3 Networks, 2 Routers with MW300D (Challenge!)

[PaulTech]

Hi, I need help on a network. This network was setup by someone else in the past and it was working until a router failed. BTW, all subnet is 255.255.255.0

A. Router 1 is at 192.168.1.1 and connects to the Internet via DHCP IP from the ISP. Nothing big here, that part works.

B. The 2nd router at 192.168.100.254 is supposed to connect fixed IP addresses on 192.168.100.XX and 192.168.105.XX to the Internet via Router 1. The devices require fixed IP's hard-coded into the HOST file. The original setup had a ethernet cable on Router 2 looping from the WAN Port back to its own LAN port and one of the Router 2 LAN ports connected to a LAN Port of Router 1. I'm assuming this allowed both sub-nets to route via the Gateway interface to access the Internet.

I'm trying to re-create this and so far I cannot get it to work. I'm using MW300D routers (the manuals are at http://www.tenda.cn/tendacn/downloads/show.aspx?productid=343) (Purchased from monoprice, check them out, good prices.)

I have never set up sub-nets before so I really appreciate the help. Even, just to get one of the subnets to link to the internet via the 1st router would be a huge help. Here's what I've attempted that HAS NOT worked:

to recap: Router 1 IP at 192.168.1.1 with DHCP (101-199) (The Internet connection is DHCP IP from the ISP) <- this one is working fine.

Router 2 IP is at 192.168.100.254, for the MW300D you designate a Port as the gateway. The default is eth3 (Port 4).

Set Router 2 with WAN IP eth3 (port 4) with the following:

WAN IP Address: 192.168.1.1 (255.255.255.0) <- Router 1's IP
WAN Gateway IP: 192.168.100.254 <- Router 2's IP
(NAT-enabled, Firewall - disabled)

In this case I'm trying to have the 2nd router connect to the Internet via the first router. From the Manual:
"WAN IP Address: the IP address provided by your ISP for accessing Internet.
WAN Subnet Mask: the subnet mask address provided by your ISP for accessing Internet.
WAN gateway IP Address: the gateway IP address provided by your ISP for accessing Internet.
"

> Router 1 to 2: Ethernet cable from Router 1 / Port 1 to Router 2 / Port 1.
> Router 2: Ethernet Cable loops from Eth3 (port 4) to a switch. Ethernet cable connect switch back to Router 2 Port 3.

It's not working! What's wrong? What should be done?

The following gives some additional information: I just tried the following WAN setting: WAN IP Address: 192.168.1.1 (255.255.255.0) <- Router 1's IP
WAN Gateway IP: 192.168.1.1 <- Router 2's IP
(NAT-enabled, Firewall - disabled)

I've attached some screen shots of the Router 2 info pre-router 2 WAN port looped back to LAN port and post with the loop back in place.

Hopefully, this will point out what should be fixed?

 

[twonline]

That seems far more complicated than necessary. Why the need for 3 subnets? (192.168.1.*, 192.168.100.* and 192.168.105.*) Why not just use 2 subnets? or a single subnet, and set the 2nd router to bridge mode?

 

[smashedbotatos]

This is extremely confusing, but I think I get the gist of it.

Router 1 - WAN - assigned by ISP
Router 1 - LAN - 192.168.1.1 - Subnet 255.255.255.0
Router 1 - Port 1 - Patch in to WAN Port on Router 2
Router 1 - DHCP - Giving Addresses on the range of 192.168.1.100- 192.168.1.254

Router 2 - WAN - assigned by DHCP patched to port 1 Router 1
Router 2 - LAN - 192.168.100.1 - Subnet - 255.255.255.128
Router 2 - Gateway Address - WAN IP Address from Router 2
Router 2 - DHCP enabled giving addresses in range from 192.168.100.100-192.168.100.126

That should get that one subnet working. I am also thinking it may have been possible that they used 2 vlans to achieve the previous setup. The problem with this is your traffic is traveling through 2 NATs, and there are a few other issues doing it this way.

Honestly we need more information. How many clients? Why are they using multiple subnets? Do the routers support vlans?

 

[Nerm]

We really need a facepalm emoticon lol.

I am not even going to ask why the need their network designed like this I am simply going to offer a solution. Put in a "real" router (one that supports sub-interfaces, vlans, etc) like a Cisco 800 series or even a Linksys/Cisco RV series would do the trick.

If the client is on a tight budget then look at routers from Mikrotik. You can't get much more bang for your buck.

 

[YeOldeStonecat]

So much double NAT'ing.

I want to walk up to that chalk board with a big eraser....wipe it clean, and start over.

Simplify it....port based VLANs....or a router with multiple internal interfaces that you can have do routing to different subnets. One proper router should be able to deal with all of that.

 

[smashedbotatos]

So much double NAT'ing.

I want to walk up to that chalk board with a big eraser....wipe it clean, and start over.

Simplify it....port based VLANs....or a router with multiple internal interfaces that you can have do routing to different subnets. One proper router should be able to deal with all of that.

Exactly what I was thinking, but figured I would provide him with what he asked for. Although it is a terrible....albeit working solution.

This solution YOSC had given is the proper way to do it. Essentially you need a business grade router not two consumer versions. I am assuming they are doing this because of security, otherwise it may be unnecessary.

 

[mouse]

You should ask what their purpose of having this setup is, they might just have it because another technician thought it was a good idea but no real purpose behind it or didn't understand it completely. Making things more complicated than necessary can make the security worse. Just a thought.

 

[PaulTech]

Thanks for all the feed back. I appreciate the gems such as the recommendation of www.mikrotik.com

I've a solution worked up using sub-netting and I am now looking at VLAN's. I'll do another post to ensure I'm on the right track. Thanks for the help!

 

[PaulTech]

(This project was the Ah Ha! project for Networking so I thought I'd complete it in case someone reads it and this helps them too.)

Router Networks101

1. Gateway address is the traffic manager that knows where to send to the next network level.
2. The WAN IP is the router's *dedicated* address on the previous network.
3. The LAN IP is that router's Network it is serving.

Picture:
*Note: the GATEWAY IP address is the TELNET (ie it's LAN IP) address of the previous Router*

Router *WAN IP ADDRESS* (WAN Port)
*matches a dedicated IP address on the network above*
^
~~~~~~~~|~~~~~~~~
~ ROUTER ~
~ ~
~~v~~v~~v~~v~~v~~
These are the LAN Ports
on the Routers Network
via it's LAN IP address and
DHCP *The LAN IP is the telnet address for administering that Router*

++Example:
Your ISP *WAN public ip address eg: 1.1.1.1* (ie the ISP's BIG NETWORK!)
Your ISP LAN (Network) ip address is *192.168.1.254* (*Telnet Address*)
Your ISP DHCP scope would be 192.168.1.10 to 192.168.1.100 (*network on Private Side*)

Router 1 Setup for first network:
*Cabling connection*: *ISP LAN (port1) connected to Router 1 WAN*
The *network Gateway* is ISP LAN ip address *192.168.1.254* (the previous routers Telnet)
Your *Router 1 WAN* is *192.168.1.10* (designated in the router or supplied by ISP DHCP, it puts the Router ON the previous network)
Your *Router 1 LAN* (Creates the Network assoicated with that router) ip address is *192.168.2.254* *subnet here if needed*
Your *Router 1 DHCP scope* would be 192.168.2.10 to 192.168.2.100

Router 2 Setup for 2nd Sub-Network;
*You could also create another network direct from the ISP router instead by changing the Router 2 WAN to 192.168.1.11 to avoid a double NAT situation. Network Gateway would be 192.168.1.254*
*Cabling connection*: Router 1 LAN (port1) connected to Router 2 WAN
The *network Gateway* is Router 1 LAN ip address *192.168.2.254* (Telnet (LAN IP) of Previous Router)
Your *Router 2 WAN* is *192.168.2.10* (designated in the router or supplied by Router 1 DHCP)
Your *Router 2 LAN* (Network) ip address is *192.168.3.254*
Your Router 2 DHCP scope would be 192.168.3.10 to 192.168.3.100