× NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Orbi WiFi 7 RBE973

FS728TPv2 unable to access web interface over VPN (Firmware 5.02.48)

LordRob
Aspirant

FS728TPv2 unable to access web interface over VPN (Firmware 5.02.48)

 

FS728TPv2 issue2.pngI can not access the web GUI or ping to the ip-address of the switch from my voice network although it is all in the same subnet. If I connect a laptop to the switch I am able to get on the web GUI. The set up is in the picture. The VPN is a client-server sstp tunnel. The server is at the far end at the VoIP-server. The configuration is in the attachment

I can ping from my routerboard the devices on port 1-24 that are in VLAN100, but I can not ping the ip-address of the switch. 

The switch will be installed in a remote location and therefor I prefer remote access. I have read 2 other items from last year. Switch was set to factory default before the latest firmware was uploaded en flow control is enabled. What do I need to change to be able to access the switch remotely?

 

The config is:

0x4e470x010x00FS728TPv2 5.0.2.48 0x000000000x00000000000000
! The line above is the NSDP Text Configuration header. DO NOT EDIT THIS HEADER
!Current Configuration:
!
!System Description "FS728TPv2"
!System Software Version "5.0.2.48"
!System Up Time "0 days 0 hrs 45 mins 59 secs"
!Additional Packages FASTPATH QOS
!Current SNTP Synchronized Time: Not Synchronized
!
network protocol none
network parms 172.18.2.10 255.255.255.0 172.18.2.254
vlan database
vlan 100
vlan name 100 "PCV"
erxit
configure
snmp-server sysname "xxxxxxxxxxxxxxx"
snmp-server location "xxxxxxx"
snmp-server contact "xxxxxxxxx"
!
clock source SNTP
clock timezone 'UTC' 1
sntp client mode unicast
ip name server 172.17.0.100
users passwd "admin" encrypted 0a51d780be1a0240b8cc7c69fe0479dbf07644e1094b25fb43ebe2fa72f649e4
authentication login "defaultList" local
lineconfig
exit
storm-control flowcontrol
spanning-tree
spanning-tree configuration name "B0-39-56-7B-26-1A"
spanning-tree forceversion 802.1d
no port-channel linktrap 3/1
no port-channel linktrap 3/2
no port-channel linktrap 3/3
no port-channel linktrap 3/4
no port-channel linktrap 3/5
no port-channel linktrap 3/6
no port-channel linktrap 3/7
no port-channel linktrap 3/8
no voip status
voip oui 00:01:E3 desc SIEMENS
voip oui 00:03:6B desc CISCO1
voip oui 00:12:43 desc CISCO2
voip oui 00:0F:E2 desc H3C
voip oui 00:60:B9 desc NITSUKO
voip oui 00:D0:1E desc PINTEL
voip oui 00:E0:75 desc VERILINK
voip oui 00:E0:BB desc 3COM
voip oui 00:04:0D desc AVAYA1
voip oui 00:1B:4F desc AVAYA2
interface 0/1
vlan participation include 100
vlan tagging 100
exit
interface 0/2
vlan participation include 100
vlan tagging 100
exit
interface 0/3
vlan participation include 100
vlan tagging 100
exit
interface 0/4
vlan participation include 100
vlan tagging 100
exit
interface 0/5
vlan participation include 100
vlan tagging 100
exit
interface 0/6
vlan participation include 100
vlan tagging 100
exit
interface 0/7
vlan participation include 100
vlan tagging 100
exit
interface 0/8
vlan participation include 100
vlan tagging 100
exit
interface 0/9
vlan participation include 100
vlan tagging 100
exit
interface 0/10
vlan participation include 100
vlan tagging 100
exit
interface 0/11
vlan participation include 100
vlan tagging 100
exit
interface 0/12
vlan participation include 100
vlan tagging 100
exit
interface 0/13
vlan participation include 100
vlan tagging 100
exit
interface 0/14
vlan participation include 100
vlan tagging 100
exit
interface 0/15
vlan participation include 100
vlan tagging 100
exit
interface 0/16
vlan participation include 100
vlan tagging 100
exit
interface 0/17
vlan participation include 100
vlan tagging 100
exit
interface 0/18
vlan participation include 100
vlan tagging 100
exit
interface 0/19
vlan participation include 100
vlan tagging 100
exit
interface 0/20
vlan participation include 100
vlan tagging 100
exit
interface 0/21
vlan participation include 100
vlan tagging 100
exit
interface 0/22
vlan participation include 100
vlan tagging 100
exit
interface 0/23
vlan participation include 100
vlan tagging 100
exit
interface 0/24
vlan participation include 100
vlan tagging 100
exit
interface 0/25
exit
interface 0/26
vlan participation auto 1
exit
interface 0/27
vlan participation auto 1
exit
interface 0/28
vlan pvid 100
vlan participation auto 1
vlan participation include 100
exit
interface 3/1
no snmp trap link-status
vlan participation auto 1
lacp collector max-delay 0
exit
interface 3/2
no snmp trap link-status
vlan participation auto 1
lacp collector max-delay 0
exit
interface 3/3
no snmp trap link-status
vlan participation auto 1
lacp collector max-delay 0
exit
interface 3/4
no snmp trap link-status
vlan participation auto 1
lacp collector max-delay 0
exit
interface 3/5
no snmp trap link-status
vlan participation auto 1
lacp collector max-delay 0
exit
interface 3/6
no snmp trap link-status
vlan participation auto 1
lacp collector max-delay 0
exit
interface 3/7
no snmp trap link-status
vlan participation auto 1
lacp collector max-delay 0
exit
interface 3/8
no snmp trap link-status
vlan participation auto 1
lacp collector max-delay 0
exit
exit

 

 

Message 1 of 8

Accepted Solutions
Hopchen
Prodigy

Re: FS728TPv2 unable to access web interface over VPN (Firmware 5.02.48)

Hi again,

 

Okay, so it seems that settings are OK from a VPN perspective.

 

The issue is that your switch has no Internet access via the management interface. This is a VLAN problem. You are running two VLANs here: 1 and 100. The problem is that your uplink port must trunk both VLANs to the router. Your current port 28 only allows VLAN 100, so that is why VLAN 1 (management VLAN) can't reach the Internet. However, in order for you to trunk (carry) multiple VLANs from the switch to the router, it requires a VLAN aware router. Is your VPN router VLAN aware? Else this is probably not going to work 🙂 

 

But, there are work-arounds. You could just change the management VLAN of the switch, to VLAN 100 and put it in the same subnet as the VoIP devices. Then it should be work fine accessing it over the VPN. This is likely the easiest for you if you are unfamiliar with VLANs and routing of VLANs! You just need to remember to connect to VLAN 100 if you then want to access the switch GUI locally, on-site.

 

 

Thanks

View solution in original post

Message 6 of 8

All Replies
Hopchen
Prodigy

Re: FS728TPv2 unable to access web interface over VPN (Firmware 5.02.48)

Hi @LordRob

 

From what you explain it sounds like you are using the same subnet on each side of the VPN? If your remote VPN network and the local network has the same IP subnet, then you will not be able to communicate between them 🙂 If you are using VPN, you must to ensure that each side has a unique private subnet. It works for the VLAN 100 machines, as they are likely in a different subnet?

 

The switch itself is in network: 172.18.2.0 /24. What is the subnet of your remote VPN network?

 

Cheers

Message 2 of 8
LordRob
Aspirant

Re: FS728TPv2 unable to access web interface over VPN (Firmware 5.02.48)

Hi,

 

The network is different on both sites. The switch is in 172.18.2.0/24. The other site of the network is in 172.17.0.0/16. VoIP devices that are connected with the switch can be pinged.

Message 3 of 8
Hopchen
Prodigy

Re: FS728TPv2 unable to access web interface over VPN (Firmware 5.02.48)

Hi again,

 

Okay that is good. Is the VPN configured to also allow subnet 172.18.2.0/24 to talk to subnet 172.17.0.0/16? If so, then that should be OK. However, we are sure that the switch itself has an OK Internet connection?

 

Go to "Maintenance" > "Troubleshooting" > try to ping 8.8.8.8. Does it work? It is of course imperative that the switch management interface itself has Internet connection, else it will never be able to respond to VPN traffic from the remote site. I can see that the switch has a gateway of 172.18.2.254. The switch is definitely able to communicate with that gateway for Internet access?

 


Cheers

Message 4 of 8
LordRob
Aspirant

Re: FS728TPv2 unable to access web interface over VPN (Firmware 5.02.48)

I belive that my last post did not come through. In the VPN router there are routes defines 172.17.0.0/16 and 172.18.0.0./16. VoIp devices in the subnets 172.18.x.0/24 can talk to each other.

I can not ping to 8.8.8.8 and 172.18.2.254.

It is something in the VLAN configuration. If I connect my VPN-router to port 23 in stead off port 28 (untagged VLAN100) I get to the web GUI of the switch.

Message 5 of 8
Hopchen
Prodigy

Re: FS728TPv2 unable to access web interface over VPN (Firmware 5.02.48)

Hi again,

 

Okay, so it seems that settings are OK from a VPN perspective.

 

The issue is that your switch has no Internet access via the management interface. This is a VLAN problem. You are running two VLANs here: 1 and 100. The problem is that your uplink port must trunk both VLANs to the router. Your current port 28 only allows VLAN 100, so that is why VLAN 1 (management VLAN) can't reach the Internet. However, in order for you to trunk (carry) multiple VLANs from the switch to the router, it requires a VLAN aware router. Is your VPN router VLAN aware? Else this is probably not going to work 🙂 

 

But, there are work-arounds. You could just change the management VLAN of the switch, to VLAN 100 and put it in the same subnet as the VoIP devices. Then it should be work fine accessing it over the VPN. This is likely the easiest for you if you are unfamiliar with VLANs and routing of VLANs! You just need to remember to connect to VLAN 100 if you then want to access the switch GUI locally, on-site.

 

 

Thanks

Message 6 of 8
LordRob
Aspirant

Re: FS728TPv2 unable to access web interface over VPN (Firmware 5.02.48)

Thx for your advise. I chosed the work around and now it is working. The issue can be closed.

Message 7 of 8
Hopchen
Prodigy

Re: FS728TPv2 unable to access web interface over VPN (Firmware 5.02.48)

No problem. Glad to hear you got it sorted 🙂

Message 8 of 8
Top Contributors
Discussion stats
  • 7 replies
  • 3665 views
  • 0 kudos
  • 2 in conversation
Announcements