Hi there, seems like a basic question but I want to use the 260 5port switch in the following manner.
port1 - WAN from ISP1 (vlan35 -bell fibre)
Port2 - ISP1 to HEX
Port 3 - WAN from ISP2 (regular cable)
Port4 - ISP2 to HEX
Port5 - ISP2 to spare router (I use this to configure routers and as my sandbox)
Seems easy peasy but then I have no access to the Switch from my PC behind the HEX and thus the only way to be able to make changes would be to remove the switch onsight and plug a PC into it etc…
IS THERE ANY WAY for me to gain access to the switch through the port 2 connection ISP to HEX
Port1 -vlan35 (isp uses it)
Port2 -vlan35 (so switch sends datat isp to and fro Hex on WAN side)
Port3 - vlan 10
Port4 -vlan 10 (Thinking I use any VLAN to ensure traffic stays on ports 3,4,5) Both the hex and test routers dont have vlan 10 assigned as its straight ethernet)
Port5 - Vlan 10
Basic Questions going from a simple netgear managed switch to 260 model.
a. best approach (two bridges)??
b. I dont need data tagged coming out of ports 4 and 5 to the routers so how do I setup the 260GS? (the netgear doesnt tag any data it just uses vlan10 to indentify that these 3 ports are together. Now I am thinking I could have used port vlan but didnt.
What is the optimal way on the 260GS?
Finally here is the hard question.
How do I manage the 260GS without any LAN connection to my HEX and my networks??
Is there some sort of
a. static route
b. vlan method
Such that I can access/manage the switch through the port 2 connection (that is also used to pass wan to wan info between ISP and HEX).
use of 3 VLANs … VLAN 35 obviously, VLAN 10 for ISP2 (if desired it can be all 3 ports untagged, but on switch’ bridge it would be tagged) … and …
… use another (e.g. 666) VLAN for management. Add it as tagged only to port2, add it to hEX WAN port as well. You can assign whole /24 IP subnet if you want and configure firewall on hEX to filter access to it frkm where ever needed. On 260G add IP address so you can access the switch management (or configure mac-server and mac-winbox to allow connections from that particular VLAN interface).
If you’d go the static route way, that would mean switch’ IP interface would be accessible (theoretically at least) from one of ISP link … even if it was in different subnet as it would be in same L2 domain … but on hEX you’d have small mess of a configuration (two different IP addresses on same interface if ISP1 assigns address in a “normal way” (i.e. not via some PPP or another) …
I gathered that and just wanted to make sure, your suggestion was thus theoretical and may actually be harder to accomplish as the SwOS makes me pine for RouterOS on this bloody thing.
I am afraid Latvian Kinderdgarten kids were given the task of programming the switch. I have to reset it to defaults over 10 times and a nice feature of the switch is that it takes on average 3-5 attempts to reboot it from the old firmware 2.0 to the latest 2.8.
Nevertheless I will proceed based on the basic premise of you post. I have simplified and that I am going to use the first three ports for ISP2 (Isp 1 will be a direct hookup as no longer need the extra port method) and the other two ports for LAN and VLAN connection respectively (one from the router LAN itself, which will enable switch access) and the other going to a specific vlan device.
Okay, as per the suggestion, no VLAN required for the ISP2, straight ethernet on ports 1,2,3.
I will use Port Forwarding. Strange nomenclature, I was looking PORT VLAN but that is what this is I guess.
VidCam VLAN 99
I have the arlo control station which controls its associated cameras directlly via WIFI.
It reports its information to the internet (I’m assuming netgear cloud), where I can access the information via phone app or PC.
Thus I want to segregate this flow between control station and internet on its own VLAN99.
My physical routing is from HEX, to port 4 on the SwOS and then use port 5 on SwOS to connect directly to the Arlo control station.
The ARLO control station is not vlan aware.
Access VLAN for Switch 111
I have created a VLAN111 on the HEX so that I can access the switch, but in the Network I assign no DNS to the VLAN and No VLAN to WAN allow rule.
Instead I have an allow ADMIN to VLAN rule. In other words a segregated tunnel just to talk to the switch for configuration purposes.
PHUCK ME PHUCK ME PHUCK me for buying this piece of shit, I am locked out again and will have to start over and have no clue what change I made did it this time.
Where is the effing safe mode button. argggggggggg
I have to reset it to defaults over 10 times and a nice feature of the switch is that it takes on average 3-5 attempts to reboot it from the old firmware 2.0 to the latest 2.8.