Subnet/Access Point question

[fgoyti]

Current setup: Cascading routers LAN-LAN, single subnet 192.168.1.0 but the issue is that my 2nd router doesn't like not having the WAN port unplugged. It thinks it isn't connected to the internet so NTP doesn't work and neither does the Quick VPN feature (it is a D-Link DIR-867) -- even if it's set as a DMZ.

Attempted workaround: LAN-WAN with 2 subnets so that the WAN port on 2nd router is active with a static IP on the first router's subnet. Have both routers as DHCP servers for their own subnets (192.168.1.0 and 192.168.2.0), but with same SSID. Create a route on the 1st router to the 2nd router subnet. Issue with this workaround is that wifi clients can no longer roam freely since their IPs are in different subnets. In other words, if my tablet is closer to the 2nd router it receives a 192.168.2.x address but when I move closer to the 1st router, I thought it would have connected to that one, received a new IP address in 192.168.1.x, and be happy. But that didn't work, it just stays connected to the 2nd router even though its connection is sub-optimal. Why? I suspect that IP release/renew is not automatic? Any way to resolve this or is this just how different subnets work?

 

[bill001g]

The problem actually is a wifi problem and not a subnet issue. It just is worse when you have 2 routers. The connecting to the wrong device will happen even if you use AP. This is a fundamental issue to how wifi works. It means you have to much signal really. The end device only has a single radio so it has no ability to search for a "better" connection when it is in use for data. It works purely on a signal level and does not even bother to look until the level drops below that.

When you run lan-lan you are in AP mode all the feature related to the router do not function since no traffic is going lan-wan. Some router even the NAS function does not work but that may have been a bug from some of the discussion I have seen.

I would use different SSID so you can force it to connect where you want. The risk you take when you run the same SSID and you are using 2 different subnets is the the radio changes to the other router but it does it quick enough that the PC does not request a new ip. You now will have the wrong ip and gateway even though your wifi is active. It is not smart enough to even detect this issue and you will have to manually fix it, likely with a release/renew.

It gets messy when you need features like VPN and want to do the function not on the main router.

 

[failboat]

There are features on some APs that let you set a quality standard and then it drops the client. The client will reconnect to the strongest wifi. This is the only automatic way I've seen for home use. Unifi APs have it.

This feature below looks like it improves auth across the aps. signal weakness still applies. it just doesn't have to do a full public key exchange when moving to a new ap.

https://help.ubnt.com/hc/en-us/articles/115004662107-UniFi-Fast-Roaming

I would keep everything on the same subnet or you might drop connections. Even with the above features you may still drop connections.

 

[fgoyti]

So, I gave it another shot and it turns out that if I just wait a bit longer, eventually it would switch to the other router and get a new IP in that router's subnet. So that is all fine now, but the new issue is that when I try to access a machine in router 2's subnet from a machine in subnet 1, it times out. I suspect that router 2 is blocking it with the built-in firewall since it thinks that the traffic is coming from the internet (WAN port). Unfortunately, I see no way to disable the firewall since it is a simple home router, so I will need to revert back to LAN-LAN and either put up with the missing functionality or change the router for another one with more advanced configurations.

 

[bill001g]

It is not the firewall it is the nat. It is the same problem as getting access to your internal machines form the internet. If there is only a single machine you can use the DMZ option.