Yes BUT I primarily use max BR1, which has two LAN ports. So not much help if I need 3 untagged networks. Also, it requires multiple connections from the peplink to the network switch.
So, yes…this is a possible work around in some cases, but not in others. If you could select multiple vlans on one port that would work, but you can only select one.
I don’t understand. If you untag multiple networks on the same interface, how would the attached devices know which frame is meant for them? Untagging is done at egress and is typically done at the desired end device – though you could slap an unmanaged switch on the interface and have all the attached devices in the same VLAN.
Select Trunk instead of Access and Any. This will allow all VLAN traffic to traverse the link. If you would like to prune the trunk to just a subset of VLANs, you can do so on the other end of the trunk (assuming the connected switch supports pruning).
So - the big picture you are missing here is we have NO control over the existing customer networking gear. And in many cases…neither does the customer. We are not their IT company, just their IP phone company. When we can, we run the phones on separate cabling. When we have to share we run into these issues. Especially if the customer has HP Procurve switches and they are NOT set to do VLAN. Which means that they eat any tagged traffic.
As to the question of “how would a device know what is meant for them?” By the IP address of course. Again…it has ALWAYS been possible to run multiple untagged subnets on one physical network. There is no problem with this…unless you have a peplink router! Anything from a $50,000 high end Cisco to a $29 d-link home router will let you do this. The switches do not care (layer 2, layer 3…no matter). Technically, the devices “see” all traffic, but so what? They ignore what is not addressed to them.
I am pushing for this again. I just wasted four hours fighting to get some phones moved from one untagged network to another, because I was unable to have the pepwave connect to both.
Now Peplink has new devices with one LAN port, so even the poor option of doing port based vlan and connecting both ports to the same switch is not available.
I just do not understand what the problem is with doing this! Virtually every other router allows you to create as many untagged networks as you want on the same physical interface
I don’t think I have ever seen a customer router configured with multiple untagged subnets presented on the same access port. Can’t think of a good reason to do so either. What’s the topology / use case that requires it? Why do they have it configured that way?
1 Like
I am raising this yet again. one of my channel partners is about to install 8 watchguard firewalls when he would prefer to use Balance 710s. But because the customer has four or five untagged networks (plus a bunch of VLANs) at each location, we cannot use peplink equipment. Not unless we want to use say five LAN ports into a dumb switch then from that to the customers switches.
Again - EVERY other router available allows you to create as many untagged networks on one interface as you want. Why would I want to do that? I do not. I think it is stupid. But this is already in place, with literally hundreds of devices with static IPs in place. The customer is not going to redo their entire network to suit Peplink, so Peplink loses $40,000 in sales and the customer is getting what I think is an inferior product.
The only thing you cannot do (obviously) is have a DHCP server on more than one untagged network. The other questions I have seen asked in this thread baffle me. such as " If you untag multiple networks on the same interface, how would the attached devices know which frame is meant for them? ". Answer, by the IP address of course! How do you think a device knows what is meant for them on a vlan?
So far (and including this one) we have installed about $80,000 worth of Cisco and Watchguard firewalls ONLY because of this limitation.
1 Like
“Select Trunk instead of Access and Any. This will allow all VLAN traffic to traverse the link. If you would like to prune the trunk to just a subset of VLANs, you can do so on the other end of the trunk (assuming the connected switch supports pruning).”
This is a problem because A) no other vendor I’m aware of has this curious restriction and B) this requires the use of a managed switch on each interface to “prune” the VLANs passing the trunk, which the Peplink device should be capable (itself) of handling. It needlessly complicates a network infrastructure in many cases where a large VLAN deployment and organization is not already in place. It’s an issue for me as a home/SOHO user and I could imagine in a commercial setting this would be absolutely maddening - enough to disqualify the Peplink product(s) from consideration, absolutely. And before you say “just set the port as access and use a dumb switch on each port…” — again, needless complexity and device chaining. adding dumb switches where they really aren’t needed increases latency across the network, as just one example. (And that’s before we even get to the possible security implications beyond that!)
Our deep thanks to @jmpfas for his persistence to communicate the need (and pain) to us. This is well understood and our team will look into it.
2 Likes
And raising this one yet again - I have a new customer for our phone service. 42 locations. All have existing cradlepoint routers for cellular backup.
They are prepared to let me replace the cradlepoints with pepwaves, but they currently have multiple untagged networks at each location.
So - we either add this ability (like ALL other routers) or I have to leave these cradlepoints in place and put my phones behind them.
This is over $21,000 for just the pepwaves that will not be sold if we do not get this feature! Seriously, what is the problem here? virtually every other router allows this!
1 Like
This feature is already in our roadmap and we are working on it, I am checking if it will happen in coming 7.1.1 firmware, will keep you posted here.
3 Likes
John, we also hope this could happen sooner. This feature looks trivial at surface but this turns out to be more complicated in implementation because of our SD-WAN architecture, outbound policy engine and such. It’s taking us more time but as Noel has pointed out, it’s definitely being worked on.
1 Like
Was this ever implemented?
For now the only work around will be plugging in multiple cables from router to switch?
We have multiple /24 blocks, since we are taking over an existing network but we want to start moving over to a single network, in the mean time we need both up,
Not sure whether your request is the same as the feature request here but i can confirm the feature have been implemented since firmware 7.1.1.
7.1.1 release notes:
1 Like
this is great yes this is what i was looking for,
now i have a new issue , will open a new discussion
Yes and no.
Yes: You can have multiple untagged subnets on a single interface
No: There are some odd restrictions.
In OSPF/RIP you can only choose to adevertise or not advertise all of the subnets. i.e. it is bing controlled at the interface level instead of the subnet level. Very annoying. I have had a request in to change to for some time.
Engineering DID correct a similar error on one-to-one NAT. You used to only be able to select all subnets (which made no sense at all). Now you can select the individual subnets.
So - it works, but one little gotcha.
Question: I’m not well experienced with multiple subnets and VLANs. Our LAN was 198.42.231.254/24 (254 addresses). I was running out of addresses so we changed it to 198.42.231.254/23, which gives us 508 addresses. The DHCP server is 198.42.230.1 - 198.42.230.254, so we have 254 available DHCP, and another 254 for static devices.
The flaw in all this is remote access. For whatever reason the Peplink L2TP remote access server can’t deal with this subnet arrangement. You can connect but you can’t communicate with LAN devices. If you change the LAN back to /24 the remote access works fine.
The discussion above about multiple untagged subnets makes me wonder if I would be better off with two separate subnets 198.42.230.254/24 and 198.42.231.254/24. Assuming I check the box for inter VLAN routing, would this function identically to my current /23 setup? I haven’t tested it but I assume the remote access would work fine, and be able to access both subnets?
Is the setup the same as creating a VLAN, but don’t put a number in the VLAN ID box?
@Don, just to confirm the LAN devices with static IP also changed the Subnet when you do the testing ?
1 Like
Yes the LAN devices with static IP also changed Subnet. In fact the LAN devices acquired their address by DHCP from the Balance 380. Those devices have DHCP reservations in the 198.42.231.xxx range.
Do you think you can arrange the setup again to allow Support Team to check on this ? Supposedly changing the Subnet Mask should not cause anything for the remote access.
1 Like
Its been sometime since I tried the remote access connection to this Balance. Definitely before firmware 8. Possibly before firmware 7. I tested it today. It works properly. The VPN client receives an address from the DHCP range, and is able to communicate with other LAN devices. All good.
3 Likes