Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Small Business Router Firewall Rules

I have an RV120W small business router running the latest firmware. I created 2 VLANs, one for work and one for guest access. Problem is that I want to completely segment the traffic from the guest VLAN so that it cannot access anything on the work VLAN. I've tried setting the default outbound policy to block the traffic and even set a rule saying the range of addresses on the guest VLAN block any service to the work addresses. I want to make these firewall rules as secure as possible and essentially block everything, even on both VLANs and then create my own 'white list' however no matter what rule I try to put in, it seems to do nothing. Everything is still talking like the firewall isn't even there...

 

  • Small Business Routers
3 REPLIES
New Member

Robbykilian, My name is

Robbykilian,

 

My name is Ismael. Iam with the Small Business Support Team. From my understanding you like to separate traffic from guest to reach your work Vlan. If your topology only include the router (RV120w) with no manage switch then no policy rules have to be put in place. The best thing to do is keep inter Vlan routing disabled for your guest vlan. This can be done under Networking>>>Vlan Membership. If both are disabled then both Vlans will not be able to communicate,but to route to the internet.

 

If the topology includes a managed switch on layer 3 and routing vlans then you would need ACL's within the switch alone. Hope this helps!

 

New Member

Hi there Ismael. Thanks for

Hi there Ismael. Thanks for the quick response. So yes I am just using the router in this topology. I thought about disabling inter-VLAN routing however there are actually a few ports I wanted to allow through to the private VLAN (such as DNS, HTTP). I'm really just trying to figure out how exactly the access rules work on the Small Business series routers. Basically what I've been doing is defining a series of blocked outbound rules for each protocol that includes the source as the range of addresses I have for the guest VLAN and the destination as the range of addresses for the private VLAN. This approach doesn't seem to be working. Am I going about this in completely the wrong way?

New Member

So I went ahead and disabled

So I went ahead and disabled inter-VLAN routing on the guest VLAN but it's still routing traffic to the private VLAN!!! I've attached two screenshots. One is showing that I do in fact have inter-VLAN routing disabled on the guest VLAN and the other is showing a host on the Guest VLAN (the 172.16.20.0 subnet) being able to SSH to a host on the private VLAN (the 172.16.10.0 subnet).

179
Views
0
Helpful
3
Replies