Solved: Some Basic questions please SG350 config

iammike · ‎06-16-2023

Sorry if this to NooBish but I have some basic questions, and yes I have searched

1- Change the SSH port to something else then 22 and also change the HTTPS port.
Is that possible via the Web Interface

2- When accessing the Switch via SSH I get the Userid prompt but after I type in the correct info I get "Access Denied" and in the Switch a message "..... SSH connection rejected" (Trying to login with Putty) SSH is enabled.

3- How to enable that SSH is only allowed via a certain IP, same for the Webinterface?

4- Any good practices to do when configuring the switch first time?

Sorry again, but I am just starting out with these and I have been through all the options. Firmware version is 2.5.5.47

TiA

Kasun Bandara · ‎06-17-2023

@iammike hi,

1. this is not possible via Web interface

2. try creating new user and allow management access to under security

3. you can configure access profiles in security menu

4. it depends on your environment. you can check this document and do required changes according to your requirement.

https://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

View solution in original post

Kasun Bandara · ‎06-17-2023

@iammike hi,

1. this is not possible via Web interface

2. try creating new user and allow management access to under security

3. you can configure access profiles in security menu

4. it depends on your environment. you can check this document and do required changes according to your requirement.

https://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

iammike · ‎06-17-2023

thx.

Re 1:
Can you point me in the direction of changing this via the Console?

Re: 2
I have already created a NEW user and it has "full rights" which is 15 I believe

Re: 3 & 4. Thx

Kasun Bandara · ‎06-17-2023

@iammike

1. https://www.cisco.com/c/en/us/td/docs/switches/lan/csbms/CBS_250_350/CLI/cbs-350-cli-/telnet_ssh-and-slogin-commands.html#wp9311596410

2. you need to select login method and allow SSH logins in security menu

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

iammike · ‎06-17-2023

Thx

Re 2: SSH is enabled in Securirty menu under Security - TCP/UDP Services
Also enabled are HTTPS and Telnet. Disabled are SNMP and HTTP

Edit: Trying via Telnet (through Putty) and I get the same
Edit 2: I just reset the Switch to factory defaults and still the same. Reject

Edit 3: SUC6!!! Resetting the Switch to Factory defaults and again and ONLY creating a new Admin user and enabling SSH it works. Learning curve hahahaha

Edit 4: Port for SSH changed

in # enter config
then enter the following ip ssh port <port number>

Kasun Bandara · ‎06-17-2023

@iammike

go to security menu > Management Access Authentication > select Application as SSH and make sure you selected 'Local" as selected methods.

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

iammike · ‎06-17-2023

@Kasun Bandara

Thx I solved it already.

I think by tinkering too much I did something wrong but after reset to Factory Defaults and enabling SSH again (after creating a user) it worked