The secure Management VLAN

Configuring a secure Management VLAN creates an isolated network for managing the switches that support this feature. Access to a secure Management VLAN and the switch's management functions, is available only through ports configured as members.
  • Multiple ports on the switch can belong to the Management VLAN. This allows connections for multiple management stations to the Management VLAN, while allowing Management VLAN links between switches configured for the same Management VLAN.

  • Only traffic from the Management VLAN can manage the switch, which means that only the workstations and PCs connected to ports belonging to the Management VLAN can manage and reconfigure the switch.

Potential security breaches in a network

This illustrates use of the Management VLAN feature to support management access by a group of management workstations.

Management VLAN control in a LAN

Workstation 1 has management access to all three switches through the Management VLAN, while the PCs do not. This is because configuring a switch to recognize a Management VLAN automatically excludes attempts to send management traffic from any other VLAN.

Table 5: VLAN membership in Management VLAN control in a LAN

Switch

A1

A3

A6

A7

B2

B4

B5

B9

C2

C3

C6

C8

Management VLAN (VID = 7)

Y

N

N

Y

Y

Y

N

N

Y

N

N

N

Marketing VLAN (VID = 12)

N

N

N

N

N

N

N

N

N

Y

Y

Y

Shipping Dept. VLAN (VID = 20)

N

Y

Y

N

N

N

N

N

N

N

N

N

DEFAULT-VLAN (VID = 1)

Y

Y

Y

Y

Y

Y

Y

Y

Y

Y

Y

Y