We recently setup a Cisco SG300 52-port “top-of-rack” switch.
- Using the provided CISCO serial cable, I got access to the management console.
- The first thing I wanted was to assign the switch an IP address so I could access the web UI. For this, it is important to understand what it means to assign an IP address to a switch like this. The switch has a management interface, which is a VLAN. This management VLAN must exist, and it must be assigned an IP address and netmask. Here’s how I did it:
- Decide which VLAN will be default and which will be Management (in my case I have default VLAN 1 and management VLAN 15)
- In the console, set the default VLAN:
switch001#configure switch001(config)#vlan database switch001(config-vlan)#vlan 1 (this may fail if VLAN 1 already exists) switch001(config-vlan)#default-vlan vlan 1 New Default VLAN ID will be active after save configuration and reboot device. switch001(config-vlan)#end switch001#
- Now, create the Management VLAN:
switch001#configure switch001(config)#vlan database switch001(config-vlan)#vlan 15
- And then assign it to a switchport (in my case, I will access it via gi52 — the uplink):
switch001#configure switch001(config)#interface gi52 switch001(config-if)# description Uplink switch001(config-if)# switchport mode trunk switch001(config-if)# switchport trunk allowed vlan add 15
(Make sure to save changes — see below)
- Once the management VLAN is configured, it is possible to access the web UI. Since I prefer to use the CLI (command line interface), we need to set up SSH access, which is not turned on by default. Unfortunately, so far we haven’t found the equivalent CLI commands for all the steps here, so for some of them I still have to use the web UI.
- Log into the web UI
- Administration -> Management interface -> IPv4 interface (should already be set up from the previous step, so just check it to be sure)
- Administration -> User accounts -> Add (add my user account; give myself Read/Write Management Access (15)) — or, using the CLI, just do the following:
switch001#configure switch001(config)#username [USERNAME] password [PASSWORD] privilege 15 switch001(config)#end switch001#
- Once I have a username set up, I configure an access method: Security -> Mgmt Access Method -> Access Profiles -> Add
Access Profile Name: [SOME_NAME] Rule Priority: 1 Management Method: All Action: Permit Applies to Interface: User Defined Interface: [SPECIFY] Applies to Source IP Address: User Defined [AND SPECIFY]
Then click on “Apply”, of course, and then Close.
- Next, define how you will authenticate via SSH: Security -> SSH User Authentication -> SSH User Authentication by Password -> Enable
- Next, make sure the SSH server is running: Security -> TCP/UDP Services -> SSH Service -> Enable -> Apply
- At this point, I should be able to log in via SSH.
- Here, it is crucially important to note that all of these setup changes will be for naught if I don’t save the running configuration. Cisco has its own special terminology for this (study Chapter 8 “Configuration and Image File Commands” of the CLI GUIDE for more information), but for now I will just give myself the actual command without going into the details:
switch001#copy running-config startup-config Overwrite file [startup-config].... (Y/N)[N] ?Y 24-May-2013 17:21:21 %COPY-I-FILECPY: Files Copy - source URL running-config destination URL flash://startup-config 24-May-2013 17:21:24 %COPY-N-TRAP: The copy operation was completed successfully
Of course, the same thing can be done via the web UI by clicking the blinking red “Save” button that appears in the upper right corner whenever I make configuration changes. But, like I say, I prefer to use the CLI when possible.
- Now, here’s a short-cut way to find the CLI equivalents of the above operations:
switch001#show running-config
The majority of this post was from SmithFarm. Here is the URL of the post http://smithfarm-thebrain.blogspot.com/2013/12/cisco-sg300-first-steps.html