I'm also having this problem intermittently with our CSS326. I was able to get to it earlier, but now I can't. I can't even ping it at the moment, but it's working fine as far as I can tell.
I looked on the wiki and it seems it doesn't work the way typical devices do. There's no default gateway and it's not clear to me how it actually functions. The wiki says it responds to whatever device it sees the packet from, but I can't find it in the arp table of either router attached to it, so right now it doesn't seem to be functioning normally. It doesn't show up on IP Scan right now either. I think we're running 2.3 on it, but I can't check at the moment.
As long as this switch doesn't crash like our old CSS 226 did it will be an improvement, but I had no idea swos worked this way. I hope this isn't something permanent where we won't be able to log into this switch when we need to.
The method is pretty fool proof, as long as there isn't something blocking the mac address. The way it was explained to me was that the switch hijacks the ip and tcp/udp headers and swaps the source and destination mac address, ip addresses, and ports. (in the postal analogy, it creates a new envelope and put what was on the return address into the "to address" and puts the original to address in the return address location.
So this works regardless of whether the packet was routed, had nat applied, etc. All is needs to do is to get it back to the mac address it received it from (the host or router that forwarded the packet). It will be on the same L2 LAN in every case. You could cause it to fail will scapy to forge a packet with someone else's mac address, but that's intentional breakage.
The only downside is that you can't initiate outbound connections from the switch, it can only respond. So when you upgrade software, the PC connected to the web interface has to be the one that establishes the connection to "upload the firmware" to the switch.
It won't show up in an arp table until you ping the switch, then it should show up in the arp table. The switch itself never sends out arps, it doesn't need to, because it already knows the mac address.