NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
AX4200 Management VLAN, Static IP incompatible?
I have a few AX4200s at home. They are configured to use 3 different static IPs for their management interface. I'm running 3 explicit vlans - 1001 for management, 1002 and 1003 for different classes of wifi. To avoid confusion, nothing is set to accept untagged traffic on my trunked lines.
This is all mostly working. Note though that moving to static management IPs was probably the last configuration change that I made.
Now, when I try to make any changes to on the networking management page, I get an interstitial error: "Current IPv4 setting is set as Static, not allow user to Enable Management VLAN". I guess it thinks that I'm trying to change the management VLAN (even though it is already running on VLAN 1001, and I'm not actually trying to change that), and therefore some "safety" check means it doesn't want me to have a static IP set.
Has anybody else seen this? Any thoughts on a work-around? Presumably, I can go back to dhcp, but static means that I don't need to go search through leases to admin wifi, or set up static leases, and it otherwise seems tidier to leave dhcp out of it.
9 Replies
Just adding a VLAN capable switch won't magically make your consumer-routers with NAT (isolating the WAN IP from the internal LAN and IP subnetworks). Each of these routers requires it's own subnet (this is what you might be able to implement on a Plus or Smart switch). Sure, you can configure three ports on such a switch for associating each router LAN with an VLAN. and implement trunk ports to connect the WAX220, allowing dedicated SSIDs for each of these VLANs. For simplicity, I suggest to keep the primary VLAN (the LAN you have on your primary router) as an untagged VLAN, also what should serve the management (V)LAN in the future.
Which of the three routers should serve the management VLAN in the future?
Sure, if you are so desperate to run everything tagged, feel free.... However, without a VLAN-capable Plus or Smart Switch, you can't achieve what you have in mind anyway.
I use 2 SSIDs for different classes of wifi traffic, and all 3 APs annouce both SSIDs.
I'm using these as APs, not routers. I'm not even sure they can route, except for the guest network functionality, which I don't use. Note that these are WAX220 devices, not RAX43 or something like that. I guess I should have focused on the unambiguous model number, rather than the first model number.
Specifically, I expect them to only have an IP on the management VLAN, and to act as bridges between each SSID and the correct (non-management) VLAN. AFAIK, this is what they are all doing. I've seen no evidence of the APs themselves taking IPs on vlans 1002 or 1003.
They are indeed all plugged into a managed switch (MS510TXUP in particular), but for the purposes of the question, it could be unmanaged - my router is set up to deal with a trunked line, managing a subnet on each VLAN.
BGalehouse wrote:
I use 2 SSIDs for different classes of wifi traffic, and all 3 APs annouce both SSIDs.
This reads like a good plan.
BGalehouse wrote:
I'm using these as APs, not routers. I'm not even sure they can route, except for the guest network functionality, which I don't use. Note that these are WAX220 devices, not RAX43 or something like that. I guess I should have focused on the unambiguous model number, rather than the first model number.
Probably I had a reply to a different thread in my head when answering before
BGalehouse wrote:
Specifically, I expect them to only have an IP on the management VLAN, and to act as bridges between each SSID and the correct (non-management) VLAN. AFAIK, this is what they are all doing. I've seen no evidence of the APs themselves taking IPs on vlans 1002 or 1003.
Wait a moment. An access point is a bridge connecting a wireless network identified by an SSID. It's the wireless client connecting to the SSID, where your router is taking care of each subnet, over the trunk.
BGalehouse wrote:
They are indeed all plugged into a managed switch (MS510TXUP in particular), but for the purposes of the question, it could be unmanaged - my router is set up to deal with a trunked line, managing a subnet on each VLAN.
No way, this isn't enough, You must configure the VLANs on the MS510TXUP, define trunk ports for the VLANs for the link to your router, and for the link to your WAX220. And the WAX220 must be configured to map each SSID desired to a VLAN.
If done properly, your wireless clients on each SSID will get IP configs assigned accordingly.
BGalehouse wrote:
Now, when I try to make any changes to on the networking management page, I get an interstitial error: "Current IPv4 setting is set as Static, not allow user to Enable Management VLAN". I guess it thinks that I'm trying to change the management VLAN (even though it is already running on VLAN 1001, and I'm not actually trying to change that), and therefore some "safety" check means it doesn't want me to have a static IP set.
Not convinced these WAX2xx allow defining a management VLAN -and- a static LAN IP for the management.
Said that, I strongly doubt your management VLAN is already on the VLAN you expect it to be. Strongly suggest to double check your unknown magic router does correctly assign DHCP addresses in the appropriate VLAN subnet. Before moving the WAX220 management VLAN to a tagged network, first you need to configure the trunks on your switch (for both the router uplinks as well as for the WAX220. Start with an untagged management VLAN to avoid more confusion!- Configure an access port (resp. a port untagged, but assigned to the management VLAN, and set the PVID on the switch to the same VLAN) for the management VLAN. Now double check the DHCP server does assign an IP config for the management VLAN and IP subnet. If it's correct, change the switch port to tagged for the management VLAN, and change the WAX220 config to use the management VLAN. If you desire, look if it's possible to change the WAX220 LAN IP to a static IP now. But not before!
Note: All my WAX operating on VLANs are using DHCP with MAC-IP address pairs reserved - I try to avoid putting fixed LAN IPs where not required. Thus I never had the idea to put up a static LAN IP on a WAX2xx configured for a tagged management VLAN.
Regards,
-Kurt.
schumaku wrote:Not convinced these WAX2xx allow defining a management VLAN -and- a static LAN IP for the management.
Said that, I strongly doubt your management VLAN is already on the VLAN you expect it to be. Strongly suggest to double check your unknown magic router does correctly assign DHCP addresses in the appropriate VLAN subnet.
WAX220 let me set it up that way - first changing the VLAN, then to a static IP. But this put it in a state where I cannot make more wireless changes. So I guess it is effectively unsupported/broken by design. As I said though, I'll revert the static IP setting, at least from the APs viewpoint and that will probable work around it.
I'm quite certain at this point that the router is doing the right thing. Previously I used a Mikrotik with this VLAN structure, now I use an Arch box. In both cases you set up a virtual interface for each VLAN and go from there with a dhcp pool configuration for each and so on and so forth.
If you believe the router port config is correct, change the VLAN config to the tagged management port (and set the WAX220 to DHCP) - not connect the WAX20 direct to the router. Nothing that stops you from this test. Now time to configure the switch correct to use the tagged VLAN trunks.
The switch message was very clear: "Current IPv4 setting is set as Static, not allow user to Enable Management VLAN". Isn't it? So return to DHCP, re-activate the management VLAN, ... No short cuts supported. The price for deploying Business Essentials line models I guess.
Have managed to configure the VLAN trunks required on the switch accordingly in the meantime?
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
