10-13-2014 08:33 PM
I have an RV120W small business router running the latest firmware. I created 2 VLANs, one for work and one for guest access. Problem is that I want to completely segment the traffic from the guest VLAN so that it cannot access anything on the work VLAN. I've tried setting the default outbound policy to block the traffic and even set a rule saying the range of addresses on the guest VLAN block any service to the work addresses. I want to make these firewall rules as secure as possible and essentially block everything, even on both VLANs and then create my own 'white list' however no matter what rule I try to put in, it seems to do nothing. Everything is still talking like the firewall isn't even there...
10-14-2014 10:05 AM
Robbykilian,
My name is Ismael. Iam with the Small Business Support Team. From my understanding you like to separate traffic from guest to reach your work Vlan. If your topology only include the router (RV120w) with no manage switch then no policy rules have to be put in place. The best thing to do is keep inter Vlan routing disabled for your guest vlan. This can be done under Networking>>>Vlan Membership. If both are disabled then both Vlans will not be able to communicate,but to route to the internet.
If the topology includes a managed switch on layer 3 and routing vlans then you would need ACL's within the switch alone. Hope this helps!
10-15-2014 08:09 PM
Hi there Ismael. Thanks for the quick response. So yes I am just using the router in this topology. I thought about disabling inter-VLAN routing however there are actually a few ports I wanted to allow through to the private VLAN (such as DNS, HTTP). I'm really just trying to figure out how exactly the access rules work on the Small Business series routers. Basically what I've been doing is defining a series of blocked outbound rules for each protocol that includes the source as the range of addresses I have for the guest VLAN and the destination as the range of addresses for the private VLAN. This approach doesn't seem to be working. Am I going about this in completely the wrong way?
10-19-2014 08:15 AM
So I went ahead and disabled inter-VLAN routing on the guest VLAN but it's still routing traffic to the private VLAN!!! I've attached two screenshots. One is showing that I do in fact have inter-VLAN routing disabled on the guest VLAN and the other is showing a host on the Guest VLAN (the 172.16.20.0 subnet) being able to SSH to a host on the private VLAN (the 172.16.10.0 subnet).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide