This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
Re: ProSafe Switches (JGS524E + GS116E): Configuring Management Web GUI into specific VLAN
Hi,
thanks. I tried it out, but the behaviour seems to be a little bit different:
I configured a static IP for the switch (10.1.0.13 / 24). I have access to the switch web gui via this host ip address from a directly connected host (connected via a trunk port, where I have put VLAN 1 on the trunk), but it's all the same, which VLAN I am using:
When connected to VLAN 1 I have access, but also via VLAN 10, VLAN 20, and so on (assumed, I have configure my computer staticly into the appropriate IP network, e.g. 10.1.0.20 / 24). So it seems not to be restricted only to VLAN 1. You have access from every vlan, only the IP configuration have to be in the same network.
I am unsure, how it behaves when cascading the two switches, I haven't tried it out.
May this information be helpful for other users with the same question regarding this switch product line.
For me this behaviour is not very well implemented from my point of view. For security reasons you should limit any management access, e.g. by allowing access only from a specific hardware port or vlan. With the actual implementation a centralised management for a cascaded topology is not easy to configure, maybe because the behaviour is not very clear and not documented in the manuals.
Mentioned on the edge: there is no TLS/SSL encryption available when accessing the web gui (no https). So the password is transmitted as cleartext... not a very good idea I think.
Re: ProSafe Switches (JGS524E + GS116E): Configuring Management Web GUI into specific VLAN
Hello!
DaneA schrieb:
Kindly answer the questions below:
a. How is everything connected? It would be best to post a screenshot or image of your detailed network setup.
b. Is the port connected from the switch(es) to the pfsense firewall set as tagged ports?
c. Are the PVIDs set properly on the switch(es)?
d. Is the pfsense firewall a VLAN-aware device?
e. What is the current firmware version of both JGS524E and GS116E?
I try to answer the questions as best as I can 😉
a) As I wrote: two switches, connected to each other via a tagged ports with all VLANs on it, so I can access all VLANs from both switches. Some ports of the switches are configured as untagged ports into one of the VLANs, some are configured as tagged ports. All that works fine.
b) Yes, the pfsense is connected via a tagged port
c) What means "properly" for you? For what are the PVIDs? The interaction of the PVID-setting of a port in conjunction with the VLAN-Port setting ("U", "T" or "Nothing") is not really clear for me.
d) Yes, the pfsens is a VLAN aware device and it works fine.
e) I am using the actual firmware version available on the netgear site (2.0.1.26)
Everything works fine, except the thing I wrote in my initial thread: I have created a management VLAN with VLAN-id 255 where I have put in some WLAN access points with their management interface, that works fine.
It would be nice, to put the admin interfaces of the two netgear switches into this VLAN as well, but I don't know how to configure this.
Under System --> Management --> Switch information I am not able to configure any VLAN settings for the management interface....
Re: ProSafe Switches (JGS524E + GS116E): Configuring Management Web GUI into specific VLAN
Hi markusd112,
I'm afraid to inform you that there is no option to change the management VLAN on both JGS524Ev2 and GS116Ev2. Both JGS524Ev2 and GS116Ev2 belong to the NETGEAR ProSAFE Plus Switch series.
On NETGEAR Smart Switches like the GS110TP, there is an option where you can change the management VLAN. Refer to the image below:
Re: ProSafe Switches (JGS524E + GS116E): Configuring Management Web GUI into specific VLAN
Hi,
thanks, that's not a positive information 😞
How can I identify the products in your product catalogue and data sheets, which are able to handle a management VLAN? I cannot find any information about this...
Is there any possibility to control the behaviour of the management of my JGS524E and GS116E switches? What can I do to put it in a predictable IP network and how can I access the management GUI in such a topology as I am using it?
In the moment such a behaviour doesn't make much sense for me....
Re: ProSafe Switches (JGS524E + GS116E): Configuring Management Web GUI into specific VLAN
Hi,
thanks, I have now ordered a GS724T and a GS108T-200GES.
Sorry for asking again: I simply want to understand which concept is behind the Web Managed Plus Switch series:
One simple example: you have a GS116E and want to divide your PCs into 3 network segments: VLAN 10, 20 and 30.
You configure ports 1-5 into VLAN 10 (untagged), 6-10 into VLAN 20 (untagged) and 11-16 into VLAN 30 (untagged).
You want to use the IP network address 10.x.0.0 / 24 in each VLAN: 10.10.0.0 /24 for VLAN 10, 10.20.0.0 / 24 for VLAN 20 and 10.30.0.0 / 24 for VLAN 30
In each VLAN you connect a dhcp server which serves the clients with host addresses out of the IP address scope above.
Which management IP address wil the GS116E get, when I configure it to get management IP via dhcp? On which of the 16 ports I have to connect my PC to have access to the management GUI?
Re: ProSafe Switches (JGS524E + GS116E): Configuring Management Web GUI into specific VLAN
Hi markusd112,
If I will be the one to manage the GS116Ev2 switch given the configuration you have indicated, I will set a static IP address on the GS116Ev2 switch that is different from the IP range of all VLANs for security purposes and I will set only one port for management purposes that is on VLAN 1. This is just my own practice and I think its much better this way. 🙂
Re: ProSafe Switches (JGS524E + GS116E): Configuring Management Web GUI into specific VLAN
Hi,
so the management there is always handled via VLAN 1?
If I would connect my two switches via a trunk port containing VLAN 1 and configure both switches staticlly into my management IP net, I could reach both web guis via VLAN 1?
And the two management IP addresses aren't reachable from VLAN 10, 20 and 30?
Re: ProSafe Switches (JGS524E + GS116E): Configuring Management Web GUI into specific VLAN
Hi markusd112,
By default, the management VLAN is VLAN 1 and cannot be modified.
You should be able to access both switches given that their static IP addresses should be in the same range. The trunk port(s) should be set as tagged port (T) with a PVID of 1.
The management IP addresses are not reachable from other VLANs since its on a different IP range. For example, the management IP address of both switches will be on the 192.168.9.x range while other VLANs are on the 10.0.0.x range.
Re: ProSafe Switches (JGS524E + GS116E): Configuring Management Web GUI into specific VLAN
Hi,
thanks. I tried it out, but the behaviour seems to be a little bit different:
I configured a static IP for the switch (10.1.0.13 / 24). I have access to the switch web gui via this host ip address from a directly connected host (connected via a trunk port, where I have put VLAN 1 on the trunk), but it's all the same, which VLAN I am using:
When connected to VLAN 1 I have access, but also via VLAN 10, VLAN 20, and so on (assumed, I have configure my computer staticly into the appropriate IP network, e.g. 10.1.0.20 / 24). So it seems not to be restricted only to VLAN 1. You have access from every vlan, only the IP configuration have to be in the same network.
I am unsure, how it behaves when cascading the two switches, I haven't tried it out.
May this information be helpful for other users with the same question regarding this switch product line.
For me this behaviour is not very well implemented from my point of view. For security reasons you should limit any management access, e.g. by allowing access only from a specific hardware port or vlan. With the actual implementation a centralised management for a cascaded topology is not easy to configure, maybe because the behaviour is not very clear and not documented in the manuals.
Mentioned on the edge: there is no TLS/SSL encryption available when accessing the web gui (no https). So the password is transmitted as cleartext... not a very good idea I think.
Re: ProSafe Switches (JGS524E + GS116E): Configuring Management Web GUI into specific VLAN
Hi markusd112,
You're welcome. 🙂 Thanks for sharing your thoughts and your experience.
If ever your concern has been addressed, I encourage you to mark the appropriate reply as the “Accepted Solution” so others can be confident in benefiting from the solution. The NETGEAR Community looks forward to hearing from you and being a helpful resource in the future!
