02-14-2014 12:54 AM
I've configured a range SG300 to be used in a building for users to get internet access via theire own FW.
It's using QoS and some traffic shaping.
Every now and then i need to change some settings on it, and it's kinda stupid if i have to get out to the location every time i need to change something. To solve that i configured the Managment Access bit where only my office subnet has access to it. Ofcourse that solves some of my concernes aobut access from rest of the world, but i would very much like to have access to it from the location also, and from my homeoffice.
How can i solve this ?? not sure how i would configure ace/acl to solve it without fu..g up access completly.
Thnsk for any help
Thomas
02-14-2014 09:06 AM
Thomas,
Does the firewall support VPN access? That would be the most secure way to manage the switch remotely.
- Marty
02-16-2014 12:56 PM
there is no firewall in front
Thats why i would like to restrict access to SG300, they are used to connect 21 firewalls to the internet on a /26 net. they are used as a building net where internet comes as fiber, hooked up to a SG300-10SFP where net goes out to SG300-20 using fiber and from the SG300-20 to each enduser that uses theire own firewall's :-)
02-16-2014 01:55 PM
Hello Thomas,
The configuration example in the following document may help:
Nagaraja
02-16-2014 02:52 PM
thansk for reply, but if you did read my first post.
I'm using access profiles, but you can only add 1 subnet in it, i would like to be able to access it from different locations.
Like from "onsite" where vlan1 has 1 subnet, and from work where i have another subnet, and from homeoffice where i have another subnet.
This cant be done using access profiles.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide