NCC: Isolate a Hyper-V VM in a separate VLAN but allow access by RDP
Is something like this possible with NCC (e. g. with USG Lite 60AX + XMG1915)?
I created an interface for VLAN 3 = own IP subnet.
I have a VM running on a PC (Hyper-V-Host) connected to switch port 3.
I configured in the Hyper-V network configuration on this PC for this VM to use VLAN 3. So, this VM gets an IP in the new interface, has internet access and does not see the other intranet devices on the default interface "LAN". This is what I expected and desired.
My question now: can I access this VM from another physical PC (connected to firewall or switch) using remote desktop? I. e. I would like incoming access on the VM and outgoing from my main PC. Allowed VLANs on my main PC are "All" but for sure the PC will not tag with VLAN 2. I hoped the switch could possibly route and add the VLAN 2 tag as I allowed all VLANs on my main PCs swith port (= default).
Kind regards
Oliver
All Replies
-
Hi @Lohkamp ,
To help us better assist you, please provide the following information:
1. Your detailed network topology:- Device connections and port mappings
- VLAN configurations on ports/ PC…
- Location of your main PC
2. Current system behavior/results: Please list specific issues or behaviors
3. Your desired outcome or requirements: Please list specific goals or needs
0 - Device connections and port mappings
-
Hi Judy,
thank you for your answer. We can close this ticket or I can append the solution for support request ticket #479578. I could replay the scenario also with a Hyper-V VM: IP routing between VLANs is working as expected, DNS is not. Test setup, all via DHCP from USG LITE 60AX:
VLAN 1, 192.168.66.118 @Port 3 of XMG1915-10EP = office PC "R9",
VLAN 1, 196.168.66.2 @LAN of USG LITE 60AX = "Hyper-V-Server"
VLAN 3, 192.168.68.35 @Port6 = Raspberry Pi 4B
VLAN 3, 192.168.68.36 = Hyper-V-VM "Win10Test" on "Hyper-V-Server", property of Hyper-V-VM's network adapter (sharing LAN card of Hyper-V-Host) set to use VLAN-ID 3nslookup is working on all clients for all client names.
VLAN 3 devices can only ping VLAN 3 devices and "see" VLAN 3 devices in the network neighborhood. I can also RDP or SSH into VLAN 3 devices from VLAN 1.What is NOT working is if I us the DNS names for the RDP or SSH connections to VLAN 3. I must use the IPv4 addresses of the Raspberry Pi 4B or Win10Test to be able to connect to them from my office PC "R9".
Kind regards
Oliver0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 152 Nebula Ideas
- 100 Nebula Status and Incidents
- 5.8K Security
- 287 USG FLEX H Series
- 278 Security Ideas
- 1.5K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.5K Consumer Product
- 251 Service & License
- 396 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 86 About Community
- 75 Security Highlight