Management VLAN Access
I am trying to set up a management vlan in standalone mode on several new SG2008 switches. On each switch I have configured a new vlan (50) and also created another interface under L3 features with an address in the 192.168.50.0/24 network. My router is a third party router (Synology) which is a good vlan router. The problem I am having is when I try to access the switch via the management IP address from my primary vlan on a different subnet. I can see the router's firewall rules that allow the needed inter-vlan routing are incrementing the hit count so the problem is not with the router but with the switch, If I try to access the switch with a laptop connected to the same management vlan, there is no problem. It appears the switch is not accepting packets from a different subnet. Am I missing something here? For example, in my EAP610, there is an option for L3 accessibility but there is no such option in the SG2008.
Any guidance would be most appreciated.
I have solved the issue! Here is what needs to be done in case someone else runs into the same problem.
1. Ensure the only interface is the management vlan interface. In this case the switch has an IP address of 192.168.50.7.
2. As the switch has no default gateway, create a static route to the other network. The Next Hop should be the router's IP address on the management vlan.
3. Ensure the new static route appears in the routing table.
4. Click Save to save the changes..
I can now access the switch from the primary vlan. The original problem was due to the switch not knowing where to send its response packets as they needed to be routed outside of the management vlan.
The link you provided did not help. Let's see if I can explain this a little better so that you understand what I am trying to do. I have a primary network and a management network configured on the router. The primary network has a subnet of 192.168.10.0/24 and is an untagged vlan. The management network has a subnet of 192.168.50.0/24 and has a vlan tag of 50. In the GUI of the SG2008, there are two interfaces configured as shown below:
With a PC on the primary network, I can not access the switch on the management vlan even though the routing is configured properly in the router. The routing is correct because I can access an EAP610 configured in the same management network with no problems. With the PC, I can also ping the switch with no problems. It is the web GUI of the switch that does not respond. The problem is the same with OR without an ACL. I have tried an ACL with just the management network and later an ACL that includes both interfaces. Neither work.
If I use the same PC, but now connected only to the management network, I can access the switch OK on its management interface.
The end goal here is to leave the PC hardwired to the primary network with the capability to access devices on the management network. As I stated before, it works OK when accessing the EAP610 so there is something with the switch that prevents establishing a connection. Any ideas?
I have solved the issue! Here is what needs to be done in case someone else runs into the same problem.
1. Ensure the only interface is the management vlan interface. In this case the switch has an IP address of 192.168.50.7.
2. As the switch has no default gateway, create a static route to the other network. The Next Hop should be the router's IP address on the management vlan.
3. Ensure the new static route appears in the routing table.
4. Click Save to save the changes..
I can now access the switch from the primary vlan. The original problem was due to the switch not knowing where to send its response packets as they needed to be routed outside of the management vlan.