power negotiation with a connected device
  • Power management ID: The ID used to manage power allocation to a connected device
  • Available power: The PoE power the neighbor can deliver on that port

LLDP

The LLDP table shows the following information gathered from neighbor devices:

  • Port: The port to which the neighbor is connected
  • Chassis ID subtype: The type of information used for the Chassis ID
  • Chassis ID: The switch's chassis id
  • Port ID subtype: The type of information used for the Neighbour ID
  • Neighbour ID: The neighbor's hardware address
  • Neighbour IP: The neighbor's IP address
  • System name: The name configured on the neighbor device
  • System description: The neighbor's hardware name
  • Supported capabilities: The neighbor's networking capabilities
  • Capabilities turned on: The neighbor's networking capabilities that are turned on
  • TTL: The TTL for the neighbor's information
  • Auto-negotiation: The neighbor's auto-negotiation capabilities
  • Operation type: The type of LLDP operation being performed by the neighbor
  • Max frame size: The neighbor's maximum frame size
  • LAG: Shows whether the neighbor's port is part of a Link Aggregation Group (LAG)

ARP

The ARP tab shows the Address Resolution Protocol (ARP) table and allows you to manually add new ARP entries. You can also access the ARP global settings to configure how Sophos Switch sends ARP requests.

Settings with Not set as the value aren't configured in Sophos Central. The switch uses its local configuration.

You can see the following information in the ARP table:

  • IP address: The IP address learned from ARP
  • MAC address: The MAC address associated with the specified IP address
  • VLAN: The VLAN IDs associated with the specified IP address
  • Mapping: Shows whether the information was learned from ARP (dynamic), or entered manually (static)

Configuration source shows the origin of the ARP information.

  • To add a new ARP entry, click Add, enter the IP address and MAC address, select a VLAN from the drop-down list, and click Save.
  • To delete ARP entries, select the entries you want to remove and click Delete.
  • To make dynamic entries static, select the entries to want to make static and click Move to static. Static MAC addresses are kept in the MAC address table until you manually remove them.
  • Click ARP statistics to get detailed ARP traffic statistics from the switch.

To change the ARP global settings, click ARP global settings. You can change the following settings:

  • Maximum number of retries: The maximum number of times Sophos Switch will try to confirm a device is present after a failed ARP request
  • Timeout (seconds): How long the switch keeps ARP entries before removing them

Click Update to save your settings

MAC

The MAC tab shows the MAC address table and allows you to manually add new MAC entries. You can also access the MAC global settings to configure the time that MAC entries remain in the MAC address table.

You can see the following information in the MAC table:

  • MAC address: The MAC address associated with the specified IP address

  • Port: The port to which the MAC address is connected

    Note

    The switch only sends data to a device through the port to which that device is connected.

  • VLAN: The VLAN IDs associated with the specified MAC address

  • Mapping: Shows whether the information was learned from ARP (dynamic), or entered manually (static)

Configuration source shows the origin of the MAC information.

  • To add a new MAC entry, click Add, enter the MAC address, select a VLAN from the drop-down list, select the Port to which the address is connected, and click Save.
  • To delete MAC entries, select the entries you want to remove and click Delete.
  • To make dynamic entries static, select the entries to want to make static and click Move to static. Static MAC addresses are kept in the MAC address table until you manually remove them.
  • To move MAC addresses to the MAC filtering table, select the MAC address you want to move and click Move to filters. See MAC filtering.
  • To change the MAC global settings, click MAC global settings, enter the MAC aging time, and click Update.

Neighbour discovery

On the Neighbour discovery tab, you can see the Neighbor Discovery Protocol (NDP) table and can manually add new entries to the table.

You can see the following information in the neighbour discovery table:

  • IP address: The IPv6 address learned from NDP
  • MAC address: The MAC address associated with the specified IP address
  • VLAN: The VLAN IDs associated with the specified IP address
  • Mapping: Shows whether the information was learned from ARP (dynamic), or entered manually (static)

Configuration source shows the origin of the NDP information.

  • To add a new NDP entry, click Add, enter the IP address and MAC address, select a VLAN from the drop-down list, and click Save.
  • To make dynamic entries static, select the entries to want to make static and click Move to static. Static MAC addresses are kept in the MAC address table until you manually remove them.

MAC filtering

The MAC filtering tab is where you can see information about MAC addresses added to the MAC filtering list and where you add and remove devices from the list. Adding a MAC address to the MAC filtering table allows the MAC address to connect to specified VLANs and blocks it from all others.

The MAC filtering table shows the MAC address and its associated VLAN.

Configuration source shows the origin of the MAC filtering information.

  • To add a MAC address to the MAC filtering table, click Add, enter the MAC address, select the VLAN from the drop-down list, and click Save.
  • To remove MAC addresses from the MAC filtering table, select the MAC address you want to remove and click Delete.