Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1887
Views
0
Helpful
2
Replies

RV345P + WAP571 - Guest WiFi inter-VLAN disable

ValleyITPC
Level 1
Level 1

‎09-11-2017 01:54 PM - edited ‎03-21-2019 10:55 AM

Hi all.  I'm trying to figure out my inter-VLAN routing (disabled or enabled) results.  Here's my basic setup:

 

1 x RV345P

2 x WAP571 (clustered, so for this post might as well be one wap)

1 x computer connected to the Guest WiFi network (the captive portal) on the WAP571

1 x computer connected by ethernet to a LAN port on the RV345P

 

The goal is to test whether I can successfully prevent Guest WiFi users from connecting to anything on the internal LAN.  I'll pause my post at this point and ask that if anybody has a list of best practices or step by step on this topic, please share.  I had to manually trial & error my way to a successful setup.  

 

Alright so, on the WAP and RV, I have created VLAN 2 and this is menat as the Guest WiFi one.  It's a Tagged VLAN, no VLAN management on this ID, and I have assigned a DHCP server to this VLAN 2 so it's a totally different IPv4 subnet than the DHCP server on the LAN.  

 

On the WAP I have Captive Portal set up and working.  

 

So the question is this: on the RV under LAN > VLAN Settings, I have my VLAN 1 at default settings and my VLAN 2 set but with inter-VLAN Routing disabled.  When disabled, I was not able to ping between the two computers, so that was ideal.  So a to be thorough for testing, the idea was to enable/disable it a few times, doing ping tests from computer to computer in both directions each time, to ensure consistency.  

 

What I found was that the ocmputer on the LAN side cannot ping the computer on the Guest WiFi, however, the computer on the Guest Wifi CAN ping the computer on the LAN side, even after I disabled the inter-VLAN Routing again.  Generally speaking though, I notice that as well as I disable or enable inter-VLAN routing, the effects are immediate (ie: the computer that could not ping the other, can suddenly ping the other).  

 

So is there some refresh interval I'm not aware of, or perhaps a bug in the RV or WAP or something, that doesn't like my toggling inter-VLAN routing on and off?  

 

I have not yet tested rebooting the gear.  

 

I hope this post makes sense, sorry it's a bit long.  Thank you!  

Labels:
0 Helpful
2 Replies 2

raluani
Cisco Employee
Cisco Employee

‎10-19-2017 04:29 AM

Hello,
My name is Rozana and i am an engineer from the Small Business Team.

There should not be any delay. The effect should be immediate.
Once you disable the inter-vlan routing for VLAN 2, then once you click the Apply button on the page, and after the page refreshes, then the feature should be turned off.

Sometimes after several changes the device may stop accepting the same changes, or the browser can crash.

If that happens please try to open the Web GUI from another browser and double check if the feature is disabled.
Then run the test again, and your clients should not be able to access VLAN 1 from VLAN 2.

If you still experience the issue, please call our SBSC support line, so we can research further.

Regards.

0 Helpful

kjosephs01
Level 1
Level 1
In response to raluani

‎02-16-2018 10:53 AM

Hello, Along those same lines, I am upgrading from an RV325 to the RV345p and am trying to find out how to disable "Device Management" on selected VLANs. On the RV325, it was simply a box to uncheck on the VLAN membership page. How do I disable this function on the RV345p? I want to disable Device management for specific VLANs. 

 

Thank you very much.

Kareem

0 Helpful
Customers Also Viewed These Support Documents