×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Vlan and Vlan.dat

Answered Question
Feb 11th, 2014
User Badges:

Im new to cisco, I have a question if yall can please  answer it. yesterday while configuring my 881w router I came up with: ip  address can not be configures on l2 links. so I did a research and  found out that I had to do a Vlan in order to access CPExpress, so i did  that and was able to get in the the GUI interface. Now my this is my  problem, while reasearching a method to configuring the router I came up  with a website that said something like: while creating a vlan make  sure to change the default paswword "of something I can't remember"  because hackers could try entering all passwords and get it to you  vlan's. Also I was reserching about he vlan.dat file on the flash  memory, but i dont remember where i got that hacker thing from. is this  true? and how can you change default password form valn's? thank you.

Correct Answer by John Blakley about 3 years 6 months ago

That's correct. If you want your cameras on vlan 10, you'd make them an access port on vlan 10. If you want your computers on vlan 5, you'd make them access ports on vlan 5, etc.



HTH,
John

*** Please rate all useful posts ***

Correct Answer by John Blakley about 3 years 6 months ago

Heber,


This isn't true. There are two things that you would need to be concerned about in an enterprise environment for security purposes: your account including password, and the native vlan should be changed from the default of vlan 1.


You would always want to change the default password on devices. Default passwords for equipment are readily available on the internet, and if someone were able to get access to your equipment and figure out what you're running, then they would be able to easily get into your equipment with a password found on the internet. That's why you want to change the default.


Maybe you read about changing the native vlan?


HTH,
John

*** Please rate all useful posts ***

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
John Blakley Tue, 02/11/2014 - 19:08
User Badges:
  • Purple, 4500 points or more

Heber,


This isn't true. There are two things that you would need to be concerned about in an enterprise environment for security purposes: your account including password, and the native vlan should be changed from the default of vlan 1.


You would always want to change the default password on devices. Default passwords for equipment are readily available on the internet, and if someone were able to get access to your equipment and figure out what you're running, then they would be able to easily get into your equipment with a password found on the internet. That's why you want to change the default.


Maybe you read about changing the native vlan?


HTH,
John

*** Please rate all useful posts ***

Heber Trejo Tue, 02/11/2014 - 19:20
User Badges:

I got the default password on hardware as for the native vlan, how can it be changed from the default vlan 1? Also can you guve me a real life situaton when some one acces a vlan. What could happend?  Thanks

John Blakley Tue, 02/11/2014 - 19:32
User Badges:
  • Purple, 4500 points or more

Heber,


Do you mean how to change the native vlan? You would change your trunk links in order to make the vlan that you want untagged. If you have vlan 1, 10, and 20, and you want to make 20 the native vlan, you could make all ports on the switch access ports for vlan 20, and then on the uplink you would change the native vlan across the trunk with "switchport trunk native vlan 20".



HTH,
John

*** Please rate all useful posts ***

Heber Trejo Tue, 02/11/2014 - 19:53
User Badges:

Oh i see, im undestanding now. The reaso why im asking is because i want to have my computers, ip cameras and streaming video devices in different vlans for security reasons. I order a 3750x switch, so im going to make 3 vlans ex. 5,10,15 one for each end devices. I have to set each port from the switch to be a switchport of a vlan to the respectively vlan number of each device correct?

Correct Answer
John Blakley Wed, 02/12/2014 - 03:53
User Badges:
  • Purple, 4500 points or more

That's correct. If you want your cameras on vlan 10, you'd make them an access port on vlan 10. If you want your computers on vlan 5, you'd make them access ports on vlan 5, etc.



HTH,
John

*** Please rate all useful posts ***

Heber Trejo Wed, 02/12/2014 - 19:35
User Badges:

Than you so much for your help, now I undestand. Im going to use other vlans and not mess with the default vlan1 and assing in the other vlans a ssh connection to remotely conect to the switch!

Actions

This Discussion

Related Content