I have two routers:
Router A
Router B
Router A is the primary router and B is the one with lowest priority in HSRP.
What I did was to configure 3 subinterfaces with encapsulation dot1 to assign them to a VLAN.
Everything is clear to me up to this point:
I want to have a DHCP pool for each VLAN, I used the HSRP virtual IP as the gateway, but I configured DHCP exactly the same on routers A and B. I have an itch that says me even tough it works on packet tracer, it is not a correct configuration, due to having 2 DHCP servers on the same network. Is my itch correct or this is how is supposed to work?
Thank you for your answers!
Related
I'm writing to you because I can't solve a problem with a client.
My client has an infrastructure with the following characteristics:
2 ISP routers
1 fortigate firewall
1 dedicated router that broadcasts a UCOPIA US250 guest portal
65 Zyxel switches (1900 - 24) and one 4600 switch (4x 24 ports for the core network)
250 WIFI LIGOWAZE NFT terminals
80 VLANs
I do not manage the first 3 equipments, it is another provider.
Today, I have to pass the VLAN dedicated to the guests.
The other provider has set up the FORTIGATE to broadcast the DHCP and the associated VLAN on the DMZ port to the OUT port of the UCOPIA.
I have to broadcast VLAN 420 from the IN port to the ZYXEL switch and to the LIGOWAVE terminals.
However, when I am connected to the UCOPIA on the IN port, I manage to get the desired IP and to reach the portal, but when I test on the ZYXEL switch, it is impossible to get the dedicated VLAN.
I put myself on another port of the ZYXEL, I TAG the VLAN in question. I have modified the ID of my VLAN on my computer in DHCP that does not work. I tried to use static IP but still nothing. I can't even ping the gateway.
The ZYXEL port to which the UCOPIA is connected is TAGGED on the dedicated VLAN. I have also tried Untagged and excluding all the other VLANs but it is impossible to get this network.
Do you have any other ideas for me?
Here, you can see my diagram network:
MyNetwork
I resolved my problem.
I configured Switch like that:
Untagged dedicated VLAN
But i forgot to change the PVID VLAN.
I changed it and that work !
https://i.imgur.com/ugyO5C4.png
As you see in the image above, I'm seeking help with making both Vlan connections (Vlan10 and Vlan20) be able to communicate with the Coffe Maker Machine, What should I do?
The way I can think of is via Inter VLAN routing
Inter VLAN routing is a process in which we make different virtual LANs to communicate with each other irrespective of where the VLANs are present (on same switch or different switch). Inter VLAN Routing can be achieved through a layer-3 device i.e. Router or layer-3 Switch. When the Inter VLAN Routing is done through Router the it is known as Router on a stick.
So you can just assign the Coffe Maker Machine to one vlan and have the router handle the communcation. Router on a Stick tutorial
Just in advance im sorry for my limited expertise with networking, i know the basics tho...
So the issue i have which i am hoping someone can shed some light on..
I want to have 2 routers, each with either own vlan, and i want one router to be able to talk the other but not vise versa,
So my Main router (192.168.1.1) is connected to the modem,
I want to get a second router and connect it to my main router,
The second router i want to have its own vlan (192.168.2.1)
Now that part is pretty easy, here is where i am in over my head
I want the computers on my Main router, to be able to access the ones on the second router... like ping, RDP, ETC
BUT - i dont want the computers on the second router to have access to the ones on the main router.....
Is this possible?
Thank you,
If you are using home routers the key is in the WAN interface.
All the hosts connected in the LAN ports can access the hosts in the WAN port, but not viceversa. Your border router act this way: if you want a hosts communicate directly from WAN to LAN you have to forward a port. For example, if you have DVR with cameras and you want to monitor them from Internet, you will have to forward the ports the DVR uses.
So, you could connect in the 192.168.2.1 subnet (just to clarify, this is not a VLAN, this is a subnet, or you can also call it just a net, VLANs are another thing) the PCs that you don´t want to be accessed from the other hosts.
VLANs are kind of partition of a LAN where the broadcast can propagate inside it but cannot go out. They are used for security, performance and easy of administration. They belong to the 2nd. layer of the OSI model.
The final topology in your case is as follows:
Let´s separate your computers in two groups: group A are the ones you don´t anyone has access and group B are the ones you want to be accessed from another PCs.
First you have your modem connected to the router that will act as border router. It´s LAN IP will be 192.168.1.1/24 (/24 is a notation for the subnet mask 255.255.255.0).
To that router you will connect to it´s LAN ports the group B PCs with IPs ranging from 192.168.1.2 to 192.168.1.254 (.0 is reserved, .1 is you border router and .255 is also reserved).
Also to that router you will connect the second router to its WAN port. In the second router you will set an static IP in its WAN port that belongs to the subnet of the border router. For example 192.168.1.2.
The second router LAN IP will be 192.168.2.1/24. Finally, you will connect the group A PCs to the second router LAN ports. With IPs from 192.168.2.2 to 192.168.2.254. This will be the more "protected" LAN.
I hope this could help!
Gonna use 'ROUTER ONE' and 'ROUTER TWO', for my examples.
I have two routers, one on wireless one on ethernet. Both have different names. I want windows to just use the internet connection on ROUTER ONE and not use the connection on ROUTER TWO, but I still want to access ROUTER TWO's IP. At the moment to use the network I have to unplug the cable, as I get on the site I want, then the OTHER router takes me too another network saying that the connection is unavailable.
So then, what do I do?
The router names are irrelevant, all that matters is their IP addresses. You can tell a computer which router to use by setting it gateway address to that router's internal IP address. You can do that in the DHCP settings if you want it applied network wide.
As far as accessing both routers it all depends on how your network is set up both physically and its IP scheme. If both routers are on the same physical network and IP scheme you should be able to access them. If they are on the same physical network but on different IP schemes you can assign a second IP address to a computer that is compatible with the second scheme so you will be able to access the second router.
What I am asking is if two computers listen to the same port and a packet of information enters the router through the WAN Ip and the same port. Would the packet go to both computers? Neither? One or the other?
IE
computer 1 -(internal IP)-> 192.168.1.3 -(listens to port)-> 4444
computer 2 -(internal IP)-> 192.168.1.2 -(listens to port)-> 4444
computer 3 -(connects and sends)-> 24.157.358.45:4444
packet -> computer 1 AND computer 2
The code in VB6 is:
LAN.LocalPort = 4444
LAN.Protocol = sckTCPProtocol
LAN.Listen
I am using a WinSock object in the Microsoft WinSock Control 6.0 in VB6 Professional
If there is something that needs to be clarified I would be more than happy to.
The router won't send an inbound packet to either machine unless communication has already been established.
If 192.168.1.3 calls out to some other machine (e.g. 4.5.6.7) from its port 4444, the router will assign an arbitrary port on its external address (say 24.157.358.45 [sic] :5555) and pass the packets on to 4.5.6.7. 4.5.6.7 will send reply packets to 24.157.358.45:5555 -- because that's the only address it knows about -- and the router will relay those to 192.168.1.3:4444.
That's the normal course of things, but there are a lot of additional details to this scheme that make it possible to establish communication with a machine behind a router via trickery.
The system of having machines with private IP addresses behind a router with a public address is called network address translation (NAT); it's a pretty deep topic.
From my knowledge of routers, unless port forwarding is setup, the router will discard any packets sent on that port.
If port forwarding is setup, only one of the computers could be setup to receive the packets.
If the packet is an inbound request to establish a new TCP connection with a server that is running behind the router, the router must have an explicit port-forwarding rule configured, either statically in the router's configuration or dynamically via uPNP or SNMP, that tells the router where to route inbound packets on 24.157.358.45:4444 to, either to 192.168.1.2:4444 or to 192.168.1.3:4444, otherwise the packet will be discarded. So no, both of your listening servers will not see the same packet.
Once a TCP connection is established, the router knows which specific LAN machines are associated with which connections and will route incoming packets belonging to those connections accordingly.
The previous answers are correct, you need to enable port forwarding. If it is not enabled port 4444 will be closed on the router.
It sounds like you have multiple servers and want to forward to whatever server is turned on at the moment. This is not possible (*), the router does not care whether or not PC1 or PC2 are listening on port 4444, it will simply forward everything to the address configured in the port forwarding.
(*): Ok it is possible but it takes some extra work.
Solution 1: Trick the router into thinking there is only one server. Give PC1 and PC2 a virtual network interface with the same IP address and forward to that address. Make sure only one of these interfaces is enabled, having duplicate IP addresses in your network can have unintentional behaviour.
Solution 2: Make the router care about which server is on. You will need to write a program to run on the router (or on another server) that can detect which server is on and forward the packets accordingly. If you are using Linux the program iptables can be worth looking at.