CISCO / BushNET User Guide¶
Complete user guide for initial setup and configuration of the CISCO / BushNET Industrial Ethernet Switch.
Table of Contents¶
- Product Overview
- Initial Setup
- Basic Configuration
- VLAN Configuration
- Security Configuration
- Management Access
- Industrial Features
- Backup and Recovery
Product Overview¶
CISCO / BushNET¶
The CISCO / BushNET is an industrial-grade Ethernet switch designed for harsh environments in manufacturing, utilities, transportation, and oil & gas industries.
Key Features¶
- Rugged Design: -40°C to 70°C operating temperature
- Industrial Protocols: CIP, Modbus TCP, PROFINET, EtherNet/IP
- High Availability: REP, PRP/HSR, MRP support
- PoE+ Support: Up to 30W per port (model dependent)
- Security: 802.1X, MACsec, TrustSec
- Management: CLI, Web UI, SNMP, Cisco DNA Center
Specifications¶
| Parameter | Value |
|---|---|
| Console Port | RJ-45 / Mini-USB Type B |
| Default Baud Rate | 9600 |
| Data Bits | 8 |
| Parity | None |
| Stop Bits | 1 |
| Flow Control | None |
| Default IP | None (configure via console) |
| Default Username | None (configure during setup) |
Initial Setup¶
What You Need¶
- CISCO / BushNET switch
- Console cable (RJ-45 to DB9 or USB-to-serial adapter)
- Terminal emulator software (or use CISCO / BushNET Serial Manager)
- Power supply (DC or PoE depending on model)
Step 1: Connect Console Cable¶
- Connect the console cable to the switch's console port
- Connect the other end to your PC's serial port or USB adapter
- Note the COM port assigned (Linux:
/dev/ttyUSB0or/dev/ttyACM0)
Step 2: Configure Terminal Settings¶
Step 3: Power On the Switch¶
- Connect power to the switch
- Wait for boot process (1-2 minutes)
- Press Enter when prompted
Step 4: Initial Configuration Dialog¶
If this is a new switch, you'll see the System Configuration Dialog:
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]: yes
Answer the prompts to configure basic settings, or type no to configure manually.
Basic Configuration¶
Enter Privileged Mode¶
Enter Configuration Mode¶
Set Hostname¶
Set Enable Password¶
Configure Management Interface¶
Create a management VLAN and assign IP address:
IE3300-SW1(config)# vlan 100
IE3300-SW1(config-vlan)# name Management
IE3300-SW1(config-vlan)# exit
IE3300-SW1(config)# interface Vlan100
IE3300-SW1(config-if)# ip address 192.168.1.10 255.255.255.0
IE3300-SW1(config-if)# no shutdown
IE3300-SW1(config-if)# exit
IE3300-SW1(config)# ip default-gateway 192.168.1.1
Assign Management Port¶
IE3300-SW1(config)# interface GigabitEthernet1/8
IE3300-SW1(config-if)# description Management Port
IE3300-SW1(config-if)# switchport mode access
IE3300-SW1(config-if)# switchport access vlan 100
IE3300-SW1(config-if)# exit
Set Clock and Timezone¶
IE3300-SW1(config)# clock timezone EST -5
IE3300-SW1(config)# clock summer-time EDT recurring
IE3300-SW1(config)# exit
IE3300-SW1# clock set 14:30:00 27 Feb 2026
Configure NTP¶
Save Configuration¶
IE3300-SW1# copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
Or use shorthand:
VLAN Configuration¶
Create VLANs¶
IE3300-SW1(config)# vlan 10
IE3300-SW1(config-vlan)# name Production
IE3300-SW1(config-vlan)# exit
IE3300-SW1(config)# vlan 20
IE3300-SW1(config-vlan)# name Engineering
IE3300-SW1(config-vlan)# exit
IE3300-SW1(config)# vlan 30
IE3300-SW1(config-vlan)# name SCADA
IE3300-SW1(config-vlan)# exit
Configure Access Ports¶
IE3300-SW1(config)# interface range GigabitEthernet1/1-4
IE3300-SW1(config-if-range)# description Production Devices
IE3300-SW1(config-if-range)# switchport mode access
IE3300-SW1(config-if-range)# switchport access vlan 10
IE3300-SW1(config-if-range)# spanning-tree portfast
IE3300-SW1(config-if-range)# exit
Configure Trunk Port¶
IE3300-SW1(config)# interface GigabitEthernet1/9
IE3300-SW1(config-if)# description Uplink to Core Switch
IE3300-SW1(config-if)# switchport trunk encapsulation dot1q
IE3300-SW1(config-if)# switchport mode trunk
IE3300-SW1(config-if)# switchport trunk native vlan 99
IE3300-SW1(config-if)# switchport trunk allowed vlan 10,20,30,100
IE3300-SW1(config-if)# exit
Verify VLAN Configuration¶
IE3300-SW1# show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi1/5, Gi1/6, Gi1/7
10 Production active Gi1/1, Gi1/2, Gi1/3, Gi1/4
20 Engineering active
30 SCADA active
99 Native active
100 Management active Gi1/8
Security Configuration¶
Configure Local Users¶
IE3300-SW1(config)# username admin privilege 15 secret AdminPass123!
IE3300-SW1(config)# username operator privilege 7 secret OperPass123!
IE3300-SW1(config)# username readonly privilege 1 secret ReadPass123!
Secure Console Access¶
IE3300-SW1(config)# line console 0
IE3300-SW1(config-line)# login local
IE3300-SW1(config-line)# exec-timeout 10 0
IE3300-SW1(config-line)# logging synchronous
IE3300-SW1(config-line)# exit
Configure SSH Access¶
! Set domain name (required for RSA keys)
IE3300-SW1(config)# ip domain-name industrial.local
! Generate RSA keys
IE3300-SW1(config)# crypto key generate rsa modulus 2048
! Configure SSH
IE3300-SW1(config)# ip ssh version 2
IE3300-SW1(config)# ip ssh time-out 60
IE3300-SW1(config)# ip ssh authentication-retries 3
! Configure VTY lines
IE3300-SW1(config)# line vty 0 15
IE3300-SW1(config-line)# transport input ssh
IE3300-SW1(config-line)# login local
IE3300-SW1(config-line)# exec-timeout 15 0
IE3300-SW1(config-line)# exit
Disable Telnet¶
IE3300-SW1(config)# line vty 0 15
IE3300-SW1(config-line)# transport input ssh
IE3300-SW1(config-line)# exit
Configure Port Security¶
IE3300-SW1(config)# interface range GigabitEthernet1/1-4
IE3300-SW1(config-if-range)# switchport port-security
IE3300-SW1(config-if-range)# switchport port-security maximum 2
IE3300-SW1(config-if-range)# switchport port-security violation restrict
IE3300-SW1(config-if-range)# switchport port-security mac-address sticky
IE3300-SW1(config-if-range)# exit
Configure Login Banner¶
IE3300-SW1(config)# banner motd ^
*************************************************************
* AUTHORIZED ACCESS ONLY *
* *
* This system is the property of Industrial Corp. *
* Unauthorized access is prohibited and will be prosecuted. *
* *
*************************************************************
^
Disable Unused Services¶
IE3300-SW1(config)# no ip http server
IE3300-SW1(config)# no ip http secure-server
IE3300-SW1(config)# no ip finger
IE3300-SW1(config)# no ip bootp server
IE3300-SW1(config)# no service tcp-small-servers
IE3300-SW1(config)# no service udp-small-servers
IE3300-SW1(config)# service password-encryption
Management Access¶
Enable SNMP¶
IE3300-SW1(config)# snmp-server community public RO
IE3300-SW1(config)# snmp-server community private RW
IE3300-SW1(config)# snmp-server location "Building A, Floor 2, Rack 5"
IE3300-SW1(config)# snmp-server contact "netops@industrial.local"
! SNMPv3 (more secure)
IE3300-SW1(config)# snmp-server group SNMPV3GROUP v3 priv
IE3300-SW1(config)# snmp-server user snmpuser SNMPV3GROUP v3 auth sha AuthPass123 priv aes 128 PrivPass123
Configure Syslog¶
IE3300-SW1(config)# logging host 10.0.0.50
IE3300-SW1(config)# logging trap informational
IE3300-SW1(config)# logging facility local7
IE3300-SW1(config)# logging source-interface Vlan100
Enable Web Interface (HTTPS)¶
IE3300-SW1(config)# ip http secure-server
IE3300-SW1(config)# ip http authentication local
IE3300-SW1(config)# ip http access-class 10
IE3300-SW1(config)# access-list 10 permit 192.168.1.0 0.0.0.255
Industrial Features¶
REP (Resilient Ethernet Protocol)¶
REP provides fast convergence for ring topologies.
! Configure primary edge port
IE3300-SW1(config)# interface GigabitEthernet1/9
IE3300-SW1(config-if)# rep segment 1 edge primary
IE3300-SW1(config-if)# exit
! Configure secondary edge port
IE3300-SW1(config)# interface GigabitEthernet1/10
IE3300-SW1(config-if)# rep segment 1 edge
IE3300-SW1(config-if)# exit
Alarm Relay Configuration¶
IE3300-SW1(config)# alarm facility power-supply relay major
IE3300-SW1(config)# alarm facility temperature relay minor
Configure for EtherNet/IP¶
IE3300-SW1(config)# cip security
IE3300-SW1(config)# interface GigabitEthernet1/1
IE3300-SW1(config-if)# cip enable
IE3300-SW1(config-if)# exit
PTP (Precision Time Protocol)¶
IE3300-SW1(config)# ptp mode boundary
IE3300-SW1(config)# ptp domain 0
IE3300-SW1(config)# interface GigabitEthernet1/1
IE3300-SW1(config-if)# ptp enable
IE3300-SW1(config-if)# exit
Backup and Recovery¶
Backup Configuration to TFTP¶
IE3300-SW1# copy running-config tftp://10.0.0.100/ie3300-sw1-config.txt
Address or name of remote host [10.0.0.100]?
Destination filename [ie3300-sw1-config.txt]?
!!
Restore Configuration from TFTP¶
Backup to Flash¶
Schedule Automatic Backup¶
IE3300-SW1(config)# kron occurrence BACKUP at 23:00 recurring
IE3300-SW1(config-kron-occurrence)# policy-list BACKUP_POLICY
IE3300-SW1(config-kron-occurrence)# exit
IE3300-SW1(config)# kron policy-list BACKUP_POLICY
IE3300-SW1(config-kron-policy)# cli write memory
IE3300-SW1(config-kron-policy)# exit
Factory Reset¶
To reset the switch to factory defaults:
IE3300-SW1# write erase
Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]
[OK]
IE3300-SW1# reload
Password Recovery¶
If you've lost the enable password:
- Connect via console
- Power cycle the switch
- Press the MODE button for 3-4 seconds during boot
- The switch enters ROMMON mode
- Set configuration register:
confreg 0x2142 - Boot:
boot - Enter enable mode (no password required)
- Copy startup to running:
copy startup-config running-config - Set new password:
enable secret NewPassword - Reset config register:
config-register 0x2102 - Save:
write memory - Reload:
reload
Complete Basic Configuration Example¶
! Cisco IE3300 Basic Configuration Template
! ==========================================
! Hostname and Domain
hostname IE3300-SW1
ip domain-name industrial.local
! Enable Password
enable secret MySecurePassword123!
! Local Users
username admin privilege 15 secret AdminPass123!
username operator privilege 7 secret OperPass123!
! Console Configuration
line console 0
login local
exec-timeout 10 0
logging synchronous
! SSH Configuration
crypto key generate rsa modulus 2048
ip ssh version 2
ip ssh time-out 60
! VTY Configuration
line vty 0 15
transport input ssh
login local
exec-timeout 15 0
! Management VLAN
vlan 100
name Management
! Management Interface
interface Vlan100
ip address 192.168.1.10 255.255.255.0
no shutdown
! Default Gateway
ip default-gateway 192.168.1.1
! NTP
ntp server 10.0.0.1 prefer
! Logging
logging buffered 16384
logging host 10.0.0.50
! Security Hardening
no ip http server
no ip http secure-server
service password-encryption
! Banner
banner motd ^
*************************************************************
* AUTHORIZED ACCESS ONLY *
*************************************************************
^
! Production VLANs
vlan 10
name Production
vlan 20
name Engineering
! Port Configuration
interface range GigabitEthernet1/1-4
description Production Devices
switchport mode access
switchport access vlan 10
spanning-tree portfast
interface GigabitEthernet1/8
description Management Port
switchport mode access
switchport access vlan 100
! Save Configuration
end
write memory