Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
832
Views
0
Helpful
4
Replies

Inter VLAN Routing not working from one VLAN. Maybe Firewall Access Rule problem.

gspillane1
Level 1
Level 1

‎12-15-2015 04:32 AM

My Client has a Cisco RV320. Four VLANs are defined. One VLAN connects to a "Captive Portal" (Basically a mini PC running MikroTik software) to provide a managed HotSpot for a caravan park. Apparently the modem took a dive recently and they called in someone who didn't know what they were doing. They fiddled with the router settings a little. I was later called to assist. My expertise is in programming, software, operating systems, and general computer tech, but not networks of any significance. Fortunately the RV320 is very user friendly and I have a reasonable handle on what is trying to be achieved. The problem is that since the other guy's changes they cannot access the Captive Portal's Hotspot management system from the office PC's. It was via a simple browser access with http://172.16.1.45/userman. I can access it from VLAN's 1003 and 1004 but not from the office VLAN 1001. The Captive Portal is on VLAN1002. Inter VLAN Routing is enabled for all 4 VLANs so I'm expecting that the Firewall Access Rules have been altered but I don't know enough about them to make an informed correction and at this point I don't really want to guess. I have attached graphics of the key pages and ask for some advice as to what might need to be changed or added.

Best Regards,

Geoff

Labels:
Preview file
23 KB
Preview file
30 KB
Preview file
225 KB
0 Helpful
4 Replies 4

Richard Bradfield
Level 6
Level 6

‎12-17-2015 10:48 PM

Hi to start with I  would disable all access-list entries, check if you have connectivity

is the IP address 172.16.1.45 or .46?

regards

Richard.

0 Helpful

gspillane1
Level 1
Level 1
In response to Richard Bradfield

‎12-17-2015 11:55 PM

Hi Richard, Thanks for taking the time to answer. Just to update you. Today I did disable the access-list entries without any success. I too noted that they had the ip address of the VLAN set to 172.16.1.46 but yes the browser setting was to 45. As mentioned before I have come into this way after the initial setup and subsequent playing so what was originally correct I have no idea. I do have documentation referring to the VLAN ip being 46 and the browser setting to 45 so I suspect they are actually correct, but after my observation of this today, together with the fact that the Office VLAN issues IPs via DHCP in the range of 10.0.29.1 to 255 I added a new rule (Priority 1). Please see attached. This worked perfectly. Could you please offer an opinion as to whether I may have made the system more vulnerable? It seems logically ok to me but I have little experience in this area.

Best Regards,

Geoff

Preview file
218 KB
0 Helpful

Richard Bradfield
Level 6
Level 6
In response to gspillane1

‎12-18-2015 01:36 AM

I suppose if the only access is  http://172.16.1.45/userman the you could make the priority 1 rule  allowing HTTP traffic instead of all

regards

Richard.

0 Helpful

gspillane1
Level 1
Level 1
In response to Richard Bradfield

‎12-18-2015 02:05 AM

Thanks very much Richard. I'll try that next week.

Have a great weekend.

Best Regards,

Geoff

0 Helpful
Customers Also Viewed These Support Documents