To factory reset a Cisco Catalyst 9200 series switch (e.g. when you can no longer log in or have forgotten the password), you can factory reset the switch through physical access and a serial console connection.

First, connect the serial console cable and verify whether you have access to the serial console. Also, verify whether you have physical access to the switch and can unplug the power.

Unplug the power cable to power down the switch. While holding down the button at the left top corner (next to the "S" LED), plug in back in. Keep the button pressed for at least 10 seconds, until the "S" LED is solid green. The console output will also state the boot from "pa  ...

To configure SSH access, and disable Telnet, follow these steps.

Enable the new AAA model and configure a user account and optional enable password:aaa new-modelusername cisco secret 0 ciscoenable secret 0 cisco



Generate SSH keys and set up time-out and other parameters:ip domain name some-domain.comcrypto key generate rsaip ssh version 2ip ssh time-out 60ip ssh authentication-retries 2

When generating SSH keys, you first need to specify a domain name. You will also be prompted to enter the modulus bit rate. Although 1024 is suggested, it is recommended to set it to 2048 as lower is deprecated.

Optionally, to disable Telent access, explicitly set the transport:line vty 0 4transport inp  ...