ER605 hierarchical under ER605 & NAT challenge
ER605 hierarchical under ER605 & NAT challenge

Hello,
how can I configure ER605, which was hierarchically under an other ER605?
My configuration:
 1. Internet -> Fritz!Box -> ER605-1 -> ER605-2 -> Dedicated mini-computer with IP 10.11.1.11
 2. I use OC200 for all the admin of all my tp-link devices.
 3. Fritz!Box used IP-Range 192.168.0.1 - 192.168.0.255 => here are my main devices
 4. First ER605 (ER605-1) is used to share Internet access in a new IP-Range 192.168.10.1 - 192.168.10.255 => here are may special control devices
 5. Second ER605 (ER605-2) is only  to share Internet access for a dedicated mini-computer with IP 10.11.1.11. (I use IP-Range 10.11.1.10 - 10.11.1.20). 
6. The IP of ER605-2 is 10.11.10 -> Okay
 7. I see the dedicated mini-computer with IP 10.11.1.11 at the ER605-2 -> Okay
What works:
 - All devices can access internet - inclusive my dedicated mini-computer.
 - I can access devices in the IP-Range 192.168.10.1 - 192.168.10.255 from IP-Range 192.168.0.x, because I use NAT and One-To-One-NAT entries.
What doesn't work:
 I cann't access my dedicated mini-computer from an address 192.168.10.x (or 192.168.10.x), because I cann't use NAT and One-To-One-NAT at the ER605-2. The interface listbox was empty!
How can I configure a one-to-one NAT or similar for my dedicated mini-computer?
Best Regards
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hello @EricPerl,
thank for your explanation.
You should be careful with statements like "Your understanding of VLANs is, to say the least, incomplete".
I'm not talking about setting up VLANs. For me, one address range is enough for almost all devices, but there is one special device that needs address translation and that calls for NAT for me. Unfortunately, I can't manage this under one roof in the OC200, but have to manage the second ER605 separately. Then it should work.
The Fritz!Box is still a leftover and will certainly be abolished. But I don't want to turn all the network wheels at the moment.
- Copy Link
- Report Inappropriate Content
There is no effective difference between using NAT translation to access a device with aspecific IP behind a 3rd router, then just having that device, with its specific IP, on a seperate vlan coming from the main router. No difference at all. You can aoply all the same security, IP range, gateway addresses, everything you need for that device on a vlan, without having to touch the IP addresses on your other devices. You can apply the vlan on a seperate port, or the same port as existing cabling.
You yourself asked, in your first post, how to traverse your network to access that device, and we have given you that information, guides, screenshots but you are simply ignoring anything that doesnt fit with your own idea of how to do it. There is nothing stopping you setting up that vlan for that device (easy) without changing anything in your existing network. As its a mini computer, you can even assign the necessary 802.11Q vlan tag on its ethernet port directly so you dont even need any extra switches.
The end result of what you want - access devices on different IP ranges is NO DIFFERENT AT ALL to how millions of homes, schools, businesses are set up worldwide. USING VLANS. I dont know of any IT team or individual who would want to set up 3 layers of NAT translation just to access a single device. thats nuts. Sorry you dont aggree with that, but it is. Nuts.
- Copy Link
- Report Inappropriate Content

Information
Helpful: 0
Views: 2026
Replies: 12
Voters 0
No one has voted for it yet.

