Cascading routers - how to access admin features from one to the other?

[lucdesaulniers]

OK, my subject line might sound cryptic! Here is my set up: first router (main) is connected to the cable modem and provides std addresses as 192.168.1.2 (base is 192.168.1.1) etc. I have a second router (same brand) as a gateway connected to my main. This second router base address is 10.10.10.1 and all that are connected to this one have manually provided IP addresses (such as 10.10.0.2, etc). The main one provides WIFI access as for the second one do not.

Now my question: from my laptop who uses the WIFI network, how can I reach or connect to the other network (the one that is managed with the router with the 10.10.10.1 address? The purpose? I would like to access the computer connected to it as if they were part of the WIFIed network. And be able to access the router management page. Any clue?

 

[DelJo63]

first some basics;

examine the router (the box itself). everything attached to a LAN slot will default to
routing upwards using the WAN slot -- that's a big clue as to what the routing tables looks like.

second; to manage the configuration of a specific router:
a) WIRE a system directly to it
b) login to the router config page using the current router's ip-address

if your network is
modem---router#1----router#2---router#3

then a system attached to routerX will route upward to router(X-1) and NOT downward to router(X+1)

if you wish to have ALL systems (wired and wireless) see and share with each other, then you have too many distinct address.
Leave router#1 as is. disconnect router#2 from #1 and wire router#1 to a LAN port on router#2, leaving its WAN port empty. Log into router#2 and disable DHCP.

Now do the same for the wire from #2-->#3 and disable#3 DHCP.

All systems (wired or WiFi) will get ip-assignments from router#1 and will be able to
ping and share files.

 

[lucdesaulniers]

3

then a system attached to routerX will route upward to router(X-1) and NOT downward to router(X+1)

if you wish to have ALL systems (wired and wireless) see and share with each other, then you have too many distinct address.
Leave router#1 as is. disconnect router#2 from #1 and wire router#1 to a LAN port on router#2, leaving its WAN port empty. Log into router#2 and disable DHCP.

Now do the same for the wire from #2-->#3 and disable#3 DHCP.

All systems (wired or WiFi) will get ip-assignments from router#1 and will be able to
ping and share files.

If I get you right, and it make sense, is to have the second router be the WIFI access and the one directly connected to the cable modem, to be the one were other computers are hardwired to?

 

[DelJo63]

yes, but you can also use a Wired connection to the WiFi router too

 

[lucdesaulniers]

yes, but you can also use a Wired connection the the WiFi router too

Looks totally right. I will set that up tomorrow (a bit tired now) and post back the results. Thanks, sounds totally logical.

 

[lucdesaulniers]

Hello Jobeard,

It works. I have another question for you. Initially, I had set-up these routers in that manner to double protect me from a bad neighbor who was able to brake through my WiFi network big time (he owns an ISP company! - he even got through my cable modem - got a grudge about my fence and he is bipolar according to the policemen). Wiring my hardware on the router 10.10.10.1, I was basically cutting out any attack (been OK for the past 18 months). If I leave the routers as they are now (following your advice), meaning wifi is now 10.10.10.1 etc, am I still as well protected (and yes, I have setup WEP, and I am not broacasting the routers SSID..)?

Again, many thanks for the advices..

 

[DelJo63]

let's define YOUR usage of the Wifi.

a) Does anyone at home accessing the WiFi for Internet ALSO need to share files on any of the wired systems?

b) the WiFi ought to be using WPA2 or WPA and not WEP

c) I need the make/model # of the WiFi router to see some settings that may assist us

 

[lucdesaulniers]

To qestion:

1. Yes, me. Mostly from my laptop (PB 700 w/OSX 10.5.7) and/or the iMac (Intel). The iMac is used by my wife who mainly surf the Web with it. Also connected to the WiFi is: iPhone, iPod, a network camera (yes, checking the fence ;-), AppleTV, Wii (ok, ok..) which can be can be hardwire.

2. WPA or WPA2 not possible for my camera, -not an option, OK for the other hardware. Also have to have my xBox 360 connected only by wire (using Netgear Wall-plugged Ethernet Bridge XE102 - actually I have 3 of them). Also use from time to time one of the bridge to connect an old PC (XP)

3. Routers are: Linksys SRX and WRT54GL

As you can see, a well connected household.

 

[DelJo63]

3. Routers are: Linksys SRX and WRT54GL

BOTH are WiFi

2. WPA or WPA2 not possible for my camera, -not an option, OK for the other hardware. Also have to have my xBox 360 connected only by wire (using Netgear Wall-plugged Ethernet Bridge XE102 - actually I have 3 of them). Also use from time to time one of the bridge to connect an old PC (XP)

Ok, given (2), you can use one router for the camera and the other for real devices needing protection of WPA2/WPA; highly recommended

1. Yes, me. Mostly from my laptop (PB 700 w/OSX 10.5.7) and/or the iMac (Intel). The iMac is used by my wife who mainly surf the Web with it. Also connected to the WiFi is: iPhone, iPod, a network camera (yes, checking the fence ;-), AppleTV, Wii (ok, ok..) which can be can be hardwire.

Your big issues are *What needs to be shared* vs *What needs to be protected*
As your private data are on the systems, it would seem to be natural to segregate SYSTEMS from Devices. Wire (or access WiFi) your laptop and the iMac to the same router and sharing print/files becomes easy. The iPhone/iPod will need access so you can access your Calendar, Contacts, Pictures and Music files.

If you make the first router connected to the Modem use WEP for the camera,
then use WPA on the second for everything else.

Which router is router#1 to the Modem where the camera would attach?

 

[DelJo63]

the linksys srx would appear to be the wrt54gx2

on the config->max filter tab you have the ability to ALLOW vs DENY specific MAC addresses.
To lock down access, enter the MAC device address (not the IP address)
of every device you wish to allow to access this router. If this is the WEP device, MAC filtering will add another layer of protection.

How to find the MAC address?
on the PC:

run->cmd /k ipconfig /all
the MAC is shown​

On the iMac:

open the Mac HD
on the left, Click Applications
scroll to Utilities and open it
find the Network Utility
in the choice box, select the Ethernet Interface (EN0)
Hardware Address -- is the MAC address​

You can also find these in the Router's Attached Devices display, which would help
for the iPod, iPhone, et al

Record these and then add them all to the MAC address ALLOW table

 

[lucdesaulniers]

Hello Jobeard,

Understood. Looks like a week-end project! I will used router 1 (the one connected to the cable modem) for the camera, and everything else to the second one. To do this and if I understand right I will be using the WiFi feature of BOTH router. No. 1 WEP with MAC permission restriction and No. 2, for everyting else in WPA + MAC permission restriction. All under WiFi and retaining LAN IP as they are now. Right?

 

[DelJo63]

BINGO

sole issue is access to the camera from ALL systems; the following will create ONE LAN where all system can access everything

I suggest router#1 configure:

router address 192.168.1.1
DHCP ON with addresses pool of router address 192.168.1.2-10
MAC Filtered
WEP encryption
channel X
ssid anything-you-like​

Wire a LAN port of this router to the WAN port of router#2

router#2 configured:

router address 192.168.1.100
DHCP ON with addresses pool of router address 192.168.1.101-110
MAC filtered
WPA2 or WPA encryption
channel y
ssid anything-ELSE-you-like​

hint: add the encryption LAST and be sure all system can PING everyother device

If you want to isolate any WiFI devices (or systems) from all the others, then we
change the IP address of router 1 and the DHCP addresses it will control

The above design creates a lan with addresses like
192.168.1.1-->10 and then 192.168.1.100-110

your firewall can then have rules to tread the lower addresses (1-10) differently
than those from 100-110.

 

[lucdesaulniers]

Jobeard, your are are genious! I now understand the whole technical logic behind the setup. The whole key was X and Y channel! I never thought of that. OK, give me the week-end to set all this thing up and I'll report back on Sunday or Monday. I'll go to bed all little (actually, lot less) dumb tonight!. Many thanks.

 

[lucdesaulniers]

Hello Jobeard. Reporting as promised. Job done and everything is now working fine. It was a little longer than anticipated 'cause all my Netgear bridges had their own MAC address.. Took me a little while before realizing it.

I still got an issue with my xBox 360 but it is not related to the setup. I'll research further the source of the problem and if I can't resolve by myself I may post the issue on this forum to see what solution there is.

Again many thanks for the very helpful advises. I think the Administrator of this forum should make this thread a keep. I am surely not the only one looking to set such a network! -- Cheers

 

[DelJo63]

Thanks for the feedback

 

[Dragginbutt]

Novice question

I have read a few of your replies and your knowledge appears way above mine, so I thought I'd send you a message to ask a simple question. First let me describe what I am trying to do.

My local church has a DSL conneciton using a Link Sys Wireless G router for the admin staff to access the Internet. Right now there is no file sharing whatsoever as far as they know. Everything is done via Email.

We want to expand this simple connection by adding two additional wireless routers. At this time, the goal is to isolate the additional routers from the admin section.

If I understand correctly, the main primary router can remain in place, and I can cascade the additional devices by connecting to the lan ports on back of the primary router.

I know that I have to set the IP addresses on the two additional devices, and if I understand correctly, by setting the third octet to something different, I will in effect be isolating the two devices downstream from the primary. Is this correct?

Do you recommend I leave the ADMIN group on the primary device? Or should I just go ahead and create 3 seperate wired lans off the back of the Primary router?

The goal of this is like I stated, to provide wireless capability to our Sunday school classrooms but making sure we do not expose our administrative network.

I am also worried about someone using us as a hotspot. I think I can set a PW (SSIP) and I have to name the devices etc. I think I can fumble through this.

I know this is all networking 101 stuff, but to someone who does not deal with this stuff on a daily basis, it can get a little over my head quickly.

Any recommendations would greatly be appreciated.

Gary

 

[DelJo63]

1. [*]At this time, the goal is to isolate the additional routers from the admin section.
   
   If I understand correctly, the main primary router can remain in place, and I can cascade the additional devices
   by connecting to the lan ports on back of the primary router.
   
   I know that I have to set the IP addresses on the two additional devices, and if I understand correctly,
   by setting the third octet to something different, Is this correct?

   Yes. Router#1 lan ports connect to Router#2+3 WAN ports which allow #2+3 to have unique addresses
   
   
   

   [*] I will in effect be isolating the two devices downstream from the primary.
   Do you recommend I leave the ADMIN group on the primary device?
   Or should I just go ahead and create 3 seperate wired lans off the back of the Primary router?

   if mine to do, I would get a fourth router and go like this just to be sure:
   

   modem---routerA  (assume IP address 192.168.1.1)
              |
              + ----- wifi#1 -- (set IP address 192.168.2.1) on channel 2
              |
              + ----- wifi#2 -- (set IP address 192.168.3.1) on channel 10
               |
              + ----- new.wired (set IP address 192.168.4.1) -- admin systems here

   If you need more connections than a single router can attach, just add a switch to one port and other systems to the switch
   

   [*]I am also worried about someone using us as a hotspot. I think I can set a PW (SSID) and I have to name the devices etc.
   I think I can fumble through this.

   If one WiFi router has a SSID of thisismine1, then the other might be thisismine2 for easy recognition
   The PW's could also be xxx1 and xxx2

 

[DelJo63]

btw: All routers are isolated from each other and

sharing is ONLY possible on systems connected to the SAME router

 

[Dragginbutt]

OK great. One last question. Should the main gateway be a wired router or can it be a WiFi? Or does it really matter? I read opinions both ways.

Thanks a lot for getting back to me. I thought I had it worked out, but it is always a good thing to have a second set of eyes to make sure I was on the right track.

 

[DelJo63]

Wifi adds another set of connections to manage. Personally I would use a wire-only router as #1 from the modem