01-19-2012 11:52 AM
Good afternoon, our company started out very small and is now growing very large to the point where I am looking at layering hosts to obtain more segregation and security for different areas/users within the company. I've been playing around with the VLAN feature in this router a long with the multiple subnets to see what the most ideal configuration situation would be.
Ideally I was thinking I would block out hosts for areas regarding security and use the VLANS built into the RV016 to isolate them from other users/areas on the network. HOWEVER it seems that the VLANS ONLY segregrate within the Device IP Address (RV016) and Subnet Masks realm. So for example, if my RV016 is setup with a standard Class C net of 192.168.1.1 host with a 255.255.255.0 sub, and I add a multiple subnet of 192.168.2.0/24, and I then assign a LAN port in the RV016 to say VLAN2, and all others to VLAN1, my device on ip 192.168.1.20 VLAN2 for example, is accessible by devices on the VLAN1 with ip 192.168.2.20. It appears to me that the VLAN functions on the LAN ports are NOT being applied to devices that are added or created under multiple subnets.
This is frustrating for me because ideally this is how I would prefer to use it so I can expand my network by adding more hosts and acheiving segregation and separation. Ideally this would be resolvable if I could modify the main device subnet mask to something OTHER than the 255.255.255.x settings that are preset in the device, disgarding the need for multiple subnets, and allowing VLANS to function as they are built into the device. It seems the only way I can truly get the security/separation I desire between devices on the VLANs and in the multiple subnets is to create deny ACL's within the RV016 itself.
Hopefully this makes sense. I guess I am wondering if there are other devices out in the market that will acheive what I want to do but not require some substantial elite network training degree to hand code everything in console/terminal? Any other suggestions appreciate to acheive what I explained above. Thank you for reading and your help.
01-19-2012 12:29 PM
RV016 supports multiple subnets and port-based VLAN. If a host is connected to a port designated to VLAN2, the host should be isolated from all the computers in VLAN1, regardless the IP address of the host.
01-19-2012 12:59 PM
This is exactly how I was hoping or assumed it should work as well but it does not seem to behave that way. HOWEVER, after posting this I did find an interesting possible solution. If you add a multiple subnet of 192.168.0.0 @ 255.255.0.0 and have the device at 192.168.1.1 @ 255.255.255.0 you THEN are able to acheive segregation under the VLAN functionality of the device. I need to look into this more, I'm sure it makes sense to someone, somewhere, but just not me at the moment. Brain is mush after troubleshooting different options and scenarios.
01-19-2012 01:04 PM
The access rules of RV016 allow you to control which IP address can have access to which IP address within the same VLAN. Just an FYI.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide