I don’t even remember creating this thread - I abandoned anything that required layer 2 support from the Peplink layer 3 VLan solution. They got it to work with bonjour, but so many different vendors implement this in so many different ways - it is not a small feet to accomplish. And they have made big improvements - although kind of quietly. Somewhere in the release notes it has something to do with a remote gateway responding to its LAN IP on a WAN interface when in IP Forward mode - it may be limited to a static IP (don’t quote me on that). They don’t sound the same, but they are quite similar in spirit.
I also don’t have the Nintendo, but it would not surprise me at all if the switch only tries to open up ports under specific scenarios. Have you done a packet capture to insure that the Nintendo is actually requesting the port forwarder From the router? It may do some kind of UDP discovery of the network before it even tries. Or, it may only try when a new wireless network is added. Or maybe only at startup from a full shutdown. I hope you are able to pick up what I am putting down. Catching what I am throwing. Smelling what I am stepping in, ya dig?
If it is sending the request, it may only have a TTL of 1. The packet is set to expire before it ever gets to the primary gateway. It takes one router hop to get from the vlan gateway to the main lan gateway. A packet capture is the only way I know of to find out for sure. Warning: knowing does absolutely nothing for the frustration level. You gotta remember what network boundaries were designed to do. In all fairness, consumer based routers were never meant to have VLans. I am certainly glad they do, but the implementation on the client and server sides both have to make assumptions due to the gaps in standards as far as combining them. I don’t think there is anything specific with regards to combining NAT (has a spec) and VLan (802.1q), much less multicast layer 2 features while doing it. Your mileage may vary.
My point is, some off the shelf consumer grade gear may do this stuff, but it does it because it treats all traffic as layer 2. And only needing to support one WAN connection. Peplink is trying to do it with security mechanisms in place. Layer 2 is physical, layer 3 is logical. There are some grey areas. There are a ton of new features in this beta, that is one of the longest change logs I have seen for years. They are most definitely working hard.
Also, not trying to be in your business, but is the strict NAT type causing the game to be unplayable? Most of the time, you don’t want to be the host - and that is typically what the port forwarder allows in the games I play. It’s not so much the bandwidth of being a host, some games are just rubbish with their matchmaking, and you really don’t want to be a host in that kind of environment. Lots of ping requests from every client doing matchmaking. On a pipe like mine (3Mbps/.5Mbps) - that ruins my experience in the game.