10-07-2021 02:01 AM
Hi all,
Im trying to config a rv340 and i think i need to use the bridge mode to get this working. My situation is as follows
My ISP is a fiber connection.
The RV340 i am speaking about is there to make the connection to the fiber network, its another subnet. The Fiber router then connects two other RV340's that also have a public adres, and then connect to the lan with i internal subnet 192.168.x.x
So first layer: 123.123.123.123 mask 255.255.255.252
Seconde layer: 112.112.112.112 mask 255.255.255.248
third local layer: 192.168.x.x mask 255.255.255.0
What i tryed,
i configured the RV340's wan1 side to the first layers subnet.
Then i configured the lan side to the second layers subnet
This works, but i dont want the RV340 on the first layer to interfear with traffic going from the internet to the second layer routers.
So then i tryed to put the WAN1 side in Bridge mode, it says it wil use Vlan1 to connect the bridge to. When i click on apply both wan and lan sides are not reachable. I cannot manage the router anymore. And also cant save my settings. When i turn the switch off and on it will automaticly reset.
Hope above story makes any sence. Im new to the Cisco routers, so hopefully you can help me.
With kind regards, Bas
Solved! Go to Solution.
10-09-2021 11:26 AM
Hi
Firstly, in the block of 8-addresses that is assigned by your ISP (to be configured on the Layer3-RV340s), the following are the actual usable ipaddresses that you can assign/configure, and the other details of this subnet are:
-------------------------------------------------------
Network-Subnet-ID: 112.112.112.112/29 (255.255.255.248)
Usable-IP-Range: 112.112.112.113 to 112.112.112.118 (netmask: /29<=>255.255.255.248) ONLY
Network-Broadcast-Address: 112.112.112.119
--------------------------------------------------------------------------------
And the ipaddress-space assigned to you for configuring on the wan-interface of Layer2-RV340 will be mostly as below:
---------------------------------------------------------------------
Network-Subnet-ID: 123.123.123.120/30 (255.255.255.252)
Usable-IP-Range: 123.123.123.121 to 123.123.123.122 (netmask: /30<=>255.255.255.252)
Network-Broadcast-Address: 123.123.123.123
------------------------------------------------------------------------
>>>i dont want the RV340 on the first layer to interfear with traffic going from the internet to the second layer routers.
>>>Layer 3 needs to be transparant to the internet 112.112.112.113 and 112.112.112.114.
(Note: Layer-2 RV340 needs to be assigned the first-ipaddr 112.112.112.113/29, and then the Layer-3 routers 112.112.112.114-115)
So for your requirement that the "Public-IPaddresses" of the Layer-3 RV340s must be transparent to the internet (and therefore not be "NATed" by the Layer-2 RV340), as per your statements mentioned in your posts above, the possible solution/configuration that should be applied is as below:
Step-1:
On the Layer2-RV340
a) apply the ipaddress config on WAN1 interface as below for this router:
ipaddress: 123.123.123.122/255.255.255.252
Default-Gateway-ip (of the isp-router): 123.123.123.121
- apply and do a permanent-save
b) Next, change the present ipaddress given to vlan1 interface (112.112.112.x) to some unique private-ipaddress such as 172.16.1.1/24.
c) Apply and do a permanent-save of this change of ipaddress to vlan1 interface
d) Next arrange a gigabit-lan-switch and connect one of the switch port to LAN4 port of the Layer2-RV340....to LAN4-port ONLY.
(This will be configured next as a Hardware-DMZ port...so only LAN4).
- DONT configure the switch-port (connected to LAN4-port) as vlan trunk-port...keep it as default
Step-2: On-Layer2-RV340 router
a) In the "WAN/Hardware-DMZ" section, as shown in attached screenshot/capture, enable and configure the Hw-DMZ port (LAN4) with "subnet" option AND configure the ipaddress 112.112.112.113/255.255.255.248 as the ipaddress on this dmz-interface on this RV340
b) do a Apply and also a permanent-save of the config (later)
Step-3: Connect the WAN-interfaces of both the Layer-3-RV340s to the Gigabit-Switch that is also connected to LAN4 port of Layer2-RV340 router
Step-4: On each of the Layer3-RV340 routers, configure the wan1 ipaddresses as below:
Layer3-RV340-Router1:
ipaddress: 112.112.112.114/255.255.255.248
Default-Gateway-ip: 112.112.112.113
Layer3-RV340-Router2:
ipaddress: 112.112.112.115/255.255.255.248
Default-Gateway-ip: 112.112.112.113
Some Points to be note with reference to Hw-DMZ config applied on Layer2-RV340 router:
1. Since this is a DMZ network (with the public ipaddresses in the 112.112.112.112/29 subnet, none of the traffic/ip-packets sent out by the Layer3-RV340-routers WILL NOT BE NATed TO WAN1-IPADDR OF LAYER2-RV340....
a) ALL packets sent out to the internet by the 2 Layer3-RV340s will be with the src-ipaddr of 112.112.112.x of their wan1-ipaddresses only
b) AND ALL TRAFFIC FROM INTERNET (EITHER THE REPLY/RETURN TRAFFIC OR NEW-CONNECTIONS INITIATED FROM INTERNET TO 112.112.112.114/115 will be directly "routed" (without doing any NAT/etc) as it is to the respective Layer3-RV340 wan-interfaces
c) So as required by you, the traffic from the Layer3-RV340s via the Layer2-RV340 will be transparent to the Internet without any NAT/Intervention of the Layer2-RV340 (except as a router)
d) Also you will observe that BY DEFAULT WHEN HW-DMZ is enabled on the Layer2-RV340 router, ALL TRAFFIC IS PERMITTED BETWEE THE DMZ-NETWORK (CONTAINING THE LAYER3-RV340s) AND THE INTERNET.
- Meaning, on the Layer2-RV340, by default there are no implicit/explicit firewall acl-rules that will deny any traffic "between internet and DMZ"
- If you need, you will have to apply/configure Firewall-ACL rules to deny/permit specific traffic-types between the Internet and DMZ
And above is one of the possible solutions for your requirements
thanks and best wishes and regards
10-07-2021 02:15 AM
Hi can you provide small diagram with IP addresses to get an clear idea about what you are planning to achieve.
10-07-2021 02:46 AM - edited 10-07-2021 02:48 AM
Layer 3 needs to be transparant to the internet 112.112.112.113 and 112.112.112.114.
10-08-2021 02:23 AM
what is the default-gw ipaddress you are configuring for the "layer-3" devices (112.112.112.x)?..... this is needed to route to internet.
Is this 112.112.112.x ipaddresses "static public-ipaddresses" assigned by your ISP?
10-08-2021 06:04 AM
The Gateway both routers use are 112.112.112.112
Yeah they are, its a block of 8 adresses.
10-09-2021 11:26 AM
Hi
Firstly, in the block of 8-addresses that is assigned by your ISP (to be configured on the Layer3-RV340s), the following are the actual usable ipaddresses that you can assign/configure, and the other details of this subnet are:
-------------------------------------------------------
Network-Subnet-ID: 112.112.112.112/29 (255.255.255.248)
Usable-IP-Range: 112.112.112.113 to 112.112.112.118 (netmask: /29<=>255.255.255.248) ONLY
Network-Broadcast-Address: 112.112.112.119
--------------------------------------------------------------------------------
And the ipaddress-space assigned to you for configuring on the wan-interface of Layer2-RV340 will be mostly as below:
---------------------------------------------------------------------
Network-Subnet-ID: 123.123.123.120/30 (255.255.255.252)
Usable-IP-Range: 123.123.123.121 to 123.123.123.122 (netmask: /30<=>255.255.255.252)
Network-Broadcast-Address: 123.123.123.123
------------------------------------------------------------------------
>>>i dont want the RV340 on the first layer to interfear with traffic going from the internet to the second layer routers.
>>>Layer 3 needs to be transparant to the internet 112.112.112.113 and 112.112.112.114.
(Note: Layer-2 RV340 needs to be assigned the first-ipaddr 112.112.112.113/29, and then the Layer-3 routers 112.112.112.114-115)
So for your requirement that the "Public-IPaddresses" of the Layer-3 RV340s must be transparent to the internet (and therefore not be "NATed" by the Layer-2 RV340), as per your statements mentioned in your posts above, the possible solution/configuration that should be applied is as below:
Step-1:
On the Layer2-RV340
a) apply the ipaddress config on WAN1 interface as below for this router:
ipaddress: 123.123.123.122/255.255.255.252
Default-Gateway-ip (of the isp-router): 123.123.123.121
- apply and do a permanent-save
b) Next, change the present ipaddress given to vlan1 interface (112.112.112.x) to some unique private-ipaddress such as 172.16.1.1/24.
c) Apply and do a permanent-save of this change of ipaddress to vlan1 interface
d) Next arrange a gigabit-lan-switch and connect one of the switch port to LAN4 port of the Layer2-RV340....to LAN4-port ONLY.
(This will be configured next as a Hardware-DMZ port...so only LAN4).
- DONT configure the switch-port (connected to LAN4-port) as vlan trunk-port...keep it as default
Step-2: On-Layer2-RV340 router
a) In the "WAN/Hardware-DMZ" section, as shown in attached screenshot/capture, enable and configure the Hw-DMZ port (LAN4) with "subnet" option AND configure the ipaddress 112.112.112.113/255.255.255.248 as the ipaddress on this dmz-interface on this RV340
b) do a Apply and also a permanent-save of the config (later)
Step-3: Connect the WAN-interfaces of both the Layer-3-RV340s to the Gigabit-Switch that is also connected to LAN4 port of Layer2-RV340 router
Step-4: On each of the Layer3-RV340 routers, configure the wan1 ipaddresses as below:
Layer3-RV340-Router1:
ipaddress: 112.112.112.114/255.255.255.248
Default-Gateway-ip: 112.112.112.113
Layer3-RV340-Router2:
ipaddress: 112.112.112.115/255.255.255.248
Default-Gateway-ip: 112.112.112.113
Some Points to be note with reference to Hw-DMZ config applied on Layer2-RV340 router:
1. Since this is a DMZ network (with the public ipaddresses in the 112.112.112.112/29 subnet, none of the traffic/ip-packets sent out by the Layer3-RV340-routers WILL NOT BE NATed TO WAN1-IPADDR OF LAYER2-RV340....
a) ALL packets sent out to the internet by the 2 Layer3-RV340s will be with the src-ipaddr of 112.112.112.x of their wan1-ipaddresses only
b) AND ALL TRAFFIC FROM INTERNET (EITHER THE REPLY/RETURN TRAFFIC OR NEW-CONNECTIONS INITIATED FROM INTERNET TO 112.112.112.114/115 will be directly "routed" (without doing any NAT/etc) as it is to the respective Layer3-RV340 wan-interfaces
c) So as required by you, the traffic from the Layer3-RV340s via the Layer2-RV340 will be transparent to the Internet without any NAT/Intervention of the Layer2-RV340 (except as a router)
d) Also you will observe that BY DEFAULT WHEN HW-DMZ is enabled on the Layer2-RV340 router, ALL TRAFFIC IS PERMITTED BETWEE THE DMZ-NETWORK (CONTAINING THE LAYER3-RV340s) AND THE INTERNET.
- Meaning, on the Layer2-RV340, by default there are no implicit/explicit firewall acl-rules that will deny any traffic "between internet and DMZ"
- If you need, you will have to apply/configure Firewall-ACL rules to deny/permit specific traffic-types between the Internet and DMZ
And above is one of the possible solutions for your requirements
thanks and best wishes and regards
10-11-2021 12:00 AM
Thank you for your detailed answer. This was just what i needed.
With kind regards,
Bas
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide