Remotely managing switch rack at home from anywhere for convenience of doing my labs

OfWolfAndManOfWolfAndMan Member Posts: 923 ■■■■□□□□□□
So, I currently have a R6200 Netgear router (Which unfortunately does not support 802.1q trunking). Luckily because the top of my stack is a L3 switch, I was able to configure the interface connecting to my router as a pure L3 port. Configured SSH, vty line with local login, etc. On the netgear side, I have a DNS name for my router in case the ISP decides to change my IP. I configured port forwarding for 22, and have a separate port for remotely accessing my home router. I enabled remote management from ANYWHERE for this router, and after some tinkering, I can get into the router remotely (used an SSL clientless VPN to try it out myself). Unfortunately, I can't seem to SSH into the switch on SecureCRT. I can remotely login from my LAN, but just not over the local internet. Maybe there's some small config I'm missing? Or maybe this particular router just doesn't like my switch (It's a 3750 24 PS. PoE support). Anyone tried doing this before? I'm really determined to do my SWITCH labbing anywhere I can (Assuming I have public internet access).

PS: I don't have the default login for my router :D
:study:Reading: Lab Books, Ansible Documentation, Python Cookbook 2018 Goals: More Ansible/Python work for Automation, IPSpace Automation Course [X], Build Jenkins Framework for Network Automation []

Comments

  • OfWolfAndManOfWolfAndMan Member Posts: 923 ■■■■□□□□□□
    OK so another thought: What if I decided to get a router that supported configuring an IPsec tunnel. How would I terminate the tunnel on the remote side where my computer would have remote access?

    Is there a good router anyone would recommend that play well with remoting into the switches hanging off of my setup? This means something within a realistic budget of $200 of course :D
    :study:Reading: Lab Books, Ansible Documentation, Python Cookbook 2018 Goals: More Ansible/Python work for Automation, IPSpace Automation Course [X], Build Jenkins Framework for Network Automation []
  • iBrokeITiBrokeIT Member Posts: 1,318 ■■■■■■■■■□
    Flash it with DD-WRT and use OpenVPN, it's more secure than opening up those ports on your router. Thats what I did with my Netgear R7000
    2019: GPEN | GCFE | GXPN | GICSP | CySA+ 
    2020: GCIP | GCIA 
    2021: GRID | GDSA | Pentest+ 
    2022: GMON | GDAT
    2023: GREM  | GSE | GCFA

    WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops SANS Grad Cert: Incident Response
  • iBrokeITiBrokeIT Member Posts: 1,318 ■■■■■■■■■□
    Here the link for your R6200 Downloads: MyOpenRouter
    2019: GPEN | GCFE | GXPN | GICSP | CySA+ 
    2020: GCIP | GCIA 
    2021: GRID | GDSA | Pentest+ 
    2022: GMON | GDAT
    2023: GREM  | GSE | GCFA

    WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops SANS Grad Cert: Incident Response
  • theodoxatheodoxa Member Posts: 1,340 ■■■■□□□□□□
    Probably too expensive (I paid $330 with SmartNet, though the price seems to have gone up to $410), but I use an ASA 5505 for remote access (SSL VPN using AnyConnect).
    R&S: CCENT CCNA CCNP CCIE [ ]
    Security: CCNA [ ]
    Virtualization: VCA-DCV [ ]
  • HeeroHeero Member Posts: 486
    If you you can get to port 22 on the switch when you are on the local network, but not over the Internet then it is being dropped somewhere. Try a TcpTraceroute to see how far port 22 traffic makes it. There is always a small chance that your ISP is blocking it. If it gets to your router, check the port forwarding/firewall. Also check the switch to make sure you don't have an access-list applied to the vty ports.
  • OfWolfAndManOfWolfAndMan Member Posts: 923 ■■■■□□□□□□
    Thank you for the recommendations everyone! Because I don't have money for an ASA at the moment, and because I really didn't want to exploit myself with port forwarding (Heero, I think it's a firewall thing. After enabling ping to the router, it did just fine pinging it outside the LAN), so I'm going with the firmware iBrokeIT recommended! It has a vast amount of features on it including RADIUS authentication, advanced QoS services, VPN, VLAN features, and a LOT of customization, along with plenty of logging options. You rock, man!
    :study:Reading: Lab Books, Ansible Documentation, Python Cookbook 2018 Goals: More Ansible/Python work for Automation, IPSpace Automation Course [X], Build Jenkins Framework for Network Automation []
Sign In or Register to comment.