Remotely managing switch rack at home from anywhere for convenience of doing my labs
OfWolfAndMan
Member Posts: 923 ■■■■□□□□□□
in CCNP
So, I currently have a R6200 Netgear router (Which unfortunately does not support 802.1q trunking). Luckily because the top of my stack is a L3 switch, I was able to configure the interface connecting to my router as a pure L3 port. Configured SSH, vty line with local login, etc. On the netgear side, I have a DNS name for my router in case the ISP decides to change my IP. I configured port forwarding for 22, and have a separate port for remotely accessing my home router. I enabled remote management from ANYWHERE for this router, and after some tinkering, I can get into the router remotely (used an SSL clientless VPN to try it out myself). Unfortunately, I can't seem to SSH into the switch on SecureCRT. I can remotely login from my LAN, but just not over the local internet. Maybe there's some small config I'm missing? Or maybe this particular router just doesn't like my switch (It's a 3750 24 PS. PoE support). Anyone tried doing this before? I'm really determined to do my SWITCH labbing anywhere I can (Assuming I have public internet access).
PS: I don't have the default login for my router
PS: I don't have the default login for my router
:study:Reading: Lab Books, Ansible Documentation, Python Cookbook 2018 Goals: More Ansible/Python work for Automation, IPSpace Automation Course [X], Build Jenkins Framework for Network Automation []
Comments
-
OfWolfAndMan Member Posts: 923 ■■■■□□□□□□OK so another thought: What if I decided to get a router that supported configuring an IPsec tunnel. How would I terminate the tunnel on the remote side where my computer would have remote access?
Is there a good router anyone would recommend that play well with remoting into the switches hanging off of my setup? This means something within a realistic budget of $200 of course:study:Reading: Lab Books, Ansible Documentation, Python Cookbook 2018 Goals: More Ansible/Python work for Automation, IPSpace Automation Course [X], Build Jenkins Framework for Network Automation [] -
iBrokeIT Member Posts: 1,318 ■■■■■■■■■□Flash it with DD-WRT and use OpenVPN, it's more secure than opening up those ports on your router. Thats what I did with my Netgear R70002019: GPEN | GCFE | GXPN | GICSP | CySA+
2020: GCIP | GCIA
2021: GRID | GDSA | Pentest+
2022: GMON | GDAT
2023: GREM | GSE | GCFA
WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops | SANS Grad Cert: Incident Response -
iBrokeIT Member Posts: 1,318 ■■■■■■■■■□Here the link for your R6200 Downloads: MyOpenRouter2019: GPEN | GCFE | GXPN | GICSP | CySA+
2020: GCIP | GCIA
2021: GRID | GDSA | Pentest+
2022: GMON | GDAT
2023: GREM | GSE | GCFA
WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops | SANS Grad Cert: Incident Response -
theodoxa Member Posts: 1,340 ■■■■□□□□□□Probably too expensive (I paid $330 with SmartNet, though the price seems to have gone up to $410), but I use an ASA 5505 for remote access (SSL VPN using AnyConnect).R&S: CCENT → CCNA → CCNP → CCIE [ ]
Security: CCNA [ ]
Virtualization: VCA-DCV [ ] -
Heero Member Posts: 486If you you can get to port 22 on the switch when you are on the local network, but not over the Internet then it is being dropped somewhere. Try a TcpTraceroute to see how far port 22 traffic makes it. There is always a small chance that your ISP is blocking it. If it gets to your router, check the port forwarding/firewall. Also check the switch to make sure you don't have an access-list applied to the vty ports.
-
OfWolfAndMan Member Posts: 923 ■■■■□□□□□□Thank you for the recommendations everyone! Because I don't have money for an ASA at the moment, and because I really didn't want to exploit myself with port forwarding (Heero, I think it's a firewall thing. After enabling ping to the router, it did just fine pinging it outside the LAN), so I'm going with the firmware iBrokeIT recommended! It has a vast amount of features on it including RADIUS authentication, advanced QoS services, VPN, VLAN features, and a LOT of customization, along with plenty of logging options. You rock, man!:study:Reading: Lab Books, Ansible Documentation, Python Cookbook 2018 Goals: More Ansible/Python work for Automation, IPSpace Automation Course [X], Build Jenkins Framework for Network Automation []