How do I submit an RFE (Request For Enhancement) to the Cisco SBR team to encourage them to implement the missing support for VLAN to VLAN firewall rules that was available in the RVS4000 (See [URL]) and that was supposedly added to a beta release of the RV220W firmware (See [URL])?
View 1 RepliesI have a static IP block and need to route to various servers. I know I can use 1:1 NAT or Access Rules and have success with each. The problem is my mail server. When I use 1:1 NAT, the mail is sent from the correct IP - the address of my mail server - and there is no problem with reverse lookups. However, I cannot block any ports when I use 1:1 NAT. I have tried it every way I can think of and even some suggestions in the forums that did not work. No matter how I set access rules, all port stay open in 1:1 NAT.
If I delete the 1:1 NAT rule and use Access rules to open specific ports, the mail server sends out the mail from the WAN address. The reverse DNS does not match and mail server will bounce the mail.
I purchased a RV180 router, and would like set the Firewall Access Rules as below
- Action: Always Allow
- Service: HTTP
- Source IP: Any
- Send to Local Server (DNAT IP): private ip (192.168.1.xx)
- Use Other WAN IP Address: Enable
- WAN Destination IP: one of public ip (different of the router WAN ip address)
- Action: Always Allow
- Service: FTP
- Source IP: Any
- Send to Local Server (DNAT IP): private ip (192.168.1.xx)
- Use Other WAN IP Address: Enable
- WAN Destination IP: one of public ip (different of the router WAN ip address)
The firewall access rules no problem within 1 hour after setting. I can access the http / ftp services by the WAN ip address. After several hours, I can't access the services.
I can set the one-to-one NAT rather than use the firewall access rules, but I would like block all other ports, and one-to-one NAT will forward all ports to the private ip address. Administrator > Logging > Firewall Logs , when I enable the settings, where can I get the log of the firewall?
I have RV180 configured with two VLANs. First VLAN is untagged and second VLAN is tagged. The purpose is two have two subnets, with the second subnet used for guest access. Both VLANs have DHCP server enabled. First VLAN is 192.168.1.0/24 and the second VLAN is 192.168.2.0/24, When I connect a computer with untagged Ethernet interface, it gets an IP address from DHCP server on the first subnet i.e. 192.168.1.100 and it can successfully access Internet. When I connect a computer with tagged Ethernet interface (I am using VLAN ID 10), it gets an IP address from DHCP server on the second VLAN i.e. 192.168.2.100. So far so good. I can successfully ping hosts on the Internet i.e. ping www.google.com. But I cannot access Internet from the web browser. I captured Wireshark trace and here is what I see...
1. TCP SYN. Source IP 192.168.2.100, destination IP A.B.C.D. Ethernet frame has VLAN tag (VLAN ID 10)
2. TCP SYN ACK. Source IP A.B.C.D, destination IP 192.168.2.100. Ethernet frame has VLAN tag (VLAN ID 10)
3. TCP ACK. Source IP 192.168.2.100, destination IP A.B.C.D. Ethernet frame has VLAN tag (VLAN ID 10)
4. TCP Data. Source IP 192.168.2.100, destination IP A.B.C.D. Ethernet frame has VLAN tag (VLAN ID 10)
5. TCP Data. Source IP A.B.C.D, destination IP 192.168.2.100. Frame is untagged
The problem is at #5. Packet came back from the Web Server. RV180 properly NATed it to the local IP address. But it did not add VLAN tag.
I have five static IPs that I would like to fully utilize, by NAT'ing them to internal VLAN subnets.I read that the RV180 can do this, but I am having difficulty in finding a working recipe.I have assigned xxx.xxx.xxx.2 to the RV180 WAN interface.
I have created four additional VLANs 2-5 and assigned to ports 1-4 with subnet interfaces 192.168.2.254, 192.168.3.254, 192.168.4.254. and 192.168.5.254,I have set the default VLAN to untagged on all ports. VLANs 2-5 are set to tagged for their respective port (1-4) and exclude for other ports.I have set DHCP relays to 192.168.1.202 which is my DHCP, DNS, AD services.
I read some months ago that when the first static IP address is assigned to the WAN port, that the VLAN ports will accept tagged packets on their ports and NAT them to the respective successive static IP (sounds a bit like magic to me). Regardless, I read that the RV180 can provide VLAN subnet NAT to up to 5 static IP address. I am not looking for 1 to 1 NAT, not the same. I want to perform NAT on the four additional VLANs in the similar manner that VLAN 1 (default DMZ) IPs are NAT'd to the static WAN address. As in everything outbound on 192.168.1.0 is NAT'd to xxx.xxx.xxx.2
Additionally I would like all DHCP assigned by my DHCP server which I believe is accomplished with the DHCP relay setting on all five VLAN subnets, which point to the DHCP server 192.168.1.202
Lastly, I am trying to configure VPN connectivity into my DMZ network. I have configured a few accounts, enabled for PPTP. I have configured PPTP and am issuing 192.168.1.70-80. The VPN connection seems to work great without the use of Cisco quick VPN. I can see the remote picking up the 192.168.1.71 IP address as the VPN connection is made. From the remote I can ping IP addresses on the DMZ subnet 192.168.1.X How can I configurer the Cisco RV180 PPTP server to provide the DMZ DNS ipaddresses? These addresses need to be 192.168.1.201 and 192.168.1.202
I feel I am almost there, in working out the VLAN subnet to Static NAT. I suspect it will be some routing configurations. The ISP business gateway on the WAN side that I point my router to which is owned by Verizon, is xxx.xxx.xxx.1 I have a /29 making IPs xxx.xxx.xxx.2-6 available to me.
I have been banging at this now for two days and just cannot get Inter-VLAN routing working to work on this router.
Upgraded to latest Cisco firmware (1.0.1.9).Starting with factory default settings, I added 2 VLANS as follows: [code]
BUT....PC2 cannot ping PC3 - NOT WORKINGPC3 cannot ping PC2 - NOT WORKING [code]
I have a Cisco RV180-K9-NA router. I would like to set up 2 separate VLAN assigned to different ports on the router. I will be using LAN port #1 to communicate with the router. The NIC connecting the PC to the router has multiple IP addresses assigned to it so that I can communicate with the separate VPNs (192.168.1.x for the router; 172.16.10.x for VLAN #1 on port 2; and 182.16.10.x for VLAN #2 on port 3). I also need to be able to have the router provide both IPv4 and IPv6 DHCP services for devices on each subnet.
View 3 Replies View RelatedI have 2 static IP addresses that I'd like to point to 2 corresponding servers in my LAN. I've followed the Access Rule and One-to-One NAT instructions as best I can (screenshots of each for one of the static IP scenarios attached), but no luck. The static IPs bring the outside/WAN user to the RV180's admin login screen.
View 2 Replies View RelatedOur firewall just died - it was a windows server 2003 rackmount running Microsoft ISA server. I'm shopping for a replacement, but would like to get an appliance rather than have to purchase a whole server, which just seems like overkill.
We had four network ports on the old box - one for internal, one for the cable modem, one for guest wifi, and one for the VPN (We have a dedicated Barracuda VPN appliance, so we won't be using the VPN functionality on whatever new router we purchase)
What we'd like to do is have a set of rules similar to what we had on the ISA server. We denied everything by default, and then for example: Allow outgoing HTTP, HTTPS, FTP access from guest wifi and internal network to the internetAllow access from the VPN subnet to certain ports on certain machines on the internal networkForward incoming access from the internet on port 443 to the VPN boxetc.
From reading the manual for the RV180, i could get a rough configuration going by putting internal, guest wifi and VPN on different VLANs, and disabling inter-VLAN routing for the guest wifi. However this doesn't get me the detailed control that I am used to - guest wifi and internal would be able to see the whole internet, and the vpn would be able to see anything on the internal network.
Does the RV180 can actually give you this level of control? What would be the most cost effective router from Cisco that could do this for me?
I have a Netgear GSM7248R switch with 5 different Vlans including th management Vlan. Each of the vlans are connected to my layer 3 switch for routing. I want to access the management vlan form any of my Vlans so my layer two switch can be detected by my snmp manager.
View 3 Replies View RelatedWe have 6509 VSS with FWSM Module and we have created two context on it, one is INTERNALL CONTEXT othe is EXTERNALL Context? We have spanned various VLANS in switches and FWSM context level. All VLAN Gateways are configured in context level.
Activity description : We had planned migration of these devices into a new Datacenter, it was a planned activity. During migration of devices from one Dc to a new DC we broke the VSS and kept the primary running and removed the secondary switch and migrated this secondary to new DC and powered this device ON in the new DC and checked all the config was very much fine but this device was OFF network as secondary was brought to new DC just to limit the downtime during the primary switch movement.
During the activity ( Primary switch movement )We powered off the Primary switch and mean time before shifting into new Data center We had brought up secondary switch which was already existing in the DC was put live in the network and it was working fine without any issues.
Later we had moved Primary into new data center and tried to put into VSS with the secondary , during this period the secondary device into went into RECOVERY MODE and primary device was not responding and devices went off network and immediatly we removed the VSL link and brought up primary into production network without secondary online in the network ( Without VSS just stand alone switch ) network started working, but bringing up the primary we found that some of the VLANS in the FWSM was deleted and some VLAN had misconfiguration ( example : say original VLAN ip 10.200.112.1 has become 10.300.13.1 ) also some of the access list as well as SVI was deleted making configuration mismatch.
Wanted to know while syncronization b/n primary and secondary switch in VSS if we pull out VSL link would create this type of issues.
After a abrupt power cylce of 6509 switch, vlan configuration got missing. Switch has not crashed.
View 4 Replies View RelatedI have one VLAN on a 3750 where I do not see any MAC addresses even though it is in use. This is an unrouted VLAN between a WLC on a port- channel /LAG and an access port to an ASA for guest traffic. When I do a show MAC add I get nothing for VLAN 60 (guest DMZ) but all other VLANs seem to be OK. Spanning tree is not showing TC counters incrementing either.
I also was told when put a port on this VLAN the laptop did not get a DHCP address form the ASA, but the wireless guest clients are working fine. I can see the DHCP leases and ARP entries in the ASA and the ASA ARP in the WLC so some traffic is passing fine. I'm not onsite right now so troubleshooting is all remote which limits some options.
I am running big wireless network, with 20no of 5500 with 7.0.116.0 version. I have more than 20,000 AP's. If i add some config in primary controller or do some changes or reboot all the AP's are moving to backup controller. this doesn’t have any problem, but many AP's which moved to backup controller are losing VLAN mapping. This happens every time. Primary --> backup, backup --> primary. Both controllers have same vern...same config etc..
AP model: AIR-LAP1252AG-A-K9
Controler model: AIR-CT5508-K9
I'm considering upgrading a small business to the newly released RV180 or RV180W.Does the RV180 series support 6rd (IPv6 rapid deployment?).I see 6rd documented in the other small business routers (e.g. RV110), but I can't find it in the RV180 documentation.
View 1 Replies View RelatedI have a RVS4000 and I am going to configure vlan in the near future. Among all other configurations sent by the internet provider company is this one :
Firewall NAT :
from x.x.2.0/24 to 0.0.0.0/24 should be NAT
from x.x.2.0/24 to x.x.0.0/21 should not be NAT
From all the other configurations, this one is not clear to me. Can this configuration be done on a RVS4000 and where can it be done.
I just installed a N1K (with code 4.2(1)SV1(4a)) and I was trying to setup a private vlan.
Example:
vlan 300
name PRI-VLAN
private-vlan primary
[Code]....
I upgraded another n1k (that already had pvlan configured) to this version of code and it has the private vlan option. This was just installed yesterday so I don't have the license on it yet.
I have on 3750X stack with a few vlan
--------------------------------------------------
vvlansw06# sh vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi1/0/6, Gi1/0/10, Gi2/0/5
Gi2/0/6, Gi2/0/37
10 LAN_10 active Gi1/0/16, Gi1/0/17, Gi1/0/19
[code]....
where are the others vlan?
My operations manager says "Could you go on-site and configure a new clients new internet connection?" I make the arrangements and go on-site. As I'm working with the providers tech he says "Do you have a sub-interface confgured for a dot1q VLAN id of 1057?", I say "What?". Anyway my firewall is not capable of dot1q VLAN, so he says "Do you have a Cisco router that can provide the trunking?", I say "Yes, I tink so but not with me". The question is can I use an SR520 between my firewall and the provider demarc to route the VLAN he is talking about? My initial discovery says yes but I am not quite sure of the details on how to achieve this on the SR520.
View 2 Replies View RelatedI'm currently using DynDNS for my Dynamic DNS Provider with the RVS4000, but I'm looking at upgrading to the RV180 and switching my Dynamic DNS provider over to DNS Made Easy since I can get all my DNS hosting under one roof. Does the RV180 support DNS Made Easy in its Dynamic DNS client? If not, could it be added in a firmware update?
View 3 Replies View RelatedI've enabled jumbo frames in Networking -> LAN (Local Network) -> Jumbo Frames on an RV180W running the base firmware (1.0.0.30).The switch seems to pass jumbo frames just fine (like ... almost every switch these days), but the router itself silently drops jumbo frames.ss this a known bug?This makes enabling jumbo frames on clients impossible, since it will break some external connectivity. (I.E. when two endpoints are on networks with jumbo frames, they will then negotiate a high MTU over the WAN, but the router will silently drop large frames and they won't get an ICMP Fragmentation Needed, etc. because the router simply drops large frames).
View 7 Replies View RelatedCoincidentally when i tried to configure router 877 as an adsl router i found that a vlan configuration is included. my question is what is the benefit of using vlans in router ??? i studied that we use it in switches for the purpose of network enhancment from broadcasts and netwrok segmentation. why we use vlans in routers ?
View 9 Replies View RelatedI have a 857w and a 857 router but there doesnt seem to be any HSRP and VLAn support on either router. I have ADVsevcurity on the routers
do Ineed a different IOS or is it just not supported.
How many VLANs does the ESW 500 switch support?
View 4 Replies View RelatedWe have an EHWIC for a 2900 router. Apparently, this card supports QinQ.. However, there is no usual MTU command. Therefore we cannot increase the MTU to support the extra four-bytes of VLAN tag. We have tried 15.2 and 15.1 code. May be the command is different. I'm about to go and do some digging elsewhere.The card is EHWIC-4ESG.
View 6 Replies View Relateddoes SG200 support VLAN Trunking?
View 1 Replies View RelatedWe are trying to config vlan 10 for data and vlan 20 for voice on the same port - port 1 of swtich SF300-24P to run both data and voice on different vlans.Do I have to add vlan 10 as an untagged vlan to port 1 and add vlan 20 as an tagged vlan to port 1?If I do not want to assign the native vlan 1 to port 1, how can I remove it ? The GUI page - assign VLAN to port does not allow to remove it.Aslo, what mode shall I set up on port 1? General, trunk or access ?
View 18 Replies View RelatedBetween our hosting and a customer we have an extended vlan, traveling on a fiber, between two cisco 3560 switches.The thing is, that we want to create one or more vlans inside that extended vlan, in some way if possible?
View 3 Replies View RelatedI have two networks at two sites with a dot1q trunk between the two L3 switches at both sites (no routers involved)
SITE A - Cisco 3750 L3 - VLAN ID 50
10.10.50.0/24
SITE B - Cisco 3750 L3 - VLAN ID 50
10.20.50.0/24
I would like to extend the SITE A VLAN to SITE B so that I can move hosts from SITE A to SITE B without needing to change their IP address but the vlan ID is already in use. Obviously the easy solution is to change the VLAN ID for one or other of the sites but both sites contain hosts that run 24/7. Is there a way to join two VLANs with different IDs together.So for example I create a new VLAN 60 at SITE B and associate it with VLAN 50 at SITE A.
Critical voice vlan feature, used to place a newly authenticating phone when radius server is dead into appropriate voice vlan, seems to be a new feature and I find the documentation to be incomplete. Do the following switches support this feature in any IoS versions? WS-C4510R, 4506, 3560, 3550,2960s.
View 1 Replies View RelatedWe bough an Cisco 2911 router, and as i see the "ip sla monitor" command is not supported. Which license/IOS upgrade should i buy the fullfill this. And i cant add a trunkport to the iunterface even cant add a vlan to interface. How do i a trunkport on the cisco 2911 router. ANd how can i do a vlan on a interface on the router.
View 2 Replies View Relatedi want to know if the new Catalyst 3750 Support Private Vlan ?
or any other small Switches
I have set up 2 DHCP pools and 2 VLANs (1 *the native* for data / 1 VLAN for voice). When I use the command "switchport voice vlan 20" the port disapear from the show vlan brief list. When I use the "switchport access vlan 20" it shows up in the show vlan brief in the correct VLAN and gives the phone an IP. I assume that using the access instead of the voice is wrong and the phones would not configure correctly. But when I use the access the phone goes to the next step and tells me the TFTP files are not found. Why does the port disapear from the VLAN list?
View 8 Replies View Related