Managing network infrastructure has never been more critical, and the Cisco Catalyst 9200L switch continues to be a popular choice for businesses in 2026. Whether you are a student, junior network administrator, or IT professional brushing up on the basics, understanding how to create and configure a user on a Cisco 9200L switch is a foundational skill. Proper user configuration improves security, ensures accountability, and allows controlled access to your switching environment.
TLDR: To create and configure a user on a Cisco 9200L switch, you access global configuration mode through the command-line interface (CLI), create a local username with a secure password, assign appropriate privilege levels, and configure login methods on console and VTY lines. Always encrypt passwords and save your configuration. With careful setup, you can enhance security and streamline device management in just a few steps.
In this beginner-friendly, step-by-step guide, we’ll walk through everything you need to know — from accessing the device to testing your newly created user account. Let’s get started.
Why Creating Users on a Cisco 9200L Matters
Before jumping into commands, it’s important to understand why user configuration is essential.
- Security: Prevents unauthorized access.
- Accountability: Tracks who made configuration changes.
- Access Control: Assigns specific privilege levels.
- Compliance: Meets security audit and policy requirements.
The Cisco 9200L runs Cisco IOS XE, which supports robust authentication methods, including local authentication, RADIUS, and TACACS+. For beginners, the local user database is the easiest place to start.
What You’ll Need Before You Begin
Here’s a quick checklist to ensure you’re ready:
- Cisco Catalyst 9200L switch powered on
- Console cable (or SSH access if already configured)
- Terminal emulator (PuTTY, Tera Term, SecureCRT, etc.)
- Basic knowledge of Cisco CLI navigation
If you’re connecting via console for the first time, use these standard settings:
- Speed: 9600 baud
- Data bits: 8
- Parity: None
- Stop bits: 1
- Flow control: None
Step 1: Access Privileged EXEC Mode
Once connected to the switch, you’ll start in User EXEC mode, indicated by:
Switch>
To make configuration changes, enter Privileged EXEC mode:
Switch> enable Switch#
If prompted, enter the enable password.
Step 2: Enter Global Configuration Mode
From Privileged EXEC mode, type:
Switch# configure terminal Switch(config)#
This command places you into Global Configuration mode, where system-wide settings can be adjusted.
Step 3: Create a Local User Account
Now comes the key step: creating a new user.
The basic syntax is:
username <name> privilege <level> secret <password>
For example:
Switch(config)# username admin privilege 15 secret Str0ngP@ss2026
Breaking It Down:
- username admin → Creates a user named “admin”
- privilege 15 → Grants full administrative access
- secret → Encrypts the password securely
Important: Always use secret instead of password, as the former uses stronger encryption.
Understanding Privilege Levels
Cisco devices use privilege levels from 0 to 15:
- Level 0: Minimal access
- Level 1: Basic read-only access (default user mode)
- Level 15: Full administrative control
You may want to create different users with different access levels:
Switch(config)# username helpdesk privilege 5 secret HelpD3sk! Switch(config)# username auditor privilege 3 secret Aud1t2026!
This helps enforce the principle of least privilege, a core concept in cybersecurity.
Step 4: Configure Console Login Authentication
Creating a user isn’t enough. You must tell the switch to use the local database for authentication.
First, configure the console line:
Switch(config)# line console 0 Switch(config-line)# login local Switch(config-line)# exit
What this does:
- line console 0 → Enters console line configuration
- login local → Uses locally configured usernames for authentication
Step 5: Configure VTY Lines for SSH/Telnet Access
If you want remote access, configure the VTY (Virtual Terminal) lines.
Switch(config)# line vty 0 4 Switch(config-line)# login local Switch(config-line)# transport input ssh Switch(config-line)# exit
This enables SSH login using local credentials.
Security Tip: Avoid enabling Telnet in 2026 unless absolutely necessary. SSH encrypts traffic, while Telnet does not.
Step 6: (Optional but Recommended) Enable Password Encryption
Even though the secret command encrypts passwords, you should also enable global password encryption:
Switch(config)# service password-encryption
This ensures all plaintext passwords are converted into encrypted format inside the configuration file.
Step 7: Save the Configuration
If you don’t save your configuration, all changes will be lost after a reboot.
Exit configuration mode and save:
Switch# write memory
or
Switch# copy running-config startup-config
You’ll see a confirmation message indicating the configuration has been saved.
Step 8: Test the User Account
Always verify your work.
- Log out from the console or SSH session.
- Reconnect to the switch.
- Enter the username and password you created.
If everything is correct, you should gain access based on the assigned privilege level.
Common Mistakes to Avoid
Even experienced administrators make mistakes. Watch out for these common errors:
- Forgetting login local on console or VTY lines
- Using password instead of secret
- Not saving the configuration
- Assigning privilege 15 to every user
- Enabling Telnet without encryption
Taking a few extra minutes to double-check can save hours of troubleshooting later.
Advanced Option: Using AAA for Better Control
In enterprise environments, you might configure AAA (Authentication, Authorization, and Accounting).
Basic local AAA configuration example:
Switch(config)# aaa new-model Switch(config)# aaa authentication login default local
AAA provides more granular control and is commonly integrated with:
- RADIUS servers
- TACACS+
- Active Directory integration
For beginners, local authentication is sufficient, but AAA is worth exploring as you grow your networking skills.
Quick Command Summary
Here’s a simplified overview of key commands:
enable configure terminal username admin privilege 15 secret Str0ngP@ss2026 line console 0 login local exit line vty 0 4 login local transport input ssh exit service password-encryption write memory
This is the core workflow you’ll use repeatedly in real-world environments.
Final Thoughts
Creating and configuring a user on a Cisco 9200L switch in 2026 remains a straightforward but critical task. By setting up secure local accounts, assigning appropriate privilege levels, enabling encrypted remote access, and saving your configuration properly, you dramatically improve the reliability and security of your network.
As you advance, explore:
- Role-based access control (RBAC)
- AAA with centralized authentication
- Multi-factor authentication for network devices
- Automating user deployment with scripts
Networking isn’t just about cables and packets — it’s about securing infrastructure and ensuring smooth operations. Mastering user configuration on Cisco switches is one of the first big steps toward becoming a confident network administrator.
Now that you know the process step-by-step, log into your lab switch and try it yourself. Practical experience is the best teacher.