wn/minimal-setups
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
3e305a371d9a4fdaacbc3b1e3bcaac0222fb32f7
minimal-setups/content/snippets/0260-administring-a-cisco-switch.md
Wolfgang Hottgenroth 94995a401d
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
ssh on cisco
2025-04-28 13:53:32 +02:00

2.5 KiB
Raw Blame History

Administring a Cisco Switch - Basics for the Homelab Usage

Connecting to the Switch

Only quite old ssh parameters are supported:

ssh -oKexAlgorithms=+diffie-hellman-group14-sha1 -oHostKeyAlgorithms=+ssh-rsa admin@192.168.2.1

Saving the Configuration

Never forget, otherwise after reboot changes are gone!

write memory

Configure VLANs

Allow VLAN-IDs greater then 1005:

configure terminal
vtp mode transparent
exit

configure terminal
vlan 1001
name vlan1001
exit
exit

The first exit leaves the VLAN, the second exit leaves the config session.

If the VLAN should be used for management purposes additionally an interface for this VLAN is required with an IP address:

configure terminal
vlan 2000
name vlan2000
exit

interface vlan 2000
ip address dhcp
exit

exit

or

configure terminal
vlan 2000
name vlan2000
exit

interface vlan 2000
ip address 192.168.88.3 255.255.255.0
exit

ip default-gateway 192.168.88.1

exit

Check your work:

show vlan

Configure Interfaces

To check your work use

show interfaces status

Access Ports

configure terminal
interface GigabitEthernet1/0/1
switchport mode access
switchport access vlan 1001
spanning-tree portfast
no shutdown
exit
exit

Trunk Ports

configure terminal
interface GigabitEthernet1/0/23
switchport mode trunk
switchport trunk allowed vlan 1012,3001,3002,3003,3004
switchport trunk native vlan 1012
no shutdown
exit
exit

allowed connects the port to the VLAN for tagged communication.

native makes the VLAN untagged on that port.

SSH access and hardening measures

First of all, the switch needs to know about time and requires a name:

About time:

configure terminal
ntp server de.pool.ntp.org
clock timezone Etc/Utc
exit

About names:

configure terminal
hostname switch01
ip domain-name mynetwork.intern
exit

An user is required:

configure terminal
username admin password geheim123
exit

A host key must be generated:

crypto key generate rsa

This command will ask for the key length. Select 2048 bits.

Set the SSH version:

ip ssh version 2

Configure the virtual terminals accordingly:

configure terminal
line vty 0 15
transport input ssh
login local
exit

As mentioned about, the switches support only quite old SSH protocols, so to access it use on the client side:

ssh -oKexAlgorithms=+diffie-hellman-group14-sha1 -oHostKeyAlgorithms=+ssh-rsa admin@192.168.2.1