NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Siju
Jun 14, 2022Aspirant
GS108e: Management UI accessible directly from VLAN without going to router (firewall)
 I have a configuration of a Router and Netgear switches as shown in the picture below. I have added firewall rules and expect the VLAN-40 configured NOT to access the default/native VLAN (VLAN-1) in ...
- Jun 14, 2022Not a bug, this is part of the simplified design of these Web configurable switches: There is no management VLAN feature, the tiny microcontroller does listen on all the frames, regardless of the VLAN tag. Some of these switch models allow to limit the IP access to the admin Web UI only. Note: These are by far not Managed Switches, these are so called Plus switches, simple non-managed cores with very basic Web config options, covered within the Plus And Smart Switches Forum 
Siju
Jun 14, 2022Aspirant
Thanks for the quick reply. These are considered business switches and I find it a bit surprising that there is no easy way to block this access. I find the only way for me is to return this switch and I would appreciate if Netgear makes this clear in the product pages. Anybody configuring VLANs are doing this to isolate the network. If the management UI can be hacked they can just change the configuration and my isolation will be over. I find this a deal breaking limitation of these "plus" switches.
Note: I'm not sure if you work for Netgear and I'm just making my opinion about this situation and not about your answer, which confirms what I assumed
schumaku
Jun 14, 2022Guru - Experienced User
Not a Netgear rep at all, just a user.
The VLANs on these switches work as expected - the exception is the lack of a management VLAN (in absence of a managed core [some newer/bigger Pro "E" model switches are built on managed cores and have a true managed core, allowing strict management VLAN isolation, too.
- SijuJun 14, 2022AspirantThanks, but I do not see it as an issue with management vlan or management core. The switch could just stop doing inter-vlan routing (VLAN-40 to VLAN-1 in my example) and the issue is solved. Let me configure in my firewall what is allowed or not allowed. At least if Netgear give that option to turn it off (on by default in factory setting) and with a warning to users that this could lock them out of the switch and the only way to again access it is to reset the switch. - schumakuJun 14, 2022Guru - Experienced Userit's -not- a question of inter-VLAN switching. The point is that the management microcontroller does listen to complete data stream on all VLANs, not only for the Web UI, also for example for other features like the IGMP Multicast sniffing. again: The switches in question have a very low level L2/L3 IP-Stack with the Web UI pulse few more services in place on that named Micro Controller in place. If you expect bullet-proof management VLAN, look for a Smart managed pro GSxxxTxx/MSxxxTxxx/XSxxxTxxx model instead. 
 
Related Content
NETGEAR Academy
 
 Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 
Join Us!
