Skip to content
Click here to open the documentation of locally-managed switches, including the CLI and API guides.

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=switch-management-ports

Port settings

The Port settings page allows the configuration of individual switch ports and displays information for each port.

Basic settings

The basic information displayed for each port is as follows:

  • Port: Shows the port number.
  • Label: Shows the label, if any, assigned to the port.

  • Flow control: Shows the current flow control status of the port. The possible settings are as follows:

    • Enabled: Flow control is turned on.
    • Disabled: Flow control is turned off.
    • Not set: Use flow control settings from the local switch configuration.

  • Speed/Duplex: Show the port's current speed and duplex setting. The possible settings are as follows:

    • Auto: Automatically negotiates the speed and duplex settings between connected ports.
    • 10M/Half: Ten Mbps, half-duplex.
    • 10M/Full: Ten Mbps, full-duplex.
    • 100M/Half: One hundred Mbps, half-duplex.
    • 100M/Full: One hundred Mbps, full-duplex.
    • 1G/Full: One Gbps, full-duplex.
    • Disabled: Turns off the port.
    • Not set: Use speed and duplex settings from the local switch configuration.

  • Untagged VLAN: Shows the untagged VLAN assigned to the port. You can only assign one untagged VLAN to a port.

  • Tagged VLAN: Shows the tagged VLANs assigned to the port. You can assign multiple tagged VLANs to a single port.
  • Configuration source: This shows the origin of the port's configuration.
  • Conflicts: Shows conflicts between the Sophos Central and local switch configuration.

You can combine multiple Ethernet or SFP links into a single logical link between two network devices for greater throughput and high availability. You can also configure different port speeds for the LAG ports, which you can use to create VLAN configurations at the site or switch level.

Click LAG ports to view the LAG ports.

In addition to the basic settings displayed for each port, the Member ports column shows the ports included in each LAG port.

Click a LAG port to configure the following settings:

  • Type: Choose the type of LAG port from the following options:

    • Not set: Use LAG port settings from the local switch configuration.
    • Disabled: The LAG port is turned off.
    • Static: The LAG port is turned on with the Flow control and Speed/Duplex settings you specify.
    • LACP: Recommended. The LAG port is turned on and Link Aggregation Control Protocol (LACP) controls the LAG settings. See LACP.

  • Ports: Select at least two ports you want to include in the LAG port.

Click Save to save your settings and create the LAG port.

Click LACP settings to configure the following LACP settings:

  • System priority: The system's LACP priority. The device with the lowest system priority decides which ports participate in the LAG port. It must be between 0 and 65535. The default is 32768.

  • System policy: Determines how the LAG port distributes the network traffic. Choose from the following options:

    • src-mac: The switch distributes traffic using the source MAC address. Packets from different hosts use different ports in the channel, but packets from the same host use the same port.
    • dest-mac: The switch distributes traffic using the destination MAC address. Packets to the same destination use the same port, but packets to different destinations use different ports.
    • src-dest-mac: The switch distributes traffic based on the source and destination MAC addresses.
    • src-ip: The switch distributes traffic using the source IP address.
    • dest-ip: The switch distributes traffic using the destination IP address.
    • src-dest-ip: The switch distributes traffic using the source and destination IP addresses.
    • dest-l4-port: The switch distributes traffic using the destination Layer 4 port.
    • src-l4-port: The switch distributes traffic using the source Layer 4 port.

You can also configure the timeout for each port in LACP settings. The timeout determines how frequently LACP protocol data units (PDUs) are sent between peers and how long a link can go without receiving a packet before another link is chosen. Choose from the following values:

  • Not set: Use the LACP timeout setting configured locally on the switch.
  • Short: Sends an LACP PDU every second, and the timeout value is three seconds.
  • Long: Sends an LACP PDU every 30 seconds, and the timeout value is 90 seconds.

Advanced settings

Using Advanced settings, you can configure Port isolation, EEE, and Jumbo frame settings per port.

  • Port isolation: When you turn on Port isolation, the switch port can only communicate with upstream ports. Downstream communication isn't allowed.
  • EEE: Energy Efficient Ethernet (EEE) is an IEEE 802.3az standard that reduces the power consumption of physical devices during periods of low link utilization.

  • Jumbo frame: Jumbo frames allow the transmission of packets larger than the standard ethernet maximum transmission unit (MTU) size of 1,500 bytes, extending the ethernet packet size to 10,000 bytes.

    The switch supports jumbo frame sizes up to 10,240 bytes. You must configure jumbo frames on all devices in the network, and you must ensure that none of them exceed the maximum jumbo frame size.

To configure advanced port settings, do as follows:

  1. Click Advanced settings.
  2. In the ports table, find the port you want to configure.

  3. Using the drop-down menu, set the Isolation status. The following options are available:

    • Enable: Port is isolated.
    • Disable: Port isn't isolated.
    • Not set: Use the Isolation status settings configured locally on the switch.

    Set port isolation status.

  4. Using the drop-down menu, set the EEE status. The following options are available:

    • Enable: Turn on EEE.
    • Disable: Turn off EEE.
    • Not set: Use the EEE settings configured locally on the switch.

    Set EEE status.

  5. Enter the maximum frame size in bytes to configure the Jumbo frame. The available range is 1,522 to 10,240.

    Set jumbo frame.

To display the Jumbo frames size for all ports, click the cog Cog. at the top of the column and turn on Show per port setting.

Show jumbo frame per port.

Port mirroring

You can configure port mirroring on Sophos Switch. Port mirroring allows the switch to send traffic to multiple ports without affecting the device on the original destination port.

You can configure the following settings:

  • Session ID: A number identifying the mirror session.
  • Destination port: The port to which you want to send mirrored traffic.
  • Egress: Mirrors traffic originating from the selected ports and sends it to the destination port.
  • Ingress: Mirrors traffic destined for the selected ports and sends it to the destination port.
  • Ingress and Egress: Turn on or off packet ingress to the destination port.
  • Session status: Turns the session on or off. Choose Not set to use settings configured locally on the switch.
  • Configuration source: This shows whether the configuration came from Sophos Central or locally from the switch.

After you configure your port mirroring settings, click Update to save your changes.

Click Clear to remove all port mirroring settings.

Loopback detection

Loopback detection (LBD) protects against loops by sending loop protocol packets out of ports with loop protection turned on. When a switch receives a loop protocol packet that it sent, it shuts down the port that received the packet.

To turn LBD on or off, set Status to On or Off. Choose Not set to use settings configured locally on the switch.

After turning LBD on or off, click Update to save your changes.

You can see the status of LBD ports and whether or not they're shut down by LBD.

PoE

The PoE tab lets you manage and monitor the PoE port settings for your switches.

Power budget

You can set and monitor the total power available from the switch.

Total power budget lets you enter the amount of power the switch can provide to all PoE ports. Enter the total amount of power you want the switch to provide to devices and click Update.

Configuration source shows the origin of the PoE settings.

PoE port settings

The PoE port settings tab shows the switch's PoE port settings.

To change the PoE settings for the switch's ports, use the drop-down lists for each port and feature you want to configure. Make your changes, then click Update to save the settings.

Tip

When you configure PoE settings at the site level, the confirmation window includes a drop-down list that lets you see, select, and deselect the switches to which the configuration applies.

You can configure the following PoE port settings:

  • Port: The number of the port on the switch. The switch assigns these PoE parameters to the powered device connected to the selected port.

  • Enabled: This shows whether LLDP is turned on or off for the specified port. LLDP lets the switch discover powered devices and learn their classification.

    • Enable: LLDP is on, and the port provides power to the powered device.
    • Disable: LLDP is off, and the port has stopped delivering power to the powered device.
    • Not set: Use LLDP settings from the local switch configuration.

  • Priority: Select the port priority. The priority helps the switch decide which ports to power when the power supply is limited. For example, if the power supply runs at 99% usage, and Port 1's priority is high, but Port 6's priority is low, then Port 1 is prioritized to receive power, and the switch may stop powering Port 6. Choose from the following settings:

    • Low: These ports are the first to have PoE power turned off when the power supply is limited.
    • Medium: The default setting. The switch stops powering these ports if it's still low on power after turning off all low-priority ports.
    • High: The switch stops powering these ports if it's still low on power after turning off all low-priority and medium-priority ports.
    • Critical: When the power supply is limited, the switch maintains power for these ports by turning off PoE power for all other ports in order of priority.
    • Not set: Use the priority setting from the local switch configuration.

  • Power limit type: Choose how the switch limits PoE to individual ports. Choose from the following settings:

    • Auto: The switch assigns a class to the port that defines the maximum power it can provide to the powered device.
    • Manual: Lets you manually set the User power limit (W).
    • Not set: Use the power limit setting from the local switch configuration.

  • User power limit (W): The maximum power, in watts, that the switch can deliver to the specified port.

  • Status: Shows the port's PoE status. It can be one of the following statuses:

    • Searching: The default status. The switch is currently searching for a powered device.
    • Delivering: The port is delivering power to the powered device.
    • Disabled: PoE is turned off for the specified port.
    • Testing: The switch is testing the powered device. For example, to confirm a powered device receives power from the power supply.
    • Test Fail: The powered device has failed the test. For example, a port can't have PoE turned on and can't deliver power to the powered device.
    • Fault: The switch has detected a fault on the powered device when it forces the port on. For example, if the power supply voltage is out of range, a short occurs, or a communication error with the powered devices occurs.

  • Class: Shows the maximum power the Power Sourcing Equipment can deliver to the powered device. The maximum power for each class is as follows:

    • Class 0: 15.4 watts.
    • Class 1: 4.0 watts.
    • Class 2: 7.0 watts.
    • Class 3: 15.4 watts.
    • Class 4: 30.0 watts.
    • Class 5: 45.0 watts.

  • Output voltage (V): The voltage, in volts, being delivered to the powered device.

  • Output current (mA): The current, in milliamps, being delivered to the powered device.
  • Output power (W): The total power, in watts, being delivered to the powered device.
  • Configuration source: Shows the origin of the port's PoE settings.

PoE keepalive

PoE keepalive allows the switch to check the status of powered devices and restart them by cycling the PoE power to the port. You can set PoE keepalive globally or individually per PoE port.

Global settings

Select On or Off to turn PoE keepalive on or off globally.

Configuration source shows the origin of the PoE keepalive settings.

Advanced configuration

You can configure and monitor PoE keepalive settings for individual ports on the Advanced configuration tab. You can sort each setting by clicking the column header.

To change the PoE settings for the switch's ports, select the ports you want to configure and click Edit. Make your changes, then click Apply to save the settings.

The PoE keepalive settings are as follows:

  • Port: The number of the port on the switch.
  • Status: This shows whether PoE keepalive is turned on or off for the specified port.

  • Mode: The PoE keepalive mode for the specified port. Choose from the following settings:

    • Auto: The switch uses LLDP to check the status of a powered device. It switches to ping when it can't reach the powered device using LLDP.
    • Force Ping: The switch pings the powered device to determine its online status.
    • Not set: Use the PoE keepalive mode from the local switch configuration.

  • IP address: You can specify an IP address for the switch to check for PoE keepalive mode.

  • Ping interval: The time, in seconds, between pings. It must be between 1 and 3600.
  • Ping: Maximum number: The maximum number of failed pings before the switch restarts the powered device. It must be between 1 and 255.

  • Action type: The response to take when a powered device goes offline. Choose from the following options:

    • Reboot with Syslog: The switch restarts the powered device and generates a syslog message.
    • Syslog: The switch generates a syslog message when a powered device goes offline but doesn't restart it.
    • Not set: Use the action type from the local switch configuration.

  • Power recovery interval: The time, in seconds, that the switch turns off PoE to the port during a restart. It must be between 1 and 600.

  • Maximum number of restarts: The maximum restart attempts when a powered device remains offline. You can uncheck the box to allow the switch to restart unresponsive powered devices continuously.
  • Restart count: The number of times the switch has tried restarting a powered device.
  • PoE startup time: The time, in seconds, after a restart before the switch starts checking the status of a powered device. It must be between 50 and 1200.
  • LLDP retention time: The amount of time, in seconds, the switch keeps LLDP packets before they expire. It must be between 30 and 600.

Configuration source shows the origin of the PoE keepalive settings.

STP

Spanning Tree Protocol (STP) prevents network loops by exchanging Bridge Protocol Data Units (BPDUs) with other switches on the network. BPDUs contain information about ports and switches on the network. The switches use this information to make sure only one route exists between two destinations and create backup routes in case the primary route fails.

You can configure STP Global settings and see Root bridge information on the STP tab.

Global settings - STP

Global settings - STP lets you turn on or off STP and configure settings such as BPDU forwarding, STP version, Priority, and Forward delay.

You can configure the following settings:

  • STP state: Set the STP status of the switch. Select On or Off. Select Not set to use the local switch configuration.
  • BPDU forwarding: Set the BPDU forwarding status of the switch. Select On or Off. Select Not set to use the local switch configuration.

Restriction

You can't turn on STP and BPDU forwarding simultaneously.

  • Forced version: Select the version of STP from the following options:

    • MSTP: Multiple Spanning Tree Protocol (MSTP) is suitable for larger networks and VLANs because it allows for the creation of multiple spanning trees. It supports independent spanning trees based on VLAN groups, load balancing, and provides multiple forwarding paths for traffic.
    • RSTP: Rapid Spanning Tree Protocol (RSTP) is a faster replacement for the legacy STP. It's also faster than MSTP and better for smaller networks, but only creates a single spanning tree regardless of network size.

  • Configuration name: Enter the MSTP configuration name, using a maximum of 32 characters. The default configuration name is set to the switch's MAC address.

  • Configuration revision: Enter the MSTP revision level from 0 to 65535. The default is 0.
  • Priority: Set the priority. The bridge with the lowest priority in the network is the root bridge. It must be a multiple of 4096.
  • Forward delay: Set a time from 4 to 30 seconds. This is the time the switch spends in the listen and learn state before changing states. The default is 15.
  • Maximum age: Set a time between 6 and 40 seconds. This is the maximum time the switch waits to receive a BPDU from the root bridge. The default is 20.
  • Tx hold count: Set a value from 1 to 10. This is the maximum BPDUs sent per second. The default is 6.
  • Hello time: Set a time from 1 to 2. This the interval, in seconds, at which the switch sends BPDUs on a port. The default is 2.

Tip

You can use the up and down arrow keys to select suggested values for Global settings.

Configuration source shows the origin of the STP settings.

Click Update to save the settings or Clear to clear any changes.

Root bridge information

The root bridge is the root of the tree within a spanning tree network and is the switch from which all spanning tree calculations are made. The root bridge is elected based on its Bridge ID (BID), which is based on the switch's priority and its MAC address. All switches listen for BPDUs sent from the root bridge.

Note

You can't see Root bridge information at the site or stack level. It's only available at switch level.

You can see the following root bridge information:

  • Bridge address: Shows the MAC address of the bridge with the lowest path cost to the root bridge.
  • Root address: Shows the MAC address of the root bridge.
  • Priority: Shows the priority for the root bridge.
  • Cost: Shows the path with the lowest cost, based on bandwidth, to reach the root bridge.
  • Port: Shows the port connected to the path that leads to the root bridge.
  • Forward delay: Shows the time, in seconds, the switch spends in the listen and learn state before changing states.
  • Maximum age: Shows the time the switch waits to receive a BPDU from the root bridge.
  • Hello time: Shows the interval, in seconds, at which the root bridge sends BPDUs.

Configuration source shows the origin of the root bridge information.

STP settings

Depending on the Forced version you select, you'll see different options for configuring your STP environment.

Click the appropriate tab to see the available options.

When you set Forced version to RSTP, you'll see RSTP port settings.

RSTP port settings

RSTP port settings shows you the Rapid Spanning Tree Protocol (RSTP) configuration for each port on the switch and information about the root bridge. You can configure the status for each port and settings such as path cost, link type, priority, and BPDU forwarding.

You can configure the following settings for each port:

  • Port: The port to which the RSTP settings apply.
  • Priority: The port's priority. The lowest priority is the root bridge. It must be a multiple of 16 from 0 to 240.
  • Path cost configuration and operation: The relative cost of sending spanning-tree traffic through the port to adjacent bridges within a spanning-tree region. Set a value from 0 to 200000000.
  • Edge port configuration/operation: Shows whether the port is configured as an edge port and whether it's in operation. Edge ports are usually connected to endpoint computers or servers. When the network topology changes, edge ports can bypass the listening and learning state and change their STP state directly from blocking to forwarding, speeding up spanning tree generation.

  • P2P MAC configuration/operation: Shows the status of the Point-to-Point (P2P) link and whether it's in operation. P2P links are ports connected to other network devices. For faster convergence, if the port of the P2P link is elected as the root port or the designated port, the port can change its STP state directly to forwarding, speeding up spanning tree generation. You'll see one of the following settings:

    • Not set: Use the local switch P2P configuration settings.
    • Auto: The switch automatically checks if the port is connected to a P2P link and then sets the status.
    • Enabled: The port is connected to a P2P link.
    • Disabled: The port isn't connected to a P2P link.

  • Port status: Select Enabled or Disabled to turn the port on or off. Select Not set to use the local switch configuration.

  • Migration start time: Select Enabled or Disabled. Select Not set to use the local switch configuration.
  • BPDU guard: Select Enabled or Disabled. Select Not set to use the local switch configuration.
  • Root guard: Select Enabled or Disabled. Select Not set to use the local switch configuration.
  • BPDU forward: Select Enabled or Disabled. Select Not set to use the local switch configuration.
  • Configuration source: Shows the origin of the RSTP port settings.

You can also see the following settings at switch level:

  • Designated root bridge: The priority of the root bridge and its MAC address.
  • External root cost: The relative cost of the path to the root bridge.
  • Designated bridge: The priority of the designated bridge and its MAC address. This is the bridge with the lowest path cost to the root bridge.
  • Port role: Shows the port's STP role.
  • Port state: Shows the port's STP state.

When you set Forced version to MSTP, you'll see CIST port settings, MST instance settings, and MSTP port settings.

CIST port settings

The common spanning tree connects the various trees in a Multiple Spanning Tree (MST) environment. CIST port settings shows you the Common and Internal Spanning Tree (CIST) settings.

You can see the following settings for each port:

  • Port: The port to which the CIST settings apply.
  • Priority: The port's priority. It must be a multiple of 16 from 0 to 240. The lowest priority is the root bridge.
  • Path cost configuration and operation: The relative cost of sending spanning-tree traffic through the port to adjacent bridges within a spanning-tree region. Set a value from 0 to 200000000.
  • Edge port configuration/operation: Shows whether the port is configured as an edge port and whether it's in operation. Edge ports are usually connected to endpoint computers or servers. When the network topology changes, edge ports can bypass the listening and learning state and change their STP state directly from blocking to forwarding, speeding up spanning tree generation.

  • P2P MAC configuration/operation: Shows the status of the Point-to-Point (P2P) link and whether it's in operation. P2P links are ports connected to other network devices. For faster convergence, if the port of the P2P link is elected as the root port or the designated port, the port can change its STP state directly to forwarding, speeding up spanning tree generation. You'll see one of the following settings:

    • Auto: The switch automatically checks if the port is connected to a P2P link and then sets the status as open or closed.
    • Enabled: The port is connected to a P2P link.
    • Disabled: The port isn't connected to a P2P link.

  • Port status: Select Enabled or Disabled to turn the port on or off. Select Not set to use the local switch configuration.

  • Migration start time: Select Enabled or Disabled. Select Not set to use the local switch configuration.
  • BPDU guard: Select Enabled or Disabled. Select Not set to use the local switch configuration.
  • Root guard: Select Enabled or Disabled. Select Not set to use the local switch configuration.
  • BPDU forward: Select Enabled or Disabled. Select Not set to use the local switch configuration.
  • Configuration source: Shows the origin of the CIST port settings.

You can also see the following settings at switch level:

  • Regional root bridge: The priority of the regional root bridge and its MAC address.
  • Designated root bridge: The designated root bridge's priority and MAC address.
  • External root cost: The relative cost of the path to the root bridge.
  • Designated bridge: The priority of the bridge and its MAC address.
  • Port role: Shows the port's STP role.
  • Port state: Shows the port's STP state.

Click Update to save the settings or Clear to clear any changes.

MST instance settings

Multiple Spanning Tree Protocol (MSTP) divides a Layer 2 network into regions, connected by a Common Spanning Tree (CST). Within each region, you can create multiple MST instances managed by an Internal Spanning Tree (IST). These instances are groups of VLANs that share the same topology requirements. The MST instance settings tab lets you create and see MST instances and their settings.

MST instance settings lets you create MST instances and shows you their settings.

You can see the following settings for each MST instance:

  • MST ID: Shows the ID of the MST instance. You can have a maximum of four MST instances.
  • VLAN list: Shows the VLANs that belong to the MST instance.
  • Priority: Shows the priority of the MST instance.
  • Regional root bridge: Shows the priority of the regional root bridge and its MAC address.
  • Internal root cost: Shows the relative cost of the path to the internal root bridge.
  • Designated root bridge: Shows the priority of the designated root bridge and its MAC address.
  • Root port: Shows the port connected to the path that leads to the root bridge.
  • Configuration source: Shows the origin of the MST instance settings.

To create an MST instance, do as follows:

  1. Click Add.
  2. Enter an MST ID from 1 to 4.

  3. Enter a VLAN list.

    It can be a single VLAN or a range of VLANs. For example, 1-100 will add all VLANs from 1 to 100 to the MST instance.

  4. Enter the Priority. It must be a multiple of 4096.

  5. Click Save.

To delete an MST instance, select the instances you want to delete and click Delete.

MST port settings

MST port settings shows you the configuration for each MST instance and the ports assigned to them. You can configure each port's status, path cost, and priority.

Select an MST ID from the drop-down list to see and configure the following settings:

  • MST ID: The MST instance ID.
  • Port: The port the settings apply to.

  • Priority: The port's priority.

    It must be a multiple of 16 from 0 to 240. The lowest priority is the root bridge.

  • Internal path cost configuration and operation: The relative cost of sending spanning-tree traffic through the port to adjacent bridges within the MST instance. Set a value from 0 to 200000000.

  • Port status: Select Enabled or Disabled to turn the port on or off. Select Not set to use the local switch configuration.
  • Regional root bridge: Shows the priority of the regional root bridge and its MAC address.
  • Designated root bridge: The priority of the root bridge and its MAC address.
  • Internal root cost: Shows the relative cost of the path to the internal root bridge.
  • Port role: Shows the port's STP role.
  • Port state: Shows the port's STP state.
  • Configuration source: Shows the origin of the MST port settings.

Click Update to save the settings or Clear to clear any changes.