Can't access managed switch web ui (re: "simple?" VLAN question)
-
My managed switch (Dell PowerConnect 2824) has a web interface that can only be accessed on VLAN 1. The IP address is 192.168.1.254.
My router (pfSense) is configured this like: (interfaces)
Internal - em0 (VLAN 10)
Wireless - em0 (VLAN 20)
Public Servers - em0 (VLAN 30)
Game Servers - em0 (VLAN 40)
Management - em0 (I've tried just using em0 [default port VLAN is 1 on switch] and using VLAN 1)I'm on the internal network (192.168.0.0) trying to access the switch interface (192.168.1.254) but it's not working.
Can anybody give me any information on getting this to work?
EDIT: If I set the Management network to em0 (no VLAN specified), I can use pfSense web interface to ping the switch and it responds but I still can't access it in my web browser from my main pc.
-
The default VLAN1 on the switch is - as far as I know - alway an untagged VLAN.
This means, you have to use em0 interface as an extra interface, then configure one port as trunk port with all your VLANs as tagged VLANs and then change the webGUI/management interface IP of the switch to a VLAN you like.
After this, you can delete the em0 interface if you do not like it. (Some people in the forum say, that you should not mix up VLANs/tagged and untagged interfaces on one NIC)
-
Yes, the default VLAN 1 on the switch is untagged and cannot be changed. Furthermore, the switch web interface is ONLY accessible on VLAN 1 which is my problem (and why I have to mix untagged/tagged VLANs on pfSense).
-
As I said in my post before, you should mix up tagged/untagged until you can change the web-interface vlan of the switch. if it could not be changed, than you must mix tagged/untagged vlans.
you em0 interface in pfsense is always untagged and the VLAN1 on the switch in untagged, too.
so both nic can communicate. -
OK - It looks like I have it setup correctly then, right?
pfSense
Interface - "Management" - em0 (no VLAN), static ip, 192.168.1.1/24Switch
Port 1 (router/pfSense) - default VLAN ID = 1
Web interface = 192.168.1.254Main PC
Internal Network (VLAN 10) - 192.168.1.39Why can't I access the switch web interface from my main pc?
-
Why is your internal PC on VLAN10 with same IP subnet als "Management" or just a spelling mistake ?
Did you add firewall rules for you "management" interface em0 to allow traffic to the switch ?
Can you ping the switch/webinterface from you pfsense ?
Some switches only allow configuration from one special port, e.g. port 1 or the last port.
Did you enable DHCP server on em0 "Management" interface and did you try to restart the switch after setting up all this setting? Better enable DHCP on all interfaces of em0.
You could take a look at dhcp leases in pfsense if the switch got an IP.
Is the switch webGUI http or https - try with https://192.168.1.x
Use a crossover network cable to try to connect to the switch (you have to edit an IP on the client PC) and perhaps try with "arp -a" in windows if the switch is in the arp table.
-
Why is your internal PC on VLAN10 with same IP subnet als "Management" or just a spelling mistake ?
Sorry, that was a typo. My internal PC is 192.168.0.39.
Did you add firewall rules for you "management" interface em0 to allow traffic to the switch ?
Under the management interface I have an "Allow All" rule (allow any from any) as the only rule.
Can you ping the switch/webinterface from you pfsense ?
Yes, this works. (Under Diagnostics I selected Ping then the management interface, and then enter the switch IP (192.168.1.254) and it works successfully)
Some switches only allow configuration from one special port, e.g. port 1 or the last port.
No, this switch allows configuration from all ports. I've tested both ports 1 and 24 and they both accessed the web interface fine. (I tested it before I added the VLAN switch into the mix)
Did you enable DHCP server on em0 "Management" interface and did you try to restart the switch after setting up all this setting? Better enable DHCP on all interfaces of em0.
You could take a look at dhcp leases in pfsense if the switch got an IP.No, I'm using a static IP on the switch to avoid DHCP for now. I did restart pfSense after setting up the VLANs, etc.
Is the switch webGUI http or https - try with https://192.168.1.x
It uses HTTP (which has worked successfully before adding the VLANs into the mix).
Use a crossover network cable to try to connect to the switch (you have to edit an IP on the client PC) and perhaps try with "arp -a" in windows if the switch is in the arp
table.The web interface worked fine before I added pfSense and additiona VLANs into the mix so I know I can access it. Also, pfSense has an ARP listing for the switch with the correct MAC address so I know it sees it just fine (and ping worked).
One possibility I'm wondering is that the switch itself is denying access because the source ip (my internal PC) is on a different network…
-
One possibility I'm wondering is that the switch itself is denying access because the source ip (my internal PC) is on a different network…
If the switch is only a switch (layer2) and not a switch/router(layer3) there should not be any problems. The switch only works with MAC addresses and not with IPs.
If you could ping the webinterface of the switch from you pfsense but not from the client then there is a routing or firewall problem I think. Is ther ean allow any rule for TCP/UDP on both interfaces, em0 "Management" and em0 VLAN10 (client) ?
Could you ping pfsense from your client ?
Does you client has a Gateway ?
can you ping the em0 (interface) 192.168.1.1 ? If not, there is a routing/firewall problem on pfsense between 192.168.0.0/24 and 192.168.1.0/24 -
Does you client has a Gateway ?
This was the problem! For some reason I assigned it an IP address and netmask but had a blank gateway. It works now!
I'm just wondering though, why do I get a "Destination Host Unreachable" if I set my "management" network to VLAN 1? If I leave it untagged it works fine but I thought that assigning VLAN 1 should also work…
-
VLAN 1 is the special case. usual switches automatically strips vlan tags away from vlan 1
-
Yeah, it just seems odd.
Why am I getting a "Destination Host Unreachable" message though? It seems like it's reachable but I would expect the switch web interface to just not respond.