Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

RV220W Inter VLAN firewall rules

Hi

I just bought Cisco RV220W router for our branch to replace Zywall 2 Plus.  Device updated to the latest firmware 1.0.5.8 .

I tried many different setting  but cannot resolve simple inter VLAN configuration, which ZyWall can resolve in few clicks .

I have simple task: I need two isolated VLANs on my network (VLAN 1: 10.1.2.1  and VLAN10: 192.168.2.1). No traffic between VLANs is permitted. I have to configure several exceptions:

1.) access from VLAN1 to a server (192.168.2.40) on VLAN10 port 3389 (RDP).

2.) access from VLAN10 to a network printer (10.1.2.10) on VLAN1  port 9100.

I tried several settings and firewall configurations which does not work.

I tried inter VLAN (VLAN-VLAN) rules to block all traffic except permitted but such rules does not change anything.  I have full access from one VLAN to another and vice versa.

I tried to disable inter VLAN routing, which resolve my isolation task, but interVLAN  Firewall rules does not work for exceptions I need.  

 

Thanks for all your help in advance.

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions

Hi, For this configuration,

Hi,

 

For this configuration, first you need to uncheck the option InterVlan routing for both VLANs (networking > LAN > VLAN Membership).Also you need to insure that the ports are propely configured- Tagged/Untagged/Excluded

After that you need to create 2 Access Rules (Inter LVLAN ( VLAN - VLAN))

- from Defaul to VLAN10 - Always Allow - Source Any - Destination 192.168.2.40

-from VLAN10 to Default - Always Allow - Source Any - Destination 10.1.2.10

There is no need to create block rules as it is by default and interVLAN routing is not enabled.

 

If with this  configuration you still does not have access to the server and printer, you can use Administration - Diagnostic - Capture Packets and Wireshark to trace if the packets are correctly routed through the VLANs and where the chain stops.

 

Regards,

Kremena

 

 

 

3 REPLIES
New Member

Any ideas how to enable inter

Any ideas how to enable inter VLAN firewall rules?

Hi, For this configuration,

Hi,

 

For this configuration, first you need to uncheck the option InterVlan routing for both VLANs (networking > LAN > VLAN Membership).Also you need to insure that the ports are propely configured- Tagged/Untagged/Excluded

After that you need to create 2 Access Rules (Inter LVLAN ( VLAN - VLAN))

- from Defaul to VLAN10 - Always Allow - Source Any - Destination 192.168.2.40

-from VLAN10 to Default - Always Allow - Source Any - Destination 10.1.2.10

There is no need to create block rules as it is by default and interVLAN routing is not enabled.

 

If with this  configuration you still does not have access to the server and printer, you can use Administration - Diagnostic - Capture Packets and Wireshark to trace if the packets are correctly routed through the VLANs and where the chain stops.

 

Regards,

Kremena

 

 

 

New Member

Kremena, Thanks a lot.

Kremena, Thanks a lot.

264
Views
0
Helpful
3
Replies
CreatePlease login to create content