hi guys, sorry for the newbie question.. i was wondering if anyone could help me out because i think im just missing something obvious just dont know what it is... setting this up for a small buisness that is going to have 3 Vlans.. VLAN1 Private wired network for POS, quickbooks and office computers.. VLAN2 employee Wifi, VLAN3 Customer/public Wifi.. btw the wireless will be taken care of by a tagged/trunk port feeding a cisco AP.. so basically i want all 3 VLANs to get the the internet through the unsecure WAN zone, which it started working automatically by default after i created the VLANS.. but where i am having my problem is two things..
problem 1 is that i need nodes on VLAN2 to be able to talk with some nodes on VLAN1 but i want to create firewall rules to control the traffic and allow certain ports from VLAN2 to VLAN1 i cant seem to get anything to communicate between the two VLANs no matter what i do... Just to test i tried creating a rule that allows any to any from vlan2 > Vlan1 but i cant even ping anything on Vlan1 from VLAN2 except the gateway.. I tested this on two access ports and two laptops one on VLAN1 and the other on VLAN2.. the laptops can not ping each other even with the rule.. i also enabled "ENABLE INTERVLAN ROUTING" on both VLANS.. i think i am missing something simple can anyone help?
Problem 2 is that i dont like the idea that a customer can come in and connect to wifi on Vlan3 and put the ip of the gateway in a browser and start attempting to login to the web gui of the router.. is there anyway to turn off administrative management of the web GUI for certain VLAns? if not what would be some suggestions to lock this down more if you even can?
thanks for all your help guys!!
