Hi all,
First, thanks to everyone who helped me troubleshoot my earlier DHCP issue — it turned out to be my Ethernet adapter.
Current Setup:
- WAN1 behind ISP router (double NAT, no public static IP), currently getting 192.168.0.80.
- Unmanaged switches — each VLAN mapped to a dedicated LAN port:
- Port 1 → Staff LAN (192.168.0.0/23) with DHCP and static IPs in 192.168.1.x
- Port 2 → CCTV VLAN (10.10.30.0/24)
- Port 3 → Guest VLAN (10.10.40.0/24)
- Port 4 → optional management/default VLAN (192.168.50.0/24)
What I’ve Configured:
- DHCP is working on all LAN ports.
- Firewall rules implemented:
- Deny CCTV VLAN → Internet
- Allow Staff VLAN → Internet
- Allow Guest VLAN → WhatsApp only, DNS, NTP
- Allow 4 specific Staff VLAN IPs (192.168.1.x) → CCTV VLAN
- VPN rules (planned) via SpeedFusion Connect
Problem:
- Internet is only accessible via the default Wi-Fi (192.168.50.0/24).
- Devices connected via LAN cannot access the internet.
- LAN devices cannot reach the management network (192.168.50.1).
- Staff VLAN static IPs (192.168.1.x) also cannot access the internet.
- After implementing rules, nothing works beyond DHCP.
Goals:
- Staff VLAN → full internet
- Guest VLAN → WhatsApp + DNS/NTP only
- CCTV VLAN → no internet; accessible only by 4 staff static IPs
- VPN via SpeedFusion Connect for remote users:
- Staff VLAN → printers/servers
- CCTV VLAN → only the same 4 admin users
Request:
I would greatly appreciate step-by-step guidance for:
- Enabling internet on Staff and Guest LAN ports behind NAT
- Accessing the Peplink management network (192.168.50.1) from LAN
- Configuring SpeedFusion Connect VPN for remote users
- Firewall rules to enforce the above policies
- Inter-VLAN routing best practices with each VLAN on a dedicated physical port
Thanks in advance for any help — I’m a newbie and want to make sure I get this configured correctly.
Wail.