Solved

Point to Point Wg602V4 Access  - Wireless... Am lost

Posted on 2011-09-08
4
403 Views
Last Modified: 2012-05-12
Help, I have been trying to get two Wg602's to work as
desired, all day... Hopefully some can help.

Circumstance:
We have a new office that is across the road (about 20
feet).  We want the new office to use our Internet
access, BUT we don't wan the new office to communicate
within our own office.  Therefore, we are treating
the new office as an 'external' client.  The new
office will have it's own router/dhcp.

For arguments sake (or sake of illustration) please
consider the following:

We have four external addresses from our I/P provider
Here are our settings

I/P Provider Gateway:  212.210.109.001
  Office #1                   212.210.109.002
  new Office#2           212.210.109.003
  {spare I/Ps )              212.210.109.004 / xxx.005 / xxx.006

We have 2 of these WG602s.  According to documentation,
we thought that we would want to be a Wireless Point-to Point.
I/P Gateway: xxx.01
      |
      + ---> WG602yxxx.003  
                      |
                      +----> Wg602x  (across the road)
                               |
                               +-----> NewOffice/Router

~~~~~~
So I set WG602y to have an external I/P address of
xxx.003   I set up w602y & w602x to have each other's
remote MAC address.
~~~~~
I can ping and get a reply from the .003 Wg602y.
For the time being, instead of a router, I simply
plugged a laptop into the Wg602x device.
~~~~~
I have tried the following combinations.
A. _ Set Wg60x - to have 3rd External I/P xx.004
     and have gateway of xx.003.  Had Laptop be xxx.0005
     Results: Laptop couldn't get out or see anything.
              Could ping xxx.004
B._ Set Wg60x to have new "internal I/P address"
        Set gateway as xxx.003
        Set laptop to  internal i/p address too.
     Results:  pretty much the same.


What are the settings I need to have??? Help...
I have wasted an afternoon on this, and office#2
employees are getting angry.  hence reason for 500 points.
0
Comment
Question by:ebtsup
  • 2
4 Comments
 
LVL 25

Assisted Solution

by:Fred Marshall
Fred Marshall earned 225 total points
ID: 36507293
It seems like you have plenty of public IP addresses so you could assign one of them to the new office as you've described.  That would not be a problem.

I have a little trouble following what comes next in your description - so that's likely a good place to start.
I have no idea what the MAC address fiddling is about..... where you say:
I set up w602y & w602x to have each other's remote MAC address.
If you mean you entered the remote device's MAC address in the wireless box-to-box link.. yes.  That's needed.
I'm going to assume that the WG602V4s are strictly for linking the two buildings for now .. no wireless clients.

If you're going to meet the objective then you need a link between the offices.
Since you're going to assign them a public IP address then you can do one of two things:
1) Put their router in their building and link at the public IP subnet address space.
or
2) Put their (or a)  router in your building and link in their private subnet address space.

It's not clear to me that the Access Points have to have IP addresses assigned to them except for management purposes.  For this reason alone you may want to have them in private address space so they are a bit more secure.  The point here, I think, is that all the APs need to do is 1) link and 2) act like switches with no IP stuff like NAT or the like as a router would have.

Does the group in the other building NEED a public IP address at all?  Do you?  i.e. except to connect to the internet?  i.e. no public servers?  In that case it's pretty easy I should think.

So, if these assumptions are correct, here's what I'd do:

1) Have an "internet switch" that's connected to your ISP connection (router or modem is likely).
2) plug in all things needing their own public IP address into that switch.

SO, you might plug one of the wireless access points into that switch .. operating in public address space.
The other AP will be in the other building in that same space.
So then you connect a router with the selected public IP address on the Internet/WAN side to the ethernet port on the AP.  The LAN side of this router will have whatever LAN subnet you want for the other building.

3) As one of the things needing their own public IP address, plug a local router into the switch on its Internet/WAN side.  Give the LAN side an IP address of your local building LAN subnet.

Alternately:
Don't connect the AP to the Internet Switch.
Connect the AP to your first router's LAN (this will be *their* LAN) and don't use a router in the other building at all just a switch off the remote AP.
Then, plug another router Internet/WAN side into the first router LAN.
The LAN of the 2nd router will be the local LAN.

The only issue with this is that the locall computers can see the computers across the street (but not vice versa).
To deal with that issue, add another router in series with the remote LAN connection.

See the diagrams attached.


Multiple-Subnets.pdf
0
 

Author Comment

by:ebtsup
ID: 36507560
To clariy the WG624 are Wireless Access Points.
We are wanting to use to connect to new office.
In the instructions for these NetGear W624's - it says to connect them as point-to-point that they need to have MAC addresses.

So to illustrate:

 OFFICE #1                                                                                                             NEW OFFICE #2
+==========================+            Physical ROAD for motorcars   +====================+
I/P Gateway: xxx.01
      |
      + ---> WG602yxxx.003      ~~~~~~   Wireless Connection to  ~~~  +----> Wg602x  (across the road)
      |                                                                                                                     |
      |                                                                                                                    +-----> NewOffice/Router
     +-- OFFICE # ROUTER
             xxxxx.002

I have no idea what the MAC address fiddling is about..... where you say:
I set up w602y & w602x to have each other's remote MAC address.
If you mean you entered the remote device's MAC address in the wireless box-to-box link.. yes.  That's needed.
I'm going to assume that the WG602V4s are strictly for linking the two buildings for now .. no wireless clients.
NetGear WG602 - requires that I have an I/P address with a gateway in the I/P setting
..and Correct there are no other wireless clients at this time.

But to answer you other questions, the other group, really doesn't need public addresses, we just wanted to ensure that they couldn't get on our network  {..and why that is.. I have no idea }

On the NetGear'ssettings, it allows for Wireless Pot-to-Point bridging..  -- which is what I have set to.
Also have Repeater with Wireless Client Association.
0
 
LVL 3

Accepted Solution

by:
weedhell earned 275 total points
ID: 36564805
well you should simplify things:
1- Adsl/cable modem router------ let's say this equipment it's in 192.168.1.0 network range no matter your private isp ip it will be only a door the WAN port all other doors will be in a private network...
let's call that network the configuration network since you will configure the access points to fit that network...soo you will have isp router with 192.168.1.1 access point number 1 with 192.168.1.2 and access point number 2 with ip 192.168.1.3 (make sure your dhcp in ISP router is set to give addresses over 192.168.1.20)
this way you have one big network where you can access all users since there are only one till now...
To protect office one from intrusions you just need to connect the isp router to a Wan port in a broadband router configured in 192.168.10.1 for example this way you can access to office 2 but office 2 can't access to office 1 if you don't want office 1 to access to office 2 either you can connect another broadband router with a diferent range like 192.168.11.1 with a cable to your access point connected via wds

Now security if you want to restrict the access to part of your network you just have to keep this in m
0
 
LVL 3

Expert Comment

by:weedhell
ID: 36564851
security... if you want to restrict the access to part of your network you just have to keep this in mind... nothing is safe in computing engineering, since you can sniff the packets before they get to internet, man in middle attacks  are commonly seen in this kind of network.  but that's the same in all wireless networks.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now