Why cannot I access my switch’s web GUI via the IP address in a different VLAN?
Options
Zyxel_Melen
Posts: 1,934 
Zyxel Employee
Zyxel Employee
in Other Topics
Scenario:
Each VLAN can assign an IP address for the user to access the Web GUI in different VLANs. However, you might encounter problems when accessing Web GUI via the IP address of another VLAN. Like the PC is in VLAN 1 but tries to access VLAN 10’s IP address.
This is because the PC’s default gateway is direct to the gateway/firewall. But the switch has both VLAN’s IP address and it knows the PC’s MAC address, it will reply to the HTTP/HTTPS(TCP) session to the PC directly. This is known as the asymmetrical route.
Asymmetrical route example:
Correct behavior:
To solve this problem, we have some options in below:
- Keep only one IP address for management usage.
This can prevent the switch from using an incorrect IP address to reply HTTP/HTTPS(TCP) session. - Set the SNAT rule on your gateway/firewall.
This makes the firewall use its IP address to route HTTP/HTTPS(TCP) session to the switch and ensure the switch won’t reply to the session to the PC directly.
From Wires to Wi-Fi: How is Your Network Designed?0
Categories
- All Categories
- 413 Beta Program
- 2.3K Nebula
- 192 Nebula Ideas
- 87 Nebula Status and Incidents
- 5.3K Security
- 142 USG FLEX H Series
- 253 Security Ideas
- 1.3K Switch
- 75 Switch Ideas
- 993 Wireless
- 51 Wireless Ideas
- 6.1K Consumer Product
- 231 Service & License
- 362 News and Release
- 74 Security Advisories
- 23 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 101 About Community
- 67 Security Highlight