7 creating a secure management vlan, Creating a secure management vlan -41, Command set for creating a secure management vlan – Enterasys Networks 1G58x-09 User Manual
Page 383: Section 7.3.7
VLAN Configuration Command Set
Creating a Secure Management VLAN
Matrix E1 Series (1G58x-09 and 1H582-xx) Configuration Guide
7-41
7.3.7
Creating a Secure Management VLAN
If the Matrix E1 is to be configured for multiple VLANs, it may be desirable to configure a
management-only VLAN. This allows a station connected to the management VLAN to manage
all ports on the device. It also makes management secure by preventing configuration via ports
assigned to other VLANs.
To create a secure management VLAN, you must:
1. Create and name a new VLAN. (
2. Set the new VLAN as the host VLAN. (
3. Set a private community name and access policy. (
).
The commands needed to create a secure management VLAN are listed in
and described
in the associated section as shown.
.
NOTES: By default at device startup, there is one VLAN configured on the Matrix E1. It
is vlan-id 1, the default VLAN. The default community name, which determines remote
access for SNMP management, is set to “public” with Read-Write access.
Table 7-4
Command Set for Creating a Secure Management VLAN
To do this...
Use these commands...
Create and name a new VLAN and
confirm settings.
set vlan (
)
set vlan name (
(Optional) show vlan (
Set the new VLAN as the host VLAN,
confirm settings, and add user ports.
set port vlan host (
(Optional) show host vlan (
Set a private community name and access
policy and confirm settings.
set community (
)
(Optional) show community (
NOTE: This process would be repeated on every device that is connected in the
network to ensure that each device has a secure management VLAN. When configuring
multiple devices, vlan-names can be different, but the management vlan-id number
must be the same on each device. This is because the management vlan-id is included
in each packet.