Welcome to TP-LINK Tech Support Forum
+ Reply to Thread
Results 1 to 9 of 9
  1. #1

    T2600G-28TS GUI access through management VLAN

    Model :

    Hardware Version :

    Firmware Version :

    ISP : [/COLOR]

    Hi All.

    I'd need help in the following:
    I have 3 switches mentioned in Title.
    I'd like to configure them to be managed through management vlan only.
    sw2 and sw3 connecting to sw1 through 2port-LAG
    LAGs are in TRUNK mode and members of management VLAN and systemVLAN(1), PVID=1

    As I thought If I want to use them in the way mentioned, have to setup routing too.
    Upon creating an interface in Routing with management vlanid and the specific IP, I'm able to ping them but GUI doesn't work.

    Do I forgot something?

    Thanks

  2. #2
    Members R1D2 is on a distinguished road
    Join Date
    Dec 2015
    Posts
    1,635
    Quote Originally Posted by klukacs View Post
    Do I forgot something?
    You could use ACLs to restrict mgmt access for a certain subnet/VLAN.

  3. #3
    Hi R1D2,

    Thanks for the answere.

    I checked ACL section but no ACLs are in place.
    If I enable NAT on firewall's interface, the connection succeeds to GUI.
    When I set an Interface under Routing with e.g 172.20.100.13/24 amd vlan id = 20, routing table next hop field shows

    172.20.100.13, no gateway setting possibility. I may missunderstood something written in manual.
    I'd like to Access the gui from different subnet without NAT.

    Do I need other settings too in order to achieve it or this should work.

    Thanks

  4. #4
    Members R1D2 is on a distinguished road
    Join Date
    Dec 2015
    Posts
    1,635
    Quote Originally Posted by klukacs View Post
    I checked ACL section but no ACLs are in place.
    You would have to create ACLs to restrict web UI access to the switch. That's not really an elegant replacement for a mgmt VLAN, but it should work for restricting/allowing access to the mgmt interface of the switch.

    As you discovered already, if virtual interfaces have been created for Inter-VLAN routing, the web UI of the switch can be reached through this interface, too. Although there is a setting Admin Status in the Routing -> Interface Config menu, which looked to me like administrative access can be denied here, it seems to mean something other. Setting Admin Status to Disable shuts down the interface, so I'm not sure wether this setting is really meant to prohibit mgmt access as its name suggests or wether routing through this interface is denied at all.

    According to the manual: Admin Status: Displays the Admin status. Choose Disable to disable the interface's Layer 3 capabilities.

    Makes not much sense to me to name this function "Admin Status". "Interface Status" would be more intuitive.

    If I enable NAT on firewall's interface, the connection succeeds to GUI.
    When I set an Interface under Routing with e.g 172.20.100.13/24 amd vlan id = 20, routing table next hop field shows
    Wait a moment: are you using the switch on the WAN side with a public IP? Maybe you can draw a picture of the network topology to make it more clear from which system you want to be able to access the mgmt interfaces of the switch.
    Last edited by R1D2; 03-18-2018 at 13:31.

  5. #5
    Quote Originally Posted by R1D2 View Post
    Wait a moment: are you using the switch on the WAN side with a public IP? Maybe you can draw a picture of the network topology to make it more clear from which system you want to be able to access the mgmt interfaces of the switch.
    No, I'm using it in local Network environment with C type address ranges 192.168.x.y

    but as I know 172.16.0.0 - 172.31.255.255 are also belongs to private ranges as described in RFC 1918, and I can reduce the number of hosts with masking.. ..or am I wrong?

  6. #6
    Members R1D2 is on a distinguished road
    Join Date
    Dec 2015
    Posts
    1,635
    Ups, yes, my fault. Sorry. I had 172.16.0.0/15 in mind, but it's indeed 172.16.0.0/12, you're right. Do you have set static routes back to the VLAN(s) from which you want to access the switch?

  7. #7
    Ah, yes.. this should be the problem.. no static routes are set.
    The switches actually reachable from the same subnet as management host is placed. So I have two interfaces one is in e.g 192.168.10.0/24 vlanID:1, GW: 192.168.10.254 the actual, and one is in e.g. 192.168.20.0/24 the management subnet, vlanID:20, GW: 192.168.20.254.
    So I need a static route setting to 192.168.10.0/24 with next hop 192.168.20.254, right?
    but this case I should have to erase the 192.168.10.0/24 interface

  8. #8
    Members R1D2 is on a distinguished road
    Join Date
    Dec 2015
    Posts
    1,635
    Depends on the topology. If your 3 switches are connected to the GW, then this would be the next hop. If the switches are connected directly, you could use routed ports for next hops (Sw A Gi1/0/2 and Sw B Gi 1/0/1 in the example below):

    Name:  Untitled.png
Views: 0
Size:  18.6 KB

  9. #9
    Hi R1D2,

    Thanks for the help


 

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Copyright 1996-2018 TP-LINK Technologies Co., Ltd. All rights reserved.