Cisco 3xx series switches¶

• Cisco 3xx series switches
• Initial setup without using a console cable
  • Computer setup
  • Switch reset
  • Switch image upgrade
  • Conf via Web UI - set cisco password and enable ssh

Initial setup without using a console cable¶

Cisco 3xx series switches are most commonly set up using the console port and a serial connection. It is more convenient to do it using only Ethernet ports

In this example, port 23 is set up for management using VLAN 5 and a 192.168.5./24 address

The poor security of keeping the default user/password (cisco/cisco) is done for Cisco Smart Network Application (SNA). It is mitigated by restricting VLAN 5 access

Computer setup¶

During initial setup a computer will be required to access the switch at 192.168.1.254/24 and at 192.168.5.<planned octet>/24 tagged with VLAN 5

When the network is configured by /etc/network/interfaces that can be done for example by

ifup eno3
ip addr add dev eno3 192.168.1.91
ip route add 192.168.1.0/24 dev eno3
ip link add link eno3 name eno3.5 type vlan id 5
ip addr add dev eno3.5 192.168.5.1
ip link set dev eno3.5 up
ip route add 192.168.5.0/24 dev eno3.5

Switch reset¶

Reset the switch to factory defaults by

• Disconnect all network connections
• Power up
• Press reset switch for minimum 10 seconds. All port LEDs should flash once when reset switch is pressed and later once again
• The System LED should flash continuously to show the switch is reset to defaults

The switch IP address is now 192.168.1.254

Switch image upgrade¶

In case the switch's firmware image is outdated, upgrade it

Conf via Web UI - set cisco password and enable ssh¶

• Connect a device with a web browser to switch port 1
• Power up the switch.
• Open http://192.168.1.254
  • Log in as cisco/cisco
  • On the Change Password Page
    • Set a temporary password for user cisco
    • Clear "Password Strength Enforcement"
  • Display Mode: Basic Advanced
  • Security
    • Password strength
      • Password Aging: Enable: selected cleared
      • Apply
    • TCP/UDP Services
      • SSH Service: select
      • Apply
  • Administration > User Accounts > cisco > Edit
    • Password: cisco
    • Apply
    • Close
  • Administration > File Management > File Operations
    • Operation Type: Duplicate
    • Source File Name: Running Configuration
    • Destination File Name: Startup Configuration (only option)
    • Apply
  • VLAN Management > VLAN Settings > Add
    • VLAN ID: 5
    • VLAN Name: mgt
    • VLAN Interface State: Enable: selected (default)
    • Link Status SNMP Traps: Enable: cleared selected
    • Apply
    • Close
  • VLAN Management > Port to VLAN
    • Filter VLAN ID equals to "5"
    • Click "GO"
    • Choose port GE23 and mark as "untagged"
    • Apply
  • Administration > File Management > File Operations
    • Operation Type: Duplicate
    • Source File Name: Running Configuration
    • Destination File Name: Startup Configuration (only option)
    • Apply
  • IP Configuration > IPv4 Management and Interfaces > IPv4 Interface > Add
    • Interface: VLAN 5
    • IP Address Type: static
      • IP address: 192.168.5.<planned octet>
      • Network mask: 255.255.255.0
    • Apply
    • Close

The connection will then be lost. Move the Ethernet cable from port 1 to port 23. Ensure the computer's port is on the 192.168.5.0/24 network with packets tagged with VLAN 5

Test by pinging 192.168.5.<planned octet>