Why cannot I access my switch’s web GUI via the IP address in a different VLAN?
Zyxel_Melen
Posts: 1,271
Zyxel Employee
Zyxel Employee
in Other Topics
Scenario:
Each VLAN can assign an IP address for the user to access the Web GUI in different VLANs. However, you might encounter problems when accessing Web GUI via the IP address of another VLAN. Like the PC is in VLAN 1 but tries to access VLAN 10’s IP address.
This is because the PC’s default gateway is direct to the gateway/firewall. But the switch has both VLAN’s IP address and it knows the PC’s MAC address, it will reply to the HTTP/HTTPS(TCP) session to the PC directly. This is known as the asymmetrical route.
Asymmetrical route example:
Correct behavior:
To solve this problem, we have some options in below:
- Keep only one IP address for management usage.
This can prevent the switch from using an incorrect IP address to reply HTTP/HTTPS(TCP) session. - Set the SNAT rule on your gateway/firewall.
This makes the firewall use its IP address to route HTTP/HTTPS(TCP) session to the switch and ensure the switch won’t reply to the session to the PC directly.
Click here to start: https://bit.ly/46UJJCE
0
Categories
- All Categories
- 300 Beta Program
- 1.9K Nebula
- 102 Nebula Ideas
- 72 Nebula Status and Incidents
- 4.8K Security
- 3 USG FLEX H Series
- 242 Security Ideas
- 1.1K Switch
- 54 Switch Ideas
- 807 WirelessLAN
- 29 WLAN Ideas
- 5.5K Consumer Product
- 178 Service & License
- 309 News and Release
- 69 Security Advisories
- 19 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.3K FAQ
- 554 Nebula FAQ
- 343 Security FAQ
- 118 Switch FAQ
- 146 WirelessLAN FAQ
- 31 Consumer Product FAQ
- 110 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 70 About Community
- 56 Security Highlight