NCC: Isolate a Hyper-V VM in a separate VLAN but allow access by RDP

Lohkamp
Lohkamp Posts: 9  Freshman Member
First Comment
edited January 1 in Nebula

Is something like this possible with NCC (e. g. with USG Lite 60AX + XMG1915)?
I created an interface for VLAN 3 = own IP subnet.
I have a VM running on a PC (Hyper-V-Host) connected to switch port 3.
I configured in the Hyper-V network configuration on this PC for this VM to use VLAN 3. So, this VM gets an IP in the new interface, has internet access and does not see the other intranet devices on the default interface "LAN". This is what I expected and desired.

My question now: can I access this VM from another physical PC (connected to firewall or switch) using remote desktop? I. e. I would like incoming access on the VM and outgoing from my main PC. Allowed VLANs on my main PC are "All" but for sure the PC will not tag with VLAN 2. I hoped the switch could possibly route and add the VLAN 2 tag as I allowed all VLANs on my main PCs swith port (= default).

Kind regards
Oliver

All Replies

  • Zyxel_Judy
    Zyxel_Judy Posts: 1,731  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula

    Hi @Lohkamp ,

    To help us better assist you, please provide the following information:
    1. Your detailed network topology:

    • Device connections and port mappings
    • VLAN configurations on ports/ PC…
    • Location of your main PC

    2. Current system behavior/results: Please list specific issues or behaviors

    3. Your desired outcome or requirements: Please list specific goals or needs

  • Lohkamp
    Lohkamp Posts: 9  Freshman Member
    First Comment
    edited January 6

    Hi Judy,

    thank you for your answer. We can close this ticket or I can append the solution for support request ticket #479578. I could replay the scenario also with a Hyper-V VM: IP routing between VLANs is working as expected, DNS is not. Test setup, all via DHCP from USG LITE 60AX:

    VLAN 1, 192.168.66.118 @Port 3 of XMG1915-10EP = office PC "R9",
    VLAN 1, 196.168.66.2 @LAN of USG LITE 60AX = "Hyper-V-Server"
    VLAN 3, 192.168.68.35 @Port6 = Raspberry Pi 4B
    VLAN 3, 192.168.68.36 = Hyper-V-VM "Win10Test" on "Hyper-V-Server", property of Hyper-V-VM's network adapter (sharing LAN card of Hyper-V-Host) set to use VLAN-ID 3

    nslookup is working on all clients for all client names.
    VLAN 3 devices can only ping VLAN 3 devices and "see" VLAN 3 devices in the network neighborhood. I can also RDP or SSH into VLAN 3 devices from VLAN 1.

    What is NOT working is if I us the DNS names for the RDP or SSH connections to VLAN 3. I must use the IPv4 addresses of the Raspberry Pi 4B or Win10Test to be able to connect to them from my office PC "R9".

    Kind regards
    Oliver

Nebula Tips & Tricks