I have a max transit duo to which I recently added the AP One AC Mini external access point. I had configured an outbound policy to route traffic to my speedfusion tunnel when a client connected to my “SF” SSID. I recently noticed, by looking through the active sessions, that this routing was not taking place. I then went back to my outbound rule and opened the help card for the Source. At the bottom of the help card it states “Traffic coming from the SSID on external AP’s is not included.” Even though the external AP derives the SSIDs from the max duo it looks like this is my problem. So I guess I am going to have to find another way to route my desired traffic to my SF tunnel?
You can change your outbound policy to use “IP Network” as the source. Just fill in the network information that is assigned to that SSID.
Your SSID should map to a network or VLan. Use the network/VLan as the source of the outbound policy Instead of the SSID.
if you have multiple SSIDs mapping to the same LAN, and only want a subset of the LAN IPs to use the tunnel - you will need to either move the SSID to use a VLan OR you can use the “grouped network devices” function to create your groups (and then use the group as the source of your outbound policy)
Do you have more than one LAN/VLAN?
Dear Jason,
I have just been round the loop of raising a ticket with Peplink on this very topic in conjunction with my new installation of a Max BR2 Pro with 4 x AP One AX Lite external APs. For some reason the developer(s) of this aspect of the firmware seem to think that it’s OK to simply add a tiny Help Screen stating that this rule will only work if a Wi-Fi Client flukes onto the router itself and has not roamed onto one of the network’s Peplink APs?
Having developed software myself, I can not understand their problem as the router clearly has knowledge of which SSID EVERY Wi-Fi client is connected to due to being able to display in on the Wi-Fi Clients page under the AP tab. To have the option of an Outbound Rule that does not fully work when Peplink APs are connected on the network is in my view ridiculous!
Can you help me to get passed the Peplink 1st Line back to who ever is in charge of Development to discuss the issue with this rule as implemented (and not have to use a workaround).
My Peplink Trouble Ticket number is: 23060138
Kind Regards,
Adrian Hobbins
1 Like
To add my voice to that of @AdrianHobbins: If one happens to use the same SSID across multiple APs, including the router itself, one gets the unfortunate effect of the clients’ connections changing as one moves around (changing from one Ap to another).
With the introduction of the SFC functionality, where routing to the SFC server is automatically enabled via an SSID assignment, this issue becomes more urgent. As it is now the SSID for the SFC is only made available at the router itself, leaving clients of the APs of the system without access to the service.
This is undesirable.
Separating the SSIDs by VLAN has unpleasant side-effects (e.g., broadcast-based protocols start failing),
Separating devices by IP-addresses introduces additional maintenance complexity (since the DHCP options are limited and there is DHCP allocation no range definition associated with any particular SSID).
Request:
Enable the SSID outbound policy being sensitive to the client’s SSID, incl. in the face of accesses via external APs.
1 Like
As I understand it - the ability to have SFC routing by SSID via Access Points was supposed to have been added to firmware 8.4.
But in my own testing - this is still not working as it should.
I consider this a bug, and hope that it is addressed in a future update.
- Chris
1 Like
Yes, I’ve wanted this feature for quite some time now and even though 8.4 says it works it DOES NOT work! I can’t get it to work as an outbound policy or on the SFC routing page. Please fix, Pepwave.
1 Like