Goodday All,
Not sure what is going wrong here. I have a Peplink MAX BR1 ENT.
I have 3 vlans configured. 2 of them needs to communicate with eacht other. But i cannot acces the other vlan. (not with ping or acces a gui from a device)
I have inter-VLAN enbaled on both of them. I do not have any rules in the firewall yes, everything is open at the moment.
What can go wrong here?
Thanks in advance.
Might be worth sharing some screenshots of the vlan config.
Generally I enable inter vlan routing on all VLANs in the VLAN config then lock it down with internal firewall rules - makes for a tidier config.
Hi to all
I am continuing this tread because I have same problem.
I am using Max BR1 MKII router.
For testing purpose i keep configuration as simple as possible.
Port 1 is Vlan 1 192.168.1.1 with PC directly connected. Port 2 is Vlan 3 192.168.3.1 with second PC directly connected.
Port setings is access on both ports
WAN port is configured to be used as LAN port 2
Inter VLAN routing is chacked on boath VLAN-s
Firewall is default allow all
DHCP server on both VLAN is working fine.
WiFi wan is internet gateway.
Both PC have internet connection
I cannot ping from PC to second PC or vice versa.
When i connect both PC-s to same network ping is working.
I tried playing with firewall rules. static routes etc with no luck.
After reading forums for 2 hours I came to conclusion this should work but it does not.
What am I missing??
Thanks
What you are wanting to do should be possible - unless there is something specific to the Max BR1 MKII that I am unaware of.
Are you running an application based firewall on the two PCs? The two networks would have no inherent “trust” (for lack of a better word).
Also, since that traffic is VLAN to VLAN - make sure your allow rule is created in the “Internal Network Firewall Rules” section. Although, since this is using the WAN port as a LAN port – I guess it could potentially be an Inbound Firewall Rule AND/OR Outbound Firewall Rule (depending on direction of ping packet). I would temporarily create an “allow” rule with logging on each section to see which one is active for that traffic. My assumption is that the Max BR1 MKII has similar options to my Balance routers, disregard if it is different.
One question - when you say “When I connect both PC-s to the same network ping is working” - how were you connecting them to the same network? i.e. do you have another switch in there somewhere? is one of the devices using wireless? How are the two devices “sharing” the single LAN interface? If there is another switch in the infrastructure - is it a “smart” switch (implementing/understanding VLans)?
Please forgive my ignorance of the Max BR1 router… my main contribution was to look for firewall software running on the PCs - what is allowed for the local lan is not always allowed for routed networks. Same layer 3 - allowed. Different layer 3 - blocked. (local vs. public)
Don’t get frustrated - someone on the forum with knowledge specific to the Max BR1 will chime in pretty soon.
Hi
There is no software firewalls on any PC. OS windows 7 on both. One is my home PC other is work laptop. For testing i connect both to my home network, PC to LAN Laptop to LAN or WiFi ping is working both direction.
In firewall only default rules are entered. Protocol,source, destination all to “any” and allowed.
Earlier today in the field i tried similar configuration on older Max BR1, witch have 2 physical LAN ports, with similar results or should i say lack of results. So i grab new MKII to test configuration but no luck.
For this job plan was bit more complicated configuration with 4-5 VLANs, IGMP proxy, bonjour service, 3 SSID, 4x AP AC. Main router should be Max HD2. But I am stuck on the first step.
Most frustrating thing is seeing original poster started tread at December 2019 and still no solution.
Thank for your replay.
Sorry bud, I am not much help – that product line is not something that I currently own. I did try to read through the operations manual to see if there was anything specific to what you are doing/trying to do. The manual is combined with so many other models, that there is very little information on what specific features are included from one model to another.
One thing that did stick out is the “VLAN on LAN” feature – why specify the “on LAN” portion? My guess is that the WAN interface (even though you have configured it as a LAN) may simply not be capable (through hardware or software) to do the VLAN tagging/reading. Also interestingly, I did not see any mention of the “use WAN as LAN” option in the manual.
One thing that I am stumbling on is - I can’t tell if the MAX BR1 MKII has a simplified version of the firewall configuration or not. My routers match up with the documentation for the MAX line of products, but I don’t know if my defaults are the same as yours. My firewall config is broken up in three sections - Outbound (LAN->WAN), Inbound (WAN->LAN), and Internal (VLAN->VLAN, LAN->VLAN, PPTP->LAN/VLAN, etc). You definitely want to make sure the “Internal” section is where you set these particular rules up.
I am merely bored and have some time. don’t worry - someone more knowledgeable than me will see this and respond. It seems like the original poster abandoned the thread without giving any kind of update as to whether or not he got it working. It does seem that the MAX line in general is very “specialized” and I wouldn’t be surprised if Peplink has limited functionality based on price point (hardware). I am sure a Peplink Certified Retailer would be able to chime in on that one. It is odd that it didn’t work when there are two dedicated physical LAN interfaces (MAX BR1). Good luck buddy, hopefully you get some answers that are helpful soon.
Can the PC’s on these VLANs ping the IP of the BR1 in the other VLAN?
Interestingly YES!
Just tested it, both PC can ping 192.168.1.1 and 192.168.3.1 (even opening Web Admin), but not each other.
I double checked PCs if i connected them to same port via unmanaged switch, ping and windows file sharing is working.
Is there a way that I export human readable configuration so you can investigate more? Beside what i wrote here everything else is default.
Or is there something else you can suggest that try or test?
Thank you all for you time
I would consider this solved!
It was windows firewall software problem after all. Spending Sunday afternoon configuring mikrotik router for same purpose and browsing thru mikortik forum I find out that:
Windows firewall block ping and file sharing from different subnet! Even it is in private network mode.
After configuring windows firewall rules to scope any IP everything is working fine. Ping and file sharing.
Sorry for all the drama, thanks again everybody for assistance and I hope this help to someone else as well.
Glad that you got it sorted. Networking is fun, right? Good luck in your adventures.