Solved

One PC, Two NICS, Two Lans

Posted on 2014-01-02
24
376 Views
Last Modified: 2014-01-03
So I have a computer (W7 x32) that is connected to a local lan for our phone system.

Problem is, I cannot remote into it, because of how the network is set up for that vlan. This is a pain going locally to the machine every time to go to the manager tool.

There is no other NICs available, so I was thinking about plugging in a wireless card, so I can remote into the PC from my laptop on our local wireless network.

However, that NIC on the machine HAS to stay connected to that lan at all times so our phone system does not go down. So I can't just unplug the LAN when I need to use the WLAN. I need them to run together harmoniously.

Can I somehow make it so I can use the LAN and WLAN run at the same time? After Googling for it, I've come across a bunch of keywords such as Multi homing, and other items. But I'm not familiar with any of this persay, but I'm a quick learner.

Let's imagine the NIC is on 192.168.0.1
Let's imagine the WLAN needs to be on 10.0.0.1

How do I get this to work? =]
0
Comment
Question by:Pancake_Effect
  • 9
  • 8
  • 3
  • +4
24 Comments
 
LVL 33

Expert Comment

by:paulmacd
ID: 39751627
Yes, you can multi-home this PC.  No, it isn't difficult.  Yes, you can do it via WiFi.  The whole process should be no more difficult than setting up the second NIC.
0
 
LVL 35

Expert Comment

by:Kimputer
ID: 39751657
Just set both NIC and Wifi as you would set it up with a single NIC.
If you intend the wifi to be a fixed IP, then just go ahead and let it connect to the access point or router. If it's a dynamic IP, make sure the AP or router has been setup in the correct subnet.
Windows will route the correct traffic through the correct interface, you don't need to setup anything else (assuming the internet facing device has the gateway filled it, and the internal one not).
0
 
LVL 19

Expert Comment

by:Kash
ID: 39751659
attach the wireless adapter to the computer or a network card whichever is preferable and basically assign it a manual ip range from your other lan with a default gateway.

if its too difficult then use something like VNC or even logmein or teamviewer which are not ideal as you will be going out and coming back in
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 400 total points
ID: 39751666
On a workstation or server that does not have "RRAS" Routing and Remote Access Server installed can only have 1 default gateway. To get around this you can add an additional NIC to your server and then create a "static route" to the other network which will allow both networks to communicate and they will not interferre with each other.
Example
NIC = Network Interface 1
IP = 192.168.0.100
MASK = 255.255.255.0
GATEWAY = 192.168.0.1

WLAN = Network Interface 2 (assuming the gateway is 10.0.0.1)
IP = 10.0.0.100
MASK = 255.255.255.0
GATEWAY = (leave gateway blank)

Configure Statric Route for Network Interface 2
- open command prompt
- type route print (you will see the default route/s)
- type "route -p add 10.0.0.0 MASK 255.255.255.0 Gateway 10.0.0.1 IF 2" (no quotes)
The command above adds a static route for 10.0.0.0/24 network to the WLAN network card which is interface 2. You will need to see what your interface numbers are in the command window by using the "route print" command (no quotes)

Once you have done this you should be able to communicate on the WLAN interface with no issue.

Will.
0
 
LVL 4

Author Comment

by:Pancake_Effect
ID: 39751801
@Spec01 I think I'm understanding it now. I think I'm confusing myself on the addresses though. Could you help me? I'll give you the actual addresses this time:

LAN1
INT. 11
10.170.12.183 /24
Gateway: 10.170.12.254

WLAN (This is the new one I just installed so I can connect)
INT. 18
192.168.90.177 /24
Gateway: 192.168.90.99

I'm assuming I leave the gateway blank for the WLAN in the IPv4 settings though.


Picture, just in case I got the interfaces wrong:

Interfaces

What would be the command for adding a static based off my IP settings?

Thanks!
0
 
LVL 38

Assisted Solution

by:ChiefIT
ChiefIT earned 100 total points
ID: 39751806
You better NOT have RRAS enabled. Routing and Remote Access Service Protocol will turn that client into a router (unless you have spanning tree enabled on your wired network switches).  Then your wireless and wired network will become an L2 loop, hence causing a broadcast flood and knocking down your network. Even if Spanning tree was enabled, you could risk knocking down your wirless network Access Point. Other than that, it is true that the gateway on only one nic should be enabled. Problem being, you will need some fixed routes for the wireless NIC.  DUAL NICS is is more hastle than fix...

Your very best bet is to fix Remote Desktop functions on your wired network and allow you (as the admin) remote control of your computers. So, whatever VLAN configurations you have knocking down remote desktop on YOUR computers should be fixed for successful domain administration.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39751813
So to add a static route for WLAN on interface 18 would look like below...

route -p add 192.168.90.0 MASK 255.255.255.0 192.168.90.99 IF 18

The static route above says any traffic going out 192.168.90.0 subnet use 192.168.90.99 on Interface 18.

Will.
0
 
LVL 4

Author Comment

by:Pancake_Effect
ID: 39751820
@ChiefIT
The problem with fixing remote desktop on the wireless network, is they block all traffic other the phone traffic. They're pretty picky about it, whereas I'm hoping with this method, for just one computer it would be a lot easier. Where do you see if RRAS is enabled? I certainly don't want that to happen. Is that on the computer itself or router or what? This particular computer is not part of a domain, though is does use our DNS server that's about it.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39751832
I was only stating the obvious, that you cannot have multiple gateways on a machine unless you have RRAS installed. This is a role that is part of the server OS. I just wanted to mention that to get my point across, i did not intend for you to install it, it was simply a statment. creating a static IP for the interface will work without issue.

Will.
0
 
LVL 4

Author Comment

by:Pancake_Effect
ID: 39751842
Great okay, I never installed RRAS, unless it comes on by default on w7 pro, which it doesn't sound like the case. Since this is not part of a domain, it shouldn't pick up anything from our servers even if they do have RRAS installed. I'll give that command a try.
0
 
LVL 38

Assisted Solution

by:ChiefIT
ChiefIT earned 100 total points
ID: 39751846
RRAS will either turn the computer into a router, or allow VPN IPSEC tunneling to the computer for remote access (hence the terms routing and remote access). Neither of which you need.

If this VLAN is for phone system interfacing, consider a computer that has a serial connection to the PBX to administer the phone system. That allows the most secure control of the PBX system and takes your computer off the telephone VLAN. Then, there will be no need for dual nics, fixed routes, and all kinds of other config settings to prevent all kinds of problems with multi-homing a computer system over a switched network.

As soon as  you enable the second nic, The computer will probably enabled RRAS and as a result Windows Firewall (by default stops RPC remote procedure call). To see, go to START>>type in "Services.msc" and look at Routing and Remote Access Services.

With what you said, your best bet is to take your computer off the telephony VLAN, and use serial port to communicate with the PBX. There will also be a web interface that uses port 80 or https port 443 to administer your PBX (web interfaces have a nicer graphic user interface for PBX admin).
0
 
LVL 4

Author Comment

by:Pancake_Effect
ID: 39751889
@Spec01
I tried the command and it stated it was OK, but I'm not able to ping anything on the 192.168.90.0 /24 network still. Is there something I'm missing?

This is how the IP settings are set up

IP settings
I left the 192.168.90.99 gateway out as I understood as you can see.



@ChiefIT
Sadly the machine does not have a serial connection, that was one of the first things I looked for as well. And thanks for the tip, I double-checked that the service remained off.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39751897
Are you sure that the gateway is correct? can you ping the gateway from the workstation? Also what does your routing table look like "route print"?

Will.
0
 
LVL 4

Author Comment

by:Pancake_Effect
ID: 39751933
I'm able to ping the gateway and it replies back just fine from the workstation, but nothing else. On my laptop in my office I also am using 192.168.90.99 as a gateway on the wireless, I'm able to ping everything, but not 192.168.90.177 (the workstation).

Here's the routing table and ping examples:
table
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39751980
couple things you can do.

Create a route directly to your workstation from the dual homed VLAN machine.

which would be the following...
route -p add 192.168.90.(your IP) mask 255.255.255.0 192.168.90.99 IF 18

Also on your workstation create a static route to the other workstation IP.
route -p add 192.168.90.177 mask 255.255.255.255 192.168.90.99 IF (whatever your IF # is)

Will.
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 39752093
Some have replaced the serial with an RJ45 interface.. What interfaces does the PBX have? And would you consider using the Web interface that ALL of the latest PBX's should have? Keeping one nic is SOOO much easier and better.
0
 
LVL 4

Author Comment

by:Pancake_Effect
ID: 39752561
@Spec01
It's very odd, it still doesn't seem to be working for some reason still.

My laptop in my office has a IP of 192.168.90.32

Here is the routing table on my laptop that's connected to the same wireless vlan right now. It's able to ping everything besides 192.168.90.177 (the workstation)

Laptop

The only thing 192.168.90.177 (the work station) can ping is our gateway 192.168.90.99

Workstation Table:
Workstation

What am I missing?

@ChiefIT

It literally only has one RJ45 jack that is being hogged for the phone network right now. It needs to be on that network, because the workstation also is used for the voicemail etc.

If I can use the second NIC I can either remote into the PC, or use the webtools as well probably over remoting in. So I've also thought about it, but the dang box doesn't have enough ports for anything   :(
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39752612
Everything seems right. Do you have any firewalls enabled on the duel homed workstation? Check to make sure that windows firewall is not blocking communication and also make sure that RDP is enabled so you can remote into the PC.

Will.
0
 
LVL 4

Author Comment

by:Pancake_Effect
ID: 39752618
I'l give the firewalls a check, just a quick question, we that command above with the 255.255.255.255 a typo, or do you really mean 255.255.255.0?

Also on your workstation create a static route to the other workstation IP.
route -p add 192.168.90.177 mask 255.255.255.255 192.168.90.99 IF (whatever your IF # is)
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 400 total points
ID: 39752636
255.255.255.255 is not a typo. This is a direct connection for netmask in subnetting.

Will.
0
 
LVL 4

Author Comment

by:Pancake_Effect
ID: 39752665
Hmm yeh turned off firewalls completely on both machines for testing purposes, still no ping from either machine. They can both ping and reach the gateway though.

The wireless on the workstation has a caution sign on it though (says something is wrong with it) it's because I'm leaving the gateway out. But that's intended. Don't know what else would be prohibiting the pings, unless the router is not recognizing the traffic somehow. But everything on the same network should be able to communicate anyways.
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 400 total points
ID: 39752683
Is it possible to add a route on the router itself? Static route to the IP of the duel homed workstation. That should do it. The router needs to know the route so that it can pass on the information.

Will.
0
 
LVL 12

Expert Comment

by:ktaczala
ID: 39754001
In your initial description you stated "vlan".
vlans don't cross talk that's what they're for, so same copper can broadcast on different subnets and not drag down bandwidth.
I would suggest adding an entry in the router to allow vlan(x) to talk to vlan(y) for ip ipaddress(z) only.
What type of router do you have installed?
0
 
LVL 4

Author Closing Comment

by:Pancake_Effect
ID: 39754085
Got it to work!

I deleted all routes and only put in one route from my laptop:

route -p add 192.168.90.177 mask 255.255.255.255 192.168.90.99 IF 11

And that got it to go. Having both routes in it seemed to break it or put it in some type of loop maybe.

I'm now able to remote into the machine perfectly =]

Thanks for all the help
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now