Five Things to Do After Connecting Your New Cisco Switch

I bought a new Cisco SG300 10-Port Gigabit Ethernet Managed Switch a few months ago and it was one of the best investments for my small home network. Cisco switches have so many features and options that you can configure to manage your network in detail. In terms of safety, their products stand out.

That said, it’s very interesting how insecure a Cisco switch is fresh out of the box. When you plug it in, it either grabs an IP address from a DHCP server or assigns itself an IP address (usually 192.168.1.254) and uses cisco for the username and password. Yaks!

Since most networks use the network ID 192.168.1.x, your switch is fully accessible to everyone on the network. In this article, I’m going to talk about five immediate steps to take after plugging in your switch. This ensures that your device is secure and configured correctly.

Note: This article is intended for home or small office users who are new to Cisco switches. If you are a Cisco engineer, you will find this all very simplistic.

Step 1 – Change Default Username and Password

This is obviously the first step and the most important. Once you log into the switch, you expand Administration and then click User Accounts

The first thing you want to do is add another user account so you can then delete the original cisco user account. Make sure to give the new account full access, which is: Read/write administrative access (15) in Cisco language. Use a strong password and then log out of the cisco account and log in with your new account. You should now be able to delete the default account.

It is also probably a good idea to Password recovery service, in case you forget the password you set. You need console access to the device to reset the password.

Step 2 – Assign a Static IP Address

By default, the switch should already have a static IP address, but if it doesn’t, you’ll need to set it manually. It is also necessary if you are not using the 192.168.1 network ID. Expand for this AdministrationManagement interfaceIPv4 interface

To elect Static in front of IP address type and enter a static IP address. This also makes it much easier to manage your switch. If you know the default gateway for your network, go ahead and add that too under Administrative Default Gateway

It’s also worth noting that the IP address is assigned to a virtual LAN interface, which means that you can access the device using the IP address regardless of which port is connected to the switch, as long as those ports are assigned to the Manage VLAN selected at the top. Default is this VLAN 1 and all ports are default in VLAN 1.

Step 3 – Update the Firmware

Since my cheap Netgear router can check the internet for a software update and download and install it automatically, you’d think a nice Cisco switch could do the same. But you would be wrong! It’s probably for security reasons why they don’t do this, but it’s still annoying.

To update a Cisco switch with new firmware, you need to download it from the Cisco website and then upload it to the switch. In addition, you must then change the active image to the new firmware version. I really like this feature because it provides a bit of protection in case something goes wrong.

To find the new firmware, just google your switch model with the word firmware at the end. For example, in my case, I googled the Cisco SG300-10 firmware.

I’ll write another article on how to upgrade the firmware for a Cisco router as there are a few things you’ll want to be aware of before doing this.

Step 4 – Configure Secure Access

The next step I recommend is to enable only secure access to your switch. If you are a command line professional, you really should disable the web GUI altogether and enable only SSH access. However, if you need the GUI interface, you should at least set it up to use HTTPS instead of HTTP.

Check out my previous post on how to enable SSH access for your switch and then log in using a tool like puTTY. For even more security, you can enable public key authentication with SSH and log in with a private key. You can also restrict access to the admin interface based on the IP address, which I’ll write about in a future post.

Step 5 – Copy Running Config to Startup Config

The last thing you want to get used to when using a Cisco device is copying the active configuration to the boot configuration. Basically, any changes you make will only be saved in RAM, which means that when you reboot the device, all settings will be lost.

To permanently save the configuration, you must copy the active configuration to the boot configuration, the latter of which is stored in NVRAM or non-volatile RAM. Expand for this Administrationthen File manager and then click Copy/Save Configuration

The default settings should be correct, so all you need to do is click . to click Apply† Again, make sure you always do this whenever you make a change to your switch.

Those were some really basic configuration steps to initially set up and secure your switch. I’ll be posting more advanced tutorials on other aspects of the Switch soon. If you have any questions, feel free to comment. Enjoying!

Leave a Reply

Your email address will not be published.