NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

Shadga's avatar
Shadga
Aspirant
Jun 01, 2022

netgear gs305e vlan, are not actually vlans

I guess this question is somehow often here, but hopefully you will confirm it:

 

My netgear gs305e can acces the web gui on each port. Even if i put vlan on each port with pvid.

 

This thing also gets dhcp through tagged vlans, so you have no way to say in which vlan it should be. Strangely if you set a static ip you kinda can? (Atleast my router is routing it correctly on this vlan).

 

I was trying to setup multiple vlans, and mangament_vlan, but where is point if you can access the switch web interface.

 

My question is now, can on the same devices on different ports access other vlans on the same switch by just changing their ip adress? Or even worse do i create a way to cross jump, even for devices on other switches?

 

What alternative i got? On what technical detail i must look on switches so i can use it for security isolating?

2 Replies

  • schumaku's avatar
    schumaku
    Guru - Experienced User
    Jun 01, 2022

    Scratch the idea of expecting these simple micro-controller equipped plus switches provide a strict management VLAN isolation. the controller is reachable widely, and not limited to the non-exiting management VlAN we know from systems with real managed switch cores. 

     

    The aim of the design is to allow simple configuration access, eg. to define VLANs which are reachable by the defined VLANs, being tagged, or being untagged according to the PVID config. 

     

    i must disagree with your subject - configured VLANs are really VLANs.

     

    Afraid, it's simply not possible to buy an expected fully featured managed switch for a price matching about the cost of a plain unmanaged switch. 

    • Shadga's avatar
      Shadga
      Aspirant
      Jun 02, 2022

      I will test it out in future, but are the vlan atleast isoloated from another?

       

      My setup loooks kinda like these, (i am not much familliar what pvid do, but my guess these are the default incomming trafing of this vlan):

       

      VLAN 1 - Port 1,2,3 Untagged

      VLAN 4,5,6 - Port 3 Tagged (wifi)

      Vlan 8 - Port 4 Untagged (workstation)

      Vlan 10 - Port 5 Untagged + Tags from all Vlan above (Trunk/manage_vlan)

       

      PVID are basically like the untagged port:

      Port 1,2,3 = PVID 1

      Port 4 = PVID 8

      Port 5 = PVID 10

       

      Strangely like i wrote, in dhcp it got his ip adress one time from Vlan 10, and if changed on the other switch (main switch) the port to vlan 10 untagged (and vlan 1 to tagged), the netgear switch got his ip adress out of the vlan 1.

       

      After setting it ip adress to static and ip adress from vlan 10, my main switch and router could reach the web gui. For someone who dont have much expierene in networking this is weird behaviour, my guess is that it dont reach it directly through vlan10?

       

       

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More