Help with best configuration for TL-R600VPN with dual-wan failover and WiFi router
Help with best configuration for TL-R600VPN with dual-wan failover and WiFi router
I have a TL-R600VPN on the way. I'd like to configure it in my SOHO with some existing gear...
Optimum internet provided ARRIS TM1602
Netgear Nighthawk M1 (MR1100-100NAS)
Linksys WiFi Velop w/4 nodes
4 TP Link TL-SG1008P's
I want to use the Nighthawk hotspot as a failover to my broadband cable. I can disable DHCP and enable passthru on the Nighthawk no problem... what is the best way to utilize the existing network that is currently managed by the Velop? The Velop has WiFi enabled and then plugged into the various switches around the house. Can I disable DHCP on the TL-R600VPN and it will all just work, or should the TL-R600VPN control DHCP and then change something on the Velop?
Any help would be appreciated.
Thanks,
Dave
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
For your case, whether to turn off the DHCP doesn't matter so much, the only thing is about the NAT.
As you may know, a router usually works as a NAT device, with which the external device from the WAN side is unable to communicate with the local LAN devices directly. So when setting up the network with two routers, we may need to care about "Double NAT".
What does "Double NAT" do? In your connection, Internet ----- (WAN) TL-R600VPN router ----- (WAN) Velop router, you will find that the LAN devices connected to the R600VPN cannot communicate with the LAN devices connected to the Velop router, in other words, you get two different private networks from the two routers separately. This is caused by the "Double NAT".
Is "Double NAT" bad? Actually it isn't necessarily a bad thing. For some users, it's helpful and could make the network more secure, while it may also become troublesome for some users who play online games, want to forward some ports for some services, have a server such as FTP/DNS/HTTP. With the existence of double NAT, it's required to open ports on all the NAT routers.
If you don't want to get the situation of "Double NAT", one way is to reduce the number of routers and stay one router in the network. In your setup, you could stay R600VPN as the main router, and configure the Velop in AP mode which disables the NAT feature on it (contact the support of Velop to configure it if you don't know how to make it). What's more, the Arris on WAN1 and Nighthark M1 on WAN2 should work as a pure modem (bridge mode) instead of router mode, otherwise, you would still need to deal with "double NAT" by configuring Virtual Servers (port forwarding) for the R600VPN router on the two ISP routers.
The other way is to keep them as routers and forward related ports for the server on all NAT routers. In this case, you need to make sure that the devices behind NAT (Devices where the server is located, Velop, R600VPN) have static IP addresses, and open the ports on the NAT accordingly.
To check if the Arris on WAN1 and Nighthark M1 on WAN2 are working as a pure modem (bridge mode), you can log into the R600VPN page, check whether the IP address of the WAN connections is public or private. If the WAN IP is private, then the device on the WAN works as a NAT device. There are three ranges of addresses that can be used in a private network:
- 10.0.0.0 – 10.255.255.255
- 172.16.0.0 – 172.31.255.255
- 192.168.0.0 – 192.168.255.255
Hope this information is helpful. Best regards.
MrParticular wrote
@Yannie Thanks for the help.
I set up the TL-R600VPN with my Arris on WAN1 and my Nighthark M1 on WAN2, Velop on LAN5. Failover seems to be working... cool.
I'm wondering if I can simply leave the Velop configured the way it is... can I use port forwarding on the TL-R600 to get my FTP and a few other ports to the Velop? I tried setting it up as follows, but can seem to get it to work:
Reserved the IP for the Velop (192.168.0.147) and in Virtual Servers (port forwarding) set my external port to forward to port 21 to 192.168.0.147 ... but this doesn't work. I gather I need to either somehow configure the forward directly to the IP on the Velop (192.168.1.102) or just use the TL-R600 for DHCP and turn the Velop into an access point as I mention above. And I don't really know the benefit of doing it one way vs. the other.
A single modem and router at my SOHO has been my networking experience all these years, so multiple cascading routers is new to me.
- Copy Link
- Report Inappropriate Content
Hello,
MrParticular wrote
I have a TL-R600VPN on the way. I'd like to configure it in my SOHO with some existing gear...
Optimum internet provided ARRIS TM1602
Netgear Nighthawk M1 (MR1100-100NAS)
Linksys WiFi Velop w/4 nodes
4 TP Link TL-SG1008P's
I want to use the Nighthawk hotspot as a failover to my broadband cable. I can disable DHCP and enable passthru on the Nighthawk no problem...
I don't think you need to disable DHCP, setup for your reference.
Optimum internet provided ARRIS TM1602 ---------(WAN1) (LAN) ----------Linksys WiFi Velop ------------ SG1008P
R600VPN
Netgear Nighthawk M1 (MR1100-100NAS) ----------(WAN2) (LAN) ----------SG1008P
Just need to configure Link Backup function with Failover mode on R600VPN, Primary WAN: WAN1, Backup WAN: WAN2.
As for the Linksys WiFi Velop, if you want to have one network in your house, it's better to disable DHCP and configure it as an access point.
- Copy Link
- Report Inappropriate Content
@Yannie Thanks for the help.
Just asking for clarification... I would have to turn off DHCP on the Nighthawk, right? That turns it from a modem/router to a modem and then the TL-R600VPN would handle it.
Preferring one network in the house I would most likely disable DHCP on the Velop and turn it into an access point and move my port forwarding and DHCP reservation table to the TL-R600VPN.
- Copy Link
- Report Inappropriate Content
Just asking for clarification... I would have to turn off DHCP on the Nighthawk, right? That turns it from a modem/router to a modem and then the TL-R600VPN would handle it.
It's up to you, it would also work if the DHCP is on for the Nighthawk. If you turn off DHCP on Nighthawk which turns it to a pure modem, then you would need to configure the WAN connection on the r600vpn with the info provided by the ISP instead.
- Copy Link
- Report Inappropriate Content
@Yannie Thanks for the help.
I set up the TL-R600VPN with my Arris on WAN1 and my Nighthark M1 on WAN2, Velop on LAN5. Failover seems to be working... cool.
I'm wondering if I can simply leave the Velop configured the way it is... can I use port forwarding on the TL-R600 to get my FTP and a few other ports to the Velop? I tried setting it up as follows, but can seem to get it to work:
Reserved the IP for the Velop (192.168.0.147) and in Virtual Servers (port forwarding) set my external port to forward to port 21 to 192.168.0.147 ... but this doesn't work. I gather I need to either somehow configure the forward directly to the IP on the Velop (192.168.1.102) or just use the TL-R600 for DHCP and turn the Velop into an access point as I mention above. And I don't really know the benefit of doing it one way vs. the other.
A single modem and router at my SOHO has been my networking experience all these years, so multiple cascading routers is new to me.
Thanks,
Dave
- Copy Link
- Report Inappropriate Content
For your case, whether to turn off the DHCP doesn't matter so much, the only thing is about the NAT.
As you may know, a router usually works as a NAT device, with which the external device from the WAN side is unable to communicate with the local LAN devices directly. So when setting up the network with two routers, we may need to care about "Double NAT".
What does "Double NAT" do? In your connection, Internet ----- (WAN) TL-R600VPN router ----- (WAN) Velop router, you will find that the LAN devices connected to the R600VPN cannot communicate with the LAN devices connected to the Velop router, in other words, you get two different private networks from the two routers separately. This is caused by the "Double NAT".
Is "Double NAT" bad? Actually it isn't necessarily a bad thing. For some users, it's helpful and could make the network more secure, while it may also become troublesome for some users who play online games, want to forward some ports for some services, have a server such as FTP/DNS/HTTP. With the existence of double NAT, it's required to open ports on all the NAT routers.
If you don't want to get the situation of "Double NAT", one way is to reduce the number of routers and stay one router in the network. In your setup, you could stay R600VPN as the main router, and configure the Velop in AP mode which disables the NAT feature on it (contact the support of Velop to configure it if you don't know how to make it). What's more, the Arris on WAN1 and Nighthark M1 on WAN2 should work as a pure modem (bridge mode) instead of router mode, otherwise, you would still need to deal with "double NAT" by configuring Virtual Servers (port forwarding) for the R600VPN router on the two ISP routers.
The other way is to keep them as routers and forward related ports for the server on all NAT routers. In this case, you need to make sure that the devices behind NAT (Devices where the server is located, Velop, R600VPN) have static IP addresses, and open the ports on the NAT accordingly.
To check if the Arris on WAN1 and Nighthark M1 on WAN2 are working as a pure modem (bridge mode), you can log into the R600VPN page, check whether the IP address of the WAN connections is public or private. If the WAN IP is private, then the device on the WAN works as a NAT device. There are three ranges of addresses that can be used in a private network:
- 10.0.0.0 – 10.255.255.255
- 172.16.0.0 – 172.31.255.255
- 192.168.0.0 – 192.168.255.255
Hope this information is helpful. Best regards.
MrParticular wrote
@Yannie Thanks for the help.
I set up the TL-R600VPN with my Arris on WAN1 and my Nighthark M1 on WAN2, Velop on LAN5. Failover seems to be working... cool.
I'm wondering if I can simply leave the Velop configured the way it is... can I use port forwarding on the TL-R600 to get my FTP and a few other ports to the Velop? I tried setting it up as follows, but can seem to get it to work:
Reserved the IP for the Velop (192.168.0.147) and in Virtual Servers (port forwarding) set my external port to forward to port 21 to 192.168.0.147 ... but this doesn't work. I gather I need to either somehow configure the forward directly to the IP on the Velop (192.168.1.102) or just use the TL-R600 for DHCP and turn the Velop into an access point as I mention above. And I don't really know the benefit of doing it one way vs. the other.
A single modem and router at my SOHO has been my networking experience all these years, so multiple cascading routers is new to me.
- Copy Link
- Report Inappropriate Content
Thank you for your excellent explanation. I pretty much have everything up and running, but I am worried that the TL-R600VPN is a tad too slow for my ISP.
My service is 400 Mbps down / 40 Mbps up and I can get these speeds (at least, when everyone else in the neighborhood is asleep) directly through my Velop. But through the TL-R600VPN the max I can get is 250 down and that is looking at the max... it averages out to 200 down using speedtest.net. 42-43 Mbps up is acheivable.
I've read other post here of people having the same problem, so I'm a bit at a loss as to what to do except look elswhere for a product that can handle 400 or more down. As much as I like the dual-wan, I don't want to sacrifice speed.
Dave
- Copy Link
- Report Inappropriate Content
As you may know, Load Balance selects which WAN port is session-based. When there are a lot of sessions established with end-points, the Load Balance router can assign these connections to different WAN ports according to its policy, in this way all the bandwidths of WAN links are in good use to speed up the whole traffic.
Most speed test tools will establish only one session with end-point, so it's hard to get the actual speed results from the load balancer router.
If convenient, it is suggested to test the speed with P2P software such as BitTorrent downloading.
Best Regards!
- Copy Link
- Report Inappropriate Content
@Fae Thanks, but I am not *technically* using load balancing over two WANs... I only want WAN 2 for failover and that is how it was set up. So when I run a speedtest and I'm on WAN 1, the reported speed would roughly be the speed, no?
I'm not trying to split hairs over a few Mbps, but the difference between 200-250 and 400 is great.
Dave
- Copy Link
- Report Inappropriate Content
I only want WAN 2 for failover and that is how it was set up. So when I run a speedtest and I'm on WAN 1, the reported speed would roughly be the speed, no?
I'm not trying to split hairs over a few Mbps, but the difference between 200-250 and 400 is great.
Sorry that I just forgot you have Link Backup with failover mode configured on the TL-R600VPN router.
May I check the hardware version of your TL-R600VPN? How about the firmware version?
If the hardware version is Ver 4.0, it is suggested to use Iperf to test the speed of the router. The NAT throughput of TL-R600VPN V4 is 680Mbps.
- Copy Link
- Report Inappropriate Content
@Fae TL-R600VPN(UN)_v4_4.0.4 Build 20200313
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 8312
Replies: 15
Voters 0
No one has voted for it yet.