Why cannot I access my switch’s web GUI via the IP address in a different VLAN?

Options
Zyxel_Melen
Zyxel_Melen Posts: 1,716  Zyxel Employee
First Anniversary 10 Comments Friend Collector First Answer

Scenario:

Each VLAN can assign an IP address for the user to access the Web GUI in different VLANs. However, you might encounter problems when accessing Web GUI via the IP address of another VLAN. Like the PC is in VLAN 1 but tries to access VLAN 10’s IP address.

This is because the PC’s default gateway is direct to the gateway/firewall. But the switch has both VLAN’s IP address and it knows the PC’s MAC address, it will reply to the HTTP/HTTPS(TCP) session to the PC directly. This is known as the asymmetrical route.

Asymmetrical route example:

Correct behavior:

To solve this problem, we have some options in below:

  1. Keep only one IP address for management usage.
    This can prevent the switch from using an incorrect IP address to reply HTTP/HTTPS(TCP) session.
  2. Set the SNAT rule on your gateway/firewall.
    This makes the firewall use its IP address to route HTTP/HTTPS(TCP) session to the switch and ensure the switch won’t reply to the session to the PC directly.

Zyxel Melen