Simultaneously connecting to wifi and ethernet on different networks

[HCHTech]

Just had an interesting exercise - one of the churches I support lost their main internet when a tree branch weighed down by the ice storm we had last night took out the FIOS feed line. So - Verizon says 3 or 4 days until they get to us, so the request was to cobble something together so they can still do some sort of streaming service tomorrow. They have a USG Pro at the edge, and we don't have access to a cellular adapter to use as a replacement WAN connection.

It's pretty easy, though to give the main AV computer internet over a hotspot, and tests with a new iPhone show that we're getting a not-terrible 75Mb down and 21Mb upload with that solution. The handful of IP cameras they use, though are on the churches wired network. So, how to get internet over wifi while still maintaining connection to the wired network so they can get the feeds from the cameras?

If you just connect to the hotspot while actively pinging a network object, the ping fails instantly as soon as the wifi becomes active - which makes sense. It turns out that if you remove the gateway from the ethernet adapter, then access to the IP cameras (and the rest of the wired network) is restored.

My question is "What is happening when you remove the gateway that allows traffic to flow between networks here?". I'm guessing that when there is no gateway defined, the computer looks for another one and finds the only other path there is, the wifi gateway. But is this correct? I imagine I would have to capture the traffic to figure this out for sure, once it was working, I didn't want to spend more time just to satisfy my curiousity - plus the AV team had work to do and needed to get started.

 

[Sky-Knight]

The Cisco term for default gateway is "gateway of last resort", which I like better because it's vastly more descriptive of what is going on.

Each IP stack has its own routing table, if a machine is connected to two networks, and one has a gateway. Then only those two local networks are going to be accessible to the device in question. Anything other than those two networks will be sent to the gateway of last resort for processing. Which in your case, is a gateway on the wrong network, and therefore no connectivity.

You have no choice... you must put the cellular outbound on the router they use primarily if you want to get services back online. Multi-WAN isn't easy, and if you want to do it device by device, you're going to have to hack up the local IP routes on each and every device. A process that's not only time intense, but hard to remove when service is restored in a few days, and worse... flat impossible on the IP cameras.

 

[SAFCasper]

When you have multiple gateways with no static routes or priority configured it's just a lucky dip which gateway the computer will decide to use. What you could have done in this situation is only set a gateway on the wifi network with a static route for the ethernet network.

Say your IP cameras were on the 192.168.1.0/24 network with the router at 192.168.1.1
route add 192.168.1.0 MASK 255.255.255.0 192.168.1.1

This tells your computer anything destined for the 192.168.1.0/24 network needs to be routed to the gateway 192.168.1.1. Anything else will go via the default gateway (ie. wifi network). Big issue here it's manual and needs to be done on every device. Then reverted again once normal connectivity is restored.

Preferred solution - get yourself a cheap LTE router with LAN ports and hook it directly to the WAN of your main router. Few minutes to tweak the WAN settings ad your done. Nothing needs touched on client devices.

https://www.amazon.com/TP-Link-TL-MR100-Wireless-Router-TPLink/dp/B085PFRFKX/ref=sr_1_3?keywords=tp+link+lte+router&qid=1644154993&sprefix=tp+link+lte%2Caps%2C263&sr=8-3

 

[YeOldeStonecat]

I've run 2x gateways on the same network a few times. Our own office currently is setup that way, primary is .1, and for a few devices, .254. Can shift on the fly.

I'm not fond of our Unifi gateways do multi wan, far prefer Untangle for that. But for quick pinches like this, fire up Windows ICS (internet connection sharing).

 

[HCHTech]

Preferred solution - get yourself a cheap LTE router for emergencies. Put the SIM from the iPhone in here then hook it's LAN up to the WAN of your main router. Few settings will need tweaked in your router but nothing needs changed on client devices so easy to implement and revert.

Well, I don't see how this could possibly be a preferred solution - it involves having that equipment AND disabling some poor congregant volunteers phone while we remove the SIM. "Preferred" would seem to be relative -haha. If the organization wants to plan for and have a solution for this particular situation, then they need to buy this equipment AND buy a monthly data plan so they aren't borrowing a volunteers SIM as part of the solution. Making one 20-second completely reversible change to the NIC properties made this go, so that strikes me as way more preferred of a solution.

 

[HCHTech]

You have no choice... you must put the cellular outbound on the router they use primarily if you want to get services back online. Multi-WAN isn't easy, and if you want to do it device by device, you're going to have to hack up the local IP routes on each and every device. A process that's not only time intense, but hard to remove when service is restored in a few days, and worse... flat impossible on the IP cameras.

Well in this case, there is only one computer - the rest of the office network is going to wait for the Verizon folks to fix the connection - we're just trying to make the single AV computer work for the service.

Anyway back to the original question - So the "default" gateway is always the "non-working" one if you have multiples defined and only one has a path to the internet? I guess I'm stuck on the bit where having no path to the internet (but the router still otherwise functioning) breaks the ability of devices on that internal lan to see each other when you introduce a second "working" gateway.

Or maybe it was just an "unlucky dip" as @SAFCasper said and had I tried 4 or 5 times, it might have worked one of those times? I'm in the position now that I know it works (removing the gateway definition from the lan with no internet restores the ability to see devices on that network), but I'm still unsure as to why.

 

[YeOldeStonecat]

Also, check out how you can manipulate multi gateways on the same network..via the "Metric" setting in the network props.

The Automatic Metric feature for IPv4 routes - Windows Server

Introduces the Automatic Metric feature in Windows for IPv4 routes.

docs.microsoft.com

It's automatic by default....but you can manually set it.

 

[Sky-Knight]

Default gateway is the IP that aims at the Internet, it MUST BE SO.

Your problem is when you pull that single machine out of the mix and give it a new default gateway, the NEW gateway hasn't a clue what other networks the OLD ONE was servicing. Which means you're now putting routes into the local routing table to force those networks to the OLD gateway, or the unit cannot communicate with them.

You run into the same issue with VPNs from time to time, it's TCP/IP 101, but in an area where most of us don't work a good portion of the time so we forget.

@YeOldeStonecat Metrics will not help here, metrics assume both default routes have Internet access. If you make the working WAN a higher metric, the LAN access works while Internet won't, and if you invert it you're right back to the behavior he's seeing now.

 

[NviGate Systems]

I know my reply might seem simple, but you are adding "wireless" to the mix by using hotspot.

However, if you have a full iTunes install and a certified cable to connect an iOS device, you can tether via USB. That presents an entirely different type of network device that might make it easier to manage or even share over an existing LAN cable which you might be able to connect to network gear on a temporary basis.

Many many eons ago I used to do something similar, using an iPhone physically tethered and having it plugged in via ICS to another router to bring another network online. It's not elegant but it is easier than trying to deal with WiFi.

 

[HCHTech]

Thanks, all - this is clearly an edge case kind of thing. I never came up against this problem before, and I'm unlikely to again - I understand the solution and it did indeed work as an emergency fix on such short notice using the tools we had at hand. It makes sense that I couldn't have expected Windows to know that I wanted to use one network for one purpose only and the other network for everything else.

 

[NETWizz]

My question is "What is happening when you remove the gateway that allows traffic to flow between networks here?". I'm guessing that when there is no gateway defined, the computer looks for another one and finds the only other path there is, the wifi gateway. But is this correct? I imagine I would have to capture the traffic to figure this out for sure, once it was working, I didn't want to spend more time just to satisfy my curiousity - plus the AV team had work to do and needed to get started.

The computer is not smart enough to just look for a replacement default-gateway. Now, your wired and wireless likely each have a default-gateway, so if one is unreachable it is likely the other will function.

You would need to do a "route print" at the command line to see the computer's routing table... lower metric wins




In this case the lower metric is 50, so if I do a trace route, it should show 10.200.8.1 as the starting point...

 

[NETWizz]

Default gateway is the IP that aims at the Internet, it MUST BE SO.

Not so fast... The default gateway is merely a routing table entry for when there is no routing-table match.

Often the purpose certainly is to allow Internet connectivity, but it also provides things like Wide-Area-Network connectivity without the switches needing to learn the entire routing table of a larger network.

It's basically, I know my directly-connected subnets, and if it is not one of those I forward at the default-gateway and let another network device figure it out... is a typical WAN methodology. Obviously, there are other in-between route configurations possible too in that another device off to the side could announce its subnets, which would take precedence before a gateway of last resort, but a switch will give the highest precedence to its directly-connected routes because as far as it is concerned... it owns those subnets.

 

[Sky-Knight]

Not so fast... The default gateway is merely a routing table entry for when there is no routing-table match.

Often the purpose certainly is to allow Internet connectivity, but it also provides things like Wide-Area-Network connectivity without the switches needing to learn the entire routing table of a larger network.

It's basically, I know my directly-connected subnets, and if it is not one of those I forward at the default-gateway and let another network device figure it out... is a typical WAN methodology. Obviously, there are other in-between route configurations possible too in that another device off to the side could announce its subnets, which would take precedence before a gateway of last resort, but a switch will give the highest precedence to its directly-connected routes because as far as it is concerned... it owns those subnets.

This is what I said is it not? It's what's used by the local routing table when there is no match. His only choice in the above circumstance is to input manual routes in the endpoint itself so it can choose the correct router. But, because the WAN is down in the primary equipment his default route must be the cellular, or as far as that device is concerned the Internet is down.

I don't think he's going to sit there and punch in the Internet's worth of IP blocks to get general access back online.