NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
markusd112
Jun 05, 2016Aspirant
ProSafe Switches (JGS524E + GS116E): Configuring Management Web GUI into specific VLAN
Hi, I am using a JGS524E and a GS116E. Both are connected via a 802.1Q uplink with all defined VLANs in it. An additional 802.1Q interfaces goes to a pfsense firewall, which acts as router and d...
- Jun 07, 2016
Hi,
thanks. I tried it out, but the behaviour seems to be a little bit different:
I configured a static IP for the switch (10.1.0.13 / 24). I have access to the switch web gui via this host ip address from a directly connected host (connected via a trunk port, where I have put VLAN 1 on the trunk), but it's all the same, which VLAN I am using:
When connected to VLAN 1 I have access, but also via VLAN 10, VLAN 20, and so on (assumed, I have configure my computer staticly into the appropriate IP network, e.g. 10.1.0.20 / 24). So it seems not to be restricted only to VLAN 1. You have access from every vlan, only the IP configuration have to be in the same network.
I am unsure, how it behaves when cascading the two switches, I haven't tried it out.
May this information be helpful for other users with the same question regarding this switch product line.
For me this behaviour is not very well implemented from my point of view. For security reasons you should limit any management access, e.g. by allowing access only from a specific hardware port or vlan. With the actual implementation a centralised management for a cascaded topology is not easy to configure, maybe because the behaviour is not very clear and not documented in the manuals.
Mentioned on the edge: there is no TLS/SSL encryption available when accessing the web gui (no https). So the password is transmitted as cleartext... not a very good idea I think.
Thanks a lot for your help,
best regards
markusd112
DaneA
Jun 06, 2016NETGEAR Employee Retired
Hi markusd112,
By default, the management VLAN is VLAN 1 and cannot be modified.
You should be able to access both switches given that their static IP addresses should be in the same range. The trunk port(s) should be set as tagged port (T) with a PVID of 1.
The management IP addresses are not reachable from other VLANs since its on a different IP range. For example, the management IP address of both switches will be on the 192.168.9.x range while other VLANs are on the 10.0.0.x range.
Regards,
DaneA
NETGEAR Community Team
markusd112
Jun 07, 2016Aspirant
Hi,
thanks. I tried it out, but the behaviour seems to be a little bit different:
I configured a static IP for the switch (10.1.0.13 / 24). I have access to the switch web gui via this host ip address from a directly connected host (connected via a trunk port, where I have put VLAN 1 on the trunk), but it's all the same, which VLAN I am using:
When connected to VLAN 1 I have access, but also via VLAN 10, VLAN 20, and so on (assumed, I have configure my computer staticly into the appropriate IP network, e.g. 10.1.0.20 / 24). So it seems not to be restricted only to VLAN 1. You have access from every vlan, only the IP configuration have to be in the same network.
I am unsure, how it behaves when cascading the two switches, I haven't tried it out.
May this information be helpful for other users with the same question regarding this switch product line.
For me this behaviour is not very well implemented from my point of view. For security reasons you should limit any management access, e.g. by allowing access only from a specific hardware port or vlan. With the actual implementation a centralised management for a cascaded topology is not easy to configure, maybe because the behaviour is not very clear and not documented in the manuals.
Mentioned on the edge: there is no TLS/SSL encryption available when accessing the web gui (no https). So the password is transmitted as cleartext... not a very good idea I think.
Thanks a lot for your help,
best regards
markusd112
- DaneAJun 07, 2016NETGEAR Employee Retired
Hi markusd112,
You're welcome. :) Thanks for sharing your thoughts and your experience.
If ever your concern has been addressed, I encourage you to mark the appropriate reply as the “Accepted Solution” so others can be confident in benefiting from the solution. The NETGEAR Community looks forward to hearing from you and being a helpful resource in the future!
Regards,
DaneA
NETGEAR Community Team
Related Content
NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!