Configuring SSH for Management Access

About this task

By default, SSH is enabled from the factory settings on the controller. The controller requires an IP address and login credentials.

To enable SSH access on a device, login through the serial console and perform the following:

Procedure

  1. The session, by default, opens in the USER EXEC mode (one of the two access levels of the EXEC mode). Access the PRIV EXEC mode from the USER EXEC mode.
    ap505-13403B>en
    ap505-13403B#
  2. Access the GLOBAL CONFIG mode from the PRIV EXEC mode.
    ap505-13403B#configure terminal
    Enter configuration commands, one per line.  End with CNTL/Z.
    ap505-13403B(config)#
  3. Go to ‘default-management-policy‘ mode.
    ap505-13403B(config)#management-policy ?
      MANAGEMENT  Name of the management policy to be configured (will be created
                  if it does not exist)
    
    ap505-13403B(config)#management-policy default
    ap505-13403B(config-management-policy-default)#
  4. Enter SSH at the command prompt.
    ap505-13403B(config-management-policy-default)#ssh
    ap505-13403B(config-management-policy-default)#commit write
    ap505-13403B(config-management-policy-default)#end
    ap505-13403B#exit
  5. Connect to the access point through SSH using its configured IP address. If logging in for the first time, use the following credentials:
    User Name admin
    Password admin123
    Note: When logging in for the first time, you will be prompted to change the password. Re-set the password and use it for subsequent logins.
  6. On subsequent logins, to change the password, access the default management-policy configuration mode and enter the username, new password, role, and access details.
    ap505-13403B(config-management-policy-default)#user testuser password test@123
     role helpdesk access all
    ap505-13403B(config-management-policy-default)#commit
    ap505-13403B(config-management-policy-default)#show context
    management-policy default
     telnet
     http server
     https server
     no ftp
     ssh
     user admin password 1 fd07f19c6caf46e5b7963a802d422a708ad39a24906e04667c8642299c8462f1 role superuser access all
     user testuser password 1 32472f01757293a181738674bdf068ffe0b777ce145524fc669278820ab582c0 role helpdesk access all
     snmp-server community 2 uktRccdr9eLoByF5PCSuFAAAAAeB78WhgTbSKDi96msyUiW+ rw
     snmp-server community 2 Ne+R15zlwEdhybKxfbd6JwAAAAZzvrLGzU/xWXgwFtwF5JdD ro
     snmp-server user snmptrap v3 encrypted des auth md5 2 WUTBNiUi7tL4ZbU2I7Eh/QAAAAiDhBZTln0UIu+y/W6E/0tR
     snmp-server user snmpmanager v3 encrypted des auth md5 2 9Fva4fYV1WL4ZbU2I7Eh/QAAAAjdvbWANBNw+We/xHkH9kLi
     no https use-secure-ciphers-only
    ap505-13403B(config-management-policy-default)#