Hello Cisco Small Business Community.
We are a Cisco Select Partner and have started using RV320's and RV325's with our customers. As we are implementing these deployments, I have noticed there are a few features I would like to see added to the product. I've listed them below.
Urgently Needed Feature Requests:
1. Allow a subnet mask in the 255.255.0.0 range for LAN VLAN's. Many of our customers use a 10.x.x.x range for subnets and many use a 16 bit subnet mask to give them plenty of room to create both static and dynamic assignments. For example, subnet 10: 10.10.0.0/16 with a range of 10.10.10.1-254 for dhcp dynamic leases, and 10.10.0.1-254 for servers, and 10.10.1.1-254 for printers, and 10.10.2.1-254 for networking gear, etc. None of these networks have more than 254 devices on them, but the extra IP range availability is nice because it allows us to help keep their networks organized.
2. The ability to create service groups for firewall and NAT rule creation. There are often times when we need to group several services together and create firewall and NAT rules for them. This would simplify setup and implementation. An example of this feature on Cisco Small Business Products was on the ISA550.
3. The ability to have the RV320/325 to serve as the NTP server for the network. Most small business customers need NTP server functionality, and the logical place to stick this service for many of these networks is on the firewall.
4. The ability to specify any RFC DHCP option. We have some need to be able to specify several additional DHCP options than the ones hard coded into the firewall dhcp server pages. In addition to the options the DHCP servers on the RV320/325 already includes, the common ones that we often use are "Time Server," "Log Server," and "Time Offset."
6. The ability to specify a domain search list and for DHCP clients.
7. The option to register DHCP clients with the specified DNS server (including the on-box DNS Forwarder).
8. The ability to tweak Firewall Session Settings (like in the RV220w and ISA550) and TCP/UDP Timeouts. If full control is not an option, then may four choices such as: "Conservative" -- keeps TCP/UDP connections alive for the longest period of time, "Normal" -- normal TCP/UDP Timeouts, High Latency -- Keep TCP/UDP connections alive for a longer period of time.
9. Additional Diagnostic/status screen information: -- CPU usage for 1 minute, 5 minutes, and 15 minutes, -- number of Firewall Sessions/States, --Firewall Temperature, -- Real Time and RRD based traffic graphs for 15 minutes, 4 hours, 8 hours, 1 day, and 1 week,
10. The ability to pull Firmware Updates directly from the Cisco support site onto the firewall.
Nice to Have Features:
1. VRRP on both WAN and LAN interfaces.
2. The ability to answer DNS helper requests. What I mean is to be able to set the on-box DHCP server up to serve as the DHCP server for non-connected subnets
3. SSH and Telnet command line access for basic troubleshooting (top, pftop, nbtstat, reboot, etc.)
4. The ability to backup and restore parts of the Config file, e.g. just the VPN setup or just the firewall rules
5. OSPF Dynamic Routing Support
With some of the advanced features, I wouldn't mind needing to buy a perpetual "advanced" license for an extra $50 to $100 (e.g. for VRRP, OSPF, SSH access, etc.).
I hope to hear some responses back from Cisco Product Support on these items.
I'm quite a bit surprised to see that we have both the same idea: provide our feedbacks to cisco to increase our product usage.
Here's mine list:
- I was a bit surprised when I have seen for the first time the embedded services list : there is some that I'm sure that nobody use (HTTP and HTTPS secondary), and some usefull network protocols which are missing : NTP, NNTP, NFS, SAMBA, BONJOUR, SSDP, etc.
It could be interesting to start router with those embedded services.
- An option to select both the TCP and UDP services could be very usefull : for now, when we add a service, we have to specify protocol in the following list : TCP, UDP, IPV6.
If I wants to add a rule for NFS without take care of TCP and UDP, I have to set up :
- two custom services, one for UDP, one for TCP
- two custom rules, one for NFS TCP, one for NFS UDP.
If we have two networks or VLAN, we have to define 4 rules...
- Increase the custom service description length could be helpfull : for now it's a problem if we wants to add more than 11 characters.
- If we add a custom service by error, we are unable to remove the generated field : field say that it expect something. if we do not wants to loose previous fields set, we have to save it with false values, and delete after it. Just boring.
Setting up firewall rules for the first time
- The "View logs" button is located on the bottom of the log tab; if we wants to view logs, we have to scroll : it's very boring when we're setting up our rules : we have to go to the firewall tab, and if there is something wrong, we need to go to log tab and scroll.
If you add a shortcut to the log from the firewall rules tab could be very usefull.
Managing firewall rules on the time
- Be able to add a description of the rules defined could be helpfull : I've set all my rules now, but in few months when I'll come back to the interface, I'm not sure to understand all meaning. A description to explain the rule's object could be usefull.
- If we log something in the firewall logs and if we want to remove the a logging trace type, we have to pass on each rules we think it can log something. It could be interesting to view logging option from the grid: it'll help us to earn time.
- Be able to filter rules by VLAN, protocol, ports or the rule's logging state from the rules grid could be helpfull.
Double Wan management
- Add an autodetect feature for the available bandwith could be very helpfull : accoding with values detected, you can help to configure more easily the router
Double wan protocol binding and multiples VLAN
- When I set up the protocols binding configuration I'm was very boring to have to set up rules for all outgoing protocol rules a interface : for example, wants to set up all outgoing SMTP protocol on the WAN1 interface, we have to select SMTP and add 188.8.131.52 au 184.108.40.206. If we have multiples VLAN, we have to repeat this rule for each VLAN subnet mask…
Set up an option for all outgoing traffic could be very helpfull.
DHCP Subnet masks more than 255.255.255.x
Like vreid47362 said, I'm also interested in this feature: For now, subnet masks defined for the DHCP Vlan are provided from a preconfigured select box. If we wants to choose something other than those provided, we can't. It could be interesting to add own own subnet mask (like for example 255.255.0.0).
I thought I'd give this thread a bump.
I'm thinking about turning off DHCP, and DNS and running my own. The limitations of not being able to specify dhcp options such as ntp continue to be frustrating.
I continue to be frustrated with the lack of dynamic dns using dhcp.
More-over the subnet limitation for Class C only is quickly becoming a problem. One class C was big enough in the 90s, but with the Internet of Things, this will probably become my hard-stop on this router. The other things I can work around even though I do not want to do so. This subnet limitation I cannot.
Has there been any feedback on when a new formware update will be ready and if any of these features will be included? I'm really looking for the Session Settings to tweak the TCP and UDP SessionTimeouts. Interestingly, the administration guide for the RV325 on pages 78/79 say that this can be done, but the menu option is not there with firmware version 220.127.116.11. Does anyone know how to change the TCP/UDP session timeouts with the current firmware?
No idea if im allowed to post this without being stabbed by cisco but.. there is a way you can open both TCP and UDP like the standard one on the list that is
To make one like this you need to do some.. "hacking" not really but don't know what else to call it.
When you save it will say ALL TRAFFIC in the protocol field but that is how they did it with the default entry so i guess its correct.
This was done using chrome and by right clicking on the protocol field during the edit mode exapnded the code and looked for the options like in the picture added 1 line and saved it selected the new option in dropdown and pressed save to add my new service and all good :) BUT this needs to be redone everytime you wanna add that option cause the code change is only local/temporary one so if you would edit that saved service.. it would go back to tcp (option 1 in list)
http://i.imgur.com/g44QdIZ.png (Full image url)
I will agree. Our RV320 is being used as a gateway to a guest wireless network of our hotel.
253 IP's per VLAN subnet is a frustrating limitation, all of us carry at least 2 wireless enabled devices while on business (a laptop or a tablet and a smartphone) which brings us immediately to 128 guests serviceable at any given time.
If DHCP lease times are set even a bit too large the exhaustion of IP address pool is an unavoidable condition. Using multiple VLANS carrying the same service (to cope with the /24 subnet) requires an unneeded increase of configuration complexity that can increase exponentially the probability of configuration errors and thus the associated performance drop. An $15(!) ADSL gateway provided by our ISP can provide a pool of /8 DHCP, subnet range and relevant scope.
When problems pop, or in times of extreme loads, service personnel must rely on web interface to perform basic maintenance and diagnostics.
This could load the system even more, especially on remote management scenarios on ADSL when the download bandwidth is orders of magnitude more than the upload bandwidth.
Sending out almost half a megabyte of management interface webpage on every click is not the definition of "sufficient bandwidth management". An SSH/TELNET server to perform remote management is a MUST and should this problem remains unaddressed, I regret I cannot recommend the RV320 series of CISCO SBR to any of my clients.
Even "el cheapo" gateways can support TELNET/SSH management nowdays.
On the automatic load balancing, an Autodetect feature would be nice. Our telco ADSL lines support SRA and will adjust to line noise conditions dynamically.
I acknowledge this isn't easy at all since ADSL modem interface is not part of the implementation and thus there is no practical way for the modem to provide connection speeds back to the router. I have observed that if I set the available speed a bit too high on one line, that one gets congested while the other shows lower usage levels. Network bandwidth metrics for dynamic resource allocation will always be a pain, but this is a problem that maybe could be accessed to improve performance of the device. A better algorithm there is an asset worth investing on.
I had a lot of kernel: wrong ip,not_list in the kernel log but i never noticed any dropped connections so i turned the kernel log off.
As for dropped connections i found this thread https://supportforums.cisco.com/discussion/12382291/internet-speed-very-slow-rv320 and tried cpdfenix123 info and put a switch (actually made an extra 2-port wan vlan on my access switch) between the RV320 and the ISP and my upstream speed went up almost 20 Mbps.
Have you tried a switch between your RV320 WAN and internet?
I'm going to add two more must have's to this list:
1. The ability to perform multiple overload outbound NAT. For example, Private IP range one NAT's out public address A. Private IP range two NAT's out public address B, etc. This feature is available on the ISA 550's and several competitors (including PFSense).
2. The ability to bundle ports and destinations together into an alias to simplify firewall and QoS rule creation. This feature is also available on the ISA 550's and several competitors (including PFSense).
Just want to add I have some feature requests on this page too :-) : https://supportforums.cisco.com/discussion/12387576/rv320-v11119-bugs-feature-requests