Using a router/switch in a dorm room...

[ben72227]

In my dorm room at college each person gets one ethernet jack to use.

I have multiple devices though - PS3, PC, etc. that need to be connected. Obviously I'll need a switch or a router. I've contacted my university's tech service/ResNet, but they have the attitude of "We don't officially support routers/switches - you're on your own and you'd better not interfere with network traffic or you're BANNED!" I talked to a friendly tech (who is a friend of mine) and he said a switch shouldn't be a problem at all since every device gets its own IP address on the network (i.e. IP addresses aren't assigned to MAC addresses or ethernet jacks anything like that)

When they say 'interfere with network traffic' I assume they mean plugging a router into their network with DHCP/SSID enabled (which would interfere with their DHCP router and create a lot of unhappy people with no internet access and allow some wardriver to access the network).

My question is this - it seems that if I get a router, I'm going to have to configure it to be a simple switch basically. The thing though is - (and I don't know enough about switches/routers) - I assume that a switch (in this case) is just extending the University's LAN - so my PS3, PC, etc. will be in one big subnet network along with everybody else in my dorm.

My concern is how can I protect them from outside access (i.e. say somebody else on the network trying to access my printer hooked to the switch or something?) Is that even possibly with a switch (to configure it that way?). What I'd like to do is have my own 'mini-network' in my room with my PS3, PC, printer, etc. all connected and all able to get online, but not have anybody else trying to connect to my printer.

This is where the router comes in I guess? How should I set this up? Is it possible to use the router as a 'managed switch' basically? Where I can control traffic to each port? And if so, would I need to use the WLAN connection for the internet, or could I plug it in to one of the LAN ports along with the other devices (i.e. which would then be a switch)?

Also, what will I need to disable to keep my router from interfering with the network? I'd assume DHCP/SSID, but what about other stuff like NAT???

Thanks,
Ben

 

[suvayanr]

Well personally I would use the lan line that they give you, and then hook up a router to that. This gives you your own private network, which will not interfere with the university connection, and all your devices are more or less safe

Otherwhise if you want to get a switch, which might allow others to gain access to your computer, just buy a simple switch on newegg for 10-20 dollars

I would go with the router, because if it for some odd reason doesn't work you can always convert it to a switch easily.

 

[suvayanr]

And no, plugging a router into their network won't interfere with anything as long as you use dynamic ip, or have conflicting ip addresses with the university lan. Usually as long as you keep the default settings on a router, it will assign ips to your devices with ips in the range of 192.168.0.xxx. Since the university probably does not use 192.168.0.xxx ips, your devices will not interfere with the network.

 

[ben72227]

I guess I should be more specific with my problem - how do I PREVENT my router from becoming a Rogue DHCP on the network?

Thanks,
Ben

 

[lotussama]

Two part answer....

a) It's your college's IT Department's job to worry about that. I found this out the hard way when I had a doctor plug in a cheap linksys router, and started trying to give out my IP addresses via DHCP on it, whoops. (I work in a hospital) It was no one's fault but my own, as I hadn't considered the possibility when I first set up my DHCP servers.

b) If you use DHCP, just make sure you're using a different range of private IP addresses than the college uses. Plug your computer directly into the ethernet jack, open a command prompt, and do an ipconfig/all to find out what addresses your college is using. Then...simply choose a different scope of addresses to use.

 

[ben72227]

Okay lotussama - could you clarify something for me?
Some people have told me that if I connect the wall jack to the WAN port on the router (and have the router accept a DCHP/dynamic IP from the WAN) that I should be okay.

Some people have said that what I need to do it plug ALL connections (computer, wall jack internet, PS3, etc.) into the LAN ports on the router and turn of DHCP on my router and just use my router as a 'simple switch.'

Which of these would work? And if they both would work (i.e. prevent my router from interfering with the university's DHCP router) which option is better?

Thanks!
Ben

 

[exodeus]

Most likely you can only get one ip address from the socket (from the sockets DHCP server) due to the fact that internet ip addressess costs money. so using a "simple switch" would only work for one device at the time (the one with the address) and the devices would steal that one address from each other all the time.

but if you buy a router and connect the wan port on it to the socket then the router would take that single address. but here is the beatiful part: you can then connect the lan ports to your equipment (ps3 and whatever) and your router would give you all the addresses you need through your own DHCP server in the router (or actually just 255, but i dont think you got 255 ps3s 😀 ).

You can then have your own network in the room and if you want to use the external network (the socket) then the router automatically translates the different address.

cherios mate!

edit: btw, i wanted to this but i found out that most routers can only translate from one network to another at the speed of 10mbits/sec or something close to that. my internet connection (in a dorm) is supposedly 100mbit/s which would mean that i lost quite a lot of speed 🙁. the manufactures dont mention this... they will say that the wan port can do 100mbits per sec and that the lan can also... but they dont say that it can only send information between them in 10mbit/sec... so now i got a computer as a router for the speeds sake.

what i'm trying to say is: do not just buy a cheap router... read the specs and consider the implications of it. if your fine with 10mbit then great! but try to not pay for 100mbit through the socket since you won't see that speed inside your lan

edit2: also if you use a router, noone will be able to connect to anything in your network from the the socket due to NAT (network translation) it's like the walls of Troj... nothing enters but stuff invited, be vary of the horse. though.

edit3: (well i'm bored) the best solution would be to use a "simple switch" (do not a buy a router, buy a switch) and let the socket assign all addresess. This would be the fastest and simplest solution, but most likely the administrator has disabled it. Check with the administrator of the socket network and ask how many ip addresess you can get from it. if one... router. if many... buy switch.

edit4: (ya, im really bord.. supposed to study math) a router translates between two networks. one is the socket, the other is your own lan. routers usually contains a switch on the lan side so that you got more contacts on it than just one. The lan side will most likely have the DHCP server stuff automatically enabled and if you plug the lan side into the socket you will most likely upset people... if you plug the wan contact into the wall there is no problem since that one has DHCP client software installed which is good, gives the wan side of the router an address from your friendly administrators 😀 .

edit 5... last one! i promise! i do not think it matters one bit what network addresses you use on your side of the router. i see no prob at all should you use the same addresses as the socket's networks addressess. Damn, people are stoopid... and if it turns out im wrong about this... well, all i can say is: people are stoopid! 😉

 

[FuzzDarkness]

Hey, I'm in a similar situation --

At our school, when we first try to access the Internet, we have to register our mac address with the schools server, and then we have to download their peripheral "Cisco Clean Access Agent" and some offspring of symantec corporate before it will let us access anything. For video game systems (such as my 360) we have to write the mac address down and hand it to the local ResNet, who then e-mail's them to his boss.

I have a computer and a 360, and I'm getting pretty sick of swapping cables out all the time. I have a simple switch and have tried it, but It only lets me use one at a time, so from the above comments, I'm gathering that I only have one IP Address...? Do you guys suppose I should attempt a router...?

I know very little about networks

 

[exodeus]

Well, i'm a bit out of my dept here since i've never seen a system which actually implement MAC level security, it's usually to high maintenance and honestly there are better ways.

If I'd have to make a guess i'd say that just plugging in a router would not do much good. I base this on the fact that your routers MAC address would not exist in the list that your supplier keep. Nor would you be able to download the authentification tool to add it.

I see 3 possible solutions:

1. If you could find an hub instead of a switch it's possible that it would work by just plugging it in as you did the switch! I'm not 100% sure of this... But it should work. If you wanna know the diffrence between Hub/Switch I'd recommend wikipedia, it's not that complicated. Unfortunantly all i've seen latley are switches and no hubs.

2. Maybe you could take the MAC on a router and say to your supplier that it is an xbox 360 so that they add it manually. Now, if they examine the traffic i guess that they could quickly deduce that it is not an xbox, or they could restrict the kind of traffic taking place with that MAC. Either is unlikely but possible.

3. You could add another network card too your computer and make it act as an router for your xbox 360. Be prepared though! This method would be a bit complicated, but its the way i have it 😀


Finally, the security they have employed is meant to stop exactly this kind of thing since they want to controll what devices connect through their network. The only options that would be 100% OK from your providers point of view would be the first one since it actually supports their security policy.


Ask you supplier how they want you to solve it! That would be esiest since they alone know their policies.

 

[exodeus]

Not allowed to edit?
correction: number one depends on more factors and how they've implemented the security. Most likely you can only get on ip and´number one would fall.

 

[riser]

Buy a router, MAC clone your PC's NIC within the Router's configuration.

 

[nicholaslixf]

Buy a switch and fix two network card in your pc. one conect to the out side wlan. the other conect to the switch. config your pc as a server. and conect your ps3 printer etc to the switch. so you other device can conect to the outside via your server(pc). that means you found a local area network of your own. in this way, you need not to warry you will interfere anybody and keep your device safety.
sorry.my English is poor.