Configure Switch Passwords
Switch passwords must be (Recommend) set at all the switches for secure security.
- Line Console
This password is configured for all users who are trying to access through the console
You can check is the configuration in show running-config as given below
Note: password is changed because of encryption command. we will discuss it later.
- Local user and specific passwords
Firstly, we are going to create a user for telnet and SSH
Now we are creating telnet and SSH on line VTY (Virtual Teletype).
Enable Password
Note: Enable password is must access the switch through telnet/SSH
- Tip
We are going to discuss Line VTY.
- If there is "no login" command in line mode then no authentication is going to meet and the connection will succeed without authentication which is not a good practice at all
- If there is login local command is present under line VTY then it is going to meet with aaa authentication. In our scenario, we consider login local command in AQ Learning switch. Now when we access this switch it will ask for the username and password then we will be able to access the switch.
- If the keyword Login exits and local is missing from line VTY then you must mention password underline VTY otherwise switch will not access through telnet/SSH
Note: If we configure login local underline VTY and username and password is not created then we will not be able to access the switch.
- Encrypted All Passwords
We should encrypt all passwords in show running/startup configurations by applying one command in configuration mode as under
You can verify in show running/startup-configuration as under
Note: By applying service password-encryption command all passwords including enable, console and telnet/SSH will be encrypted in running/startup configurations
Configure VLAN On Cisco Switches
Note: This document doesn't contain detailed information. This document is all about quick basic configuration commands and tips which you should remember during initial configuring in a live environment. But we will discuss very basic concepts.
In simple words VLAN allows us to subdivide the physical network into the separate logical broadcast domain.
Complete detail document link is given below for complete understanding.
Here is an example why we create VLANS
Example: Suppose we have two departments in our office, One is sales and second one is IT. These two departments in the same network. Now we don't want to communicate sales with IT depart. In this scenario, we will create two different VLANs for achieving our task. VLANS have a very simple configuration. We can also control bandwidth through these different VLANs.
Tip:
All unused ports should be in shutdown mode and at default VLAN only (Best Practice). Always create manual VLAN on your access layer and unused port should not the member of any VLAN.
- Assign Ports to VLANs
Now we are going to show how we can assign VLANs to specific ports
- Interface GigabitEthernet1/0/11
This command is used to access specific physical port (interface)
- switchport mode access
This command is used to configure the port as the access port (end devices are in access mode)
- Switchport access VLAN 101
This command is used to assign the physical port to specific VLAN
- Spanning-tree portfast
This command is used when we want to turn port in forwarding state immediately
- no shutdown
Command used to enable port
--------------------------------------------------End Topic----------------------------------------------------------------------------------------------------------------------------------------------------------
****Free of Cost Services****
· You can contact us for free any Cisco paid software router IOS, Latest Switches IOS, Wireless IOS, Cisco ASA IOS, paid Cisco documentation.
· You can also contact us any kind of network issues during your studies and job. we will respond to you within 2 to 3 hours.
· You can also contact us for your network projects and assignment. We have expert team for preparing the documentation.
·
****Contact us****
****Blogger ****
****Email ****
****Website ****
****AQ Cisco Community Profile****
****Google+ ****
****Facebook****
*****Cisco Switch Useful Commands****
****Cisco switch Error disable quick****
****Cisco switch LED and Network assistant software****
****Cisco switch password recovery****
****Port channel suspended****
Hope document helpful for you
Regards,
AQ Learning Center (Networks)
CCIE Experts
 |
| Now presents AQ Learning Center |