HOW TO isolate webgui with port vlan on other way ?
Hello is there any way to phisically isolate webgui ?
the best way would be "port vlan" because the isolation is port based but if I try to enable that the web gui is still open from all the ports.
For example I can create a port vlan in this way:
- vlan1 port_n2 port_n3
- vlan2 port_n1 port_n4 port_n5
but the web gui is still open from all physicall ports.
Obviously I do this for security reason.
Normal vlan, I mean tag based vlan seems not very security because they're logic vlan.
Can I realy isolate teh gui with port vlan ?
Can I disable the webgui and enable just the a command line interface ? (ssh or other)
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @Isaia
Thanks for posting in our business forum.
1. Port VLAN is not a feature of this model.
You should consider SG2XXX models. Usually, if there is a need to do this kind of setup, you use ACL+VLAN.
2. No. No support for CLI on this model.
- Copy Link
- Report Inappropriate Content
Hello again,
are u sure about that this model does not super port vlan ?
Because I read on the datasheet paper that u can find here the following:
• 32 VLANs (out of 4K VLAN IDs)
• MTU/Port/802.1Q VLAN
I tried to configure vlan (by tag) and it works to isolate webgui (it means that the webgui ip is not reachable from the wrong vlan).
But obviously a port based vlan would be better.
- Copy Link
- Report Inappropriate Content
Hi @Isaia
Thanks for posting in our business forum.
Isaia wrote
Hello again,
are u sure about that this model does not super port vlan ?
Because I read on the datasheet paper that u can find here the following:
• 32 VLANs (out of 4K VLAN IDs)
• MTU/Port/802.1Q VLAN
I tried to configure vlan (by tag) and it works to isolate webgui (it means that the webgui ip is not reachable from the wrong vlan).
But obviously a port based vlan would be better.
I apologize for that misunderstanding. 802.1Q VLAN should contain the concept of tag/untag/PVID. PVID equals the Port VLAN.
To do what you want, it is not a problem with the VLAN, in my understanding. I think this should be done with the help of ACL which is what we usually do. Specify the ports 80 and 443 and stop the access from any network to its IP.
I don't have a test model of this. But if you still use this model, and require the isolation, you can try out the router ACL on your router.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 261
Replies: 3
Voters 0
No one has voted for it yet.