[SOLVED] Setting up 2 Gryphons

[entgegnen]

Hello everyone,

I have been reading through the various "2 router - one modem" posts and answers - and I found myself a slight bit confused, so I thought I would post my own specific question.

Essentially, I just bought a (2) unit wireless system from Gryphon. My home is "pre-wired" with ethernet cable (so each room has ethernet which terminated in a central closet, where the modem from the cable company is). My initial thought process was that I would plug one Gryphon downstairs back of the house next to the entertainment center, and the other upstairs in the home office in the front of the house. I can easily plug each into ethernet cable, and then easily plug each into a switch in the closet - and from there, into the cable company modem.

But before I started unpacking things and hooking things up, I wanted to do some quick searches to see if there were any special considerations or actions I needed to take.

Bottom line, after reading everything, sometimes it seems like it would work ok (I would just need to do some WDS - assuming I understand the term wireless distributed network correctly - stuff to make sure each Gryphon router broadcasts the same network?) But other times it seems like this will only work IFF I also run a cable from Gryphon #1 to Gryphon #2 (which really cannot be accomplished based on where I want to place them).

Hopefully someone here might have some guidance to pass along? Thanks in advance for the help.

J

 

[bill001g]

If the device you have is really just a modem and not a modem/router your problem is the ISP only gives you a single IP address. Even though you can put a switch in front and hook up 2 routers only 1 of the 2 device will get a IP address.

Pretty much some form of router must go into the closet before the jacks that go out to the rest of the house. It does not have to be anything fancy since you are not going to use the WiFi. Ubiquiti makes a very powerful wired only router for $50.

You do not need WDS that is only used when you run devices as wireless repeaters.

You will want to run your 2 gryphon routers as AP to keep everything in 1 network. You are pretty much going to lose almost all the fancy parental control etc etc. You will only use the radio part of the devices.

The mesh feature have no value to you when you can use ethernet cables. Mesh is only used for wifi repeaters where there is no physical connectivity between the units. A mulitple AP install will always out perform any fancy mesh systems. The mesh stuff is mostly marketing, if it was such a good system large enterprise customers would have been using but they still run switches with AP.

 

[entgegnen]

Hi Bill001g -

Thanks for the email. I concede, I am racing to read through various posts so that I can inform/teach myself how this all works. Thanks for your patience!

In your response, you note that although I can put a switch in front of the modem, only one of the routers (down stream from the switch) will receive an IP address. That totally confuses me. I read an article saying that I should think of IP addresses as e.g. the address of an office building, and that within the office building, there would be individual office addresses. So why wouldn't every router hooked up to the switch simply have the same IP address? (I was imagining an office building with two or three separate doors to get into the building. Each of the three doors to the outside has the same street address. So why not the same - albeit identical - IP address?

What I had envisioned was the following:

Modem "A" (Cisco DPQ3212) to Switch "A" (Net Gear GS105NA) to Hard-wired Router #1 (Ubiquity Edge Router 4) which would have ethernet running to secure business computers.

While all of that was going on, I would also have:

Modem "A" to Switch "A" to Gryphon #1 (upstairs) for wireless access for kids computers, Xbox, etc.

AND

Modem "A" to Switch "A" to Gryphon #2 (downstairs) for wireless access for family/guests, etc.

I liked this because it gave me a separate, nonwireless firewall for my business computers, and completely separate wireless access for the kids computers so I can set access restrictions for homework time and bedtime, etc.

It sounds like you are trying to explain that the three routers cannot share the same IP? I figured that the IP would just go through the switch to the relevant router... and that devices accessing respective routers would just have the internal office address (as described by analogy above.).

Is it because each router is not merely a door to the same building, but also its own information desk for the internal addresses? Such that when computer #1 on Router #2 makes an outgoing request to the internet, the incoming response doesn't know which door to use to the building? and thus does not have access to the required internal office directory?

One last part - it sounds like you might say I could plug the Gryphon #1 and Gryphon #2 into the Ubiquity Edge Router to create my wireless network... and make all of this work... but would that mean if someone hacked my wireless (yes, probably unlikely), they would be behind the hardwired fire wall of the Edge Router... or would they still have to get through the firewall of the edge router to make it to any hardwired computer?

Thanks again for your help in getting me to understand this.

 

[bill001g]

A IP address is the lowest level of identify that is used on the internet. If the traffic would come into a office how would the switch know what device to give it to. There is no other identifying information.

A NAT router tries to trick this by using the port numbers in a session to map them to private IP addresses. Now you ISP could put a router in and run NAT and then give you a as many private ip addresses as you want on a switch. It is just not done that way. They give you a single IP address and it can be assigned to only a single hardware device.

 

[entgegnen]

Thanks again. Yes, I read somewhere that there are only 4-billion v4 (?) addresses - which is apparently the standard internet protocol. Perhaps when the next version comes out v6(?) there would be something like 100 trillion possible IP addresses... and the local cable provider would not ration them out.

As for the "last part" question... I added as an edit - so I am not sure if you saw it:

"it sounds like you might say I could plug the Gryphon #1 and Gryphon #2 into the Ubiquity Edge Router to create my wireless network... and make all of this work... but would that mean if someone hacked my wireless (yes, probably unlikely), they would be behind the hardwired fire wall of the Edge Router... or would they still have to get through the firewall of the edge router to make it to any hardwired computer?"

Any thoughts on this?

 

[bill001g]

That I don't know for sure. Generally a firewall is only used lan-wan. All the devices on the lan have no protection from each other.

Now that might be different on the edge router. I had one a number of years ago but I forget if you could define the vlans to be on different subnets and put firewall rules between them. I know you can do that with third party firmware on routers.

The problem I have seen is many times you lose the hardware offload ability when you do complex configurations. If your internet is less than say 300mbps it will make little difference if it is faster the cpu may bottleneck you.