Question Can't force Google Wifi to a static IP address (and lease a specific range via DHCP)

tboydva

Distinguished
Dec 10, 2010
7
0
18,510
I am trying to add a GW mesh to my existing setup. I have one repeater which isn't onerous, but we're getting the basement finished out so I thought now I'd like to have my main router in the basement (where the FIOS comes in) and a GW mesh node (on hard wire) on each level. Each room is wired with CAT 5e - so from what I can tell, this is a physically sound setup.

The problem is that if the GW has a WAN address that's different than the LAN address, wifi devices are on a different subnet than wired devices - and many don't like that... My GW defaults to 192.168.68.x. while my internal LAN (wired and DHCP leases) is on 192.168.1.X subnet. I have quite a few devices (5 computers, NAS, 3 Tivos, 2 printers, etc) all on the internal LAN with static IPs.

With the GW, changing the LAN IP address is brutal (so far for me). With 2 hours online chat with a Google engineer, I was still unable to do it. I want my wired network supported by my ISP router. That router leaves 192.168.1.1 - 1.50 for wired devices. It leases 55-100 for wifi. I wanted my GW with a WAN IP of 192.168.1.51. Then it leases 101-250 for DHCP. Getting that to work by giving a LAN IP that's the same (or on the same subnet) as the WAN IP appears to be impossible. No real reason why it should be IMO... It clearly offers the ability to change it (menu pages). The app looks to offer this... It keeps giving me an error when I try to save saying, "failed, you need to be connected to the internet." I've tried on my neighbor's wifi, over LTE and connected to the Google Wifi. The Google tech was unable to figure out why? He had me update the GW with the latest firmware and reset. Still no love.

My question is a) has anyone done this successfully? b) am I just thinking about this wrong and it's insane to try and and keep all my devices on the same subnet (so they can actually communicate effectively)? c) should the GW app allow this? The tech thought perhaps my FIOS wasn't allowing it for some reason (he thought maybe "big" Verizon as the FIOS router looked to be configured properly).

Any thoughts from experts???? Thanks in advance.
 
First thing to remember is "mesh" is nothing magically. Some system have a slightly better form of wifi repeater. You are not using that feature anyway you are using them as AP.

Use of AP has been the standard large corporate customers have used since the beginning of WiFi. Mesh just wants you to think they invented it. True AP only use the IP to admin the box and it will be on the main network provided by the dhcp server on the fios box.

The only other claim mesh tries to make is that it allows roaming. This is pretty much a lie since the end device not the AP controls which connection is made. All these devices do is force a disconnect and hope the end device picks a better conenction. Realistically how often are you going to walk around you house watching netflix and need roaming. You might fall down the stairs if you really attempt it. All you do to force a switch if your units stays connected to the wrong AP is to stop and start the wifi quickly on your device.

Since you have the ability to run all AP and have not purchased everything I would just put the google device aside. You can buy cheap routers to use as AP if you want. If you want real AP look at ubiquiti they tend to be cheaper than the mesh units. Ubiquiti also have central control software than runs on a pc that lets you centrally admin them as well as it has a "roaming" feature that function like the mesh units if you really want that feature.
 

tboydva

Distinguished
Dec 10, 2010
7
0
18,510
Bill001g - Thanks for the reply. I understand what you're saying. I currently have several access points (one being in the garage and one being upstairs). Sometimes, my devices disconnect and reconnect to an AP with better signal strength. Mostly, they don't. So - I was interested in the mesh tech (as you say - not really new) so that the switching was more seamless and robust. I have no first hand experience with it, so perhaps your assessment will be my guide.... The reviews make it seem more robust - but perhaps the manufacturers are the ones sponsoring the reviews. As you have some experience with the mesh routers, are there any that are more customizable than GW? Are there any with an actual web interface so I don't have to use a stupid app and minuscule cell-phone keyboard? That might be a good starting point for me! I want a decent AP for each floor and garage that can be hard-wired via ethernet and be customized to lease a custom range of IP addresses... I am looking over the ubiquiti documentation. Looks like it's very configurable! Thanks.
 
Maybe the next generation of wifi will have better feature for roaming but that maybe smoke and mirrors also. It will of course do nothing until all the end device also have the support. I am buying none of this for a couple years by then it will be stable and cheap.

Many years ago cisco used to load custom wifi drivers on pc and a small subset of cell phones. They had support that allow a central server (cost more than a car) to control the end device very similar to a cell tower. It solved even problems like roaming between floors with different IP subnets. It was true "seamless" roaming. It was a massive undertaking to keep all those devices updated with drivers.

Wifi was never designed to have any roam ability. The end client only has a single radio and if it attempt to use it to scan for better signals it must drop the connection to use the radio to scan. In a cases where there is no better radio source it would constantly drop and reconnect to the same radio source. Pretty much the way it works is when the signal level drops to some level (almost unusable by default) it then scans. You can change this value but then take the chance it drops and reconnects a lot.

Any of these so called roaming systems just force a disconnect when the central unit "thinks" there is a better connection. Since it has no way to talk to the end unit it really doesn't know if the viewpoint of the network is the same from the client end. It may still connect to the wrong AP. It is far from seamless you get a full 1-2 second outage which can drop application programs.

Again the "mesh" feature on routers is really the repeater function. You are lucky to have ethernet and do not even need to deal with the repeater issues.

Be careful to not get sucked in by tech. How often do you actually need to make changes to a AP or even access them. How often do you move from room to room. How hard is it to just click stop/start on the wifi icon.

Really a $50 dual band router likely will be fine as a AP. Even the cheapest ones have pretty good web interfaces. Just assign them different IP when you first configure them and you can get to them whenever you want.
 

tboydva

Distinguished
Dec 10, 2010
7
0
18,510
Hi again Bill001g. I am still researching what will be the "new" wifi system in my expanded house. I had another "general" question I guess. I get hit constantly with failed login attempts. I mean 10 per second almost.... I have rules for blocking after unsuccessful tries. However, I'd like to use one of the IP database systems to output all countries besides the US (they have an IP_TABLES output) and upload it to my router... I can't seem to find any routers (easily via web searching) which allow this? Seems like a no brainier. I haven't really looked into dd-wrt, but perhaps that may be the way to go. Have you any pearls of wisdom on this? Seems like it would cut off much of the attack avenues restricting IPs to just one or two countries. Might be a hassle for web browsing though I guess....
 
You mean logging into your router from the internet. I would completely disable the ability to log into the router from anything but the lan. This is generally the default setting.

Pretty much with no port forwarding rules set your router acts a a very strong firewall. Purely because it is stupid it will only allow traffic to return from ip on the internet if they were first contacted by your internal machines. If traffic would come from some unknown machine the NAT does not know which of your internal machines to send it to so it just drops it. This pretty much makes it impossible for anything to even attempt to hack you internal machines.

The router itself generally does not accept connections, unless you allow it. Some will respond to ping by default.

Using actual firewall rules on a router uses cpu and the more rules you put in the worse it gets. The least cpu intensive method of blocking blocks of ip address is to use the ROUTE command rather than a firewall rule. You just route those block to null or to a dummy ip. This means that even if this traffic gets to your router it send the responds to the black hole rather that the actual ip.

Still even using this feature can kill a consumer router if you have a high speed internet. To get speeds above about 250mbps they use a feature that bypasses the cpu for the NAT. This prevents you from using many fancy router features without disabling this and allow the CPU to do the NAT which caps your speed.
 

tboydva

Distinguished
Dec 10, 2010
7
0
18,510
Sounds very straightforward. My NAS (behind the router) has a route for the webserver (not on port 80). I also have a route for SSH but I believe I will use a RaspPi for internal access from outside when needed and remove the SSH route. There are so many login attempts (all have failed thankfully). Just thought it might be prudent to block all IP addresses from China, Russia, etc at the router.

bill001g - thanks again for your clear and unbiased information and advise. I have just enough knowledge to be dangerous so reading online can lead to more harm than good sometimes... Too much information and if you don't really understand some of the fundamentals, you can be led down a non-fruitful path... I really appreciate your responses and feedback.

-Tom