GS1900-24HPv2 interface not responding to pings

Killianti · March 19, 2026, 7:32pm

I’m a networking novice and very new to OpenWrt. I have a GS1900-24HPv2 managed switch that’s currently not connected to anything but my laptop via one of the switch’s RJ45 ports. Eventually, this will be my main router for my home network, but I need to solve some fundamental problems and learn a few fundamental concepts. My laptop is configured with a static IP address of 192.168.1.8 and a netmask of 255.255.255.0.

If I connect the laptop to port 4 (configured for vlan 1, a.k.a. “lan”), I can ping the static IP (192.168.1.1) for the switch’s interface that’s connected to that port. I can also connect port 23 (configured for vlan 2, a.k.a. “wan”) to an internet connection (my home router, subnet 10.0.0.0/24 if that matters); and the DHCP client for the interface that’s connected to that port will get the correct IP address, net mask, default gateway, and DNS server for that network; and the switch can ping Internet addresses.

However, if I connect my laptop to port 24 (configured for vlan 3, a.k.a. “management”), I cannot ping the static IP (192.168.1.3) for the switch’s interface that’s connected to that port. I also cannot connect to the switch via ssh or LuCI.

ubus call system board:

{
        "kernel": "6.6.119",
        "hostname": "OpenWrt",
        "system": "RTL8382",
        "model": "Zyxel GS1900-24HP v2 Switch",
        "board_name": "zyxel,gs1900-24hp-v2",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "24.10.5",
                "revision": "r29087-d9c5716d1d",
                "target": "realtek/rtl838x",
                "description": "OpenWrt 24.10.5 r29087-d9c5716d1d",
                "builddate": "1766005702"
        }
}

cat network:

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd50:bf2a:4a0c::/48'
        option packet_steering '1'

config device 'switch'
        option name 'switch'
        option type 'bridge'
        option macaddr '70:49:a2:2f:c3:a5'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'
        list ports 'lan5'
        list ports 'lan6'
        list ports 'lan7'
        list ports 'lan8'
        list ports 'lan9'
        list ports 'lan10'
        list ports 'lan11'
        list ports 'lan12'
        list ports 'lan13'
        list ports 'lan14'
        list ports 'lan15'
        list ports 'lan16'
        list ports 'lan17'
        list ports 'lan18'
        list ports 'lan19'
        list ports 'lan20'
        list ports 'lan21'
        list ports 'lan22'
        list ports 'lan23'
        list ports 'lan24'
        list ports 'lan25'
        list ports 'lan26'

config bridge-vlan 'lan_vlan'
        option device 'switch'
        option vlan '1'
        option ports 'lan1 lan2 lan3 lan4 lan5 lan6 lan7 lan8 lan9 lan10 lan11 lan12 lan13 lan14 lan15 lan16 lan17 la               n18 lan19 lan20 lan21 lan22 lan25 lan26'

config device
        option name 'switch.1'
        option macaddr '70:49:a2:2f:c3:a5'

config interface 'lan'
        option device 'switch.1'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ip6ifaceid 'eui64'

config bridge-vlan 'management_vlan'
        option device 'switch'
        option vlan '3'
        list ports 'lan24'

config device
        option name 'switch.3'
        option macaddr '70:49:a2:2f:c3:a5'

config interface 'management'
        option device 'switch.3'
        option proto 'static'
        option ipaddr '192.168.1.3'
        option netmask '255.255.255.0'
        list ip6addr 'fd00::'

config bridge-vlan 'wan_vlan'
        option device 'switch'
        option vlan '2'
        option ports 'lan23'

config device
        option name 'switch.2'
        option macaddr '70:49:a2:2f:c3:a5'

config interface 'wan'
        option proto 'dhcp'
        option device 'switch.2'

config interface 'wan6'
        option proto 'dhcpv6'
        option device 'switch.2'
        option reqaddress 'try'
        option reqprefix '64'
        option extendprefix '1'
        option norelease '1'

cat firewall:

config defaults
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'wan'
        list network 'wan'
        list network 'wan6'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config zone
        option name 'management'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'management'

I want to be able to connect to the switch via ssh and via LuCI over switch port 24 (in addition to connecting from vlan 1), but I’ve clearly made some sort of mistake, and I don’t even know if I’m on the right track or way off base.

Does anyone know what I’m doing wrong?

frollic · March 19, 2026, 7:41pm

Switches are shitty routers, hope 30mbit is enough for you.

bmork · March 19, 2026, 7:44pm

That's the same IP prefix.

Killianti · March 19, 2026, 7:44pm

Good to know. I’ll reevaluate. All the same, I’d like to know what I’m doing wrong.

Killianti · March 19, 2026, 8:05pm

bmork:

That's the same IP prefix.

Okay, I see that changing the prefix to 192.168.2 allows me to reach that management interface, but can you explain why?

I assumed that, since the two interfaces were on different vlans that can't reach each other that it wouldn't matter if they had the same prefix. Clearly that's not the case.

I'm planning to have a few vlans with various cross traffic firewall rules, so I think I need to really understand this.

bmork · March 20, 2026, 7:09am

No, you can do that. Using the same IP prefix on both VLANs is fine as long as no host on VLAN 1 need to talk to a host on VLAN 3.

The problem is that you create an IP interface in both VLANs on the switch. This doesn't work because there is no well defined answer to the question "on which network do I find a host with address 192.168.1.x?". So when you try to contact the switch on 192.168.1.3 on VLAN 3 from, say, 192.168.1.42, then the switch replies on VLAN 1.Which doesn't work.

If you want the switch to have an IP interface in both VLANs, then you need to use different prefixes. But you could also have solved the problem by deleting the VLAN 1 IP interface from the switch.

system · March 30, 2026, 7:10am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.