The secure Management VLAN

Configuring a secure Management VLAN creates an isolated network for managing the switches that support this feature. Access to a secure Management VLAN and the switch's management functions is available only through ports configured as members.
  • Multiple ports on the switch can belong to the Management VLAN. This allows connections for multiple management stations to the Management VLAN, while allowing Management VLAN links between switches configured for the same Management VLAN.

  • Only traffic from the Management VLAN can manage the switch, which means that only the workstations and PCs connected to ports belonging to the Management VLAN can manage and reconfigure the switch.

Potential security breaches in a network

This illustrates use of the Management VLAN feature to support management access by a group of management workstations.

Management VLAN control in a LAN

In this example, Workstation 1 has management access to all three switches through the Management VLAN, while the PCs do not. This is because configuring a switch to recognize a Management VLAN automatically excludes attempts to send management traffic from any other VLAN.

VLAN membership in Management VLAN control in a LAN
Switch A1 A3 A6 A7 B2 B4 B5 B9 C2 C3 C6 C8
Management VLAN (VID = 7) Y N N Y Y Y N N Y N N N
Marketing VLAN (VID = 12) N N N N N N N N N Y Y Y
Shipping Dept. VLAN (VID = 20) N Y Y N N N N N N N N N
DEFAULT-VLAN (VID = 1) Y Y Y Y Y Y Y Y Y Y Y Y

See Configuring a secure Management VLAN (CLI) for configuration details.