Only allow one computer to access Mobile Internet during WAN 1 failure


#1

Hello All,

I have a Peplink Balance 20 with a cable modem on WAN 1 and a Mobile Internet USB device.

During a failure of WAN 1 only one computer on the LAN should be able to access the Internet.

What would be the best way to configure that?

TYIA,

~eric


#2

Interesting, try creating a VLAN just for that one computer on the LAN you want internet to fail over too. Tag that computer with the VLAN and keep Inter-VLAN routing enabled. Then in your outbound policy try this:

Source: Main Network Subnet
Destination: The IP of your computer that you only want to access internet or the VLAN network of that one computer
Protocol: ANY
Port: ANY
Algorithm: Priority
ISP 1
ISP 2 (LTE)
Check the terminate sessions on link recovery

*I’m not sure if that would work but its worth a shot.


#3

*Then as your second outbound policy rule:
Source: IP or network of the 1 computer
Destination: ANY
Protocol: ANY
Algorithm: Persistence

*Again, this is what I would try probably first if I were in your position. In no way shape or form am I saying that this will work.


#4

@tjvoip45, thanks for your suggestions - we always appreciate you being so active on our Forums!

This can actually be accomplished without any VLAN requirement. The first thing you would do is create a DHCP reservation for the one computer and then create two outbound rules:

Source: DHCP reservation IP address
Destination: ANY
Protocol: ANY
Port: ANY
Algorithm: Priority
ISP 1
ISP 2 (LTE)
Check the terminate sessions on link recovery

And then below this rule you would create another one:

Source: ANY
Destination: ANY
Protocol: ANY
Port: ANY
Algorithm: Enforced to WAN1

This rule must be placed below the other rule or it will not work.


#5

I see! I figured it would be something of that nature. That makes sense with the reservation. I don’t understand though in the second outbound policy, why would you enforce the traffic via WAN1 if WAN1 we are assuming is down?


#6

The enforced rule will insure that all other computers/devices will only go out WAN1 and will not be able to fail-over to the USB WAN as he requires. The outbound policy rules are executed firewall-style from top to bottom.


#7

I see now thanks a lot!