cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1197
Views
0
Helpful
6
Replies

Vlan and Vlan.dat

Heber Trejo
Level 1
Level 1

Im new to cisco, I have a question if yall can please  answer it. yesterday while configuring my 881w router I came up with: ip  address can not be configures on l2 links. so I did a research and  found out that I had to do a Vlan in order to access CPExpress, so i did  that and was able to get in the the GUI interface. Now my this is my  problem, while reasearching a method to configuring the router I came up  with a website that said something like: while creating a vlan make  sure to change the default paswword "of something I can't remember"  because hackers could try entering all passwords and get it to you  vlan's. Also I was reserching about he vlan.dat file on the flash  memory, but i dont remember where i got that hacker thing from. is this  true? and how can you change default password form valn's? thank you.

2 Accepted Solutions

Accepted Solutions

John Blakley
VIP Alumni
VIP Alumni

Heber,

This isn't true. There are two things that you would need to be concerned about in an enterprise environment for security purposes: your account including password, and the native vlan should be changed from the default of vlan 1.

You would always want to change the default password on devices. Default passwords for equipment are readily available on the internet, and if someone were able to get access to your equipment and figure out what you're running, then they would be able to easily get into your equipment with a password found on the internet. That's why you want to change the default.

Maybe you read about changing the native vlan?

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

View solution in original post

That's correct. If you want your cameras on vlan 10, you'd make them an access port on vlan 10. If you want your computers on vlan 5, you'd make them access ports on vlan 5, etc.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

View solution in original post

6 Replies 6

John Blakley
VIP Alumni
VIP Alumni

Heber,

This isn't true. There are two things that you would need to be concerned about in an enterprise environment for security purposes: your account including password, and the native vlan should be changed from the default of vlan 1.

You would always want to change the default password on devices. Default passwords for equipment are readily available on the internet, and if someone were able to get access to your equipment and figure out what you're running, then they would be able to easily get into your equipment with a password found on the internet. That's why you want to change the default.

Maybe you read about changing the native vlan?

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

I got the default password on hardware as for the native vlan, how can it be changed from the default vlan 1? Also can you guve me a real life situaton when some one acces a vlan. What could happend?  Thanks

Heber,

Do you mean how to change the native vlan? You would change your trunk links in order to make the vlan that you want untagged. If you have vlan 1, 10, and 20, and you want to make 20 the native vlan, you could make all ports on the switch access ports for vlan 20, and then on the uplink you would change the native vlan across the trunk with "switchport trunk native vlan 20".

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

Oh i see, im undestanding now. The reaso why im asking is because i want to have my computers, ip cameras and streaming video devices in different vlans for security reasons. I order a 3750x switch, so im going to make 3 vlans ex. 5,10,15 one for each end devices. I have to set each port from the switch to be a switchport of a vlan to the respectively vlan number of each device correct?

That's correct. If you want your cameras on vlan 10, you'd make them an access port on vlan 10. If you want your computers on vlan 5, you'd make them access ports on vlan 5, etc.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

Than you so much for your help, now I undestand. Im going to use other vlans and not mess with the default vlan1 and assing in the other vlans a ssh connection to remotely conect to the switch!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco