Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
482
Views
0
Helpful
1
Replies

RV325 Firewall access list problem

jkloepping
Level 1
Level 1

‎10-04-2015 01:38 PM

I have an RV325 with v1.2.1.13 firmware (latest). From a factory default system, I enable packet mirroring to port one, but no traffic that is exclusively LAN-LAN is mirrored. For example, traffic from 192.168.1.75 to 192.168.1.50 is not mirrored (Wireshark). I see traffic that has a WAN source or destination. Is this correct behavior?

Second, I am trying to prevent 192.168.1.75 from sending traffic to 192.168.1.50 with an Access Rule. I set the source IP as 192.168.1.75 and the destination as 192.168.1.50, all traffic, deny, and yet the traffic is not blocked. The traffic source is on port 2 and the dest is port 3 on the RV325.

What am I missing here?

Labels:
0 Helpful
1 Reply 1

Michael Swenson
Cisco Employee
Cisco Employee

‎10-07-2015 02:15 PM

Thanks for contacting Cisco,

 

The port mirror will mirror LAN and WAN traffic. Recreated in lab.

 

Also, LAN to LAN ACLs will only apply if you are traversing to another VLan ( subnet).  Thus, the packets would be "routed" by IP address and the ACL will apply. 

 

The LAN based ACL will not Deny on the same subnet ( Vlan).  This is working as designed because LAN to LAN on the same subnet would not be routed, it would be "switched".  Thus, the connection occurs at the MAC address level, not the IP level.

You could but your server in another VLan and then the ACL would Deny.

Hope this help

Best Regards,

0 Helpful
Customers Also Viewed These Support Documents