I have an RV120W small business router running the latest firmware. I created 2 VLANs, one for work and one for guest access. Problem is that I want to completely segment the traffic from the guest VLAN so that it cannot access anything on the work VLAN. I've tried setting the default outbound policy to block the traffic and even set a rule saying the range of addresses on the guest VLAN block any service to the work addresses. I want to make these firewall rules as secure as possible and essentially block everything, even on both VLANs and then create my own 'white list' however no matter what rule I try to put in, it seems to do nothing. Everything is still talking like the firewall isn't even there...
My name is Ismael. Iam with the Small Business Support Team. From my understanding you like to separate traffic from guest to reach your work Vlan. If your topology only include the router (RV120w) with no manage switch then no policy rules have to be put in place. The best thing to do is keep inter Vlan routing disabled for your guest vlan. This can be done under Networking>>>Vlan Membership. If both are disabled then both Vlans will not be able to communicate,but to route to the internet.
If the topology includes a managed switch on layer 3 and routing vlans then you would need ACL's within the switch alone. Hope this helps!
Hi there Ismael. Thanks for the quick response. So yes I am just using the router in this topology. I thought about disabling inter-VLAN routing however there are actually a few ports I wanted to allow through to the private VLAN (such as DNS, HTTP). I'm really just trying to figure out how exactly the access rules work on the Small Business series routers. Basically what I've been doing is defining a series of blocked outbound rules for each protocol that includes the source as the range of addresses I have for the guest VLAN and the destination as the range of addresses for the private VLAN. This approach doesn't seem to be working. Am I going about this in completely the wrong way?
So I went ahead and disabled inter-VLAN routing on the guest VLAN but it's still routing traffic to the private VLAN!!! I've attached two screenshots. One is showing that I do in fact have inter-VLAN routing disabled on the guest VLAN and the other is showing a host on the Guest VLAN (the 172.16.20.0 subnet) being able to SSH to a host on the private VLAN (the 172.16.10.0 subnet).
Hi every one!!!When you are configuring a remote VPN connection, there
are some steps that are lost on the path. Here you can see those steps.
A) In your Cisco device: 1. Ensure you don´t have any rule denying the
traffic between the device and the remote...
** Update **These and a number of other issues have been addressed in
SRP520 MR3. Please see https://supportforums.cisco.com/docs/DOC-13853
for details on how to access this code.There have been a number of
reports of the SRP500 becoming unresponsive afte...
STANDARDSOURCECOMMENTSEthernet RJ-45 connector pin number12345678IEEE
802.3afusing data pairsRXDC+RXDC+TXDC-sparespareTXDC-sparespareIndustry
Standard for Embedded POE(used by Cisco Catalyst Switches)IEEE
802.3afusing spare pairs RXRXTXDC+DC+TXDC-DC-Indus...