Question for the community

[TheFx1]

Hi all,

 

I have the following setup:

VR400 as modem only and then XR500 that does the authentication and connection to my ISP (Sky for the story).

So in short ISP <-> VR400 <-> (via WAN port) XR500 <-> my LAN (wifi and ethernet)

Here is my problem and I am looking for advice on how I could address that.

The VR400 can send SNMP traps and an IP address for management purpose. I would love to be able to collect the SNMP traps and possibly query the mibs from my LAN (for some active monitoring). But also I have to either connect directly to the VR400 via ethernet or wifi to be able to do some reconfiguration/checks or rebooting the router remotely. 

I could give the VR400 an IP address from my LAN (static or DHCP) and plug in onto one of the LAN ethernet ports of the XR500, but I believe that it would in a way or another create some network storm. I was thinking of VLAN tagging on the interface but the last firmware of the VR400 removed this funtionality (contacted TP-Link more that a month ago about that but they happily did not even consider my query or replied to it for that matter).

I am then thinking of giving that connection a different IP range all together and use routing from the XR500. for instance, my lan would be 192.168.1.X I would keep 192.168.2.x free for VPN in and use 192.168.3.x for the VR400 management LAN but I cannot give an ethernet LAN port a specific IP address and even with than I am quite sure that all the MAC addresses from the XR500 and/or the VR400 would be identical between their different ports so it would create a network storm. 

So if someone has a similar setup as in (Router + ADSL in modem only) then XR500 (or any other netduma device) how do you guys access the remote interface of your northbound router from your LAN? 

Thanks in advance,

Fx

[Bert]

it really depends on how your VR400 is configured.

 

Ie have they bridged one of the ports and are you using that?

 

Then you might get away with doing just what you describe, give it a IP in your range (static) and run a Ethernet cable from your XR500 LAN to a port on the VR400. I don't think that there would be an issue. To be sure, turn off things like DHCP server etc so it doesn't conflict with the XR500 DHCP server.

 

I use the same trick for accessing my switch north of my routers. Just run a ethernet cable to it for managment. But I have given that port on the switch it's own VLAN though.

 

If it's not a bridged setup, ie you have the XR500 in DMZ downstream of your VR400 you can acces it by just typing the IP adress of the VR400.

[TheFx1]

Hi Bert,

 

Thanks for the answer... I did forget to say, I have the VR400 in bridge mode. I didn't see any option to do the bridging on a specific port, I'll dig in to that.

The southbound of the VR400 has a static IP address, and pretty much all the services are down (DHCP, Firewall,...) I do use it solely as a modem, and I let the XR500 do all the heavy lifting.

I'd love to use 802.1Q VLAN tagging, but TP-link published a new firmware for VR400 which removed that functionality (no idea why) and they simply do not answer my queries. The problem is without this, I have then a network storm due to a pseudo ethernet loop.

 

I was before in the cascaded setup with the XR500 as DMZ, but some of the software I use do not like much the double NAT and here I do not have much of a choice as I have to use them for work :(... 

 

I am fairly versed in networking but here I think I don't have much of a choice from what I've tried and seen on my setup. Unless I put a switch that can do 802.1Q tagging but even that may create network storm due to the loop.

 

Best regards,

Fx.

 

 

[Bert]

If you're trying to access it from a PC, you can also try adding in a second NIC and plug that into the VR400.

 

You give the NIC and the VR400 static IP's on another range than yoru XR500 is and then it should connect if you type in the VR400's IP in your browser. You don't even need a internal NIC for this, you can buy USB adapters for this. Cheap way to try it out.

 

But if the VR400 is purely bridged and it doesn't perform any sort of NAT I don't see why a single ethernet cable from the XR500 to the VR400 would not work.

 

The routing table in your XR500 should point to the VR400 bridge when you are trying to access that by IP and to WAN for all other connections. A so called ethernet loop should not occur.

[TheFx1]

The VR400 is in a cupboard with the xr500, and I don't really want to lay down yet another cable just for this access.

 

I have tried the direct connect where one of the other LAN ports of the VR400 was connected to the XR500 and it caused a network loop and I lost part of the network till I unplugged the LAN connection from the VR400. I haven't snooped the network to get to the bottom of the problem, but I tried even on a isolated network and the same problem occurred and as I said before I cannot do ethernet isolation via VLAN as it was removed from the functions list with the latest VR400 firmware.

I didn't need to alter the routing tables in any shape or form, but I do believe that the VR400 is advertising its IP address on all the ethernet ports it has one of which is the bridged one and as such could cause the storm as they cannot be vlan tagged.

Anyway, I'll try with the intermediate vlan switch between the VR LAN and XR LAN... maybe that'll do.

 

Best regards,

FX.

 

 

 

[Bert]

Intermediate switch will give you the exact same issue. As all it does is pass through the data as if it were a direct connection. Even if you set both on the same VLAN in the switch.