|
|||||||||||||||||||||
Firewall and Security
The RV180's firewall features include most of what you'd expect. It offers simple check boxes to permit or deny flooding attacks on both the WAN and LAN, as well controlling responses to ICMP messages. Typical firewall features like Port Triggering, Port Forwarding and DMZ host are all available on the RV180. I successfully created a simple Port Forwarding rule (Figure 10) to allow iperf traffic through the firewall to a specific host on the LAN.
Figure 10: Port forwarding rule
More detailed firewall rules can be created in the RV180's Access Rules menu to filter specific traffic flows. A rule can be created to either block or allow traffic always or by schedule. The rule can filter on inbound or outbound traffic, by source or destination IP or range of addresses, and by protocol. There are over 60 predefined protocols and more can be added by tcp/udp/icmp and port. Below is a rule I created to block http traffic, which effectively blocked all web surfing from behind the RV180.
Figure 11: Access rule
Web filtering options on the RV180 include allowing or blocking specific web sites based on URL or keyword. Web filtering on the RV180 also requires creating LAN groups, which are single IP addresses or ranges of IP address. With a URL or keyword defined for filtering and applied to a LAN group, websites matching the criteria entered will be blocked with the message below.
Figure 12: Block message
Personally, I find URL and keyword filtering too basic. To be effective, URL and keyword filtering requires a human to enter all the desired sites and words for blocking. With millions of websites, I'm not sure you can be that effective in controlling web use with this basic form of filtering.
For more robust web filtering, Cisco RV220W's ProtectLink option offers a subscription based web filtering service. Alternatively, I like Zyxel's VFG6005 solution, which integrates the free OpenDNS service for web filtering.
Options in the RV180's Advanced Firewall menu include MAC filtering, TCP and UDP session controls, IGMP proxy configuration, and the ability to enable or disable a SIP ALG (Application Layer Gateway.) The Advanced Firewall menu also has menu options for configuring services (protocols) and schedules.
The RV180 also supports security options to authenticate users before they can use the network. Options include RADIUS, 802.1x and “Captive Portal.” The “Captive Portal” feature will force users to enter a user name and password to access the internet by presenting them a login screen shown below. Once authenticated, users can then open another browser window and surf.
Figure 13: Captive portal
Other Features
I like the RV180's network features. In addition to typical small network router capabilities such as static, DHCP, and PPPoE functionality on the WAN interface, the RV180 supports VLANs, Jumbo Frames, one-to-one NAS, IPv6 and QoS.
The RV180 supports up to four 802.1.q VLANs. Each of the four ports on the RV180 can be configured as a tagged or untagged member of each VLAN. VLANs can be assigned a separate subnet, and the RV180 supports a separate DHCP server for each VLAN. By assigning a port as an untagged member of one VLAN and a tagged member of one or more additional VLANs, the RV180 also supports 802.1q VLAN trunking.
I tested basic VLAN capability by creating a separate VLAN with a unique DHCP server, assigned a port on the RV180 as an untagged member of that VLAN, connected my PC to that port, and validated my PC got an IP from the new DHCP server range. As shown in the below diagram, I created VLAN # 2012 and configured port 4 as the only member of this VLAN.
Figure 14: VLAN setup
The RV180 automatically assigns itself an IP address and creates a DHCP pool for each new VLAN created, saving you from having to configure it. In the above example, the RV180 assigned itself 192.168.2.1 for VLAN 2012 and created a DCHP pool in the 192.168.2.0/24 subnet. As expected, a device connected to port 4 on the RV180 received an IP in the 192.168.2.0/24 subnet.
With Gigabit ports, it is great to see the RV180 supports jumbo frames. The option for jumbo frames is enabled with a single checkbox and no reboot. Often, devices require a reboot to enable jumbo frames, so this is a nice convenience. Once enabled, I was able to pass up to 4000 byte frames between devices on the RV180 LAN, you can see my ping results below. (Note, my PC was limited to only 4000 byte frames, the RV180 specs indicate it supports up to 9000 byte frames.)
C:\Users\mrd005>ping -f -l 4000 192.168.1.10 Pinging 192.168.1.10 with 4000 bytes of data: Reply from 192.168.1.10: bytes=4000 time<1ms TTL=64 Reply from 192.168.1.10: bytes=4000 time<1ms TTL=64 Reply from 192.168.1.10: bytes=4000 time<1ms TTL=64 Reply from 192.168.1.10: bytes=4000 time<1ms TTL=64 Ping statistics for 192.168.1.10: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss)
IPv6 is also supported on the RV180, but requires a reboot to enable. The default LAN IPv6 address on the RV180 is fec0::1/64, so I assigned fec0::2/64 to my PC and was able to successfully send an IPv6 ping to the router. The RV180 supports static and DHCP (stateful and stateless) IPv6 addressing on the WAN and LAN interfaces.
IPv6 tunneling, which enables passing IPv6 traffic over an IPv4 network is also supported. Supported IPv6 tunneling protocols include Automatic 6to4 and ISATAP.
The RV180 has two options for Quality of Service (QoS) configuration. In the first option, the RV180 can allocate a percentage of bandwidth to traffic designated as high, medium, or low priority. High, medium and low priority traffic is defined via profiles. Profiles are configured to match traffic based on protocol, IP, MAC, VLAN ID, or DSCP markings. In the second option, the RV180 can impose rate limits to the specific traffic profiles. Both modes control uplink traffic only.
User reviews
View all user reviewsAverage user rating from: 8 user(s)
NOTE! Please post product reviews from actual experience only.
Questions, review comments and opinions about products not based on actual use will not be published.
Good value and features.
I bought this based on the review here, but not user reviews. I additionally read a ton of reviews on Amazon.com which varied widely. I get that some reviews are old and based on earlier firmware.
After a few weeks, I am still happy and impressed with this router. I got it on Amazon and it was really inexpensive for the feature set and very compact.
- the Slow UI - I don't get it - sure, it is not blazing fast, but getting around the menus is perfectly functional and no big deal.
- VPN - no idea, we don't need VPN so I have not set it up - can't comment on that.
- Port Forwarding/triggering - I had to open a few ports for XBOX360 and it worked immediately with no fuss. That said, ultimately I enabled UPnP fod the XBOX and that works even better.
- Sonos - we have 5 Sonos devices on the net - they work fine. 3 wired, 2 wireless.
- ISP is Comcast, but we are not using IPv6 so lack of IPv6 DHCPv6-PD support has not affected us.
- Ooma Telo connected - working fine. Have this on a VLAN with QOS and it works great.
- Several PCs, Droid RAZRs, iPad, Blu-ray players, AVRs, Security Camera, etc. connected and working well.
WAN connections seem quite fast; Internet speed tests easily get the 50/10 that Comcast is providing.
For a home business router, this router is working well - and its compact size fits well in the structured wiring center. For those who like the features and are scared off by the negative reviews, I recommend giving it a try if business level gear with less consumer friendly configuration doesn't bother you. The features and the speed have been impressive so far.
FLAKEY
This device is awesome - for the FIRST FEW HOURS. Very short honeymoon indeed as once it gets settled - like so many mail-order brides we've heard about - this thing just goes seriously off the rails. I will only hit the highlights which, when coupled with the other reviews, should give you enough to make up your mind.
First, the GUI really is horribly slow - even when directly connected via short cat-5 at 1g-Full, it still takes forever to load almost all pages. Next, logging is useless - yeah it dumps stuff in there but it's so freakin' cryptic you seriously need the Cisco source code andor dev guide to understand what she's putting in there.
But worst of all is just that it's flaky. As background, I had two wireless routers hanging off of the RV180 - each wireless WAN connected via a short cat-6 run to one of the RV180's LAN ports. Next, the WAN went to my Comcast DOCSIS-3 modem. The wireless routers were serving DHCP in dedicated scopes, DNS proxy was OFF all around, I spoofed the RV-180 WAN MAC to ensure I got the desired IP, and both wireless and the RV-180 were doing PAT. That's it - extremely simple network. So the issues I had were basically that the RV180 started bouncing it's LAN ports (WAN for the wireless routers) every 5m or so.
Additionally, it would randomly start blocking traffic on the WAN side - but no logs re: any of this whatsoever. As web-pages started dropping, ping and trace became my old trusted friends to help figure out where the drops were occurring. Also, the firmware was the latest from Cisco - and I bounced the device seevral time. In addition, I tried going direct from my PC to the RV-180 LAN and even completely disabled the security features and opened up the firewall - all to no avail - this thing is just plain FLAKEY!!! Mine is going back TODAY and my search will continue...
RV180W - Could do better
I bought this router yesterday based on the main review and the performance lan>wan throughput results.
upon powering it up it worked (sort of). The problem is that whilst I could get the speed. the port forwarding was awful
it just didn't work. Calling Cisco UK for some support was a woeful experience, and they are still to return my call.
I've had to put my aged FVS318 back onto the network just so I can get remote accessibility back.
I now discover that there is a known fault with port forwarding. If it's not fixed by next week. I shall be returning it and just buying a product i have a gut feeling will just work out of the box.
Not very good
I bought the RV180 to replace a Netgear FVS318 that I suspected was starting to die - I would have to reset it every third or fourth day.
Since installing the RV180 my internet browsing has markedly slowed and often hangs until I do a 'reload' of the page. I have played around with various settings and nothing has made this thing pop up to reasonable performance.
Just to make sure it wasn't something my provider had started doing, I re-installed the FVS318 and pop, back up to speed. Now my FVS318 is old and it's probably still dying but it's better than the Cisco RV180.
I'm looking to get a newer FVS318G now.
very poor performance
This device has a really poor performance. When there are more than 20 active connections the error rate raises fast! This router can be used if you are using a browser and nothing else. Don't try to use it for torrents or any data intensive jobs.
The webinterface is very slow and not reliable.
I had several low cost dlink & asus devices which had a _much_ better performance and user experience. I had never problems with them ( with stock firmware and dd-wrt ). I bought the rv180w because of the IPSec functionality which was missing on the other devices. Big mistake!
I will return the devices ( i bought two of them ) and replace them with old boxes running pfSense ( http://www.pfsense.org/ )
Related Items:
Cisco Bulks Up Small Biz Product LinesTP-LINK TL-ER6020 SafeStream Gigabit Dual-WAN VPN Router Reviewed
NETGEAR FVS318N ProSafe Wireless-N 8-port Gigabit VPN Firewall Reviewe
LAN Section
Cisco RV042 v3 Dual WAN VPN Router Reviewed
