Hello All,
I have been asked to configure a Peplink 380 in a specific way and I am new to this bit of equipment. We have a Peplink that has VLANs set up on it that correspond to VLANs on our Netgear switches. I assume this is done with tagging although it looks like the Netgear VLANs are untagged.
We have a printer that will go onto its own VLAN and would like all of the other 25 VLANS to access this printer VLAN and vice-versa. However, we do not want the VLANs to be able to talk to each other.
From reading this forum I have gathered that the best way forward with this would be to enable inter-VLAN routing on the Peplink then use the firewall to configure the individual VLANS.
Is this a viable method for 25 VLANS? It might take a while but it’s a one-off config. Is there another way to do it?
Many thanks for your help.
Sam
1 Like
Hi - welcome to the forum!
Yes this sounds right.
Yes.
- Enable inter vlan routing on the vlan config for all vlans
- Deny all routing between vlans in the firewall (by changing the default rule from allow to deny)
- Add specific rules to allow traffic to just the printer
If you have a spare WAN port on the Balance you could put the Printer VLAN on that.
2 Likes
Hi,
Sorry for the late reply, but many thanks for the information on the Peplink. I will let you know how it goes.
Sam
1 Like
As promised, here is the update of how the above setup went when I made the changes.
I had a bit of trouble getting the Netgear switch to talk to the PepLink (to pick up DHCP on the VLAN) until I realised I had to tag the port on the Netgear the Peplink was physically plugged into with the VLAN I had configured for the printer. After that it worked.
I configured the firewall as advised, and configured access only to the printer VLAN. All worked very well and I was about to consider it a success when the user of one VLAN complained that he wa unable to access his web server that was hosted inside the network. I added NAT rules and specific firewall entries in the Pepling, and although I got access from the outside working to the web server, I could not get access from within the VLAN to connect to the server using the external IP or hostname (internal IP was ok).
I had to abandon the settings changes as the user was unable to work properly. I think it was something quite simple that was causing it, but the problem was connecting back through to the web server using the external IP address or hostname so a sort of loopback issue. I did firewall rules that went both ways but is there a missing link that I might have overlooked?
Thanks,
Sam
Hello @sthodgson
Did you enter in the Local DNS Records the server name and local IP address?
This option is found under the menu of Network / LAN - Network Settings
In this example, we have shown a domain name of “ourwebsite.net.id” and the local IP of a server.
Hopefully, you saved your previous config before rolling back, if you did you can reload it and then add this in.
Happy to Help,
Marcus ![:slight_smile: :slight_smile:](//forum.peplink.com/images/emoji/twitter/slight_smile.png?v=12)
Marcus,
Thank you for your response and help!
I didn’t add a local DNS record and that looks like it might work. I didn’t save the config, but it will only take a few clicks to re-apply the firewall and inter-VLAN settings so not a problem. I did save the config before I started working though!!!
I be able to try this in a couple of weeks when I can arrange with the user a suitable time. I will keep you updated.
Regards,
Sam
1 Like