A few months ago I purchased a new Cisco SG300 10-Port Gigabit Ethernet Managed Switch and it was one of the best investments for my small home network. Cisco switches have a variety of features and options that you can configure for granular network management. Their products stand out in terms of safety.
With that said, it’s very interesting how insecure the new Cisco switch is right out of the box. When you connect it, it either gets an IP address from a DHCP server or assigns itself an IP address (usually 192.168.1.254) and uses cisco as the username and password. Hooray!
Since most networks use the network ID 192.168.1.x, your switch is fully accessible to everyone on the network. In this article, I’ll walk you through five steps you should take after you turn on your switch. This will keep your device secure and properly configured.
Note. This article is intended for home or small office users who are new to Cisco switches. If you are a Cisco engineer, this will all seem very simple to you.
Step 1 – Change the default username and password
Obviously, this is the first and most important step. After logging into the switch, expand Administration and click User Accounts.
– /
The first thing you need to do is add another user account so that you can then delete the original cisco user account. Make sure you give the new account full access, which is Cisco’s read / write control access (15). Use a strong password and then sign out of your cisco account and sign in with your new account. You can now remove the default account.
It’s also probably a good idea to enable the password recovery service in case you forget your password. You will need console access to the device to reset your password.
Step 2 – Set a static IP address
By default, the switch should already have a static IP address, but if not, you must set it manually. This is also necessary if you are not using the network ID 192.168.1. To do this, expand Administration – Management Interface – IPv4 Interface.
Select Static for the IP Type and enter a static IP address. It will also make the switch easier to manage. If you know the default gateway for your network, add it also in the Administrative Default Gateway section.
It’s also worth noting that the IP address is assigned to the VLAN interface, which means that you can access the device using the IP address, no matter which port is connected on the switch, as long as those ports are assigned to the management VLAN selected at the top. By default, this is VLAN 1 and all ports are in VLAN 1 by default.
Step 3 – Update the firmware
Since my cheap Netgear router can check the Internet for software updates and automatically download and install them, you might think that a fancy Cisco switch can do the same. But you are wrong! They might not do this for security reasons, but it’s annoying anyway.
To update a Cisco switch with new firmware, you need to download it from the Cisco website and then upload it to the switch. In addition, you will need to change the active image to the new firmware version. I really like this feature as it provides some protection in case something goes wrong.
To find the new firmware, simply google your switch model, followed by the word “firmware†at the end. For example, in my case, I just googled the Cisco SG300-10 firmware.
I will write another article on how to update the firmware for a Cisco router, as there are several things you should know about before doing this.
Step 4 – Configure Safe Access
The next step that I recommend is enabling only secure access to your switch. If you’re a command line pro, you really should completely disable the web interface and only enable SSH access. However, if you want a graphical interface, you should at least configure it to use HTTPS rather than HTTP.
Check out my previous post on how to enable SSH access for your switch and then login using a tool like puTTY. For even more security, you can enable public key authentication using SSH and log in using the private key. You can also restrict access to the management interface by IP address, which I will write about in one of the following posts.
Step 5 – Copy the running configuration to the startup configuration
The last thing you want to get used to when using any Cisco device is copying the current configuration to the startup configuration. Basically, all the changes you make are only saved in RAM, which means that when you reboot the device, all settings will be lost.
To permanently save the configuration, you must copy the current configuration to the startup configuration, the last of which is stored in NVRAM or non-volatile RAM. To do this, expand Administration, then File Management, and then click Copy / Save Configuration.
The default settings should be correct, so all you have to do is click Apply. Again, be sure to do this every time you make any changes to your switch.
These were some of the really basic configuration steps for initially configuring and securing the switch. I will publish more detailed guides on other aspects of the switch shortly. If you have any questions, do not hesitate to comment. Enjoy!
–