This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
I had originally set up my M4300 switch as an L3 routing switch, connected to a VLAN unaware router/firewall (Fritzbox) provided by my ISP. In that configuration, I was able to access my switch via any of the VLAN IP interfaces, including the one of my management VLAN 99 (192.168.99.254). The M4300 also acted as DHCP server for the different VLANs.
I now replaced the Fritzbox by a pfSense router/firewall, which will now take over the routing/firewalling/DHCP. So I disabled the routing and DHCP in the M4300 switch and set the IPv4 management VLAN configuration in that switch as follows: Management VLAN ID: 99 IP: 192.168.99.253 Subnet: 255.255.255.224 Gateway 192.168.99.254 (= VLAN 99 interface configured in pfSense)
The strange thing is that I can access the M4300 WebGUI (192.168.99.253) from a VLAN 178 (192.168.178.0 /24) wireless connection but not from a wired VLAN 178 connection (= computer connected to a port untagged for VLAN 178 on M4300). However, both from VLAN 178 wired and wireless connections, I can access the WebGUI (192.168.99.252) of a Netgear GS308T switch (L2), with the following IP configuration: Management VLAN ID: 99 IP: 192.168.99.252 Subnet: 255.255.255.224 Gateway 192.168.99.254
My network setup is as follows:
pfSense | 10Gbit port (configured with all VLANs) | | Port 27 10Gbit (tagged for VLANs 99, 178) M4300 switch | LAG1 consisting of ports 3,4 (tagged for VLANs 99, 178) | | LAG 1 consisting of ports 1,2 (tagged for VLANs 99, 178) GS308T switch
None of the switches have ACLs configured. The pfSense firewall allows access to VLAN 99 from VLAN 178 (I can access the WebGUIs of the GS308T switch and the wireless access point, both on VLAN 99).
My wireless access point (with IP on VLAN 99) is connected to port 6 (untagged for VLAN 99, tagged for VLAN 178) of the M4300 switch.
Thanks in advance for any pointers in the right direction.
The strange thing is that I can access the M4300 WebGUI (192.168.99.253) from a VLAN 178 (192.168.178.0 /24) wireless connection but not from a wired VLAN 178 connection (= computer connected to a port untagged for VLAN 178 on M4300).
It is odd that you cannot access it via a wired connection. Are you able to ping the 192.168.99.253 via a wired connection through VLAN 178?
Also, is there a port security configured on the port (that belongs to VLAN 178) where you are connected to access the M4300 web-GUI?
What is the current firmware version of the M4300-28G-PoE+ switch? If ever it is not yet the latest version, I suggest you to update it. The latest M4300 firmware is v12.0.7.17 and you can download it here. Then, check if the same problem occurs.
No, I'm not able to ping 192.168.99.253 via a wired connection. Strangely enough, whereas I can access the WebGUI from a wireless connection, pinging 192.168.99.253 doesn't work either.
Pinging 192.168.99.252 (the other switch) works from both wired and wireless VLAN 178 connections and a tracert arrives at 192.168.99.252 via 192.168.178.254.
I wired a laptop (the one with which I test the wireless connection) to port 1 with exactly the same settings (untagged VLAN 178, PVID 178)
as for port 28 (wired connection desktop) and from the laptop I could access the WebGUI (but pinging 192.168.99.253 still didn't work).
There is no port security configured on any of the ports.
My firmware was on v12.0.7.15. I updated to v12.0.7.17, but no change.
Question: in the 'IPv4 management VLAN configuration', should 'Routing mode' be enabled or disabled (it is enabled in my case) ?
Question: in the 'IPv4 management VLAN configuration', should 'Routing mode' be enabled or disabled (it is enabled in my case) ?
Disabling Routing Mode would globally disable routing on your M4300-28G-PoE+ switch. I suggest to enable it at all times.
I had originally set up my M4300 switch as an L3 routing switch, connected to a VLAN unaware router/firewall (Fritzbox) provided by my ISP. In that configuration, I was able to access my switch via any of the VLAN IP interfaces, including the one of my management VLAN 99 (192.168.99.254). The M4300 also acted as DHCP server for the different VLANs.
I now replaced the Fritzbox by a pfSense router/firewall, which will now take over the routing/firewalling/DHCP. So I disabled the routing and DHCP in the M4300 switch and set the IPv4 management VLAN configuration in that switch
Read your initial post again. Let us try this. Kindly try to set VLAN routing again on the M4300 switch (leave the firewall and DHCP functions on the Fritzbox router) and check if you will be able to access again the M4300 web GUI (192.168.99.253) from a VLAN 178 (192.168.178.0 /24) via wired & wireless connection.
You want me to enable VLAN routing for all VLANs in the M4300 switch? This is what is now handled by my pfSense firewall/router, which makes it easier to manage firewall rules.
I apologize for the late response. I inquired your concern to the higher tier of NETGEAR Support. As per the higher tier of NETGEAR Support, do a packet trace on the PC where you cannot access the web interface, taken while you try to access the web-GUI of the M4300 switch but it fails.
To analyze the packet capture, kindly open a chat or online support ticket with NETGEAR Support here at anytime. Be sure to include the following details when you open a support ticket :
a. IP settings (including the default gateway) on the PC (where you cannot access the web interface)
b. an image showing detailed information on how everything is connected
