I inherited a network on a weird internal subnet (100.100.100.x) the gateway (issued by Windows DHCP server) for clients is a firewall and the switch isn't currently used for routing.
I want to achive two things, one setup new subnets 10.12.1.x (clients on vlan 121) 10.12.2.x (production system on vlan 122) and 10.12.3.x (servers on vlan 123) Once I have got one of the subnet andit's vlan up and working with the switch being issued a 10.12.1.254 address and forwards to my firewall (watchguard) which I've also given it's own vlan 99 and subnet an address on the 10.12.99.1 (switch is 10.12.99.254). I can get on the internet and what not.
The second thing I'm trying to do is get the 100.100.100.x subnet co-existing with the 10.12.1.x network so I can start changing pcs and servers over to the 10.12.x.x networks.
Currently the PC I've got set up, I've put on the 100.100.100.1 (default setup is vlan1) and the switch is 100.100.100.5 and the firewall is 100.100.100.254. If I configure my PC to be IP 100.100.100.1/24 and gateway of 100.100.100.254. Network and internet access are fine, However if I cahnge the gateway to be my switch, I can't access local servers. I want a way to tell the switch to route vlan 121 to vlan 1 but when I try I'm told by the switch I'm not allowed to set up a route on the management vlan.
Can anyone help me resolve my routing issue? I want the switch to do all the routing in the future and remove the 100.100.100.x subnet.
Model: GS752TPSB|ProSafe 52 ports gigabit stackable smart switch with PoE
If you wanted to have the 2 VLANs to communicate with each other, then you might need to enable routing on those VLANs. As they are working on 2 different subnets. May I know the model number of your switch? You can also enable routing on your firewall.
I was on holiday for the last week, so I've just got back today, My switch is a NETGEAR GS752TPSB
When I try to tell the netgear to route VLAN 121 to VLAN 1 I get a message.... that I'm not allowed to set up a route on the management vlan. So I tried to change the management VLAN to 100, and set all ports to be untagged on vlan 100 and now I can't manage my switchthrought http OR through the SmartCenter I've a feeling I should have set it to tag vlan 100 rather than untagged, or configured a port with a PVID of 100.
I don't suppose you can suggest a fix to this other than a factory reset and restoring the latest backup of my settings.
Changing the management VLAN will definitely result to unaccessible UI if it is not properly configured. Management VLAN pertains to the VLAN where you can only access the admin page. If you change the Management VLAN to 100, then you can only access the admin page if the computer that you are using is under VLAN 100. Routing is not supported on the switch that you have. You may need to do the routing from your firewall and not from the switch. You may reset the switch to factory default in order to access the admin page again.
I've got that sorted, I'm now a the stage where I have the following setup. I want my Netgear stack to be my router, not my firewall. And I want to separate equipment out on to different subnets and VLANs and have all the 10.12 subnets and the 100.100.100.x co-existing. Once the migration of equipment to the new subnets is complete (this may take several weeks). I will remove the 100.100.100.x subnet.
VLAN 1 - 100.100.100.x (all equipment currently on this network) Netgear Stack 100.100.100.5 and Firewall 100.100.100.222
VLAN 99 - DMZ (Stack on 10.12.99.254, firewall on 10.12.99.1)
VLAN 100 (Management VLAN)
VLAN 121 - 10.12.1.x - New Subnet and VLAN for PCs and Laptops
VLAN 122 - 10.12.2.x - New Subnet for production equipment.
VLAN 123 - 10.12.3.x - New Subnet for Servers
I am now at the stage where 10.12.x.x subnets can see the 100.100.100.x network and get internet access fine. However, the 100.100.100.x network can't see the 10.12.x.x subnets.
GS752TPSB only supports routing via interface as this switch only works particularly as a Layer 2 switch. I you really wanted to have a fully capable L3 switch, you may need to have a fully managed switch.
