Two networks firewall, switch and router

[so0dz]

I tried posting in general discussion but have not had luck solving my problem. I have tried searching multiple sites for information and I can't seem to figure it out on my own so I am asking for help. Here is the original post:

I am having trouble with my home network and would like some advice. Currently I am using a DOCSIS 3.0 cable modem, a Juniper firewall, Cisco switch and a linksys wireless router.

Our network is split between two floors of the house. Downstairs is where the internet comes in and the firewall/switch are located. The wireless router is upstairs and is connected to the switch via ethernet.

Currently, the downstairs network is on 192.168.1.1/24 and the upstairs router is 192.168.2.1/24.

My issue is not being able access the two networks from each other. Both have internet access just fine. However, I cannot access computers upstairs from downstairs and vice versa (downstairs from upstairs).

I have looked into subnetting and some other networking basics but really am just confused at how everything works. Should I change the subnet mask on both networks to 255.255.0.0 (/16) or what? I actually tried changing the subnet but it doesnt seem to apply properly. After changing the subnet to /16 on the firewall and router, none of the computers show the correct subnet (they still show /24). So I reset to /24.

I really appreciate any and all advice out there you may have. I can certainly provide more details if needed but I wanted to keep the post as simple and straight forward as possible for now.

Thanks in advance!

 

[tha_vice]

Models of the networking equipment will help the others here sovle your isssue.

The cisco switch you mentioned, is this a catalyst series switch or just a dumb switch?

Also 255.255.0.0 would be supernetting the 192.168.x.x network's and it's more compliated than it's worth.

A simple fix to me to all this is to Keep it in one network.

For example

Cable modem > Juniper firewall> Switch> then the wireless router on the Backend just acting as an access point ( you should be able to set this on the linksys router).

What I need to know to really help you further is this 192.168.1.1 network - are those addresses being handed out elsewhere by the juniper or another device? If so, I would just tell the linksysrouter to act as an access point and give it an Ip on the 192.168.1.1 network, because right now it's acting as a router, and handing out DHCP as well on a separate network...make sense?

From what I understand- It really sounds to me like you want one network where everything can talk to each other, now I'm going to say that the issue is that the linksys router is creating a seperate network ( 192.168.2.x), which no amount of subnetting will fix, unless you have a router capable of routing networks to each other, and most home routers wont do this.

Otherwise....


If you want the wired and wireless networks sepearte from each other I would set up the ip addressing scheme like this.

192.168.1.0-126 1st subnet /25 wired cable, juniper etc...
192.168.1.128-252 2nd subnet /25wireless and wireless clients on this network etc.. they wont be able to ping each other because they're on seperate subnets

That's just an example of what subnetting will do, which unless this is what you wanted, I doubt this is the answer.

 

[so0dz]

Hey thanks for your input!

Models of the networking equipment will help the others here sovle your isssue.

To answer this, I have a Juniper Netscreen 5gt Firewall, A Cisco small business SR2024 24 port gbit switch, and a Linksys WRT310Nv2 Wireless N Gbit Router.

Cable modem > Juniper firewall> Switch> then the wireless router

This is exactly how things are setup. The modem runs to the WAN port on the firewall. Port 1 on the firewall then runs to a port on the switch. Then the WAN on the router is connected to the switch.

What I need to know to really help you further is this 192.168.1.1 network - are those addresses being handed out elsewhere by the juniper or another device...

Now this is correct also, the firewall acts as a DHCP server for downstairs serving 192.168.1.0/24. The router upstairs is also acting as a DHCP server on 192.168.2.0/24.

I understand that I have two DHCP servers running and the networks are split up currently. I would like it if I could keep them separate as far as IP's are concerned but allow them to communicate.

I was messing around with things today and I am able to ping 192.168.1.0 from 192.168.2.0 but 192.168.1.0 cant reach 192.168.2.0. There has got to be someway to keep the IPs separate but allow them to communicate. I have tried looking into routing tables and some other topics but I find very general information and nothing that specifies what to do.

The main reason I am wanting to do this is for academic purposes. Also, I just like knowing that upstairs is using x IP and downstairs is y IP.

I am fully aware of being able to setup the wireless router as an AP to extend the network but I would really like to refrain from doing this if possible. If I need to get some new hardware to accomplish this I am willing to do so.

Thanks again, I hope to hear back from you.

 

[tha_vice]

A general cisco router , to route 192.168.1.0 to 192.168.2.0 and vice versa would be necessary, but the complication comes into play due to that wireless routers limited ability to route to other networks, without looking at it's interface I can't precisely say, but I would venture to gess that you would have to set a static route for 192.168.1.0 from 192.168.2.0 or purchase a router capable of routing multiple networks. Right now your network is solid save for the fact there is nothing set in place to route the subnets to each other.

I'm a bit pressed for time , so I will try to answer this more in depth later on, I hope this helps.

 

[sk1939]

I tried posting in general discussion but have not had luck solving my problem. I have tried searching multiple sites for information and I can't seem to figure it out on my own so I am asking for help. Here is the original post:

I am having trouble with my home network and would like some advice. Currently I am using a DOCSIS 3.0 cable modem, a Juniper firewall, Cisco switch and a linksys wireless router.

Our network is split between two floors of the house. Downstairs is where the internet comes in and the firewall/switch are located. The wireless router is upstairs and is connected to the switch via ethernet.

Currently, the downstairs network is on 192.168.1.1/24 and the upstairs router is 192.168.2.1/24.

My issue is not being able access the two networks from each other. Both have internet access just fine. However, I cannot access computers upstairs from downstairs and vice versa (downstairs from upstairs).

I have looked into subnetting and some other networking basics but really am just confused at how everything works. Should I change the subnet mask on both networks to 255.255.0.0 (/16) or what? I actually tried changing the subnet but it doesnt seem to apply properly. After changing the subnet to /16 on the firewall and router, none of the computers show the correct subnet (they still show /24). So I reset to /24.

I really appreciate any and all advice out there you may have. I can certainly provide more details if needed but I wanted to keep the post as simple and straight forward as possible for now.

Thanks in advance!

The most effective use of address space in a home network would be a /27 (255.255.255.224), but not all consumer routers support subnets other than /24 (255.255.255.0). To be able to communicate between them you need to first disable the firewall, DHCP, enable remote management, set the router to a 192.168.1.X address, and switch the jacks from the WAN to LAN connection on the Linksys, and setup two networks on the Juniper. I can explain how to do this on the NS5GT, but I have to ask why exactly do you need two networks? I you just need one, do the steps above minus the two networks part and you should be able to communicate between both networks.

Edit: It may be easier to just get an access point instead of a wireless router. An AP can be had new for relatively little money ($40USD or so), and will do what I think you are looking to do much easier than jerry-rigging the router.

 

[tha_vice]

Thanks for the assist, I guess the solution is to let the Nat'ing withing the firewall handle the multiple networks and set the Wirelss router to Ap mode?

 

[sk1939]

Thanks for the assist, I guess the solution is to let the Nat'ing withing the firewall handle the multiple networks and set the Wirelss router to Ap mode?

No problem. I think that's the best way to handle it, otherwise it's overly complicated.