cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
498
Views
0
Helpful
2
Replies

Pings to Internet from other than VLAN1 are Intermittent (RV340)

normh
Level 1
Level 1

Yesterday, I added a second VLAN (2) to my RV340 to provide some IoT isolation.  Afterward, while testing VLAN2, I tried doing some pings from a host in that VLAN to hosts out on the Internet.  These pings mostly failed in timeouts with an occasional reply.  I tried manually adding a specific firewall rule allowing ANY traffic from VLAN2 to WAN1 but no difference.  Pings from VLAN1 are consistent and always get replies, so I know it's not the Internet connection.  So here is what I am wondering, could it be that this router is getting confused about where to forward the replies?  Since ICMP is stateless by its nature, is the problem being caused because this firewall is doing a poor job of tracking the state of ICMP packets?  If so, this is the only device I have ever seen that can't maintain accurate state information for pings sourced from multiple internal interfaces. 

After noticing this, I tested non-ICMP traffic through the VLAN2 interface, and everything else seems OK.  I did not extensively test UDP, which is also stateless, but I did not notice any problems with typical Internet connectivity other than the pings timing out.

 

Anyone else notice this problem?

2 Replies 2

psandel
Cisco Employee
Cisco Employee

Hi,

 

My name is Puneet Sandel and I am from the L2 team providing support on Cisco small business devices.

 

As per your query since RV routes perform NAT by default therefore you are able to ping internet from the default VLAN.

 

However if you create another VLAN you need to provide a default or static route in the router pointing towards your firewall.

 

Same needs to be done on the firewall end too. Although you might have added a policy in the firewall for other networks but without adding a route on both sides will not solve your issue.

 

Regards,

Puneet Sandel

Technical Consulting Engineer-Level 2

Global CX Centers – Small Business Support

Hello Puneet,

Perhaps I was unclear where I created the second VLAN... The second VLAN
is created ON the RV340 itself so no route should be necessary. The RV has
a connected route to the second VLAN. Also please note that a few replies
are received when pinging from VLAN2, but they mostly time out. Pings from
VLAN1 consistently work 100%.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: