Solved: Disable inter-VLAN routing

r.castillo005 · ‎05-23-2019

I have an RV340 router and I've added 2 VLAN, so the VLAN list shows:

VLAN 1: Inter VLAN Disabled 192.168.1.1/24 (DHCP)

VLAN 2: Inter VLAN Disabled 193.168.1.1/24 (DHCP)

VLAN 10: Inter VLAN Disabled 194.168.1.1/24 (DHCP)

VLAN 1 is untagged on port 1 and 4

VLAN 2 is untagged on port 2 and tagged on port 4

VLAN 10 is untagged on port 3

I use VLAN 10 to downstream to a PVLAN 10Pp promiscuous port on an SG300 switch.

PVLAN on switch is working well except for the following:

All PCs on any port (trunk, promiscuous, community and isolated) from switch and router are able to communicate with the gateway of the other VLANs I've setup in the router even when I disabled Inter VLAN routing. The worst thing is that the router and switch can be managed by any VLAN just typing their IP address in any browser. PCs within any VLAN cannot be reached, just the gateway.

Is there a way to troubleshoot this behavior? Any help would be appreciated.

Regards.

Jo Kern · ‎05-27-2019

Hi, I think this is normal behavior for the RV340. The gateway address is pingable from the other VLAN.

View solution in original post

leecoxhouse1 · ‎05-24-2019

The best way to control access on VLANs is to use ACLs.

r.castillo005 · ‎05-24-2019

Right now I'm setting up ACL to deny traffic from VLAN 1 to VLAN 10 and viceversa. Gateways keep answering ping request.

balaji.bandi · ‎05-24-2019

Can you post the ACL config to look and verify.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

r.castillo005 · ‎05-24-2019

See image:

Jo Kern · ‎05-24-2019

Hi,

"..The worst thing is that the router and switch can be managed by any VLAN just typing their IP address in any browser.."

with "device management" = "off" in the VLAN settings, you control this behavior.

Best
Jo

r.castillo005 · ‎05-24-2019

Your screenshot looks a bit different because I don’t have Device Management option on my configuration page. I’m using Safari as browser.

r.castillo005 · ‎05-24-2019

Please look at the screenshot of my config page:

r.castillo005 · ‎05-24-2019

Now I've upgraded RV340 firmware and got the new interface, VLAN table shows as following screenshot:

After upgrade, VLANs can ping other VLAN gateway but now they can't access to manage the router.

I'll reset factory defaults on both devices and reconfigure.

r.castillo005 · ‎05-24-2019

Same behavior, VLAN PCs can ping other VLAN gateway but no access to management nor devices connected to the other VLANs.

Is this the normal behavior for RV340? I worked with RV320 and VLANs are fully isolated from the others including gateways.

No luck with ACLs.

leecoxhouse1 · ‎05-25-2019

When you setup ACLs use IP addresses and networks. It works for me but I am using a layer 3 switch.

Jo Kern · ‎05-27-2019

Hi, I think this is normal behavior for the RV340. The gateway address is pingable from the other VLAN.