Router (no NAT) behind Peplink router

amaravati 2017-08-10 17:01:33 UTC #1

Hi,

I am in a bit of a new situation. We want to add another router behind the Peplink router. This new router’s NAT will be disabled. And now I don’t know how to configure the IP addressing ot make this work. I believe I need to static routing, but I have never done that, so perhaps some help.

Currently I have the following situation:

Peplink One (DHCP, Gateway, 5 WANs) 192.168.0.250/23
|
|
Managed Switch 192.168.0.1/23
|
|
All clients 192.168.0.X/23

So I would this situation

Peplink One (DHCP, Gateway, 5 WANs) 192.168.0.250/23
|
|
New Router without NAT
WAN port: X.X.X.X/XX (what subnet?)
LAN port: X.X.X.X/XX (what subnet?
|
|
Managed Switch 192.168.0.1/23
|
|
All clients 192.168.0.X/23

I assume the the WAN port should be connected to the LAN port of the Peplink One. And the LAN port should be connected to the managed switch on 192.168.0.1/23. But I don’t know what to do with:
A) WAN port: X.X.X.X/XX (what subnet?)
B) LAN port: X.X.X.X/XX (what subnet?
C) How can traffic that comes to the New router on the LAN port, goes to the Peplink?

I hope someone with some expertise here can help, perhaps also name this convention (I don’t even know how to google this issue).

Thanks

MartinLangmaid 2017-08-10 18:03:35 UTC #2

Why do you want a new router? Whats the requirement?

Normally you would use a router to subdivide a network. For example in my home network, I have a Balance router (A) connected to the internet with a LAN of 192.168.1.1/24 (it provides DHCP) and I have another balance router (B) with its WAN plugged into the lan of A (via a switch). Router B’s wan (no NAT - with IP forwarding configured) is set to static and is 192.168.1.254, its lan (DHCP) is 172.16.1.1/24. Router B has its own physically separate LAN switch into which i plug all my test and R&D equipment for my test lab.

Router B’s LAN is my test network. But i need to access my NAS on Router A’s LAN and my workstation on Router A’s LAN needs to be able to access devices on Router B’s LAN. To do this I have a static route set on Router A for 172.16.1.0/24 -> 192.168.1.254

amaravati 2017-08-10 20:18:57 UTC #3

Hi Martin

Thanks for explaining the static routes setup. I guess that is the only way to go right?

The reason is that this router is part of a the Unifi wifi system, from Ubiquiti. The router they supply can provide DPI / monitoring. I wish I could replace the peplink with this new router, but I have 5 WANs, so that is a no go for now. We are in process of getting fibre, so it is a matter of time before the peplink is replaced. Or, better, ubiquiti will at some time release a way to use a drop in mode, but that is not possible yet, only disabling NAT. I prefer peplink because it is so robust.

I will try to play with the configuration with a static route and ip forwarding. Thanks

MartinLangmaid 2017-08-11 18:21:02 UTC #4

Its not the only way to go - there are always multiple approaches. You could just daisy chain the Balance and the Unifi router (unifi WAN into balance LAN - nothing else in balance LAN) and put all your clients behind the Unifi treating the balance as the internet access router but have the Unifi router as your whole networks gateway (so DHCP on the Unifi router).

It all depends on what functionality you want and how many devices you have etc.

Erik_deBie 2017-08-13 11:29:49 UTC #5

Hi Amaravati, you mentioned you have another router because of it’s DPI functionality; what are you missing in the Peplink DPI feature? See: IC2 Deep packet inspection (DPI) reports and everything you need to know about it

amaravati 2017-08-13 15:23:18 UTC #6

Hi @Erick_deBie

Well… I did notice their new incontrol has the DPI features 'just’
enabled on Firmware 7.0.1 (latest). I am missing the following:

offline monitoring
non-subscription model (incontrol is only offered for in warranty
machines or extra payments)
mobile APP with DPI view
per IP address DPI segments/view
breakdown of DPI categories and drill down to which sites etc

Anyway, the major issue is point 1 & 2 I guess then.

Thanks for asking.

Amaravati