Why cannot I access my switch’s web GUI via the IP address in a different VLAN?
Options
Zyxel_Melen
Posts: 3,990 
Guru Member
Guru Member
in Other Topics
Scenario:
Each VLAN can assign an IP address for the user to access the Web GUI in different VLANs. However, you might encounter problems when accessing Web GUI via the IP address of another VLAN. Like the PC is in VLAN 1 but tries to access VLAN 10’s IP address.
This is because the PC’s default gateway is direct to the gateway/firewall. But the switch has both VLAN’s IP address and it knows the PC’s MAC address, it will reply to the HTTP/HTTPS(TCP) session to the PC directly. This is known as the asymmetrical route.
Asymmetrical route example:
Correct behavior:
To solve this problem, we have some options in below:
- Keep only one IP address for management usage.
This can prevent the switch from using an incorrect IP address to reply HTTP/HTTPS(TCP) session. - Set the SNAT rule on your gateway/firewall.
This makes the firewall use its IP address to route HTTP/HTTPS(TCP) session to the switch and ensure the switch won’t reply to the session to the PC directly.
Zyxel Melen
0
Categories
- All Categories
- 439 Beta Program
- 2.8K Nebula
- 199 Nebula Ideas
- 125 Nebula Status and Incidents
- 6.3K Security
- 493 USG FLEX H Series
- 322 Security Ideas
- 1.6K Switch
- 83 Switch Ideas
- 1.3K Wireless
- 47 Wireless Ideas
- 6.8K Consumer Product
- 285 Service & License
- 455 News and Release
- 89 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 95 Security Highlight