11-26
Port-Based Virtual LANs (VLANs) and GVRP
Port-Based Virtual LANs (Static VLANs)
The Secure Management VLAN
Configures a secure Management VLAN by creating an isolated network for
managing the HP Procurve switches that support this feature. This includes
the HP Procurve Switches 2650 and 6108, Series 4100GL switches, and Series
5300XL switches. Access to this VLAN, and to the switch’s management
functions (Menu, CLI, and web browser interface) is available only through
ports configured as members.
■ Multiple ports on the switch can belong to the Management VLAN. This
allows connections for multiple management stations you want to have
access to the Management VLAN, while at the same time allowing Man-
agement VLAN links between switches configured for the same Manage-
ment VLAN.
■ Only traffic from the Management VLAN can manage the switch, which
means that only the workstations and PCs connected to ports belonging
to the Management VLAN can manage and reconfigure the switch.
Figure 11-20 illustrates use of the Management VLAN feature to support
management access by a group of management workstations.
Figure 11-20. Example of Potential Security Breaches
Links with Ports Belonging to the Management VLAN and other VLANs
Links Between Ports on a Hub and Ports belonging to the Management
VLAN
Links Not Belonging to the Management VLAN
Links to Other Devices
Hub Y
Switch A
Hub X
Switch B
Server
Switch C
Management Workstations
• Switches “A”, “B”, and
“C” are connected by
ports belonging to the
management VLAN.
• Hub “X” is connected
to a switch port that
belongs to the
management VLAN. As
a result, the devices
connected to Hub X are
included in the
management VLAN.
• Other devices
connected to the
switches through ports
that are not in the
management VLAN are
excluded from
management traffic.
!Software.book Page 26 Thursday, October 10, 2002 6:10 PM
To Next Page
Loading...
Need help?
General
