    Posted 12-15-2020 06:17 PM
    I'm currently looking at purchasing several Instant On 1930 switches to replace some older Dell and HP switches.

    I had been looking at he HP 1920S series (we have a couple deployed), but it looks like those are basically end-of-life.  The closest, modern replacement I could find seems to be the Instant On 1930 series.
    Is this correct?

    We'd likely be using the switches in local mode, and not use the cloud features.  One of our requirements is to have multi-factor authentication enabled for management.  On our existing switches, we do this with ACLs to limit management to a single host, then protect that host with a multi-factor layer.

    On the HP 1920S line, you're able to configure a specific management VLAN, then assign a single port to be a member of that VLAN.  Then only that physical port can access the web GUI, for example.

    On the HP 1920 line, I believe any VLAN interface IP can be used as a management IP, so you were stuck using an ACL to restrict web management access to specific IPs, for example.  You can't segregate a single port as the only management port.

    Can anyone confirm whether the Aruba Instant On 1930 line would let me effectively designate a single physical port as the management port, preventing any other port from accessing the web management GUI?  Again, we'd be using local management, not cloud management.

    The configuration guide has a reference to a Management VLAN option similar to the 1920S documentation, but it's not as detailed as in the 1920S documentation.  From what I can tell, I should be able to leave VLAN 1 as-is, set the management VLAN to VLAN 1, then exclude all but one port from membership in VLAN 1.
    Am I correct?

    Would the port that's still on VLAN 1 also be able to be a member of other VLANs on the switch?