Specifications
VLAN Configuration Command Set
Creating a Secure Management VLAN
6-32 Matrix DFE-Gold Series Configuration Guide
6.3.5 Creating a Secure Management VLAN
If the Matrix Series device is to be configured for multiple VLAN’s, it may be desirable to
configure a management-only VLAN. This allows a station connected to the management VLAN
to manage the device. It also makes management secure by preventing configuration via ports
assigned to other VLANs.
To create a secure management VLAN, you must:
1. Create a new VLAN. (Section 6.3.2.1)
2. Set the PVID for the host port and the desired switch port to the VLAN created in Step 1.
(Section 6.3.3.2)
3. Add the host port and the desired switch port to the egress list for the VLAN created in Step 1.
(Section 6.3.4.2)
4. Set a private community name and access policy. (Section 4.3.2.8)
The commands used to create a secure management VLAN are listed in Table 6-3 and described in
the associated section as shown.
.
NOTES: By default at device startup, there is one VLAN configured on the Matrix Series
device. It is VLAN ID 1, the DEFAULT VLAN. The default community name, which
determines remote access for SNMP management, is set to “public” with read-write access.
This example assumes the management station is attached to fe.1.1 and wants untagged frames.
The process described in this section would be repeated on every device that is connected in the
network to ensure that each device has a secure management VLAN.
Table 6-3 Command Set for Creating a Secure Management VLAN
To do this... Use these commands...
Create a new VLAN and confirm
settings.
set vlan create 2 (Section 6.3.2.1)
(Optional) show vlan 2 (Section 6.3.1.1)
Set the PVIDs to the new VLAN. set port vlan host.0.1; fe.1.1 2 (Section 6.3.3.2)
Add the ports to the new VLAN’s egress
list.
set vlan egress 2 host.0.1; fe.1.1 2 untagged
(Section 6.3.4.2)