Port Management -> Port Setup ... VLAN?

Kurt Schumacher · ‎08-06-2010

DUT: RV016 V03 v1.0.0.21-tm

VLAN ? This does not look like real VLAN - this is more a switch based port configuration to a dedicated port isolation to create individual broadcasting zones. Static VLAN Groups 1..n at most

-> Unclear: Can we set all say to VLAN10 - and still find all ports in the LAN? Looks like all VLANn are tied to the LAN zone. When I set Port 8 to VLAN 8 it still says LAN there. Or not? This port configurations might be useful to have multiple LAN, or at least bind the additional TCP/IP subnets to such a VLAN. Or configure more VLAN ports to the DMZ (actually limited to just one port - this is where the system expects the DMZ host (which is again in the same TCP/IP subnet like the LAN - intentional?

-> Idea: The router seems to support up to eight zones. In the actual incarnation, LAN and WAN1..WAN7.plus an obscure DMZ port (which is not a zone, just a port with a switched /32 subnet for a single host only). Why isn't it possible to configure also multiple LAN zones? With the help of the managed Switch, each of these Zones including DMZ can have one or multiple Ethernet ports.

-> Completely absent is the ability to trunk LAN and DMZ into a single VLAN trunk, and feed into a managed switch. Due to the silly design - only one physical MAC address (?) - it's not possible to connect say one DMZ and a LAN port (and why not WANx port(s)) into trunk(s), hady limiting the usability of these VLAN.

-> VLAN support looks like "we have it, but we have no idea, what VLAN are good for..." (sorry...the guest isolation idea is odd...we want them to make use of the security infrastructure like Proxies, inline AV, IDP, ... and not bypass everyting)

-> 20 years in IT and TCP/IP - I have NO CLUE what scenario the designers had in mind here! I'll place a USB stick with the (Linksys) RV012 User guide under my cushion for this night. Let's see, if this will help.

NOTE: Discovereed the Guest Network Isolation idea only. Very limited when facing the possibilities of the RV012 hardware with at least nine logical ports......

osaleem · ‎08-13-2010

Hi Kurt,

The VLAN functions only enough to keep all the networks segmented. It will not let vlans talk to each other. Here is a link providing the information.

http://www.smallnetbuilder.com/lanwan/lanwan-reviews/30186-linksys-rv042-review-solid-dual-wan-vpn-performer?start=1

Thank You,

Azhi

Kurt Schumacher · ‎08-13-2010

I understand the background, but this is a compareable poor usage for a managed switch silicon in the RV0xx.The sense of having isolated networks would be having _different_ security zones. Especially the RV016 has enough logical or physical ports available.

What I'm complaining about is the fact all these "VLAN" are associated with the LAN zone (eth0), and all are in the same TCP/IP subnetwork. This prohibits most useful usage of the (many) ports available, i.e. to connect two or three hosts into the DMZ for example. It's very narrow-minded to assume the many LAN ports (in the same or in a different broadcast domain) are used to connect LAN systems - especially in the times of GbE beeing the de-facto standard to get reasonable performance to lcal servers.

With the help of the switch silicon, it is silly simple to make something very smart and flexible.Always under the assumption the RV0xx-V3 series is using internallly dedicated switch ports to the CPU (MII) ports eth0...eth8.

-Kurt.