SD-WAN: changing the LAN IP & DHCP server

Overview: as an absolute last resort you can modify the default IP subnet, IP address, virtual gateway and even turn off the DHCP server in the SD-WAN box. Possible scenarios such as a installing retrospectively into an existing network that already has it's own DHCP server may force this change. If you absolutely need to, here's how.

In this example we will match a client LAN that has the following "problems" for us:

• They already have a DHCP server
• They already use LAN IP range 192.168.1.xxx (same as the 4G routers we have on WAN1 and WAN2 of the SD-WAN)
• They already use LAN IP address 192.168.1.17 for a device (but 192.168.1.11 is unused)
• They have some SD-WAN public IP forwarding rules that will need changing

Do not connect the SD-WAN with the existing network, since it cause cause DHCP problems, loopbacks and flooding of the existing network. 

For info, the default IP config on LAN for SD-WAN box is:

LAN IP: 192.168.3.17

Subnet mask: 255.255.255.0

Gateway: 192.168.3.250 <<< Please note: .250 not .17 (this is a virtual gateway)

DHCP: .20 through .98

LAN static IPs = 192.168.3.2 through .16 and .99 through .249 are all available for your devices

DNS: 208.67.222.222 & 9.9.9.9

Port forwarding and DMZ: administered via cloud (request your specific details from us for admin access)

Modification

Step 1: log in to the SD-WAN

• Connect a computer to the LAN port (direct, or via switch)
• Browse to http://192.168.3.17
• Log in with the default username admin and password. We sent you this password with the config settings; the factory default, if your hard-reset, is: Bonding123
• 
  

Step 2: change settings

• Click on Settings    
• Select LAN settings: compare these defaults against the required network
  Before changing the LAN settings to your intended IP, answer these questions:
  • Do any of my WAN devices (4G/5G routers, broadband routers) use this IP range?
    If so, you will need to change the WAN devices to use different IP ranges too
    (You can't expect the router to route traffic for the SAME range via 2 different devices!)
    • If so, change the WAN router IP ranges before you continue any further
  • Is there an existing DHCP server on the LAN?
    • If so, you will need to disable the built-in DHCP server on the SD-WAN box
  • Do the devices (or DHCP server) use a specific gateway IP?
    • If so, you will need to change the "VRRP Gateway IP Address" to match this
  • Is there a device already using IP address xxx.xxx.xxx.17 on the network?
    • If so, you will need to change the "Router LAN IP Address" to match this
  • Does the network use a different subnet than /24 (255.255.255.0)?
    • If so, you will need to change the Subnet Mask to match this
• Edit the settings as the the example below [Save and reboot]
  • In this example we:
    • Changed the router LAN IP to 192.168.1.11 (.17 was in use, but .11 was available)
    • Disabled the built-in DHCP server
    • Changed the gateway to 192.168.1.1
  • Because we turned off DHCP we will need to set our computer to a static IP if we want to log back into the SD-WAN box

Step 2: log into your cloud portal and modify any IP/DMZ/port mapping

In our example we changed from the default network 192.168.3.xxx to 192.168.1.xxx, so any rules that we mapped to IPs 192.168.3.xxx will need to be modified too:

• We will have sent you your unique login details to access your cloud management system for SD-WAN
• Click the icon on the far right "Access NOC" to remotely manage this SD-WAN box
• Navigate to Configuration > IP Management and add any port forwarding rules you require
  You may want to use different public port numbers that are forwarded to the same port on different IP devices on the LAN. Consider this example where there are 3 devices on the LAN which have Web GUI on port 80:
  • Port forward public ip 11.22.33.44:8001 > LAN IP 192.168.1.101:80
  • Port forward public ip 11.22.33.44:8002 > LAN IP 192.168.1.102:80
  • Port forward public ip 11.22.33.44:8003 > LAN IP 192.168.1.103:80

Next steps...

Set a static IP on the same range as the LAN (if you needed to disable DHCP) and confirm that you can still access the internet through the SD-WAN, and that the public IP is showing correctly (Google: "What is my IP address?")

SD-WAN is now ready to be connected to the client LAN.

[End of article] 

Addendum: notes if using older "ALIX1" boxes...

[WAN2] [WAN1] [LAN] The NIC ports are opposite to the newer APU3 (shown above) - LAN port is far-right, WAN 1 in middle, WAN 2 on far left.

Factory reset IP & password different. If you reset to factory defaults then the LAN IP reverts to 192.168.3.100 (not .17) and the admin password reverts to admin (not Bonding123)