01-04-2024 12:36 AM
Hello,
I recently acquired an ICX 7250 and am attempting to setup the management vlan but it seems the command isn't available? Here are the steps I took:
According to the documentation there should be a command `management-vlan` that I enter in the vlan config but it isn't listed? I'm not sure what I'm doing wrong; maybe I did something in the wrong order I really misunderstand how this works. I need the ssh and web interfaces to only be accessible via that specific vlan. I'm not very knowledgeable about this stuff yet so I'm probably doing something obviously wrong.
Tab completion:
SSH@switch(config-vlan-1234)#
clear Clear table/statistics/keys
end End Configuration level and go to Privileged
level
ethernet Set ethernet loopback interface
exit Exit current level
loop-detection shut down ports if receiving packets from myself
mac Apply MAC ACL
metro-ring metro ring configuration mode
monitor Monitor Ingress Traffic on this VLAN (Enable
VLAN Mirroring)
multicast IGMP snooping on this VLAN
multicast6 IPv6 MLD snooping on this VLAN
no Undo/disable commands
pvlan Define private vlan type and mapping
quit Exit to User level
remove-tagged-ports remove all tagged ports from VLAN
remove-untagged-ports remove all untagged ports from VLAN
show Show system information
source-guard IP source guard
spanning-tree Set spanning tree for this VLAN
static-mac-address Configure static MAC for this VLAN
tagged 802.1Q tagged port
untagged Port with only untagged frame in/out
vsrp Configure VSRP
vsrp-aware Configure VSRP Aware parameters
webauth Set web authentication
write Write running configuration to flash or terminal
<cr>
Version:
Copyright (c) Ruckus Networks, Inc. All rights reserved.
UNIT 1: compiled on Oct 3 2023 at 04:57:57 labeled as SPR09010h_cd2
(33554432 bytes) from Primary SPR09010h_cd2.bin (UFI)
SW: Version 09.0.10h_cd2T213
Compressed Primary Boot Code size = 786944, Version:10.1.26T215 (spz10126)
Compiled on Tue Nov 29 06:43:15 2022
Solved! Go to Solution.
01-04-2024 01:53 PM - edited 01-04-2024 01:53 PM
Hello @lespea ,
The conpect of management VLAN is not present in the rotuer image of ICX switches. Instead, it could be accessible through any of its configured IP addresseses. Use the command 'show ip interface' to check the configured IPs in the ICX. Management access like SmartZone, SSH, web, Telnet etc. can be restricted individually to specific interfaces, VLANs or specific allowed clients.
Below are more details about restricting access:
https://docs.commscope.com/bundle/fastiron-08095-securityguide/page/GUID-DBD99084-E085-448A-AB87-4E2...
01-04-2024 08:56 AM
Hi Lespea
Thank you for reaching us.
I tried to check for command "management-vlan" in a 7650 switch running TNS09010h_cd2.bin (UFI). This a switch code denoted as "S". I could see the command "management-vlan" in a switch code. You are running a router code "SPR"
Below are the details from Lab switch:
ICX7650_test(config)#vlan 1
ICX7650_test(config-vlan-1)#man
management-vlan Dedicate this vlan for management purpose
ICX7650_test(config-vlan-1)#management-vlan
If the switch is new you can follow the below steps and check. Make sure save your configuration using "show run"
Before you follow the below steps.
Once you boot from switch code check if you can execute "management-vlan" command.
I hope the above details help
Thanks
01-04-2024 08:58 AM
Is there no way to set the management vlan on the router image?
01-04-2024 01:53 PM - edited 01-04-2024 01:53 PM
Hello @lespea ,
The conpect of management VLAN is not present in the rotuer image of ICX switches. Instead, it could be accessible through any of its configured IP addresseses. Use the command 'show ip interface' to check the configured IPs in the ICX. Management access like SmartZone, SSH, web, Telnet etc. can be restricted individually to specific interfaces, VLANs or specific allowed clients.
Below are more details about restricting access:
https://docs.commscope.com/bundle/fastiron-08095-securityguide/page/GUID-DBD99084-E085-448A-AB87-4E2...
01-05-2024 01:15 AM
Awesome that will work perfectly, thanks for all the links!