I am a very small business, but have been using Cisco switches, primarily in the SG200 and 300 category at my home and office for several years. This week, after returning from an overseas trip, and noticing some network sluggishness, I decided to reboot my primary switch, an SG300-26PP. But when I tried to log in, I received an error that my password was incorrect. I double-checked my password manager and re-entered what should have been the correct password, and again, was denied access. I then followed the following steps:
1. Rebooted the switch by pressing the reset button for 5 seconds, but once rebooted, I had the same outcome.
2. Unplugged all Ethernet cables from the switch, and then reset the switch by pressing the reset button for 20+ seconds.
3. Located the IP address of the reset switch [NOT 192.168.1.254 as I think it should have been], logged into the switch using Mac OS X Safari 11.1.1 under High Sierra 10.13.5 and the credentials “cisco/cisco,” which worked just fine.
4. Proceed to change the password and record it, set the machine to a static address and log back in successfully with the new password.
5. I updated firmware to 1.4.9.04 and rebooted manually.
6. I successfully logged in, confirmed firmware, and configured the switch freshly, including LAG bundles, POE priority, and similar basic stuff
7. I began reconnecting network cables of other devices.
8. Eventually, my admin session timed out
9. When I attempted to log back in with the new password, I was denied access due to incorrect username/password. I double-checked, and no matter what I did, the switch refused to recognize my credentials. Also, “cisco/cisco” do not work.
I have been through this cycle three times now. I bought an SG200-26P switch to swap in and had the exact same experience. It appears that something somewhere on my network is able to change the password on the switch. I have a Pakedge RK-1 router on the network behind my cable modem [a Motorola non-wireless unit]. The Pakedge is up to date on firmware. The network works just fine, including distributing video and audio throughout the home and office. But something seems very odd about this process.
I run ClamXAV on all our machines, and have not seen anything suspicious in months, if not years.
I am not an IT guy, but I can reasonably follow instructions. Would welcome any input anyone might have. In the meantime, I plan to go through a one-by-one device reconnection process, through which I might be able to isolate the location of the of the source of the problem. There are no new devices on my network in months other than three Roku streaming devices, a Tablo DVR, and a new iMac Pro. TIA!