Quick Reference Guide
PowerConnect B-Series TI24X Configuration Guide 863
53-1002269-02
Restricting remote access to management functions
26
The command in this example configures the device to allow TFTP access only to clients connected
to ports within port-based VLAN 40. Clients connected to ports that are not in VLAN 40 are denied
access.
Syntax: [no] tftp client enable vlan <vlan-id>
Designated VLAN for Telnet management sessions to a Layer 2 Switch
By default, the management IP address you configure on a Layer 2 Switch applies globally to all the
ports on the device. This is true even if you divide the device ports into multiple port-based VLANs.
If you want to restrict the IP management address to a specific port-based VLAN, you can make
that VLAN the designated management VLAN for the device. When you configure a VLAN to be the
designated management VLAN, the management IP address you configure on the device is
associated only with the ports in the designated VLAN. To establish a Telnet management session
with the device, a user must access the device through one of the ports in the designated VLAN.
You also can configure up to five default gateways for the designated VLAN, and associate a metric
with each one. The software uses the gateway with the lowest metric. The other gateways reside in
the configuration but are not used. To use one of the other gateways, modify the configuration so
that the gateway you want to use has the lowest metric.
If more than one gateway has the lowest metric, the gateway that appears first in the running-config
is used.
NOTE
If you have already configured a default gateway globally and you do not configure a gateway in the
VLAN, the software uses the globally configured gateway and gives the gateway a metric value of 1.
To configure a designated management VLAN, enter commands such as the following.
PowerConnect(config)# vlan 10 by port
PowerConnect(config-vlan-10)# untag ethernet 1 to 4
PowerConnect(config-vlan-10)# management-vlan
PowerConnect(config-vlan-10)# default-gateway 10.10.10.1 1
PowerConnect(config-vlan-10)# default-gateway 20.20.20.1 2
These commands configure port-based VLAN 10 to consist of ports 1 – 4 and to be the designated
management VLAN. The last two commands configure default gateways for the VLAN. Since the
10.10.10.1 gateway has a lower metric, the software uses this gateway. The other gateway remains
in the configuration but is not used. You can use the other one by changing the metrics so that the
20.20.20.1 gateway has the lower metric.
Syntax: [no] default-gateway <ip-addr> <metric>
The <ip-addr> parameters specify the IP address of the gateway router.
The <metric> parameter specifies the metric (cost) of the gateway. You can specify a value from 1 –
5. There is no default. The software uses the gateway with the lowest metric.
Device management security
By default, all management access is disabled. Each of the following management access methods
must be specifically enabled as required in your installation:
• SSHv2