NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
GS308EPP new firmware 2.0.0.11 bug?
Hi all,
I updated my firmware from 2.0.0.5 to 2.0.0.11 on 2 of 4 switches. On both switches i can not acces the web ui, And the switch is not responding on ping....
Anyone else having the...
I have 4 switches connected to each other. All ports are using vlan and trunk ports.
Hello Chris,
First tell us a little bit more about your network. Understand you have a series of VLANs, all different from VLAN VID 1. And all are connected over direct Ethernet links, acting as a trunk. With each VLAN configured [T]agged.
If i put a port to pvid1 i can access the management webui. However i do not use this (Pvid1) i use different pvid config.
This makes the computer you are connecting (without a special VLAN config) assigning all frames -from- the connected device to the VLAN 1 on your network:
Is the same port also configured to participate in the VLAN 1?
Can you reach all switches over this VLAN 1, or do you have to repeat this on each switch?And since the intro of 2.0.0.11 on the GS308EPP/GS308EP (or 2.0.0.10 on GS305EPP/GS305EP) - introducing a Management VLAN - you can no longer ping or reach these nice switches anymore. What system or router had delivered the IP config before? On which VLAN did this happen?
Before the update, these switches were connected "flat" direct to a (V)LAN like a mobile phone on the Wi-Fi, connecting to a certain SSID. I assume there is no specially configured multi-SSID and VLAN capable wireless access point, where the SSID would be associated to a certain VLAN - the uplink from the AP does make up a trunk with tagged VLAN(s). When you use a wireless device (like a PC), you usually got an IP address. Does this IP and subnet come from your ISP router, or from a security appliance, a bigger, more complex multi VLAN and multi-subnet capable device?
This subnet - likely operated on one of your VLANs - is what you use as your Management Network!
All you have to do now is define that specific Management VLAN VID on the switch in the Advanced Dot1Q config. Now the switch(es) Management interface is yon the VLAN you desire, and no longer on the VLAN with the VID 1.
If everything is working after that, remove the ports where you had temporarely defined the PVID 1 from the VLAN 1.
You still have not answered my question if the field for the Management VLAN is empty (probably causing the problem!), or if there was a number configured.
Happy Saturday!
-Kurt
Hi Schumaku,
Maybe you can help me with this one. I have my network setup like this. I have 4 switches connected to each other. All ports are using vlan and trunk ports.
When i configure the switches to pvid 1 on the trunk ports i still can not access the switches over my network. Only when i plug in a network cable directly to this port with my laptop.
What should i change so this is accasible for my network?
I have 4 switches connected to each other. All ports are using vlan and trunk ports.
Hello Chris,
First tell us a little bit more about your network. Understand you have a series of VLANs, all different from VLAN VID 1. And all are connected over direct Ethernet links, acting as a trunk. With each VLAN configured [T]agged.
If i put a port to pvid1 i can access the management webui. However i do not use this (Pvid1) i use different pvid config.
This makes the computer you are connecting (without a special VLAN config) assigning all frames -from- the connected device to the VLAN 1 on your network:
Is the same port also configured to participate in the VLAN 1?
Can you reach all switches over this VLAN 1, or do you have to repeat this on each switch?
And since the intro of 2.0.0.11 on the GS308EPP/GS308EP (or 2.0.0.10 on GS305EPP/GS305EP) - introducing a Management VLAN - you can no longer ping or reach these nice switches anymore. What system or router had delivered the IP config before? On which VLAN did this happen?
Before the update, these switches were connected "flat" direct to a (V)LAN like a mobile phone on the Wi-Fi, connecting to a certain SSID. I assume there is no specially configured multi-SSID and VLAN capable wireless access point, where the SSID would be associated to a certain VLAN - the uplink from the AP does make up a trunk with tagged VLAN(s). When you use a wireless device (like a PC), you usually got an IP address. Does this IP and subnet come from your ISP router, or from a security appliance, a bigger, more complex multi VLAN and multi-subnet capable device?
This subnet - likely operated on one of your VLANs - is what you use as your Management Network!
All you have to do now is define that specific Management VLAN VID on the switch in the Advanced Dot1Q config. Now the switch(es) Management interface is yon the VLAN you desire, and no longer on the VLAN with the VID 1.
If everything is working after that, remove the ports where you had temporarely defined the PVID 1 from the VLAN 1.
You still have not answered my question if the field for the Management VLAN is empty (probably causing the problem!), or if there was a number configured.
Happy Saturday!
-Kurt
The switch has a static ip adress.
Which VLAN does this static IP belong to?
This is the VLAN you configure on the switch as the Management VLAN!
hmmm this is vlan20 (my lan network)
If i change this to vlan20 i cant access the switch. I dont understand why they changed this...
In the earlier firmware you can not choose the management interface i believe..... so i did not configured this.
Thank you for your input. Its simple i was locking myself out.
The thing i did was in my vlan that i am using changin 1 port pvid to 1. Upgrade the firmware en connect again to the switch with that specific port. The i change the vlan managent interface from 1 to the vlan i am using.
Now al is working as it should!
hmmm this is vlan20 (my lan network)
If i change this to vlan20 i cant access the switchI understand this post was done more than one hour before my solution suggested was accepted. Replying anyway...
I dont understand why they changed this...
These switches are now allowing perfect VLAN based segregation, including he Management VLAN. This is a major step forward!
In the earlier firmware you can not choose the management interface i believe..... so i did not configured this.
The initial legacy design(s) were a big mess, inheriting various risks. It allowed a random user on any of the VLANs - to use an IP address ways out of the VLAN and IP Subnet scope - and the gain access to the switch management. The only "security" was based on the security by obscurity princip, hoping an intruder or attacker can't figure out the administration IPv4 address.
This historic design mistake - coming from the times where some clever engineers invented the functionality on tiny Microcontrollers - all that was was resolved by this 2.0.0 10/.11 update for the GS108EP/EPP and GS308EP/EPP models.
Odd: Netgear has not chosen a major or at least sub-major version change.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
