I recently purchased a Cisco SG300-10 switch for my home networking lab and am still very happy with it. It has tons of features, most of which I will probably never use at home. For small businesses, however, it gives you complete control over your network.
There are now two ways to manage Cisco switches: from the web GUI or from the terminal command line interface. I found that the web GUI is not as stable as the Cisco IOS command line interface. On several occasions, after trying to save the configuration change in the GUI, the entire switch would crash and I had to reboot it to access the GUI again.
However, if you are going to use the CLI, you first need to enable SSH access on the switch. In this article, I will explain how to enable SSH service and log in using the username and password stored in the local database.
In the next article, I’ll share how to make the login process even more secure by using public and private keys to establish an SSH session, rather than just a username and password.
Activate the SSH service
The first thing we need to do is enable the SSH service on the switch. I’m going to show you how to do this using the web interface as it was easier for me than connecting to the switch via the console port.
– /
Once logged in, expand Security in the left menu, then click TCP / UDP Services. In the right pane, you will see the various TCP and UDP services that you can enable for your Cisco switch. In my case, I already had HTTPS checked, so I went ahead and checked the SSH service as well.
Make sure you click the Apply button to save your changes. Note that this will only save changes to the current configuration. If you want the change to persist even after the switch is rebooted, you need to copy the current configuration to the startup configuration. The web interface usually reminds you well of this by flashing the icon in the upper right corner of the screen.
That’s all you need to do to enable basic SSH on the switch. So which user can log into the switch? Well, you can see the list of users by expanding Administration and clicking User Accounts.
Here you will see a list of accounts that can log into the switch. Note that the user accounts listed here can be used to log into the web and CLI over SSH. In the example above, you can see that I only have one account and the user level is Read / Write access.
There are other user tiers as well, and you can create another user account specifically to access the switch via SSH with limited write access. You can do this by adding a user and then selecting the appropriate user level for that account.
If you choose Read / Restricted CLI Write Access, the user will not be able to access the switch through the GUI and will only be able to access some CLI commands.
Use puTTY for SSH in Switch
Now all you have to do is use your favorite SSH client to log into the switch. I am using puTTY and will use it for any examples. Open puTTY and enter the IP address of your switch. Make sure SSH is selected and you’re done.
First, you will see a prompt to log in with your name, which you can simply ignore by pressing the Enter key.
You will then be prompted for a username. Enter the username for the account you are setting up and then enter the password. If everything works fine, you should be prompted to switch. In my case, my account has full access and control, so I automatically run in privileged EXEC mode. This is probably not a good idea, so it is best to create a restricted account and then set a password for power-on mode. I will explain how to do this in a future article.
If you have any questions or have problems enabling SSH on a Cisco switch, please leave a comment and I will try to help. Enjoy!
–