If you are configuring an Extreme Networks device for multiple VLANs, it may be desirable to configure a management-only VLAN. This allows a station connected to the management VLAN to manage the device. It also makes management secure by preventing configuration through ports assigned to other VLANs.
Secure Management VLAN Configuration provides an example of how to create a secure management VLAN. This example, which sets the new VLAN as VLAN 2, assumes the management station is attached to ge.1.1, and wants untagged frames.The process described in this section would be repeated on every switch device that is connected in the network to ensure that each switch has a secure management VLAN.
.
Step | Task | Command(s) |
---|---|---|
1 | Create a new VLAN. | set vlan create 2 |
2 | Set the PVID for the host port and the desired switch port to the VLAN created in Step 2. | set port vlan host.0.1; ge.1.1 2 |
3 | If not done automatically when executing the previous command, add the host port and desired switch port(s) to the new VLAN‘s egress list. | set vlan egress 2 host.0.1; ge.1.1 2 untagged |
4 | Set a private community name to assign to this VLAN for which you can configure access rights and policies. | set snmp community private |
Note: By default, community name—which determines remote access for SNMP management—is set to public with read-write access. For more information, refer to your device‘s SNMP documentation.
|