GS308E changing Management VLAN

These switches offer exactly the functionality described by the IEEE 802.3 standards, the 300 Series Plus Gigabit Ethernet Switches, User Manual Gigabit Ethernet Plus Switches Models GS105Ev2 GS105PE GS108Ev3 GS108PEv3 GS116Ev2 GS305E GS308E JGS516PE JGS524Ev2 JGS524PE, or the NETGEAR 5-Port and 8-Port Gigabit Ethernet Smart Managed Plus SOHO Switch Model GS305E and GS308E Installation Guide 

You can always deploy as many GS308E in a network with trunked connections as you desire, keep the management on the untagged network on the trunk, while operate as many tagged VLANs as the system specs allow. The same applies to all Netgear Plus Managed Network Switches 

Anything else does come from pure educational, university, or other theoretical studies. A tagged network on a trunk is neither more secure or private than an untagged network.  For many deployments and customers, the plus switches are an absolute reasonable product.

If you have concerns that untrained or bad players can connect whatever system to what makes up your network "backhaul" giving physical access to any VLAN in the trunk, you need to work on the physical security.

---

Retired_Member wrote:

we bought a lot of them without knowing about this.

All the documentation is readily available. If a need for a tagged exclusive management VLAN is a requirement (for whatever reason or interoperability eg. with an existing network). before buying large number of devices, set-up a test environment on a smaller amount of devices would be a common advise.

You acquired and probably already deployed web configurable unmanaged core switches at the per-port cost of an unmanaged switch, expect business class features. For just a few bucks more for the switch, Netgear offers the Smart Managed Switches and the Smart Cloud Managed Switches with management VLAN implementation as per your books.

---

Retired_Member wrote:

Where can I report this?

This is not a missing feature, this is a serious security flaw and needs to be reported - where can I do this?

---

Of course it's a missing feature. Netgear does know about the limitations, so do the community members here. What do you expect now?

You still owe us the effective security flaw you are so keen for reporting. There are a few possible ones which can be "designed" by the unaware admin or network engineer over-spanning the scope of this simple design, e.g. by implementing multi VLAN networks, especially when other networks are exposed as untagged access ports.  However, this isn't what these switches are intended for.

As a community member, i can just point to my initial reply from a few days ago https://community.netgear.com/t5/Plus-and-Smart-Switches-Forum/GS308E-changing-Management-VLAN/m-p/2272244/highlight/true#M21733 - this would avoid similar discussions in the future.