Two WANs, one LAN
To achieve this network configuration, which is beyond my experience, I need help configuring these two ER605's and how to add a second ER605 using the Omada OC300 controller. There's probably more that I don't know about, so please feel free to point that out, too. FYI: WAN-1 is an existing operating network (wired and WiFi mesh). I'm adding the WAN-2 ER605, TL-SG2210MP, and the two CPE710's
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @steveh721
In addition to my last reply, since you are looking for a way out, you need VRRP-enabled routers and we don't support this now. And the setup in OP does not work with our routers. Have recommended the right solution. Hope this can help you make your choice.
- Copy Link
- Report Inappropriate Content
@steveh721 in the configuration you are suggesting, all the LAN devices are getting their IP's from ER605 - 1 DHCP and will therefore be getting ER605 - 1 as the default gateway. That will mean that all WAN traffic will be via WAN-1.
What are you trying to achieve with the two WAN connections ?
- Copy Link
- Report Inappropriate Content
Thank you for responding :-)
The WANs are each provided by Starlink, each with unique IPs. The motivation for two Starlink accounts: We are located in a rural, forested region. The first Starlink (North-facing) WAN-1 is obstructed by 100ft - 150ft high fir trees 16% of the time (84% visibility). This is generally okay, because most of the obstruction happens during off-business hours, but not ideal, and we put up with it for 3+ years waiting for Starlink satellites to cover the southern sky, which is 100% unobstructed. Still waiting, so recently, I decided to locate a second North-facing Starlink transceiver ~186m from the first in a location that's similarly obstructed, but at different times. The result is that we now have 100% visibility to the Starlink satellites.
What I'd like to effectively acheive is load balancing across the two WAN's (i.e. not failover, but each continuously connected). My goal is to have all devices (wifi cameras, mesh wifi network, remote controllers, etc) on the same /24 subnet.
It seems there must be a way to accomplish this, but I'm not experienced enough to know how to do it.
- Copy Link
- Report Inappropriate Content
Hi @steveh721
Thanks for posting in our business forum.
Let me put the result first. This is NOT gonna happen. You cannot configure it like that.
2 routers create 2 subnets and 2 NAT which means you have 2 gateways. There is no way to achieve the load balancing with 2 routers because you can only put up 1 gateway IP address and it does not fall back to another gateway.
1 router, 2 ISP, possible which means you need to remove one of them in your diagram.
- Copy Link
- Report Inappropriate Content
Thanks for the explanation, I now understand what you are trying to achieve. As Clive says , to achieve what you want requires that both WAN connections are to a single ER605 with that providing the LAN subnet. In your case, that's going to be difficult since the WAN connections are 186m apart!.
I'm assuming your have configured the Starlink routers in bridge mode so that the ER605's get the public IP's.
Basically you need to configure the ER605 at WAN-1 with a 2nd WAN port and then find some way to bridge the WAN-2 connection across the 186m to the 2nd WAN port. Problem is that your point to point CPE710 will not act as a level 2 bridge.
You MIGHT be able to achieve something by using the Starlink router at WAN-2 location in normal router mode and then using the CPE710 link to connect that to the 2nd WAN port of the ER605 at WAN-1. Since the starlink router is now using NAT you would need to ensure that its LAN subnet is different to that of the ER605 since its 2nd WAN port is going to obtain a local address via DHCP from the starlink router.
Even then I'm not sure its going to work...
- Copy Link
- Report Inappropriate Content
>> I'm assuming your have configured the Starlink routers in bridge mode so that the ER605's get the public IP's.
Correct
>>find some way to bridge the WAN-2 connection across the 186m to the 2nd WAN port.
Yes. That's the crux of this problem. 186m >> 100m maximum for Ethernet. Besides, I don't want to dig a186m trench for direct-bury cable :-)
>>Problem is that your point to point CPE710 will not act as a level 2 bridge.
What is a "level 2" bridge (I know what a bridge is, but I don't know what level 2 means)
You MIGHT be able to achieve something by using the Starlink router at WAN-2 location in normal router mode and then using the CPE710 link to connect that to the 2nd WAN port of the ER605 at WAN-1. Since the starlink router is now using NAT you would need to ensure that its LAN subnet is different to that of the ER605 since its 2nd WAN port is going to obtain a local address via DHCP from the starlink router.
>>Even then I'm not sure its going to work...
You've given me food for thought. I appreciate the time and thoughtfulness of your response. It's looking like I have to settle for two LANs and two DHCPs , i.e. @WAN-1==>ER605-1/ 192.168.0/24 and @WAN-2==>ER605-2/ 192.168.2./24 and then bridge these two subnets. I'll assign both mesh subnets the same SSID so users don't have to remember which to connect to--that will be automatic with the user's wifi device connecting to the strongest signal. And the bridge should enable security camera's to be viewable from any location regardless of the subnet they are connected to.
I'll start experimenting per your suggestions and write-up the results here. Plus, any further thoughts are welcome :-)
- Copy Link
- Report Inappropriate Content
What is a "level 2" bridge (I know what a bridge is, but I don't know what level 2 means)
I was using Level 2 as a reference to Layer 2 of the OSI model https://en.wikipedia.org/wiki/OSI_model . Basically meaning that the bridge needs to pass data at the network level without reference to any protocol.
I've had another look at the CPE710 spec and user guide and I'm still not sure whether it can or cant do that ??
It's looking like I have to settle for two LANs and two DHCPs , i.e. @WAN-1==>ER605-1/ 192.168.0/24 and @WAN-2==>ER605-2/ 192.168.2./24 and then bridge these two subnets.
That's not going to work, you wont be able to access one subnet from the other without some 'routing'.
If the CPE710 can bridge at level 2 , then you MIGHT be able to get a working load sharing configuration using VLANs. All your switches seen to be managed ones and so will support VLANs.
In principle
You configure ER605-1 with a 2nd WAN port.
You connect that WAN port to one of the switches
You connect the starlink router at WAN-2 to the switch at that location
You configure the switches with two VLANs
VLAN 1 connects the starlink modem at WAN-2 to the 2nd WAN port of the ER605
VLAN 2 connects all the other devices to the ER605 LAN
You now have a single LAN subnet for all the devices and the ER605 has two WAN connections which means you can do load sharing and backup
Let me be clear though, this is all theory! not something I've ever tried. If you wish to consider it , then I suggest you first read up about VLANs
- Copy Link
- Report Inappropriate Content
I suspected that perhaps you were referring to OSI's layer two, but because I'm no expert in this arena, I thought it best to ask, rather than assume. Thank you for clarifying :-) RE: my comment about settling for two subnets, I was anticipating dusting off the ARP and routing table tools for this :-( (I've been spoiled by all the automation and have not used these tools for many years; having to use them is somewhat similar to avoiding digging a trench for Ethernet cable by using a microwave connection %-P
However, you're VLAN suggestion looks enticing enough to invest some learning curve time, as it serves the double purpose of, at long last, learning how to setup a VPN(s) on our small network, which also support remote work, I've been increasingly motivated to do this as network security risks are ever increasing. Your suggestion as a possible solution to this problem is just enough motivation increase my knowledge of both.
I'll write again after the next few steps have been accomplished (in a week or so). Hopefully, that includes proving your theory correct :-).
Kind regards,
Steve
- Copy Link
- Report Inappropriate Content
Hi @steveh721
In addition to my last reply, since you are looking for a way out, you need VRRP-enabled routers and we don't support this now. And the setup in OP does not work with our routers. Have recommended the right solution. Hope this can help you make your choice.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1326
Replies: 8
Voters 0
No one has voted for it yet.