Solved

Getting routers to accept another router's private subnet

Posted on 2014-01-18
9
1,506 Views
Last Modified: 2014-01-30
I am using Verizon FIOS router for my FIOS internet connection.  I have another router, Belkin WNDR3700, connected to the FIOS router, so that I can extend the range.  My connection between the two routers is FIOS router LAN port to Belkin WAN port.  The subnet associated with the FIOS router is 192.168.1.x and the subnet associated with the Belkin router is 192.168.2.x.  I have set the Belkin router to static IP for convenience.  It is set to 192.168.1.2.  Both routers are DHCP.  I have created two network objects in the FIOS router:  Subnet 1 and Subnet 2 to represent each subnet.  I setup a static route in the FIOS modem: 192.168.2.0, 192.168.1.1, 255.255.255.0.  I have setup two firewall filters in the FIOS modem:  192.168.1.0 -> 192.168.2.0 for both in and out.  I have made no additional changes to the Belkin router.

I can access all of my 192.168.1.x subnet devices when connected to either subnet.  I can access internet from any device.  However, I cannot access 192.168.1.x subnet devices when connected to the 192.168.2.x subnet.  I have attempted to create a static route on the Belkin like I did for the Verizon modem without luck.  When setting up the Belkin static route, i get an error that the address conflicts with the WAN address.  My Belkin static route settings are: 192.168.1.0, 192.168.2.1, 255.255.255.255.

I am unable to ping the 192.168.2.x devices from 192.168.1.x devices.

What can I do????
0
Comment
Question by:DCCoolBreeze
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
9 Comments
 
LVL 26

Expert Comment

by:Fred Marshall
ID: 39791175
Just don't use the WAN side of the added router and turn off its DHCP service.
Assign it a static IP address in the subnet you're going to use so you can access it later.
See the attached diagram.
Wireless-Router-as-a-Simple-Swit.pdf
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 39792148
fmarshall, your drawing contains an error: The routers need to have an address in the same subnet as the LAN, while your example tells to use 192.168.0.x for routers in a 192.168.1.0/24 LAN ... The annotations are correct, though.
0
 
LVL 1

Author Comment

by:DCCoolBreeze
ID: 39794121
Thanks for the information; however, i prefer to use the WAN port of the additional router.  It provides a number of administration options when engaged that are not available using LAN to LAN connection.  I have done the LAN to LAN in the past, but am trying to get the LAN to WAN configuration working this time.

What about a static route??
0
Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

 
LVL 26

Expert Comment

by:Fred Marshall
ID: 39794710
You can do that as well.
Here's a different diagram.
The diagram needs one addition to allow downstream access:
You would need a static route at any upstream router that points to the subnet of any downstream router if you want them to connect.

So, on page 1, you could have:
Assume that Router 1 has 192.168.1.2 on the WAN side.
Assume that Router 2 has 192.168.0.2 on the WAN side.

On the Modem/Router static routes as follows:

192.168.2.0/24 to 192.168.1.2
and
192.168.0.0/24 to 192.168.1.2

On Router 1 static route as follows:

192.168.2.0/24 to 192.168.0.2   (where I have given Router 2 here the "192.168.0.2" adddress on the WAN side).

This will work with many commodity routers.  I've not found a set where it would not.  But, more sophisticated routers may require upstream-pointing routes as well such as:

On Router 2 there should be no need to point to the 2nd subnet because Router 2 will already have that route.
But, on Router 2 you may have to point to the 1st subnet like this:
192.168.1.0/24 to 192.168.0.1

On Router 1 there should be no need to point to the 1st subnet because Router 1 will already have that route.
Multiple-Subnets.pdf
0
 
LVL 26

Expert Comment

by:Fred Marshall
ID: 39794796
Thanks to Qlemo I have corrected the subnets mentioned on this diagram.
It's not what you appear to want but just to be complete within the thread.
Wireless-Router-as-a-Simple-Swit.pdf
0
 
LVL 1

Author Comment

by:DCCoolBreeze
ID: 39795040
I appreciate the help.  While excellent diagram and example, the new example provided does not work in my case.  I want computers on either subnet to be able to see devices on the other subnet.  The configuration I currently have setup works "upstream", but it does not work downstream.  So I my laptop has an IP in the 192.168.2.x subnet, I can ping/set the devices on the 192.168.1.x subnet.  However, if my laptop is on the 192.168.1.x subnet, I cannot see the devices on the 192.168.2.x subnet.  The Verizon FIOS wireless/modem/router uses the 192.168.1.x subnet and provides the internet service.  I have a static route setup and firewall rules setup on the FIOS router.   Since I connected the Verizon router LAN port to the Belkin WAN port, the Belkin WAN subnet is 192.168.1.x.   When I attempted to setup a static route from the Belkin router to the Verizon router's subnet (192.168.1.x) I get an error that I need to select a different IP address, because 192.168.1.x is the WAN's subnet --- which is exactly right.  The Belkin WAN IP is 192.168.1.x as it should be since the connection to that WAN port originates from the LAN port of the Verizon router.   So, all the say, how can I get devices on router 192.168.1.x (upstream router) to see devices on 192.168.2.x
0
 
LVL 26

Expert Comment

by:Fred Marshall
ID: 39795078
I anticipated the downstream issue and tried to explain how to do it using the diagram AND the words in my last response.  Sorry if I wasn't clear.

You don't need a route from the Belkin to the Verizon because they are on the same subnet and are "known" to one another so to speak.  If you look at the routing table on the Belkin, it will already be there.  But, it may be 0.0.0.0 to 192.168.1.1 which encompasses everything outside 192.168.1.0/24 ... that is, the Verizon is the default Gateway for the Belkin.

You need to set up a static route in the Verizon like this:
192.168.2.0/24 to 192.168.1.xxx where 192.168.1.xxx is the IP of the WAN port of the Belkin.
When packets arrive at the Belkin destined for 192.168.2.0/24, they will be routed to the Belkin LAN switch ports.  The Belkin routing table should already reflect this.

Further explanation:
- A device on the 192.168.1.0/24 subnet tries to send a packet to a device on the 192.168.2.0/24 subnet.
- Because this packet is destined for a "foreign" subnet, it will be directed to the gateway (the Verizon in your case) as the next hop.
- The gateway will do one of two things:
  .. if it doesn't know where the subnet is, it may well drop the packet.
  .. if it has a route to the subnet, it will direct the packet according to that route.
  (so then the packet is put back out on the same LAN as where it originated but now it will be destined for the Belkin's IP address).

From this you can see that there is an alternate, although less convenient, method.
You could put the route in all the PCs that need it:
192.168.2.0/24 to 192.168.1.xxx (the Belkin).
route -p add 192.168.2.0 255.255.255.0 192.168.1.xxx 1
... something like that.

This is easy enough but you have to "touch" all the computers in that subnet if that's your intent.  So, it's generally preferable to enter the route one time in the gateway device.
0
 
LVL 1

Author Comment

by:DCCoolBreeze
ID: 39795161
OK.  my verizon modem provides the following fields for static routes (Fields: Values I entered):

Name:  Home Network
Destination: 192.168.2.0
Gateway: 192.168.1.2  (this is the WAN port IP, the Gateway is 192.168.1.1 - which also does not work)
Net Mask: 255.255.255.0
Metric: 3 (I only have two routers, but entered 3)

Internet Group Management Protocol (IGMP):  Checked
Doman Routing: Not Checked

Unfortunately, this configuration did not work...

Of note, when I changed the Gateway from 192.168.1.1 to the WAN IP port 192.168.1.2 and pinged at device on 192.168.2.x, I got the following:

PING 192.168.2.2 (192.168.2.2) 56(84) bytes of data.
From 192.168.1.1: icmp_seq=1 Redirect Host(New nexthop: 192.168.1.2)
--- 192.168.2.2 ping statistics ---
10 packets transmitted, 0 received, +1 errors, 100% packet loss, time 9065ms
0
 
LVL 26

Accepted Solution

by:
Fred Marshall earned 500 total points
ID: 39795396
I tried this on a commodity Linksys router and got the same result as you did.
So, I have to believe now that the downstream routing won't work - perhaps on any router or at least any commodity router like Linksys or Belkin.
All of the instructions they give  (as few as they are) suggest it should work.
Sorry, I really thought that it would.

Yet, a trace route from the upstream subnet to the downstream subnet does NOT include the downstream router IP.  There is no response from it.  This suggests the upstream router is dropping the packets even though there is a route for them.

I guess you might be better off LAN to LAN on those routers.

Of course, the downstream router was configured in Gateway mode / i.e. NAT.
But even set up in Router mode, it seemed to make no difference.
In the mean time, the upstream router has to be set in Gateway mode.  So no change possible to test there - even though for this route NAT in the upstream router wouldn't be in the intended route.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
creating SVI on layer 3 switch 1 56
Cisco router 4400 and switch connection. 27 54
Wireless Authentication 3 24
Network assessment tools like Network Detective? 4 29
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
DECT technology has become a popular standard for wireless voice communication. DECT devices are not likely to be affected by other electronic devices and signals because they operate in a separate frequency-band.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question