We have a Balance 2500 core network router with Max HD2, HD4 Mini HD2 remote router for ways to live broadband video surveillance.
We must accommodate other services on our Balance 2500 and we want to split the other services of ours.
For this, we think pass with the VLAN implementation of services.
We must also put us in a dedicated VLAN to make “completely separate” all Max router dating back to the 2500 balance based on user services.
We have a diagram corresponding to what we want.
1 - Is it possible with Peplink products?
2 - What do you think? Is this the right approach?
3 - How to get to this need properly and make 100% functional?
Sorry for confusing. The reason I used “Vlan” to represent network address is to help you to have better understanding on the proposed rules. Actually:-
I applied migration firmare 6.1.2 to 6.2 on all products we have.
Furthermore, I opened another threat on problems emerged since this upgrade on the Balance 2500.
But apart from problems discussed, I did a first test between one VLAN with our Balance 2500 and a HD4 router.
I followed the procedure that indicates Peplink for firmware 6.2.
On the Balance 2500, so I create a VLAN with a network.
On the HD4, I created the same VLAN but I kept the HD4 network settings.
In summary, the Balance 2500 and the HD4, I get on each unit:
_ A network Untag
-Balance 2500: Untag 192.168.5.1/24
-HD4: Untag 192.168.120.1/24
_ A network in VLAN 200:
-Balance 2500: V200 192.168.51.1/24
-HD4: V200 192.168.121.1/24
I specify in I checked the box: Inter-Vlan routing.
I can connect to the Balance 2500 with his untag address or with his vlan address.
I realized this by connecting me to the Peplink Balance 2500 with PPTP VPN- my IP adress obtaining a DHCP address from the lan side of untag and also from a computer on the local lan Balance 2500 (always untag)
But I can not connect to the router Max HD4 nor Untag with its IP address or with the IP address of Vlan.
I did not apply any rules in the firewall.
All is the default rule : Allow.
I can only connect to the Router HD4 by its WAN IP address.
But that’s not what I’m looking.
I need to administer at the request all my devices regardless of their location.
And there it is not possible.
Is there a technical solution with my Peplink products?
I understand your vision having as basis the untag VLAN for management and PPTP users.
My problem is as follows:
I have only one Balance 2500.
On this unit I have to accommodate several separate users.
Each user must have access to their Peplink router as an administrator for operational reasons.
They should all have access via PPTP type or other VPN to their respective Peplink router.
I can not properly divide each group.
The only solution I see is to have a balance 2500 or 1350 Balance for each group, to separately manage each group and offer them a PPTP VPN or other access to their remote Peplink router from outside of our networks via the Internet.
But that’s not feasible financially and logistically.
That’s why I try to accommodate them on our Balance 2500 without any users can see others while having allow access from the Internet and local but limited to each group.
The risk let the untag vlan on each Peplink for administration is to open the discovery see an interaction between groups.
In addition, the PPTP access is global.