Well the situation may seem to be complex but here it is.
I have a computer X. It is connected to gateway 1. Another computer Y is connected to gateway 2. Gateway 1 and 2 are themselves connected to a super gateway G which is connected to Internet.
This is actually the setup of my college network. The college uses a gateway (G) to distribute IPs to hostel rooms (Each room gets one IP). Since I have 2 computer (My PC and my Raspberry Pi (X)), I need to use a network switch (gateway 1) to connect to internet. Similarly my friend in the adjacent room has a network switch which connects his laptop (Y). The Raspberry Pi (X) has LAMP server and the laptop Y wants to access its content. How is this possible? What address should be entered in the web browser? How will the browser know which address does it points to?
Another question is : If I directly connect my laptop to Gateway G, then I have to login first to access the Internet. Can I setup my network switch in such a way that it automatically logs into the Gateway G so that I don't have to login when my computers are connected? My network switch is D-Link model AES-1005A.
First, a switch is not a gateway (router). There is a big difference. Each device you connect to your switch is getting its own IP address from DHCP, else it wouldn't work.
You don't get one IP address per room since that is not how DHCP works, There may be a switch between Router G and your rooms that limits the number of MAC addresses per port. If that is the case, you are out of luck, otherwise your friend should try to connect to the address assigned to your Pi by DHCP.
Network switches only operate at layer-2, so any upper-layer protocols like the login are completely transparent to it, and you cannot have it log in for you. Your Pi may actually need to log in, too, to get an IP address from DHCP.
You seem to be trying to bypass the network policies or security of a network that doesn't belong to you. In many jurisdictions, this is a crime (usually, a felony), so you should tread very carefully.
Also, since this doesn't involve programming, it is actually off-topic here, and you should really ask on Super User.
Related
So I my ISP assigns local private IP address to devices on the network, I found that by checking the IP address assigned to my phone's ccmni0 interface which I believe is the one used to connect to the network.
And so I tried sending a message to my other phone (which uses a SIM card from the same network provider as the other, so I assumed they are on the same network) using the local IP assigned to it. I was expecting to receive the message on the device but didn't, that's why I suspect the reason might be because they use different cellular technology (one 3G and the other 4G).
Please tell me if my suspicion is true or not. And guide me if I have done anything wrong.
I have some questions about vlan's. I know that this forum is more for programming than for networking but this is the best forum that I could think of.
So all my questions are about vlan's. Here they come:
Can one vlan have a different beginning of a ip adress as the other one's (e.g. vlan 1=192.168.2.xx, vlan 2=10.0.0.x)?
Can devices have the same ipadress when they're in different vlan's?
Can you make a "hole" between the vlan's so that a few devices (chosen by you, for example using static ip adresses) can still talk with each other (e.g. a file server on vlan 1 can still talk to the printer on vlan 2)?
Can you have different dns servers for different vlan's?
Can you have different firewall settings for different vlan's? How do you "choose" which firewall you want to change as an admin?
Can you have wifi vlan's (like a vlan for your home wifi and a vlan for your guest wifi)
Can you access the routers settings (192.168.1.1) from every vlan?
When I connect to a network, how do I get assigned to a vlan? Is there like a "If someone connects to the network, it automatically goes to vlan 1 until the admin moves them to a different vlan"?
Can you put a password on a vlan so that you have to put in a password to change vlan's?
Can a user (so not a network admin) choose to change from vlan's (because then question 8 would be relevant)?
How does portforwarding work with vlan's?
If you access the network from outside (e.g. a hacker or just someone else), do you automatically get "redirected" to the standard vlan (1) or do you end up in a "intersection" where you first have to choose the vlan you want to go to?
Can you make a port on a switch that has special access to every vlan at the same time (Only for the network admin)(So for that ethernet port, the network is just one big network instead of divided vlan's)(This would contradict question 2 as then you would have two devices with the same ip adress)?
Can you have a network port with a device attached to it, that will be accessable to every vlan (e.g. a printer)? Is that dangerous because than a hacker could probably access that device and use it to jump between vlan's?
That's it. I know that there are alot of questions but I hope you can help with a few at least. The thing is, youtube video's always just explain that vlan's are separate networks, but I want to know: "How separate are they?" You see that almost every question is about "How separate are they exactly?"
I hope you can help!
Thanks
hopefully this will answer your questions
VLANs are like separated cables inside cable and they do not mix or intefer between themselfs
Answers:
Yes. As mentioned above
Yes but it's not good practice because you can make mistake durring VLANs settings causing sec flaws or IP collisions
Not directly but this can be done via gateway/router between VLANs and all traffic have to go thru GW (easy way)
Yes and usually you do. For example you have:
VLAN 10: Subnet 192.168.10.0/24; GW 192.168.10.1; DNS 192.168.10.1
VLAN 20: Subnet 192.168.20.0/24; GW 192.168.20.1; DNS 192.168.20.1
Yes it is common/required behavior. It is done by filtering firewall rule by incoming interface (eg vnet7), incoming subnet or incoming IP
Yes. But there are two ways setting VLANs:
ACCESS (untag): VLAN is ended at output interface thus client device dont have to support/setup VLAN. Actualy client device even don't know that there is some VLAN
TRUNK (tag): VLAN (or multiple VLANs) are routed thru access point and client device has to be configured same way on incoming interface
Access is what you need in this case
Yes if you setup firewall that way (routing between subnes)
As explained in point 6
No. VLAN is just number. To protect your vlans you have to setup network devices in way that every port (unless needed - eg switches bond interconnection) is set in ACCESS mode so only admin with access to network device can change VLAN for client device. Or implement NAC such as packetfence
As points 6. and 8. Only when your setup allows
Inside VLAN no portforward is needed because all devices in same VLAN are at same L2 network
No simple answer here, it all depends on your VLAN and firewall settings
Can not be done with VLANs only. Common practice is to setup specific VLAN (lets call it management VLAN) which is ended in ACCESS mode on some physicaly secured switch ethernet port and then using firewall and routings on GW to setup access across all VLANS (well .. not all but required ones)
Yes you can as mentioned above but again using firewall and routing settings on gateway
This one is long :) ... fell free to continue in chat
Hello Networking Gurus,
I have a question about IP duplication and how this impact the associated switches (layer 2). Sorry, I don't have any resources available to test this. It would be great if someone can shed some lights of their experience on this.
If I have two servers (Linux), say A & B, serving exactly same contents and for some reason they both are assigned same IP address. To be more specific, if A already has an address IP.100 and B has another address IP.200. Now at this point everything seems working and the switch has proper MAC addresses stored. If, later, B also gets the address IP.100, how would this affect the switch's ARP cache? When B gets the new address I assume it broadcasts ARP? to inform the associated switch.
So the question is, Does the switch stores both machines' entries? or overwrites the existing with new? Is there any standard behaviour or proprietary switches reacts differently?
If a client, with no ARP cache, tries to connect to IP.100, which machine would it be forwarded to? A or B or none? If A OR B, can I say from client point-of-view, that there's no outage? (Assume this is a static website, with no login sessions etc)
Feel free to point any relevant documentation.
Thank you in advance.
In theory, you shouldn’t have two hosts talking on the same IP, unless they are participating in routing. Eg any-cast. As things will break.
Each host will have its own MAC address. If the switch is only doing layer two forwarding, then the switch only keeps track of MAC addresses. It is the end hosts or routers that track ARP entries.
If you move IP 100 to B, then the hosts will update their own ARP table.
But if A and B have 100 at the same time, this will cause issues.
Switch will not see any IP's and do not have arp cache for forwarding packets , it will had only mac address table map macs to ports and macs in your case will be unique
I actually think this is how multicast works.
Hosts obtain a multicast address and all of the devices share that same multicast address.
A switch will gather collections of Mac addresses to that same multicast in it's mac table.
I could be wrong though....Still learning.
If I want to detect the number of connections active on my home Wifi network, how should I go ahead doing it? This can be useful for building applications which would serve as monitoring unidentified/unrecognized people being fraudulently misusing a person's Wifi network.
How to know whether your neighbors or others are using your wireless network is rather complicated.
If your neighbors are experienced Wi-Fi hackers, you might not be able to tell at all.
If they're just stealing your Internet connection, you may be able to tell from the logs on your router.
To find out who's on your wireless network, you'll need to start by taking inventory of all the devices that are meant to be connected. Find out their MAC IDs and their IP addresses (if they're static).
To find out the MAC ID/IP address on a PC, click the Start menu and choose Run. Type cmd and click OK. In the screen that opens, type ipconfig /all and hit Enter. The MAC address will be shown as the physical address. Once you know the MAC addresses of each of the PCs on your network, you will recognize any addresses that don’t belong under the screen that shows the MAC addresses of current connections.
Check IP addresses
Likewise you may be able to see how many IP addresses have been dished out by the DHCP server. If you check the IP addresses of each of your PCs, you can see if other IP addresses have been served.
To find out your IP address from the Start menu, click Run. Then type in cmd and click OK. In the screen that comes up, type ipconfig which will display the IP address for that computer. (Bear in mind, however, that if the PC is set to auto detect settings, then the PC's IP address will change the next time the computer is rebooted or switched on. Sometimes previously served numbers have not yet expired, so you may think someone is connected when they are not.)
Dealing with intruders
If you do find someone using your connection, they may well not be doing so maliciously or even knowingly. Sometimes people can’t tell which is their own connection and they may honestly believe that they are using their Wi-Fi router rather than yours. The best way to deal with this is to set up your own security and maybe you can help them find their own router!
The optimal solution is to set up a strong password using WPA or WPA 2 of almost 20 to 30 digits and numbers. Once your network is functioning, you can switch off the SSID broadcast (which prevents it from advertising the name of your network) so it would effectively disappear as far as your neighbors are concerned, and the first you might hear of it is when someone complains that their Web connection has disappeared.
You could look for logs such as current LAN clients, connection or status log, or connected MAC addresses.
Be Happy :-)
Do you have access to the Access Point management ?
Look for MAC addresses and their filtering. Modern APs allow you to filter devices and or limit the timeframe during which devices can authenticate themselves, using a hardware button.
A link on how to secure your AP here, and a good start to know what to play with !
You can Either USE this Command... On your Router or Modem... Some Modem's have console for Ping and Commands like that....
ipconfig -all
There is a lot of history here, so please bear with me.
Our home network used to be fine when we were with Comcast, but we wanted better speed and reliability, so we switched to FIOS. At that point, the Wifi connections from my Raspberry Pis stopped working. I got frustrated after a couple of weeks of trying to discover the cause of the problem and eventually put it aside.
The other day, I started to configure a new Raspberry Pi 4 that I plan to use on my new Sphero RVR. I set it up following the usual directions and the Pi connects to the Internet without problem over WiFi, but I can't ping it from my Windows 10 desktop.
So I started digging. I downloaded the Fing app onto my Pixel 3 Android phone and looked at the network. I immediately noticed that all the devices now have a 10.29.179.xxx addresses. That easily explains why I can't ping from my PC to the Raspberry Pi. They aren't in the same address space.
I did discover that I can ping the Raspberry Pi if I use the IPV6 address. I can even get PuTTY to connect using the IPv6 address, although I was unable to successfully login. I don't know what is causing the login problem, but it's probably something mundane.
I suspect that I can make my Rpi conform to the rest of the network using a static IP address, but that might cause problems if I take the robot somewhere else to demonstrate what it can do. What I would like to understand is why most of my network, using DHCP, is on the 10.x.x.x network and the Raspberry Pis seem to wind up with 192.168.1.xxx addresses.
One further wrinkle. We have two routers, the FIOS router, and a LinkSys WRT1900AC, which is the router on which WiFi is enabled.
I suspect this problem is caused by having the two routers or by something inherent in the way the Raspberry Pi interacts with DHCP.
I would like for my Raspberry Pi to configure with an IPv4 address I can use, no matter what network I am connecting it to, and I'd like to understand why this problem is happening in the first place.
Let me know what additional information you'd like to see.
* Additional Notes *
As to the comment that I have not done research. I spent a week reading through stackoverflow problems and reading up on documentation of DHCP without finding the answers to my question. I do not ask questions idley. I ask questions when I cannot find answers and need the help of people more expert than myself in the areas in which I am having trouble.
I have solved the login problem. It was a stupid password mistake.
So now I can login, over wifi, using the IPv6 address, but not with the IPv4 address.
On the FIOS router, both the 2.4 and 5GHz wifi channels are turned off.
As suggested by Ljm Dullaart, the problem was that there were two DHCP servers on the network. After I turned off the FIOS DHCP, my problems went away.