<
Switches
T2600G-28TS GUI access through management VLAN
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.T2600G-28TS GUI access through management VLAN
Posts: 5
Helpful: 1
Solutions: 0
Stories: 0
Registered: 2018-03-15
T2600G-28TS GUI access through management VLAN
2018-03-15 06:05:56
Tags:
Model :
Hardware Version :
Firmware Version :
ISP :
Hi All.
I'd need help in the following:
I have 3 switches mentioned in Title.
I'd like to configure them to be managed through management vlan only.
sw2 and sw3 connecting to sw1 through 2port-LAG
LAGs are in TRUNK mode and members of management VLAN and systemVLAN(1), PVID=1
As I thought If I want to use them in the way mentioned, have to setup routing too.
Upon creating an interface in Routing with management vlanid and the specific IP, I'm able to ping them but GUI doesn't work.
Do I forgot something?
Thanks
Hardware Version :
Firmware Version :
ISP :
Hi All.
I'd need help in the following:
I have 3 switches mentioned in Title.
I'd like to configure them to be managed through management vlan only.
sw2 and sw3 connecting to sw1 through 2port-LAG
LAGs are in TRUNK mode and members of management VLAN and systemVLAN(1), PVID=1
As I thought If I want to use them in the way mentioned, have to setup routing too.
Upon creating an interface in Routing with management vlanid and the specific IP, I'm able to ping them but GUI doesn't work.
Do I forgot something?
Thanks
#1
Options
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Thread Manage
8 Reply
Posts: 4334
Helpful: 987
Solutions: 173
Stories: 3
Registered: 2015-12-05
Re:T2600G-28TS GUI access through management VLAN
2018-03-15 20:27:11
klukacs wrote
Do I forgot something?
You could use ACLs to restrict mgmt access for a certain subnet/VLAN.
༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#2
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Posts: 5
Helpful: 1
Solutions: 0
Stories: 0
Registered: 2018-03-15
Re:T2600G-28TS GUI access through management VLAN
2018-03-18 03:53:11
Hi R1D2,
Thanks for the answere.
I checked ACL section but no ACLs are in place.
If I enable NAT on firewall's interface, the connection succeeds to GUI.
When I set an Interface under Routing with e.g 172.20.100.13/24 amd vlan id = 20, routing table next hop field shows 172.20.100.13, no gateway setting possibility. I may missunderstood something written in manual.
I'd like to Access the gui from different subnet without NAT.
Do I need other settings too in order to achieve it or this should work.
Thanks
Thanks for the answere.
I checked ACL section but no ACLs are in place.
If I enable NAT on firewall's interface, the connection succeeds to GUI.
When I set an Interface under Routing with e.g 172.20.100.13/24 amd vlan id = 20, routing table next hop field shows 172.20.100.13, no gateway setting possibility. I may missunderstood something written in manual.
I'd like to Access the gui from different subnet without NAT.
Do I need other settings too in order to achieve it or this should work.
Thanks
1
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
1
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#3
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Posts: 4334
Helpful: 987
Solutions: 173
Stories: 3
Registered: 2015-12-05
Re:T2600G-28TS GUI access through management VLAN
2018-03-18 21:20:23
klukacs wrote
I checked ACL section but no ACLs are in place.
You would have to create ACLs to restrict web UI access to the switch. That's not really an elegant replacement for a mgmt VLAN, but it should work for restricting/allowing access to the mgmt interface of the switch.
As you discovered already, if virtual interfaces have been created for Inter-VLAN routing, the web UI of the switch can be reached through this interface, too. Although there is a setting Admin Status in the Routing -> Interface Config menu, which looked to me like administrative access can be denied here, it seems to mean something other. Setting Admin Status to Disable shuts down the interface, so I'm not sure wether this setting is really meant to prohibit mgmt access as its name suggests or wether routing through this interface is denied at all.
According to the manual: Admin Status: Displays the Admin status. Choose Disable to disable the interface's Layer 3 capabilities.
Makes not much sense to me to name this function " Admin Status". " Interface Status" would be more intuitive.
If I enable NAT on firewall's interface, the connection succeeds to GUI.
When I set an Interface under Routing with e.g 172.20.100.13/24 amd vlan id = 20, routing table next hop field shows
Wait a moment: are you using the switch on the WAN side with a public IP? Maybe you can draw a picture of the network topology to make it more clear from which system you want to be able to access the mgmt interfaces of the switch.
༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#4
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Posts: 5
Helpful: 1
Solutions: 0
Stories: 0
Registered: 2018-03-15
Re:T2600G-28TS GUI access through management VLAN
2018-03-19 01:22:36
R1D2 wrote
Wait a moment: are you using the switch on the WAN side with a public IP? Maybe you can draw a picture of the network topology to make it more clear from which system you want to be able to access the mgmt interfaces of the switch.
No, I'm using it in local Network environment with C type address ranges 192.168.x.y
but as I know 172.16.0.0 - 172.31.255.255 are also belongs to private ranges as described in RFC 1918, and I can reduce the number of hosts with masking.. ..or am I wrong?
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#5
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Posts: 4334
Helpful: 987
Solutions: 173
Stories: 3
Registered: 2015-12-05
Re:T2600G-28TS GUI access through management VLAN
2018-03-19 01:43:59
Ups, yes, my fault. Sorry. I had 172.16.0.0/15 in mind, but it's indeed 172.16.0.0/12, you're right. Do you have set static routes back to the VLAN(s) from which you want to access the switch?
༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#6
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Posts: 5
Helpful: 1
Solutions: 0
Stories: 0
Registered: 2018-03-15
Re:T2600G-28TS GUI access through management VLAN
2018-03-19 02:10:59
Ah, yes.. this should be the problem.. no static routes are set.
The switches actually reachable from the same subnet as management host is placed. So I have two interfaces one is in e.g 192.168.10.0/24 vlanID:1, GW: 192.168.10.254 the actual, and one is in e.g. 192.168.20.0/24 the management subnet, vlanID:20, GW: 192.168.20.254.
So I need a static route setting to 192.168.10.0/24 with next hop 192.168.20.254, right?
but this case I should have to erase the 192.168.10.0/24 interface
The switches actually reachable from the same subnet as management host is placed. So I have two interfaces one is in e.g 192.168.10.0/24 vlanID:1, GW: 192.168.10.254 the actual, and one is in e.g. 192.168.20.0/24 the management subnet, vlanID:20, GW: 192.168.20.254.
So I need a static route setting to 192.168.10.0/24 with next hop 192.168.20.254, right?
but this case I should have to erase the 192.168.10.0/24 interface
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#7
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Posts: 4334
Helpful: 987
Solutions: 173
Stories: 3
Registered: 2015-12-05
Re:T2600G-28TS GUI access through management VLAN
2018-03-19 02:36:02
Depends on the topology. If your 3 switches are connected to the GW, then this would be the next hop. If the switches are connected directly, you could use routed ports for next hops (Sw A Gi1/0/2 and Sw B Gi 1/0/1 in the example below):
༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#8
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Posts: 5
Helpful: 1
Solutions: 0
Stories: 0
Registered: 2018-03-15
Re:T2600G-28TS GUI access through management VLAN
2018-03-19 16:32:30
Hi R1D2,
Thanks for the help
Thanks for the help
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#9
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Posts: 5
Helpful: 1
Solutions: 0
Stories: 0
Registered: 2018-03-15
Information
Helpful: 0
Views: 1922
Replies: 8
Voters 0
No one has voted for it yet.
Tags
Related Articles
Mac vlan t2600g-28ts
1090
0
Report Inappropriate Content
Transfer Module
New message