We are a small business and purchased a Peplink Balance 20 recently.
The goal is to allow for redundant network connectivity to our office (which relies heavily on internet access for daily operations).
We are interested in setting up 3 x VLANs as shown in this illustration: Screenshot by Lightshot
We have added the 3 x routers to Peplink (LAN settings: Screenshot by Lightshot)
This setup works - but I believe this treats Peplink as a dumb switch (my rookie perspective)
We would like suggestions on how to setup PORT-based VLAN setup.
Also, we are interested in setting up inter-VLAN routing. (client from 10.10.2.x network accessing another client (static ip) on 10.10.1.x network)
Any help is appreciated.
This is configured under: Network> LAN> Port Settings by clicking the “?” in the upper right hand corner. Inter-VLAN routing is enabled by default.
1 Like
Thanks Ron.
The moment we setup Port Settings and map the individual ports to specific LANs, the client PCs loose network connectivity.
Inter VLAN routing is enabled across all… but it still is not allowing/working.
The client PCs are connected to an access port on the untagged LAN? If not, are client PCs on the VLAN networks able to reach the internet or do they loose network connectivity altogether?
1 Like
The client PCs are connected to individual routers as shown here:
3 x VLANs as shown in this illustration: Screenshot by Lightshot
We do not use untagged LAN.
This is how each of our VLAN setup looks like: Screenshot by Lightshot
Once we setup Port settings and map the individual ports to specific LANs, the client PC will reach respective ROUTERS (Asus) but will loose INTERNET (WAN) connectivity
VLAN 3 does not have DHCP enabled on the Balance and the Asus router looks like it is in bridged mode. According to your information 10.10.3.1 appears to be assigned to the Asus router and also the Peplink Balance.
1 Like
Thats the guidance I am looking for.
Should VLAN 3 have DHCP enabled? If so, what should be the IP range?
What if we want the Asus Router to assign DHCP leases and not the Peplink.
We want each Asus router to be a router which assigns DHCP leases to its clients/devices.
Assuming these routers are all on same LAN. When you said “(my rookie perspective)” it caught my attention. Just hear me out im not grilling you. Why are you trying to route with three different routers? A few questions:
- Are you trying to NAT only 1 time?
- If same LAN why double NAT?
- Are you concerned about security?
- Have you tried IP Forwarding with static routes?
- Why not just get a managed switch and create vlans and have either the Peplink hand off DHCP for each VLAN or your server hand off DHCP?
Regards,
TJ
1 Like
Thanks TJ for the input.
Why are you trying to route with three different routers?>
Two reasons-
- We need >150 IP leases on each VLANs.
- One of the VLANs requires constant recycling of DHCP leases… almost 50-100 leases a day combined with other static clients.
The infra grew in stages and we added these Asus routers in stages to keep these VLANs independent of each other. Before we seperated them, due to (1) and (2)… we would constantly loose our VOIP phones. So we decided to start separating them.
I may be understanding how you wrong here and how you are describing but there are a few things to cover:
- VoIP is very sensitive as you know. So double natting will cause havick. Also depends on what platform your provider is on. I happen to be a VoIP expert so I am curious as to what form you are running your voip on. Local like 3cx with sip trunks, broadsoft, asterisk, freeswitch. I need to know because what you are describing makes no sense for any VoIP environment. I understand you need 50-100 leases a day along with other clients but you don’t need 3 routing devices to accomplish this. This can easily be done with VLANs and only natting 1 time, drastically reducing VoIP BS. Also depending on the platform you are on you might want to put your balance in compatibility mode.
There are many factor with VoIP quality but I can tell you if you are double natting with any VoIP platform then you will always fail. 1 time nat is only way along with many other settings dependent on firewall along with Qos.
Please take this into consideration. 90% of the time VoIP issues are local or via ISP and it happens because admins can’t configure correctly and or cant support network quality or outages right away for the client thus leading to “They suck, they take forever to respond”. No it’s because they don’t understand VoIP or how to monitor VoIP.
Regards,
TJ
1 Like