Set up 2 routers with 1 modem

[teksquad]

This is all correct only VLANs don't just block only ARP. They block all Layer-2 Traffic. Even if you setup a manual Layer-2 test with KNOWN MAC addresses, it still won't work between VLANs for security reasons.

Correct. Also another fact is that when a pc tries to communicate with another pc on the same lan, that arp request is sent directly to the final destination (the other host) and an arp request for a host on a different broadcast domain is sent to the default gateway. Its actually interesting how the pc's or routers do this. They run the logical AND against the originating host's ip address and subnet mask and then run an AND again on the destination hosts ip address to determine if they are on the same subnet. This happens behind the scenes but its cool how fast they are able to do this.

 

[MobileTechie]

I would like to know the best way to setup 2 routers and 1 modem so I have to separate networks.
How I have it setup now is modem to first router IP 192.168.1.1 and then 2 computers hard wired and 1 printer hard wired in to this router. Then I have a cable for 1 Lan port on router 1 plugged into router 2's WAN port. Router 2 has IP 192.168.2.1 both are wireless and have different SSID's and passwords. All computers on router 1 can get online and all wireless computers logged in to router 1 can get online. The same goes for router 2. When I ping a computer that’s on router 1 from a computer from router 2 it can ping it but when I ping from 1 to 2 it cannot. How can I get them completely separate and not ping each other?
Router #1 is Linksys WRT310N N-Gigabyte

Router #2 is Linksys WRT54G2
Thanks,
Dennis

I don't think you can, you'd need 3 routers to do that wouldn't you? Router 2 is routing non-local traffic from its LAN ports to the WAN port which goes into Router 1 by the sound of it so clearly Router 2 knows how to find Router 1's network and so that is why ping works in that direction. But router 1's default gateway is its own WAN/ADSL port and so it routes non local traffic to that and not Router 2. Hence ping not working in that direction.

With you could plug another cable router into router 1, and then router 2 and router 3 would be on separate subnets.

If you want to keep your office computers safe from worms from customer computers then you'd just need to plug your work computers into Router 2's LAN. I think! ;-)

 

[NETWizz]

Correct. Also another fact is that when a pc tries to communicate with another pc on the same lan, that arp request is sent directly to the final destination (the other host) and an arp request for a host on a different broadcast domain is sent to the default gateway. Its actually interesting how the pc's or routers do this. They run the logical AND against the originating host's ip address and subnet mask and then run an AND again on the destination hosts ip address to determine if they are on the same subnet. This happens behind the scenes but its cool how fast they are able to do this.

Your other fact is actually not exactly correct (or I am just reading it wrong)..

This is more for the readers than you:

ARP requests are not sent to the Default Gateway except if it is looking up the MAC address (Layer 2 Data-Link address) of the Default Gateway itself.

i.e. ARP requests are strictly Layer-2. It is also a non-rotatable protocol much like AppleTalk, NETBEUI and a few others.


Let's say you have two network subsets connected to the same router (i.e. directly connected networks... so no routing tables needed):

Network 0:

ID: 10.0.0.0
Mask: 255.255.0.0
Usable: 10.0.0.1 - 10.0.255.254
Broadcast: 10.0.255.255

Gateway: 10.0.0.1 <== Could make this anything in the usable range.


Network 1:

ID: 10.1.0.0
Mask: 255.255.0.0
Usable: 10.1.1.1 - 10.1.255.254
Broadcast: 10.1.255.255

Gateway: 10.1.0.1


Router:

Interface Ethernet 0: 10.0.0.1 255.255.0.0
Interface Ethernet 1: 10.1.0.1 255.255.0.0

^^^ They are directly conencted


Let's say we have a PC-0 (10.0.20.59) on network 0 that wants to talk to a PC-1 on network 1 (10.1.30.63)...

POC-0 would look at the destination IP and compare it with its subnet mask and determine 10.1.30.63 is NOT on the 10.0/16 network. It would not send an ARP on the 10.0/16 network for the MAC address of 10.1.30.63.

Instead, it would know that it needs to send the Layer-3 Packets addressed to destination 10.1.30.63 to the Layer-2 address of the Gateway 10.0.0.1.

If it doesn't have 10.0.0.1 in its ARP cache, it would do an ARP on its LAN for the MAC address of 10.0.0.1... Let's say the default gateway is 00:11:22:33:44:55 for 10.0.0.1...

It would send the IP packets to 10.1.30.63 but encapsulate (stuff those) into Layer-2 frames addressed to 00:11:22:33:44:55. The router would receive these frames and strip off the encapsulation. It would then look at its routing table to figure out what interface to send this toward OR what interface to send this out of. The router itself MIGHT have to do an ARP of its own to find an interface on another router (if they weren't directly connected)

Regardless, the Router would see that the destination 10.1.30.63 IS on one of its directly-connected networks.

It (the router NOT PC-0) would then check it's own ARP cache and if it can't find 10.1.30.63 would do an ARP on the LAN subnet (out the Interface Ethernet 1 [See Above]) that services the 10.1/16 network.

The Router would then have a Mac like 01:23:45:67:89:10 for 10.1.30.63... It would now Stuff the layer 3 packet into a completely NEW Ethernet Frame with a destination of 01:23:45:67:89:10


Hence the MAC Address of PC-1 (01:23:45:67:89:10) is NEVER looked-up or used by PC-0. Instead, both PCs will communicate via Layer-2 with the router's Ethernet Interface on their own Local Area Network. The router strips ALL this off leaving the Layer-3 information... then compares the Layer-3 to its Routing Table to figure out what to do with it and re-encapsulates it for the next-hop with the next hop's MAC Address. The router may do its own ARP requests for the MAC Address of the next-hop...

In the real world this repeats for every hop! Not only that the encapsulation might change at every hop (it must match the media type of the connected interfaces) i.e. from Ethernet to PPP to HDLC ... (between routers) ... and eventually back to Ethernet! Basically, routers just look at their routing tables and keep passing it on until eventually it gets to a router that has the destination as one of its directly connected networks... it then delivers the packet(s).

Obviously, in a real network this gets more nasty because you have routing rules (static and dynamic) that change these routing tables... Then you typically aren't looking for 10.1.30.63... you are looking for a computer-name i.e. "PC-1"... Which requires a look in the local caches, host file, lmhost file, then a DNS lookup (server may be on a far away network), the perhaps WINS, and finally Broadcast... ALL of which is likely configured to the computers by DHCP, which unless provided by a DHCP Server on the Local Area Network requires some router configuration to forward DHCP through the routers... and even then the search order for name resolution is dependent upon the node type...


At home if you were just going to do file-sharing without the Internet, you could take two or more Windows Computers (with different names in the same work-group)... You could totally remove TCP/IP and install NetBEUI... Set the node-type to pretty much anything but P-Node and it would broadcast (Layer-2) and find the MAC address of the other computers. i.e. B-Node would broadcast. An H-Node (Hybrid) would do WINS then Broadcast... a M Node (Mixed) would do Broadcast then WINS... A P-node would try WINS only and give up... All of this WINS fuzz pretty much got depreciated when DNS became the norm.

 

[teksquad]

It could be the way I worded it. If an arp request is sent for an ip address that is not on the same subnet it will arp for the default gateway as that gateway is on the same subnet of the host. The pc or host knows this when doing the AND gate whether its a different broadcast domain or not

You can test this by looking at the arp cache on the pc. For anything not on its local lan the cache will show the mac of the default gateway. In fact the only arp entries you should see on the pc other than the default gateway are ones on its own network. (You will see others such as multicast,broadcast addresses etc) The default gateway will send the arp reply with its own mac address. Once the switch or router receives the layer 3 packet it will strip the source mac address of the pc off and add its own mac as the source as it flows through the router or switch. This is called L2 re-write and this process will continue for any device in the path until it reaches the host.

Remember the pc cant encapsulate the layer 3 packet until layer 2 has been resolved.

Basically from a layer 2 only prospective the source and destination mac and ip addresses do not change. (The hosts figure that they are on the same broadcast domain so they can arp for the endhost itself) When you add routing and arp into the mix the source and destination ip's will not change but the source and destination mac addresses will.

The best way to see this in action is to run debug arp on the switch or router. Just be carefull about running this in production though.

 

[bytes]

+1 for ddwrt ! Check it out http://www.dd-wrt.com/site/index
Make sure your router is supported and follow the steps correctly and be patient.

+2 for ddwrt....It's exactly what I use.