NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Netgear GS308EP
I'm having the same issue as decribed in: https://community.netgear.com/t5/Insight-Managed-Smart-Cloud/Can-t-reach-GUI-on-GS308E-over-VLAN-trunk-port/td-p/2291953 But what's puzzling to me is....
When the same is not the same,,, Appears fellow BrianL was responding correctly to the thread referred.
Most of these Plus switches like the GS308EP are built on unmanaged cores with tiny uC added to implement the NSDP Protocol (for the legacy Prosafe Plus Configuration Utility - don't worry, the config options are disabled by default due to a non-mitigatable risk in this L2 protocol, only the discovery feature remains active) and the basic IP stack with the http-only Web-UI to configure some of the control bits on the switch.
The uC IP stack does not support tagged, but only untagged IP frames but it does support IP subnetting and (if I'm not wrong) handles the default gateway correct [this is why you see the ACL controls for IP addresses and subnet masks], however does lack of the Path MTU Discovery (PMTUD) [this does deny using e.g. any VPNs or the like, as the uC IP stack does only deal with the complete default Ethernet MTU].
I hope this gives you some of the bigger picture of what you got here with these inexpensive switches..
Regrds,
-Kurt.
PS. I'll request a moderator moving this thread to the appropriate Plus And Smart Switches Forum to discuss Smart Switches (T) and Plus Switches (E), including Local and Remote Management
Makes sense to some degree (new to VLANs), so apologies if my follow-up questions make no sense.
I'm connecting the Netgear to a Fortigate router with configure VLANS: 100, 20, 30, and 33. I've reconfigured the netgear management interface to use IP 10.0.100.2 (VLAN 100 on Fortigate), and then I set port 1 as the TRUNK port (so that all Fortigate VLAN traffic flows to Switch with tagged VLANs). Sounds like I should leave PORT #1 alone, and instead use another port for TRUNK? And "maybe" the management IP should not be in a VLAN??
Goal is to be able to manage the switch remotely from other subnets/computers on my home network.
Thanks again for your time.
Another thought...maybe my issue is having placed the Mgmt IP on a VLAN at all?
Perhaps having the Management IP be a part of the Fortigate (non-VLAN) subnet would allow me to reach the Management interface after trunking port #1 and connecting Fortigate port to port1 on netgear??
As the GS308EP admin interface does not care about VLANs you can define any access-port on a Fortigate port, and use the appropriate IP subnet (or DHCP) for the intended admin subnet.
Okay. I have things working just fine. I made the assumption that the connection to the Fortigate must be a TRUNK configured one (for all VLAN and untagged traffic to flow to Netgear (which doesn't appear to be the case).
So to have the netgear switch in it's own subnet (NON-VLAN), yet protected via Fortinet firewalls, I created a general subnet on the Fortinet (same LAN port) for housing managed network devices. Reserving the IPs for the Netgear MAC addresses, correctly set the Management GUI/IP address for accessibility from anywhere that routes to the managed network device subnet on FortiGate.
Also, devices connected to ports on the netgear switch don't have access to the management GUI excepting where Fortigate is setup to route to the dedicated management network. I plan to also use Access control on netgear for extra measure.
Thanks all.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
