Problem with the Inter-VLAN function of cisco RV160 routers
I'm a first year networking student, and I'm currently studying VLANs. My school got new cisco routers, rv160, which the students and teachers have little technical knowledge about.
We have a project in progress, which is to create a working environment, with 3 VLANs.
To start with, we have 1 server VLAN. This VLAN has a physical machine at 192.168.7.2, which is a VMWare ESXi machine, containing a Debian virtual machine that has no IP for now. The network address of the VLAN is 192.168.7.0 in /26. So the gateway is 192.168.7.62. VLAN ID 2
The second VLAN is the "User" VLAN. This VLAN groups all user machines, where they get their IP addresses via DHCP. The network address of the VLAN is 192.168.7.64 in /26. So the gateway is 192.168.7.126. VLAN ID 1, this is the default VLAN.
Finally, the DMZ VLAN. This VLAN has a Raspberry PI serving as a DMZ. It's configured in 192.168.7.193. VLAN ID 3 The network address of the VLAN is 192.168.7.192 in /26. So the gateway is 192.168.7.254.
For educational reasons, not security reasons, we are asked to make Inter-VLANs. But nothing to do, it just doesn't seem to work.
I can ping 192.168.7.193, which is the DMZ, but because it's the DMZ, but otherwise, I can't ping what's in the VLAN server for example. It's as if the button dedicated to "Inter-VLAN routing" has no effect, it's not possible to reach the other VLANs.
For additional information, NAT is in place, so each workstation/DMZ/servers can access the Internet. Moreover, we tried with ACLs, but it doesn't change anything. Whether it's my classmates or my teacher, we don't know where this problem could come from.
I provide you the screenshot of the router VLAN configuration.
The router's version is 1.0.01.03
Thank you again for your help
This will allow us to break the deadlock
EDIT : It seems that I can ping the "DMZ" even without being declared as such in the router. This is really a headache, which would mean that one VLAN is accessible but not the other one.
>>>>This VLAN has a physical machine at 192.168.7.2, which is a VMWare ESXi machine, containing a Debian virtual machine that has >>>no IP for now.
So to which IPaddress (in vlan2) are you trying to ping (from host in vlan1)????
a) is it 192.168.7.2? (in which case is there a Default-Gateway ipaddress 192.168.7.62 also configured on this ESX-machine?
b) As you said, is it the Debian-VM in the ESX-server that you are trying to reach from vlan1????..becos there is no ipaddr yet on the VM(Virtual Machine) anyways
c) You mentioned that you are able to ping to the rasberryPi device connected in DMZ-VLan3 (with ipaddr 192.168.7.193)...
d) Iam assuming that ALL your user-vlan1 hosts are connected to switches which in turn are connected ONLY to LAN1/LAN2 ports of rv160....just to confirm
In summary, as far as i can tell, the ONLY reason why you are not able to ping to vlan2 host from vlan1 (or even vlan3) would be becos the host/server in vlan2 is NOT configured with the correct default-gateway ipaddress of 192.168.7.62...therefore you are NOT recieving any reply packets..
On RV160 there is NO specific hardware/physical DMZ port on the Router...whereas for example in RV260 port 8 can be explicitly configured as hardware-DMZ port...
So on RV160, since you "consider" vlan3 as DMZ...you can add some fw-acl rules as below (a rough mention of the actual rules)..AND the order has to be as shown below...becos the rules are always parsed in top-to-down approach
- Say for example you want to allow from all internal-vlans to ONLY access to TCP port 8081 service on the RP-device in DMZ..
- Next you want to allow from internal vlans to ONLY access to ftp-server machine in the vlan3-dmz network
- And deny all other traffic from all internal-vlans to dmz-vlan
Listen: https://smarturl.it/CCRS8E41 Follow us: https://twitter.com/CiscoChampion
Let’s face it: today’s work is hybrid. Making hybrid work requires more than collaboration tools and SaaS applications. It’s about connecting people, dispa...
Join David Bombal as he busts the myths around Cisco Designed while building out an SMB network right at his desk.
David, a CCIE, CCSI and an educator, has delivered training courses all around the globe across multiple Cisco topics. And he’s desig...
This Chat covers the intersection of technology and social impact from community to global levels. Learn how digital maturity accelerates SMB growth and profits that can fund social programs and enable sustainable business practices like remote work.
This Chat covers the intersection of technology and social impact from community to global levels. Learn how digital maturity accelerates SMB growth and profits that can fund social programs and enable sustainable business practices like remote work. We'l...