VLAN Configuration Summary

Creating a Secure Management VLAN

By default at startup, there is one VLAN configured on the SecureStack C3 device. It is VLAN ID 1, the DEFAULT VLAN. The default community name, which determines remote access for SNMP management, is set to “public” with read‐write access.

If the SecureStack C3 device is to be configured for multiple VLANs, it may be desirable to configure a management‐only VLAN. This allows a station connected to the management VLAN to manage the device. It also makes management secure by preventing configuration via ports assigned to other VLANs.

To create a secure management VLAN, you must:

Step

Task

Refer to page...

 

 

 

1.

Create a new VLAN.

10-5

 

 

 

2.

Set the PVID for the desired switch port to the VLAN created in Step 1.

10-9

 

 

 

3.

Add the desired switch port to the egress list for the VLAN created in

10-15

 

Step 1.

 

 

 

 

4.

Assign host status to the VLAN.

10-18

 

 

 

5.

Set a private community name and access policy.

8-14

 

 

 

The commands used to create a secure management VLAN are listed in Table 10‐1. This example assumes the management station is attached to ge.1.1 and wants untagged frames.

The process described here would be repeated on every device that is connected in the network to ensure that each device has a secure management VLAN.

Table 10-1 Command Set for Creating a Secure Management VLAN

To do this...

Use these commands...

 

 

Create a new VLAN and confirm settings.

set vlan create 2 (“set vlan” on page 10-5)

 

 

 

(Optional) show vlan 2 (“show vlan” on page 10-3)

 

 

Set the PVID to the new VLAN.

set port vlan ge.1.1 2 (“set port vlan” on page 10-9)

 

 

Add the port to the new VLAN’s egress list.

set vlan egress 2 ge.1.1 untagged (“set vlan egress” on

 

page 10-15)

 

 

Remove the port from the default VLAN’s

clear vlan egress 1 ge.1.1 (“clear vlan egress” on

egress list.

page 10-15)

 

 

Assign host status to the VLAN.

set host vlan 2 (“set host vlan” on page 10-18)

Set a private community name and access policy and confirm settings.

set snmp community private (“set snmp community” on page 8-14)

(Optional) show snmp community (“show snmp community” on page 8-13)

10-2 802.1Q VLAN Configuration

Page 326
Image 326
Enterasys Networks 9034313-07 manual Command Set for Creating a Secure Management Vlan