NR7101: Access Management Service (UI) in IP passthrough (bridge) mode

monty03
monty03 Posts: 5
Friend Collector First Comment
edited January 4 in Mobile Broadband

Hello,

my NR7101 (latest firmware) is set to IP passthrough (bridge) mode and is working fine. When I connect it to my PC or laptop directly, I can access the UI (management service) using IP 192.168.2.1.

I would like to access the UI too when the NR7101 ist connected to my router (Ubiquiti EdgeRouter). My home network ist using the 192.168.1.0 subnet. I added a static route on the EdgeRouter to 192.168.2.0 on eth0 (where the NR7101 is connected). I can then ping the NR7101 but it does not respond to port 80 or 443 (tested using curl).

Is there any firewall setting I have to change to access the UI? In my opinion it should be available since it is working when connected to PC or laptop directly.

Thank you for your help!

Best regards,

Monty

«13

All Replies

  • k1s
    k1s Posts: 56  Ally Member
    First Anniversary 10 Comments Friend Collector First Answer

    I have so far had the same problem, and raised 2 support tickets about this. The second support ticket has been going backwards and forwards with ZyXel 'support' now for nearly 2 months with the support person getting me to video all my settings, change IP addresses, TeamViewer sessions, blaming the router manufacturer, cables, power supplies, firewalls, static routes, etc.

    …but in fact the ZTE 5G Modem I have with default 192.168.254.1 and is reachable just plugged in to my Synology router at 192.168.1.1 without any fuss or specific configuration.

    It seems like they simply didn't envisage this basic requirement and they don't know themselves why it doesn't work.

    Two other attempts at getting community support for this below.

  • PeterUK
    PeterUK Posts: 2,575  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer

    With it in IP passthrough this should connect to a WAN interface with failover of a router to then SNAT traffic

  • k1s
    k1s Posts: 56  Ally Member
    First Anniversary 10 Comments Friend Collector First Answer

    Hello Peter, could you explain that in plain English please

  • PeterUK
    PeterUK Posts: 2,575  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited July 2023

    I have a netgear nighthawk M2 to go by but how IP passthrough works depending on the carrier setup you only get one IP in my case a 10. IP that O2 NAT to a WAN IP on some carriers you get a WAN IP but is still NAT by others and you get no inbound.

    You could have a LAN with 192.168.0.1/24 on WAN1 your ISP on WAN2 of a router a NR7101 when WAN1 fails the NR7101 takes over this is called a fail over.

    If you have one WAN by ISP and the NR7101 as a router over the same LAN IP 192.168.0.254 to not conflict with your gateway at 192.168.0.1 when WAN fails your devices will not know about NR7101 until you set a static IP to go to 192.168.0.254 and you can't have two DHCP servers running because.

    In my setup I have a NIC with my WAN IP and a VLAN on another NIC when WAN fail windows seeing no ARP reply failover (but is possible ARP to gateway is fine in which care it will not failover) to then use the VLAN to my VPN300 SNAT from 10. to get internet by netgear nighthawk M2.

  • PeterUK
    PeterUK Posts: 2,575  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer

    In most cases its not static route you need to do like say my netgear nighthawk M2 management service is on 192.168.7.1 but in IP passthrough I get 10. and my LAN is 192.168.0.1/24 to get to 192.168.7.1 you need a routing rule like this:

    Incoming LAN1 destination 192.168.7.1 next hop WAN interface of nighthawk M2

  • k1s
    k1s Posts: 56  Ally Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited July 2023

    @PeterUK I'm afraid you're still assuming a sophisticated level of technical network knowledge. I'm trying to follow, but struggling.

    I think some of what you're saying is that most mobile internet service providers / network operators (e.g. Vodafone/O2) provide an IP address that is behind Carrier Grade Network Address Translation, which I think means, we share an internet IP address, so in practice the IP address that appears for the NR7101 is actually an internally reserved IP address, often starting 10.x.x.x.

    So if, like me or @monty03 our router on our primary LAN is 192.168.1.1, what exactly are you suggesting the NR7101 default and bridge IP addresses should be set to to be reachable from a PC on the LAN (e.g. PC's IP is 192,168.1.7)?

    I'm sorry, but I didn't follow the rest of your posts.

  • PeterUK
    PeterUK Posts: 2,575  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer

    Depends on what router you have and how much you can config it and depends on if NR7101 is in router mode or IP passthrough

  • monty03
    monty03 Posts: 5
    Friend Collector First Comment

    Thank you, k1s and PeterUK. Unfortunately, I am not able to follow your instructions, @PeterUK. As k1s said, when using a ZTE modem I can access its GUI flawlessly using the same parameters.

    Best regards,

    Monty

  • PeterUK
    PeterUK Posts: 2,575  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited July 2023

    The only possible problem Zyxel might have that I can't test is if your source IP is not the same as Management IP subnet or the IP given when in IP passthrough.

    You could see if change the NR7101 subnet too 255.255.0.0 might work.

    If you connect directly to the NR7101 do you get a 10. IP and can access Management 192.168.2.1?

  • monty03
    monty03 Posts: 5
    Friend Collector First Comment

    When I connect my laptop directly to the NR7101 I get the IP from my service provider e.g. 77.116.241.xx and I can access the NR7101 via IP 192.168.2.1.

    Thank you for your help!

Consumer Product Help Center