Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
664
Views
0
Helpful
4
Replies

RV325 dedicated management interface

dwu-zingbox
Level 1
Level 1

‎06-05-2019 12:58 PM

Use case: RV325 is deployed at guest net WAN router / firewall supporting logically isolated VLAN/subnet.

Help needed: Configure a LAN port to use for management purpose sitting on a corp VLAN which is isolated from guest side.

What I've tried: configure the corp VLAN on one of the LAN port and add static routing. But the IP of the L3 interface is reachable from other corp side subnet. Possible cause if that the static routing doesn't allow specifying the interface. Routing tables shows LAN as the next hop instead of specific port.

 

Is this dedicated management interface possible?

 

Labels:
0 Helpful
4 Replies 4

Jo Kern
Cisco Employee
Cisco Employee

‎06-06-2019 03:41 AM

Yes, a dedicated port  for management is possible.

Can you add some ip address examples to illustrate your question a bit better?

You want to have the router management port accessible from the corporate VLAN but you do not want to have it accessible from all your subnets ?

I assume you connect the LAN port to a corporate switch ?

0 Helpful

dwu-zingbox
Level 1
Level 1
In response to Jo Kern

‎06-06-2019 09:17 AM

Hi Jo,

 

Appreciate your response. Here's more detail,

CorpNet

VLAN10 (access): 192.168.10.0/23 GW 192.168.10.1 (L3 switch C3650) --> PaloAlto Firewall --> ISP1

VLAN1 (mgmt): 192.168.1.0/24 GW 192.168.1.1 (L3 switch C3650)

 

GuestNet

VLAN30: 192.168.30.0/24 (C3650) --> GW 192.168.30.1 (RV325) --> ISP2

 

VLAN 1, 10 30 coexist on L3 switch C3650 but VLAN30 is isolated from VLAN1 and 10 so CorpNet and GuestNet are separated. Now I want to assign an 192.168.1.0/24 IP to RV325 just for management so that I can access it from VLAN10 (192.168.10.0/24). 

0 Helpful

Jo Kern
Cisco Employee
Cisco Employee
In response to dwu-zingbox

‎06-06-2019 02:04 PM

Configure VLAN1 on RV325 with an IP address of 192.168.1.123 ( static in DHCP settings ). Configure VLAN10 with a static IPaddress 192.168.10.123

Enable InterVlanrouting between VLAN1 and VLAN10 on RV325.

If you want to have access from VLAN10 hosts to VLAN1 hosts.

Let me know if this works for you.

 

 

 

0 Helpful

dwu-zingbox
Level 1
Level 1
In response to Jo Kern

‎07-23-2019 12:59 PM

Hi Jo,

 

Thanks for the hint but no it doesn't work reason being,

 

PC at 192.168.10.99 have the default GW at 192.168.10.1 which is the C3650. So the PC outbound traffic will be,

PC (192.168.10.99) --> GW (192.168.10.1) (Router C3650) --> GW (192.168.1.1) --> RV325 (192.168.1.123)

But RV325 will try to route the return packets through its 192.168.10.123 interface because the 192.168.10.0/24 is already in the routing table.

 

0 Helpful
Customers Also Viewed These Support Documents