1. Manuals
  2. Brands
  3. LEGRAND Manuals
  4. Switch
  5. Mosaic Manageable switch
  6. Installation and configuration manual

Management Access (Secure Nms) Path - LEGRAND Mosaic Manageable switch Installation And Configuration Manual

Gigabit poe
Hide thumbs
Table of Contents

Advertisement

Manageable Mosaic switch Installation and User Guide

5.1.5 Management Access (Secure NMS) Path

The in-band management path can be secured by limiting the remote access through either user ports,
backbone ports or all ports.
By default, the NMS path is not secured, allowing access from all ports.
To change the Secure NMS Path:
1. From the Embedded web interface main screen, click Management and expand the
Secure NMS Path tab
2. Select the required option from the Path list. The following options are available
User Ports Only – access is allowed only through the user ports (ports 1-4).
Backbone Port(s) Only – access is allowed only through the backbone ports (uplink
ports 1-2).
All Ports – Secure NMS Path option is disabled and access is allowed through all
ports.
NOTE: MGMT VLAN filtering overrules NMS access path.
Figure 5-3 Changing the Secured NMS Path
3. Click Apply.
5.1.6 Securing Management Access via VLAN
Securing management access via VLAN is used to isolate and secure management traffic and avoid
management flooding by irrelevant traffic.
The manageable Mosaic switch enables assigning a dedicated VLAN to the internal management port.
Only frames belonging to that specific VLAN, received from ports belonging to the same VLAN
membership group, can communicate with the management agent.
This type of VLAN configuration provides an additional level of security to the management access.
Assuming the switch operates in 802.1Q VLAN (i.e. the "802.1Q VLAN filtering enable" is checked
(selected), and the "VLAN filtering" is checked (selected) on all the ports) management access will only
be available for the following frames:
VLAN frames, with VID=4095, arriving from the uplink port.
Non-VLAN frames arriving from the uplink port (only if the default VID of the uplink port
is also configured to 4095).
If the frame arrives without a VLAN, and the VLAN filtering of this port is selected, the filtering is
according to the configured default VID of the port (4095 in our example)
Any other frame, whether VLAN (with other VID number) or non-VLAN arriving on ports other than the
uplink port, will be filtered, and will not be forwarded to the management agent.
Response frames, transmitted from the internal management agent to the remote manager, are VLAN
frames with VID=4095.
SUMMARY
Page 60 of 87

Advertisement

Table of Contents
loading

Related Manuals for LEGRAND Mosaic Manageable switch

Related Content for LEGRAND Mosaic Manageable switch

This manual is also suitable for:

Area box distribution switch

Table of Contents