VLAN Configuration Summary
10-2 802.1Q VLAN Configuration
Creating a Secure Management VLAN
Bydefaultatstartup,thereisoneVLANconfiguredontheEnterasysB5device.ItisVLANID1,
theDEFAULTVLAN.Thedefaultcommunityname,whichdeterminesremoteaccessforSNMP
management,issetto“public”withread‐writeaccess.
IftheEnterasysB5deviceistobeconfiguredfor
multipleVLANs,itmaybedesirabletoconfigure
amanagement‐onlyVLAN.ThisallowsastationconnectedtothemanagementVLANtomanage
thedevice.Italsomakesmanagementsecurebypreventingconfigurationviaportsassignedto
otherVLANs.
TocreateasecuremanagementVLAN,youmust:
Thecommandsusedtocreate
asecuremanagementVLANarelistedinTable 10‐1.Thisexample
assumesthemanagementstationisattachedtoge.1.1andwantsuntaggedframes.
Theprocessdescribedherewouldberepeatedoneverydevicethatisconnectedinthenetworkto
ensurethateachdevicehasasecuremanagementVLAN.
Step Task Refer to page...
1. Create a new VLAN. 10-5
2. Set the PVID for the desired switch port to the VLAN created in Step 1. 10-9
3. Add the desired switch port to the egress list for the VLAN created in
Step 1.
10-15
4. Assign host status to the VLAN. 10-18
5. Set a private community name and access policy. 8-14
Table 10-1 Command Set for Creating a Secure Management VLAN
To do this... Use these commands...
Create a new VLAN and confirm settings. set vlan create 2 (“set vlan” on page 10-5)
(Optional) show vlan 2 (“show vlan” on page 10-3)
Set the PVID to the new VLAN. set port vlan ge.1.1 2 (“set port vlan” on page 10-9)
Add the port to the new VLAN’s egress list. set vlan egress 2 ge.1.1 untagged (“set vlan egress” on
page 10-15)
Remove the port from the default VLAN’s
egress list.
clear vlan egress 1 ge.1.1 (“clear vlan egress” on
page 10-15)
Assign host status to the VLAN. set host vlan 2 (“set host vlan” on page 10-18)
Set a private community name and access
policy and confirm settings.
set snmp community private (“set snmp community” on
page 8-14)
(Optional) show snmp community (“show snmp
community” on page 8-13)
To Next Page
Loading...