cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
469
Views
5
Helpful
3
Replies

Sepatation of VLANs on RV042G-K9

brenner01
Level 1
Level 1

Hi,

 

Hi,

 

I have a small WLAN-setup with two SSIDs (private, guest) bound to two VLANs (private:2, guest: 3). Those VLANs have two subnets (192.168.20.0 and 192.168.30.0).

I don’t want traffic of VLAN2 to be accessible from VLAN3 (obviously).

 

I am using a WLC 2504 and a Cisco SG200-08P Managed Switch as well as a Cisco RV042G-K9-EU Dual WAN Router.

The WLC is connected to one Trunk Port (tagged only, member of VLAN 2+3) at the SG.

As the RV only supports untagged port based VLAN, I connected two ports of the SG to the RV.

Those Ports are Access Ports to the VLAN on the SG and Ports bound to the respecting VLAN at the RV.

On the RV, I had to enable multiple subnets so that both subnets have internet access.

My problem now is that you can access Subnet 192.168.20.0 (VLAN2, privat) from Subnet 192.168.30.0 (VLAN3, guest). I don’t know how that’s possible.

I checked the setup without the connections to the RV (only WLC and SG) and the Subnets/VLANs are separated properly. But if I add the RV, the separation is compromised.

I already tried to enable a deny role in the firewall to block all traffic from the guest subnet to the private one, but this wasn’t effective either.

What am I doing wrong? Why isn’t the RV separating the traffic of two different VLANs (and Subnets) properly? Do I have a fundamental mistake in my concept?

 

Thank you all for you help.

 

Regards,

 

Tobias

3 Replies 3

Jon Marshall
Hall of Fame
Hall of Fame

Tobias

Do I have a fundamental mistake in my concept?

No, your understanding is fine. Perhaps the firewall only works between the WAN and LAN ports although I have no idea as I haven't used that router. 

This forum doesn't deal with your equipment although there are forums on here that do but I had a quick look at some docs and it suggests there is a DMZ port on your router for use as a second WAN connection or as a DMZ.

Could you not simply connect the guest vlan to that port ?

Jon

Thanks for your answer.

I cant use the DMZ Port because I am planning to use 2 internet connections with the router.

 

I simply don't get why the router allows connections of two different VLANs. In the manual it explicitly says that those connections arent allowd (as you would think...)

 

Regards,

 

TObias

Tobias

Try moving this post to the forum below where they have experience with your router -

https://supportforums.cisco.com/community/5951/small-business-routers

Jon

Review Cisco Networking for a $25 gift card