RVS4000 DHCP Issue

Unanswered Question
Aug 3rd, 2012

I own 2 Cisco RVS4000 routers. One is my gateway with a untangle UTM machine behind it. Untangle does not support vlan tags so I have a second RVS4000 router behind the untangle machine which I would like to setup vlans on. I have the second RVS4000 setup in router mode not gateway. I would prefer to not double nat. I have static routes between the 2 routers working. I have super scoped the first router so all my addresses and networks are within scope of the first RVS4000 router address and mask. I am trying to use the second RVS4000 as just a normal router with no firewall. My reason for all of this is I believe the first RVS4000 will not NAT traffic from the second RVS4000 LAN network because it is out of scope and I have no internet access from the second RVS4000 router. My IP addresses for the RVS4000 routers are as follows

First RVS4000

WAN   PPPOE     DHCP

LAN       IP               192.168.16.1     255.255.255.0      

Second RVS4000

WAN     Static IP   192.168.16.3   255.255.255.128

LAN         IP             192.168.16.130     255.255.255.128

My problem now after all this is I cannot get DHCP on the second RVS4000 to assign addresses in the 255.255.255.128 scope. When I try to setup DHCP the second RVS4000 router just wipes out my static assigned address on the LAN side. It just blanks the IP address out and resets the mask to 255.255.255.0 . I have not got to the vlan part but I figure it will not work if this does not work. Do you see any errors in my configuration? I think maybe this is a bug in the router code. What do you think?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
coxhaus01 Fri, 08/03/2012 - 22:25

I forgot to say I am running the latest firmware version V2.0.3.2 on hardware version 2 of the RVS4000 router. Thanks for your help.

coxhaus01 Sun, 08/05/2012 - 21:46

I have made some progress. I decided to skip setting up DHCP on RVS4000 router. I turned on DHCP relay and set a scope up on my Windows server. The DHCP relay works fine but the second RVS4000 router still has problems with the above network settings. I setup a Cisco 2600 router with the above network settings and everything works fine with the 2600 router instead of the second RVS4000 router. I am currently running my wireless laptop through the 2600 router as I write this. Is there any chance you will fix the RVS4000 router code? Would the RV180 or RV220W work? I do not want to have to run the big and loud 2600 router.

I like Cisco routers but I need a response or I will start looking elsewhere.

Tom Watts Sun, 08/05/2012 - 22:09

Hello Lee, I believe the first issue is, on the second RVS4000 router, you're connecting to the WAN port. Try connecting to the ethernet / LAN port instead.

I guess I don't understand about the UTM device and the VLANs. If the UTM device is like a computer (which only cares about IP addresses unless you specify a VLAN ID on the NIC) then the VLAN situation shouldn't be any kind of consequence as it shouldn't be looking for layer 2 VLAN ID. You may also run in to some issues with the DHCP relay down the road, as the RVS4000 has an embedded DHCP server, it means your subsequent VLANs should be serviced by the router DHCP server and your window server can manage the VLAN 1.

If you can simplify your original statement, I will be happy to try to design a goal with you and achieve it in the most simplistic manner.

Here is my interpretation of your post. With this diagram, what is the purpose of super-netting the second RVS4000? The RVS4000 will only handle 1 DHCP scope per subnet, meaning, you will need to use the /24 or /25, but not both. Unless you create VLAN 2 and use 2 subnet at /25.

-Tom

coxhaus01 Sun, 08/05/2012 - 22:47

The second RVS4000 will not run correctly in router mode with above addresses. I cannot get a good ping going through the RVS4000 router. I can substitute a Cisco 2600 dual Ethernet port router and it works fine. To see the RVS4000 code is broken just assign the IP addresses above for the second RVS4000 and try to setup a DHCP scope for the second half of the 255.255.255.128 mask address. Try a DHCP scope of starting address 192.168.16.150. The RVS4000 code will break and not work.

What I would like to setup is 2 vlans. One for LAN based machines and one for wireless machines. The vlans will need to be created on the second RVS4000 router in router mode so I will need DHCP fixed. The Untangle UTM is a computer based firewall and will not pass vlan tags so the first RVS4000 will not work for setting up vlans. I want all traffic to pass through the Untangle firewall box.

coxhaus01 Sun, 08/05/2012 - 22:56

Your picture is not excatly right. The picture is more like the frist RVS4000 router conrcted to a port on the Untangle UTM and then another port on the Untangle conects to the second RVS4000 router so the only way for the RVS4000 routers to commincate is through the UNtangle machine. There are 2 NICs in the Untangle machine.

Tom Watts Mon, 08/06/2012 - 08:38

Hi Lee, here is a new image. I still don't know why you want to supernet. As an alternative solution, you can probably use a managed switch in place of the second RVS4000 if you do not want to rely DHCP from the second router.

Here is the implementation with assumptions*

*The Untangle is not a NAT device

**The RVS4000 residing 192.168.16.1 has a public IP on the LAN interface

***I made VLAN 2 subnet 192.168.17.0/24 for lack of better examples

****There is no truthful need to supernet

  • On 192.168.16.1 router create a second VLAN and address it as desired
  • The port connecting to the 192.168.16.130 router should be classified as 1untagged, 2 tagged
  • The LAN port connecting from 192.168.16.1 should be connect to a LAN port of the 192.168.16.130
  • On the 192.168.16.130 should be the second VLAN created with the same respective Ip subnet
  • The port connecting to the 192.168.16.1 should be configured for Vlan 1 untagged, Vlan 2 tagged
  • Any port you want exclusive to the 192.168.17.0/24 subnet may be configured as untagged and will only service that subnet
  • If you do not wish to have either subnet communicate, disable intervlan routing on the advance routing tab of the 192.168.16.1 router
  • If you require certain devices to be in a top half of your subnet mask you may assign static DHCP based off MAC addresses. The feature is called Static IP Mapping
  • The DHCP can be configured on either router, but preferably not both

-Tom

coxhaus01 Mon, 08/06/2012 - 09:41

Hey Tom,

I will give your scenario some thought and probably will try it. The only issue I have is using a PC at the front door instead of a router. Routers tend to be more reliable than PC computers. If the PC breaks everything is off, the internet and mail is down. Using a router as the front door and Untangle in transparent bridged mode, if the PC breaks the firewall goes down and my network keeps connecting to the internet using the firewall in the router as the Untangle PC was running in transparent bridge mode and just drops out of the picture.

You don’t by chance have a scenario with one router at the front door with the Untangle machine still running in transparent bridge mode. I use a Cisco WAP4410N as my wireless device.

One more thing is I am pretty flexible with addressing but my mail server needs to keep a 192.168.16.2 IP address. Everything else can change.

coxhaus01 Mon, 08/06/2012 - 10:02

I just thought of something. If I run Untangle at the front door and not use it in transparent bridge mode then it will be a NAT device. Untangle will need to run the DSL modem if I use it at the front door. I do not want to double NAT. So I do not think your scenario will work. But you tell me?

PS,

While I am stating requirements, the wireless clients need DHCP. No way to asign static entries for devices I don't own.

Tom Watts Mon, 08/06/2012 - 10:26

Hi Lee, here is a new proposal based off the additional information with the assumptions*

*192.168.16.1 is connecting to the internet and is the NAT device

**192.168.16.130 is router mode

***Untangle UTM cannot participate VLAN 2

For 192.168.1.1 Gateway router

  • Configure 192.168.1.1 router for internet connectivity
  • Configure a second VLAN as desired and specify the DHCP scope
  • Cofigure a single port to be 1untagged for the Untangle Box
  • Configure a single  port to be 1untagged, 2 tagged

For the 192.168.16.130 Router Mode

  • Configure the router in router mode
  • Connect this router from a LAN port of the 192.168.1.1 to a LAN port of this router
  • Configure the second VLAN with the corresponding subnet of the 192.168.1.1 router
  • Set a single port as 1untagged, 2tagged to connect to the 192.168.1.1 router
  • If your access point services both subnet, configure a single port as 1untagged, 2tagged

For access point configuration

  • Assign a static IP on the subnet of VLAN 1, my example 192.168.16.131
  • Configure your SSID
  • Associate the VLAN ID to the SSID you desire

Key Notes-

Wireless isolate within SSID means you cannot access wirelessly connectivity devices while connected to the same SSID

Wireless isolate between SSID means you cannot access wireless while connected to each SSID wireless

You may disable all intervlan routing on the 192.168.1.1 router

-Tom

coxhaus01 Mon, 08/06/2012 - 11:18

Untangle has a outside and inside NIC and all traffic must flow through the Untangle machine. Did I not understand your scenario?

Tom Watts Mon, 08/06/2012 - 11:24

Lee, I don't know what more proposals can be made for you.

If the Untangle is not the NAT device, you can't have double NAT, you want the router to be the forefront and handle all traffic flow. This is not going to be a possible situation with this equipment.

The Untangle can be some sort of transparent connection that passes your ISP information to the RVS4000 then this is okay. But, this also means the Untangle box won't be protected by NAT or behind the RVS4000 as there is 1 connection for your internet and 1 connection to the RVS4000 WAN port.

The other possibility is some sort of DMZ. But the RVS4000 handles only software DMZ (its like a 1-1 NAT function).

-Tom

coxhaus01 Mon, 08/06/2012 - 12:14

My scenario will work if the router code for RVS4000 will work. I can create the vlans on the second RVS4000 but DHCP does not work. If I cannot have vlans I like the idea to separate all the wireless traffic on a separate network as I am running using the 2600. I would like to use the second RVS4000 to separate the networks using my Microsoft DHCP server and replace the 2600 but the router code will not work that way either. Pings just due not work correctly there is something wrong with the code.

Actions

Login or Register to take actions

This Discussion

Posted August 3, 2012 at 10:22 PM
Stats:
Replies:13 Avg. Rating:
Views:1299 Votes:0
Shares:0
Tags: rvs4000
+

Related Content

Discussions Leaderboard