Setting up a network with 2 subnets

Captain-M

Distinguished
Jun 14, 2006
46
0
18,530
I have a home network with a Rogers cable modem, a WRT54G wired/wireless) router, a Belkin MIMO router (wired/wireless), 2 8-port switches and 4 PCs (legacy clients), one laptop (one or more PCs can be deligated as servers). I would like to set up 2 subnets, and use the routers as well for DHCP. My existing network is one subnet, but would like to set up 2. All PCs go to the router for IP. Do I need a multi-homed PC (multiple NICS for bridge) or do I have adaquate H/W to set this up? Not sure where to begin? The O/S is XP/2K mix. Thx.
 
There is no real reason to set up 2 subnets unless you have more than 255 computers.

Do some research into subnet masks, if you want to pursue this further.
 
I'm with jjw here, your network isn't nearly big enough to need subnetting, neither from a bandwidth or number of hosts point of view. Still though, is there a particular reason you want to do this?
 
Yep i agree with you, the essence of subnetting is to reduce your broadcast domain when you are managing a large network , there is no need for you to have two different subnets with just four PC's,if its for security reasons there are other ways to go about it, you can restrict object access using SACL
 
just help the guy, don't tell him not to do what he wants to do!

i'm in the same boat with him. i have two routers to double my NAT protection. i don't care if you think i'm paranoid. the outside router is also my modem and i don't trust at&t. but the outside router provides wifi, therefore i want to subnet the outside clients (who are subjected to wep security) with the inside clients. please don't advise me that this is not a good idea. i just want to do it.
 
Leave DHCP turned on on both routers. Change the gateway IP address on the second router to something different from the first router. This will give you two networks with two seperate DHCP servers.
 
I don't really know what kind of setups those two routers have, but you will probably need three subnets. I'll give an example how they should maybe be setup, but you will have to figure out what to set in the routers.

WRT54G router will need a LAN IP of 192.168.0.1 with a subnet of 255.255.255.192
Belkin MIMO router will need a LAN IP of 192.168.0.65 with a subnet of 255.255.255.192
These will be the gateway IP's for the computers depending on what router LAN they are connected to.

Next, you will need a subnet between the two routers so use 192.168.0.129 with a subnet of 255.255.255.252 on the WRT54G router and use 192.168.0.130 with subnet of 255.255.255.252 for the Belkin router.

I'm assuming the WRT54G router's WAN port will be connected to the modem? You will then connect say LAN1 on the WRT54G to the LAN1 on the Belkin router. LAN2 on each router will be connected to a switch and (one or two)computers connected to a switch.

You will then have to put in static routes to each network on each router. WRT54G will need a static route to the 192.168.0.64 network, and the Belkin will need a static route to the 192.168.0.0 network.

When you are done you will have 61 hosts available for each network 192.168.1.2 - 192.168.1.62 and 192.168.1.66 - 192.168.126 which should be enough.

I don't know if I forgot something or messed something up since I don't play with networking much, but I hope this helps. :)

Edit: I just realized how old this thread was lol. 😛
 


Yes it's an old thread but I've just come across it as I sit here having wasted another whole evening trying to get my home network up and running! But I'm thinking that you might have the knowledge to help me, DarkNet!

I have two wired/wireless routers and a cable modem. Router A is connected to the modem through its WAN port and has a PC connected to one of its LAN ports. This router has an IP of 192.168.0.1 and is allocating addresses from 192.168.0.100 - 192.168.0.254 with a subnet mask of 255.255.255.0.

Router B is configured in 'Station' mode. It is allocated a static IP of 192.168.0.254 by Router A. Since the two routers are not physically connected, being at two different ends of the house, this IP address applies to Router B's wireless 'side' (can you tell I don't really understand this yet? 😀 ). Router B is configured internally (presumably on its wired 'side') with an IP of 192.168.1.1. It is allocating addresses from 192.168.1.1 - 192.168.1.254 with a subnet maks of 255.255.255.0. Connected to one of the wired LAN ports on Router B is a laptop, configured with a static IP of 192.168.1.101.

Ok, so as I understand it I have two discrete networks with two different subnets, not for any supposed security benefit but because I'm using the internal, wired LAN ports on Router B it seems unavoidable.

The laptop connected by an ethernet cable to Router B gets Internet access and I can ping Router A and the attached PC on the other subnet (192.168.0.0). I can even open shares on the PC from the laptop on the other subnet if I use the IP address rather than the computer name in the address. I can also ping the laptop connected to Router B from the PC connected to Router A if I first add a route on the PC using the 'Route Add' command to configure a route through the wireless 'side' of Router B (i.e. 'Route Add 192.168.1.0 mask 255.255.255.0 192.168.0.254).

That's all well and good but I want to be able to see the devices on one subnet when I open the 'Network' window in Windows Vista on devices in the other subnet. I want to see 'PCNAME' show up in the Network window of 'LAPTOP'. All of this is a precursor to my original goal to connect my XBOX 360 through an ethernet cable to Router B (wish I'd just stumped up the cash for the XBOX 360 Wireless Adapater now, although if I can get this working I'll have 802.11N speeds around the house for streaming HDTV).

So what am I doing wrong? Why will the devices on these two subnets not see each other? I have tried literally everything I can think of. I've spent all of this evening, my third such wasted evening, changing subnet masks on routers and hosts to 255.255.0.0 thinking that this would specify that the devices were all on one big happy network and thus prompting them to communicate properly but this hasn't proved to be the case.

I know this is a horrendously long post but if ANYBODY could help me out with this there's a good chance they could have my daughter's hand in marriage if I ever have kids. And they liked girls. And one of my kids was a girl. Point is, I'd love that person forever!

P.S. There are lots of similar posts online similar to this but none I can see quite like mine where there are essentially two wired networks joined together by a wireless connection.
 


Yes it's an old thread but I've just come across it as I sit here having wasted another whole evening trying to get my home network up and running! But I'm thinking that you might have the knowledge to help me, DarkNet!

I have two wired/wireless routers and a cable modem. Router A is connected to the modem through its WAN port and has a PC connected to one of its LAN ports. This router has an IP of 192.168.0.1 and is allocating addresses from 192.168.0.100 - 192.168.0.254 with a subnet mask of 255.255.255.0.

Router B is configured in 'Station' mode. It is allocated a static IP of 192.168.0.254 by Router A. Since the two routers are not physically connected, being at two different ends of the house, this IP address applies to Router B's wireless 'side' (can you tell I don't really understand this yet? 😀 ). Router B is configured internally (presumably on its wired 'side') with an IP of 192.168.1.1. It is allocating addresses from 192.168.1.1 - 192.168.1.254 with a subnet maks of 255.255.255.0. Connected to one of the wired LAN ports on Router B is a laptop, configured with a static IP of 192.168.1.101.

Ok, so as I understand it I have two discrete networks with two different subnets, not for any supposed security benefit but because I'm using the internal, wired LAN ports on Router B it seems unavoidable.

The laptop connected by an ethernet cable to Router B gets Internet access and I can ping Router A and the attached PC on the other subnet (192.168.0.0). I can even open shares on the PC from the laptop on the other subnet if I use the IP address rather than the computer name in the address. I can also ping the laptop connected to Router B from the PC connected to Router A if I first add a route on the PC using the 'Route Add' command to configure a route through the wireless 'side' of Router B (i.e. 'Route Add 192.168.1.0 mask 255.255.255.0 192.168.0.254).

That's all well and good but I want to be able to see the devices on one subnet when I open the 'Network' window in Windows Vista on devices in the other subnet. I want to see 'PCNAME' show up in the Network window of 'LAPTOP'. All of this is a precursor to my original goal to connect my XBOX 360 through an ethernet cable to Router B (wish I'd just stumped up the cash for the XBOX 360 Wireless Adapater now, although if I can get this working I'll have 802.11N speeds around the house for streaming HDTV).

So what am I doing wrong? Why will the devices on these two subnets not see each other? I have tried literally everything I can think of. I've spent all of this evening, my third such wasted evening, changing subnet masks on routers and hosts to 255.255.0.0 thinking that this would specify that the devices were all on one big happy network and thus prompting them to communicate properly but this hasn't proved to be the case.

I know this is a horrendously long post but if ANYBODY could help me out with this there's a good chance they could have my daughter's hand in marriage if I ever have kids. And they liked girls. And one of my kids was a girl. Point is, I'd love that person forever!

P.S. There are lots of similar posts online similar to this but none I can see quite like mine where there are essentially two wired networks joined together by a wireless connection.
 
I use parprouted in a similar situation when I needed to get Virtualbox host to communicate with guest wirelessly.
 
Well, I would like to re-open this thread again, because I still don't understand quite yet. Here is my situation:
I install automation equipment called Control 4 that is completely network related to control the lighting, heating and cooling, TV equipment, etc. Anyway, We want to setup two seperate routers, one for the home networking and one for the Control 4. We do this so downloading and network activity does not disturb the Control 4 system from working.
Setup: I have the modem into the home router WAN port. Home router is set to 192.168.2.1. I have a link from LAN1 to Control 4 router WAN port. I use the IP 192.168.2.254 for the WAN side of the Control 4 router. This gets internet to both, however, I have an external hard drive on Control 4 network that cannot be accessed from the home network even when searching for the exact IP. I also have an AppleTV on the home network that does not see the music share on the Control 4 hard drive. Still following?? LOL.
How can I make these two networks talk, but still keep there subnets seperate?
 
IP addresses have to be different for each network.

Control 4 router
IP 192.168.2.254 for the WAN side; 192.168.3.1 (or whatever you want) on the LAN side
It should already know how to get to network 192.168.2.0/24 through the WAN port

Home router
I presume ISP assigned IP address on the WAN side, 192.168.2.1 on the LAN side
Add a route to network 192.168.3.0/24 through 192.168.1.254

If my understanding is incorrect, please draw a schematic of your network and post it.

 
phil2415,

I too have 2 wired lans conected by a wifi link.
isp router on one floor. Edimax BR6204WG on the 2nd floor. I have been trying to get a 2nd xbox 360 which wired to the isp router, to see the media files on my server which is on the 2nd floor.
Without luck.
Now what I can tell you from what I have read about xbox 360's and the way they connect you will never manage this if they are on different subnets. As the 360 only looks on it's subnet for sources.
What you need instead of 2 subnets is the 2nd floor (router B) set up as a repeater for router A.
i.e. no DHCP on 2nd router.
The fact that there is almost no documentation for the Edimax BR6204WG relating to repeater mode. And that all solutions that come back from Edimax support will only involve buying more Edimax kit to solve my query. I have been unable to achieve this as yet.
If anyone would like to provide me with the details of setting Edimax BR6204WG to repeater mode I'd be grateful.

Muppet
 
You can set up your 2nd floor router to route your packets to it

IE Setup a static route, so if your first router is 192.168.1.1 then you can setup your second router's gateway to 192.168.1.1 and it will route your traffic to it.
 
I'd go this way.

Setup both routers to assign IPs based on MAC addresses. Change the DHCP subnet to 255.255.0.0.

One router can give out IPs in the 192.168.0.2-254 range and the other *.1.2-254

Subnets are just bit-masks to determine if a client needs to forward the packet to the gateway or if it can talk directly to the destination. In your case, your routers are one two different subnets, which means the clients on each subnet will incorrectly forward their packets to their gateways/routers.

All you need to do is make the subnet include the IPs from the other routers. So instead of 255.255.255.0, you use 255.255.0.0
 
I came across this thread running google searches. It came up a few times with different searches. I don't have a problem with the setting up of the subnets, that much I understand. My question is this. Will the two subnets, though physically connected be absolutely unaware of one another.

Let me explain. I frequently take in systems from family/friends/friends of friends for repair/upgrade (hobby more then anything). Lately I'm seeing alot more virus/malware issues then typical. I've been careful. Making certain when dealing with a system with virus/malware all systems on my network are off or removed from the network before plugging in the infected system in case whatever virus they have is network aware. I haven't had any issues thus far but its a pain to remove multiple systems/media devices while working.

Ideally, I'd like to statically setup subnet A with all my home systems/laptops/network media devices leaving DHCP to handle subnet B for any foreign systems I'm temporarily adding to the network for troubleshooting. Will subnet A be invisible to subnet B containing the trouble system? Or will it still be at risk.

I'm currently thinking that this is the case, that Subnet A will not be protected from Subnet B, but want to confirm before I pursue other options.

Any suggestions on how to achieve this? Both subnets will need to be able to share the internet connection, but nothing else. I currently have three seperate dlink routers attached to the existing network to work with. Only one of which is actively handling DHCP/intenet connectivity, the other two currently have everything disabled and are operating solely as connectivity devices.

Any insight would be appreciated.
 
I also came across this link via Google. I am trying to setup two subnets for a class project. How do I setup the wired lan as subnet 1 and the wireless as subnet 2?

I am using a MI424-WR router. Any advise would be greatly appreciated.

Thanks.

J Lee Watts
 
Flash the firmware on your WRT54GL with DD-WRT!

Then you could implement VLAN's with multiple DHCP Servers(one for each subnet).

Another setting you might consider is SSID client-client isolation and SSID isolation for the wireless. Basically this disables any peer-to-peer between the wireless clients and your network.

Then basically all you need to do is configure your Firewall(iptables) rules.

There is lot's of howto's on the dd-wrt site.

- jleewatts, if you check your hardware in the dd-wrt database you'll see it's supported too!
 


It comes down to the true difference between a router and a switch.

A Switch(Layer 2) forwards frames/packets based on MAC addresses. It could care less about the IP addresses.

A Router(Layer 3 aka Layer3 switch) forwards frames/packets based on IP and/or MAC addresses.

Most small consumer grade switches are layer 2. Even if you have multiple subnets on the same switch, the packets are still getting sent to the receiver, but the receiver ignores them.

The devices receiving packets will ONLY talk to it's gateway if the packet is outside of it's subnet AND you don't have a static route setup on your machine. A network device will play dumb and just ignore the packets, even through they're received.

Assuming malware is running with admin privs, it is possible and very easy for that malware to watch ALL traffic coming to the NIC regardless of the subnet. Most programs use standard rules when it comes to network protocols, but malware could easily communicate and *fake* packets to make them look like they're within another machines subnet. Switches do not validate anything and I'm assuming you're not using IPSec to validate secure connections, so this is entirely possible.
 
Well, I would like to re-open this thread again, because I still don't understand quite yet. Here is my situation:
I install automation equipment called Control 4 that is completely network related to control the lighting, heating and cooling, TV equipment, etc. Anyway, We want to setup two seperate routers, one for the home networking and one for the Control 4. We do this so downloading and network activity does not disturb the Control 4 system from working.
Setup: I have the modem into the home router WAN port. Home router is set to 192.168.2.1. I have a link from LAN1 to Control 4 router WAN port. I use the IP 192.168.2.254 for the WAN side of the Control 4 router. This gets internet to both, however, I have an external hard drive on Control 4 network that cannot be accessed from the home network even when searching for the exact IP. I also have an AppleTV on the home network that does not see the music share on the Control 4 hard drive. Still following?? LOL.
How can I make these two networks talk, but still keep there subnets seperate?


Your solution is simple - order a cisco wrn4400n router. You can set up to 4 SSID's and designated if they can see each other plus a ton more options for $200 not to mention you get USA support when needed!
 
I have a good one. I am running a cable modem for wan link. I have one fsv11 net gear collecting an address from the service provider. It hands out dhcp. I have a second router wrt54g that i have connected to lan1 port on the fsv11. The point is I want to provide wireless internet access to the rest of the users in the building without them being able to see or ping the computers connected to the fsv11 including the router its self. What is the best configuration. I want to be able to provide connection to the second router without ever having them be able to see the other computers. is subnetting a good way to do this.
 
Assuming cable modem provides DHCP....

Cable modem LAN port to the upload port on a 5 port SWITCH.

One of the LAN ports of the 5 port switch to the WAN port of router #1

Another LAN port from the 5 port switch to the WAN port of router #2.

Set both routers to have their WAN port address assigned automatically.

Set both routers to provide DHCP to their respective LANs

Cable modem is the gateway.

Neither routers LAN can see the other routers LAN.

In regards to wireless... MAC address filtering (allow only...), WPA, and do not broadcast SSID from network you want to keep private.

AND yes I know this thread is old, but like the others I was looking for something similar and found it.
 
Aha!
Adding a switch between the two routers and the modem may be the solution I'm looking for. Here's my scenario:

Coffee shop. Static IP assigned by the ISP. I'd like one set of IPs (192.168.0.*) for the POS and office systems, and another set of IPs (192.168.3.*) for the customers.

I don't want any communication between the two.
 


Won't work, not if your ISP only allows a single public IP. The switch does nothing to prevent each router from trying to obtain the only available public IP for itself. One or the other is always going to be denied.

The following post describes how you could configure two routers, one that remains private, the other that’s public, while both still have Internet access. The public network does not have access to the private network, but the private networks does have access to the public network.

http://www.maximumpc.com/forums/viewtopic.php?f=25&t=103492

It’s also possible to segregate users within a single router if your router supports a guest network (as mentioned in that same thread).

While using two routers as described above does work, the better solution is to use THREE routers in a Y configuration. That’s solves the single public IP problem (something the addition of the switch did NOT solve). Now both the public and private networks are TOTALLY isolated from each other, but share access to the Internet via the third router (the one connected to the ISP via modem).