Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
545
Views
0
Helpful
2
Replies

rv325 Keep port in only one VLAN

SanityIO
Level 1
Level 1

‎07-02-2020 06:13 PM - edited ‎07-02-2020 11:01 PM

Hi,

   Here is my setup:

   VLAN 10 - surveillance;

   Port 2 (LAN2) - PoE switch with cameras.

   Port 6 (LAN6) - NVR (surveillance recording station)

   vlan_setup.png

    I want to be able to access Port6 machine in VLAN 10 from VLAN 1 (Default); At the same time I want Port 2 traffic to be fully isolated within VLAN 10;

     I've tried different VLAN Exclusion options for ports none of which worked for me.

     If both VLAN Inter VLAN routing enabled - I can access resources in VLAN (cameras and NVR) from default VLAN. If I disable Inter VLAN routing for one of the VLANs - they are isolated.

      Excluded option on port doesn't change anything. With the setup from screenshot as well as other setups where I mutually exclude all ports I can still access resources in VLAN 10 from default VLAN. Am I getting it correctly that if I set Excluded for LAN2 VLAN1 - that should explude traffic from default VLAN to access VLAN 10?

      I sort of want isolated VLAN with a single port (NVR) being able to talk to both VLANs. How I can achieve that?

Thanks!
--
Update: Set all to Tagged/Untagged; and faced the same issue as https://community.cisco.com/t5/small-business-routers/rv325-inter-vlan-routing-not-working/td-p/2843621
I can ping 192.168.1.50 (VLAN1) from VLAN 1 machine and NOT from VLAN 10; Moved that machine from VLAN 1 to it's own VLAN100 - and now I'm able to ping it from VLAN 10. (No access rules.) This must be a joke. Firmware v1.4.2.22 (2019-04-02, 16:43:16) feels like a joke to me. VLANS and Exclude feature totally not working.

Labels:
0 Helpful
2 Replies 2

ecsit
Level 1
Level 1

‎07-03-2020 03:38 AM

Is the NVR able to handle tagged VLAN traffic? This usually means, you have to create a virtual network interface that is listening to tagged VLAN traffic for VLAN1 and is also able to send tagged VLAN traffic with ID1. Because the tagged traffic is ignored by a "normal" network interface! Some switches I know have this kind of "simple" VLAN support to just enable or disable ports for a specific VLAN ID and the traffic is allways untagged, with the RV325 it's not working this way. That's also why you can only set exactly one VLAN ID as untagged for each port.
0 Helpful

SanityIO
Level 1
Level 1
In response to ecsit

‎07-03-2020 07:31 PM

Hi ecsit,

    No, unfortunately NVR can't handle tagged traffic.

    I was able to achieve what I want by enabling Inter VLAN routing and then in Firewall-> Access Rules I created deny rule to disallow any traffic to surveillance VLAN DHCP range (192.168.2.100...192.168.2.200). To be able to access NVR from default VLAN I binded NVR mac to 192.168.2.50 (not affected by Deny rule.)
    That way NVR can still access 192.168.2.100...192.168.2.200 because I suspect access rules applied higher in the stack than inside VLAN routing, while default VLAN can't access cameras ip ranges.

0 Helpful
Customers Also Viewed These Support Documents