Hi,
I hope somebody can quickly answer my question as I don’t want to risk locking myself out the switch at the moment and I could not find the answer in the documentation or the forum. If I am using “Allow from Ports” to restrict the access to certain ports and “Allow from VLAN” at the same time, is this an or combination or an and one.
Example to make my question clear:
set “Allow from ports” to only ports 1,2,3 and 4 and “Allow from VLAN” to 127
Is management access granted from port 5 with VLAN ID 127?
Is management access granted from port 1 with VLAN ID 10?
It’s an AND. So your option 4 is the correct answer. Also note that if you have VLAN selected, it must be tagged traffic entering the switch - can’t be untagged that is set to become tagged in the switch. I know that because I got caught with that one recently. Fortunately I had a trunk port allowed that had the required VLAN (actually the normal way to manage that switch).
Thanks a lot. I feared it would be an AND. Now I need to figure out how to realize my emergency management access through the last ethernet port. Most probably by using an old Netgear switch to get the VLAN ID on the packets.
Don’t require the VLAN. Set the IP so that the only place that IP is found is on the trunk (or the emergency management port). ACL might also be able to limit access for you (never played with it).
Also keep in mind that if you have assigned a VLAN to the “Allow From VLAN” setting and you want the Switch obtaining an IP from some DHCP-Server, that server needs to be in the same VLAN.