so the setup I've got:
Main Router which receives the internet connection and is my primary WIFI network: 192.168.1.0/24
Secondary Router which I've connected via the following method to create a separate LAN: 10.3.3.0/24. Main Router's LAN port --> Secondary Router's WAN port.
I've got this setup fine and can get internet from the Secondary Router's LAN, no problem.
My question is: Is it normal behavior to be able to ping a device connected to the main router from the secondary router?
I would like to isolate devices on each LAN so that devices connected to the separate LAN's can't communicate and wondering if I'm able to achieve this using 2 consumer grade routers?
Cheers!
This is normal behavior because the secondary router knows that IPs in the 192.168.1.0/24 subnet should be forwarded to its WAN port, so it can access hosts connected to that network.
Sadly, you usually can't create 2 segregated subnets with 2 consumer-grade routers, as these only have 2 network interfaces (one for WAN and one for the built-in switch).
I also do not recommend doing this, as double NAT can have unexpected side effects. If you really want to separate devices on your local network, looking into VLANs is a better way. You can use your existing router but will need a compatible switch.
If your routers support vlan management you should use separate vlans for both subnets. Otherwise you cant devide your networks.
Related
I am building a home office network.
Due to physical limitation of my environment, I have setup my Wifi network under two routers in two different rooms.
DSL <------> Router 1 (Room 1) < ---- RJ45 192.168.1.105 --> Router 2 (Room 2)
Following is the current setting for bother Router
Router 1
IP: 192.168.1.1
DHCP Range: 192.168.1.0 - 192.168.1.255
Facilities connected:
DSL Wall point - Connected to internet (NBN).
Printer
Smart TV
Mobile
Other Desktop
Router 2
IP: 192.168.2.1
DHCP Range: 192.168.2.0 - 192.168.2.255
Facilities connected:
Laptop
Smart TV
Mobile
Gateway: 192.168.1.1
I can connect to internet from Router 2. However, I am not able to use Router 2 to access to the Smart TV and Printer that is connected to Router 1 .
Both routers does NOT support Access Point Mode. Therefore, they are connected Via RJ45 Ethernet.
Anyone have any idea on how to fix it?
Thanks in advance!
The problem is because that router uses NAT/NAPT for the lack of IP address and the protection of internal network. Normally, we use four types like Full Cone NAT, Restricted NAT, Port Restricted NAT and Symmetric NAT. They have different features, but they have a common feature: none of connection can be established from the outer side.
That means you can connect to outer side from inside, and then establish a connection, then the bidirection communication can work well. But if you firstly want to handshake from the outer side, it will fail.
So, here is something we called NAT traversal or NAT pounch hole to make some specifi internal IP/port can be connect from outside.
For your circumstances, the easiest way is to try upnp or nat-pmp if your router supports them. If not, it's relatively hard for you to simply connect them. Maybe you can try STUN/TURN/ICE, but I think you will not like them cause it's relatively hard.
https://i.imgur.com/ugyO5C4.png
As you see in the image above, I'm seeking help with making both Vlan connections (Vlan10 and Vlan20) be able to communicate with the Coffe Maker Machine, What should I do?
The way I can think of is via Inter VLAN routing
Inter VLAN routing is a process in which we make different virtual LANs to communicate with each other irrespective of where the VLANs are present (on same switch or different switch). Inter VLAN Routing can be achieved through a layer-3 device i.e. Router or layer-3 Switch. When the Inter VLAN Routing is done through Router the it is known as Router on a stick.
So you can just assign the Coffe Maker Machine to one vlan and have the router handle the communcation. Router on a Stick tutorial
Just in advance im sorry for my limited expertise with networking, i know the basics tho...
So the issue i have which i am hoping someone can shed some light on..
I want to have 2 routers, each with either own vlan, and i want one router to be able to talk the other but not vise versa,
So my Main router (192.168.1.1) is connected to the modem,
I want to get a second router and connect it to my main router,
The second router i want to have its own vlan (192.168.2.1)
Now that part is pretty easy, here is where i am in over my head
I want the computers on my Main router, to be able to access the ones on the second router... like ping, RDP, ETC
BUT - i dont want the computers on the second router to have access to the ones on the main router.....
Is this possible?
Thank you,
If you are using home routers the key is in the WAN interface.
All the hosts connected in the LAN ports can access the hosts in the WAN port, but not viceversa. Your border router act this way: if you want a hosts communicate directly from WAN to LAN you have to forward a port. For example, if you have DVR with cameras and you want to monitor them from Internet, you will have to forward the ports the DVR uses.
So, you could connect in the 192.168.2.1 subnet (just to clarify, this is not a VLAN, this is a subnet, or you can also call it just a net, VLANs are another thing) the PCs that you don´t want to be accessed from the other hosts.
VLANs are kind of partition of a LAN where the broadcast can propagate inside it but cannot go out. They are used for security, performance and easy of administration. They belong to the 2nd. layer of the OSI model.
The final topology in your case is as follows:
Let´s separate your computers in two groups: group A are the ones you don´t anyone has access and group B are the ones you want to be accessed from another PCs.
First you have your modem connected to the router that will act as border router. It´s LAN IP will be 192.168.1.1/24 (/24 is a notation for the subnet mask 255.255.255.0).
To that router you will connect to it´s LAN ports the group B PCs with IPs ranging from 192.168.1.2 to 192.168.1.254 (.0 is reserved, .1 is you border router and .255 is also reserved).
Also to that router you will connect the second router to its WAN port. In the second router you will set an static IP in its WAN port that belongs to the subnet of the border router. For example 192.168.1.2.
The second router LAN IP will be 192.168.2.1/24. Finally, you will connect the group A PCs to the second router LAN ports. With IPs from 192.168.2.2 to 192.168.2.254. This will be the more "protected" LAN.
I hope this could help!
I want to set up an i-Ball Baton router as a dhcp server. But the problem is i get Static IP at the WAN Port. Will getting a static IP at the wan port affect its role as a dhcp server ? . I will be connecting 2-3 devices that will require dynamic ip from the router.
No, it won't affect. Some networking basics:
Router is a gateway device, it's located between two network segments thus connecting them:
local area network (LAN) - place where all your devices live
wide area network (WAN) - all outer world
Since router belongs to two networks simultaneously, it has two absolutely independent IP addresses for each one. Router's job is to receive packets from Internet on WAN interface and inject them into LAN and vice versa. So LAN is quite isolated from the Internet, you can always drastically change LAN layout while still appearing to the outer world as the same single IP address.
DHCP server feature is intended for organizing addresses on your LAN, it doesn't rely on WAN interface details.
Gonna use 'ROUTER ONE' and 'ROUTER TWO', for my examples.
I have two routers, one on wireless one on ethernet. Both have different names. I want windows to just use the internet connection on ROUTER ONE and not use the connection on ROUTER TWO, but I still want to access ROUTER TWO's IP. At the moment to use the network I have to unplug the cable, as I get on the site I want, then the OTHER router takes me too another network saying that the connection is unavailable.
So then, what do I do?
The router names are irrelevant, all that matters is their IP addresses. You can tell a computer which router to use by setting it gateway address to that router's internal IP address. You can do that in the DHCP settings if you want it applied network wide.
As far as accessing both routers it all depends on how your network is set up both physically and its IP scheme. If both routers are on the same physical network and IP scheme you should be able to access them. If they are on the same physical network but on different IP schemes you can assign a second IP address to a computer that is compatible with the second scheme so you will be able to access the second router.