03-22-2015 12:52 PM - edited 03-07-2019 11:12 PM
Hi,
Hi,
I have a small WLAN-setup with two SSIDs (private, guest) bound to two VLANs (private:2, guest: 3). Those VLANs have two subnets (192.168.20.0 and 192.168.30.0).
I don’t want traffic of VLAN2 to be accessible from VLAN3 (obviously).
I am using a WLC 2504 and a Cisco SG200-08P Managed Switch as well as a Cisco RV042G-K9-EU Dual WAN Router.
The WLC is connected to one Trunk Port (tagged only, member of VLAN 2+3) at the SG.
As the RV only supports untagged port based VLAN, I connected two ports of the SG to the RV.
Those Ports are Access Ports to the VLAN on the SG and Ports bound to the respecting VLAN at the RV.
On the RV, I had to enable multiple subnets so that both subnets have internet access.
My problem now is that you can access Subnet 192.168.20.0 (VLAN2, privat) from Subnet 192.168.30.0 (VLAN3, guest). I don’t know how that’s possible.
I checked the setup without the connections to the RV (only WLC and SG) and the Subnets/VLANs are separated properly. But if I add the RV, the separation is compromised.
I already tried to enable a deny role in the firewall to block all traffic from the guest subnet to the private one, but this wasn’t effective either.
What am I doing wrong? Why isn’t the RV separating the traffic of two different VLANs (and Subnets) properly? Do I have a fundamental mistake in my concept?
Thank you all for you help.
Regards,
Tobias
03-22-2015 01:18 PM
Tobias
Do I have a fundamental mistake in my concept?
No, your understanding is fine. Perhaps the firewall only works between the WAN and LAN ports although I have no idea as I haven't used that router.
This forum doesn't deal with your equipment although there are forums on here that do but I had a quick look at some docs and it suggests there is a DMZ port on your router for use as a second WAN connection or as a DMZ.
Could you not simply connect the guest vlan to that port ?
Jon
03-23-2015 01:33 AM
Thanks for your answer.
I cant use the DMZ Port because I am planning to use 2 internet connections with the router.
I simply don't get why the router allows connections of two different VLANs. In the manual it explicitly says that those connections arent allowd (as you would think...)
Regards,
TObias
03-23-2015 07:28 AM
Tobias
Try moving this post to the forum below where they have experience with your router -
https://supportforums.cisco.com/community/5951/small-business-routers
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide