Unsolved
This post is more than 5 years old
1 Message
0
4478
strange behaviour whith VLAN 1
I just got a new 3024 switch.
I'm experiencing a strange behavior with my administrative VLAN 1.
I set up my switch this way:
- The switch's network configuration is 192.168.1.1/255.255.255.0
- I applied the VLAN 1 on ports 25 and 26 (untagged), VLAN 1 is the "default port vlan" for those port.
When I plug my workstation (192.168.1.9) is on ports 25 or 26, i can successfully ping the switch's IP
If i add a new VLAN (VLAN 2) on port 1 (untagged VLAN 2, default port VLAN 2) and then plug my workstation on this port, i'm still able to ping the switch's IP or telnet to the switch, even though the port doesn't belong to the administration VLAN.
Isn't this behavior wrong? Shouldn't the switch only respond if the request comes from a port belonging to the administration VLAN 1? Is the VLAN "leaking"?
Regards
Herve Pinvidic
I'm experiencing a strange behavior with my administrative VLAN 1.
I set up my switch this way:
- The switch's network configuration is 192.168.1.1/255.255.255.0
- I applied the VLAN 1 on ports 25 and 26 (untagged), VLAN 1 is the "default port vlan" for those port.
When I plug my workstation (192.168.1.9) is on ports 25 or 26, i can successfully ping the switch's IP
If i add a new VLAN (VLAN 2) on port 1 (untagged VLAN 2, default port VLAN 2) and then plug my workstation on this port, i'm still able to ping the switch's IP or telnet to the switch, even though the port doesn't belong to the administration VLAN.
Isn't this behavior wrong? Shouldn't the switch only respond if the request comes from a port belonging to the administration VLAN 1? Is the VLAN "leaking"?
Regards
Herve Pinvidic
DELL-GregG
812 Posts
0
December 2nd, 2003 11:00
What you are seeing with the management traffic follows suit with the way VLANs are implemented in the recent firmware for these switches (3024, 3048, and 5012). Any system directly connected to the switch will be able to manage the switch regardless of VLAN membership. This only applies to the management of the switch and should not affect systems on ports that are members of VLAN 1.
Furthermore, if you have another switch connected to this via an 802.1q "trunk", a system on the second switch should not be able to manage this switch unless it is a member of VLAN 1.
If you need to secure the management from systems directly connected to the switch, I would recommend using the IP Filtering option in the System Manager/Security Admin section. Once IP Filtering is enabled, only the addresses listed in the table will be capable of managing the switch. For more information, please see the Addendum to the User's Guide at the link below.
http://premiersupport.dell.com/docs/network/common/en/addendum/9x417bk0.pdf