Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
224
Views
1
Helpful
4
Replies

CBS220 options

00u1c1e8sgNfbgbZ15d7
Level 1
Level 1

ā€Ž07-23-2025 03:50 PM

Can Cisco 220 Series Smart Switches CBS220-24T-4G support :

a) AAA TACACS+ integration?

b) Remote access via ssh ( CLI)?

c) Can I add other "not-VLAN1" VLANs for management? 

d) This model is not PoE, but could I add voice vlan ( for phones with power injector)?

Could you please provide a link with best practice to configure securely these devices?

0 Helpful
4 Replies 4

pieterh
VIP
VIP

ā€Ž07-24-2025 11:06 AM - edited ā€Ž07-24-2025 11:09 AM

this is the point to start:
https://www.cisco.com/c/en/us/support/switches/small-business-220-series-smart-plus-switches/series.html#~tab-documents 

important document here is the administration guide:
You can assign authentication methods to the various management access methods, such as SSH, console, Telnet, HTTP, and HTTPS. This authentication can be performed locally or on an external server, such as a TACACS+ or a RADIUS server.

so a) is covered tacacs+/radius for AAA and b) for ssh

By default, VLAN 1 is the management VLAN, but this can be modified. The switch can only be reached at the configured IP address through its management VLAN.

so c) is also covered

also using the index look for voice vlan 
Configuring Voice VLAN 141
Configuring Voice VLAN Properties 143
Configuring Telephony OUI 143
Adding Interfaces to Voice VLAN on Basis of OUIs 145

so d) is also covered

also take a look at Cisco 220 Series Smart Switches: Tech Talk Videos  

 

00u1c1e8sgNfbgbZ15d7
Level 1
Level 1

ā€Ž07-24-2025 03:09 PM

Thanks so much for pieterh!!

Regarding external management, when you said:The switch can only be reached at the configured IP address through its management VLAN.

This management VLAN could be any VLAN, like for example the voice VLAN? Again avoiding to use VLAN1.

I do appreciate your help.

0 Helpful

00u1c1e8sgNfbgbZ15d7
Level 1
Level 1

ā€Ž07-25-2025 01:06 PM

Hello, today we tried to configure IP address for VLANs via CLI, but this model does not accept basic commands ( via CLI) like:

(config)#interface vlan XXX

or 

(config-if)#switchport trunk allowed vlan 1,XXX,yyy

so I can not assigned IP address for management or setup allowed VLANs in trunk BEFORE connecting to production uplink switch.

I left one port on VLAN1 only ( Gi24), could you please confirm, is there any way to access web administration page of this device? I heard about 192.168.1.254, and I can see it in "show version" output ( not in "sh runn")

IP Address : 192.168.1.254
Subnet Mask : 255.255.255.0
Model Number : CBS220-24T-4G

I do appreciate your help

0 Helpful

pieterh
VIP
VIP
In response to 00u1c1e8sgNfbgbZ15d7

ā€Ž07-26-2025 01:54 AM

the page i suggested also has a link to the CLI guide
https://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbss/sf220_sg220/command_line_reference/1_1_0_x/220_CLI_Guide.pdf 
see page 245 of the CLI guide

the commands needed are 
management vlan ip address <x.x.x.x> mask <y.y.y.y> The default IP address of the management VLAN is 192.168.1.254.
or management vlan ip dhcp client
management-vlan vlan <vlan-id>


>>> so I can not assigned IP address for management or setup allowed VLANs in trunk BEFORE connecting to production uplink switch. <<<
- when you change the vlan your client must also be moved to the new vlan
- when you change the management ip your client must also be reconfigured to use the new subnet too
to avoid this you can use the serial console on models that offer such a connection
if you access the switch over tcp/ip instead of serial console, you always have this kind of problems

if you first configure your uplink, then the cbs220 still uses the defalt vlan-1 and the default management ip-address 192.168.1.254
then you must first configure a client in vlan1 with matching ip-address in thus subnet (192.68.1.0/24) to reach the cbs220 over tcp/ip

using network connection you may need to configure using individul steps
- put your client in vlan1
- acces the defult management ip over tcp/ip
- create the new management vlan (let's say 999)
- configure some interface as  access port (untagged) vlan 999
- modify the management vlan to 999
- connect your client to the port in vlan 999
- reconnect to the defailt management ip (now using vlan 999
- modify the management ip to the desired ip in vlan 999
- reconfigure your client network setings to original.

if you have a DHCP-server in your management vlan,
you may consider configuring the management ip for DHCP before configuring the new management vlan 
prefferably ausing  permanent lease for the mac-address of the cbs220
this way the cbs220 is reachable when moved to the management vlan

 

 

0 Helpful
Customers Also Viewed These Support Documents