I’m working on a project where the HD1 Dome Pro will be used on the mast of a yacht, with a cable connecting it to a Balance Router. This Balance Router will have a secondary WAN connection using Starlink.
The Dome has great WiFi AP coverage so there is no need for AP’s to be installed on the deck areas - however, when the yacht is at sea and has no cellular connection, I would like the ability to send the traffic over the LAN (I can use a static router to the IP address of the Balance) so that users can still access the internet from the deck using Starlink. I can’t see any way to configure this setup.
The Feature Request is for something similar to the Synergy mode, but I’d like the ability to manage the AP / SSID’s of the Dome from the Balance and route traffic over the appropriate WAN of the Balance Router.
This is possible if using IC2 for SSID configuration - but not if you’re running AP controller on the router. You can run AP on WAN side, but not the Dome AP.
Hi @Captain_Nik
Thank you for the reply - When the Dome doesn’t have its own Internet connection, how do you route the traffic to its LAN side, so it can use the internet connect on the Balance (Starlink in the example above)?
Honestly, I haven’t thought about this but I know it works as multiple places we’ve done this with ocean going vessels where the wi-fi stll works despite having no 4/5G connection.
This is something I would have to double check - usually we run devices in Synergy mode which will make them work via LAN.
Unsure if this will function correctly if not running in Synergy mode tho - worth a test!
I thought that Martin had a similar post the other day, but I can’t find it to link to.
The easy “right” answer is to add a APOne AX and synergize the dome. This gives you the best Wifi throughput, a single radio doing wifi/wan and wifi AP will always be slower than single purpose units.
The next answer is to remove the Balance2 from the routed path and connect the Starlink port via a virtual WAN. You can use any managed switch to tag the starlink VLAN, or you can use the LAN side of the balance 2. Just make sure you turn off the DHCP services on the B2. You configure the starlink LAN port to Vlan 1001 and set the link between the switch/B2 and the Dome to Trunk (include all VLANS) Then set the Virtual Wan to VLAN 1001.
This makes the HD1 Dome Pro the only router, it manages Wifi/wan, 5g WAN, and the Starlink Vlan Wan.
If you keep it the B2 is relegated to switch duty, and does no routing.
@Paul_Mossip 's answer is the right one. In this case there is no need for the Balance because you can add the virtual WAN to the dome. Just use a dome and a switch.
If you want to keep the balance then you can still do this but you have to change the routing topology by adding a virtual WAN to the dome.
You would add a VLAN to the Dome for the wifi users to sit in. Then use an outbound policy to send just their traffic via the virtual WAN. All other traffic will be sent via cellular WAN.
Then on the balance, you would add a LAN VLAN for wifi users. The dome vWAN is connected to that VLAN. Now as far as the balance is concerned you have a vlan with wifi users in it and a lan vlan with other devices and it does its load balancing / failover between its available WANs as normal.
If you want to see the individual wifi users (the vWAN is using NAT by default so you’d just see the dome’s vwan IP) then you would use IP forwarding on the vWAN and use static routes to let the balance know how to route to the dome vlan devices (next hop being the vWAN IP).
@MartinLangmaid
I’m still trying to configure this - it sounds so easy the way you and @Paul_Mossip have explained it, but when it comes to configuring the network ports I think I’m missing something.
I’ve attached a network diagram - the top diagram is the current config, using WiFi WAN to achieve the desired results - this works, but uses one of the Dome’s radios, meaning it can only use 2.4 or 5Ghz for Marina WiFi - not both.
The second part is my understanding of the configuration required. However, when I try to configure this (remotely) I lose access to either the Balance or the Dome. The Dome is using a SIM from the SIM Injector, so this must be discoverable from its LAN (that’s the setup before I start making changes).
The Balance Two is using an office connection for WAN 1.
When I change the port settings on the switch, the Dome loses access to the SIM Injector and therefore goes offline.
Is there a correct order to configure / cable this to avoid losing access?
So you have an internal AP and also want to use the Dome AP?.
You throw away the Balance 2. Set the switch to trunk to the dome (via the sim connector)
The key item is that you can only have one router. If you want to use the LAN AP/SSID of the dome, then the dome must be the single router.
Leave all of the ports on the switch to trunk except for one… that gets untagged/native VLAN 100 for the Virtual WAN.
Plug the starlink directly into that VLAN100 port. Leave 192.168.10.1/24 as the default VLAN.
If you want multiple VLANs for different SSIDs, just use the dome to configure the local and remote AP’s.
Yes we could put in a complex dual layer system that uses the balance2… but what does that add to the network design? it gives you double NAT on the Cellular/WIFI-WAN, and just adds complexity.
Hi @Paul_Mossip
Thank you - that sounds good for smaller installs, but I was hoping to use the same principle for larger yachts too, perhaps using a SDX with multiple WAN’s - including a Dome.
However, we’d like to use the WiFi on the Dome for clients on deck and allow them to use the alternative WAN connections on the SDX when the cellular on the Dome fails.
Synergy Mode allowing the SDX to manage the AP (LAN) side of the Dome as well as the WAN’s would be really helpful in this scenario.
You can’t remote manage an AP in a dome… only pure APs… (I know you want it, but you don’t have it now) So you have to configure the dome’s AP by hand.
Ok, so the complex Balance2 centric network.
Start with how your system is now, Diagram #1.
#1 Lets define the SSIDs.
SSID1 (Dome only) Native Vlan. (emergency fall back can only use the dome or don’t even configure it)
Configure on Dome as default untagged vlan. This is the only DHCP configuration on the dome. 192.168.10.1.
SSID2 (b2 LAN Vlan 11) Configure on B2 192.168.11.1 + DHCP (Ap manager) and Dome. VLAN11 Dome at 192.168.11.2
SSID3 (b2 LAN Vlan 12) Configure on B2 192.168.12.1 DHCP (AP manager) and Dome VLAN12 dome at 192.168.12.2
Configure port Lan #2 of the B2 to only trunk VLAN11 and VLAN12. No untagged.
Connect ethernet cable betwen SIM Injector and port #2.
Remove that Vlan22 backhaul that you are using as a workaround.
The B2 is now the DHCP master for all Wifi and Wired LAN networks. It has starlink directly on WAN2 and
via WAN1 can connect via cellular and WIFI/WAN of the dome. Double NAT (not in synergy)
Wifi Clients in SSID2 and SSID3 can connect to either AP, and via VLAN11 and VLAN12 are served IP’s and the default route from the B2.
if you are in the SDX range. just put another AP on deck and run the domes in Synergy mode. as I mentioned before using a dome as WIFI WAN and WifiAP kills the throughput.
I had a couple of these installations on sailing yachts and big catamarans. And i did it with a Balance two as well. I think there is a lack of router models with fanless design with 2 or 3 WAN Ports. A B310x without cellular but PoE ports would be great.
Anyway it would be the easiest deployment with just one Dome with an additional WAN-port. It’s no problem to run two ethernet cables through a mast. 10 or 11 antenna cables is a nogo.
Single Router is the way to go for small deployments. Add a WAN-Port to the Dome Pro series or make the second port switchable to LAN/WAN. (You need to use the splitter in this case)
That was pretty much solution #1… Use 1 router (The dome) and a managed switch.
Can you set the untagged LAN in the dome to be WAN? Otherwise you have to connect the starlink via the switch to have the VLAN untagged. I don’t have a dome, but I guess I can try with my BR1 pro 5G.
