Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1169
Views
0
Helpful
6
Replies

RV340 bridge mode setup

Go to solution
jetron
Level 1
Level 1

‎10-07-2021 02:01 AM

Hi all,

 

Im trying to config a rv340 and i think i need to use the bridge mode to get this working. My situation is as follows

 

My ISP is a fiber connection.

 

The RV340 i am speaking about is there to make the connection to the fiber network, its another subnet. The Fiber router then connects two other RV340's that also have a public adres, and then connect to the lan with i internal subnet 192.168.x.x

 

So first layer: 123.123.123.123 mask 255.255.255.252

Seconde layer: 112.112.112.112 mask 255.255.255.248

third local layer: 192.168.x.x mask 255.255.255.0 

 

What i tryed,

i configured the RV340's wan1 side to the first layers subnet.

Then i configured the lan side to the second layers subnet

This works, but i dont want the RV340 on the first layer to interfear with traffic going from the internet to the second layer routers.

So then i tryed to put the WAN1 side in Bridge mode, it says it wil use Vlan1 to connect the bridge to. When i click on apply both wan and lan sides are not reachable. I cannot manage the router anymore. And also cant save my settings. When i turn the switch off and on it will automaticly reset.

 

Hope above story makes any sence. Im new to the Cisco routers, so hopefully you can help me.

 

With kind regards, Bas

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
nagrajk1969
Spotlight
Spotlight

‎10-09-2021 11:26 AM

Hi

 

Firstly, in the block of 8-addresses that is assigned by your ISP (to be configured on the Layer3-RV340s), the following are the actual usable ipaddresses that you can assign/configure, and the other details of this subnet are:

-------------------------------------------------------

Network-Subnet-ID: 112.112.112.112/29 (255.255.255.248)
Usable-IP-Range: 112.112.112.113 to 112.112.112.118 (netmask: /29<=>255.255.255.248) ONLY
Network-Broadcast-Address: 112.112.112.119

--------------------------------------------------------------------------------

 

And the ipaddress-space assigned to you for configuring on the wan-interface of Layer2-RV340 will be mostly as below:

---------------------------------------------------------------------

Network-Subnet-ID: 123.123.123.120/30 (255.255.255.252)
Usable-IP-Range: 123.123.123.121 to 123.123.123.122 (netmask: /30<=>255.255.255.252)
Network-Broadcast-Address: 123.123.123.123

------------------------------------------------------------------------

 

>>>i dont want the RV340 on the first layer to interfear with traffic going from the internet to the second layer routers.
>>>Layer 3 needs to be transparant to the internet 112.112.112.113 and 112.112.112.114.
(Note: Layer-2 RV340 needs to be assigned the first-ipaddr 112.112.112.113/29, and then the Layer-3 routers 112.112.112.114-115)

 

So for your requirement that the "Public-IPaddresses" of the Layer-3 RV340s must be transparent to the internet (and therefore not be "NATed" by the Layer-2 RV340), as per your statements mentioned in your posts above, the possible solution/configuration that should be applied is as below:

 

Step-1: 

On the Layer2-RV340

a) apply the ipaddress config on WAN1 interface as below for this router:

 

ipaddress: 123.123.123.122/255.255.255.252

Default-Gateway-ip (of the isp-router): 123.123.123.121

 

- apply and do a permanent-save

 

b) Next, change the present ipaddress given to vlan1 interface (112.112.112.x) to some unique private-ipaddress such as 172.16.1.1/24.

 

c) Apply and do a permanent-save of this change of ipaddress to vlan1 interface

 

d) Next arrange a gigabit-lan-switch and connect one of the switch port to LAN4 port of the Layer2-RV340....to LAN4-port ONLY.

(This will be configured next as a Hardware-DMZ port...so only LAN4). 

 

- DONT configure the switch-port (connected to LAN4-port) as vlan trunk-port...keep it as default

 

Step-2: On-Layer2-RV340 router

 

a) In the "WAN/Hardware-DMZ" section, as shown in attached screenshot/capture, enable and configure the Hw-DMZ port (LAN4) with "subnet" option AND configure the ipaddress 112.112.112.113/255.255.255.248 as the ipaddress on this dmz-interface on this RV340

 

b) do a Apply and also a permanent-save of the config (later)

 

Step-3: Connect the WAN-interfaces of both the Layer-3-RV340s to the Gigabit-Switch that is also connected to LAN4 port of Layer2-RV340 router

 

Step-4: On each of the Layer3-RV340 routers, configure the wan1 ipaddresses as below:

 

Layer3-RV340-Router1:

ipaddress: 112.112.112.114/255.255.255.248

Default-Gateway-ip: 112.112.112.113

 

Layer3-RV340-Router2:

ipaddress: 112.112.112.115/255.255.255.248

Default-Gateway-ip: 112.112.112.113

 

Some Points to be note with reference to Hw-DMZ config applied on Layer2-RV340 router:

 

1. Since this is a DMZ network (with the public ipaddresses in the 112.112.112.112/29 subnet, none of the traffic/ip-packets sent out by the Layer3-RV340-routers WILL NOT BE NATed TO WAN1-IPADDR OF LAYER2-RV340....

 

a) ALL packets sent out to the internet by the 2 Layer3-RV340s will be with the src-ipaddr of 112.112.112.x of their wan1-ipaddresses only

 

b) AND ALL TRAFFIC FROM INTERNET (EITHER THE REPLY/RETURN TRAFFIC OR NEW-CONNECTIONS INITIATED FROM INTERNET TO 112.112.112.114/115 will be directly "routed" (without doing any NAT/etc) as it is to the respective Layer3-RV340 wan-interfaces

 

c) So as required by you, the traffic from the Layer3-RV340s via the Layer2-RV340 will be transparent to the Internet without any NAT/Intervention of the Layer2-RV340 (except as a router)

 

d) Also you will observe that BY DEFAULT WHEN HW-DMZ is enabled on the Layer2-RV340 router, ALL TRAFFIC IS PERMITTED BETWEE THE DMZ-NETWORK (CONTAINING THE LAYER3-RV340s) AND THE INTERNET.

 

- Meaning, on the Layer2-RV340, by default there are no implicit/explicit firewall acl-rules that will deny any traffic "between internet and DMZ" 

 

- If you need, you will have to apply/configure Firewall-ACL rules to deny/permit specific traffic-types between the Internet and DMZ

 

 

 And above is one of the possible solutions for your requirements

 

thanks and best wishes and regards

 

 

 

 

 

 

 

 

 

 

 

View solution in original post

Preview file
61 KB
0 Helpful
6 Replies 6

Go to solution
Kasun Bandara
VIP
VIP

‎10-07-2021 02:15 AM

Hi can you provide small diagram with IP addresses to get an clear idea about what you are planning to achieve.

 

 

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB
0 Helpful

Go to solution
jetron
Level 1
Level 1

‎10-07-2021 02:46 AM - edited ‎10-07-2021 02:48 AM

Layer 3 needs to be transparant to the internet 112.112.112.113 and 112.112.112.114.

diagram.PNG

0 Helpful

Go to solution
nagrajk1969
Spotlight
Spotlight

‎10-08-2021 02:23 AM

what is the default-gw ipaddress you are configuring for the "layer-3" devices (112.112.112.x)?..... this is needed to route to internet.

 

Is this 112.112.112.x ipaddresses "static public-ipaddresses" assigned by your ISP?

 

 

0 Helpful

Go to solution
jetron
Level 1
Level 1

‎10-08-2021 06:04 AM

The Gateway both routers use are 112.112.112.112

 

Yeah they are, its a block of 8 adresses. 

0 Helpful

Go to solution
nagrajk1969
Spotlight
Spotlight

‎10-09-2021 11:26 AM

Hi

 

Firstly, in the block of 8-addresses that is assigned by your ISP (to be configured on the Layer3-RV340s), the following are the actual usable ipaddresses that you can assign/configure, and the other details of this subnet are:

-------------------------------------------------------

Network-Subnet-ID: 112.112.112.112/29 (255.255.255.248)
Usable-IP-Range: 112.112.112.113 to 112.112.112.118 (netmask: /29<=>255.255.255.248) ONLY
Network-Broadcast-Address: 112.112.112.119

--------------------------------------------------------------------------------

 

And the ipaddress-space assigned to you for configuring on the wan-interface of Layer2-RV340 will be mostly as below:

---------------------------------------------------------------------

Network-Subnet-ID: 123.123.123.120/30 (255.255.255.252)
Usable-IP-Range: 123.123.123.121 to 123.123.123.122 (netmask: /30<=>255.255.255.252)
Network-Broadcast-Address: 123.123.123.123

------------------------------------------------------------------------

 

>>>i dont want the RV340 on the first layer to interfear with traffic going from the internet to the second layer routers.
>>>Layer 3 needs to be transparant to the internet 112.112.112.113 and 112.112.112.114.
(Note: Layer-2 RV340 needs to be assigned the first-ipaddr 112.112.112.113/29, and then the Layer-3 routers 112.112.112.114-115)

 

So for your requirement that the "Public-IPaddresses" of the Layer-3 RV340s must be transparent to the internet (and therefore not be "NATed" by the Layer-2 RV340), as per your statements mentioned in your posts above, the possible solution/configuration that should be applied is as below:

 

Step-1: 

On the Layer2-RV340

a) apply the ipaddress config on WAN1 interface as below for this router:

 

ipaddress: 123.123.123.122/255.255.255.252

Default-Gateway-ip (of the isp-router): 123.123.123.121

 

- apply and do a permanent-save

 

b) Next, change the present ipaddress given to vlan1 interface (112.112.112.x) to some unique private-ipaddress such as 172.16.1.1/24.

 

c) Apply and do a permanent-save of this change of ipaddress to vlan1 interface

 

d) Next arrange a gigabit-lan-switch and connect one of the switch port to LAN4 port of the Layer2-RV340....to LAN4-port ONLY.

(This will be configured next as a Hardware-DMZ port...so only LAN4). 

 

- DONT configure the switch-port (connected to LAN4-port) as vlan trunk-port...keep it as default

 

Step-2: On-Layer2-RV340 router

 

a) In the "WAN/Hardware-DMZ" section, as shown in attached screenshot/capture, enable and configure the Hw-DMZ port (LAN4) with "subnet" option AND configure the ipaddress 112.112.112.113/255.255.255.248 as the ipaddress on this dmz-interface on this RV340

 

b) do a Apply and also a permanent-save of the config (later)

 

Step-3: Connect the WAN-interfaces of both the Layer-3-RV340s to the Gigabit-Switch that is also connected to LAN4 port of Layer2-RV340 router

 

Step-4: On each of the Layer3-RV340 routers, configure the wan1 ipaddresses as below:

 

Layer3-RV340-Router1:

ipaddress: 112.112.112.114/255.255.255.248

Default-Gateway-ip: 112.112.112.113

 

Layer3-RV340-Router2:

ipaddress: 112.112.112.115/255.255.255.248

Default-Gateway-ip: 112.112.112.113

 

Some Points to be note with reference to Hw-DMZ config applied on Layer2-RV340 router:

 

1. Since this is a DMZ network (with the public ipaddresses in the 112.112.112.112/29 subnet, none of the traffic/ip-packets sent out by the Layer3-RV340-routers WILL NOT BE NATed TO WAN1-IPADDR OF LAYER2-RV340....

 

a) ALL packets sent out to the internet by the 2 Layer3-RV340s will be with the src-ipaddr of 112.112.112.x of their wan1-ipaddresses only

 

b) AND ALL TRAFFIC FROM INTERNET (EITHER THE REPLY/RETURN TRAFFIC OR NEW-CONNECTIONS INITIATED FROM INTERNET TO 112.112.112.114/115 will be directly "routed" (without doing any NAT/etc) as it is to the respective Layer3-RV340 wan-interfaces

 

c) So as required by you, the traffic from the Layer3-RV340s via the Layer2-RV340 will be transparent to the Internet without any NAT/Intervention of the Layer2-RV340 (except as a router)

 

d) Also you will observe that BY DEFAULT WHEN HW-DMZ is enabled on the Layer2-RV340 router, ALL TRAFFIC IS PERMITTED BETWEE THE DMZ-NETWORK (CONTAINING THE LAYER3-RV340s) AND THE INTERNET.

 

- Meaning, on the Layer2-RV340, by default there are no implicit/explicit firewall acl-rules that will deny any traffic "between internet and DMZ" 

 

- If you need, you will have to apply/configure Firewall-ACL rules to deny/permit specific traffic-types between the Internet and DMZ

 

 

 And above is one of the possible solutions for your requirements

 

thanks and best wishes and regards

 

 

 

 

 

 

 

 

 

 

 

Preview file
61 KB
0 Helpful

Go to solution
jetron
Level 1
Level 1
In response to nagrajk1969

‎10-11-2021 12:00 AM

Thank you for your detailed answer. This was just what i needed.

 

With kind regards,

 

Bas

0 Helpful
Customers Also Viewed These Support Documents