10020 questions

11964 answers

18533 comments

19905 members

0 votes
185 views 1 comments
by
by
Hello,

Could you give me a more detailed information regarding this case you are having? Because it is not pretty clear. A network topology and an explanation about what are you trying to achieve would be a great help

Regards,
Jerome

1 Answer

0 votes
by

Hello, 

As what i understand is you want to configure the router where a certain VLAN will not get internet connectivity on Mobile when let say you are on Wired/Wireless WAN. If my understanding is correct you can do it with a little bit of effort. 

In this configuration I am using the default Failover configuration where Main WAN is Wired and Mobile data as failover. 

Here are the steps on how to make it work: 

1. Configure VLAN first let say you have 2 VLAN's, VLAN 10 and VLAN 20
where:
VLAN 10: 192.168.10.1
VLAN 20: 192.168.20.1

2. Next part is separating wired/wireless and mobile WAN. (You need to do this via putty or CLI)

-vi /etc/config/firewall
-Using arrow keys look for the config zone for wan
-After locating it press keyboard key 'a' to enter editing mode
-Then copy paste this one:
config zone

        option name 'mobile'
        option network 'ppp'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'

config zone 
        option name 'WifiWired'
        option network 'wan wan2'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'


- After copy pasting that press key 'Esc' then type ':wq'
- Lastly reload all the settings using 'luci-reload'

3. Now to go to Network > Firewall > General > lan_1 and Edit.
Configure it to forward destination zones to WifiWired.

4. Create a traffic rule where Lan_1 network will not be able to get internet access on mobile. 
You can do that by setting Source zone to: Lan_1 Destination zone to: mobile and Action set to reject. 


Then save all the configurations you made. 

This configuration will make the VLAN 20 (LAN_1) will not be able to get network connectivity when Mobile WAN is used but when Wired/Wifi WAN is used it will be able to access the internet. And VLAN 10 will be able to access the internet in all WAN sources (Wired/Wireless/Mobile)

I have created a zip file with all the pictures included and a short video on how to do the CLI configuration. 

Here is the link: https://we.tl/t-voAtzfzPnH

Hope it helps

Regards,
Jerome