NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

hacesoft's avatar
hacesoft
Tutor
Jul 25, 2021
Solved

GS724T - access profile from another VLAM / network

Good day, what should I set up to have access to the switch configuration from another VLAN / other network, specifically I want to access the switch via VPN. I have a VPN configured and I can see ...
  • hacesoft's avatar
    hacesoft
    Aug 06, 2021

    Good day,

    after a long search for a solution to why the switch cannot be managed across VLANs or VPNs, I found an error in the IPv4 Network Interface Configuration settings in the Default Gateway field.

    I set the right address and divse the world, it's already working :).

schumaku's avatar
schumaku
Guru - Experienced User
Jul 25, 2021

First isolate the management VLAN at almost every cost, and then connect things together again... Can't deny I'm always a little bit smiling when reading such requests.

 

Assume your "normal" VPN reachable subnet is the work network. If you want to make the management VLAN reachable from the VPN, the management VPN must be integrated in some routing design. But wait - it won't be easy to detect each VPN, and you would have to add some IP firewall rules allowing the access only from the VPN, but not from the work subnet. Of course, this also requires configuring the VPN to include the route to the management VLAN, and the router back from the management VLAN to the VPN. If not - re-think if you really need to isolate the switch management....

 

A possible alternate approach would be to allow some kind of remote access to that management PC by having an additional interface on the work network. Now you can use remote desktop or the like to reach the management PC, and don't need to expose the management VLAN and subnet.

 

 

hacesoft's avatar
hacesoft
Tutor
Jul 25, 2021

Good day,

I have a total of 5 VLANs in my home network. I have the appropriate ACL rules set for them on the switch. Each VLAN has its rights. Only one VLAN (vlan20) has access to all other VLANs. And I want VLAN20 to be accessible via VPN for remote home network messaging. Everything works for me. Cameras on VLAN70 + DVR for cameras, firewall on VLAN5, etc. Only the switch resists. I don't know how to access the configuration from any other VLAN ... VPN is an extra bonus.

I then want to access the network configuration via VPN.

 

Using a PC as a remote desktop VLAN access is unusable. That PC is turned on sometimes ...

  • schumaku's avatar
    schumaku
    Guru - Experienced User
    Jul 25, 2021

    So make the VLAN 20 IP subnet available from the only VLAN/subnet the VPN does have access to, and put up some ACLs according to the IP addresses only the VPN is using (if possible, and not a nicely bridged-in network). Everything just plain basic IPv4 routing, isn't it?

    • hacesoft's avatar
      hacesoft
      Tutor
      Jul 25, 2021

      I think I do.

      At 192.168.20.150 I have a door control device. I have access to it via VPN, but there is also a switch with the address 192.168.20.10 on the same VLAN and I do not have access to it.

      • schumaku's avatar
        schumaku
        Guru - Experienced User
        Jul 26, 2021
        hacesoft wrote:

        At 192.168.20.150 I have a door control device. I have access to it via VPN, but there is also a switch with the address 192.168.20.10 on the same VLAN and I do not have access to it.

        The route back to the VPN from the switch management intrface is correct and workable?

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More