Daisy Chain Two BR1 MINI to a PLC

I currently have a PLC connected to Cell Gateway (BR1 Modem) setup and working.
The modem is setup for port forwarding.

I’m trying to add a second gateway to the PLC providing a second point of access.
There is only one Ethernet port on the PLC with a defined gateway address

I tried connecting the second BR1 gateway ( from Modem1-LAN to Modem2-LAN.
I can still access the Web interface of the second BR1 through the switch, which I have the PLC and primary BR1 connected to. But when I try to connect to the PLC through the second cell modem I can’t connect. Both modems are pinging and come up ok.

I’ve tried configuring port forwarding on the second modem, expecting that the primary modem would forward on to the PLC. This didn’t work.
I also tried adding the second modem to the WAN of the primary modem, but it would not populate as a connection in WAN priority on the web interface.

Any recommendations on how to daisy chain these two gateways?

Why do you want to add the 2nd modem? Is it so there is a 2nd cellular connection or is it because you want to be able to recover if the primary BR1 mini fails?

What routing protocols does the PLC support? Whats the model number?

1 Like

The purpose for the first modem is remote access for the operators. The second modem is for a secure access for a SCADA system to pull data. The operators are not allowed access to the SCADA network.

I’m using 2x MAX BR1 Mini with a ROC800

I don’t believe that the ROC800 (PLC) supports a routing protocol. But we’ve quickly come to the edges of my experience.
I’ve just have the IP, Subnet Mask, Gateway IP and Port number configured in the PLC.

I understand the idea of keeping Operators and SCADA systems separate but since the ROC800 only has a single 10Mbps ethernet connector you will always have some level of compromise here.

Maybe you could send me a diagram of what you want to achieve and we can work it out together.

Remote access options are:

  1. port forwarding from wired / cellular wan to LAN.
  2. Client VPN from remote user device to wired / cellular WAN of BR1
  3. Site to site VPN with routed remote access from a hub /datacenter location to the LAN of the BR1
  4. Peplink Intouch service. From IC2 to devices on the LAN / WAN of the BR1.

So the question becomes what and how will the operators / SCADA systems access on the ROC800. If the operators just need the wen interface of something you could use InTouch for that and something completely different for the SCADA connectivity.

1 Like

I had tried port forwarding as I we use it without issues on the primary modem, and it seemed like the simplest option. Maybe i didn’t have it configured correctly.

The only means of connecting to the PLC is via the cell modem. the PLC is in the middle of a field with no other internet service.

I’ve just discovered that the WAN port on our BR1’s is licensed and I’m in the process of getting a license. I’ll be trying my original configuration once the license is applied to the modems.

The 2 cell modem peplink devices such as transit duo , UBR, also the MAX-BR2-LTE-US-T which was supposed to be release this march but has been pushed back . Then set up you access rules in firewall and outbound policy. Instead of 2 BR1 Mini’s

Another Option could be second Speed fusion link from remote BR1 mini to another peplink device in datacenter on subnet that you operators or allowed to have access to. Using Access and outbound policy to restrict content at remote BR1

I Started with the UBR LTE 2 cell modem approach for redundancy back to datacenter with Speedfusion with Nat .

Incontrol with InTouch for 3dr party access to support remote devices is a clean approach . Read a few post where there where user authentication issue, but I believe have been resolved.
Currently working on the Intouch Access within Incontrol

Not any more. Upgrade your firmware to 8.4.1.

1 Like