<!--
title: Administring a Cisco Switch
date: 2025-04-17
-->

# Administring a Cisco Switch - Basics for the Homelab Usage

## Connecting to the Switch

Only quite old ssh parameters are supported:

```
ssh -oKexAlgorithms=+diffie-hellman-group14-sha1 -oHostKeyAlgorithms=+ssh-rsa admin@192.168.2.1
```

## Saving the Configuration

Never forget, otherwise after reboot changes are gone!

```
write memory
```


## Configure VLANs

Allow VLAN-IDs greater then 1005:

```
configure terminal
vtp mode transparent
exit
```


```
configure terminal
vlan 1001
name vlan1001
exit
exit
```

The first `exit` leaves the VLAN, the second `exit` leaves the config session.

If the VLAN should be used for management purposes additionally an interface for this VLAN is required with an IP address:

```
configure terminal
vlan 2000
name vlan2000
exit

interface vlan 2000
ip address dhcp
exit

exit
```

or

```
configure terminal
vlan 2000
name vlan2000
exit

interface vlan 2000
ip address 192.168.88.3 255.255.255.0
exit

ip default-gateway 192.168.88.1

exit
```

Check your work:

```
show vlan
```


## Configure Interfaces

To check your work use

```
show interfaces status
```


### Access Ports

```
configure terminal
interface GigabitEthernet1/0/1
switchport mode access
switchport access vlan 1001
spanning-tree portfast
no shutdown
exit
exit
```

### Trunk Ports

```
configure terminal
interface GigabitEthernet1/0/23
switchport mode trunk
switchport trunk allowed vlan 1012,3001,3002,3003,3004
switchport trunk native vlan 1012
no shutdown
exit
exit
```

`allowed` connects the port to the VLAN for tagged communication.

`native` makes the VLAN untagged on that port.


### SSH access and hardening measures

First of all, the switch needs to know about time and requires a name:

About time:
```
configure terminal
ntp server de.pool.ntp.org
clock timezone Etc/Utc
exit
```

About names:
```
configure terminal
hostname switch01
ip domain-name mynetwork.intern
exit
```

An user is required:
```
configure terminal
username admin password geheim123
exit
```

A host key must be generated:
```
crypto key generate rsa
```
This command will ask for the key length. Select 2048 bits.

Set the SSH version:
```
ip ssh version 2
```

Configure the virtual terminals accordingly:
```
configure terminal
line vty 0 15
transport input ssh
login local
exit
```

As mentioned about, the switches support only quite old SSH protocols, so to access it use on the client side:
```
ssh -oKexAlgorithms=+diffie-hellman-group14-sha1 -oHostKeyAlgorithms=+ssh-rsa admin@192.168.2.1
```