III. Management VLAN
For security and performance reasons, it is best to separate user traffic and management traffic.
When Management VLAN is set up, only a host or hosts that is/are in this Management VLAN can
manage the device; thus, broadcasts that the device receives or traffic (e.g. multicast) directed to
the management port will be minimized.
In the network diagram provided, the management PC on the right would like to manage the
Managed Switch on the left remotely. You can follow the steps described below to set up the
Management VLAN.
Management VLAN Network Diagram
CLI Configuration:
1. Enter Global Configuration
mode.
SWH> enable
Password:
SWH# config
SWH(config)#
SWH(config)# vlan dot1q-vlan 10
OK !
SWH(config-vlan-10)#
3. Name VLAN 10 to
Management
SWH(config-vlan-10)# name Management
OK !
SWH(config-vlan-10)# exit
4. Assign Port 26 to VLAN 10.
SWH(config)# interface 26
SWH(config-if-26)# vlan dot1q-vlan trunk-vlan 10
OK !
5. Assign VLAN 10 to
Management VLAN and Port
26 to Management port.
SWH(config)# vlan management-vlan 10 management-
port 26 mode trunk
OK !
6. Show currently configured
dot1q settings and check
CPU has been a member
port in Management VLAN
10.
SWH(config)# show vlan dot1q-vlan
=============================================================
IEEE 802.1q Tag VLAN :
=============================================================
CPU VLAN ID : 10
VLAN Name VLAN 1 8 9 16 17 24 25 26 CPU
--------------- ---- -------- -------- -------- -- -- ---
Default_VLAN 1 VVVVVVVV VVVVVVVV VVVVVVVV V V -
Management 10 -------- -------- -------- - V V
NOTE: By default, all ports are member ports of the
Default_VLAN. Before removing the Default_VLAN from the VLAN
table, make sure you have correct management VLAN and PVID
configurations, otherwise, incorrect configurations may
disconnect your management PC to the Managed Switch
immediately when you enter the command.
To Next Page
Loading...
Need help?
General
