Solved

Monitoring devices over a WAN link.

Posted on 2014-03-27
6
418 Views
Last Modified: 2014-04-21
Hi experts,
I need some help because I don´t know how to configure routing for managing radios over a Point-to-Point (PTP) link over a WAN port.
Here is a brief topology description:
ISP - - - - BRIDGE - - -  (BH-M1) - - - (BH-S1) - - - (BH-M2) - - - (BH-S2) - - - (WAN) ROUTER - - - LAN
Where:
BH-M1= Cambium Back Haul Master 1
BH-S1= Cambium Back Haul Slave 1
BH-M2= Cambium Back Haul Master 2
BH-S2= Cambium Back Haul Slave 2
(Wan) Router= Wan Port Router Vigor 2820

Actually I can access any devices for managing over the LAN using DDNS and NAT/Routing Rules created on Vigor 2820.
My problem is (perhaps because I have no experience) how to configure Vigor 2820 router to manage Cambium radios connected to the wan port.
Best regards.
0
Comment
Question by:macastri
  • 3
  • 3
6 Comments
 
LVL 17

Expert Comment

by:pergr
Comment Utility
To start with, I assume that you do not have public IPs for each radio.
So, we need a private IP address for each radio, and the need to have the Vigor as their default gateway.

That also means the Vigor needs a private IP address on the WAN interface (in addition to its public IP address.

With that set-up you should be able to manage the radios from the LAN side of the Vigor.


The problem is if you also want to manage the radios from the WAN side, in which case you need the VIGOR to do "hairpin NAT" on the WAN side. I am not sure if it can do that.
0
 

Author Comment

by:macastri
Comment Utility
Hi Pergr, thanks for your help.
We have ADSL service.
Actually each radio have private IP (192.168.92.xxx) and gateway 192.168.92.1
Vigor LAN IP addres is 192.168.88.201
Vigor WAN port is configured as PPPoE for calling the bridge (like a modem) and connect to our ISP.
So WAN port acquires IP address assigned by ISP via DHCP (ADSL)

As you see, WAN port cannot have a private IP. Remember that WAN port calls to the modem (PPPoE/Bridege)
0
 
LVL 17

Expert Comment

by:pergr
Comment Utility
You could run VLANs over the radio.

You now have:
ISP - - - - BRIDGE - - -  (BH-M1)

If you make that BRIDGE a VLAN capable bridge/switch, and also put the same type between the last radio and the Vigor - it should work.

Between the two BRIDGES you would have one VLAN "untagged", and this would include the management IP addresses of the radios.

You would have another VLAN (with VLAN tag) for the Internet/PPPoE traffic.

On the switch outside the Vigor, you would take out the to VLANs on two different, untagged ports.
Connect one port to the WAN side of the Vigor.
Connect the "radio management VLAN" to a DMZ port of the Vigor. You can then create your normal DDNS/NAT from WAN port to that management-DMZ port.

Some good switches to use are Juniper EX2200-C. About $500 each.
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:macastri
Comment Utility
Hi Pergr… returning after week-end.
Your suggestion is really a new point of view for me.  I had never work with VLAN´s in Point-to-Point solutions.
In order to clarify the situation I will add the next info before continuing with other questions:
Bridge: XyXCel model VMG1312-B10A, VLAN capable, IP: 192.168.1.1
BH´s: Cambium model 5700BH, VLAN capable, IP: 192.168.92.xxx
Router: Drytec model Vigor 2820, VLAN capable, IP: 192.168.88.201
Switch: Cisco SBS, model SLM224P, VLAN capable, IP: 192.168.88.254 (for internal LAN)

You say:
A.      If you make that BRIDGE a VLAN capable bridge/switch, and also put the same type between the last radio and the Vigor - it should work
A1.      It´s perfectly possible to create VLAN’s in Bridge, Router.
A2.      Which kind of VLAN, tagged or untagged?

B.      You would have another VLAN (with VLAN tag) for the Internet/PPPoE traffic.
B1.      Where I must have a tagged VLAN, at the Router or in the Cisco Switch?

C.      Between the two BRIDGES you would have one VLAN "untagged", and this would include the management IP addresses of the radios.
C1.      You mean “between Bridge and Router”? I have one Bridge and one Router. Remember that I call the Bridge using the Router WAN port (PPoE).
C2.      Do you mean “Not to use the Router WAN port” to connect the last BH, and connect it to the Cisco Switch untagged VLAN port?

D.      On the switch outside the Vigor, you would take out the to VLANs on two different, untagged ports.
D1.      Please explain, it’s not so clear.

E.      Connect the "radio management VLAN" to a DMZ port of the Vigor.
E1.      Do you mean: To connect the switch tagged VLAN port for the Internet/PPPoE traffic, to the DMZ?
0
 
LVL 17

Accepted Solution

by:
pergr earned 500 total points
Comment Utility
A2. The VLAN for management should be untagged, while the one for PPPoE traffic should be tagged.

B1. It should be tagged everywhere, except possibly on the port to the router. If you will take in both vlan on the same port on the router, then it must be tagged there too. If you chose to use two cables, for separate ports between bridge and router, then those ports can be untagged.

C. My proposal was to get one additional bridge, to be placed between router and first BH device. It could be used to separate the VLANs to different ports towards the router, which would be useful if the router does not support PPPoE on tagged ports. You may be able to do without it.

D1. Possibly clarified above.

E1. So you need to connect the two vlan to the router. One vlan will have the PPPoE client, and the other vlan an IP address for the management network. If you connect these on one single port on the router, the router must support vlan tagging. The alternative is to use two untagged ports on each of router/bridge.
0
 

Author Comment

by:macastri
Comment Utility
Thank you very much Pergr.
Your help and ideas were very helpful in finding the solution to our needs.
Best regards.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
For Sennheiser, comfort, quality and security are high priority areas. This paper addresses the security of Bluetooth technology and the supplementary security that Sennheiser’s Contact Center and Office (CC&O) headsets provide.  
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now