Router (no NAT) behind Peplink router

amaravati 2017-08-10 17:01:33 UTC #1

Hi,

I am in a bit of a new situation. We want to add another router behind the Peplink router. This new router’s NAT will be disabled. And now I don’t know how to configure the IP addressing ot make this work. I believe I need to static routing, but I have never done that, so perhaps some help.

Currently I have the following situation:

Peplink One (DHCP, Gateway, 5 WANs) 192.168.0.250/23
|
|
Managed Switch 192.168.0.1/23
|
|
All clients 192.168.0.X/23

So I would this situation

Peplink One (DHCP, Gateway, 5 WANs) 192.168.0.250/23
|
|
New Router without NAT
WAN port: X.X.X.X/XX (what subnet?)
LAN port: X.X.X.X/XX (what subnet?
|
|
Managed Switch 192.168.0.1/23
|
|
All clients 192.168.0.X/23

I assume the the WAN port should be connected to the LAN port of the Peplink One. And the LAN port should be connected to the managed switch on 192.168.0.1/23. But I don’t know what to do with:
A) WAN port: X.X.X.X/XX (what subnet?)
B) LAN port: X.X.X.X/XX (what subnet?
C) How can traffic that comes to the New router on the LAN port, goes to the Peplink?

I hope someone with some expertise here can help, perhaps also name this convention (I don’t even know how to google this issue).

Thanks

MartinLangmaid 2017-08-10 18:03:35 UTC #2

Why do you want a new router? Whats the requirement?

Normally you would use a router to subdivide a network. For example in my home network, I have a Balance router (A) connected to the internet with a LAN of 192.168.1.1/24 (it provides DHCP) and I have another balance router (B) with its WAN plugged into the lan of A (via a switch). Router B’s wan (no NAT - with IP forwarding configured) is set to static and is 192.168.1.254, its lan (DHCP) is 172.16.1.1/24. Router B has its own physically separate LAN switch into which i plug all my test and R&D equipment for my test lab.

Router B’s LAN is my test network. But i need to access my NAS on Router A’s LAN and my workstation on Router A’s LAN needs to be able to access devices on Router B’s LAN. To do this I have a static route set on Router A for 172.16.1.0/24 -> 192.168.1.254

amaravati 2017-08-10 20:18:57 UTC #3

Hi Martin

Thanks for explaining the static routes setup. I guess that is the only way to go right?

The reason is that this router is part of a the Unifi wifi system, from Ubiquiti. The router they supply can provide DPI / monitoring. I wish I could replace the peplink with this new router, but I have 5 WANs, so that is a no go for now. We are in process of getting fibre, so it is a matter of time before the peplink is replaced. Or, better, ubiquiti will at some time release a way to use a drop in mode, but that is not possible yet, only disabling NAT. I prefer peplink because it is so robust.

I will try to play with the configuration with a static route and ip forwarding. Thanks

MartinLangmaid 2017-08-11 18:21:02 UTC #4

Its not the only way to go - there are always multiple approaches. You could just daisy chain the Balance and the Unifi router (unifi WAN into balance LAN - nothing else in balance LAN) and put all your clients behind the Unifi treating the balance as the internet access router but have the Unifi router as your whole networks gateway (so DHCP on the Unifi router).

It all depends on what functionality you want and how many devices you have etc.

Erik_deBie 2017-08-13 11:29:49 UTC #5

Hi Amaravati, you mentioned you have another router because of it’s DPI functionality; what are you missing in the Peplink DPI feature? See: IC2 Deep packet inspection (DPI) reports and everything you need to know about it

amaravati 2017-08-13 15:23:18 UTC #6

Hi @Erick_deBie

Well… I did notice their new incontrol has the DPI features 'just’
enabled on Firmware 7.0.1 (latest). I am missing the following:

offline monitoring
non-subscription model (incontrol is only offered for in warranty
machines or extra payments)
mobile APP with DPI view
per IP address DPI segments/view
breakdown of DPI categories and drill down to which sites etc

Anyway, the major issue is point 1 & 2 I guess then.

Thanks for asking.

Amaravati

amaravati 2017-08-27 13:50:41 UTC #7

@MartinLangmaid

This weekend I have been trying to get the IP forwarding working + static route. It all seems to work. However, the Peplink doesn’t recognise the individual IP addresses behind Router B, is that also in your case? I can’t seems to see individual IPs, only IP I see is Router B.

amaravati 2017-08-27 14:05:26 UTC #8

Found the issue…

I had previously connected the second ROUTER on the peplink lan port under TRUNK with a VLAN. And now I have chosen a dedicated ACCESS port. After changing this, the IP started appearing in the client lists.

MartinLangmaid 2017-08-27 20:28:01 UTC #9

Glad you got it working!

amaravati 2017-09-01 14:24:20 UTC #10

@Erik_De_bie

Here some screenshots of the DPI app on an iPad. It just adds all the traffic, so it doesn’t provide per day/time overview. But it does let you drill down per user per type of usage.

andyblac4791 2017-10-11 18:42:25 UTC #11

want to do same thing, can you explain exactly what you did please.

Thanks
Andy.

amaravati 2017-10-13 06:31:00 UTC #12

The explanation given was pretty clear by MartinLangMaid. I’m happy to clarify, but you will need to specify your setup/brand/model and let us know what exactly do you need help with.

See my original post.

amaravati 2017-10-13 06:52:41 UTC #13

@andyblac4791 Also, perhaps look at another post here:

Number 37, I tried to explain in detail what I did there.

andyblac4791 2017-10-13 09:00:46 UTC #14

thanks, yeah got it sorted.