Cascading routers - how to access admin features from one to the other?

By lucdesaulniers
Jul 5, 2009
Topic Status:
Not open for further replies.
  1. OK, my subject line might sound cryptic! Here is my set up: first router (main) is connected to the cable modem and provides std addresses as 192.168.1.2 (base is 192.168.1.1) etc. I have a second router (same brand) as a gateway connected to my main. This second router base address is 10.10.10.1 and all that are connected to this one have manually provided IP addresses (such as 10.10.0.2, etc). The main one provides WIFI access as for the second one do not.

    Now my question: from my laptop who uses the WIFI network, how can I reach or connect to the other network (the one that is managed with the router with the 10.10.10.1 address? The purpose? I would like to access the computer connected to it as if they were part of the WIFIed network. And be able to access the router management page. Any clue?
  2. jobeard

    jobeard TS Ambassador Posts: 13,352   +301

    first some basics;

    examine the router (the box itself). everything attached to a LAN slot will default to
    routing upwards using the WAN slot -- that's a big clue as to what the routing tables looks like.

    second; to manage the configuration of a specific router:
    a) WIRE a system directly to it
    b) login to the router config page using the current router's ip-address

    if your network is
    modem---router#1----router#2---router#3

    then a system attached to routerX will route upward to router(X-1) and NOT downward to router(X+1)

    if you wish to have ALL systems (wired and wireless) see and share with each other, then you have too many distinct address.
    Leave router#1 as is. disconnect router#2 from #1 and wire router#1 to a LAN port on router#2, leaving its WAN port empty. Log into router#2 and disable DHCP.

    Now do the same for the wire from #2-->#3 and disable#3 DHCP.

    All systems (wired or WiFi) will get ip-assignments from router#1 and will be able to
    ping and share files.
  3. lucdesaulniers

    lucdesaulniers Newcomer, in training Topic Starter


    If I get you right, and it make sense, is to have the second router be the WIFI access and the one directly connected to the cable modem, to be the one were other computers are hardwired to?
  4. jobeard

    jobeard TS Ambassador Posts: 13,352   +301

    yes, but you can also use a Wired connection to the WiFi router too :)
  5. lucdesaulniers

    lucdesaulniers Newcomer, in training Topic Starter

    Looks totally right. I will set that up tomorrow (a bit tired now) and post back the results. Thanks, sounds totally logical.
  6. lucdesaulniers

    lucdesaulniers Newcomer, in training Topic Starter

    Hello Jobeard,

    It works. I have another question for you. Initially, I had set-up these routers in that manner to double protect me from a bad neighbor who was able to brake through my WiFi network big time (he owns an ISP company! - he even got through my cable modem - got a grudge about my fence and he is bipolar according to the policemen). Wiring my hardware on the router 10.10.10.1, I was basically cutting out any attack (been OK for the past 18 months). If I leave the routers as they are now (following your advice), meaning wifi is now 10.10.10.1 etc, am I still as well protected (and yes, I have setup WEP, and I am not broacasting the routers SSID..)?

    Again, many thanks for the advices..
  7. jobeard

    jobeard TS Ambassador Posts: 13,352   +301

    let's define YOUR usage of the Wifi.

    a) Does anyone at home accessing the WiFi for Internet ALSO need to share files on any of the wired systems?

    b) the WiFi ought to be using WPA2 or WPA and not WEP

    c) I need the make/model # of the WiFi router to see some settings that may assist us
  8. lucdesaulniers

    lucdesaulniers Newcomer, in training Topic Starter

    To qestion:

    1. Yes, me. Mostly from my laptop (PB 700 w/OSX 10.5.7) and/or the iMac (Intel). The iMac is used by my wife who mainly surf the Web with it. Also connected to the WiFi is: iPhone, iPod, a network camera (yes, checking the fence ;-), AppleTV, Wii (ok, ok..) which can be can be hardwire.

    2. WPA or WPA2 not possible for my camera, -not an option, OK for the other hardware. Also have to have my xBox 360 connected only by wire (using Netgear Wall-plugged Ethernet Bridge XE102 - actually I have 3 of them). Also use from time to time one of the bridge to connect an old PC (XP)

    3. Routers are: Linksys SRX and WRT54GL

    As you can see, a well connected household. :)
  9. jobeard

    jobeard TS Ambassador Posts: 13,352   +301

    BOTH are WiFi
    Ok, given (2), you can use one router for the camera and the other for real devices needing protection of WPA2/WPA; highly recommended
    Your big issues are *What needs to be shared* vs *What needs to be protected*
    As your private data are on the systems, it would seem to be natural to segregate SYSTEMS from Devices. Wire (or access WiFi) your laptop and the iMac to the same router and sharing print/files becomes easy. The iPhone/iPod will need access so you can access your Calendar, Contacts, Pictures and Music files.

    If you make the first router connected to the Modem use WEP for the camera,
    then use WPA on the second for everything else.

    Which router is router#1 to the Modem where the camera would attach?
  10. jobeard

    jobeard TS Ambassador Posts: 13,352   +301

    the linksys srx would appear to be the wrt54gx2

    on the config->max filter tab you have the ability to ALLOW vs DENY specific MAC addresses.
    To lock down access, enter the MAC device address (not the IP address)
    of every device you wish to allow to access this router. If this is the WEP device, MAC filtering will add another layer of protection.

    How to find the MAC address?
    on the PC:
    run->cmd /k ipconfig /all
    the MAC is shown​

    On the iMac:
    open the Mac HD
    on the left, Click Applications
    scroll to Utilities and open it
    find the Network Utility
    in the choice box, select the Ethernet Interface (EN0)
    Hardware Address -- is the MAC address​

    You can also find these in the Router's Attached Devices display, which would help
    for the iPod, iPhone, et al

    Record these and then add them all to the MAC address ALLOW table
  11. lucdesaulniers

    lucdesaulniers Newcomer, in training Topic Starter

    Hello Jobeard,

    Understood. Looks like a week-end project! I will used router 1 (the one connected to the cable modem) for the camera, and everything else to the second one. To do this and if I understand right I will be using the WiFi feature of BOTH router. No. 1 WEP with MAC permission restriction and No. 2, for everyting else in WPA + MAC permission restriction. All under WiFi and retaining LAN IP as they are now. Right?
     
  12. jobeard

    jobeard TS Ambassador Posts: 13,352   +301

    BINGO :)

    sole issue is access to the camera from ALL systems; the following will create ONE LAN where all system can access everything

    I suggest router#1 configure:
    router address 192.168.1.1
    DHCP ON with addresses pool of router address 192.168.1.2-10
    MAC Filtered
    WEP encryption
    channel X
    ssid anything-you-like​
    Wire a LAN port of this router to the WAN port of router#2

    router#2 configured:
    router address 192.168.1.100
    DHCP ON with addresses pool of router address 192.168.1.101-110
    MAC filtered
    WPA2 or WPA encryption
    channel y
    ssid anything-ELSE-you-like​

    hint: add the encryption LAST and be sure all system can PING everyother device

    If you want to isolate any WiFI devices (or systems) from all the others, then we
    change the IP address of router 1 and the DHCP addresses it will control

    The above design creates a lan with addresses like
    192.168.1.1-->10 and then 192.168.1.100-110

    your firewall can then have rules to tread the lower addresses (1-10) differently
    than those from 100-110.
  13. lucdesaulniers

    lucdesaulniers Newcomer, in training Topic Starter

    Jobeard, your are are genious! I now understand the whole technical logic behind the setup. The whole key was X and Y channel! I never thought of that. OK, give me the week-end to set all this thing up and I'll report back on Sunday or Monday. I'll go to bed all little (actually, lot less) dumb tonight!. Many thanks.
  14. lucdesaulniers

    lucdesaulniers Newcomer, in training Topic Starter

    Hello Jobeard. Reporting as promised. Job done and everything is now working fine. It was a little longer than anticipated 'cause all my Netgear bridges had their own MAC address.. Took me a little while before realizing it.

    I still got an issue with my xBox 360 but it is not related to the setup. I'll research further the source of the problem and if I can't resolve by myself I may post the issue on this forum to see what solution there is.

    Again many thanks for the very helpful advises. I think the Administrator of this forum should make this thread a keep. I am surely not the only one looking to set such a network! -- Cheers
  15. jobeard

    jobeard TS Ambassador Posts: 13,352   +301

    Thanks for the feedback :)
  16. Dragginbutt

    Dragginbutt Newcomer, in training

    Novice question

    I have read a few of your replies and your knowledge appears way above mine, so I thought I'd send you a message to ask a simple question. First let me describe what I am trying to do.

    My local church has a DSL conneciton using a Link Sys Wireless G router for the admin staff to access the Internet. Right now there is no file sharing whatsoever as far as they know. Everything is done via Email.

    We want to expand this simple connection by adding two additional wireless routers. At this time, the goal is to isolate the additional routers from the admin section.

    If I understand correctly, the main primary router can remain in place, and I can cascade the additional devices by connecting to the lan ports on back of the primary router.

    I know that I have to set the IP addresses on the two additional devices, and if I understand correctly, by setting the third octet to something different, I will in effect be isolating the two devices downstream from the primary. Is this correct?

    Do you recommend I leave the ADMIN group on the primary device? Or should I just go ahead and create 3 seperate wired lans off the back of the Primary router?

    The goal of this is like I stated, to provide wireless capability to our Sunday school classrooms but making sure we do not expose our administrative network.

    I am also worried about someone using us as a hotspot. I think I can set a PW (SSIP) and I have to name the devices etc. I think I can fumble through this.

    I know this is all networking 101 stuff, but to someone who does not deal with this stuff on a daily basis, it can get a little over my head quickly.

    Any recommendations would greatly be appreciated.

    Gary
  17. jobeard

    jobeard TS Ambassador Posts: 13,352   +301

    1. Yes. Router#1 lan ports connect to Router#2+3 WAN ports which allow #2+3 to have unique addresses


      if mine to do, I would get a fourth router and go like this just to be sure:
      Code:
      modem---routerA  (assume IP address 192.168.1.1)
                 |
                 + ----- wifi#1 -- (set IP address 192.168.2.1) on channel 2
                 |
                 + ----- wifi#2 -- (set IP address 192.168.3.1) on channel 10
                  |
                 + ----- new.wired (set IP address 192.168.4.1) -- admin systems here
      
      If you need more connections than a single router can attach, just add a switch to one port and other systems to the switch
      If one WiFi router has a SSID of thisismine1, then the other might be thisismine2 for easy recognition :)
      The PW's could also be xxx1 and xxx2 :)
  18. jobeard

    jobeard TS Ambassador Posts: 13,352   +301

    btw: All routers are isolated from each other and

    sharing is ONLY possible on systems connected to the SAME router :)
  19. Dragginbutt

    Dragginbutt Newcomer, in training

    OK great. One last question. Should the main gateway be a wired router or can it be a WiFi? Or does it really matter? I read opinions both ways.

    Thanks a lot for getting back to me. I thought I had it worked out, but it is always a good thing to have a second set of eyes to make sure I was on the right track.
  20. jobeard

    jobeard TS Ambassador Posts: 13,352   +301

    Wifi adds another set of connections to manage. Personally I would use a wire-only router as #1 from the modem
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.