Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
998
Views
0
Helpful
3
Replies

RV220W Inter VLAN firewall rules

Go to solution
axisline1
Level 1
Level 1

‎09-17-2014 05:14 AM

Hi

I just bought Cisco RV220W router for our branch to replace Zywall 2 Plus.  Device updated to the latest firmware 1.0.5.8 .

I tried many different setting  but cannot resolve simple inter VLAN configuration, which ZyWall can resolve in few clicks .

I have simple task: I need two isolated VLANs on my network (VLAN 1: 10.1.2.1  and VLAN10: 192.168.2.1). No traffic between VLANs is permitted. I have to configure several exceptions:

1.) access from VLAN1 to a server (192.168.2.40) on VLAN10 port 3389 (RDP).

2.) access from VLAN10 to a network printer (10.1.2.10) on VLAN1  port 9100.

I tried several settings and firewall configurations which does not work.

I tried inter VLAN (VLAN-VLAN) rules to block all traffic except permitted but such rules does not change anything.  I have full access from one VLAN to another and vice versa.

I tried to disable inter VLAN routing, which resolve my isolation task, but interVLAN  Firewall rules does not work for exceptions I need.  

 

Thanks for all your help in advance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kremena Ivanova
Cisco Employee
Cisco Employee

‎09-23-2014 04:50 AM

Hi,

 

For this configuration, first you need to uncheck the option InterVlan routing for both VLANs (networking > LAN > VLAN Membership).Also you need to insure that the ports are propely configured- Tagged/Untagged/Excluded

After that you need to create 2 Access Rules (Inter LVLAN ( VLAN - VLAN))

- from Defaul to VLAN10 - Always Allow - Source Any - Destination 192.168.2.40

-from VLAN10 to Default - Always Allow - Source Any - Destination 10.1.2.10

There is no need to create block rules as it is by default and interVLAN routing is not enabled.

 

If with this  configuration you still does not have access to the server and printer, you can use Administration - Diagnostic - Capture Packets and Wireshark to trace if the packets are correctly routed through the VLANs and where the chain stops.

 

Regards,

Kremena

 

 

 

View solution in original post

0 Helpful
3 Replies 3

Go to solution
axisline1
Level 1
Level 1

‎09-22-2014 11:28 AM

Any ideas how to enable inter VLAN firewall rules?

0 Helpful

Go to solution
Kremena Ivanova
Cisco Employee
Cisco Employee

‎09-23-2014 04:50 AM

Hi,

 

For this configuration, first you need to uncheck the option InterVlan routing for both VLANs (networking > LAN > VLAN Membership).Also you need to insure that the ports are propely configured- Tagged/Untagged/Excluded

After that you need to create 2 Access Rules (Inter LVLAN ( VLAN - VLAN))

- from Defaul to VLAN10 - Always Allow - Source Any - Destination 192.168.2.40

-from VLAN10 to Default - Always Allow - Source Any - Destination 10.1.2.10

There is no need to create block rules as it is by default and interVLAN routing is not enabled.

 

If with this  configuration you still does not have access to the server and printer, you can use Administration - Diagnostic - Capture Packets and Wireshark to trace if the packets are correctly routed through the VLANs and where the chain stops.

 

Regards,

Kremena

 

 

 

0 Helpful

Go to solution
axisline1
Level 1
Level 1
In response to Kremena Ivanova

‎09-23-2014 09:59 AM

Kremena, Thanks a lot.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents