NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
GS724T - access profile from another VLAM / network
Good day,
what should I set up to have access to the switch configuration from another VLAN / other network, specifically I want to access the switch via VPN. I have a VPN configured and I can see all devices except the switch. I have a switch management PC on the same VLAN as the switch access. So far, I'm missing what to set up to manage the switch from the 10.69.9.2 network, which is VPN access. The management PC has the address 192.168.20.20 and the switch has the IP address 192.168.20.10. Even if I deactivate the ACCESS PROFILE CONFIGURATION profiles, I also do not have access to the switch via the HTTP web interface.
You can guide me what to set where it works ....
Thank you in advance for any information that will help me with the setup.
Good day,
after a long search for a solution to why the switch cannot be managed across VLANs or VPNs, I found an error in the IPv4 Network Interface Configuration settings in the Default Gateway field.
I set the right address and divse the world, it's already working :).
12 Replies
First isolate the management VLAN at almost every cost, and then connect things together again... Can't deny I'm always a little bit smiling when reading such requests.
Assume your "normal" VPN reachable subnet is the work network. If you want to make the management VLAN reachable from the VPN, the management VPN must be integrated in some routing design. But wait - it won't be easy to detect each VPN, and you would have to add some IP firewall rules allowing the access only from the VPN, but not from the work subnet. Of course, this also requires configuring the VPN to include the route to the management VLAN, and the router back from the management VLAN to the VPN. If not - re-think if you really need to isolate the switch management....
A possible alternate approach would be to allow some kind of remote access to that management PC by having an additional interface on the work network. Now you can use remote desktop or the like to reach the management PC, and don't need to expose the management VLAN and subnet.
Good day,
I have a total of 5 VLANs in my home network. I have the appropriate ACL rules set for them on the switch. Each VLAN has its rights. Only one VLAN (vlan20) has access to all other VLANs. And I want VLAN20 to be accessible via VPN for remote home network messaging. Everything works for me. Cameras on VLAN70 + DVR for cameras, firewall on VLAN5, etc. Only the switch resists. I don't know how to access the configuration from any other VLAN ... VPN is an extra bonus.
I then want to access the network configuration via VPN.
Using a PC as a remote desktop VLAN access is unusable. That PC is turned on sometimes ...
So make the VLAN 20 IP subnet available from the only VLAN/subnet the VPN does have access to, and put up some ACLs according to the IP addresses only the VPN is using (if possible, and not a nicely bridged-in network). Everything just plain basic IPv4 routing, isn't it?
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
