Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

RV016 - Achieving Segregation and VLANS

Good afternoon, our company started out very small and is now growing very large to the point where I am looking at layering hosts to obtain more segregation and security for different areas/users within the company. I've been playing around with the VLAN feature in this router a long with the multiple subnets to see what the most ideal configuration situation would be.

Ideally I was thinking I would block out hosts for areas regarding security and use the VLANS built into the RV016 to isolate them from other users/areas on the network. HOWEVER it seems that the VLANS ONLY segregrate within the Device IP Address (RV016) and Subnet Masks realm. So for example, if my RV016 is setup with a standard Class C net of 192.168.1.1 host with a 255.255.255.0 sub, and I add a multiple subnet of 192.168.2.0/24, and I then assign a LAN port in the RV016 to say VLAN2, and all others to VLAN1, my device on ip 192.168.1.20 VLAN2 for example, is accessible by devices on the VLAN1 with ip 192.168.2.20. It appears to me that the VLAN functions on the LAN ports are NOT being applied to devices that are added or created under multiple subnets.

This is frustrating for me because ideally this is how I would prefer to use it so I can expand my network by adding more hosts and acheiving segregation and separation. Ideally this would be resolvable if I could modify the main device subnet mask to something OTHER than the 255.255.255.x settings that are preset in the device, disgarding the need for multiple subnets, and allowing VLANS to function as they are built into the device. It seems the only way I can truly get the security/separation I desire between devices on the VLANs and in the multiple subnets is to create deny ACL's within the RV016 itself.

Hopefully this makes sense. I guess I am wondering if there are other devices out in the market that will acheive what I want to do but not require some substantial elite network training degree to hand code everything in console/terminal? Any other suggestions appreciate to acheive what I explained above. Thank you for reading and your help.

3 REPLIES

RV016 - Achieving Segregation and VLANS

RV016 supports multiple subnets and port-based VLAN. If a host is connected to a port designated to VLAN2, the host should be isolated from all the computers in VLAN1, regardless the IP address of the host.

New Member

RV016 - Achieving Segregation and VLANS

This is exactly how I was hoping or assumed it should work as well but it does not seem to behave that way. HOWEVER, after posting this I did find an interesting possible solution. If you add a multiple subnet of 192.168.0.0 @ 255.255.0.0 and have the device at 192.168.1.1 @ 255.255.255.0 you THEN are able to acheive segregation under the VLAN functionality of the device. I need to look into this more, I'm sure it makes sense to someone, somewhere, but just not me at the moment. Brain is mush after troubleshooting different options and scenarios.

Re: RV016 - Achieving Segregation and VLANS

The access rules of RV016 allow you to control which IP address can have access to which IP address within the same VLAN. Just an FYI.

732
Views
0
Helpful
3
Replies