Specifications
VLAN Configuration Command Set
Creating a Secure Management VLAN
6-32 SecureStack A2 Configuration Guide
6.3.6 Creating a Secure Management VLAN
If the SecureStack A2 device is to be configured for multiple VLAN’s, it may be desirable to
configure a management-only VLAN. This allows a station connected to the management VLAN
to manage the device. It also makes management secure by preventing configuration via ports
assigned to other VLANs.
To create a secure management VLAN, you must:
1. Create a new VLAN. (Section 6.3.2.1)
2. Set the PVID for the desired switch port to the VLAN created in Step 1. (Section 6.3.3.2)
3. Add the desired switch port to the egress list for the VLAN created in Step 1. (Section 6.3.4.3)
4. Assign host status to the VLAN. (Section 6.3.5.2)
5. Set a private community name and access policy. (Section 4.3.2.8)
The commands used to create a secure management VLAN are listed in Table 6-2 and described in
the associated section as shown.
.
NOTES: By default at device startup, there is one VLAN configured on the SecureStack A2
device. It is VLAN ID 1, the DEFAULT VLAN. The default community name, which determines
remote access for SNMP management, is set to “public” with read-write access.
This example assumes the management station is attached to fe.1.1 and wants untagged frames.
The process described in this section would be repeated on every device that is connected in the
network to ensure that each device has a secure management VLAN.
Table 6-2 Command Set for Creating a Secure Management VLAN
To do this... Use these commands...
Create a new VLAN and confirm settings. set vlan create 2 (Section 6.3.2.1)
(Optional) show vlan 2 (Section 6.3.1.1)
Set the PVID to the new VLAN. set port vlan fe.1.1 2 (Section 6.3.3.2)
Add the port to the new VLAN’s egress list. set vlan egress 2 fe.1.1 untagged (Section 6.3.4.3)
Assign host status to the VLAN. set vlan host 2 (Section 6.3.5.2)
Set a private community name and access
policy and confirm settings.
set snmp community private (Section 4.3.2.8)
(Optional) show snmp community (Section 4.3.2.7)