NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
FS728TPv2 unable to access web interface over VPN (Firmware 5.02.48)
I can not access the web GUI or ping to the ip-address of the switch from my voice network although it is all in the same subnet. If I connect a laptop to the switch I am able to get on the we...
Hi again,
Okay, so it seems that settings are OK from a VPN perspective.
The issue is that your switch has no Internet access via the management interface. This is a VLAN problem. You are running two VLANs here: 1 and 100. The problem is that your uplink port must trunk both VLANs to the router. Your current port 28 only allows VLAN 100, so that is why VLAN 1 (management VLAN) can't reach the Internet. However, in order for you to trunk (carry) multiple VLANs from the switch to the router, it requires a VLAN aware router. Is your VPN router VLAN aware? Else this is probably not going to work :)
But, there are work-arounds. You could just change the management VLAN of the switch, to VLAN 100 and put it in the same subnet as the VoIP devices. Then it should be work fine accessing it over the VPN. This is likely the easiest for you if you are unfamiliar with VLANs and routing of VLANs! You just need to remember to connect to VLAN 100 if you then want to access the switch GUI locally, on-site.
Thanks
Hi LordRob
From what you explain it sounds like you are using the same subnet on each side of the VPN? If your remote VPN network and the local network has the same IP subnet, then you will not be able to communicate between them :) If you are using VPN, you must to ensure that each side has a unique private subnet. It works for the VLAN 100 machines, as they are likely in a different subnet?
The switch itself is in network: 172.18.2.0 /24. What is the subnet of your remote VPN network?
Cheers
Hi,
The network is different on both sites. The switch is in 172.18.2.0/24. The other site of the network is in 172.17.0.0/16. VoIP devices that are connected with the switch can be pinged.
Hi again,
Okay that is good. Is the VPN configured to also allow subnet 172.18.2.0/24 to talk to subnet 172.17.0.0/16? If so, then that should be OK. However, we are sure that the switch itself has an OK Internet connection?
Go to "Maintenance" > "Troubleshooting" > try to ping 8.8.8.8. Does it work? It is of course imperative that the switch management interface itself has Internet connection, else it will never be able to respond to VPN traffic from the remote site. I can see that the switch has a gateway of 172.18.2.254. The switch is definitely able to communicate with that gateway for Internet access?
CheersI belive that my last post did not come through. In the VPN router there are routes defines 172.17.0.0/16 and 172.18.0.0./16. VoIp devices in the subnets 172.18.x.0/24 can talk to each other.
I can not ping to 8.8.8.8 and 172.18.2.254.
It is something in the VLAN configuration. If I connect my VPN-router to port 23 in stead off port 28 (untagged VLAN100) I get to the web GUI of the switch.
Hi again,
Okay, so it seems that settings are OK from a VPN perspective.
The issue is that your switch has no Internet access via the management interface. This is a VLAN problem. You are running two VLANs here: 1 and 100. The problem is that your uplink port must trunk both VLANs to the router. Your current port 28 only allows VLAN 100, so that is why VLAN 1 (management VLAN) can't reach the Internet. However, in order for you to trunk (carry) multiple VLANs from the switch to the router, it requires a VLAN aware router. Is your VPN router VLAN aware? Else this is probably not going to work :)
But, there are work-arounds. You could just change the management VLAN of the switch, to VLAN 100 and put it in the same subnet as the VoIP devices. Then it should be work fine accessing it over the VPN. This is likely the easiest for you if you are unfamiliar with VLANs and routing of VLANs! You just need to remember to connect to VLAN 100 if you then want to access the switch GUI locally, on-site.
Thanks
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
