VLAN Configuration Command Set
Creating a Secure Management VLAN
Matrix E1 Series (1G58x-09 and 1H582-xx) Configuration Guide 7-41
7.3.7 Creating a Secu re Management VLANIf the Matrix E1 is to be configured for multiple VLANs, it may be desirable to configure a
management-only VLAN. This allows a station connected to the management VLAN to manage
all ports on the device. It also makes management secure by preventing configuration via ports
assigned to other VLANs.
To create a secure management VLAN, you must:
1. Create and name a new VLAN. (Section 7.3.2)
2. Set the new VLAN as the host VLAN. (Section 7.3.6)
3. Set a private community name and access policy. (Section 5.2.2.8).
The commands needed to create a secure management VLAN are listed in Table 7-4 and described
in the associated section as shown.
.
NOTES: By default at device startup, there is one VLAN configured on the Matrix E1. It
is vlan-id 1, the default VLAN. The default community name, which determines remote
access for SNMP management, is set to “public” with Read-Write access.
Table 7-4 Command Set for Creating a Secure Management VLAN
To do this... Use these commands...
Create and name a new VLAN and
confirm settings. set vlan (Section 7.3.2.1)
set vlan name (Section 7.3.2.2)
(Optional) show vlan (Section 7.3.1.1)
Set the new VLAN as the host VLAN,
confirm settings, and add user ports. set port vlan host (Section 7.3.6.2)
(Optional) show host vlan (Section 7.3.6.1)
Set a private community name and access
policy and confirm settings. set community (Section 5.2.2.8)
(Optional) show community (Section 5.2.2.7)
NOTE: This process would be repeated on every device that is connected in the
network to ensure that each device has a secure management VLAN. When configuring
multiple devices, vlan-names can be different, but the management vlan-id number
must be the same on each device. This is because the management vlan-id is included
in each packet.