VLAN Not Getting External IP Access

I have a managed switch that is connected to my MAX BR1 Mini (HW3) (MAX-BR1-MINI-LTE-US-T-PRM) (8.5.1 build 5203) in LAN 2. The BR1 is at 192.168.0.1. My PC is connected to the managed switch. I have a VLAN called CameraVLAN at 10.0.11.1 with tag 11 on the BR1 and switch. This VLAN is enforced to only use Cellular. I also have Starlink plugged in with a separate CommsVLAN set up and tagged to a SSID. Everything with CommsVLAN and Starlink is working exactly as intended. However, due to RTSP requirements, I need all of the cameras on the CameraVLAN. Peplink inter-VLAN routing is on. On the switch, I’ve got the BR1 port set to Trunk and tagged 1;11. Almost everything is working as intended. All devices from Untagged LAN and CameraVLAN are showing up in the Peplink Client List.

I can login into the camera at 10.0.11.101 (set statically on the camera). I can see the video image on the camera and manipulate the PTZ. However, the camera is not seeing an external IP address and is showing 0.0.0.0.

This is new territory for me. From reading up, I suspect that I may need to put in a static route, but I’m not exactly sure what I need or where to do it. It is like the VLAN is working locally, but isn’t getting access to the Cellular WAN.

I’ve also noticed that for some reason I am unable to locally access the BR1 at 192.168.0.1. I can get there on InControl2, but not locally.

Smells like a missing gateway IP setting on the camera. Often the assumption is local access only. Check that first.

A number of other folks including myself are reporting mysterious VLAN issues in firmware 8.5.x.

We haven’t figured out yet what the actual problem is, but for most of us, reverting to firmware 8.4.x fixes the problem.

Are you able to test with firmware 8.4.1 ?

soylentgreen,

As soon as I downgraded to 8.4.1 Build 5107, I immediately got an external IP address on my camera. I am apparently having the same issue in my MAX BR1 Mini that you’re having in your other post about the Balance router.

It sounds like you are using VLAN and Outbound Priority? But you are not using Firewall rules? Trying to figure out the commonality.

I’m using VLAN and Outbound Priority. No firewall rules.

That sounds very simple, and reproducible. Are you able to submit a trouble ticket with Peplink?

I have opened a ticket. Thanks for the suggestion.

It seems to be something about the combination of VLAN + Outbound Policy.

Here are my settings - I’m using Priority are yours similar?

image1438×780 89.2 KB

I wonder if there are any variations that would keep the outbound policy function, without triggering the bug(s)?

I’ve decided to change my rule as follows:

• using Overflow instead of Priority
• disabling the “Drop the traffic” rule by setting it to “Fall-through to the next rule”
• removing my 3rd WAN (which is not currently plugged in)

image1552×752 87.5 KB

I’ll let this run for a few days and report back.

I’m running Enforced on Cellular. For my current situation, I have to make sure the cameras are always on RTSP. This keeps them from being able to use the Starlink that is also attached.

Screenshot 2025-01-07 110041789×249 11.7 KB

Hi… @OilAndWater

Please…
TAke a look at your ip address and network mask.
The network address should be 10.0.11.0 / 255.255.255.0

Same mistake with network 10.0.64.0 / 255.255.255.0

@MarceloBarros - that’s an interesting observation. I’ll go ahead and test my original outbound policy using the .0 network address and see what happens.

If it does matter, this would represent a weird change between 8.4 and 8.5 firmwares - was 8.4 in fact buggy, allowing an illegal network address, and 8.5 fixed the bug? Or perhaps the reverse (8.4 is right, and 8.5 is wrong?)

I’ll report back in about 48 hours to see if the problem in 8.5.1 improve with this change.

Edit: that didn’t even take 48 minutes, already showing the bug again:

Hi…
No… They don’t fixed this bug at 8.5.1.

I’ve been running 8.5.1 on my Balance One for 24 hours now, with a slightly different Outbound Policy:

image1548×746 88.2 KB

Note that I’m using Overflow instead of Priority and Fall through to next rule is enabled.

So far, it seems to be working. I’ll report back later.

Edit: After a few hours, I’m still seeing the same VLAN connectivity bugs even with those new settings.