Secondary IP address on VLANs - What is it NOT for
Posted: Wed Mar 18, 2015 1:45 pm
jjonson wrote:You need to work on the default VLAN stuff.
A good idea is to be able to choose management VLAN as with the TOUGHswitch (and other switches)
I know I can give the switch an IP-address on all VLANs but I don’t think that’s great way to do it…
There have been too many misunderstandings on what the secondary IP address on a VLAN is supposed to be used for so I thought it best to post an announcement. I thought most people would realize there is no default gateway field there and they would realize that IP is non-rout-able and not meant for anything other then a way for the switch to ping a device on that interface/VLAN that is in another sub-net and or VLAN than the switch's management IP which can ONLY be set on the Device/Config Tab and nowhere else.
I was incorrect as this is about 20 support issues from this issue so my bad in not conveying this better so here we go, hang on!
The secondary IP you assign to the VLANs is primarily ONLY for doing ping tests from the switch to the device on that port for Ping Watch Dog. The device you are pinging has to be in the same sub-net of this secondary IP on the VLAN as this IP is NOT rout-able as it has no gateway.
Think of this as when you assign a secondary IP on your Laptop NIC such as 192.168.1.5 so you can always get to defaulted devices like a UBNT radio or Netonix switch which is at 192.168.1.20. But notice your laptop does not ask you for a gateway address on these secondary IP as it is NON-ROUT-ABLE because by default your PC is not a ROUTER.
So if you want the switch to ping a radio for Ping Watch Dog connected to a port that is in a different VLAN/sub-net of the switch's management IP which is assigned under the Device/Config Tab ONLY and is the address assigned to the "Default / Management VLAN" it does not need to hit the router first, nor is this IP even capable of being routed as it has no gateway! You can change the Default VLAN ID or Description but it is ALWAYS the Default/Management VLAN and no other VLAN contains the switch's management IP which can ONLY be set on the Device/Config Tab.
Again, the Default VLAN at the TOP of the VLAN list is the ONLY Management VLAN, and only the IP set under the Device/Config Tab is rout-able and always assigned to that VLAN at the TOP of the list. You change that VLANs ID or Name/Description to what you want but REMEMBER ONLY the IP set on the Device/Config Tab is rout-able and is always assigned to the Default VLAN at the TOP of the VLAN list. This is why the Default VLANs little gear is grayed out as it uses the management IP set in the Device/Config Tab ONLY.
And again f you thought the IPs assigned on the the VLAN Tab were rout-able and was relying on one of these IPs to communicate to the switch from outside it's sub-net then the switch could not get out causing certain safety routines in the switch firmware on boot up to detect that something was wrong as it is not communicating as in it hears nothing and nothing will respond to it and forces a reboot which is probably where this reboot loop is coming from because you isolated the switch like Helen Keller from a Nine Inch Nails Concert.
We were asked to put the secondary IP on the VLANs by users on this forum so people could set the ping watch dog to ping devices directly without needing to be routed if the device was in another sub-net or VLAN than the Default/Management VLAN and or sub-net without first having to go to a router because if the router was down then the switch would start rebooting radios for no reason.
We are adding BIG RED letters on the window that pops up where you assign the VLAN IP to convey to users that this is NOT a rout-able IP nor is it meant to be used as the management IP that is found under the Device/Config Tab ONLY. However you can access the UI via this IP address if you are in the same sub-net on that VLAN, and on the same layer 2 segment and only if so, but never outside this sub-net, VLAN, Layer 2 segment.
I hope this clear this issue up?