Hello Everyone,

A month ago I had a big problem with an old router we had in our network (Cisco 1841), and we decided to replace it with a Cisco 4321. I'm not a super expert, but I can manage to put some configuration as long as I understand what I'm doing.

I've managed to configure 3 VLANs for the phone system, data, and cameras, and everything seems to be working as expected. There are still some issues that need to be addressed such as not using the native VLAN 1 for data, but other than that things are working fine.

My configuration is as follows:

WAN connected to Firewall

Firewall on 10.1.1.2

Router on 10.1.1.1

Router has 3 VLANS + native

VLAN 1 = native/Data

VLAN 1010 = Phone system

VLAN 2040 = Empty (planning to move data VLAN here)

VLAN 3040 = Cameras

The problem I have is that I have an NVR in the Cameras VLAN 3040 and I cannot seem to reach it with the camera's software from the data VLAN. I can reach the cameras connected to the NVR, and I can ping the NVR, but I cannot make the camera software to connect to the NVR directly from the data VLAN.

If I place the NVR on the data VLAN, it works perfectly, but I want to have a separate VLAN for the cameras.

I've been doing some research and apparently I need to do some port forwarding in the router, but I can't find the proper way of doing it.

The NVR has the IP 192.168.160.15

The client computer I'm using to access it has the IP 192.168.168.220

Here is my router's configuration:

Building configuration...

Current configuration : 2155 bytes
!
!
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname OUI
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
aaa new-model
!
!
!
!
!
!
!
!
aaa session-id common
!
!
!
!
!
!
!
!
!
!
!

!
!
!
!
!
!
!
!
!
!
subscriber templating
multilink bundle-name authenticated
!
!
!
!
!
spanning-tree extend system-id
!
!
redundancy
mode none
!
!
vlan internal allocation policy ascending
!
vlan 1010,2040,3040
!
!
!
!
!
!
interface GigabitEthernet0/0/0
no ip address
negotiation auto
!
interface GigabitEthernet0/0/0.1
encapsulation dot1Q 1 native
ip address 192.168.168.1 255.255.255.0
ip helper-address 192.168.168.31
!
interface GigabitEthernet0/0/0.2
encapsulation dot1Q 1010
ip address 192.168.170.1 255.255.255.0
ip helper-address 192.168.168.31
!
interface GigabitEthernet0/0/0.3
encapsulation dot1Q 3040
ip address 192.168.160.1 255.255.255.0
ip helper-address 192.168.168.31
!
interface GigabitEthernet0/0/0.4
description User Vlan
encapsulation dot1Q 2040
ip address 192.168.166.1 255.255.255.0
ip helper-address 192.168.168.31
!
interface GigabitEthernet0/0/1
ip address 10.1.1.1 255.255.255.0
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
interface Vlan1
no ip address
shutdown
!
ip default-gateway 10.1.1.2
ip forward-protocol nd
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet0
ip route 0.0.0.0 0.0.0.0 10.1.1.2
!
!
!
!
!
!
!
control-plane
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
privilege level 15
transport input telnet ssh
line vty 5 15
privilege level 15
transport input telnet ssh
!
!
end

I hope anyone can point me on the right direction as to what I need to do, and any help will be very much appreciated

Best!!