我最近为我的家庭网络实验室购买了一台 Cisco SG300-10(Cisco SG300-10)交换机,到目前为止我对它非常满意。它有很多功能,其中大部分我可能永远不会在我的家庭环境中使用。但是,对于小型企业,它可以让您对网络进行大量控制。
现在有两种方式来管理Cisco交换机:从基于 Web 的GUI界面或从基于终端的命令行界面。我发现基于 Web 的GUI不如CLI提供的Cisco IOS稳定。有几次,在尝试在GUI上保存配置更改后,整个交换机崩溃了,我不得不重新启动它才能再次访问GUI。
但是,如果您要使用CLI,您首先需要在交换机上启用SSH访问。在本文中,我将讨论如何打开SSH服务并使用存储在本地数据库中的用户名和密码登录。
在我的下一篇文章中,我将讨论如何通过使用公钥和私钥来建立SSH会话,而不仅仅是用户名和密码,从而使登录过程更加安全。
启用 SSH 服务
我们需要做的第一件事是在交换机上启用SSH服务。(SSH)我将向您展示如何使用基于 Web 的界面来执行此操作,因为这对我来说比使用控制台端口连接到交换机更容易。
登录后,在左侧菜单中展开Security ,然后单击(Security) TCP/UDP Services。在右侧窗格中,您将看到可以为Cisco交换机启用的不同TCP和UDP服务。(UDP)就我而言,我已经检查了HTTPS,所以我继续检查了SSH 服务( SSH Service)。
确保单击“应用(Apply)”按钮以保存更改。请注意,这只会保存对运行配置的更改。如果您希望更改在重新启动交换机后仍然存在,您需要将运行配置复制到启动配置。Web GUI通常会通过在屏幕右上角闪烁一个图标来提醒您这一点。
这就是在交换机上启用基本SSH所必须做的一切。那么哪个用户可以登录交换机呢?好吧,您可以通过展开Administration然后单击User Accounts来查看用户列表。
在这里,您将看到可以登录交换机的帐户列表。请注意,此处列出的用户帐户可用于通过SSH登录基于 Web 的GUI和CLI。在上面的示例中,您可以看到我只有一个帐户,并且User Level是 Read/Write Management Access。
还有其他用户级别,您可能需要创建另一个用户帐户,专门用于通过SSH访问交换机,并具有有限的写入访问权限。您可以通过添加用户然后为该帐户选择适当的用户级别来执行此操作。
如果您选择Read/Limited Write CLI Access,用户将无法通过GUI界面访问交换机,只能访问一些CLI命令。
使用 puTTY SSH 进入 Switch
现在您所要做的就是使用您最喜欢的SSH客户端登录到交换机。我使用 puTTY 并将其用于任何示例。打开(Open)puTTY 并输入交换机的 IP 地址。确保选择了(Make)SSH ,您应该一切顺利。
您首先会看到一个提示 l ogin as,您可以通过按Enter忽略它。
然后你会得到用户名( User Name)的提示。输入您设置的帐户的用户名,然后输入密码。如果一切正常,您应该得到切换提示。就我而言,我的帐户具有完全的访问权限和控制权,因此我会自动以特权EXEC模式启动。这可能不是一个好主意,因此最好创建一个访问权限较少的帐户,然后设置启用模式( Enable mode)密码。我将在以后的帖子中讨论如何做到这一点。
如果您有任何问题或在Cisco交换机上启用(Cisco)SSH时遇到问题,请发表评论,我会尽力提供帮助。享受!
How to Enable SSH Access for Cisco SG300 Switches
I reсently purchased a Cisco SG300-10 switch for my home networking lab and І’ve been quite happy wіth it so far. It has a whole slew of features, most of which I’m probably never gоing to use in mу home envirоnment. Howevеr, for a small business, it gives you a lot of control over your network.
Now there are two ways to manage Cisco switches: from the web-based GUI interface or from the terminal-based command line interface. I have found that the web-based GUI is not nearly as stable as the Cisco IOS available from the CLI. On several occasions, after trying to save a configuration change on the GUI, the entire switch crashed and I had to reboot it in order to access the GUI again.
If you’re going to use the CLI, though, you’ll first need to enable SSH access on the switch. In this article, I’m going to talk about how you can turn on the SSH service and login using the username and password stored in the local database.
In my next article, I’m going to talk about how you can make the login process even more secure by using public and private keys to establish the SSH session rather than just a username and password.
Enable SSH Service
The first thing we need to do is enable the SSH service on the switch. I’m going to show you how to do this using the web-based interface as that was easier for me than connecting to the switch using the console port.
Once you are logged in, expand Security in the left-hand menu, then click on TCP/UDP Services. On the right-hand pane, you’ll see the different TCP and UDP services you can enable for your Cisco switch. In my case, I already had HTTPS checked, so I went ahead and checked SSH Service also.
Make sure you click the Apply button to save the changes. Note that this will only save the change to running config. If you want the change to persist even after rebooting the switch, you’ll need to copy the running config over to startup config. The web GUI is usually good at reminding you about this by flashing an icon in the top right corner of the screen.
That’s about all you must do to enable basic SSH on your switch. So which user can log into the switch? Well, you can see the list of users by expanding Administration and then clicking on User Accounts.
Here you will see the list of accounts that can log into the switch. Note that the user accounts listed here can be used to log into the web-based GUI and the CLI via SSH. In the example above, you can see that I only have one account and the User Level is Read/Write Management Access.
There are also other user levels and you may want to create another user account specifically for accessing the switch via SSH with limited write access. You can do this by adding a user and then choosing the appropriate user level for that account.
If you choose Read/Limited Write CLI Access, the user cannot access the switch via the GUI interface and can only access some CLI commands.
Use puTTY to SSH into Switch
Now all you have to do is use your favorite SSH client to log into the switch. I use puTTY and will use that for any examples. Open puTTY and enter the IP address for your switch. Make sure SSH is selected and you should be good to go.
You’ll first see a prompt that says login as, which you can just ignore by pressing Enter.
Then you’ll get a prompt for the User Name. Type in the username for the account you setup and then enter the password. If all works well, you should get the switch prompt. In my case, my account has full access and control, so I automatically start in privileged EXEC mode. That’s probably not a good idea, so it’s best to create an account with less access and then setup an Enable mode password. I’ll talk about how to do that also in a future post.
If you have any questions or ran into problems enabling SSH on your Cisco switch, post a comment and I’ll try to help. Enjoy!