I own 2 Cisco RVS4000 routers. One is my gateway with a untangle UTM machine behind it. Untangle does not support vlan tags so I have a second RVS4000 router behind the untangle machine which I would like to setup vlans on. I have the second RVS4000 setup in router mode not gateway. I would prefer to not double nat. I have static routes between the 2 routers working. I have super scoped the first router so all my addresses and networks are within scope of the first RVS4000 router address and mask. I am trying to use the second RVS4000 as just a normal router with no firewall. My reason for all of this is I believe the first RVS4000 will not NAT traffic from the second RVS4000 LAN network because it is out of scope and I have no internet access from the second RVS4000 router. My IP addresses for the RVS4000 routers are as follows
WAN PPPOE DHCP
LAN IP 192.168.16.1 255.255.255.0
WAN Static IP 192.168.16.3 255.255.255.128
LAN IP 192.168.16.130 255.255.255.128
My problem now after all this is I cannot get DHCP on the second RVS4000 to assign addresses in the 255.255.255.128 scope. When I try to setup DHCP the second RVS4000 router just wipes out my static assigned address on the LAN side. It just blanks the IP address out and resets the mask to 255.255.255.0 . I have not got to the vlan part but I figure it will not work if this does not work. Do you see any errors in my configuration? I think maybe this is a bug in the router code. What do you think?
I have made some progress. I decided to skip setting up DHCP on RVS4000 router. I turned on DHCP relay and set a scope up on my Windows server. The DHCP relay works fine but the second RVS4000 router still has problems with the above network settings. I setup a Cisco 2600 router with the above network settings and everything works fine with the 2600 router instead of the second RVS4000 router. I am currently running my wireless laptop through the 2600 router as I write this. Is there any chance you will fix the RVS4000 router code? Would the RV180 or RV220W work? I do not want to have to run the big and loud 2600 router.
I like Cisco routers but I need a response or I will start looking elsewhere.
Hello Lee, I believe the first issue is, on the second RVS4000 router, you're connecting to the WAN port. Try connecting to the ethernet / LAN port instead.
I guess I don't understand about the UTM device and the VLANs. If the UTM device is like a computer (which only cares about IP addresses unless you specify a VLAN ID on the NIC) then the VLAN situation shouldn't be any kind of consequence as it shouldn't be looking for layer 2 VLAN ID. You may also run in to some issues with the DHCP relay down the road, as the RVS4000 has an embedded DHCP server, it means your subsequent VLANs should be serviced by the router DHCP server and your window server can manage the VLAN 1.
If you can simplify your original statement, I will be happy to try to design a goal with you and achieve it in the most simplistic manner.
Here is my interpretation of your post. With this diagram, what is the purpose of super-netting the second RVS4000? The RVS4000 will only handle 1 DHCP scope per subnet, meaning, you will need to use the /24 or /25, but not both. Unless you create VLAN 2 and use 2 subnet at /25.
The second RVS4000 will not run correctly in router mode with above addresses. I cannot get a good ping going through the RVS4000 router. I can substitute a Cisco 2600 dual Ethernet port router and it works fine. To see the RVS4000 code is broken just assign the IP addresses above for the second RVS4000 and try to setup a DHCP scope for the second half of the 255.255.255.128 mask address. Try a DHCP scope of starting address 192.168.16.150. The RVS4000 code will break and not work.
What I would like to setup is 2 vlans. One for LAN based machines and one for wireless machines. The vlans will need to be created on the second RVS4000 router in router mode so I will need DHCP fixed. The Untangle UTM is a computer based firewall and will not pass vlan tags so the first RVS4000 will not work for setting up vlans. I want all traffic to pass through the Untangle firewall box.
Your picture is not excatly right. The picture is more like the frist RVS4000 router conrcted to a port on the Untangle UTM and then another port on the Untangle conects to the second RVS4000 router so the only way for the RVS4000 routers to commincate is through the UNtangle machine. There are 2 NICs in the Untangle machine.
Hi Lee, here is a new image. I still don't know why you want to supernet. As an alternative solution, you can probably use a managed switch in place of the second RVS4000 if you do not want to rely DHCP from the second router.
Here is the implementation with assumptions*
*The Untangle is not a NAT device
**The RVS4000 residing 192.168.16.1 has a public IP on the LAN interface
***I made VLAN 2 subnet 192.168.17.0/24 for lack of better examples
****There is no truthful need to supernet
I will give your scenario some thought and probably will try it. The only issue I have is using a PC at the front door instead of a router. Routers tend to be more reliable than PC computers. If the PC breaks everything is off, the internet and mail is down. Using a router as the front door and Untangle in transparent bridged mode, if the PC breaks the firewall goes down and my network keeps connecting to the internet using the firewall in the router as the Untangle PC was running in transparent bridge mode and just drops out of the picture.
You don’t by chance have a scenario with one router at the front door with the Untangle machine still running in transparent bridge mode. I use a Cisco WAP4410N as my wireless device.
One more thing is I am pretty flexible with addressing but my mail server needs to keep a 192.168.16.2 IP address. Everything else can change.
I just thought of something. If I run Untangle at the front door and not use it in transparent bridge mode then it will be a NAT device. Untangle will need to run the DSL modem if I use it at the front door. I do not want to double NAT. So I do not think your scenario will work. But you tell me?
While I am stating requirements, the wireless clients need DHCP. No way to asign static entries for devices I don't own.
Hi Lee, here is a new proposal based off the additional information with the assumptions*
*192.168.16.1 is connecting to the internet and is the NAT device
**192.168.16.130 is router mode
***Untangle UTM cannot participate VLAN 2
For 192.168.1.1 Gateway router
For the 192.168.16.130 Router Mode
For access point configuration
Wireless isolate within SSID means you cannot access wirelessly connectivity devices while connected to the same SSID
Wireless isolate between SSID means you cannot access wireless while connected to each SSID wireless
You may disable all intervlan routing on the 192.168.1.1 router
Lee, I don't know what more proposals can be made for you.
If the Untangle is not the NAT device, you can't have double NAT, you want the router to be the forefront and handle all traffic flow. This is not going to be a possible situation with this equipment.
The Untangle can be some sort of transparent connection that passes your ISP information to the RVS4000 then this is okay. But, this also means the Untangle box won't be protected by NAT or behind the RVS4000 as there is 1 connection for your internet and 1 connection to the RVS4000 WAN port.
The other possibility is some sort of DMZ. But the RVS4000 handles only software DMZ (its like a 1-1 NAT function).
My scenario will work if the router code for RVS4000 will work. I can create the vlans on the second RVS4000 but DHCP does not work. If I cannot have vlans I like the idea to separate all the wireless traffic on a separate network as I am running using the 2600. I would like to use the second RVS4000 to separate the networks using my Microsoft DHCP server and replace the 2600 but the router code will not work that way either. Pings just due not work correctly there is something wrong with the code.
If you'd like to persist this, I would recommend to call the SBSC and create a service request. For any formal documentation a service request (case) should be created. If you do call, please have your Cisco ID, serial number and you may also reference this forum post.