NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

markusd112's avatar
markusd112
Aspirant
Jun 05, 2016
Solved

ProSafe Switches (JGS524E + GS116E): Configuring Management Web GUI into specific VLAN

Hi,

I am using a JGS524E and a GS116E. Both are connected via a 802.1Q uplink with all defined VLANs in it.

 

An additional 802.1Q interfaces goes to a pfsense firewall, which acts as router and dhcp server for every VLAN I am using.

 

How can I configure the switches to connect itselft into a specific VLAN and get's its IP-address from the dhcp server in this VLAN?

 

In the moment it seems to be a random access: it is not predictable from which ip range it takes its IP configuration via dhcp...

 

How is the management function working internally?

 

Thanks,

 

markus

Installation
  • markusd112's avatar
    markusd112
    Jun 07, 2016

    Hi,

     

    thanks. I tried it out, but the behaviour seems to be a little bit different:

     

    I configured a static IP for the switch (10.1.0.13 / 24). I have access to the switch web gui via this host ip address from a directly connected host (connected via a trunk port, where I have put VLAN 1 on the trunk), but it's all the same, which VLAN I am using:

     

    When connected to VLAN 1 I have access, but also via VLAN 10, VLAN 20, and so on (assumed, I have configure my computer staticly into the appropriate IP network, e.g. 10.1.0.20 / 24). So it seems not to be restricted only to VLAN 1. You have access from every vlan, only the IP configuration have to be in the same network.

     

    I am unsure, how it behaves when cascading the two switches, I haven't tried it out.

     

    May this information be helpful for other users with the same question regarding this switch product line.

     

    For me this behaviour is not very well implemented from my point of view. For security reasons you should limit any management access, e.g. by allowing access only from a specific hardware port or vlan. With the actual implementation a centralised management for a cascaded topology is not easy to configure, maybe because the behaviour is not very clear and not documented in the manuals.

    Mentioned on the edge: there is no TLS/SSL encryption available when accessing the web gui (no https). So the password is transmitted as cleartext... not a very good idea I think.

     

    Thanks a lot for your help,

     

    best regards

     

    markusd112

11 Replies

  • DaneA's avatar
    DaneA
    NETGEAR Employee Retired
    Jun 05, 2016

    Hi Markus d,

     

    Welcome to the community! :) 

     

    Kindly answer the questions below:

     

    a. How is everything connected?  It would be best to post a screenshot or image of your detailed network setup.

    b. Is the port connected from the switch(es) to the pfsense firewall set as tagged ports? 

    c. Are the PVIDs set properly on the switch(es)?

    d. Is the pfsense firewall a VLAN-aware device?

    e. What is the current firmware version of both JGS524E and GS116E? 

     

    I look forward to your response.

     

     

    Regards,

     

    DaneA

    NETGEAR Community Team

    • markusd112's avatar
      markusd112
      Aspirant
      Jun 05, 2016


      Hello!

      DaneA schrieb:

      Kindly answer the questions below:

       

      a. How is everything connected?  It would be best to post a screenshot or image of your detailed network setup.

      b. Is the port connected from the switch(es) to the pfsense firewall set as tagged ports? 

      c. Are the PVIDs set properly on the switch(es)?

      d. Is the pfsense firewall a VLAN-aware device?

      e. What is the current firmware version of both JGS524E and GS116E? 

      I try to answer the questions as best as I can ;-)

       

      a) As I wrote: two switches, connected to each other via a tagged ports with all VLANs on it, so I can access all VLANs from both switches. Some ports of the switches are configured as untagged ports into one of the VLANs, some are configured as tagged ports. All that works fine.

       

      b)  Yes, the pfsense is connected via a tagged port

       

      c) What means "properly" for you? For what are the PVIDs? The interaction of the PVID-setting of a port in conjunction with the VLAN-Port setting ("U", "T" or "Nothing") is not really clear for me.

       

      d) Yes, the pfsens is a VLAN aware device and it works fine.

       

      e) I am using the actual firmware version available on the netgear site (2.0.1.26)

       

      Everything works fine, except the thing I wrote in my initial thread: I have created a management VLAN with VLAN-id 255 where I have put in some WLAN access points with their management interface, that works fine.

      It would be nice, to put the admin interfaces of the two netgear switches into this VLAN as well, but I don't know how to configure this.

      Under System --> Management --> Switch information  I am not able to configure any VLAN settings for the management interface....

       

      Thanks,

      markusd112

      • DaneA's avatar
        DaneA
        NETGEAR Employee Retired
        Jun 06, 2016

        Hi markusd112,

         

        I'm afraid to inform you that there is no option to change the management VLAN on both JGS524Ev2  and GS116Ev2.  Both JGS524Ev2  and GS116Ev2 belong to the NETGEAR ProSAFE Plus Switch series.

         

        On NETGEAR Smart Switches like the GS110TP, there is an option where you can change the management VLAN.  Refer to the image below:

         

         

         

         

        Regards,

         

        DaneA
        NETGEAR Community Team

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More