Can you provide some more details using switch on 10.0.0.2 and router on 10.0.0.1?  Assume rule is set in firewall access rules on RV082, but need details here such as source/destintion IP, etc.   Assume 2nd step is port forwarding, 10.0.0.2 -TCP on port 5000 forwarded by adding new service to list.  Do I need to establish a static ip in router for each managed switch?  I wish there was a white paper on this. 

No firewall rule.

Just port mapping.  Yes, you need to define a new service for each IP (switch) you want to reach, and yes this implies that they will be exposed to the Internet so use good passwords (the secure alternative is to use a VPN.)

No static IPs needed for the switches, but you need to know your router's public IP or DNS name, and the switches fixed IPs.

Everything is explained in the RV manual.

I'm using managed switch SF300-24 with static IP of 10.0.0.2.    Port forward in router is configured as:  SWTCH[TCP/8001~8001]->10.0.0.2 .   Router WAN is static IP for easy access.  When port 8001 is used with WAN in browser, I can't remotely access switch management GUI.  What else is needed?   Do I need UDP too?

jpoldoian@comcast.net
SWTCH[TCP/8001~8001]->10.0.0.2 .   Router WAN is static IP for easy access.  When port 8001 is used with WAN in browser, I can't remotely access switch management GUI.  What else is needed?   Do I need UDP too?

My mistake, I tought port mapping was available, but its not.  That means only one switch can use the port forwarding, and even that only if port 80 is not used by anything else.

Your best solution is using a VPN, that way you'll have access to everything with no configuration change (i.e. no port forwarding, or changing the listen port on each switch), except of course enabling VPN on the router.

Using RV08 router and 3 - SF300-24 switches, there must be a way to remotely access switches behind router.  Remote access of router is easy so don't see why VPN to router makes any difference.  Security isn't my issue.  What config changes are needed in switches and router to achieve this?  I know how to it if there was a way to change switch's management port from 80 to 8001, but don't see where GUI permits switch's port change?

The VPN is not only for security, it puts your remote computer in your LAN, that makes it the easiest option to reach your objective: access your switches the same way you do when you are in site.

The VPN takes care of all the configuration needed automatically.

Hi,

You can use the same internal port 80 for all of your internal managed switches.

On your RV series router, navigate to Seti[ and then UPnP.  Create new Services via Service Management.  Use a unique external port (say 8001 for example) to port 80 internally to the IP address of switch A.  Additionall use another port (say port 8002) to port 80 internallys and then to the address of switch B.

So the rule will look similar to this:

Port 8001 External - Port 80 internal - protocol TCP - IP address of switch -  Enable

Then save settings.

So what you are doing is changing the source port you are coming in on.  This allows multiple forwards to port 80 since the source port is different.

Hope that helps.

Dave

David,

Believe we're really close to solution but can only access RV082 and not SF300-24 switch. I must be missing something.   UPnP function is YES, service added is SWTCH[TCP/8001>80]>10.0.0.2  where LAN port of router is 10.0.0.1:80 and switch is 10.0.0.2.  Switch is configured with a static IP.  Connection to router is downlink, unprotected port G1, copper. DHCP in router is range 10.0.0.100 to 249, all 24 protected.  Everything else is default.  ISP provides a static IP so no DNS issue.

Would identifying switch's static IP and MAC in router help?

Hi,

Out of curiousity, is the Switch still set to Management VLAN 1?

Are you using multiple Subnets on the router?

Setting a static MAC sticky in the router will not help.  It should be able to forward to any IP address in the default subnet.

Thanks!

Dave

Dave, assuming management VLAN1 is default, then it's unchanged.  Is this potential problem, if yes, what is change and location of change?

No, only one subnet.  Configuration is most basic using all defaults, except remote management is enabled and passwords changed for security.  24 switch ports are "protected," but downlink port G1 is unprotected. What should I try next?

Problem solved !  In SF300-24 switch, static IP was configured but forgot to set gateway which is router's address.  Internet worked fine w/o gateway probably because DHCP handled everything.  But remote management of switch behind router needs gateway.  Shame on me as I should know gateway is important.