cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
13592
Views
0
Helpful
17
Replies

RV120W and "Wireless Isolation within SSID"

MaxvatarT
Level 1
Level 1

Hello all,

I'd like to share with others one tricky topic on product RV120W (btw very fine pce of hw).

When I did initial setup, I went trough the documentation precisely. I set up 2 VLAN and 2 WiFi (one as main and other for guests). When I got to wireless security, there is a checkbox to activate "Wireless Isolation within SSID". The documentation clearly says: "Click Enable under Wireless Isolation within SSID to separate this network from the other three wireless networks on the Cisco RV120W. When this feature is enabled, the network can communicate with the Cisco RV120W, but not with any of the other three networks.". So I said to my self - it would be good idea to enable it, since there are 2 VLANs/2 WiFis. And that cost me 4 hours of investigation of following trouble:

When wireless isolation is enabled on RV120W (firmware 1.0.4.10) - one PC can not ping/access another PC, when both are connected to router via WiFi (same WiFi/same VLAN). It's ONLY possible to ping WiFi PC -> LAN PC or opposite direction LAN PC -> WiFi PC.

IMHO this is either bug in the firmware or not-very-accurate description in the documentation.

Has anybody solved similar trouble ?

Rgds

MaX

17 Replies 17

lariasqu
Level 1
Level 1

Hi Max, thank you for using our forum, my name is Luis I am part of the Small business Support community. I know you are trying to reach a host from the same Vlan, are those hosts connected to the same SSID? Did you check the IP address and mask of each device you are trying to reach? Are the RV120W the only one DHCP server?

If all this information is clear, could you please share to us your configuration?

Thank you for this information,

Greetings,

Luis Arias.

Cisco Network Support Engineer.

Hello Luis,

Im glad that CISCO shows an interest and my post is not left without reply.

Yes, I think I did not any mistake during my investigation (I work as IT

consultant for 15years now). I checked ipconfig report on both PCs. They

were connected to same WLAN and therefore same VLAN. DHCP server is only

one and is run by RV120W itself.

I'll be happy to cooperate and to improve products of CISCO. Please let me

know, how you want to share the setup.

Have a nice day.

Rgds

Max

Hi Max, there is other firmware release 1.0.5.6, I suggest you to upgrade your device firmware and try again with your configuration, also you could check the firewall setting in your router and just for testing matters try to disable the OS firewall in your computers, if the issue continues you could send us some screen shots from your configuration as (Wireless > Basic Settings), (Networking > LAN > VLAN Membership).

I hope you find this answer useful

Greetings,

Luis Arias.

Cisco Network Support Engineer.

Hello Luis,

thank you for the link to new firmware. I did the upgrade. Unfortunatelly it does not help and the situaition is still the same: computers connected to RV120W pings each other okay. When disconected from LAN and connected via WiFi the pings to WiFi IPs doesnt work.

The screenshot follows:

Looking for next suggestions.

Thank you.

Rgds

MaX

Hi Max, I apologize for this inconvenience, could you please reach out to our Small Business Support Center and open a Service Request to address this issue? One of our Engineers may be able to work with you and diagnose the root cause. You can find the appropriate contact information for SBSC in the below link.

http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html

Thank you for all your time,

Greetings,

Luis Arias.

Cisco Network Support Engineer.

I think you need to look at disabling "Inter V-Lan Routing" in the V-Lan setup screen.  Wireless Isolation as I understand it will prevent a wireless client from talking to another wireless client, but will not prevent it from getting to the router or a wired client.  By disabling the Inter V-Lan Routing, you will keep the any client in a 2nd V-Lan from talking to anything in the 1st V-Lan.  I think they can still get to the router, but that is it.  I have attached a picture of the set up I use at our business.  2 V-Lan, 1 business, 1 guest.

Hi Darren,

thx for your commnet. I understand you and I share the assumption about "wireless isolation" functionality with you. But then, as I wrote in the beginning, the description in the administration guide is absolutely out of the subject and is misleading.

Rgds

MaX

Hi Max, this is not a bug nor error in documentation. This is how the products have been developed for years even back in the Linksys models.

I believe you are taking the documentation and configuration out of context as the context of this is configuring wireless parameter, no a global router configuration.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

Hi Tom,

IMHO the description of "Wireless Isolation within SSID" does not say anything, that two computers connected to the same SSID couldn't/shouldn't ping or access each other. I agree with you, that it might be desired functionality, but I would then call it something like "Isolation of wireless clients within (one) SSID".

Do you understand my point ?

Rgds

MaX

Hi Max, I do not understand your point. The name says it all, Wireless isolation WITHIN the SSID. A wired computer does not connect to a SSID therefore is not WITHIN the SSID. A SSID is for only wireless clients of that SSID. The only purpose of that feature is to prevent that communication of hosts within the same wireless SSID.

If you want to pick and choose which host can or can't communicate you need access restriction (access lists).

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

Hi Tom,

well first of all, I don't speak about wired computer. I mentioned it only in the beginning for purpose, that DHCP and router itself work correctly.

OK, I can accept, that the term "Wireless Isolation within SSID" can be understand as you and Darren describe - english is not my native language. And actually I'm glad for such a feature.

But I must still insist, that the decription in the admin guide is misleading. Lets paste it here again:

Chapter 3, page 56, part "Configuring Wireless Security and Other Settings", step 3-d:

(Optional) Check the Wireless Isolation within SSID box to separate this network from the other three networks on the Cisco RV120W. When this feature is enabled, the network can communicate with the Cisco RV120W, but not with any of the other networks.

Sorry Tom, but there is nothing written about isolating of wireless devices, which are connected to the same SSID.

Rgds

MaX

MaxvatarT
Level 1
Level 1

Hi all,

I've just finished the webex session with CISCO support. The result is:

1) isolation of WiFi clients works fine, as it should work,

2) the description in administration guide is completely wrong and misleading ... and will be corrected in near future.

Thanks everybody for their inputs.

Rgds

MaX

Hi Max,

 

I read in the manuel and it does not seems to be corrected and i would like to do samething.

Could you please tell me what the guys did to your router to make this works ?

 

thank you

 

best regards,

 

J-marc

Hello Jean-Marco,

the support did actually nothing. The check box really switches only wireless client isolation in terms, that clients within one wireless network cannot see/ping each other.

I did my setup as follows:

1) LAN in 192.168.1.x subnet

2) first WiFi net in 192.168.1.x subnet as well, since I need print on my wireless HP printer (for example)

3) second WiFi net in 192.168.2.x subnet for wifi devices, when somebody come to visit and wants an internet access. Moreover I enabled "isolation" within this WiFi net. In the setup, the second WiFi net is done in 2nd Virtual Network (which is configured in LAN options, or somewhere there)

I think you can follow my model, or you can just skip the point 2). In anyway you need to run LAN in default network and WiFi hotspot in Virtual Network with different subnet.

GL

MaX

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: