TechSpot

Bridging two routers of different brand

By Trailer
Jan 25, 2011
Post New Reply
  1. Hello.

    My title is a somewhat simplified version of my question, I will try to go a little more into detail.

    I just bought a new router, Cisco E-3000. I want to bridge this with the old router, a 3com router.

    Problem is, the old router is not mine. And I'm not allowed to remove the old network.

    What I would like to do:
    Set the new router up as primary router. Set the old router up as secondary. Keep the old security settings on the old router so that everything remains the same for the other users.(They don't want a password for some odd reason).

    What is the point of all this?
    I want my router to be on a different subnet, with better security and QoS. This way, my network stays better protected, meanwhile the other users will not even notice things have changed.

    Would this be possible?
     
  2. jobeard

    jobeard TS Ambassador Posts: 9,317   +618

    use the following layout

    modem==firstRouter(lan)------(wan)newRouter----your systems

    any request(s) from your systems will flow out to the Internet and back to you correctly,
    but nothing attached to the firstRouter will be able to access the newRouter or beyond,
    as firstRouter keeps its default route to be its Wan Side connection, not the port to the newRouter.

    The newRouter(wan) side will take its address from the firstRouter.

    You set the newRouter IP address to what you want and let its DHCP make assignments for your systems. The three common addresses for private LANs are
    1. 192.168.x.x
    2. 172.16.x.x
    3. 10.x.y.z
    If the firstRouter is on say (#1), then set yours to 2 or 3 - - this makes it even more interesting for the upstream systems :)

    one consequence: the new router will be isolated and thus no port forwarding will be possible,
    reason: it would be required to port forward on BOTH routers. This may impact gaming or any 'servers' on your systems.
     
  3. Trailer

    Trailer TS Rookie Topic Starter

    Thank you for you answer. Incidentally, it describes the settings I'm running on right now.

    The problem with this setting is, quality of service on new router will only be able to manage the connection to it. So if someone is downloading on the old router, quality of service won't be able to do anything about it. Furthermore, port forwarding won't work either.

    So the next question is. Is it possible to do it the other way around?

    modem -- newrouter -- oldrouter

    I have made som research myself. The only thing I could find about this is that both routers would have to have the same password. This would mean affecting the old network.
     
  4. jobeard

    jobeard TS Ambassador Posts: 9,317   +618

    yes the inverse setup works too, but needs extra firewall protection.

    Also, each router can have it's own AdminUser/Password. it is NOT true that they
    need be the same and actually better that they are not.

    the setup modem -- newrouter(lan) -- (wan)oldrouter---oldSystems
    would allow oldSystems to guess IP addresses on newRouter and attempt to access
    via \\ipaddress\share or http : / ipaddress

    The newRouter(lan) will create an IP address on the oldRourter(WAN) in the ip-range
    defined for the newRouter - -

    for illustration, if newRouter is at 172.16.1.1 and has a DHCP range of 2-10,
    then you use the oldRouter Mac to perform an Address Reservation on your newRouter
    OUTSIDE the dhcp range (say 1.100) to avoid address conflicts.
    With Address Reservation, you don't need to touch the oldRouter :) :giddy:

    the oldRouter will create a gatway address =:= to its own IP address, eg 192.168.x.y
    which will flow thru the Wan address (172.16.1.100) and on to your gateway address on the newRouter.

    To slam the door on such all attempts (recall new router has a different non-routable IP address) add to your firewall deny rules for input from oldSystem.

    So add a rule to your FW
    deny in tcp/udp source-ip 192.168.x.0, mask 255.255.255.0​
    and your newRouter will be seen, but NOTHING else :)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...