Netgear questions

[Haole Boy]

Aloha everyone. I have a question about a Netgear router. New customer, so here is what I found:
- ISP provided a Technicolor router / residential gateway
- 2 cables attach LAN ports. 1 to the front office, 1 to the back office
- Front office has two machines. I'm assuming there is a switch somewhere (have not found it yet)
- Cable to back office goes to a Netgear router, with 4 devices connected plus it provides wifi for the area

When I first arrived, they were in crisis mode as there was no internet. When I got that working, I turned off DHCP on the Netgear so that all devices would get their IP addresses from the Technicolor router (all on same subnet).

So, I seem to have painted myself into a corner. I am unable to access the Netgear router to administer it (I would like to see if it needs a firmware update). I scanned the local subnet and found the IP address of the Netgear, but when I enter that address, I get redirected to a page telling me to install their app on my phone. Tried doing that, but it wants me to configure the router. I don't want to do this, I just want to see the firmware level. ARRRRGH.

So, has Netgear removed the web-based admin stuff and the only way to do this is through their stupid app? (I hate apps). This is a Netgear Nighthawk AX8 Model RAX75.

Mahalo for your assistance,

Harry Z

 

[YeOldeStonecat]

So for using 2x routers....there are a couple of approaches here.

First approach (and not my preferred approach)....you can nest 1x router, behind another router. With the "common routers" that we usually think of, they run in "gateway mode"....and run a basic NAT, so this ends up creating 2x networks, one behind another. And the inner network...will be "double NAT'd". Which...is less than ideal for many reasons. However, depending on how its used...it may be fine for intended use.

So in a schematic on a forum post...without graphics,
ISP modem===>WAN port of first/outside router====> Private LAN, say, routers LAN IP is 192.168.0.1, so this network is 192.168.0.0/24. So you have a switch...and other computers in the 192.168.0.0/24 range. And....another router...link via its WAN port. This routers WAN port picks up a 192.168.0....oh, let's pick .150. Now..this second router HAS TO...have an internal network behind it that is NOT 192.168.0.0.24. Else its NAT will not function, since the same network is on both sides...it'll be saying "Which way do I go George?". So that second router...should have its internal network be something like 192.168.1.0/24, or 10.0.0.0/24, whatever class C you want...that is not 192.168.0.0/24. So let's pick 10.0.0.1 for its LAN IP..and it'll have a 10.0.0.0/24 network.

So the diagram now looks like...
ISP modem...WAN IP of outside router==>LAN IP of outside router 192.168.0.1, ==>Switch==>rest of network at 192.168.0.0/24, plus..WAN port of secondary router..say it gets 192.168.0.150....==> second router, its LAN IP at 10.0.0.1 with a 10.0.0.0/24 network behind it. Any computers behind this network are double NAT'd. Computers from outside network of 192.168.0.0 cannot access these computers. However, computers in the second network...10.0.0.0, can access computers of the first network...because NAT is just a basic 1x way firewall, by default blocks unknown incoming, but allows all outbound. Like a boats scupper.

So many IT shops may have a double NAT setup. The secure way to do this (not that I like or use the double NAT approach), is...."the bench lab" would be the outside network, and the important office computers would be the inside network. But the important office computers suffer from being double NAT'd. If it was the other way around, office on the outside, bench on the inside..a computer put on the bench that has a worm that (like many do) is capable of scanning common class C networks...it will find computers on the outside network. Even with broadcasts 'n stuff not passing.

The better way to use a second router as an access point....
First router is at say...192.168.0.1. Second router may have a default of...that same IP, or...say..192.168.1.1. You should reprogram that second router to be in the same IP range as the primary router...just...obviously a different IP address than .1, so..lets make that second router 192.168.0.254. Apply. Log into it..and disable DHCP. Now that that's done, uplink the second router to the main network using one of the LAN ports of the second router. Now it's basically just running as a bridged access point.

Continuing..the best way to setup an IT shops network is with proper VLANs and firewalls to separate your work bench from the office network.

 

[Haole Boy]

Enter http://www.routerlogin.net.

When I do this, I get taken to https://www.netgear.com/home/services/routerlogincom/ which tells me that I'm not connected to the wifi network. Absolutely correct! But this does not provide a way for a wired connection to access the administrative dialog in the router.

So for using 2x routers....there are a couple of approaches here.

Mahalo for this info. The double NAT setup describes how my home office / workbench is set up. I did not realize the exposure of this setup. I do have a new router that has VLAN capability, so I guess I gotta get that that put in.

As for my customer, the current setup is this

ISP Modem / DHCP server === Port 1 (front office)
=== Port 2 (back office with Netgear, DHCP turned off, wifi accesspoint) === PCs

I eventually want it to be

ISP Modem DHCP turned off === Port 1 Netgear DHCP enabled, wifi access point === PCs & Printers

But, I want to see if I need a firmware update before changing the placement of the Netgear.

Mahalo for the replies!

Harry Z

 

[frase]

Sorry but was this a new client - with a pre-existing network setup? I just hate them - does my head in. I just reset everything and config it to the way I want and can manage. Then document and label everything - even the cat. I keep a copy of docs and give the client one to file away.

I know you have to go back to zero, but better that fappin about trying to figure out routes.

I think you will need to reset the router itself, then you can setup the admin access. They are usually a default which would be on the back of the router - ADMIN: admin PASSWORD: password

 

[Haole Boy]

Sorry but was this a new client -

Yes, a new client. And yes, I will probably have to factory reset the router and start over, but for now just want to see what's up with it. I think I might have to bring my laptop with me and connect to their wifi to get routerlogin.net to work.

Thanx for taking the time to respond.

 

[Haole Boy]

And I was there today and tried routerlogin.net on a wifi connected laptop, and cannot get to the admin function. Seems like if you turn off DHCP, and you subsequently want to change something on the router, your only recourse is to do a factory reset. Yuck.

I'm going to ask about this over on the Netgear forums. Will update here when I get an answer.

 

[NJW]

Seems like if you turn off DHCP, and you subsequently want to change something on the router, your only recourse is to do a factory reset.

Several possibilities.

- Have a look at whatever is doing DHCP the Technicolor – you should be able to identify the client from its MAC address, with probably only one Netgear present, if its getting an IP address.

- Remove other Ethernet cables from the Netgear and connect your laptop with a patch cable, setting a fixed IP address. You'll have to use one of the LAN ports (not the WAN port). You may have to try several IP addresses, but start with, say, 192.168.1.150 (for your laptop) and try going to 192.168.1.1. If that doesn't work, go to a different subnet in 192.168.x.0/24.

If the Netgear is connect to the upstream LAN by its WAN socket, you won't be able to get to the management interface from the rest of the LAN, unless WAN port access has been enabled, which is why you have to connect to a Netgear LAN socket.

 

[Haole Boy]

If the Netgear is connect to the upstream LAN by its WAN socket, you won't be able to get to the management interface from the rest of the LAN, unless WAN port access has been enabled, which is why you have to connect to a Netgear LAN socket.

Yes! From your post above and my discussion on the Netgear forum with one of their 'guru' folks, this does appear to be the case as the cable is definitely connected to the WAN port. What has him stumped is that all the clients connected to the Netgear (ethernet and wifi) are getting their IP addresses from the upstream router.

It will probably be another week or two before I can get back there to confirm this. But, I think you and the 'guru' have figured it out!

Mahalo for your assistance!

Harry Z

 

[NJW]

But, I think you and the 'guru' have figured it out!

Ha! That's the first time I've agreed with a Netgear 'guru' (sic).

What has him stumped is that all the clients connected to the Netgear (ethernet and wifi) are getting their IP addresses from the upstream router.

That's not a mystery – there's no problem with upstream access (LAN to WAN), but there was a lucky choice of subnets involved, I suspect. I wouldn't like to have to troubleshoot the traffic routing in that combined LAN.

 

[Haole Boy]

I finally got a chance to go back to this customer. The reset button on the back of the router did not reset the configuration. Found a web article on a 30/30/30 second reset and that worked. Configured the router as a WAP, and all is well. I can access the admin functions via the IP address, but not routerlogin.net. But, that's OK, I have a way to get there.

Mahalo to all who responded.

 

[NJW]

I can access the admin functions via the IP address, but not routerlogin.net. But, that's OK, I have a way to get there.

routerlogin.net will only work if the router in question is the DNS server of choice. AFAIK, it's an entry in the router (local zone?), set to its default LAN IP address. IP address is a more reliable way, anyway.