At iSec we make extensive (or as extensive as possible for an organization our size, anyway) use of Netgear ProSafe switches; these are inexpensive gigabit ethernet switches with decent management features that seem to be marketed mostly to a SOHO type of clientele. We like them because they have a nice balance of configurability vs. price.

Because of the, erm, aggressive nature of some of our research traffic, we use VLANs pretty extensively to provide extra isolation of the nasty stuff. We use VLAN 10 as the switch management VLAN (there are some pretty good reasons to avoid the default VLAN for this type of traffic), and everything generally works pretty well.

Unfortunately, the management VLAN setting, present on our $70 GS108T 8-port distribution/access switches, is conspicuously absent from our $700  Netgear GS748AT 48-port “core” switch. After a considerable amount of flailing about, trying to find the proper way of moving switch management away from VLAN 1 on the 748, I discovered this little tidbit on the download page for both available firmwares (4.0.1.1 and 3.0.6.1):

Limitations and Known Issues:

1. Only members of default VLAN (VLAN ID of 1) can manage the switch.

facepalm.

So, my solution? Or, more aptly, my kludgy workaround? I put untagged VLAN 1 traffic on port 2 with a PVID of 1, and untagged VLAN 10 traffic on port 6 with a PVID of 10, and I jumpered the hell out of those ports (black cable). I’d imagine there may be something more elegant that can be done, but I haven’t been able to divine one based upon my understanding of the Netgear web interface.