I hope someone can shine some light and help me with the answer to this one. i Have spend time with Peplink Engineers and Tech Support on the phone going over this topic but i can still not get a solid answer. Some say YES you can do it with the new 7.0.0 firmware release and some say NO you can’t.
Basically what i would like to accomplish is the following:
I would like to route a specific WAN ISP (SAY p1) to a specific LAN (SAY p1). All other LAN ports will not have access to this network unless it is given access by the administrator.
then:
I would like to route a specific WAN ISP (SAY p2) to a specific LAN (SAY p2). All other LAN ports will not have access to this network unless it is given access by the administrator.
I Hope someone is catching what i’m pitching. I would love to get some expert advice on this topic.
Hi Thanks for the reply Tim_S
I Appreciate the help mate.
I see that you are part of the peplink team so if you do not mind i have one more question.
I also have a Pepwave MAX HD4. From what i can see it looks like the HD4 has some sort of amplifier installed for the WIFI WAN connections.
Do you know if the CELL WAN’s have anything installed that amplifies the signal strength or do i need to buy a cellular amplifier and install it between the pepwave and the Antenna?
For what it is worth: We are using a WeBoost Connect 4G with a Yagi antenna feeding a signal to a Balance 30LTE through a local rebroadcast. It works very well for AT&T and Verizon. (It provides cellphone access as well.)
We have not tested using the Wilson direct amplifier (that would feed the B30LTE antennas directly).
I Hope you are well.
Tim can you please have a look at the following setups and let me know if this is correct. I followed your instructions for routing the traffic from WAN1 to LAN1 and WAN2 to LAN2.
I can only upload one at a time because i’m a new user but 3 more pictures will follow.
You should define your SOURCE in your outbound policies. You should set it to “IP Network” and enter the information for the VLan that you want to go out that WAN link. The way it is now, only one WAN will be in use. Whichever rule is first in the list is the only one that will ever match. Both rules are saying that ALL traffic goes out WAN configured.
So what i’m finding is that LAN1 under TRUNK config is handing out the correct network pool.
LAN2 under TRUNK config gives me a loopback address but in ACCESS config hands out the correct network pool.
Is there a reason why LAN2 does not want to work in TRUNK Config?
To make everything fault tolerant - you can change the Enforce to Priority and order the WANS appropriately. Check the box that says “Terminate on Recovery”. This will allow both VLans to use any available WAN link, but ONLY if the higher priority WAN link is unavailable. Once the WAN link is back up, traffic will move back to where you want it.
The enforce rule will never allow traffic to go down any WAN except for the one specified (even if it is down).
Yes thank you it works on LAN 1 but on LAN 2 i have to change the config from trunk to access. if i leave it on trunk that LAN port does not provide me with a IP address i just get a loopback IP.
Yep. VLan traffic must be tagged. LAN traffic must be untagged. If you combine them, you have to have a trunk AND some mechanism to tag the VLan traffic. A managed switch would be required if you have more than one device attached. If it is a laptop, check if your driver has a VLan configuration - devices can tag their own traffic too.
Access ports tag the inbound traffic on its way in. That is how you can get untagged traffic attached to a VLan. The tagging happens prior to the routing. When a managed switch downstream tags the traffic, you can use a trunk limited to a single VLan.
A trunk port expects traffic to be tagged before it gets there. That means something on the other side of the link must do the tagging or the packets get dropped. You can configure one or multiple VLans in the trunk settings. Select custom and a list with checkboxes appears. Any traffic with the appropriate tagging gets routed. All other packets get dropped (including your untagged DHCP broadcast packets) - no IP address for you. One month. Sorry, couldn’t resist a Seinfeld reference.
On the Balance One and above (not Balance 20 or 30), you can set up a trunk to have untagged and tagged traffic on the same interface. Tagged traffic goes to appropriate VLan and untagged goes to LAN. I don’t know if it was excluded for the B20 and B30 on accident or if it is a marketing strategy. I really hope that they allow the custom trunk to allow untagged traffic. I think it might help me with my multi wan to LAN mesh idea for isolating my Xbox for game night.
Hope you are well sir.
So i’m currently busy on this project but it seems like you where correct. I have disabled inter-VLAN-routing on my two VLAN’s but and both of the are created.
Default VLAN 1
and
Cellweaver VLAN 70
On Port settings
i can TRUNK LAN port 1 for VLAN Any
i Can not TRUNK LAN port 2 and specify which VLAN to use.
This causes a problem at my managed switch because there is no tagging and i’m receiving the same public IP addresses via LAN Port 1.
