06-05-2019 12:58 PM
Use case: RV325 is deployed at guest net WAN router / firewall supporting logically isolated VLAN/subnet.
Help needed: Configure a LAN port to use for management purpose sitting on a corp VLAN which is isolated from guest side.
What I've tried: configure the corp VLAN on one of the LAN port and add static routing. But the IP of the L3 interface is reachable from other corp side subnet. Possible cause if that the static routing doesn't allow specifying the interface. Routing tables shows LAN as the next hop instead of specific port.
Is this dedicated management interface possible?
06-06-2019 03:41 AM
Yes, a dedicated port for management is possible.
Can you add some ip address examples to illustrate your question a bit better?
You want to have the router management port accessible from the corporate VLAN but you do not want to have it accessible from all your subnets ?
I assume you connect the LAN port to a corporate switch ?
06-06-2019 09:17 AM
Hi Jo,
Appreciate your response. Here's more detail,
CorpNet
VLAN10 (access): 192.168.10.0/23 GW 192.168.10.1 (L3 switch C3650) --> PaloAlto Firewall --> ISP1
VLAN1 (mgmt): 192.168.1.0/24 GW 192.168.1.1 (L3 switch C3650)
GuestNet
VLAN30: 192.168.30.0/24 (C3650) --> GW 192.168.30.1 (RV325) --> ISP2
VLAN 1, 10 30 coexist on L3 switch C3650 but VLAN30 is isolated from VLAN1 and 10 so CorpNet and GuestNet are separated. Now I want to assign an 192.168.1.0/24 IP to RV325 just for management so that I can access it from VLAN10 (192.168.10.0/24).
06-06-2019 02:04 PM
Configure VLAN1 on RV325 with an IP address of 192.168.1.123 ( static in DHCP settings ). Configure VLAN10 with a static IPaddress 192.168.10.123
Enable InterVlanrouting between VLAN1 and VLAN10 on RV325.
If you want to have access from VLAN10 hosts to VLAN1 hosts.
Let me know if this works for you.
07-23-2019 12:59 PM
Hi Jo,
Thanks for the hint but no it doesn't work reason being,
PC at 192.168.10.99 have the default GW at 192.168.10.1 which is the C3650. So the PC outbound traffic will be,
PC (192.168.10.99) --> GW (192.168.10.1) (Router C3650) --> GW (192.168.1.1) --> RV325 (192.168.1.123)
But RV325 will try to route the return packets through its 192.168.10.123 interface because the 192.168.10.0/24 is already in the routing table.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide