NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
ProSafe Switches (JGS524E + GS116E): Configuring Management Web GUI into specific VLAN
Hi, I am using a JGS524E and a GS116E. Both are connected via a 802.1Q uplink with all defined VLANs in it. An additional 802.1Q interfaces goes to a pfsense firewall, which acts as router and d...
Hi,
thanks. I tried it out, but the behaviour seems to be a little bit different:
I configured a static IP for the switch (10.1.0.13 / 24). I have access to the switch web gui via this host ip address from a directly connected host (connected via a trunk port, where I have put VLAN 1 on the trunk), but it's all the same, which VLAN I am using:
When connected to VLAN 1 I have access, but also via VLAN 10, VLAN 20, and so on (assumed, I have configure my computer staticly into the appropriate IP network, e.g. 10.1.0.20 / 24). So it seems not to be restricted only to VLAN 1. You have access from every vlan, only the IP configuration have to be in the same network.
I am unsure, how it behaves when cascading the two switches, I haven't tried it out.
May this information be helpful for other users with the same question regarding this switch product line.
For me this behaviour is not very well implemented from my point of view. For security reasons you should limit any management access, e.g. by allowing access only from a specific hardware port or vlan. With the actual implementation a centralised management for a cascaded topology is not easy to configure, maybe because the behaviour is not very clear and not documented in the manuals.
Mentioned on the edge: there is no TLS/SSL encryption available when accessing the web gui (no https). So the password is transmitted as cleartext... not a very good idea I think.
Thanks a lot for your help,
best regards
markusd112
Hello!
DaneA schrieb:Kindly answer the questions below:
a. How is everything connected? It would be best to post a screenshot or image of your detailed network setup.
b. Is the port connected from the switch(es) to the pfsense firewall set as tagged ports?
c. Are the PVIDs set properly on the switch(es)?
d. Is the pfsense firewall a VLAN-aware device?
e. What is the current firmware version of both JGS524E and GS116E?
I try to answer the questions as best as I can ;-)
a) As I wrote: two switches, connected to each other via a tagged ports with all VLANs on it, so I can access all VLANs from both switches. Some ports of the switches are configured as untagged ports into one of the VLANs, some are configured as tagged ports. All that works fine.
b) Yes, the pfsense is connected via a tagged port
c) What means "properly" for you? For what are the PVIDs? The interaction of the PVID-setting of a port in conjunction with the VLAN-Port setting ("U", "T" or "Nothing") is not really clear for me.
d) Yes, the pfsens is a VLAN aware device and it works fine.
e) I am using the actual firmware version available on the netgear site (2.0.1.26)
Everything works fine, except the thing I wrote in my initial thread: I have created a management VLAN with VLAN-id 255 where I have put in some WLAN access points with their management interface, that works fine.
It would be nice, to put the admin interfaces of the two netgear switches into this VLAN as well, but I don't know how to configure this.
Under System --> Management --> Switch information I am not able to configure any VLAN settings for the management interface....
Thanks,
markusd112
Hi markusd112,
I'm afraid to inform you that there is no option to change the management VLAN on both JGS524Ev2 and GS116Ev2. Both JGS524Ev2 and GS116Ev2 belong to the NETGEAR ProSAFE Plus Switch series.
On NETGEAR Smart Switches like the GS110TP, there is an option where you can change the management VLAN. Refer to the image below:
Regards,
DaneA
NETGEAR Community Team
Hi,
thanks, that's not a positive information :-(
How can I identify the products in your product catalogue and data sheets, which are able to handle a management VLAN? I cannot find any information about this...
Is there any possibility to control the behaviour of the management of my JGS524E and GS116E switches? What can I do to put it in a predictable IP network and how can I access the management GUI in such a topology as I am using it?
In the moment such a behaviour doesn't make much sense for me....
Thanks a lot,
Markus
Hi markusd112,
About the switch models wherein you can set the management VLAN, click here then browse on Fully Managed Switches and Smart Managed Switches.
I'm afraid that its not possible to control the behaviour of the management VLAN of both JGS524Ev2 and GS116Ev2 switches.
Regards,
DaneA
NETGEAR Community Team
Hi,
thanks, I have now ordered a GS724T and a GS108T-200GES.
Sorry for asking again: I simply want to understand which concept is behind the Web Managed Plus Switch series:
One simple example: you have a GS116E and want to divide your PCs into 3 network segments: VLAN 10, 20 and 30.
You configure ports 1-5 into VLAN 10 (untagged), 6-10 into VLAN 20 (untagged) and 11-16 into VLAN 30 (untagged).
You want to use the IP network address 10.x.0.0 / 24 in each VLAN: 10.10.0.0 /24 for VLAN 10, 10.20.0.0 / 24 for VLAN 20 and 10.30.0.0 / 24 for VLAN 30
In each VLAN you connect a dhcp server which serves the clients with host addresses out of the IP address scope above.
Which management IP address wil the GS116E get, when I configure it to get management IP via dhcp? On which of the 16 ports I have to connect my PC to have access to the management GUI?
Thanks,
markusd112
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
