Improve company productivity with a Business Account.Sign Up

x
?
Solved

Getting routers to accept another router's private subnet

Posted on 2014-01-18
9
Medium Priority
?
1,730 Views
Last Modified: 2014-01-30
I am using Verizon FIOS router for my FIOS internet connection.  I have another router, Belkin WNDR3700, connected to the FIOS router, so that I can extend the range.  My connection between the two routers is FIOS router LAN port to Belkin WAN port.  The subnet associated with the FIOS router is 192.168.1.x and the subnet associated with the Belkin router is 192.168.2.x.  I have set the Belkin router to static IP for convenience.  It is set to 192.168.1.2.  Both routers are DHCP.  I have created two network objects in the FIOS router:  Subnet 1 and Subnet 2 to represent each subnet.  I setup a static route in the FIOS modem: 192.168.2.0, 192.168.1.1, 255.255.255.0.  I have setup two firewall filters in the FIOS modem:  192.168.1.0 -> 192.168.2.0 for both in and out.  I have made no additional changes to the Belkin router.

I can access all of my 192.168.1.x subnet devices when connected to either subnet.  I can access internet from any device.  However, I cannot access 192.168.1.x subnet devices when connected to the 192.168.2.x subnet.  I have attempted to create a static route on the Belkin like I did for the Verizon modem without luck.  When setting up the Belkin static route, i get an error that the address conflicts with the WAN address.  My Belkin static route settings are: 192.168.1.0, 192.168.2.1, 255.255.255.255.

I am unable to ping the 192.168.2.x devices from 192.168.1.x devices.

What can I do????
0
Comment
Question by:DCCoolBreeze
  • 5
  • 3
9 Comments
 
LVL 27

Expert Comment

by:Fred Marshall
ID: 39791175
Just don't use the WAN side of the added router and turn off its DHCP service.
Assign it a static IP address in the subnet you're going to use so you can access it later.
See the attached diagram.
Wireless-Router-as-a-Simple-Swit.pdf
0
 
LVL 72

Expert Comment

by:Qlemo
ID: 39792148
fmarshall, your drawing contains an error: The routers need to have an address in the same subnet as the LAN, while your example tells to use 192.168.0.x for routers in a 192.168.1.0/24 LAN ... The annotations are correct, though.
0
 
LVL 1

Author Comment

by:DCCoolBreeze
ID: 39794121
Thanks for the information; however, i prefer to use the WAN port of the additional router.  It provides a number of administration options when engaged that are not available using LAN to LAN connection.  I have done the LAN to LAN in the past, but am trying to get the LAN to WAN configuration working this time.

What about a static route??
0
NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

 
LVL 27

Expert Comment

by:Fred Marshall
ID: 39794710
You can do that as well.
Here's a different diagram.
The diagram needs one addition to allow downstream access:
You would need a static route at any upstream router that points to the subnet of any downstream router if you want them to connect.

So, on page 1, you could have:
Assume that Router 1 has 192.168.1.2 on the WAN side.
Assume that Router 2 has 192.168.0.2 on the WAN side.

On the Modem/Router static routes as follows:

192.168.2.0/24 to 192.168.1.2
and
192.168.0.0/24 to 192.168.1.2

On Router 1 static route as follows:

192.168.2.0/24 to 192.168.0.2   (where I have given Router 2 here the "192.168.0.2" adddress on the WAN side).

This will work with many commodity routers.  I've not found a set where it would not.  But, more sophisticated routers may require upstream-pointing routes as well such as:

On Router 2 there should be no need to point to the 2nd subnet because Router 2 will already have that route.
But, on Router 2 you may have to point to the 1st subnet like this:
192.168.1.0/24 to 192.168.0.1

On Router 1 there should be no need to point to the 1st subnet because Router 1 will already have that route.
Multiple-Subnets.pdf
0
 
LVL 27

Expert Comment

by:Fred Marshall
ID: 39794796
Thanks to Qlemo I have corrected the subnets mentioned on this diagram.
It's not what you appear to want but just to be complete within the thread.
Wireless-Router-as-a-Simple-Swit.pdf
0
 
LVL 1

Author Comment

by:DCCoolBreeze
ID: 39795040
I appreciate the help.  While excellent diagram and example, the new example provided does not work in my case.  I want computers on either subnet to be able to see devices on the other subnet.  The configuration I currently have setup works "upstream", but it does not work downstream.  So I my laptop has an IP in the 192.168.2.x subnet, I can ping/set the devices on the 192.168.1.x subnet.  However, if my laptop is on the 192.168.1.x subnet, I cannot see the devices on the 192.168.2.x subnet.  The Verizon FIOS wireless/modem/router uses the 192.168.1.x subnet and provides the internet service.  I have a static route setup and firewall rules setup on the FIOS router.   Since I connected the Verizon router LAN port to the Belkin WAN port, the Belkin WAN subnet is 192.168.1.x.   When I attempted to setup a static route from the Belkin router to the Verizon router's subnet (192.168.1.x) I get an error that I need to select a different IP address, because 192.168.1.x is the WAN's subnet --- which is exactly right.  The Belkin WAN IP is 192.168.1.x as it should be since the connection to that WAN port originates from the LAN port of the Verizon router.   So, all the say, how can I get devices on router 192.168.1.x (upstream router) to see devices on 192.168.2.x
0
 
LVL 27

Expert Comment

by:Fred Marshall
ID: 39795078
I anticipated the downstream issue and tried to explain how to do it using the diagram AND the words in my last response.  Sorry if I wasn't clear.

You don't need a route from the Belkin to the Verizon because they are on the same subnet and are "known" to one another so to speak.  If you look at the routing table on the Belkin, it will already be there.  But, it may be 0.0.0.0 to 192.168.1.1 which encompasses everything outside 192.168.1.0/24 ... that is, the Verizon is the default Gateway for the Belkin.

You need to set up a static route in the Verizon like this:
192.168.2.0/24 to 192.168.1.xxx where 192.168.1.xxx is the IP of the WAN port of the Belkin.
When packets arrive at the Belkin destined for 192.168.2.0/24, they will be routed to the Belkin LAN switch ports.  The Belkin routing table should already reflect this.

Further explanation:
- A device on the 192.168.1.0/24 subnet tries to send a packet to a device on the 192.168.2.0/24 subnet.
- Because this packet is destined for a "foreign" subnet, it will be directed to the gateway (the Verizon in your case) as the next hop.
- The gateway will do one of two things:
  .. if it doesn't know where the subnet is, it may well drop the packet.
  .. if it has a route to the subnet, it will direct the packet according to that route.
  (so then the packet is put back out on the same LAN as where it originated but now it will be destined for the Belkin's IP address).

From this you can see that there is an alternate, although less convenient, method.
You could put the route in all the PCs that need it:
192.168.2.0/24 to 192.168.1.xxx (the Belkin).
route -p add 192.168.2.0 255.255.255.0 192.168.1.xxx 1
... something like that.

This is easy enough but you have to "touch" all the computers in that subnet if that's your intent.  So, it's generally preferable to enter the route one time in the gateway device.
0
 
LVL 1

Author Comment

by:DCCoolBreeze
ID: 39795161
OK.  my verizon modem provides the following fields for static routes (Fields: Values I entered):

Name:  Home Network
Destination: 192.168.2.0
Gateway: 192.168.1.2  (this is the WAN port IP, the Gateway is 192.168.1.1 - which also does not work)
Net Mask: 255.255.255.0
Metric: 3 (I only have two routers, but entered 3)

Internet Group Management Protocol (IGMP):  Checked
Doman Routing: Not Checked

Unfortunately, this configuration did not work...

Of note, when I changed the Gateway from 192.168.1.1 to the WAN IP port 192.168.1.2 and pinged at device on 192.168.2.x, I got the following:

PING 192.168.2.2 (192.168.2.2) 56(84) bytes of data.
From 192.168.1.1: icmp_seq=1 Redirect Host(New nexthop: 192.168.1.2)
--- 192.168.2.2 ping statistics ---
10 packets transmitted, 0 received, +1 errors, 100% packet loss, time 9065ms
0
 
LVL 27

Accepted Solution

by:
Fred Marshall earned 2000 total points
ID: 39795396
I tried this on a commodity Linksys router and got the same result as you did.
So, I have to believe now that the downstream routing won't work - perhaps on any router or at least any commodity router like Linksys or Belkin.
All of the instructions they give  (as few as they are) suggest it should work.
Sorry, I really thought that it would.

Yet, a trace route from the upstream subnet to the downstream subnet does NOT include the downstream router IP.  There is no response from it.  This suggests the upstream router is dropping the packets even though there is a route for them.

I guess you might be better off LAN to LAN on those routers.

Of course, the downstream router was configured in Gateway mode / i.e. NAT.
But even set up in Router mode, it seemed to make no difference.
In the mean time, the upstream router has to be set in Gateway mode.  So no change possible to test there - even though for this route NAT in the upstream router wouldn't be in the intended route.
0

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

587 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question