Why cannot I access my switch’s web GUI via the IP address in a different VLAN?
Zyxel_Melen
Posts: 3,195 
Zyxel Employee
Zyxel Employee
in Other Topics
Scenario:
Each VLAN can assign an IP address for the user to access the Web GUI in different VLANs. However, you might encounter problems when accessing Web GUI via the IP address of another VLAN. Like the PC is in VLAN 1 but tries to access VLAN 10’s IP address.
This is because the PC’s default gateway is direct to the gateway/firewall. But the switch has both VLAN’s IP address and it knows the PC’s MAC address, it will reply to the HTTP/HTTPS(TCP) session to the PC directly. This is known as the asymmetrical route.
Asymmetrical route example:
Correct behavior:
To solve this problem, we have some options in below:
- Keep only one IP address for management usage.
This can prevent the switch from using an incorrect IP address to reply HTTP/HTTPS(TCP) session. - Set the SNAT rule on your gateway/firewall.
This makes the firewall use its IP address to route HTTP/HTTPS(TCP) session to the switch and ensure the switch won’t reply to the session to the PC directly.
Zyxel Melen
0
Categories
- All Categories
- 431 Beta Program
- 2.6K Nebula
- 163 Nebula Ideas
- 112 Nebula Status and Incidents
- 6K Security
- 359 USG FLEX H Series
- 292 Security Ideas
- 1.5K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 42 Wireless Ideas
- 6.6K Consumer Product
- 262 Service & License
- 407 News and Release
- 87 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.9K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 83 Security Highlight