VLAN Config Question

bthurston · March 24, 2021, 7:27am

Hi,

We are trying to change the vlan tag on the default Peplink LAN that is currently untagged (see pic). The question is, how do we change the VLAN tag when it’s not permitted to be edited for the default LAN config as the option is not available. What’s the right way to do this on the peplink balance without losing connectivity given the configuarion shown.

Thanks!

Michael234 · March 24, 2021, 8:25am

I am no world class expert, but I am pretty sure that the untagged LAN can never be part of a VLAN because data packets are tagged with the VLAN they belong to. No tag, no VLAN.

Curious why you specify a 24 bit subnet mask as 192.168.254.1/24. Perhaps its just a custom but I would always specify this as 192.168.254.0/24. Wouldn’t 192.168.254.2/24 and 192.168.254.3/24 do the exact same thing?

bthurston · March 24, 2021, 8:55am

Agreed on the untagged LAN point. We like to move that untagged LAN interface to a new LAN interface that is tagged to VLAN 254, which is problematic due to the overlap. I’m suspecting we’d have to temporarily re-IP the untagged LAN and setup the new LAN interface with the 192.168.254.1/24 IP, tagged to VLAN 254 and then remove the old untagged LAN interface IP config. I’m just not sure and further, I can’t see any way to do this via the CLI which would be kinda ideal.

On your second point, you’re right if we were specifying a network, rather than a LAN interface. The peplink config is a bit awkward in the way it calls this out as a “Network” in the GUI rather than “Lan Interface IP”.

MartinLangmaid · March 25, 2021, 1:33am

Almost. That is the right approach but you can’t leave the untagged interface without an IP set. I tend to treat the untagged LAN as the management VLAN. If it was me I would:

Change the untagged LAN IP to something well away from enterprise norms ie 172.16.254.1/30 and disable DHCP
Create a new VLAN with VID 254 and set to 192.168.254.1/24

Then because I don’t allow local management of devices as a general rule I would go and remove the management vlan from the trunk on all LANs ports and disabled web ui access from all other VLANs apart from the management VLAN.

What’s the right way to do this on the peplink balance without losing connectivity given the configuarion shown.
In your configuration there, the Balance has its own WAN connection so it will be accessible and manageable via InControl2 even if you make a mess of the LAN config.

InControl2, its API and the local Peplink Device API are the best ways to bulk manage and script Peplink device configuration.
eg:

bthurston · March 25, 2021, 9:12am

Thanks! That’s what I was looking for.