Question

Greetings,

Below you will find information about the setup I am trying to configure

Any help appreciated and thank you in advance.

2 Devices RUTX11 and RUTX10

Only one router must have access to the internet (RUTX11).

Lan interface of RUTX11 must be isolated from wan/internet access and therefore all devices connected to the lan interface as well. So, static IP configuration is applied to eht0 lan interface of the router, without gateway, as well as in all other devices in the lan network. Devices in the lan network might have different subnet, though usually they will not.

RUTX11 must use one of the wireless interfaces, for example 2.4GHZ, in AP mode, to form a local wireless lan, completely isolated from wan/internet access. This wireless interface should actually operate as an extension of the wired lan interface.

The other router RUTX10 must be able to join the RUTX11 wireless AP, as a client, so as all connected devices in its lan network interface to be able to communicate each other with the devices connected on the lan network interface of RUTX11. All devices IP configured static without gateway.

Continue in the comment...

Comments

RUTX11 should be able to have access in all devices connected in the lan network of each own or of RUTX10, so as services such as modbus tcp master and MQTT gateway, to work. By this I mean, that all devices connected to the lan network should only have access in the internet through RUTX11 and explicitly via a service.

With what I have done so far I am able to perform the following:

Devices connected in the wired as well as wireless (RUTX11_4718_2G) lan of RUTX11 can communicate with devices connected in the wired lan of RUTX10 and vise versa

Devices connected in the wired as well as wireless (RUTX11_4718_2G) lan of RUTX11 can ping RUTX11 wired lan interface at 192.168.250.245, so its ok I can have access in the web interface of the router for configuration.

Devices connected in the wired lan of RUTX10, can ping RUTX11 wired lan interface at 192.168.250.245, so its ok I can have access in the web interface of the router for configuration.

RUTX11 device router can ping all connected devices in the wired lan of RTX10 and/or in the wired or wireless lan of RUTX11 itself.

---

What I cannot do is the following:

With a laptop device connected either in the wireless lan (RUTX11_4718_2G) of RUTX11 or in the wired lan of RUTX11, I don’t have access in the wired lan of RUTX10, at 192.168.250.246, so I cannot login in the web gui.

I have screenshots showing the configurations, if anyone is interested helping me

Answer 1

Hello,

Hope you are good.

Could you please provide the topology of your network. Like what IP addresses you are using . May be there is some IP conflict that's why you cannot access your webui of Rutx10. Try using different ranges/pools of the IP addresses of Rutx10 and Rutx11.

Thanks

Regards,

Ahmed

Comments

RUTX11 has access to the internet through whatever wan interface either WWAN or WAN or even mobile. Currently it is configured to have access via wired WAN interface and specifically through br-wan (eht1eht0 wan port and wlan1wlan0 WIFI 5GHZ2.4GHz in AP configuration):

Interfaces: WAN: GENERAL SETUP:
Protocol = Static
IPv4 Address = 192.168.2.104
IPv4 netmask = 255.255.255.0
IPv4 gateway = 192.168.2.10
DNS servers = 8.8.8.8, 192.168.2.10
DHCP SERVER = Disable
Interfaces: WAN:PHYSICAL SETTINGS:
Bridge Interfaces = TRUE
Interfaces = eht1,wlan1wlan0 

WIFI 5GHZ2.4GHz
INTERFACE CONFIGURATION: GENERAL SETUP:
Enable = TRUE
Mode = Access Point
Network = WAN

RUTX11 LAN configuration is as follows:
INTERFACES:LAN:GENERAL SETUP:
Protocol = Static
IPv4 Address = 192.168.250.245
IPv4 netmask = 255.255.255.0
IPv4 gateway = -
IPv4 broadcast = -
DNS servers = -
DHCP SERVER = Disable
Interfaces: LAN:PHYSICAL SETTINGS:
Bridge Interfaces = TRUE
Interfaces = eht0,wlan0wlan1
I have bridged eht0 and wlan0wlan1WIFI 2.4GHZ5GHz in order to give access to the devices connected in the lan interface from the wireless lan.

RUTX11 WIFI  2.4GHZ5GHz
INTERFACE CONFIGURATION: GENERAL SETUP:
Enable = TRUE
Mode = Access Point
Network = LAN

The second RUTX10 device configuration is as follows:
*WAN Ethernet port (eht1) configured to work as LAN.

RUTX10 LAN configuration is as follows:
INTERFACES:LAN:GENERAL SETUP:
Protocol = Static
IPv4 Address = 192.168.250.246
IPv4 netmask = 255.255.255.0
IPv4 gateway = -
IPv4 broadcast = -
DNS servers = -
DHCP SERVER = Disable
Interfaces:LAN:PHYSICAL SETTINGS:
Bridge Interfaces = TRUE
Interfaces = eht0, eth1

RUTX10 WIFI 2.4GHZ
RUTX10 WIFI 5GHZ
INTERFACE CONFIGURATION: GENERAL SETUP:
Enable = TRUE
Mode = Client
Network = WLAN

Interface Network named wlan and the configuration is as follows:
INTERFACES: WLAN: GENERAL SETUP:
Protocol = Static
IPv4 Address = 192.168.250.247
IPv4 netmask = 255.255.255.0
IPv4 gateway = -
IPv4 broadcast = -
DNS servers = -
DHCP SERVER = Disable
Interfaces: WLAN:PHYSICAL SETTINGS:
Bridge Interfaces = FALSE
Interfaces = wlan0wlan1

WLAN interface assigned to firewall zone “lan”.

For the LAN interface I have enabled RELAY with assigned WLAN wifi client.

---

Hello,

Could you please check if the webui access is enabled in Rutx10 .

You can check it in system>Administration>Access Control.

Thank you.

Regards,
 

Ahmed

---

Hello,

Thank you for your response.

Yes it is

Answer 2

Can i get anydesk remote access id in DM .

So that i can check what's causing the issue.

Thank you.

Comments

Can you please give me instructions on how to generate or find this remote id ?
Do you want me to create remote ssh connection or something in RMS?

Thank you in advance

---

I am asking for the remote access to your pc with which this Rutx10 and Rutx11 are connected.

https://anydesk.com/en

---

sorry I have neglected info from your previous message, while I was scanning it.

---

ok i will try to setup the gateway for wired and wireless lan of rutx10 giving the address of rutx11 5ghz wireless lan

I will let you know about the results

---

Yes, sure better to reset the device upgrade to the latest firmware and configure things again . So that there will be no previous configurations . And hopefully you could make it work what you are trying to achieve .

Have a great day.

---

Hello Ahmed,

I finally managed to get my topology up and running smoothly.
It was not neither a "gateway" nor a DHCP Server issue on behalf of RUTX10 LAN interface configuration.

In the above configuration that I posted yesterday, in RUTX10 LAN configuration, if I switch the protocol of the interface to "None", essentially disabling all protocols, then RUTX10 is accessible through WLAN interface @ 192.168.250.247. And not only that, all devices connected to the local network, either through the wired or wireless (5GHz) LAN interface of both routers can communicate each other and are accessible from both routers as well.

Relay configuration on the wired LAN interface(eht0) of RUTX10 is not used, as the option disappears when you disable all the protocols for the interface. The interface does not have any IP assigned.

Now, I would really be more than happy, if someone can explain all this, as I want to understand things in general, not only making them work. In above configuration if I enable either static or DHCP protocol for the Wired LAN interface(eht0) of RUTX10, then the rooter is not accessible from devices connected either in the wired (eht0) or wireless LAN (wlan0wlan1) interfaces of RUTX11, and RUTX10 cannot ping RUTX11 as well.

Thank you in advance.

---

Hello,

I have tried these on my side. 

Rutx11:

Interface>LAN:

Protocol :Static 

IPv4 address :192.168.100.1

IPv4 netmask :255.255.255.0

IPv4 gateway :blank

IPv4 broadcast :blank

DNS servers     :blank

DHCP Server: Enabled

Start 192.168.100.100 , End 192.168.100.249

Interface>WAN:

Protocol :Static 

IPv4 address :10.10.30.66

IPv4 netmask :255.255.255.0

IPv4 gateway :10.10.30.254

IPv4 broadcast :blank

DNS servers     :10.10.30.15

DHCP : Disable

Firewall>Traffic Rules:

( I created a new rule ) To restrict Rutx10 or LAN devices of Rutx10 like wifi users etc from using Internet .

Enable: Yes

Name : NoInternet (Any)

Restrict to address family : IPV4 and IPV6

Protocol : Any

Source Zone: LAN

Source MAC : blank

Source Address: 192.168.100.221 ( i.e Rutx10 ) 

Destination zone: WAN

Destination Address : blank

Action:Drop

Keep all other configurations as blank/default.

Rutx10:

Interface : LAN

Protocol :Static 

IPv4 address :192.168.100.221 (That is assigned by Rutx11)

IPv4 netmask :255.255.255.0

IPv4 gateway :192.168.100.1 (That is of Rutx11)

IPv4 broadcast :blank

DNS servers     :Blank

DHCP : Disable

Interface :WWAN 

Protocol : DHCP

I was able to achieve following by applying the above configurations :

1) Ping from Rutx11 to Rutx10 and Rutx10 to rutx11 including LAN devices and from LAN devices to LAN devices.  

2)No Internet on Rutx10 and the LAN devices connected with Rutx10.

Everything worked smoothly without any issues. 

You can replicate it on your side . 

Also i am sharing some links to make things more clearer :-) 

https://wiki.teltonika-networks.com/view/RUTX11_Interfaces

https://wiki.teltonika-networks.com/view/RUTX11_Firewall#Traffic_Rule_Configuration

I shared example/configurations as per your scenario for better understanding as i thought explaining will not help as example will do.

Thank you.

Have a nice day.

Regards,

Ahmed . 

---

Thank you very much for your respond Ahmed.

I will test the above configuration on my behalf