cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1010
Views
0
Helpful
4
Replies

Deny access to SG300 from outside

Thomas_Madsen
Level 1
Level 1

I've configured a range SG300 to be used in a building for users to get internet access via theire own FW.

It's using QoS and some traffic shaping.

Every now and then i need to change some settings on it, and it's kinda stupid if i have to get out to the location every time i need to change something. To solve that i configured the Managment Access bit where only my office subnet has access to it. Ofcourse that solves some of my concernes aobut access from rest of the world, but i would very much like to have access to it from the location also, and from my homeoffice.

How can i solve this ??  not sure how i would configure ace/acl to solve it without fu..g up access completly.

Thnsk for any help

Thomas                  

4 Replies 4

mpyhala
Level 7
Level 7

Thomas,

Does the firewall support VPN access? That would be the most secure way to manage the switch remotely.

- Marty

there is no firewall in front

Thats why i would like to restrict access to SG300, they are used to connect 21 firewalls to the internet on a /26 net. they are used as a building net where internet comes as fiber, hooked up to a SG300-10SFP where net goes out to SG300-20 using fiber and from the SG300-20 to each enduser that uses theire own firewall's :-)

thansk for reply, but if you did read my first post.

I'm using access profiles, but you can only add 1 subnet in it, i would like to be able to access it from different locations.

Like from "onsite" where vlan1 has 1 subnet, and from work where i have another subnet, and from homeoffice where i have another subnet.

This cant be done using access profiles.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Switch products supported in this community
Cisco Business Product Family
  • CBS110
  • CBS220
  • CBS250
  • CBS350
Cisco Switching Product Family
  • 110
  • 200
  • 220
  • 250
  • 300
  • 350
  • 350X
  • 550X