ER605 Router Wired LAN Subnet Setup

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

ER605 Router Wired LAN Subnet Setup

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
ER605 Router Wired LAN Subnet Setup
ER605 Router Wired LAN Subnet Setup
2022-04-23 08:20:39 - last edited 2022-04-26 02:00:09
Model: ER605 (TL-R605)  
Hardware Version: V1
Firmware Version: 1.2.0 Build 20220114 Rel.76871

Hi,

 

I have purchased a tp-link ER605 Dual WAN Router to replace my RPi Home Lab Gateway.

 

I have setup the WAN interfaces:

- WAN             Wired Broadband     192.168.20.2 (Gateway 192.168.20.1 - ISP 1 Modem / Router)

- WAN/LAN1   Mobile Broadband   192.168.1.2   (Gateway 192.168.1.1 - ISP 2 Modem / Router)

 

In Admin Setup -> Remote Management I enabled the 192.168.20.0/24 subnet.

In Firewall -> Attach Defense I unchecked 'Block Ping from WAN'.

 

I can navigate to the web ui and i can ping the WAN IP (192.168.20.2) from a terminal session on my MacBook Pro (on the same subnet 192.168.20.0/24).

 

I have setup the LAN interfaces for wired devices:

- LAN1    vlan1 (5 UNTAG)  192.168.101.1 -> Switch -> Synology NAS (eth0) and RPi devices

- LAN2    vlan2 (4 UNTAG)  192.168.102.1 -> Switch -> Synology NAS (eth1) and RPi devices

 

I have setup static routes in the ISP 1 Modem / Router to the two subnets:

-  192.168.101.0/24 -> 192.168.20.2

-  192.168.102.0/24 -> 192.168.20.2

 

I cannot ping the LAN IPs (192.168.101.1, 192.168.102.) nor can I use nmap to determine the IP addresses of the devices in each subnet. 

 

And, I'm not sure how to enable this using the web ui?

 

An iptables example:

 

sudo iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
sudo iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT

 

sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

 

Thanks :)

 

 

 

 

  0      
  0      
#1
Options
1 Accepted Solution
Re:ER605 Router Wired LAN Subnet Setup-Solution
2022-04-25 00:38:55 - last edited 2022-04-26 02:00:09

  @Robinyo 

 

So, there used to be a tab called Multi-Nets NAT: https://www.tp-link.com/fr-be/support/faq/675/

 

However, this feature is now enabled by default: https://community.tp-link.com/en/business/forum/topic/249134

 

The problem was that the low cost switches connected to each subnet are unmanaged devices and the TAG information was confusing them and the downstream devices.

 

So you need to ensure Ports used by low cost switches and other devices are UNTAGed:

 

 

Now nmap works as expected:

 

➜  ~ sudo nmap -sn 192.168.101.0/24

Password:

Starting Nmap 7.92 at 2022-04-25 10:36 AEST

Nmap scan report for 192.168.101.1

Host is up (0.0017s latency).

Nmap scan report for 192.168.101.2

Host is up (0.0012s latency).

Nmap scan report for 192.168.101.3

Host is up (0.0013s latency).

Nmap scan report for 192.168.101.69

Host is up (0.0014s latency).

Nmap scan report for 192.168.101.236

Host is up (0.0012s latency).

Nmap done: 256 IP addresses (5 hosts up) scanned in 4.19 seconds

 

➜  ~ sudo nmap -sn 192.168.102.0/24

Starting Nmap 7.92 at 2022-04-25 10:36 AEST

Nmap scan report for 192.168.102.1

Host is up (0.0013s latency).

Nmap scan report for 192.168.102.2

Host is up (0.0020s latency).

Nmap scan report for 192.168.102.3

Host is up (0.0012s latency).

Nmap scan report for 192.168.102.102

Host is up (0.0017s latency).

Nmap scan report for 192.168.102.124

Host is up (0.0020s latency).

Nmap done: 256 IP addresses (5 hosts up) scanned in 4.02 seconds

 

Recommended Solution
  3  
  3  
#5
Options
4 Reply
Re:ER605 Router Wired LAN Subnet Setup
2022-04-23 23:42:35 - last edited 2022-04-23 23:43:59

  @Robinyo 

 

As mentioned in my previous post I have setup the LAN interfaces for wired devices:

- LAN1    vlan1 (5 UNTAG)  192.168.101.1 -> Switch -> Synology NAS (eth0) and RPi devices

- LAN2    vlan2 (4 UNTAG)  192.168.102.1 -> Switch -> Synology NAS (eth1) and RPi devices

 

I noticed that this creates entries in Preferences -> IP Addresses:

 

ID Name IP Address Type IP Address Range IP Address/Mask Description Operation
-- 1 IP_LAN IP Address/Mask 192.168.101.0/24,192.168.102.0/24 192.168.101.0/24,192.168.102.0/24

IP_LAN

---

 

and IP Groups:

 

ID Group Name Address Name Description Operation
-- 1 IPGROUP_ANY ---

IPGROUP_ANY

---
-- 2 IPGROUP_LAN IP_LAN

IPGROUP_LAN

---

 

So then I navigated to Firewall -> Access Control and manually created the following entry:

 

 

However, no luck yet I still cannot ping the LAN IPs (192.168.101.1, 192.168.102.) nor can I use nmap to determine the IP addresses of the devices in each subnet. 

 

  0  
  0  
#2
Options
Re:ER605 Router Wired LAN Subnet Setup
2022-04-24 01:55:15

  @Robinyo 

 

You can't do it from the WAN side of the router. The router's NATting can't be disabled.

Kris K
  0  
  0  
#3
Options
Re:ER605 Router Wired LAN Subnet Setup
2022-04-24 07:52:48

  @KJK 

 

Hmmm, I guess I just got used to doing things that way.

 

I have setup the WAN interfaces:

- WAN             Wired Broadband     192.168.20.2 (Gateway 192.168.20.1 - ISP 1 Modem / Router)

- WAN/LAN1   Mobile Broadband   192.168.1.2   (Gateway 192.168.1.1 - ISP 2 Modem / Router)

 

I have setup the LAN interfaces for wired devices:

- LAN1    vlan1 (5 UNTAG)  192.168.101.1 -> Switch -> Synology NAS (eth0) and RPi devices

- LAN2    vlan2 (4 UNTAG)  192.168.102.1 -> Switch -> Synology NAS (eth1) and RPi devices

 

So now I am simply plugging my MacBook Pro into one of the switches and getting a (dynamic) IP Address from the DHCP Server running on the Synology NAS.

 

Then I use nmap to determine the IP addresses of the devices in each subnet. 

 

sudo nmap -sn 192.168.101.0/24
sudo nmap -sn 192.168.102.0/24

 

Which works as expected for the subnet of the switch I'm connected to:

 

➜  ~ sudo nmap -sn 192.168.101.0/24
Starting Nmap 7.92 at 2022-04-24 17:41 AEST
Nmap scan report for 192.168.101.1
Host is up (0.00042s latency).
MAC Address: aa:bb:cc:dd:ee:ff (TP-Link Limited)
Nmap scan report for orcada-nas-1 (192.168.101.2)
Host is up (0.00061s latency).
MAC Address: aa:bb:cc:dd:ee:ff (Synology Incorporated)
Nmap scan report for 192.168.101.3
Host is up (0.00039s latency).
MAC Address: aa:bb:cc:dd:ee:ff (Raspberry Pi Trading)
Nmap scan report for 192.168.101.69
Host is up (0.0048s latency).
MAC Address: aa:bb:cc:dd:ee:ff (Netgear)
Nmap scan report for 192.168.101.144
Host is up (0.00042s latency).
MAC Address: aa:bb:cc:dd:ee:ff (Raspberry Pi Trading)
Nmap scan report for 192.168.101.59
Host is up.
Nmap done: 256 IP addresses (6 hosts up) scanned in 2.07 seconds

 

but not the other one:

 

➜  ~ sudo nmap -sn 192.168.102.0/24 
Starting Nmap 7.92 at 2022-04-24 17:48 AEST
Nmap scan report for 192.168.102.1
Host is up (0.0013s latency).
Nmap done: 256 IP addresses (1 host up) scanned in 4.21 seconds
  0  
  0  
#4
Options
Re:ER605 Router Wired LAN Subnet Setup-Solution
2022-04-25 00:38:55 - last edited 2022-04-26 02:00:09

  @Robinyo 

 

So, there used to be a tab called Multi-Nets NAT: https://www.tp-link.com/fr-be/support/faq/675/

 

However, this feature is now enabled by default: https://community.tp-link.com/en/business/forum/topic/249134

 

The problem was that the low cost switches connected to each subnet are unmanaged devices and the TAG information was confusing them and the downstream devices.

 

So you need to ensure Ports used by low cost switches and other devices are UNTAGed:

 

 

Now nmap works as expected:

 

➜  ~ sudo nmap -sn 192.168.101.0/24

Password:

Starting Nmap 7.92 at 2022-04-25 10:36 AEST

Nmap scan report for 192.168.101.1

Host is up (0.0017s latency).

Nmap scan report for 192.168.101.2

Host is up (0.0012s latency).

Nmap scan report for 192.168.101.3

Host is up (0.0013s latency).

Nmap scan report for 192.168.101.69

Host is up (0.0014s latency).

Nmap scan report for 192.168.101.236

Host is up (0.0012s latency).

Nmap done: 256 IP addresses (5 hosts up) scanned in 4.19 seconds

 

➜  ~ sudo nmap -sn 192.168.102.0/24

Starting Nmap 7.92 at 2022-04-25 10:36 AEST

Nmap scan report for 192.168.102.1

Host is up (0.0013s latency).

Nmap scan report for 192.168.102.2

Host is up (0.0020s latency).

Nmap scan report for 192.168.102.3

Host is up (0.0012s latency).

Nmap scan report for 192.168.102.102

Host is up (0.0017s latency).

Nmap scan report for 192.168.102.124

Host is up (0.0020s latency).

Nmap done: 256 IP addresses (5 hosts up) scanned in 4.02 seconds

 

Recommended Solution
  3  
  3  
#5
Options