Cisco Support Community
Community Member

Deny access to SG300 from outside

I've configured a range SG300 to be used in a building for users to get internet access via theire own FW.

It's using QoS and some traffic shaping.

Every now and then i need to change some settings on it, and it's kinda stupid if i have to get out to the location every time i need to change something. To solve that i configured the Managment Access bit where only my office subnet has access to it. Ofcourse that solves some of my concernes aobut access from rest of the world, but i would very much like to have access to it from the location also, and from my homeoffice.

How can i solve this ??  not sure how i would configure ace/acl to solve it without fu..g up access completly.

Thnsk for any help


Everyone's tags (4)

Deny access to SG300 from outside


Does the firewall support VPN access? That would be the most secure way to manage the switch remotely.

- Marty

Community Member

Deny access to SG300 from outside

there is no firewall in front

Thats why i would like to restrict access to SG300, they are used to connect 21 firewalls to the internet on a /26 net. they are used as a building net where internet comes as fiber, hooked up to a SG300-10SFP where net goes out to SG300-20 using fiber and from the SG300-20 to each enduser that uses theire own firewall's :-)

Cisco Employee

Deny access to SG300 from outside

Community Member

Deny access to SG300 from outside

thansk for reply, but if you did read my first post.

I'm using access profiles, but you can only add 1 subnet in it, i would like to be able to access it from different locations.

Like from "onsite" where vlan1 has 1 subnet, and from work where i have another subnet, and from homeoffice where i have another subnet.

This cant be done using access profiles.

CreatePlease to create content