Setting up 2nd subnet

[OrangesOfCourse]

Hey guys,

I'm trying to setup a second subnet under my home network and having a few issues. My goal is to have a lab network to test windows server features without disrupting the house network. I have lots of clients connected to the home router so it's not a network I want to be playing/testing on. This is what I had in mind and how I tried to connect the routers. If there is a better way I would love to know.

ISP > Home Router > Lab Router > Windows Server 2012

Home Router (WRT54GL - DD-WRT v24-sp2 (8/12/10) std - SVN revision 14929)

External IP: DHCP ISP
Internal IP: 192.168.1.1
Subnet mask: 255.255.255.0
DHCP Server: 192.168.1.100-150

Lab Router (WRT54GL - DD-WRT v24-sp2 (8/12/10) std - SVN revision 14929)

External IP: 192.168.1.2
Internal IP: 192.168.2.1
Subnet mask: 255.255.255.0
DHCP Server: Disabled

Windows Server 2012:

IP: 192.168.2.1
Subnet mask: 255.255.255.0
Default gateway: 192.168.2.1
Preferred DNS server: 192.168.2.2
Alternate DNS server: 192.168.2.1[/CODE]

The issue i'm having is that when i've connected the routers and computers together i'm not getting any internet connectivity on the second subnet. The home subnet is still working fine. I have tried linking the subnets with static routes (metric set to both 1 and 0) but that didn't help. I have also disabled the DHCP server on WS2012 and enabled it on the router with no avail.

Please let me know if you need anymore information.

[+BudMan MVC]

Are you natting on your second router? Since you say its not working I would assume no.

If your not natting on your second router, then your first router needs to know how to get to the 192.168.2.0/24 network.

You do understand that since your first router is running dd-wrt, you really have no need of the second router and can just put one of the lan interfaces on your first router in this other network segment (vlan) and use your 1 router as the router between vlans. This would be a much simpler setup

[OrangesOfCourse]

Are you natting on your second router? Since you say its not working I would assume no.

NAT is disabled on the second router. Under Setup > Advanced Routing I have it set to Router.

If your not natting on your second router, then your first router needs to know how to get to the 192.168.2.0/24 network.

Under the first router I setup a static route:

Route Name: Router 2
Metric: 1
Destination LAN NET: 192.168.2.0
Subnet Mask: 255.255.255.0
Gateway: 192.168.1.2
Interface: ANY
[/CODE]

Did I need to do anything else?

You do understand that since your first router is running dd-wrt, you really have no need of the second router and can just put one of the lan interfaces on your first router in this other network segment (vlan) and use your 1 router as the router between vlans. This would be a much simpler setup

I don't have any ports to spare right now. I currently am using all the ports on the first router and am connecting the second one via an old hub that i have.

[+BudMan MVC]

Can you ping 192.168.1.2 from your first network? If not then you have a connectivity issue.

But it wouldn't be interface any would it - it should be your lan interface should it not.. But since your saying your using some old "hub" (really a hub??) I would double check that you have connectivity. If you can ping a the 192.168.1.2 address, then try a traceroute to 192.168.2.1 from client on 192.168.1.x do you see the 192.168.1.2 as your second hop?

This is not a very clean way to do it to be honest. You have to have a port open if your using a hub to connect to your 1st router, just move the port your using to connect the hub to different port and then setup 1 of the interfaces on your 1st router as this new segment (vlan) Much cleaner setup!

If need be pick up a new switch.. You can get a 8 port gig switch these days for like $40, if all you need is 10/100 then like $20

[OrangesOfCourse]

Can you ping 192.168.1.2 from your first network? If not then you have a connectivity issue.

But it wouldn't be interface any would it - it should be your lan interface should it not.. But since your saying your using some old "hub" (really a hub??) I would double check that you have connectivity. If you can ping a the 192.168.1.2 address, then try a traceroute to 192.168.2.1 from client on 192.168.1.x do you see the 192.168.1.2 as your second hop?

This is not a very clean way to do it to be honest. You have to have a port open if your using a hub to connect to your 1st router, just move the port your using to connect the hub to different port and then setup 1 of the interfaces on your 1st router as this new segment (vlan) Much cleaner setup!

If need be pick up a new switch.. You can get a 8 port gig switch these days for like $40, if all you need is 10/100 then like $20

Not able to ping 192.168.1.2. I tried again once i changed the interface from any to lan/wlan but same result.

I just had the hub (Netgear DS104) in the closet and it's used in the tv room for the xbox/ps3 connection. I would like to keep them on the same subnet as the house network as we stream media to it. The first router sits in the office and its being used up by a computer, printer, voip and link to hub. :(

I do understand that this is not a very clean way of setting up the network but this is what i have to work with right now. A switch is in the future but we are planning to get a N-based router at some point and will probably happen then.

[OrangesOfCourse]

Update: Solved

So now i feel stupid. :|

Ok so I reset both routers again and now i'm able to ping 192.168.1.2 from the first network. Why it didn't work the first time i don't know. I did a traceroute to 192.168.2.2 from 192.168.1.100 and got the following:

Traceroute has started?
traceroute to 192.168.2.2 (192.168.2.2), 64 hops max, 72 byte packets
1  192.168.1.1 (192.168.1.1)  63.894 ms  18.702 ms  7.899 ms
2  192.168.1.2 (192.168.1.2)  13.303 ms  5.258 ms
	192.168.2.2 (192.168.2.2)  3.427 ms
[/CODE]

I am now able to access the internet from the second subnet. It won't resolve any addresses since i don't have my dns setup yet but if I enter an IP address I am able to get it to work.

I'm sorry for having wasted your time.

Random question: Do you have a recommendation for a N-based router and also for a switch?

[Skiffler]

G'day, I'm trying to set up this configuration also with a couple of Linksys routers and wondered if you could give me a few pointers please?

1. How did you cable the two routers? Ethernet cable R1 Lan port to R2 Lan port, and if so, is a crossover cable required? Or R1 Lan port to R2 WAN port?

2. Im confused about your server ip address (192.168.2.1) ... it is the same as as the internal IF of your lab router ... is this a typo or correct config?

3. This is where I am currently stuck ... how do you assign a static IP to your lab router's external IF? My Linksys appears not to have this opoortunity, although I could be missing something.

 

Anyway, thanks for any help you can offer. Much appreciated.

Cheers.

[+BudMan MVC]

Why would you want to duplicate his hodgepodge??  That is not the way you would be doing it if your router supports vlans.  Dd-wrt does so the better way to go about it is to just create an interface in a different vlan.

[Skiffler]

Simply because this is the topology assigned in a course I am doing. Thank-you for the better suggestion, but I do need to do it this way.

PS for those also following this set-up I did manage to achieve a second network by using one of the two bridged modes available in my router. From there I was able to statically assigned an IP to the Wan interface of the lab router (same subnet as the Lan interface of the home router). As far as cabling went I used a straight through ethernet cable from R1 Lan port to R2 Lan port (port 1), but in my R2 Lab router I was able to assign Lan port 1 to act as a Wan port.

 

Not certain this is correct and still testing but it has successfully seperated the networks and I am now able to run DHCP from R1 for the home network and DHCP from server 2012 with DHCP disabled in R2 Lab router. Which is all that I needed to achieve really in order to progress with the rest of the course which is learning server 2012.

Cheers all, have a great day.

[+BudMan MVC]

"but I do need to do it this way."

 

NO you didn't -- a simple vlan setup would of been the CORRECT way to do this..

 

"by using one of the two bridged modes available in my router"

And bridge is NOT an isolated segment.. My guess is your just running two address schemes over the same wire if your using bridge mode.

 

Did you setup a route in the first router?  Or on the host - this would be REQUIRED if you were actually running 2 segments and just not bridging using 2 address schemes.

 

Here's the thing - in a normal network you would just create a vlan off your core router/switch to segment your network.

 

Like this

 

 

In the above setup your hosts don't have to worry about any routes.. They just now that to get to any network that is not their local network, talk to the GW..  The GW/Router is directly connected to your different network segments and knows how to get to those networks because it is directly connected to them.  If its say the internet or any network not directly connected to him he would send it to the internet GW IP, your ISP.

 

Each interface in your router could be a different network segment, via use of either native software that supports this - or 3rd party like dd-wrt.  This is a very close approximation of a normal corp network would setup via home networking equipment.

 

How he is setting it up is like this

 

 

Where all the interfaces off the first router are on a specific network - lets call it 192.168.1.0/24  Now your adding more routers to the mix that have an interface in the 1st network and interface in second network 192.168.2.0/24 for example.

 

In this sort of setup where wan interface as say a 192.168.1.2 address your first router has no idea that network 192.168.2.0/24 is reached via 192.168.1.2 -- so you need to either create a route for him to know this, or run a routing protocol like RIP.  Or you could create a route at each host that says hey if you need to get to 192.168.2.0/24 talk to 192.168.1.2

 

Not a very clean way to do it.  But sure it can work this way..  The other routers in this setup would be setup in router or gateway mode without or with nat, you would not be natting in this case.  Or you could do it via natting -- which might be a simpler setup, since for 192.168.2.0/24 devices would just like a 192.168.1.0/24 host to the first router.  And would have no problem using the internet without routes created on 1st router.  And hosts on 192.168.1 would just use the 192.168.1 address of that natting router to get to devices on the 192.168.2 - you would have to setup port forwards on that router, etc.

 

So as you see in his traceroute above he is hitting his 1st router which then sends to his 2nd router and then to host.

 

 

traceroute to 192.168.2.2 (192.168.2.2), 64 hops max, 72 byte packets
1 192.168.1.1 (192.168.1.1) 63.894 ms 18.702 ms 7.899 ms
2 192.168.1.2 (192.168.1.2) 13.303 ms 5.258 ms
    192.168.2.2 (192.168.2.2) 3.427 ms

 

 

Those are pathetic response times - 63ms, is he going to EU from the States?  even 3.4ms is not lan speeds.. Is the 2.2 box wireless?

 

So I run multiple segments off my router

 

 

So one is my normal Lan, other is wireless that has AP hanging off it, and other is DMZ (just firewalled segment) and then other interface is my WAN internet, and then a ipv6 tunnel with HE..

 

But so if I want to get to box in my wlan segment which is wireless you can see ping times - which by the way my wifes laptop is wireless and she is streaming her soap off hulu currently and still get better response

[C:\Windows\System32>ping kim-pc

Pinging kim-pc.local.lan [192.168.2.201] with 32 bytes of data:
Reply from 192.168.2.201: bytes=32 time=2ms TTL=127
Reply from 192.168.2.201: bytes=32 time=2ms TTL=127
Reply from 192.168.2.201: bytes=32 time=2ms TTL=127
Reply from 192.168.2.201: bytes=32 time=2ms TTL=127

Ping statistics for 192.168.2.201:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 2ms, Maximum = 2ms, Average = 2ms

C:\Windows\System32>tracert kim-pc

Tracing route to kim-pc.local.lan [192.168.2.201]
over a maximum of 30 hops:

  1     1 ms    <1 ms    <1 ms  pfsense.local.lan [192.168.1.253]
  2     2 ms     2 ms     2 ms  kim-pc.local.lan [192.168.2.201]

Notice the route - my box talks to its gateway that knows how to get to the other segment, because its directly connected via a different interface.
 

Now if your bridging - my guess is your not even doing the above, and just running 2 different wireless address schemes over what amounts to be the same physical wire..  Even worse than what he is doing.

 

If you have a router that supports dd-wrt, why not do it the simple easy way and just create a vlan??

 

http://www.dd-wrt.com/wiki/index.php/VLAN_Support