Disable access when on backup Internet

Product Discussion Peplink Balance
1

Hi All,

I have many Peplink Balance 20’s in restaurants that are configured with low bandwidth cellular backup Internet. The backup Internet plans do not include a monthly bandwidth allowance. The client is charged based on usage which can sometimes be excessive when the primary Internet is down for an extended length of time. This is especially a problem when there are many guests on the WiFi (Ubiquiti AP’s).

My primary goal is to make sure that back of house operations, i.e. credit cards, have Internet access.

Two questions,

  1. can a create an alert when bandwidth usage exceeds a certain amount on the backup Internet WAN?
  2. can I disable Internet access by port, IP Address or some other fashion when running on backup Internet?

Any other thoughts or suggestions appreciated.

Thanks,

~eric

2

Yes, you can enable Bandwidth Allowance Monitor on the WANs and set a total amount of bandwidth allocated to that WAN then you’ll get email notifications on 75/95% usage of data on that WAN.

You could set up an outbound policy as enforced for all traffic to the primary WAN, then above that add additional outbound policies for specific traffic types (if from specific IPS or destined for specific ports) that you want to allow over the backup WAN if the primary is not available (so priority outbound rules).

Just remember to allow IC2 traffic to use the backup WAN so you can still remotely manage it. I’ll create a rule for *.peplink.com and make sure that can access all WANs.

2 Likes
3

Hello @Eric_Langley,
Similar to what @MartinLangmaid has shared, we do this for many resturants and other industries that offer “Guest Wi-Fi”.

Using outbound policies in the router and by putting the Guest Wi-Fi onto a dedicated VLAN, we enforce that traffic to the wired WAN connection only. This allows for the essential business IP trafffic to pass via the backup LTE connection and stops the guest networks from using the more expensive data.

Peplink%20Balance%20One%20%20-%20Outbound%20Policy%20-%20Enforce%20Wi-Fi%20to%20WAN%20using%20VLAN%20(Rising%20Connection)
Peplink%20Balance%20One%20%20-%20Outbound%20Policy%20-%20Enforce%20Wi-Fi%20to%20WAN%20using%20VLAN%20(Rising%20Connection)737×264 29.9 KB

This method also ensures that Peplink’s InControl2 can use the backup LTE service also.

Happy to Help,
Marcus :slight_smile:

2 Likes
4

Thank you @MartinLangmaid and @mldowling

Martin,
I was able to configure the alerts for the circuit, however, I am having trouble getting the Balance 20’s to sent Notification Emails (I have a trouble ticket open with Peplink on it).

@mldowling I was able to setup enforcing WAN1 access to the Guest WiFi.

Thanks for the help with that.

To take this a little further. How can we notify the client that they are running on backup Internet and because of that Guest WiFi is disabled?

~eric

5

Hello @Eric_Langley,

You can create a notification profile at the group level within InControl2 for the client (being that you are refereeing to your client and not the user of the guest Wi-Fi).
InControl2%20-%20Group%20Settings%20-%20Dropdown%20Menu%20for%20Settings%20-%20Notifications%20(Rising%20Connection)

You can change the “Profile 1” name to something more meaningful to you.
Then select the required selection and enter the email(s) for the notification.

InControl2%20-%20Notifications%20-%20WAN%20Down%20-%20Email%20(Rising%20Connection)
InControl2%20-%20Notifications%20-%20WAN%20Down%20-%20Email%20(Rising%20Connection)1015×612 40.8 KB

If it is the end user/guest you want notified, then that is something that can not currently be done, partly due to the fact you have the guest network blocked from accessing the backup network.
Happy to Help,
Marcus :slight_smile: