cancel
Showing results for 
Search instead for 
Did you mean: 

Can't assign management vlan?

lespea
New Contributor II

Hello,

I recently acquired an ICX 7250 and am attempting to setup the management vlan but it seems the command isn't available?  Here are the steps I took:

  1. Updated to the latest router version (9.0.10h_cd2)
  2. Did a factory reset
  3. Created VLAN
  4. Assigned vlan ip (via the ve)
  5. Tried making the vlan a management vlan while in the vlan config

According to the documentation there should be a command `management-vlan` that I enter in the vlan config but it isn't listed?  I'm not sure what I'm doing wrong; maybe I did something in the wrong order I really misunderstand how this works.  I need the ssh and web interfaces to only be accessible via that specific vlan. I'm not very knowledgeable about this stuff yet so I'm probably doing something obviously wrong.

Tab completion:

SSH@switch(config-vlan-1234)#
  clear                         Clear table/statistics/keys
  end                           End Configuration level and go to Privileged
                                level
  ethernet                      Set ethernet loopback interface
  exit                          Exit current level
  loop-detection                shut down ports if receiving packets from myself
  mac                           Apply MAC ACL
  metro-ring                    metro ring configuration mode
  monitor                       Monitor Ingress Traffic on this VLAN (Enable
                                VLAN Mirroring)
  multicast                     IGMP snooping on this VLAN
  multicast6                    IPv6 MLD snooping on this VLAN
  no                            Undo/disable commands
  pvlan                         Define private vlan type and mapping
  quit                          Exit to User level
  remove-tagged-ports           remove all tagged ports from VLAN
  remove-untagged-ports         remove all untagged ports from VLAN
  show                          Show system information
  source-guard                  IP source guard
  spanning-tree                 Set spanning tree for this VLAN
  static-mac-address            Configure static MAC for this VLAN
  tagged                        802.1Q tagged port
  untagged                      Port with only untagged frame in/out
  vsrp                          Configure VSRP
  vsrp-aware                    Configure VSRP Aware parameters
  webauth                       Set web authentication
  write                         Write running configuration to flash or terminal
  <cr>

 Version:

  Copyright (c) Ruckus Networks, Inc. All rights reserved.
    UNIT 1: compiled on Oct  3 2023 at 04:57:57 labeled as SPR09010h_cd2
      (33554432 bytes) from Primary SPR09010h_cd2.bin (UFI)
        SW: Version 09.0.10h_cd2T213 
      Compressed Primary Boot Code size = 786944, Version:10.1.26T215 (spz10126)
       Compiled on Tue Nov 29 06:43:15 2022

 

1 ACCEPTED SOLUTION

Hello @lespea ,

 

The conpect of management VLAN is not present in the rotuer image of ICX switches. Instead, it could be accessible through any of its configured IP addresseses. Use the command 'show ip interface' to check the configured IPs in the ICX. Management access like SmartZone, SSH, web, Telnet etc. can be restricted individually to specific interfaces, VLANs or specific allowed clients.

Below are more details about restricting access:
https://docs.commscope.com/bundle/fastiron-08095-securityguide/page/GUID-DBD99084-E085-448A-AB87-4E2...

https://docs.commscope.com/bundle/fastiron-08095-securityguide/page/GUID-C5005CC1-30AB-42B4-B991-A99...

https://docs.commscope.com/bundle/fastiron-08095-securityguide/page/GUID-6E5CB508-D556-4FDB-9594-D4E...

https://docs.commscope.com/bundle/fastiron-09010-commandref/page/GUID-086C381B-CB6C-466E-A5B7-0569AF...

https://docs.ruckuswireless.com/fastiron/08.0.60/fastiron-08060-l3guide/GUID-B5B5D58A-721F-499D-9858...

 

With regards,
--
Orlando Elias
Technical Support

View solution in original post

4 REPLIES 4