03-23-2015 01:31 AM
Hi,
I have a small WLAN-setup with two SSIDs (private, guest) bound to two VLANs (private:2, guest: 3). Those VLANs have two subnets (192.168.20.0 and 192.168.30.0).
I don’t want traffic of VLAN2 to be accessible from VLAN3 (obviously).
I am using a WLC 2504 and a Cisco SG200-08P Managed Switch as well as a Cisco RV042G-K9-EU Dual WAN Router.
The WLC is connected to one Trunk Port (tagged only, member of VLAN 2+3) at the SG.
As the RV only supports untagged port based VLAN, I connected two ports of the SG to the RV.
Those Ports are Access Ports to the VLAN on the SG and Ports bound to the respecting VLAN at the RV.
On the RV, I had to enable multiple subnets so that both subnets have internet access.
My problem now is that you can access Subnet 192.168.20.0 (VLAN2, privat) from Subnet 192.168.30.0 (VLAN3, guest). I don’t know how that’s possible.
I checked the setup without the connections to the RV (only WLC and SG) and the Subnets/VLANs are separated properly. But if I add the RV, the separation is compromised.
I already tried to enable a deny role in the firewall to block all traffic from the guest subnet to the private one, but this wasn’t effective either.
What am I doing wrong? Why isn’t the RV separating the traffic of two different VLANs (and Subnets) properly? Do I have a fundamental mistake in my concept?
Thank you all for you help.
Regards,
Tobias
Solved! Go to Solution.
03-26-2015 02:36 PM
Hello brenner01,
I am sorry you are experiencing this issue. As the RV042G does not support 802.1Q VLANs when enabling multiple subnets it will route all that traffic. As there is no feature of inter-VLAN routing to disable you will either have to get a VLAN capable router (RV320) or on the Switch create Access Lists that will deny traffic from one subnet to another.
If you go the Access Lists route make sure you have an allow rule for that subnet to allow the traffic from that subnet back on it.
Hope this helps,
Michael D.
If this post is helpful please rate or mark as correct.
03-26-2015 12:44 PM
Does nobody have an idea what might be wrong?
Or any experience with this router?
Regards,
Tobias
03-26-2015 02:36 PM
Hello brenner01,
I am sorry you are experiencing this issue. As the RV042G does not support 802.1Q VLANs when enabling multiple subnets it will route all that traffic. As there is no feature of inter-VLAN routing to disable you will either have to get a VLAN capable router (RV320) or on the Switch create Access Lists that will deny traffic from one subnet to another.
If you go the Access Lists route make sure you have an allow rule for that subnet to allow the traffic from that subnet back on it.
Hope this helps,
Michael D.
If this post is helpful please rate or mark as correct.
03-27-2015 09:09 AM
Dear Michael,
thank you very much. Thats very disappointing, as I dont understand why it isnt working.
What I dont get too is why my filewall roules for the separation of the two subnets isnt working???
Is this also because of the "multi sbnet mode"?
Regards,
Tobias
03-27-2015 02:29 PM
Hello brenner01,
It is a combination of the multi subnet mode and the fact that the RV042G does not support 802.1Q. The router doesn't recognize the tagging information so it will just route it since it will know how to route to each subnet do to the port base tagging.
You will need a Layer 3 router that supports 802.1Q to disable inter-VLAN routing or as suggested above create Access Control Lists (ACL) on the switch to block the necessary traffic.
Regards,
Michael D.
If this post is helpful please rate or mark as correct.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide