Segmenting network traffic


#1

I am setting up a series of MAX BR1 and HD2 units into a single head end Balance unit (probably a B380) with one high speed sync WAN port with one fixed IP using SpeedFusion.

Each MAX unit will be on its own 192.168.x.x range with a /24 mask.

I cannot use IC2 for data protection reasons.

What I want to get to is the ability for me to manage all the devices by accessing the HTML admin interface BUT stop users on say 192.168.10.X range from accessing the 192.168.20.X range or even getting a response ,seeing the packet, seeing the routes advertised.

I was considering VLANS with inter vlan routing turned off. Any suggestions please?

Thank you.


#2

Hi hcg, can you setup a vlans with inter-vlan rounting off, than on system admin page set “Allowed LAN Network” with the vlan with which you want to access the peplink devices .
in this way, clients connected to other networks will not be able to access Peplink.


#3

Hello Asimula,

OK am I right is saying that I could have my own 192.168.10.x range as say VLAN 10, and then on each other range such as 192.168.20.X, on say VLAN 20, I can set “Allowed LAN Network” on the Peplink devices in the 192.168.20.X range to allow VLANs 10 and 20?

That said when I look at a B380 there is no “Allowed LAN Network” but there is

Maybe this only appears when I turn VLANs on?

HCG


#4

What version do you have on your Balance 380 ?


#5

Mine is HW5 FW7.1.1


#6

very strange.
This is my balance 380 with last fw.

I Don’t know why you don’t have this feature!


#7

B380 HW5 is not support to upgrade using 7.1.1. Can you please confirm ?

Make sure you have VLANs settings defined for the B380 LAN interface then you should able to see the option “LAN Connection Access Settings”


#8

Sorry.the B380 in question is still on 6.3.4.
Does this feature have the feature?


#9

The feature is also in 6.3.4 but VLAN settings need to be defined for the LAN interface.