Hey, I'm testing a stack of M5300-G3 switches with the 11.x firmware and just cannot get the managment VLAN figured out. It seems that whatever I do the managment VLAN becomes a routing VLAN - which I don't want. What I do have is: a number of other VLANs, both IPv4 and IPV6, all happily routing and switchingDNS, DHCP etc all happy.Alternate CISCO ASA manages the routing between the normal user subnets and my secure management VLANI had this configuration working on firmware 10.x but can't seem to find the magic commands to set an IP address of the device without also setting the management VLAN to a routing VLAN. Thanks in advance,-pete

Hi pbrady, I regret to inform you that the method in the v10.x firmware of having a non-routable management VLAN is no longer available in the v11.x firmware. With regard to this, it would be best to implement Access Control Lists or ACLs to restrict unwanted traffic to/from the management VLAN using the v11.x firmware. Regards, DaneA NETGEAR Community Team

Forum Discussion

pbrady

Aspirant

Oct 25, 2015

Solved

M5300-28G3 Management VLAN Disable Routing

Hey,

I'm testing a stack of M5300-G3 switches with the 11.x firmware and just cannot get the managment VLAN figured out. It seems that whatever I do the managment VLAN becomes a routing VLAN - which I don't want. What I do have is:

a number of other VLANs, both IPv4 and IPV6, all happily routing and switching
DNS, DHCP etc all happy.
Alternate CISCO ASA manages the routing between the normal user subnets and my secure management VLAN

I had this configuration working on firmware 10.x but can't seem to find the magic commands to set an IP address of the device without also setting the management VLAN to a routing VLAN.

Thanks in advance,

-pete

Installation

management

vlan

DaneA
Oct 27, 2015
Hi pbrady,

I regret to inform you that the method in the v10.x firmware of having a non-routable management VLAN is no longer available in the v11.x firmware. With regard to this, it would be best to implement Access Control Lists or ACLs to restrict unwanted traffic to/from the management VLAN using the v11.x firmware.

Regards,

DaneA

NETGEAR Community Team

5 Replies

DaneA
NETGEAR Employee Retired
Oct 27, 2015
Hi pbrady,

I regret to inform you that the method in the v10.x firmware of having a non-routable management VLAN is no longer available in the v11.x firmware. With regard to this, it would be best to implement Access Control Lists or ACLs to restrict unwanted traffic to/from the management VLAN using the v11.x firmware.

Regards,

DaneA

NETGEAR Community Team
- pbrady
  Aspirant
  Oct 27, 2015
  No need to apologise - firmware series changes are a chance for vendors to implement changes. Its just this was not clear from my reading of the V11 documentation.
  
  Is the management VLAN then a full routing VLAN the same as any other VLAN?
  
  If I adjust the routing and ACLs across my network I can use the M5300, with ACLs, as the gateway to my other devices on the secure VLAN?
  
  Thanks in advance,
  -pete
  - DaneA
    NETGEAR Employee Retired
    Oct 28, 2015
    Hi pbrady,
    
    pbrady wrote:
    
    Is the management VLAN then a full routing VLAN the same as any other VLAN?
    
    Yes.
    
    pbrady wrote:
    
    If I adjust the routing and ACLs across my network I can use the M5300, with ACLs, as the gateway to my other devices on the secure VLAN?
    
    The VLAN interface will act as the default gateway for the device in that VLAN.
    
    Regards,
    
    DaneA
    
    NETGEAR Community Team