The secure Management VLAN
Multiple ports on the switch can belong to the Management VLAN. This allows connections for multiple management stations to the Management VLAN, while allowing Management VLAN links between switches configured for the same Management VLAN.
Only traffic from the Management VLAN can manage the switch, which means that only the workstations and PCs connected to ports belonging to the Management VLAN can manage and reconfigure the switch.
Potential security breaches in a network
This illustrates use of the Management VLAN feature to support management access by a group of management workstations.
Management VLAN control in a LAN
Workstation 1 has management access to all three switches through the Management VLAN, while the PCs do not. This is because configuring a switch to recognize a Management VLAN automatically excludes attempts to send management traffic from any other VLAN.
Switch |
A1 |
A3 |
A6 |
A7 |
B2 |
B4 |
B5 |
B9 |
C2 |
C3 |
C6 |
C8 |
---|---|---|---|---|---|---|---|---|---|---|---|---|
Management VLAN (VID = 7) |
Y |
N |
N |
Y |
Y |
Y |
N |
N |
Y |
N |
N |
N |
Marketing VLAN (VID = 12) |
N |
N |
N |
N |
N |
N |
N |
N |
N |
Y |
Y |
Y |
Shipping Dept. VLAN (VID = 20) |
N |
Y |
Y |
N |
N |
N |
N |
N |
N |
N |
N |
N |
DEFAULT-VLAN (VID = 1) |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |
Y |