Menu
What's new
By:
Filters Better Search

Two subnets...

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

M

MegaBill

Occasional Visitor
Hello. I've spent the past few weeks absorbing information from here while upgrading to a new & improved home network. I've managed to get everything up and running well enough to walk away, but it was running a bit better and I'd like to understand what has changed...

The "problem" is that I can't communicate with one subnets router from the other subnet. I can reach any other device on either subnet from the other but not the router. And I used to be able to.

3 TP-Link C5 router setup in Y configuration:
- 10/100/1000 capable
- subnet masks all 255.255.255.0
- DNS address(s) provided and common to all

Internet router:
provider IP WAN dynamic
192.168.0.1 LAN static
feeds 2 static IP's, one for each LAN
192.168.0.10
192.168.0.20
firewall enabled
static routing : 192.168.1.0 to 192.168.0.10
static routing: 192.168.2.0 to 192.168.0.20
no wifi
DHCP disabled

LAN 1 router:
192.168.0.10 WAN static
192.168.1.1 LAN static
192.168.0.1 gateway
firewall disabled
static routing: 192.168.2.0 to 192.168.0.1
static routing: 192.168.1.0 to 0.0.0.0
static routing: 192.168.0.0 to 0.0.0.0
static routing: 0.0.0.0 to 192.168.0.1
dual band wifi enabled
DHCP enabled (30 addresses)

LAN 2 router:
192.168.0.20 WAN static
192.168.2.1 LAN static
192.168.0.1 gateway
firewall disabled
static routing: 192.168.2.0 to 0.0.0.0
static routing: 192.168.1.0 to 192.168.0.1
static routing: 192.168.0.0 to 0.0.0.0
static routing: 0.0.0.0 to 192.168.0.1
BGN wifi enabled
DHCP enabled (30 addresses)

As mentioned, except for routers all devices can communicate with all others. Devices include 3 desktops, 5 laptops, 2 netbooks, 2 Ipads, 3 phones, 1 tablet, 1 printer, 1 NAS and 8 IP cams (both wired/wifi with repeaters and a 5 GHz AP connected to a dual band CB/AP). Also, LAN 1 router feeds a D-Link router as a basement AP in a LAN-to-LAN setup. And 2 tv's... Fixed devices have static IP addresses, mobile devices are DHCP'd. Each LAN router has a remote 10/100/1000 switch and Cat 6 cable where required. Mix of XP and Win7 OS's with the Apple devices for flavor.. The NAS is linux based.

With no formal IT training or experience it's a wonder any of this stuff works at all... Trial & error and a ton of patience have worked well for me. And the internet...

I should mention that, when I lost the ability to ping the other LAN's router, I also lost the ability to name my network shares. Access by IP address still works, which led me to a network naming issue, but all my fixes did nothing. NetBios over IP enabled, IPv6 not, common LMHOSTS, even tried WINS but couldn't enable a server on any of my boxes.

I can certainly live with the system as-is, and I need a break as I've been at this solid for over 3 weeks, but I'd like to understand wtf happened to my network to prevent me from administering it via netbook without switching subnets.

Thanks very much. If I've omitted any info or can answer any questions, fire away.

/b

edit 1: included DHCP status
 
Last edited:
Do you need 2 subnets? If not, you should have a single router and use the sub-"routers" as switches.

Your LAN 1 & 2 routers, what are they (from a device/manufacturer perspective)?


I think you have a "double-NAT" setup, which is usually bad.
 
I decided on two subnets because the IP cameras degraded internet performance to dial-up status. My wife, well, you know... We were happy with 4 cams but there's been a rash of daytime B&E's in our rural area. Will be adding more cameras as the budget permits.

The cams and related infrastructure are on LAN 2, and the main internet appliances are on LAN 1. Happy, happy happy...

Double NAT, how bad is that and what might it cost to remedy? I looked into VLAN's when I started this journey but backed away real quick; maybe I should have taken the leap.

edit: After double checking, I have the "NAT Boost" feature disabled on the two LAN routers. I don't know if this disables NAT completely, and don't know how to check... Any insight?
 
Last edited:
Perhaps you should hire someone to solve your problems?

Network design, especially from a security perspective, should not be a DIY project for those who have much to lose (robbery).

(PS/Disclaimer - I've worked for a security company in a rural area.)
 
:) As mentioned, I'm happy with the system performance at the moment; just looking to understand how things are working. If something goes south I'm the tech on call: I document damn near everything so I can pick up the pieces 6 months from now.
 
MegaBill said:
:) As mentioned, I'm happy with the system performance at the moment; just looking to understand how things are working. If something goes south I'm the tech on call: I document damn near everything so I can pick up the pieces 6 months from now.
Click to expand...

There are some great books out there. Honestly, as a networking hobbyist, I cannot think of any simple explanation for computer internetworking, especially routing (aka "the internet").


Try this post for more info. Most fundamental info is already out there to be found, unless you are an innovator.

Knowledge of the OSI model is vital (but also confusing when you delve into the details of the internet.)
 
Thank you, Nullity. The Loyola University resource is going to require some slow reading to take it all in, but it clears up a few foggy areas... I'm going to adjust my DNS parameters on the LAN routers and check their performance in the morning.

And the double-NAT thing... It seems that my internet connection is double-NATed but with no apparent impact; I can access all my cameras via cell phone (with wifi off), as well as all the programs and files on the NAS.

From what I've read, my LAN-to-LAN connection is twice-NATed rather than doubled. With static routing in place to properly direct traffic this shouldn't be a problem. It's working...

Thanks again
/b
 
The DNS mods had no impact, nor did deleting the dns/arpcaches with netsh, nbtstat -R and ipconfig/flushdns while rebooting the computer, routers and switches. Everything comes back to its prior state of connectivity. I went as far as forcing the routers MAC into the ARP table using arp -s, but that did nothing.

I'm logged in at 192.168.1.110 and can ping the NAS at 192.168.2.9, but the router at 192.168.2.1 times out... Strange.
 
Still can't ping the lan side of the two subnet routers; there's a checkbox on the Advanced Security page marked "Ignore Ping Packet from WAN Port to Router" that doesn't seem to do anything... I'm thinking the firmware needs reloading. I recall this problem showed up soon after ITunes was installed and wonder if there's a connection.

I did manage a work-around though; enabled the wireless adapter on two machines, one per lan, and linked to the opposite lans wifi. Now both lans can see every device on the network, including the routers. No downside so far... Adapter metrics are adjusted so the wire takes precedent over the wireless.
 
You said you decided to use two subnets because of some IP cameras causing network problems... Fix those cameras and use a single subnet.

All of your problems seem to be focused around your overly complex LAN.

Perhaps you need a managed switch? Like I said earlier, maybe you should hire someone if your needs are complex.
 
Nullity said:
You said you decided to use two subnets because of some IP cameras causing network problems... Fix those cameras and use a single subnet.

All of your problems seem to be focused around your overly complex LAN.

Perhaps you need a managed switch? Like I said earlier, maybe you should hire someone if your needs are complex.
Click to expand...

Why hire someone when I have you...? And everyone else of course...

The cameras must remain segregated from the netflix, I-Tunes and facebook side of the world, sharing only the NAS and the gateway router. Our internet is supplied via wifi and max's out at 5 down and 1 up; after 4 on a Friday I expect to see less than 1 and 1, so optimizing internal network traffic is a priority to make the 'net usable at all. We expect to add more cameras, up to 16 eventually. BTW; the cameras are also split into two redundant systems, each capable of taking over the others duties if required. All data is accessible via internet along with remote management. You keep mentioning that I should hire someone... I think I'm doing just fine.

I've learned a lot in the past few weeks. Last time I did any kind of serious upgrades was something like 8 years ago; I was quite happy with XP, thank you very much, but time moves on. Now I'm up to my butt in Win7 with a touch of 10 to prepare me for the inevitable.

When I looked at managed switches, they were so far out of my comfort zone that I passed right away. Now, weeks later, I'm looking at the TL-SG2008 and thinking I could handle that. Not yet though; the stuff I have is working good and I understand how >95% is communicating and where the weak spots are. I've also assembled quite a toolbox of network utilities; its fascinating to fine tune filters in Wireshark, and I hope to one day get Nmap to draw me a perfect rendition of my network topology. And linux... what a wonderful language... I learned BUFF40 Fortran and played with Cobol in the early '70s, programming via punchcard; we've come so far...
 
Last edited:
sfx2000 said:
And for that reason - I'm disinclined to comment...
Click to expand...

That's helpful...

I've got one guy saying it's too complex and another thinking I should spend big bucks to do what has already been done...

I didn't invent my network. There's this guy, maybe you've heard of him, name of Tim Higgins. Seems he did this back in 2003. Kinda figured maybe someone has run into this minor issue before now.

http://www.smallnetbuilder.com/lanwan/lanwan-howto/24428-howtotwoprivlan?start=1
 
MegaBill said:
That's helpful...
...
Click to expand...

Actually, it is very helpful.

There is a reason why nobody else has responded to your posts... I am not sure what that reason is, but sfx2000's input offers hints that may help you create post that would encourage more responses.
 
MegaBill said:
That's helpful...

I've got one guy saying it's too complex and another thinking I should spend big bucks to do what has already been done...
I didn't invent my network. There's this guy, maybe you've heard of him, name of Tim Higgins. Seems he did this back in 2003. Kinda figured maybe someone has run into this minor issue before now.
http://www.smallnetbuilder.com/lanwan/lanwan-howto/24428-howtotwoprivlan?start=1
Click to expand...

First off, your network is more complex than most companies with less than 100 employees have in terms of topology. So yes, it is complex.
Second, the network design in the article linked is considered sub-par to the currently accepted topology of Gateway-Router>Layer3 Switch as well use the use of VLANs.
Third, unless you have a serious background in networking it is very hard to understand just from words alone. Draw a diagram out using a tool designed for the job: https://www.draw.io/ . More people will be able to respond and help if they understand what is going on.
Fourth, you were given the advice to pay someone to "do it right" for one reason and one reason alone; Your cameras technically are NOT working correctly. There is no reason for LAN traffic to affect anything else in a normal network unless they are constantly transmitting data over a shared pipe (like the WAN connection).

Now that that's out of the way, lets cut up your issues into multiple individually resolvable points.

1. The routers you have do not support classic routing. This is from the manufacturer as well as looking through the entire firmware. Most of your issues are coming from this limitation.
Read this for more info; http://www.tp-link.com/en/faq-676.html

2. DNS should be pointing to a single device and forwarding from there. Best bet is either the NAS or the LAN1 router with something like 8.8.8.8 or 208.67.222.222 as the forwarding address.

3. Fix those cameras. A bit more info on them and we may be able to help. Eg. What do they record to? Are they over WiFi or hardwired? etc.

4. Because the routers are not able to do "Classic" routing, you need to enable remote management on them to be able to ping them from subnet to subnet.
 
Nullity said:
Actually, it is very helpful.

There is a reason why nobody else has responded to your posts... I am not sure what that reason is, but sfx2000's input offers hints that may help you create post that would encourage more responses.
Click to expand...

Pls - never take the group's collective insight for granted... we share as a matter of community...

last comment here...
 
I think your network is too complex for dividing cameras from workstations. All you need is 2 networks which can be as simple as 2 VLANs. You also want to eliminate the double NAT.
 
Cloud200 said:
.....
Draw a diagram out using a tool designed for the job: https://www.draw.io/ .
.....
Click to expand...
Thanks for the link. I checked it out today and made a little diagram of my current home network configuration. A very nice free diagramming tool.

Ole
My Home Network.png
 
Last edited:
oletuv said:
Thanks for the link. I checked it out today and made a little diagram of my current home network configuration. A very nice free diagramming tool.

Ole
View attachment 5858
Click to expand...
Holy cow... !!!
Never is the KISS principle more applicable than in networking.
Respectfully suggest you start with a clean sheet of paper & implement the simplest topology using the least amount of devices possible. Preferably same manufacturer.
 
chris2kari said:
Holy cow... !!!
Never is the KISS principle more applicable than in networking.
Respectfully suggest you start with a clean sheet of paper & implement the simplest topology using the least amount of devices possible. Preferably same manufacturer.
Click to expand...
Why? I´ve already bought the hardware, set it up according to the diagram and tested it. I´ll put the network in production when I move into a new apartment in the beginning of June. One thing I´m considering is to change the Linksys LRT224 router with pfSense running in a Mini-ITX pc.

6 months back I knew nothing about networking. It started with the idea of bypassing the ISP hardware (media-converter, router) and plug the fiber into a switch with a SFP module and split the ISP VLANs. I´m retarded ... sorry retired, and learning a little about networking has been a fun excercise in my old days. :)
 
Last edited:
You must log in or register to reply here.

Similar threads

zeeblefritz
Asus RT-AC66U Merlin Stuck applying settings when manually assigning IP
Replies
19
Views
515
eibgrad
eibgrad
Z
Subnetting w/AXE16000 and MoCA
Replies
17
Views
391
Zim
Z
Divader
DNS not working directly from router but works fine everywhere else on network - nslookup server 0.0.0.0
Replies
18
Views
965
Ripshod
Ripshod
H
DHCP server change Pool Starting Address
Replies
4
Views
385
Tech9
Tech9
M
OpenVPN clients cannot connect to LAN computers.
Replies
0
Views
587
MNBob
M

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 898 (members: 32, guests: 866)
Top