Peplink Balance 20 with Guest network and failover

Goal:
Use a Peplink Balance 20 with failover and two wireless networks (created using 2 Apple Airport Express devices), one for the private office users and one for guest users.

I want to ensure that the guest users are not on the same network as the private office users (ie: The guest network users should not have access to any devices on the network - They should have internet access only). I want to have a primary internet connection (cable) and a backup internet connection (mobile data plan). I don’t want to use the backup internet connection unless the primary goes down. So I want to apply QoS to the guest network users so they aren’t eating up a large chunk of the bandwidth from the primary internet connection. Once the router fails over I want to disable the guest network so that only the office users will have internet connection via the backup internet connection.

The first thing I want to do is setup the guest network and prevent guest users from accessing files on the private office network. I’m assuming this needs to be done with VLANs?

Here is the topology I will be using. Is this possible? How can this be achieved?

448×588 11.3 KB

(I posted this in the “Peplink Balance” section, but I think it fits better here)

Yes, you have to use VLANs to separate the 2 different group of users. Based on your network topology your Linksys switch need to support VLAN. Otherwise you can connect directly to our Balance 20, which support port-based VLANs.

As for managing the usage of Internet connectivity you’ll need a couple of outbound policy.

1. Priority algorithm with priority 1 on cable, 2 on mobile. Source based on your staff subnet.

2. Enforced algorithm using cable link. Source based on your guest subnet.

3. QoS can be done by assigning guest subnet to pre-defined guest user group. You can then do bandwidth limitation based in user or group.

4. (Question) Is the location of considerable size that you require 2 APs?