2013-12-09

Cisco SG300: Initial setup (Management VLAN, SSH access)

We recently got our hands on some Cisco SG300 52-port "top-of-rack" switches, and I have started taking some "baby steps" with them. Here are some notes on how I got started provisioning the switches.


See also this blog post for useful SF300/SG300 CLI commands.

  1. Using the provided serial cable, I got access to the management console. This topic alone is worth a separate article. Won't go into it here.
  2. The first thing I wanted was to assign the switch an IP address so I could access the web UI. For this, it is important to understand what it means to assign an IP address to a switch like this. The switch has a management interface, which is a VLAN. This management VLAN must exist, and it must be assigned an IP address and netmask. Here's how I did it:
    • Decide which VLAN will be default and which will be Management (in my case I have default VLAN 1 and management VLAN 15)
    • In the console, set the default VLAN:
      switch001#configure
      switch001(config)#vlan database
      switch001(config-vlan)#vlan 1
      (this may fail if VLAN 1 already exists)
      switch001(config-vlan)#default-vlan vlan 1
      New Default VLAN ID will be active after save configuration and reboot device.
      switch001(config-vlan)#end
      switch001#
      
    • Now, create the Management VLAN:
      switch001#configure
      switch001(config)#vlan database
      switch001(config-vlan)#vlan 15
      
    • And then assign it to a switchport (in my case, I will access it via gi52 -- the uplink):
      switch001#configure
      switch001(config)#interface gi52
      switch001(config-if)# description Uplink
      switch001(config-if)# switchport mode trunk
      switch001(config-if)# switchport trunk allowed vlan add 15
      
      (Make sure to save changes -- see below)




  3. Once the management VLAN is configured, it is possible to access the web UI. Since I would like to use the CLI (command line interface), I will need to set up SSH access, which is not turned on by default. Unfortunately, so far I haven't found the equivalent CLI commands for all the steps here, so for some of them I still have to use the web UI.
    • Log into the web UI
    • Administration -> Management interface -> IPv4 interface (should already be set up from the previous step, so just check it to be sure)
    • Administration -> User accounts -> Add (add my user account; give myself Read/Write Management Access (15)) -- or, using the CLI, just do the following:
      switch001#configure
      switch001(config)#username [USERNAME] password [PASSWORD] privilege 15
      switch001(config)#end
      switch001#
      
      (Decide for myself which way is easier)
    • Once I have a username set up, I configure an access method: Security -> Mgmt Access Method -> Access Profiles -> Add
      Access Profile Name: [SOME_NAME]
      Rule Priority: 1
      Management Method: All
      Action: Permit
      Applies to Interface: User Defined 
      Interface: [SPECIFY]
      Applies to Source IP Address: User Defined [AND SPECIFY]
      
      Then click on "Apply", of course, and then Close.
    • Next, define how you will authenticate via SSH: Security -> SSH User Authentication -> SSH User Authentication by Password -> Enable (e.g. -- actually, I prefer access via SSH key, but this is left as an exercise to me)
    • Next, make sure the SSH server is running: Security -> TCP/UDP Services -> SSH Service -> Enable -> Apply
    • At this point, I should be able to log in via SSH.
  4. Here, it is crucially important to note that all of these setup changes will be for naught if I don't save the running configuration. Cisco has its own special terminology for this (study Chapter 8 "Configuration and Image File Commands" of the CLI GUIDE [1] for more information), but for now I will just give myself the actual command without going into the details:
    switch001#copy running-config startup-config
    Overwrite file [startup-config].... (Y/N)[N] ?Y
    24-May-2013 17:21:21 %COPY-I-FILECPY: Files Copy - source URL running-config destination URL flash://startup-config
    24-May-2013 17:21:24 %COPY-N-TRAP: The copy operation was completed successfully
    
    Of course, the same thing can be done via the web UI by clicking the blinking red "Save" button that appears in the upper right corner whenever I make configuration changes. But, like I say, I prefer to use the CLI when possible.
  5. Now, here's a short-cut way to find the CLI equivalents of the above operations:
    switch001#show running-config
    (. . . be amazed . . .)
    

Notes:

[1] Cisco 300 Series Managed Switches Command Line Interface Guide -- be sure to get the latest version, or the one that matches the firmware I have installed on the switches

No comments:

Post a Comment