So I have what I would consider a relatively complicated situation, that I can’t figure out. I am operating in an application where a Balance 30 LTE is used on a marine vessel to create a LAN that chooses from various internet sources depending on availability. It uses the WAN1 port for a primary connection in the “home port.” The WAN2 is a backup priority that is used for “guest marinas.” Then finally the cellular as another backup priority, is used when the vessel is in open water.
On the vessel there is this system called a garmin marine network, the only relevant part of the system is that all of the chart plotters have build in DHCP servers to provide addressing to any device that asks…the most important part is their server parameters cannot be modified and they do not provide DNS or Gateway information. Strictly private addressing.
the garmin system also has a iOS app that searches a predetermined stack of ip addresses for the plotters to be accessible in the app.
the issue I’m having is… Other devices in the network tend to get addressing from the garmin network instead of the pep link dhcp server. Some of the network devices such as SONOS do not allow for static IP address. Other devices such as cell phones would be hard if not impossible to constantly set static addresses for as they are always changing.
My solution would be to setup VLANS to separate the two networks… By port… I can physicall separate these two networks easily… The garmin network doesn’t need network/internet access but the "user network
does, and also needs to be able to see the plotters to use the iOS app…
I would do the same. Port based VLAN for the Garmin Marine Network (stick it on its own VLAN and assign a physical LAN port on the B30LTE to it), then a flat normal untagged network segment for the user internet access element of this. All you need to do is make sure that the untagged network is in a different range/subnet to the Garmin IP network and enable inter vlan routing on the B30LTE.
That way user devices (like smart phones / tablets) will still be able to access the plotters on the Garmin network via the B30LTE, whilst also having managed internet access based on WAN availability.
So that will stop the dhcp servers in the garmin devices from providing addresses to the other side right ? There is also a multicast problem , some of the garmin devices are super talkative and will flood the wireless side …
Access vlan … Right ? Anything else I need to be aware of ?
Yes thats right, the Garmin device DHCP services will only provide DHCP addresses to devices on their specific VLAN since the DHCP broadcasts from the untagged LAN will not cross into the Garmin VLAN. Normal LAN devices (smartphones / tablets) will receive DHCP addresses from the B30LTE DHCP service on the untagged network.
Nothing else I can think to mention. Do it and let us know how you get on.
Last 2 questions … Will it also block multicast traffic from the garmin side from reaching the wireless AP on the other side ? And should the ip stack be completely different or similar … I’m concerned about that garmin app being able to see the 172.16.X.X IP address from the user side…
Broadcast traffic will not pass between Garmin VLAN and untagged LAN. If the current Garmin subnet was 172.16.1.0/24 you could have an untagged subnet of 172.16.2.0/24. User devices would get a 172.16.2.x address and be able to route traffic to 172.16.1.0/24 subnet (with intervlan routing checked/enabled).
I suppose that if the Garmin smartphone app relies on broadcast traffic for installed device detection this won’t work, but you suggested that it in fact searches for a predefined list of IP addresses (ie in the 172.16.1.0/24 range), so this should work ok.
If the user device needs to be on the same broadcast network as the Garmin devices to work - the next approach would be to create a new SSID called Garmin - assign that to the same VLAN as the wired devices and only connect the user devices that need garmin access to that SSID - they would then get a DHCP address from the Garmin DHCP services.
User devices that don’t need Garmin device access would connect to a separate SSID (maybe called ‘Internet’) on the untagged network and so would be isolated from the potentially talkative multicast traffic on the VLAN.
Ah OK. I would assume you have a single bit of ethernet coming from the Garmin network side? In which case that should be plugged into an access port in the right vlan.
The garmin network has a crazy expensive glorified switch that all the sensors plug into … Then I have that running into lan port 1 of the peplink with a access vlan set … Port 2 has the wireless bridge plugged in serving wifi clients …
Yes the only place they overlap is at /16 so thats your only option really.
It is insane that this stuff is not configurable… just doesn’t make any sense to me. Anyone would want to plug together the kit and have a master DHCP service and a single IP network for all attached devices…
Can you share the model numbers of the kit in use. I want to look at the manuals to understand it better.
Ok, I just figured out that if the subnet is not 255.255.0.0 the app can’t find the plotters … If I change the subnet of the peplink it instantly comes up …
This is a well documented system … Google garmin marine network … Every piece is garmin specific , even their bridge … It’s twice the price as he pico …
This post Sign in - Google Accounts agrees that the router needs a /16 address as the garmin devices all come up with 172.16.x.0 addresses.
So, set up a Vlan (eg VLAN ID 10) on the B30LTE with it set to 172.16.6.3/16 and DHCP configured 172.16.6.100 - 110 - enable inter vlan routing.
Set LAN1 as an access port for that VLAN (10).
Create a SSID called Garmin, allocate it to the VLAN 10.
Now when you connect the app to using the Garmin SSID it will be able to access the plotters and it will also be able to access the internet (assuming it picks up a DHCP address in the .6.100 -.6.110 range from the balance)
Crate another SSID called ‘internet’ leave it without a VLAN (so its on the default untagged network). Leave that untagged network segment in the 192.168.1.1/24 range.
Any device that needs internet but does not need access to the Garmin marine network can connect to the ‘Internet’ wireless network SSID.
I would also enabled IGMP Snooping on the Garmin SSID settings as it seems the radar and sonar devices flood the network with multicast packets - although I’m not sure which devices you have.
Ok, so then it gets more complicated lol … Pat McQueen is actually where I started, the issue is . His system is much older and it doesn’t give out addresses to attached devices … If I put an AP on the garmin side of the network … The chart plotters are likely to give our addresses without DNS or gateway information …
What I’m ultimately trying to accomplish here … Is the Garmin chart plotters not giving out incomplete ip addresses to say an iPad … If I put everything on the same network , turning the chart plotters on last , I can open the helm app and AirPlay it to a tv … Basically what really screws me up here … Is the chart plotters giving out those random ip addresses with missing dns and gateway information … A lot of the devices like sonos don’t allow for static IP address to be set or this wouldn’t be a problem …
Ok, so helm app needs to be in the 172.16.x.x stack with a subnet of 255.255.0.0 to open … But also needs to access 'Internet" network to work with AirPlay …
Then you either need a way to block the DHCP response from the plotters reaching the user devices, or accept that you can’t have a user device connected to the garmin marine data network that can also access the internet and the rest of the vessel’s data network.
On most managed switches there is the option to enable DHCP filtering (or snooping) that will block unwanted DHCP responses (from rogue DHCP servers)- do you have a managed switch onboard?
