Learn me some networking - Access switch over VPN

P

PointandClick

Limp Gawd
Joined
Dec 6, 2008
Messages
383
Alright, I have a basic understanding of networking, but I just picked up my first managed switch. A PowerConnect 5324, mostly for playing around and learning a bit. The other day at work I tried to access it (both ssh and web) over my IPsec connection and couldn't get through.

I have pfSense setup doing routing/VPN. Local network is 10.0.0.0/24, VPN network is 10.1.1.0/24. I have no problem getting ssh access to my server or Mac over VPN. I've only done basic setup on the switch, time server, IP, gateway, DNS server.

My initial thoughts were
1. That I need to setup VLAN's in pfSense for it to route my VPN traffic to the switch. or
2. That by default the switch only accepts connections from the network that it's on.

I'm sure it's probably something stupidly simple. Like I said, I'd like to learn more on the networking side. I have no need to go for any Cisco certs right now as far as job is concerned. Would studying towards something vendor neutral like Network+ (whether I take it right now or not) be a worthwhile start?
 
Did you set the next hop (gateway) on the switch? For managing switches remotely, I typically remote into a computer on the network and manage from there, specifically so I don't open the switch up.
I know the 5324 has some competent security settings, but most would be hard to implement on a smaller network.
If your management VLAN is separate from any internet facing VLANS, then yes, you would need to set up a route or rule to get that traffic to the switch.
You can specify which LAN and/or VLAN the management interface sits on. Only the console port is VLAN/LAN agnostic. You can also specify which port(s) can access the management interface.
If you aren't familiar with the switch, I would suggest resetting the switch to default. You'll need to connect to the console port to do so- you can't just hold down the 'reset' button (mainly because there isn't one) to clear the settings.
 
Ok, I must have not waited long enough after setting the gateway for the config to take effect or not saved it before trying to connect last night. Now I'm able to get to the web interface via vpn on my iPhone. Can't get in through ssh using ServerAuditor since it says no authentication methods supported, but that tells me it's at least reaching it.

I didn't think it was VLAN related since I only have the default "1".
I was going to do a reset before getting started, but it looked like somebody already had before sending it out. No web/ssh/telnet access and the configuration looks pretty "stock".

Oh, and since it sounds like you have some experience with the 5324, do you know of any way to monitor temperature? I have some replacement fans coming so I can stand to run the thing. They only push about 60% of the originals, which I think will be ok for a home environment, but it's always nice to have some numbers to compare
 
Last edited:
If you have it, in the WebGUI it would be System->General->Health. I don't specifically have a 5324, but I work with 5224, 3324, 34xx, 35xx, 54xx, 27xx...
 
I was afraid of that. Only thing that gives me is fan status. Do any of the models you work with give temperature readouts?
 
Yes- My 3548P does. I think only the PoE switches give temp readouts.
PC3548P-Temp.jpg


You can always try sticking an oven thermometer probe in one of the vents- be careful of spinny and sparking parts!
 
You must log in or register to reply here.
Back
Top