cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1740
Views
0
Helpful
8
Replies

NATed VLAN on RV180

leok12345
Level 1
Level 1

I have RV180 configured with two VLANs. First VLAN is untagged and second VLAN is tagged. The purpose is two have two subnets, with the second subnet used for guest access. Both VLANs have DHCP server enabled. First VLAN is 192.168.1.0/24 and the second VLAN is 192.168.2.0/24

When I connect a computer with untagged Ethernet interface, it gets an IP address from DHCP server on the first subnet i.e. 192.168.1.100 and it can successfully access Internet.

When I connect a computer with tagged Ethernet interface (I am using VLAN ID 10), it gets an IP address from DHCP server on the second VLAN i.e. 192.168.2.100. So far so good. I can successfully ping hosts on the Internet i.e. ping www.google.com. But I cannot access Internet from the web browser. I captured Wireshark trace and here is what I see...

1. TCP SYN. Source IP 192.168.2.100, destination IP A.B.C.D. Ethernet frame has VLAN tag (VLAN ID 10)

2. TCP SYN ACK. Source IP A.B.C.D, destination IP 192.168.2.100. Ethernet frame has VLAN tag (VLAN ID 10)

3. TCP ACK. Source IP 192.168.2.100, destination IP A.B.C.D. Ethernet frame has VLAN tag (VLAN ID 10)

4. TCP Data. Source IP 192.168.2.100, destination IP A.B.C.D. Ethernet frame has VLAN tag (VLAN ID 10)

5. TCP Data. Source IP A.B.C.D, destination IP 192.168.2.100. Frame is untagged

The problem is at #5. Packet came back from the Web Server. RV180 properly NATed it to the local IP address. But it did not add VLAN tag.

Anyone seen a similar issue?

8 Replies 8

leok12345
Level 1
Level 1

anyone?

Hi,

Can you please give some more info on this.

Which firmware version are you using on RV180.

What is the model of the network card on the PC.

Where do you make the wireshark capture - on the PC or from the web interface of RV180.

What is the size of packet 5?

Is there other packets after this one or this is the last one.

It would be more clear if you can share some capture.

Regards,

Kremena

Kremena,

1. FW version I am using is 1.0.2.6

2. Network adapter in the PC is Intel PRO/1000

3. I am doing capture on the second PC. I have an Ethernet hub connected between the router and the PC with Intel PRO adapter. Connected to the same hub is second PC with Intel PRO adapter. This way I can 'sniff' all traffic between the router and the first PC with VLAN enabled.

4. I do have the capture file I can share with you. But I don't see a way to add attachment here. Can I e-mail it to you?

Thanks,

Leo

Any updates on this issue? I think I am seeing the same problem. RV180, SG300 Switches, and WAP321s with two SSIDs and VLANs. Everything works fine on VLAN 1, but on the Guest VLAN I cannot access the internet. VLAN tagging and DHCP are all correct.

Did you try pinging hosts on the WAN from the guest subnet? If you can ping, but cannot browse, then yew, you are seeing same issue. What version of the SW is on yours RV-180?

I cannot ping anything from the guest subnet. The weird thing is that it appears I can do DNS NS lookups, but can't ping or browse. I can't even ping the guest gateway interface on the RV180, is that pingable for you? DHCP is working and is on the correct guest subnet, so it would appear that my VLANs and tagging are all correct.

      

EDIT: I'm on the current 1.0.2.6 firmware, and just downgraded and tried 1.0.1.9 with the same result..

Update, my issue appears to be a bit different. Everything works fine when on an untagged port on the switch in the guest VLAN, i am only having problems while connected to the guest SSID on a WAP321. It would appear that I have more of an access point problem than a router/switch problem.

Thanks for this information. I will keep playing with my configuration to see why it is not working for me.

Here is the funny thing. The whole reason I am trying to get this to work is exactly the same as yours. One subnet bridged to primary SSID and the second tagged subnet is bridged to the guest SSID.

I could not access Internet from the guest SSID and this is why I started tinkering with PCs. One with untagged interface and second with tagged interface. This is where I found that TCP packet coming back from WAN is properly NATed but not tagged.

I exchanged emails with Kremena and she correctly pointed out that VLAN support in Windows is really bad. Next, I will use Linux laptop to re-run my experiments.