RV082 - Allow VLAN2 to access internet?

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by guido331, May 22, 2006.

  1. guido331

    guido331 Network Guru Member

    How would I go about setting up my RV082 to where VLAN2 could access the inernet but not VLAN1? My goal is to have a single port (let's say port #5) assigned to VLAN2 where I can plug in "untrusted" computers to work on them. They wouldn't be able to access my production network (VLAN1) but they could still access the internet.

    Also, how do I set the IP addressing scheme on a VLAN? For example, VLAN1 is set to 192.168.0.x I want VLAN2 to have something like 192.168.2.x and I do not want the two lans to communicate with each other. I'm trying to setup a lab environment that has internet access but does not have access to my production lan (VLAN1).
  2. YeOldeStonecat

    YeOldeStonecat Network Guru Member

    Under port management...port setup. Take a look at the port ID on the left column, this matches the port numbers on the front of the unit you plug into. On the right side..you'll see a column for VLAN...with a drop down menu...VLAN1, VLAN2, VLAN3, etc.

    The RV0, as with the SRW series of switches, supports what's called "Port based VLANs". The switch will simply separate VLANs on the switch side of things..no traffic will flow between VLANs. It's like building walls in your network.

    Yet they can all get internet access fine. At home..I have an RV082, and I have all my PCs plugged into it..on VLAN1. I have 1x yellow patch cord plugged into port 4..which I use for working on clients PCs that I have taken home to work on. I made port 4 VLAN2...so they don't spread any nasties to my home setup. Matter of fact right now I have a laptop hooked into it...that I'm working on.

    You don't need to reassign any IP schemes...you're not routing to another network..it's just port based. Nothing else fancy is needed..no changes in IP, gateway, anything..as long as your router is running DHCP...they'll get to the internet just fine. If you're running DHCP on your own server..and that's in a different VLAN..then you'll have to assign static IPs..which I do...because I run a Small Business Server at home which does the DNS and DHCP.

    But if you're running DHCP on your router..you need not to anything but choose a port..and make it a different VLAN. Go ahead and try it...plug all PCs in...drop the firewalls on two of them..ping each other..you should get replies. Now...take the port of one of those PCs...make it VLAN2..save settings...now try to ping..shouldn't get any replies. Yet that PC can still get internet just fine.
  3. bushtor

    bushtor Network Guru Member

    VLANs with SRW2016


    Sorry for dropping in here, but since you obviously have good knowledge of switch VLAN configuration I wonder if I can have a qualified comment from you on this ;-)

    In a school scenario we have a Linksys SRW2016 switch interconnecting all classrooms to our domain controller.

    The domain controller / file server is connected to the switch' port #15 and the LAN side of an internet firewall is connected to port #16. Classroom A is connected to port #1 and #2, classroom B is connected to port #3 and #4 and so forth.

    We need to be able to control whether or not *each* classroom should be connected to the internet. I hope this can be achieved by using some flavor of VLANs.

    Port #1 .. port #14 shall always be connected to port #15 (normal switch operation). However, as mentioned, in *addition* we need to control if each classroom, say port #1 + port #2 (classroom A) or port #3 + port #4 (classroom B) also are connected to port #16 (the internet port).

    I imagine that we probably need to create a VLAN of port #1 and #2 and call it Classroom_A, same for port #3 and #4 and call it Classroom_B etc.. Then we need to be able to check or uncheck Classroom_A's access/connection to port #16 (internet).

    Thanks a *lot* if someone has a few minutes...

    best regards

  4. TazUk

    TazUk Network Guru Member

    I don't have one of those switches but from looking at the manual it looks like you'd create seperate VLAN's for each classroom then setup ACL's to allow access to the local LAN and deny all others to block internet access.
  5. bushtor

    bushtor Network Guru Member

    Thanks for popping in so quickly ;-)

    I don't have the switch here, but I see from the manual that it has some kind of ACL management (but I will play with it tomorrow). However I have never used these features with switches before.

    So I create port based VLANs for each classroom; port 1+2=classroom_A, port 3+4=classroom_b etc, and do I create a VLAN for port 16 named 'internet' as well...? Pardon my ignorance, but I'm not sure how this works. Thanks if someone can elaborate a bit how to correctly implement TazUk's suggestion with switches like this

    best regards

  6. YeOldeStonecat

    YeOldeStonecat Network Guru Member

    Re: VLANs with SRW2016

    Sorry to miss this...been on the road a bit lately.

    Hmmm..using VLANs to control access to the internet. Yeah...you could. I have a small school setup with an RV082, and a few of the SRW switches.

    RV0 links to port 1 on the switch. I have VLAN1 made up of ports 2-10...of which port 1 is also a member. I have VLAN2 made up of ports 12 - 20..of which port 1 is also a member. VLAN3 the rest of the ports..which includes an uplink to another unmanaged switch...and also port 1 is a member..for internet access.

    Using this setup..you could remove port 1 from being a member of say...VLAN2..which would deny them internet access. Of course..you'd have to log in and out of the switch whenever you..wanted to "throw the internet switch" on them..teehee...

    In your case..since you have a DC there...you'd want to include that as a member of VLANs..so they obtain DNS, F&P sharing, probably DHCP, etc.

    I'm assuming you're not running RRAS or ISA on the server.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice