Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


129 posts

Master Geek
+1 received by user: 2


Topic # 239425 17-Jul-2018 10:29
Send private message quote this post

So I've got the TP-Link T1600G-28PS up and running with 4 VLANs and the connected devices are routing and working great except for Internet Access.

 

I'm setting it up at home initially for testing and connecting to my HG659b VDSL router. I naively thought I could connect an untagged port from the T1600 to a LAN port on the HG659 and be able to route to it. i.e.

 

Diagram

 

However it doesn't appear to work that way. Devices on the other Vlans cannot ping the HG659b LAN interface (but they can ping other devices on Vlan2). A device on Vlan2 can ping the HG659 but cannot use it as a route to the internet despite having a static route in place.

 

Do I need the HG659 to be in Bridge mode? I was about to try but there is no way to specify a PPPoE connection in the T1600.  

 

Am I missing something?

 

 


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
6276 posts

Uber Geek
+1 received by user: 283

Trusted
Subscriber

  Reply # 2057626 17-Jul-2018 10:52
Send private message quote this post

Hi what is the subnet for vlan2, is there a route on the Huawei to support that subnet.

Cyril

6276 posts

Uber Geek
+1 received by user: 283

Trusted
Subscriber

  Reply # 2057630 17-Jul-2018 10:57
Send private message quote this post

Doh mis read your post, so can the Huawei Nat vlan2 subnet, are there any firewall rules that block vlan 2 subnet

Must admit I would not expect any chance of the Huawei being capable of what you are after, well it might support it but not offer adjustment options

Cyril



129 posts

Master Geek
+1 received by user: 2


  Reply # 2057638 17-Jul-2018 11:19
Send private message quote this post

I can't see anything obvious preventing communication hence I've hit a brick wall. I guess the HG659 isn't designed to be used this.

 

I've got an ASA5505 in production which should resolve the problem. I've taken it out of service this morning and will plug it in tonight and will hopefully have more success. Unfortunately my day job prevents me from playing with this during the day!


283 posts

Ultimate Geek
+1 received by user: 56


  Reply # 2057737 17-Jul-2018 14:05
Send private message quote this post

Can you define routes for the other internal subnets on the router? If not then that is your problem. It will see internal traffic from anything other than 192.168.1.0/24 as spoofed traffic and drop it.

 

 

 

For example if you had a subnet 192.168.2.0/24, then you would have to tell the router to get to 192.168.2.0/24 it routes via the switch (192.168.1.1).




129 posts

Master Geek
+1 received by user: 2


  Reply # 2058049 17-Jul-2018 22:36
Send private message quote this post

Yup that was the problem. Thanks. I can’t define static routes on the internal interface of the HG659 (only allows on internet side) but a quick test on a decent router confirmed this was the problem. Cheers

32 posts

Geek
+1 received by user: 10


  Reply # 2058057 17-Jul-2018 23:31
Send private message quote this post

Coincidence, I'm configuring my EdgeRouter now and just came across the same thing - not being able to add static routes to the LAN side.


6276 posts

Uber Geek
+1 received by user: 283

Trusted
Subscriber

  Reply # 2058101 18-Jul-2018 08:47
Send private message quote this post

Yep whilst the Huawei is fine for basic domestic internet, and performs quite well I must add, it's available feature set is lacking. I use mikrotiks for domestic and sme jobs, never found them lacking, and Sam unless there is is some obscure feature of the ASA you require I suggest you check out a mikrotik as a replacement and save some money on your power bill and take some weight off your racks feet. An edgerouter is another good option.

@Intravix are you saying the edge router cannot provide routes to any interface, I am pretty sure this is not correct, it's a router, and that's what routers do.

Cyril

2910 posts

Uber Geek
+1 received by user: 1099

Subscriber

  Reply # 2058107 18-Jul-2018 09:03
Send private message quote this post

Intravix:

Coincidence, I'm configuring my EdgeRouter now and just came across the same thing - not being able to add static routes to the LAN side.



Are you using the the web interface or the CLI?





283 posts

Ultimate Geek
+1 received by user: 56


  Reply # 2058191 18-Jul-2018 10:07
Send private message quote this post

cyril7: I use mikrotiks for domestic and sme jobs, never found them lacking, and Sam unless there is is some obscure feature of the ASA you require I suggest you check out a mikrotik as a replacement and save some money on your power bill and take some weight off your racks feet. An edgerouter is another good option.

 

One is a firewall, the other is a router. You cannot compare an iptables build with a custom hardened purpose built firewall.


6276 posts

Uber Geek
+1 received by user: 283

Trusted
Subscriber

  Reply # 2058198 18-Jul-2018 10:14
Send private message quote this post

Hi, yes I do appreciate that, we use many ASA's in our systems at work that I am responsible for, it just seems in a small business an ASA may be overkill for what is really required.

 

Cyril


283 posts

Ultimate Geek
+1 received by user: 56


  Reply # 2058210 18-Jul-2018 10:34
Send private message quote this post

cyril7:

 

Hi, yes I do appreciate that, we use many ASA's in our systems at work that I am responsible for, it just seems in a small business an ASA may be overkill for what is really required.

 

Cyril

 

 

 

 

tbh in a small business I'd expect better than an ASA. ASA's are about the worst firewalls on the market (compared to Checkpoint/Fortigate/Sophos/PAN/Sonicwall), especially for SMB. SMB are in need of decent security more than ever.


6276 posts

Uber Geek
+1 received by user: 283

Trusted
Subscriber

  Reply # 2058260 18-Jul-2018 10:45
Send private message quote this post

Hi, yes agreed, 80% of our firewall fleet is Fortigate and Juniper, we only use ASA in situations where their is other client requirements, otherwise I see them as over priced and over hype.

 

Cyril




129 posts

Master Geek
+1 received by user: 2


  Reply # 2058313 18-Jul-2018 12:37
Send private message quote this post

I primarily used the ASA because it was laying around I needed an IPSec VPN for remote access. That's really all it's doing other than basic firewall functions and internet access!

 

You were spot on with the T1600G as a switch to meet our budget. Do you have any suggestions for a particular Mikrotek model (or other) that has:

 

  • VPN functionality (must work with iPhone)
  • Static routing (all interfaces)
  • VLAN support for connecting directly to Spark Fiber/ONT
  • DHCP Server (with support for multiple subnets a big plus)
  • QoS nice to have? We're moving phones to 2Talk.

That is all the ASA will be doing in the new environment. I'd welcome suggestions please.

 

 

 

Edit: typos


26792 posts

Uber Geek
+1 received by user: 6271

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  Reply # 2058329 18-Jul-2018 13:28
Send private message quote this post

sfrasernz:

 

I primarily used the ASA because it was laying around I needed an IPSec VPN for remote access. That's really all it's doing other than basic firewall functions and internet access!

 

You were spot on with the T1600G as a switch to meet our budget. Do you have any suggestions for a particular Mikrotek model (or other) that has:

 

  • VPN functionality (must work with iPhone)
  • Static routing (all interfaces)
  • VLAN support for connecting directly to Spark Fiber/ONT
  • DHCP Server (with support for multiple subnets a big plus)
  • QoS nice to have? We're moving phones to 2Talk.

That is all the ASA will be doing in the new environment. I'd welcome suggestions please.

 

 

 

Edit: typos

 

 

Every Mikrotik router has all of that functionality - it just comes down to whether you spend $40 on one or $4000 on one as clearly the performance will differ significantly.

 

 


6276 posts

Uber Geek
+1 received by user: 283

Trusted
Subscriber

  Reply # 2058364 18-Jul-2018 15:10
Send private message quote this post

Hi, as Steve says, Mikrotik does all that standing on its head, as for a suitable device, probably a RB3011 is best suited, assuming you want a rack mount, if a smaller profile is requied a Hex S will do most SME requirements, dont be put off by its demur size, its well en-dowered.

 

The edge routers are probably also well worth looking at, the EdgeRouter 4 possibly being suitable, Michael did a review recently, maybe ask him if you have any questions as to its abilities.

 

Cyril

 

 

 

 

 

 


 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Intel introduces new NUC kits and NUC mini PCs
Posted 16-Aug-2018 11:03


The Warehouse leaps into the AI future with Google
Posted 15-Aug-2018 17:56


Targus set sights on enterprise and consumer growth in New Zealand
Posted 13-Aug-2018 13:47


Huawei to distribute nova 3i in New Zealand
Posted 9-Aug-2018 16:23


Home robot Vector to be available in New Zealand stores
Posted 9-Aug-2018 14:47


Panasonic announces new 2018 OLED TV line up
Posted 7-Aug-2018 16:38


Kordia completes first live 4K TV broadcast
Posted 1-Aug-2018 13:00


Schools get safer and smarter internet with Managed Network Upgrade
Posted 30-Jul-2018 20:01


DNC wants a safer .nz in the coming year
Posted 26-Jul-2018 16:08


Auldhouse becomes an AWS Authorised Training Delivery Partner in New Zealand
Posted 26-Jul-2018 15:55


Rakuten Kobo launches Kobo Clara HD entry level reader
Posted 26-Jul-2018 15:44


Kiwi team reaches semi-finals at the Microsoft Imagine Cup
Posted 26-Jul-2018 15:38


KidsCan App to Help Kiwi Children in Need
Posted 26-Jul-2018 15:32


FUJIFILM announces new high-performance lenses
Posted 24-Jul-2018 14:57


New FUJIFILM XF10 introduces square mode for Instagram sharing
Posted 24-Jul-2018 14:44



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.