Remote-access Guide

allow remote access on specific vlan

by Lenora Kulas III Published 3 years ago Updated 2 years ago
image

When you use a VLAN for remote access, you must open the inbound firewall rules to permit remote access clients to communicate. You have to do the same thing for remote access clients on the primary untagged LAN, but I already had that rule in place. # 1

Full Answer

Can I access the switches remotely from VLAN 99?

I can access the switches remotely from hosts connected to VLAN 99, but not from the other VLANs. However I can SOMETIMES ping between the VLANs (set up static IP on the computers with a default gateway to the subinterfaces IP they are connected to on the router).

How do I enable remote access to my computer?

Click Show settings to enable. As needed, add users who can connect remotely by clicking Select users that can remotely access this PC . Members of the Administrators group automatically have access. Make note of the name of this PC under How to connect to this PC. You'll need this to configure the clients.

Which VLAN for remote MGMT?

If you watch the topology that I posted an image of in my first post, you can see which VLAN is intented for remote mgmt etc (see the devices connected to SW1). I used the default gateway of VLAN 1 (192.168.1.1) on the switch, but remote management is in VLAN 99 (192.168.99.3 is the IP of VLAN 99 on one of the switches).

How to restrict user from vlan20 to SSH?

If you would like to simply restrict user from VLAN20 to sSH to your device. VTY ACL can do that: access-list standard 10 remark allow VLAN20 traffic permit 20.20.20.0 0.0.0.255 line vty 0 15 access-class 10 in 10-24-2020 06:00 AM Deploy control plane policy to restrict the control plane traffic designed to the device itself.

image

How to allow remote access to PC?

The simplest way to allow access to your PC from a remote device is using the Remote Desktop options under Settings. Since this functionality was added in the Windows 10 Fall Creators update (1709), a separate downloadable app is also available that provides similar functionality for earlier versions of Windows. You can also use the legacy way of enabling Remote Desktop, however this method provides less functionality and validation.

How to connect to a remote computer?

To connect to a remote PC, that computer must be turned on, it must have a network connection, Remote Desktop must be enabled, you must have network access to the remote computer (this could be through the Internet), and you must have permission to connect. For permission to connect, you must be on the list of users. Before you start a connection, it's a good idea to look up the name of the computer you're connecting to and to make sure Remote Desktop connections are allowed through its firewall.

How to remotely connect to Windows 10?

Windows 10 Fall Creator Update (1709) or later 1 On the device you want to connect to, select Start and then click the Settings icon on the left. 2 Select the System group followed by the Remote Desktop item. 3 Use the slider to enable Remote Desktop. 4 It is also recommended to keep the PC awake and discoverable to facilitate connections. Click Show settings to enable. 5 As needed, add users who can connect remotely by clicking Select users that can remotely access this PC .#N#Members of the Administrators group automatically have access. 6 Make note of the name of this PC under How to connect to this PC. You'll need this to configure the clients.

Should I enable Remote Desktop?

If you only want to access your PC when you are physically using it, you don't need to enable Remote Desktop. Enabling Remote Desktop opens a port on your PC that is visible to your local network. You should only enable Remote Desktop in trusted networks, such as your home. You also don't want to enable Remote Desktop on any PC where access is tightly controlled.

What port to allow TCP connection?

Best practice is to apply the access list as close as possible to the source, so in this case IN on the computers side. So the rule would be: Allow tcp connections from computer-ip port random to connect to webserver port 80. So, if we would want to allow the computer network to allow to access a webpage, we could make this access list on a cisco router:

Should LAN users have access to all servers in the LAN?

LAN users should have access to all servers in the LAN.

image
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 1 2 3 4 5 6 7 8 9