cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8864
Views
15
Helpful
6
Replies

RV180W Understanding VLAN

krazykaigh
Level 1
Level 1

Hi, my office just purchased the RV180W Router with VLAN capability. I have that connected to two stacked HUBS (not switches). I have about 14 computers and devices connected to my network/domain. I have an old access point and would like to connect it directly to Router as VLAN(?) so people with WiFi devices may connect ONLY to the internet.

RV180W is not the DCHP, my Windows 2003 Server is, at least for default VLAN1. I have a wireless connection under VLAN1, as the Router is a Wireless connection also.

Can I leave my office on VLAN1 and setup a new VLAN (VLAN5 let's say) just for the access point and turn off inter Vlan Routing? Is it that simple? I tried earlier and ended up Reseting router, having office off internet for about 30 minutes. OOPS. Any help is GREAT help.

Thanks, Kaigh

1 Accepted Solution

Accepted Solutions

Hello Kaigh,

Sorry for the frustration you went through. This is not complex setup, and can be implemented easily.

VLANs are logical sub-networks. In order for a port to join a VLAN, it must be untagged in that VLAN, and excluded (tagged) in all others.

Here is what happened:

  • After creating VLAN 5, all ports were put in VLAN 5, untagged. When you clicked save, it automatically tagged your ports in VLAN 1, and left them untagged in VLAN 5. Essentially, all your ports became members of VLAN 5.
  • When device management was disabled, VLAN 5 was unable to access the router. Because all ports were part of VLAN 5, the user became locked out of the router.


What to do:

  • Referring to the screenshot, read the VLAN Membership table by column. If you want port 1 to be part of VLAN 1, read from top to bottom, and make port 1 untagged in VLAN 1 (untagged = join), and tagged (excluded) in VLAN 5.
  • Always leave one port in the default VLAN (1). This way, you will never be locked out.

Consider the following example:

Reading the table by column, port 1 is untagged in VLAN 1, and excluded in VLAN 5. Therefore, when you connect to port 1, you will join VLAN 1. However, port 4 is excluded in VLAN 1, untagged in VLAN 5. Therefore, anything connected to port 4 will join VLAN 5. I would follow this screenshot.

Plugging a wireless access point into a port configured to be part of another VLAN would allow you to extend your wireless range and have clients join a respective VLAN.

This weekend, if you have the chance, I would encourage you to give us a call at 1-866-606-1866. I do not think you will at all be disappointed. A qualified engineer will be happy to assist you.

View solution in original post

6 Replies 6

davidagu
Level 1
Level 1

Hello Kaigh,

Thank you for writing. My name is David Aguilar, and I am an engineer with the Cisco Small Business Support Center.

This is certainly possible. You can put both physical ports and wireless networks (SSIDs) into seperate VLANs and then prohibit communication between VLANs.

To meet your goal, you would need two VLANs. Just do the following:

  • Under Networking>LAN>VLAN Membership, click "Add Row" to create a second VLAN.
  • To make a port a member of a VLAN, it should be Untagged in thtat VLAN.

In this example, you have 2 VLANs. Inter VLAN Routing is dsiabled, so both will get to the internet, but will not communicate with each other. Ports 1 - 3 are untagged in VLAN 1. This means that they will be part of VLAN 1. Port 4, on the other hand, is untagged in VLAN 2. Therefore, if you implemented this configuration, and plugged your access point into port 4, it would be part of VLAN 2.

You can use Multiple VLAN Subnets to control the subnet and DHCP on each VLAN. Additionally, you can create multiple wireless networks (SSIDs) and have them on different VLANs. For example, you could have one wireless network for your internal use on VLAN 1, and another for guests on VLAN 2. Up to 4 wireless SSIDs and 4 active VLANs are supported.

If you have further questions, please give us a call at 1-866-606-1866. We are open 24-hours a day and would be happy to help you.

David,

Thank you for your prompt response. So, let me get a little more clarification. Yesterday evening I came in after all had left and reset my router, and began the process you described above. I ADDed VLAN5, SCLO_Guest, Turned ON Inter VLAN Routing (I will explain why in a moment), Turned ON Device Management, left all 4 ports UNTAGGED. Next, I went to Configuring Multiple VLAN Subnets, I left VLAN1 on 192.168.1.1 and setup VLAN5 on 192.168.2.1. At this point everything still worked fine. Next, I setup a Wireless network on VLAN5, with out security. This was to be the public access point.

Then I Turned OFF Inter VLAN Routing, Turned OFF Device Management, and I lost contact with the internet and with the Router. I didn't try to contact it on 192.168.2.1, I got frustrated, reset the router and set it up with just VLAN1 and lost confidence that I could get the public some minimal internet access in the waiting area.

Did I lose contact with the router because all ports were UNTAGGED on both VLANs, or because I turned off the Inter VLAN Rouiting, or a combination of both?

I am, however going to try your suggestion this weekend, and test the result. I would like to know if attaching the AP to say port 4 is even necessary if the Router can itself create 4 separate wireless VLANs? And if not, would I still need to identify some port as the port associated with VLAN5 (in my example), or just set the wireless subnet to VLAN5? (This may be hypothetical since the router's wireless doesn't actually reach the our entire office. We will have to have an access point up front.)

Thanks for any additional information you can give me.

Hello Kaigh,

Sorry for the frustration you went through. This is not complex setup, and can be implemented easily.

VLANs are logical sub-networks. In order for a port to join a VLAN, it must be untagged in that VLAN, and excluded (tagged) in all others.

Here is what happened:

  • After creating VLAN 5, all ports were put in VLAN 5, untagged. When you clicked save, it automatically tagged your ports in VLAN 1, and left them untagged in VLAN 5. Essentially, all your ports became members of VLAN 5.
  • When device management was disabled, VLAN 5 was unable to access the router. Because all ports were part of VLAN 5, the user became locked out of the router.


What to do:

  • Referring to the screenshot, read the VLAN Membership table by column. If you want port 1 to be part of VLAN 1, read from top to bottom, and make port 1 untagged in VLAN 1 (untagged = join), and tagged (excluded) in VLAN 5.
  • Always leave one port in the default VLAN (1). This way, you will never be locked out.

Consider the following example:

Reading the table by column, port 1 is untagged in VLAN 1, and excluded in VLAN 5. Therefore, when you connect to port 1, you will join VLAN 1. However, port 4 is excluded in VLAN 1, untagged in VLAN 5. Therefore, anything connected to port 4 will join VLAN 5. I would follow this screenshot.

Plugging a wireless access point into a port configured to be part of another VLAN would allow you to extend your wireless range and have clients join a respective VLAN.

This weekend, if you have the chance, I would encourage you to give us a call at 1-866-606-1866. I do not think you will at all be disappointed. A qualified engineer will be happy to assist you.

David,

Your answer was nothing, if not BRILLIANT!! And you're right it's not rocket science (When they count the number of juice boxes in the cargo hold on a space shuttle, is that rocket science or regular science being performed on a rocket?)

I will still be a punk and wait till the weekend, but I can only say THANK YOU!!!!! It is now so obvious where I erred. Missed it by THAT much!

Kaigh

David,

I have a similar (port-based vlan) setup using the RV180W as shown below:

I have a server connected to port #3 which is on vlan #1.  I have done speed tests using iperf between port #3 and the other ports.  The speed between ports when on the same vlan came out to about 706Mbps.  The speed between ports when on different vlans (i.e. between port #2 and #3) slowed down to 100Mbps. 

My question: Is the slower inter vlan data rate because of the router having to process the packets or because I have something misconfigured?

Thanks for your help in advance.

-Tyler

It's natural to see a lower throughput of inter-VLAN traffic compared with NAT throughput, since the CPU of RV180W is performing the routing task packet by packet. (RV180W uses a CPU that supports fast NAT processing with its hardware accelerator.)