Are there instructions for adding a 2nd WAN to a Surf SOHO router coming over a VLAN into a LAN port on that router?
BackupISP->EdgeSwitch(VLAN9)->PepWave LAN port (VLAN9) as alternate path to the Internet? EdgeSwitch is far away from PepWave. (200 feet horizontal, plus 60 feet up a tower).
I assume I need a VLAN for this because the alternate ISP would likely have a different network address.
I was not sure if a (2nd) WAN path can be directed internally by the Pepwave to a “local” VLAN. Current primary WAN is using the PepWave USB port connected to a cellular 4G modem.
thanks
greg
No,
WAN ports are Peplink’s money model. Virtual WAN ports aren’t allowed.
with a SOHO you only have the Wired WAN, WIFI as WAN and the USB port… (wired or cellular)
Most other routers/firewalls allow you to switch any port or vlan from LAN to WAN within hardware limits, not peplink. They basically charge per WAN port, and even have on some models that switching a LAN port to a WAN port is available as a feature up-charge.
You can use an edgerouter for the two wired ISP’s but for speedfusion and other peplink WAN reasons it will be only one WAN interface. Otherwise you need to go up in their balance series.
The 20X has 1 wired, 1 USB and one Cat4 cellular + Flexmodule mini. Balance 1 has 2 WAN ports (expandable) etc.
Thanks for that clarification. I may just have to run a 2nd ethernet cable then from my house to my tower, which I can connect one end of to the pepwave soho’s (currently unused) WAN port in my house and the other end of to the 2nd ISP connection arriving on the tower.
the SOHO understands VLANs on the WAN interface, but I thought you were looking for 2 Wired WANs…
Or are you using the tower for internal LAN building wifi bridging as well?. Why don’t you tell us about all of your equipment and how you want to connect, and what is on each VLAN etc…
Thanks for the followup … since you asked …
I am dealing with networking across 24 hilly acres. I anticipate a new uwave bridge connection (AirFiber or similar) coming to my 60 foot tower from a commercial fiber drop about a kilometer distant (in line of site of the tower). My house does not have line of site to the fiber drop. My 60 foot tower is about 200 feet from my homes Pepwave surf soho. My tower has many LMR400 coax (ham radio) cables, a multiwire rotator feed cable, and one ethernet cable all running in conduit underground to my house. That ethernet cable connects to a switch in my office which is also fed by a lan port from the Pepwave Surf SOHO on my living room (on the other end of my house from my office).
Current internet access is via the USB port on the surf soho connected to a Verizon 4G mifi device (not shown in the diagram below).
As conduits from tower to house are pretty full, I was trying to avoid having to [re]pull another ethernet cable. Yes, I could add another tower to house bridge (there are already a few of those on my property), but I was trying to not add more complexity.
Yes, I could also consider moving my pepwave surf soho to the tower, connecting the 4G mifi and its antenna there, and adding the feed from the fiber conenction (via uwave link) directly to the surf soho. Again, I was trying hard not to redo a lot of networking to bring in this 2nd ISP feed.
I was hoping to use a vlan to add the second ISP connection (from the tower) to the pepwave, but as that seems out of the question, I will either need to add a second router as suggested (that can accept a VLAN source from its local lan port to add a 2nd wan connection) or just face the music and trench another conduit (if I cannot manage to repull another Ethernet cable through existing conduit … there is a pull string I left in place, fortunately).
Attached is a picture of the existing switching structure. There are a bunch of connected devices left out, but all the switches are included.
thanks
greg
Ok, given that the answer is yes, because you just need one USB and one wired WAN.
so, how do you get your wired Airfiber WAN up to the tower via the “3/M” link?
IF we assign VLAN9 for the airfiber device at the UBNT switch, then the 3/M line must be a trunk, and that the Office Ham switch and Office Cabinet switches handle it as a trunk (or ignore it)
then connect a cable from LAN4 to the WAN port and tell the SOHO that the WAN traffic is on Vlan9.
There are small security implications on carrying “internet” traffic across your internal network, but I don’t see your situation in that security posture. Ideally you would only have Vlan9 carried on the express trunk route of Tower, Ham swtich, office switch, and make sure that all other ports don’t carry vlan9.
Hello Paul,
And thank you for your advice!
My tentative plan was to have used two GigE ports on my tower EdgeSwitch , making them both handle VLAN9 traffic, one connected to the ethernet port on the uwave radio on the tower(with some network IP other than 192.168.0.x), and one connected back to the office switch (the cable labeled 3/M currently). I would have replaced the existing unmanaged office switch with a new managed switch and establish the new (and currently only) VLAN9 on it … allowing it to accept both VLAN9 and untagged local traffic, and only feed VLAN9 back to the Pepwave SOHO WAN port directly, assuming I can break out that VLAN on the SOHO WAN port.
As I have other “local” devices going through that tower EdgeSwitch, the 3/m cable and its port would be carrying both tagged VLAN traffic (from its ethernet port connecting the uwave radio bridge) and untagged “local” (192.16.8.0.x) traffic coming to it from its other ports. The new office switch would separate out the VLAN traffic and feed it only to another ethernet port connected directly to the SOHO WAN port, and feed the rest of the traffic to the other ports and to the other office switch (and thus beyond then to the rest of the local network).
Would this work with the pepwave surfg soho … or am I missing something? Would this setup require a trunk setting on the tower switch port connected to the uwave bridge and a access setting on the office switch where that VLAN traffic, and other local traffic appear?
thanks
greg
Do you use the Unifi Network manager to support your switches and access points?.
You would create a new network, just assign it Vlan 9.
Then on the tower switch you would set the 3/M port to ALL, the uwave port “Vlan9” only and the other X ports “LAN only (untagged)”
This encapsulates the uwave traffic in Vlan9 and only sends it back towards the internal network (M/3) and does not send the Vlan9 traffic to the other devices on that switch. You don’t have to replace the unmanaged switches, but it might be for the best, again selecting ALL for the 3/M port and the 1/1 ports, and setting all of the other ports to LAN Only. An unmanaged switch behaves as if every port is “ALL” or TRUNK.
Finally the SOHO, LAN port 1 connected to 1/1 set to “Trunk”, Port 2 & 3 set to access Untagged, and Port 4 set to Trunk. Then plug in a short patch cable between Port 4 and WAN and configure the WAN interface using Vlan 9 on the WAN configuration.
You could otherwise set a port on the new managed office switch to Vlan9 only and run another cable from that switch to the Soho WAN if you want to minimize the use of encapsulation to the 3/M link only.
Bascially you need an “ALL” path between the tower switch and the Soho… and devices that understand VLAN on both ends of the communication, so the SOHO and the tower Edgeswitch. What is in the middle just needs to pass the packets on.
Perfect … you have provided a (few) clearly described configuration options that capture my goals with minimal network changes. I do use Unifi (I am in process of migrating from the software controller running on my desktop to a dedicated cloudkey gen 2 controller), but unfortunately my EdgeSwitch 5XP is not supported under Unifi (it uses web/UNMS management). But I can still set it with the correct VLAN settings you have outlined for me.
Thanks again Paul, for taking the time to walk me through the options! -greg
The edgeswitchXP calls the VLAN terms trunk and Tag, Untag and Exclude.
So you would want the M/3 port to have Trunk and Vlan1 Untag, and Vlan9 Tagged.
All other ports are not Trunk
The uwave port would have Vlan9 untag Vlan 1 Exclude.
All other ports would have Vlan 1 untag and Vlan 9 Exclude.
Thank you Paul! I will be less likely now to stumble over potential variations in VLAN port attribute naming. -greg
