RV220W Inter VLAN firewall rules

Similar Questions

• RV320 firewall rules, VLAN and IP Aliasing

  I bought and RV320 to replace our router SA520W.  I have 2 servers SBS located on the VLANS separated.

  The 320 RV is set with 1 WAN IP XX. XX. XX.43

  SBS1 a IP internal of the XX. XX.16.2 on VLAN 1 port 1 on the router

  SBS2 a IP internal of the XX. XX.2.2 on the VLAN 5 port on Router 2

  On the old SA520W, I was able to configure alias IP XX. XX. XX.47 and XX. XX. XX.46 with firewall rules if 47 designated SBS1 and 46 stressed SBS2 to their respective ports.

  How to make on the RV320 so I can have 2 isp server IP addresses to go through WAN1 to their VLAN respective?

  SBaalman1,

  The feature you're looking for is called NAT of individuals on most routers Cisco SMB. You can find under Setup.

  -Marty

• SRP541W Inter-VLAN Cisco firewall

  Hello

  Are there dates know what firewall between the internal VLAN will be supported in the firmware SRP541W? The current 1.2.5 version provides just very basic and poor settings for firewall rules.

  Kind regards

  Lars

  Hello

  Please use our forum

  Hi larsgrenz, my name is Johnnatan and I'm part of the community of support to small businesses. I saw your post and found a document that colud help you, you can look at page 100 in the firewall section

  http://www.Cisco.com/en/us/docs/voice_ip_comm/unified_communications/srp540_series/administration/srp500_AG_2567701.PDF

  I hope that you will find this answer useful, if it was satisfactory to you, please indicate the question as answer. Please note post you consider useful.

  Greetings,

  Johnnatan Rodriguez Miranda.

  Support of Cisco network engineer.

• RV180 router: impossible to get Inter-VLAN routing to work.

  I've been hit in this now for two days and just can't get Inter-VLAN routing to work on this router.

  Here is the place is:.

  Updated to the latest firmware of Cisco (1.0.1.9).
  From default settings, I added 2 VLAN as follows:

  VLAN (id = 1) default: dhcpmode = port IP=192.168.1.1/24 from server 1
  VLAN vlan2 (id = 2): dhcpmode = port IP=192.168.2.1/24 from Server 2
  VLAN vlan3 (id = 3): dhcpmode = port IP=192.168.3.1/24 Server 3

  (without link)
  WAN port
  |
  Routing/NAT
  |
  --------------------------------------
  VLAN ip 192.168.1.1 192.168.2.1 192.168.3.1
  name of VLAN by default vlan2, vlan3
  VLAN id ID = 1 ID = 2 ID = 3
  Inter-VLAN only routing Yes Yes
  Excluded excluded unidentified 1 port
  2 excluded excluded Untagged port
  Port 3 unmarked excluded except
  Port 4 (not interest) without excluded tag excluded
  ---------      --------     --------
  1 2 3 Port port
  |              |            |
  AdminPC PC3 PC2
  192.168.2.191 192.168.3.181

  PC2 is assigned an IP address of 192.168.2.191 (DGW = 192.168.2.1) - OK
  PC3 is assigned an IP address of 192.168.3.181 (DGW = 192.168.3.1) - OK

  (IP 192.168.2.191) PC2 can ping 192.168.2.1 and 192.168.3.1 - OK
  (IP 192.168.3.181) PC3 can ping 192.168.3.1 and 192.168.2.1 - OK

  BUT...
  PC2 cannot ping PC3 - don't DO NOT WORK
  PC3 can not ping PC2 - don't DO NOT WORK

  (does not work in gateway and router Mode)

  CAN SOMEONE HELP ME UNDERSTAND WHY?

  Your help is very appreciated.

  I bought this unit specifically because she supported routing inter - VLAN!

  Vlaminck

  ---------------------------------------------------------------------------

  Support information:

  Screenshots:
  Belonging to a VLAN:
  VLAN ID Description Inter VLAN device Port 1 Port 2 Port 3 Port 4
  Routing Mgment
  1 default disabled enabled unmarked excluded excluded unlabeled
  2 active active VLAN2 excluded unmarked excluded excluded
  Unmarked 3 VLAN3 active active excluded excluded excluded

  Several subnets VLAN:
  VLAN ID IP address Subnet Mask DHCP DNS Proxy Mode status
  1 192.168.1.1 255.255.255.0 DHCP Server enabled
  2 192.168.2.1 255.255.255.0 DHCP Server enabled
  3 192.168.3.1 255.255.255.0 DHCP Server enabled

  Routing table (Bridge Mode)

  Destination Gateway Genmask Metric Ref use Interface Type flags
  127.0.0.1 127.0.0.1 255.255.255.255 1 0 0 static lo upward, gateway, host
  192.168.3.0 0.0.0.0 255.255.255.0 0 0 0 dynamic bdg3 to the TOP
  192.168.2.0 0.0.0.0 255.255.255.0 0 0 0 dynamic bdg2 upward
  192.168.1.0 0.0.0.0 255.255.255.0 0 0 0 static bdg1 to the TOP
  192.168.1.0 192.168.1.1 255.255.255.0 1 0 0 static bdg1 upward, gateway
  127.0.0.0 0.0.0.0 255.0.0.0 0 0 0 lo dynamic

  Routing table (router Mode)

  (Ditto)

  Hello

  It's not because the pings are allowed on the same subnet that they come from a different subnet.

  You probably have a firewall problem windows software because that by default, it removes a different subnet icmp echoes.

  Concerning

  Alain

  Remember messages useful rate.

• Problem with routing inter - VLAN... How to solve it?

  Hi all.

  I have a WRVS4400N in my office to have a VPN with our main customer and also to manage the entire network of small size.

  In two weeks, more or less we will change our office somewhere else, merge two in one.

  At its new location, we will have two different ADSL connections, and we will keep our separate LAN to the other LAN.

  The goal is to interconnect the two local networks in order to 'see' the machines on one local network to another, but keep the two local networks with their current configuration, subnet, etc..

  To achieve this, I created a new VLAN on the router and I have attached only port4 to this VLAN.

  

  

  As you can see, VLAN main has its own/24 subnet (10.148.145.0/24) and dhcp enabled (for addresses on my LAN) while the new VIRTUAL local network has its own 24 subnet too (10.0.0.0/24) but with the disabled dhcp (is a different LAN with its own DHCP server).

  

  

  

  

  VLAN 1 use ports 1-3 and VLAN 2 use the single port 4.

  Of course, I enabled routing inter - VLAN:

  

  To emulate the future scenario, I connected a router with an Internet port 4 with IP:10.0.0.2, and I therefore two different local networks.

  Well, the reality is this:

  -From my PC connected to the VLAN1 I have an IP address (assigned by my Cisco) and I see all my VLAN and I see 10.0.0.1 too (IP of the router on VLAN2), but I don't see any more (pings to 10.0.0.2 didn't answer). I can access Cisco router to 10.0.0.1 and 10.148.145.97.

  -My PC connected to the VLAN2 I have an IP address (assigned by the other router on 10.0.0.2), I see only my VLAN (10.0.0.0/24 IPs). I can access only Cisco router to 10.0.0.1.

  How can I do to enable these two VLANS to 'see' each other?

  How can I control access to the WAN port? I don't want machines to VLAN2 accessing internet through our router.

  Thank you and best regards!

  Hello Francisco,.

  In router mode gateway mode switch will turn off the NAT on the router. Which will allow to the vlan 2 does not to get out to the internet but also vlan 1 and which is not what you want. You may be able to create access rules and deny rules for not being able to get out of the internet... may create some default of the rules of the road as 0.0.0.0. Also, you may be able to create internet air to stop a certain subnet that it is able to get out of the internet as well.

  Regarding the VLAN talk to each other, everything looks good, routing inter - vlan, it is allowing the two VLAN to talk to each other and which is activated. What your default gateways are installed on devices you are testing? As long as default gateways on your PC and devices are pointing to the routers ip/gateway address, you should be good to go at this point.

  VLAN 1: default gateway should be 10.148.145.97

  VLAN 2: default gateway must be 10.0.0.1

  Other than that everything seems to be implemented correctly based on the images. The VLANs that you put in place on the ports are correct.

  Let me know your devices are configured on the rise and will go from there.

  Hope this helps,

  Thank you

  Clayton Sill

• RV110W inter-VLAN-routing is not possible

  In Cisco RV110W, I set up 2 VLANS, a 192.168.1.xxx (Green Net) and the second with only a fixed address 192.168.2.100 192.168.2.xxx (Server), which is configured in the DMZ area. I enabled in Cisco "inter-VLAN-Routing", described "routing between separate VLANs on Cisco RV110W" I can Ping the server in a direktion, the other I got an error. It is just expected and ok! All other abilities expected work well!

  Now, I want to see the Green network server. (firewall on the server is off)

  I configured the network/router with exactly the values of the index and has been an error: "destination LAN IP may not be the same as the router's IP subnet.

  Sorry, I don't understand this. Can anyone help?

  Thank you in anticipation

  Anton

  

  If I understand correctly, you have a second vlan, 192.168.2.x. The RV110W is a member of this subnet so that's why we do not have a static route for something that the router knows that she welcomes this subnet.

  -Tom
  Please evaluate the useful messages

• EMS 2010 routing problem inter vlan

  OK, back to the base, I tried to install complicated things that did not work so now, I'm leaving the base.

  I am trying to configure my SGE2010 48 ports Gigabit cisco / switch for routing inter - vlan.

  so far, I put the mode switch layer 3 from the telnet console and rebooted, it.

  entered the interface web and changed the ip of the vlan by default management 192.168.2.3

  added the vlan 70 and vlan bridging 180, section of mangement of vlan

  under the IP, IPv4 interface address, I've added the IP address for each virtual local area network as follows:

  IP Interface Mask

  192.168.70.3 255.255.255.0 VLAN 70

  192.168.180.3 255.255.255.0 VLAN 180

  then I went in transition, management of VLANs, vlan to the port:

  set the port g1 get access to the vlan 70

  sets the g2 as an access port for vlan 180

  connected A computer to port g1 with static IP 192.168.70.200 mask 255.255.255.0 Gateway 192.168.70.3

  connected computer B to port g2 with static IP 192.168.180.180 mask 255.255.255.0 Gateway 192.168.180.3

  I'll then in the routing static routing: I see the 192.168.70.0 destination IP address 24 as a type of local railway and even for 192.168.180.0 24 as the type of local railway

  on a computer, I ping the gateway 192.168.70.3 and it works

  on computer B, I ping the gateway 192.168.180.3 and it works

  problem is that they cannot ping each other, windows firewall is disabled on both computers.

  If I do a tracert on any of the computer he reach the gateway by default but then expire on the second jump.

  any suggestions what I could have done wrong and the solution to the problem would be appreciated.

  Edit: Here's the running configuration if it helps:

  Cisco-SGE2010 # show running-config

  database of VLAN

  VLAN 70 180

  output

  g ethernet serial interface (1.26)

  switchport access vlan 70

  output

  interface ethernet g2

  switchport access vlan 180

  output

  interface vlan 70

  printer name

  output

  interface vlan 180

  name wireless

  output

  interface vlan 1

  IP 192.168.2.3 address 255.255.255.0

  output

  interface vlan 70

  IP 192.168.70.3 255.255.255.0

  output

  interface vlan 180

  IP 192.168.180.3 255.255.255.0

  output

  Cisco-SGE2010 hostname

  location of the Server SNMP here

  SNMP Server contact me

  Cisco-SGE2010 #.

  If you can test both the interface switches the routing works correctly. You need to maybe turn off the Windows Firewall or open the firewall to allow ICMP to a different subnet. Windows Vista and 7 by default will block ICMP from any other subnet then their own.

  Cisco Small Business Support Center

  Randy Manthey

  CCNA, CCNA - security

• FVS336Gv3 multi-NAT inbound firewall rules does not

  I have about 30 Netgear FVS338 and a few FVS336Gv2 routers in use. I use for firewall and provide multi-NAT between industrial machines and WAN. The configuration was changed on Gv3 models and I can't get an answer behind the firewall or router in the diagnostics page when you use the WAN address.

  In the examples below the WAN is 10.62.

  

  Figure 1. Two different devices with two different configuration options.

  

  Figures 2 and 3. The first is bad - it would only connect from this address. Have I set up another correctly to the NAT WAN to LAN 10.3.110.215 address 10.62.31.55 address?

  Q1: Is Figure 3 configured correctly?

  Q2: Why is it forcing me to create a range of addresses? On the older routers, I had the opportunity to address.

  Q3: Is anyone aware of any problem with this router?

  For anyone having the same problem, the FVS336Gv3 requires the manual addition of each new address WAN-side. He is buried in the menu structure:

  

  Figure 1. Network configuration | WAN settings | WAN configuration. WAN1 - Edit.

  

  Figure 2. Select the secondary addresses.

  

  Figure 3. Add the required WAN addresses.

  Now configure the inbound firewall rules:

  

  Figure 4. Security | Firewall rules. Add or change. Note that the WAN secondary addresses are available in the drop-down list address WAN IP.

  Password

  There seems to be a problem with this router about the session timeout. I got them several times on the navigation menu and log on again and renavigate. Idle time-out is set to 90 minutes. I never saw this problem on routers earlier.

  Also, note that the password field now has a limited character set. for example, it does not accept ' $'.

• quick way to add multiple subnets of Server 2008 firewall rules?

  I set up a firewall in windows server 2008.  I need to add several subnets to a rule for inbound traffic, but it is making me add subnets one at a time.  Is it possible to add several subnets simultaneously?  I tried separating them by commas and add them via the GUI, but he wouldn't take it (he said that specify an address valid).  Also if you have already entered a long list of subnets in a firewall rule is it possible to copy it to another firewall rule?

  Hi Goatberg,

  Your question of Windows Server 2008 is more complex than what is typically covered in the Microsoft Answers forums. It is better suited for the IT Pro TechNet public. Please post your question in the Technet Forum. You can follow the link to your question:

  http://social.technet.Microsoft.com/forums/en-us/category/WindowsServer

• RVL200 - SSL VPN and firewall rules

  Forgive my ignorance, but I have been immersed in the configuration of this device RVL200 to allow Remoting SSL VPN to a customer site, sight unseen.  I have the basics of the VPN set up in config, but now move the firewall rules.  We want to block all internal devices to access the Internet, but I don't want to cripple the remote clients that will be borrowed by blocking their return via the SSL VPN traffic.  This leads to my questions:

  (1) a rule of DENIAL of coverage for all traffic OUTBOUND will prevent the primary function of the VPN (to allow the administration away from machines on the local network)?

  (2) if the answer to #1 is 'Yes', what ports/services do I need to open the side LAN?

  (3) building # 2, configuring authorized outbound rules apply only for VPN clients, rather than all the hosts on LAN?

  (4) as the default INCOMING traffic rule is to REFUSE EVERYTHING, do I have to create a rule to allow the VPN tunnel, or guess that in the configuration of the router?

  Here are some other details:

  • The LAN behind the RVL200 is also isolated LAN in a manufacturing environment
  • All hosts on this network have a static IP address on a single subnet.
  • The RVL200 has been configured with a static, public IP on the WAN/INTERNET side.
  • DHCP has been disabled on the RVL200
  • Authentication to the device will use a local database.
  • There is no such thing as no DNS server on the local network
  • The device upstream of the RVL200 is a modem using PPPoE DSL, and the device has been configured for this setting.
  • Several database of local users accounts were created to facilitate the SSL VPN access.

  I worked with other aspects of it for a long time, but limited experience with VPN and the associated firewall rules and zero with this family of aircraft.  Any help will be greatly appreciated.

  aponikikay, there is no port forwarding necessary to the function of the RVL200 SSL - VPN.

  Topic 1. That is not proven. It shouldn't do. The router should automatically make sure that the SSL - VPN router service is functional and accessible.

  Re 2. No transfer necessary. In addition, never before TCP/UDP port 47 or 50 for VPN functions. The TCP 1723 port is used for PPTP. UDP 500 is used for ISAKMP. You usually also to transmit TCP/UDP 4500 port for IPSec encapsulation.

  Let's not port 47. ERM is an IP protocol that is used for virtual private networks. It is a TCP or UDP protocol. GRE has 47 IP protocol number. It has nothing to do with TCP or UDP port 47. TCP and UDP are completely different protocols of free WILL.

  It goes the same for 50: ESP is the payload for IPSec tunnels. ESP is the Protocol IP 50. It has nothing to do with TCP or UDP port 50.

  'Transfer' of the GRE is configured with PPTP passthrough option.

  'Transfer' of the ESP is configured with IPSec passthrough option.

• How to import a TXT file in my list of firewall rules?

  Good then I exported a list of firewall rules in a txt file. I then copied on some firewall rules. Then I saved the file txt and I wonder how I can re - import the txt file. Please note that I don't know of import policy...

  UH I thank you for responding, but apparently you misunderstood what I meant... When I go into windows firewall, there is an option to export the list of rules I want to know is how to re - import this list of rules in because there is no other choice... If so how do I do?

  Since I couldn't find a solution that I found something different that also works. I found a .bat file that you can put in the folder in which you want to block the program and it crashes all the exe files in this folder and all subfolders. You can even choose a fix before custom firewall rule... If any other person having this problem follow the instructions, I provide below:
  
  Instructions (found online modified by me)

  Create a .bat file, named "addfwrs.bat" without the quotes using italic text, then follow the additional instructions:

  off @echo
  REM FILE OF ORDERS CREATED BY CHARLES DE HAVILLAND 20/02/2012
  CLS
  If '%1 'is' ' GOTO: norulename
  RULENAME SET = %1
  ECHO creating/starting of firewall rules for all files with the rulename of 'RULENAME '? % *.exe
  ECHO.
  ECHO.

  pause
  Echo.
  FOR /r %% in ("*.exe") Do (@echo %%d KB
  ("NETSH advfirewall firewall add rule name =" "% RULENAME-% ~ nxG" dir = program = "% G" action = 'block' enable = 'yes')
  FOR /r %% in ("*.exe") Do (@echo %%d KB
  ("NETSH advfirewall firewall add rule name =" "% RULENAME-% ~ nxG" dir = program = "% G" action = 'block' enable = 'yes')
  Echo.
  ECHO done.
  Echo.
  GOTO: finish
  : norulename
  Echo error! -You have not specified a type Rulename - Addfwrs 'Rulename '.
  Echo.
  : Finishing
  ECHO batch finished...

  Additional instructions:

  Firewall Windows 7 works fine, but it's not easy to set up with several (very long) programs.
   
  I watched for centuries, trying to find a way to block several files .exe to Windows 7 only once; It seems that the only method was to create my own batch (windows script) file.
  I've added below for anyone to use / modify for their own purposes.
   
   
  Run the commands below (addfwrs.bat) file, will create inbound AND outbound firewall rules that block all .exe files in your chosen folder and subfolders to access internet.
  Very useful.
   
  To use:

  (1) place addfwrs.bat in the folder in which you want to block .exe programs (it crashes all the programs exe in no matter what subfolders if you can place it in a folder without any exe it blocks)
  exe in several subfolders both programs)

  (2) now run CMD as administrator.

  (3) copy the new directory (eg. c:\Programs Files (x 86) \YourProg\) where you put the addfwrs.bat file

  (4) paste it into the directory with "cd" CMD and a space before the directory (example: cd c:\Programs Files (x 86) \YourProg\) and press ENTER.

  (5) now run the batch file by typing: addfwrs.bat "rulename" example: addfwrs "BLOCK_PROGRAM_NAME_HERE".
  (Make sure there is no space in the rulename of the firewall rule, so use underscores as spaces.)

  N.B: It is important that you add a rulename firewall, so that you can identify the rules when adding to the firewall at a later date.

  (6) follow the information on the screen, he will advise you what rules he is creating.

  (7) check the Windows Firewall for new rules listed and you can then delete the addfwrs.bat file where you put it (it is necessary even if you can keep it somewhere for later).

  Quite.  Hope you find it useful, I certainly have!
  Enjoy!

  N.B: The new rules contained in the bosom of your firewall (In/Out rules), change as and when you need.

• [Solved] Research of firewall rule allowing Windows Update

  The problem has been resolved here: https://social.technet.microsoft.com/Forums/en-US/62b9fd5c-10b2-4266-bc15-fcf3e79d20d4/solved-windows-firewall-rule-that-allows-windows-update?forum=w7itpronetworking

  Everything down here is obsolete. (But you can read the true story about the virus of Bagel).

  Someone at - it an outbound Windows Firewall rule allowing Windows Update?

  Details.

  Yesterday, I tried to run Windows Update. The rule of outbound firewall to allow Windows Update to get through, I added was:

  Name: Allow Windows Update
  Group:
  Profile: Public
  Activated: Yes
  Action: allow
  Program: %SystemRoot%\System32\wuapp.exe
  Local address: no
  Remote address: all
  Protocol: all
  The local railway: no
  Remote port: any
  Computers permit: all

  I got 10 updates to install and all 10 failed. The only way that they have all been able to fail is: '% SystemRoot%\System32\wuapp.exe' is the wrong program, OR "wuapp.exe" passes control to another program, I don't know.

  Can anyone help me with this? I'll be forever grateful if you can.

  Note that I had to fall back to the default settings (see 'Background', below) in order to succeed and who has not made me happy.

  Background.

  Despite what you think it means, "outbound connections (green check mark) that do not match a rule are allowed" (which is the default) means only, unless you went to the extreme penalty to create the blocking rules, the firewall is wide open for outbound - connections, essentially, you have no firewall for outbound connections. " That means, 1, if you have a Trojan horse on your computer that is looking to download his main-payload of viruses in your computer (see "A history of real virus", below), or 2, if you have a virus keylogger in your computer who wants to 'phone home' him make his Masters criminal of your online banking user name & password There is absolutely nothing to stop.

  That's why I put my firewall: "(entry not red) outbound connections that do not match a rule are blocked".

  A story real virus.

  A couple of years ago, I visited a well known web site that had been hijacked - was - it cnet? I think so. The site seemed basically OK, but something made me shy away. I've left without clicking anything whatsoever. But the visitor of this site (with active javascript) transferred a Trojan horse in my computer (i.e. "Trojan", below).

  Once it was in my computer, the Trojan horse, then went through my firewall, out - was my firewall zonealarm at this time? I think so - and downloaded Bagel, a key logger to rootkit.

  I had no warning of the firewall as the Trojan horse used a well-known port that was wide open, and I had no antivirus warning because Bagel does not change any existing program. It uses the unallocated file space, patched itself in the initialization string, charged before the mode protected of windows at the next startup and reprogrammed the hardware memory to hide its presence in memory. It took me 2 months to discover Bagel and another 4 months to get rid of him. It was hell. My keyboard and mouse acted constantly upward. I didn't a bank online at this time. If I had, I'm sure that my account would have been cleaned up because that's what Bagel. It's a keylogger monitoring keyboard and browser waits to catch a connection to the Bank.

  Details of Trojan.

  The Trojan horse was a javascript function which ran automatically when the page is loaded. He created a table (similar to a mathematical object matrix) made up of identical over 1 million members of the group. Each Member of the Group was a short string of numbers. As it looped to add table-members, the Trojan horse later (in fractions of a second) overflowed the heap memory management hardware had allocated to my browser. That overflow has partially replaced the next higher segment in memory - which is called a "violation of the limits", and Yes, it is possible, if you position the base register just below the upper part of your segment and then use a large lag. There was a flaw in Windows that could not detect this type of violation of the limits and Bagel is designed to exploit this vulnerability. But the story does not stop there. To take control, the short string of numbers in a table-member of the "wrong"side of this segment limit had to be performed. Now, it of the roll of the dice that viruses are facing, but if the program that was partly crushed is always loaded in memory and running and if it executes the code at the bottom of its segment, then - Voila! -the virus takes control of the timeslice allocated to the program that was partly crushed. In other words, the program that was partly crushed no longer control, the virus is in control. So, what did the do Trojan horse? Completely in the background and without any idea for me, he went to a web site in Ukraine and downloaded the main payload of Bagel. How do I know all this? I looked at the javascript trojan and I disassembled - disassembly is as kind of decoding - the payload of Bagel (the rootkit) that I saved after I found some 6 months later. I still have the payload of Bagel sequestered in a zip in quarantine - in fact, I have a menagerie of dozens of viruses that I use to test antivirus programs.

  Hi Mark,

  Please keep us updated on the issue.

  I ask that you continue to try the suggestions in this article because the information in the article is good for Windows 7 as well.

  Please let us know the result.

• Catalyst 6500 Inter-VLAN routing

  I have a Cisco 6500 switch and I have a question about routing inter - vlan and the command "IP ROUTING".  I use dial-up virtual interfaces (I.e. int vlan 2, int vlan 3, etc.), but I noticed that I don't have the IP ROUTING enabled on my switch but I can route properly between the VLANS.  I have even a little ports that I have configured with the command "no switchport" and I assigned an IP address to these ports.  On routed ports, there is another switch on the other side configured with an IP address and I am able to ping and route traffic to the other network.

  I did some research on this and all the documentation I am able to find talk of how you must enable IP ROUTING to route between the VLANS.  I guess that this should only be done if you go to the road to other not directly connected networks.

  http://www.ccnpguide.com/CCNP-switch-642-813-inter-VLAN-routing/

  http://www.Cisco.com/c/en/us/TD/docs/iOS-XML/iOS/lanswitch/configuration/12-2Sx/lsw-12-2Sx-book/lsw-VLAN-cfg-RTG.html#GUID-F5181D47-F44E-4F01-92E4-9132097BA333

  Can someone clarify this for me?

  For the 6500 Series, IP routing is enabled by default, that so all VLAN can communicate with each other.  You don't need to activate as you do for other switches (IE 3560, 3750, 3850, etc...)

  HTH

• RV042G router - Inter VLAN

  RV042G router - Inter VLAN:

  Is this router supports 802. 1 q? Or do I have to connect to a router port by VLAN?

  for example. If I have 2 VLANS configured on a SINGLE SWITCH, do:

  (a) TRUNK VLAN switch and plug a port on the ROUTER?

  (b) connect a port on the ROUTER to VLAN1 and another port to VLAN2?

  Thank you

  Henrique

  Hello Henrique,

  The RV042G is not compatible 802. 1 q Trunking, so you would need a VIRTUAL local network connection.

  According to the switch, you may need to disable the tree covering both to make multiple connections to the same router work.

  Hope that helps,

  Christopher Ebert - Advanced Network Support Engineer

  Cisco Small Business Support Center

  * Please note the useful messages *.

• SRP527W setting DHCP address and source firewall rules

  In my quest to find a decent ADSL router for VoIP, I found the SRP527W and so far it has been the best performer of a range of boxes from netgear, thomson, and zyxel.  However, I have two questions:

  (1) how to troubleshoot DHCP leases on the LAN address

  (2) how to specify source ip in the firewall rule

  Note:

  I currently have 1 computer on the LAN, VLAN1 interface

  * 192.168.15.100

  and

  2 IP phones on the LAN, VLAN100 interface

  * 192.168.100.100

  * 192.168.100.101

  Address three assigned by the DHCP server lease times with approximately 20 days.

  I would like to repair the three devices DHCP leases, for example if some port forwarding rules can be made with confidence that the rules will not point to another device in the future.

  from PVC0-> 192.168.15.100, Port 3389 for remote desktop

  of PVC0-> 192.168.100.100 ex.port 5881 to int.port 80 for voip phone web-gui

  from PVC0-> 192.168.100.101 ex.port 5882 to int.port 80 for voip phone web-gui

  Ideally, I would like the rules to act like that, limiting myself only to access these ports (from my remote site)

  PVC0 interface where the source is ip 12.34.56.78-> 192.168.15.100, Port 3389 for remote desktop

  PVC0 interface where the source is ip 12.34.56.78-> 192.168.100.100 ex.port 5881 to int.port 80 for voip phone web-gui

  PVC0 interface where the source is ip 12.34.56.78-> 192.168.100.101 ex.port 5882 to int.port 80 for voip phone web-gui

  I hope that makes sense, I appreicate any help you can give.

  Kind regards

  Paul

  Hi Paul,.

  Thank you for using the Cisco support community.

  With regard to two questions:

  1. Yes - it is possible to configure static DHCP assignments.  Use the DHCP Server rule configuration page and click the 'Show DHCP booking' button to assign.

  2. Unfortunately, it is not possible to configure rules to address source for the SRP520 list.  (This is possible on the SRP540 for further reading).

  Kind regards

  Andy