While configuring two VLANs on the RV016 I found out that both networks can communicate with each other.
Reading several messages about this issue I saw the solution would be ban all traffic from each other by using the firewall on the router.
Although I find that solution upsetting (they needn't talk to each other .... period!), I did setup firewall rules so this wouldn't happen.
However, this still does not prevent this issue. When I receive an IP address on my computer from VLAN 1 and then change my IP address to one in the range of VLAN 2... I will be allowed into VLAN 2 doing al kinds of stuff on VLAN 2, while I wasn't even supposed to be on this VLAN.
(an other reason why using a firewall is upsetting).
Now I've read the manual and it distinctly sais:
"There is no communication betwen devices on seperate VLANs"
What does your network topology look like? It sounds like you have some sort of VLAN leakage due to plugged 2 untagged VLANs into each other. As Tom said, this is expected behavior. If you are plugged both VLANs into the same switch without segmenting them of course you can reach both. Best method would be to plug the 2 ethernet cables into a managed switch and configure the ports your are plugging into as access ports in the appropriate VLAN.
Let me know if you have any further questions.
Tom Watts wrote:
Hi bart, this is only a port base vlan. There is no tagged vlan in your packet header. This behavior is considered expected hence the requirement for firewall rules.
If you need a more technical explanation, I'd recommend to read up about untagged vs tagged vlan traffic.
Thanks for your information. We do not put the VLANs in the same switch this would indeed create the issue.
Out network looks like this:
We have central RV016 switch in a colocation. Then we have two locations lets call them Location1 and Location2. The locations also have this RV016. All locations (including the central router) are connected with VPN. The central router has a network with IP range 10.10.0.*. Location1 uses IP range 10.10.1.* and Location2 uses IP range 10.10.2.*.
Now I tested it again on Location1 and I found out I cannot reach the VLAN1 of Location1, but can access VPN and reach the networks of the central router and Location2.
Here is what I did:
I use port 7 on the router for VLAN 2. This port is directly patched to the wall outlet so no switches etc.
In this wall outlet I have a wifi station which will provide internet access to customers to ensure they cannot reach out network. It delivers it's own IP range (192.168.1.*).
Now I disconnect my ethernet cable to ensure I don't have a network connection in Location1. I connect to Wifi getting a dhcp lease. I am now on VLAN 2 I go into my network settings and change my IP address to 10.10.1.150 and set my gateway/router to 10.10.1.254. This is within the IP range of VLAN 1.
When I open my console I can't ping to IP 10.10.1.2 (which is used by our local server) but I can ping to 10.10.0.2 (the server in the colocation) and I can also ping to 10.10.2.2 (the server of Location2).
And my firewall settings should prevent this since it has a deny all traffic from source 192.168.2.0 ~ 192.168.2.255 to destination 10.10.0.0 ~ 10.10.255.255
And also the other way around:
Deny all traffic from source 10.10.0.0 ~ 10.10.255.255 to destination 192.168.2.0 ~ 192.168.2.255
So I should not be able to ping to those networks. Not according to the Firewall. Not according to the (separated) VLAN. However in my humble opinion the router should take care of that even without the firewall settings.
Hello, This article will describe how to configure PPTP VPN on the new
RV340/345 routers from the Small Business series. RV340/345
Configuration The first step is to enable the PPTP Server: Go to VPN ->
PPTP Server Change PPTP Server: from Off to On Selec...
Article ID:5748 Use TheGreenBow VPN Client to Connect with RV34x Series
Router Introduction A Virtual Private Network (VPN) connection allows
users to access, send, and receive data to and from a private network by
means of going through a public or share...
Article ID:5728 Configure a Teleworker VPN Client on the RV34x Series
Router Objective The Teleworker VPN Client feature minimizes the
configuration requirements at remote locations by allowing the device to
work as a Cisco VPN hardware client. When the T...