Solved

How to Connect 2 Different LAN

I'm in a Office where 192.168.2.1 Network with a Router and Switch with 10 people. On the Same Floor, there is another Company, with 192.168.1.1 Network with a Router and switch with 16 People. Both Company is Under One Management. Then also using different Internet.

Now planning to Purchase FOCUS ERP Software with One License to use on both Company.

How can I connect this two network, so when I ping from 192.168.1.1 to 192.168.2.1 , I get Pinged?

Please help. I can pull the Network cable from here to there.
43 answers Last reply Best Answer
More about connect lan
  1. jaabi379 said:
    I'm in a Office where 192.168.2.1 Network with a Router and Switch with 10 people. <...> another Company, with 192.168.1.1 Network with a Router and switch with 16 People. <...>
    How can I connect this two network, so when I ping from 192.168.1.1 to 192.168.2.1 , I get Pinged?

    Assume
    Gateways are 192.168.1.253 and 192.168.2.253
    New server on 192.168.1.252

    You need a "route" between the two networks that is set up on the routers. Your routers are key, as generally only enterprise class routers support what you need:

    On the ..1. network where the new server is, one port on the router need to be given a reserved IP address from the ..2. network - call it 192.168.2.251. NOTE this is a PORT on the 192.168.1.253 router. Cable this port back to the switch on the ..2. network.

    On the ..2. network you then need to define a route for traffic from that network to traverse to the new server .1.252 VIA the port on the ..1. network you just set up (192.168.2.251). Depending on the router, that might need to be an entry for each client, or an overall route on a mask...

    I've done this on Nortel kit connected to just about anything, and using WatchGuards. It is possible to do the routing at a point inside the router if you have a hardware proxy or firewall with added capabilities.... I believe it's also possible using small specialist routers running pfsense/iptables/monowall etc which are *way* cheaper than WatchGuards or Nortel routers :).

    Good luck
  2. Yes you can,

    You only have to chose which internet you will use, you have to choose only one intrnet and that is going to be your default gateway. This way you will have two connections, wit the internet you choose.

    Else, if you use DHCP for both connections, you have no control on which internet you will use since your computer will choose it for you.
  3. If these are independent networks, you can connect them to each other like any other networks, using an ordinary router! Let’s call it the “shared” router. The tricky part is properly configuring it.

    You connect the WAN of the shared router to a LAN port on the router of network 192.168.1.x, and connect a LAN port of the shared router to a LAN port on the router of network 192.168.2.x.

    [192.168.1.1](lan)<-- wire -->(wan)[shared router](lan)<-- wire -->(lan)[192.168.2.1]

    So now you have a physical path between the networks. The shared router acts as a gateway between them. The problem is that clients of either network don’t know that this gateway exists. By default, any network whose whereabouts are unknown will result in the client passing the request to its default gateway (usually its own router). But the router doesn’t know where the other network is either. So you need to add static routes to each network’s router so it can locate the other network, using either the WAN or LAN IP of the shared router, as appropriate. Also disable the shared router's DHCP server (we're not using it to support its own local network, it's ONLY a gateway). Finally, it works a lot smoother and easier if you drop the firewall on the shared router and disable NAT.

    It sounds more complicated than it really is. All you’re really doing is defining a new gateway and using a third router to support it, and updating each network’s router so clients of that network can find that gateway and thus access clients of the other network.
  4. I have not interpreted the question the same way...
  5. s-h-a-w-n said:
    I have not interpreted the question the same way...


    That's always a problem, understanding exactly what the OP wants. To me, it sounds like a simple problem of needing access between two different networks, both in the same physical location, but each using their own router, modem, etc. And if all you want to do is route between them, you use a router. Simple.

    But hey, I could have very well have misinterpreted it myself. Only the OP knows for sure.
  6. Indeed!
    The best solution would be the one that is easier for him.
  7. eibgrad said:
    If these are independent networks, you can connect them to each other like any other networks, using an ordinary router! Let’s call it the “shared” router. The tricky part is properly configuring it.

    You connect the WAN of the shared router to a LAN port on the router of network 192.168.1.x, and connect a LAN port of the shared router to a LAN port on the router of network 192.168.2.x.

    [192.168.1.1](lan)<-- wire -->(wan)[shared router](lan)<-- wire -->(lan)[192.168.2.1]

    So now you have a physical path between the networks. The shared router acts as a gateway between them. The problem is that clients of either network don’t know that this gateway exists. By default, any network whose whereabouts are unknown will result in the client passing the request to its default gateway (usually its own router). But the router doesn’t know where the other network is either. So you need to add static routes to each network’s router so it can locate the other network, using either the WAN or LAN IP of the shared router, as appropriate. Also disable the shared router's DHCP server (we're not using it to support its own local network, it's ONLY a gateway). Finally, it works a lot smoother and easier if you drop the firewall on the shared router and disable NAT.

    It sounds more complicated than it really is. All you’re really doing is defining a new gateway and using a third router to support it, and updating each network’s router so clients of that network can find that gateway and thus access clients of the other network.
  8. I think, this is the easiest one. but what IP i want to give to the shared router?

    Also how to do static route, please put an example. i am not that much experienced.

    Also what you mean by "drop firewall" ? There is no separate firewall or anything here. Also don't have a server also.

    All is just like some computers we connected to a switch and switch to normal router from the Etisalat (provider).
  9. Best answer
    jaabi379 said:
    I think, this is the easiest one. but what IP i want to give to the shared router?


    You assign a static IP to the WAN and LAN interfaces that’s valid on the network each happens to be facing.

    Let’s assume the two networks are 192.168.1.x and 192.168.2.x. The WAN side of the shared router must face one of those networks, while the LAN side must face the other. Let’s assume the WAN faces the 192.168.1.x network, and the router used by the 192.168.1.x network is assigned 192.168.1.1. Assuming it’s available, assign the WAN ip of the shared router 192.168.1.2. Similarly, let’s assume the LAN faces the 192.168.2.x network, and the router used by the 192.168.2.x network is assigned 192.168.2.1. Assuming it’s available, assign the LAN ip of the shared router 192.168.2.2.

    You’re just giving the shared router valid IPs on its WAN and LAN interfaces so it’s addressable from each network.

    jaabi379 said:
    Also how to do static route, please put an example. i am not that much experienced.


    Most (but not all) routers will let you add static routes using the router’s GUI. You need to add static routes because the routers used by the respective networks (192.168.1.1 and 192.168.2.1 in our example) don’t know that a gateway between the two networks even exists.

    Continuing w/ our example IP assignments, we go to the GUI of the 192.168.1.1 router and add the following static route:

    Destination: 192.168.2.0
    Mask: 255.255.255.0
    Gateway: 192.168.1.2

    What this says is, any ip address in the 192.168.2.x network should be routed to the gateway at 192.68.1.2 (the WAN ip of the shared router we assigned previously).

    Similarly, we go to the GUI of the 192.168.2.1 router and add the following static route:

    Destination: 192.168.1.0
    Mask: 255.255.255.0
    Gateway: 192.168.2.2

    What this says is, any ip address in the 192.168.1.x network should be routed to the gateway at 192.68.2.2 (the LAN ip of the shared router we assigned previously).

    So now, anytime a client on either network refers to an ip address that resides on the other network, those clients will pass the traffic to their respective default gateways (which is the router on their respective networks), which in turn will pass the traffic to our shared router, because each router now KNOWS how to reach the other network thanks to our static routing.

    Admittedly, a lot of this sounds more complicated than it really is because we’re describing this in text rather than pictures, but hopefully some of it is sinking in.

    jaabi379 said:
    what you mean by "drop firewall" ? There is no separate firewall or anything here. Also don't have a server also.


    The firewall I was referring to was that of the shared router. By default, most routers block all traffic from the WAN side into the LAN side, while allowing traffic to flow freely from the LAN side to the WAN side. It would make sense to drop/disable the shared router’s firewall in this case. We want traffic to flow freely in either direction. If both these networks are going to share resources, they should be considered ”friendly” to each other, making the use of a firewall between them unnecessary. But if you want to use the firewall and restrict access between them (e.g., only allow specific IPs to talk to each other), you certainly have that option. But at least for initial setup purposes, it’s a lot easier to configure everything and make sure it’s working if you disable the shared router’s firewall.

    jaabi379 said:
    All is just like some computers we connected to a switch and switch to normal router from the Etisalat (provider).


    Sorry, I don’t understand the question (or if it even is a question).
  10. It seems like to me, that eibgrad's solution will work. The only issue I see is that some crossover cables are required to hook LAN ports of 2 routers together.

    Maybe eibgrad might was to clarify this ??

    GREAT forum and GREAT answers BTW !!
  11. Crossover cables are rarely necessary these days. Virtually all modern networking equipment (since ~2006) has supported auto-mdix, which will automatically configure the connection appropriately using standard ethernet cabling. You don't even need auto-mdix on both devices, just having ONE endpoint w/ auto-mdix is sufficient.

    I also was to stress again (which I did mention initially), the shared router should have NAT disabled! You don't want the shared router altering network packets as traffic flows between the WAN and LAN in this configuration.
  12. Oh, I just *wish* all my routers were newer than 2006 models !! I live in the world of small mom and pop businesses, where the newest bells and whistles aren't always necessary or needed.

    Crossover cables would work on older -and- newer routers as well.
  13. eibgrad said:
    jaabi379 said:
    I think, this is the easiest one. but what IP i want to give to the shared router?


    You assign a static IP to the WAN and LAN interfaces that’s valid on the network each happens to be facing.

    Let’s assume the two networks are 192.168.1.x and 192.168.2.x. The WAN side of the shared router must face one of those networks, while the LAN side must face the other. Let’s assume the WAN faces the 192.168.1.x network, and the router used by the 192.168.1.x network is assigned 192.168.1.1. Assuming it’s available, assign the WAN ip of the shared router 192.168.1.2. Similarly, let’s assume the LAN faces the 192.168.2.x network, and the router used by the 192.168.2.x network is assigned 192.168.2.1. Assuming it’s available, assign the LAN ip of the shared router 192.168.2.2.

    You’re just giving the shared router valid IPs on its WAN and LAN interfaces so it’s addressable from each network.

    jaabi379 said:
    Also how to do static route, please put an example. i am not that much experienced.


    Most (but not all) routers will let you add static routes using the router’s GUI. You need to add static routes because the routers used by the respective networks (192.168.1.1 and 192.168.2.1 in our example) don’t know that a gateway between the two networks even exists.

    Continuing w/ our example IP assignments, we go to the GUI of the 192.168.1.1 router and add the following static route:

    Destination: 192.168.2.0
    Mask: 255.255.255.0
    Gateway: 192.168.1.2

    What this says is, any ip address in the 192.168.2.x network should be routed to the gateway at 192.68.1.2 (the WAN ip of the shared router we assigned previously).

    Similarly, we go to the GUI of the 192.168.2.1 router and add the following static route:

    Destination: 192.168.1.0
    Mask: 255.255.255.0
    Gateway: 192.168.2.2

    What this says is, any ip address in the 192.168.1.x network should be routed to the gateway at 192.68.2.2 (the LAN ip of the shared router we assigned previously).

    So now, anytime a client on either network refers to an ip address that resides on the other network, those clients will pass the traffic to their respective default gateways (which is the router on their respective networks), which in turn will pass the traffic to our shared router, because each router now KNOWS how to reach the other network thanks to our static routing.

    Admittedly, a lot of this sounds more complicated than it really is because we’re describing this in text rather than pictures, but hopefully some of it is sinking in.

    jaabi379 said:
    what you mean by "drop firewall" ? There is no separate firewall or anything here. Also don't have a server also.


    The firewall I was referring to was that of the shared router. By default, most routers block all traffic from the WAN side into the LAN side, while allowing traffic to flow freely from the LAN side to the WAN side. It would make sense to drop/disable the shared router’s firewall in this case. We want traffic to flow freely in either direction. If both these networks are going to share resources, they should be considered ”friendly” to each other, making the use of a firewall between them unnecessary. But if you want to use the firewall and restrict access between them (e.g., only allow specific IPs to talk to each other), you certainly have that option. But at least for initial setup purposes, it’s a lot easier to configure everything and make sure it’s working if you disable the shared router’s firewall.

    jaabi379 said:
    All is just like some computers we connected to a switch and switch to normal router from the Etisalat (provider).


    Sorry, I don’t understand the question (or if it even is a question).
  14. eibgrad said:
    jaabi379 said:
    I think, this is the easiest one. but what IP i want to give to the shared router?


    You assign a static IP to the WAN and LAN interfaces that’s valid on the network each happens to be facing.

    Let’s assume the two networks are 192.168.1.x and 192.168.2.x. The WAN side of the shared router must face one of those networks, while the LAN side must face the other. Let’s assume the WAN faces the 192.168.1.x network, and the router used by the 192.168.1.x network is assigned 192.168.1.1. Assuming it’s available, assign the WAN ip of the shared router 192.168.1.2. Similarly, let’s assume the LAN faces the 192.168.2.x network, and the router used by the 192.168.2.x network is assigned 192.168.2.1. Assuming it’s available, assign the LAN ip of the shared router 192.168.2.2.

    You’re just giving the shared router valid IPs on its WAN and LAN interfaces so it’s addressable from each network.

    jaabi379 said:
    Also how to do static route, please put an example. i am not that much experienced.


    Most (but not all) routers will let you add static routes using the router’s GUI. You need to add static routes because the routers used by the respective networks (192.168.1.1 and 192.168.2.1 in our example) don’t know that a gateway between the two networks even exists.

    Continuing w/ our example IP assignments, we go to the GUI of the 192.168.1.1 router and add the following static route:

    Destination: 192.168.2.0
    Mask: 255.255.255.0
    Gateway: 192.168.1.2

    What this says is, any ip address in the 192.168.2.x network should be routed to the gateway at 192.68.1.2 (the WAN ip of the shared router we assigned previously).

    Similarly, we go to the GUI of the 192.168.2.1 router and add the following static route:

    Destination: 192.168.1.0
    Mask: 255.255.255.0
    Gateway: 192.168.2.2

    What this says is, any ip address in the 192.168.1.x network should be routed to the gateway at 192.68.2.2 (the LAN ip of the shared router we assigned previously).

    So now, anytime a client on either network refers to an ip address that resides on the other network, those clients will pass the traffic to their respective default gateways (which is the router on their respective networks), which in turn will pass the traffic to our shared router, because each router now KNOWS how to reach the other network thanks to our static routing.

    Admittedly, a lot of this sounds more complicated than it really is because we’re describing this in text rather than pictures, but hopefully some of it is sinking in.

    jaabi379 said:
    what you mean by "drop firewall" ? There is no separate firewall or anything here. Also don't have a server also.


    The firewall I was referring to was that of the shared router. By default, most routers block all traffic from the WAN side into the LAN side, while allowing traffic to flow freely from the LAN side to the WAN side. It would make sense to drop/disable the shared router’s firewall in this case. We want traffic to flow freely in either direction. If both these networks are going to share resources, they should be considered ”friendly” to each other, making the use of a firewall between them unnecessary. But if you want to use the firewall and restrict access between them (e.g., only allow specific IPs to talk to each other), you certainly have that option. But at least for initial setup purposes, it’s a lot easier to configure everything and make sure it’s working if you disable the shared router’s firewall.

    jaabi379 said:
    All is just like some computers we connected to a switch and switch to normal router from the Etisalat (provider).


    Sorry, I don’t understand the question (or if it even is a question).
  15. Thanks a Lot for the well described answer from eibgrad. Thanks a lot my friend.
  16. Hey Guys according to that topic i think that for connecting 2 different LAN is like a complex working and those whose are handy on their field can do it easily.For knowing about that connection must visit that url:

    internetdunia.com/internet/how-to-connect-two-computers-of-two-different-lan-networks/1577/
  17. connect lan port of both the routers OR connect swithes of both the networks with the help of a lan cable
    systems connected to 1st router should have ip address 192.168.1.2-99 sub-net of 255.255.255.0 and gateway 192.168.1.1
    systems connected to 2nd router should have ip address 192.168.1.101-200 subnet of 255.255.255.0 and gateway 192.168.1.100
    simple
    both local networks are connected and can share files and printers and can use different internet
    dhcp should be disabled in both the routers.
    I had done this in my office and is working fine.
    AND PLEASE MAKE SURE TOTAL NO. OF SYSTEMS IN BOTH NETWORKS IS LESS THAN 245
  18. I could have very well have misinterpreted it myself.
  19. Quote:
    eibgrad said:
    jaabi379 said:
    I think, this is the easiest one. but what IP i want to give to the shared router?


    You assign a static IP to the WAN and LAN interfaces that’s valid on the network each happens to be facing.

    Let’s assume the two networks are 192.168.1.x and 192.168.2.x. The WAN side of the shared router must face one of those networks, while the LAN side must face the other. Let’s assume the WAN faces the 192.168.1.x network, and the router used by the 192.168.1.x network is assigned 192.168.1.1. Assuming it’s available, assign the WAN ip of the shared router 192.168.1.2. Similarly, let’s assume the LAN faces the 192.168.2.x network, and the router used by the 192.168.2.x network is assigned 192.168.2.1. Assuming it’s available, assign the LAN ip of the shared router 192.168.2.2.

    You’re just giving the shared router valid IPs on its WAN and LAN interfaces so it’s addressable from each network.

    jaabi379 said:
    Also how to do static route, please put an example. i am not that much experienced.


    Most (but not all) routers will let you add static routes using the router’s GUI. You need to add static routes because the routers used by the respective networks (192.168.1.1 and 192.168.2.1 in our example) don’t know that a gateway between the two networks even exists.

    Continuing w/ our example IP assignments, we go to the GUI of the 192.168.1.1 router and add the following static route:

    Destination: 192.168.2.0
    Mask: 255.255.255.0
    Gateway: 192.168.1.2

    What this says is, any ip address in the 192.168.2.x network should be routed to the gateway at 192.68.1.2 (the WAN ip of the shared router we assigned previously).

    Similarly, we go to the GUI of the 192.168.2.1 router and add the following static route:

    Destination: 192.168.1.0
    Mask: 255.255.255.0
    Gateway: 192.168.2.2

    What this says is, any ip address in the 192.168.1.x network should be routed to the gateway at 192.68.2.2 (the LAN ip of the shared router we assigned previously).

    So now, anytime a client on either network refers to an ip address that resides on the other network, those clients will pass the traffic to their respective default gateways (which is the router on their respective networks), which in turn will pass the traffic to our shared router, because each router now KNOWS how to reach the other network thanks to our static routing.

    Admittedly, a lot of this sounds more complicated than it really is because we’re describing this in text rather than pictures, but hopefully some of it is sinking in.

    jaabi379 said:
    what you mean by "drop firewall" ? There is no separate firewall or anything here. Also don't have a server also.


    The firewall I was referring to was that of the shared router. By default, most routers block all traffic from the WAN side into the LAN side, while allowing traffic to flow freely from the LAN side to the WAN side. It would make sense to drop/disable the shared router’s firewall in this case. We want traffic to flow freely in either direction. If both these networks are going to share resources, they should be considered ”friendly” to each other, making the use of a firewall between them unnecessary. But if you want to use the firewall and restrict access between them (e.g., only allow specific IPs to talk to each other), you certainly have that option. But at least for initial setup purposes, it’s a lot easier to configure everything and make sure it’s working if you disable the shared router’s firewall.

    jaabi379 said:
    All is just like some computers we connected to a switch and switch to normal router from the Etisalat (provider).


    Sorry, I don’t understand the question (or if it even is a question).


    I am in the same situation like jaabi379, however my my situation is that the two location are not in the same building. And what I am trying to do is to be able to access location 1 through wifi connection from location 2. Is there a way to do what you have suggested without cabling the routers?
  20. I've tried following these instructions step-by-step, but I think I'm missing something.

    This is what I did:
    [Router 1] (192.168.2.1) (LAN) <-----> (WAN) (192.168.2.240) [Shared Router D-Link 655] (10.2.7.240) (LAN) <-----> (LAN) (10.2.7.1) [Router 2]

    Router 1 set the Shared router to static IP 192.168.2.240 and has the static route:
    Destination: 10.2.7.0
    Mask: 255.255.255.0
    Next Hop: 192.168.2.240
    Router 2 set the Shared router to static IP 10.2.7.240 and has the static route:
    Destination: 192.168.2.0
    Mask: 255.255.255.0
    Next Hop: 10.2.7.240

    From LAN 1 (192.168.2.x) I can ping the Shared router at 192.168.2.240
    From LAN 2 (10.2.7.x) I can ping the Shared router at 10.2.7.240

    However that's where the communication stops. I can't ping anything on LAN 2 from LAN 1, or vice versa.

    Do I need static routes inside the Shared router too? Or is the D-link router not appropriate for this test?

    I think the D-link is probably the problem because I think NAT cannot be disabled and it may be interfering with WAN-port functionality.

    eibgrad said:
    jaabi379 said:
    I think, this is the easiest one. but what IP i want to give to the shared router?


    You assign a static IP to the WAN and LAN interfaces that’s valid on the network each happens to be facing.

    Let’s assume the two networks are 192.168.1.x and 192.168.2.x. The WAN side of the shared router must face one of those networks, while the LAN side must face the other. Let’s assume the WAN faces the 192.168.1.x network, and the router used by the 192.168.1.x network is assigned 192.168.1.1. Assuming it’s available, assign the WAN ip of the shared router 192.168.1.2. Similarly, let’s assume the LAN faces the 192.168.2.x network, and the router used by the 192.168.2.x network is assigned 192.168.2.1. Assuming it’s available, assign the LAN ip of the shared router 192.168.2.2.

    You’re just giving the shared router valid IPs on its WAN and LAN interfaces so it’s addressable from each network.

    jaabi379 said:
    Also how to do static route, please put an example. i am not that much experienced.


    Most (but not all) routers will let you add static routes using the router’s GUI. You need to add static routes because the routers used by the respective networks (192.168.1.1 and 192.168.2.1 in our example) don’t know that a gateway between the two networks even exists.

    Continuing w/ our example IP assignments, we go to the GUI of the 192.168.1.1 router and add the following static route:

    Destination: 192.168.2.0
    Mask: 255.255.255.0
    Gateway: 192.168.1.2

    What this says is, any ip address in the 192.168.2.x network should be routed to the gateway at 192.68.1.2 (the WAN ip of the shared router we assigned previously).

    Similarly, we go to the GUI of the 192.168.2.1 router and add the following static route:

    Destination: 192.168.1.0
    Mask: 255.255.255.0
    Gateway: 192.168.2.2

    What this says is, any ip address in the 192.168.1.x network should be routed to the gateway at 192.68.2.2 (the LAN ip of the shared router we assigned previously).

    So now, anytime a client on either network refers to an ip address that resides on the other network, those clients will pass the traffic to their respective default gateways (which is the router on their respective networks), which in turn will pass the traffic to our shared router, because each router now KNOWS how to reach the other network thanks to our static routing.

    Admittedly, a lot of this sounds more complicated than it really is because we’re describing this in text rather than pictures, but hopefully some of it is sinking in.

  21. navi_srao said:
    connect lan port of both the routers OR connect swithes of both the networks with the help of a lan cable
    systems connected to 1st router should have ip address 192.168.1.2-99 sub-net of 255.255.255.0 and gateway 192.168.1.1
    systems connected to 2nd router should have ip address 192.168.1.101-200 subnet of 255.255.255.0 and gateway 192.168.1.100
    simple
    both local networks are connected and can share files and printers and can use different internet
    dhcp should be disabled in both the routers.
    I had done this in my office and is working fine.
    AND PLEASE MAKE SURE TOTAL NO. OF SYSTEMS IN BOTH NETWORKS IS LESS THAN 245


    Sure, it's simple in theory, but you make it sound like a trivial exercise to have one of location in the same enterprise change their network scheme to coincide w/ the other. Perhaps it was a mistake for them to have done so, perhaps it was intentional. We’ll never know. So we have to assume that’s not a practical solution.

    Essentially what you’ve done is bridge the networks. But having to disable DHCP is crazy; who wants to be manually configuring/updating clients? That’s simply not realistic for most businesses, at least not for clients (servers, ok). So rather than disabling DHCP, why not *block* it w/ firewall rules! That’s why the use of a router is so valuable here; we don’t need to burden ourselves with disabling DHCP because we resorted to a LAN cable. Instead we firewall it.

    Also, if you’re willing to change networks schemes anyway, there’s no need to limit yourself to 255 ips. You can simply increase the number of hosts by using a different network mask, say 255.255.0.0 (64k!).
  22. Daniu said:
    I've tried following these instructions step-by-step, but I think I'm missing something.

    This is what I did:
    [Router 1] (192.168.2.1) (LAN) <-----> (WAN) (192.168.2.240) [Shared Router D-Link 655] (10.2.7.240) (LAN) <-----> (LAN) (10.2.7.1) [Router 2]

    Router 1 set the Shared router to static IP 192.168.2.240 and has the static route:
    Destination: 10.2.7.0
    Mask: 255.255.255.0
    Next Hop: 192.168.2.240
    Router 2 set the Shared router to static IP 10.2.7.240 and has the static route:
    Destination: 192.168.2.0
    Mask: 255.255.255.0
    Next Hop: 10.2.7.240

    From LAN 1 (192.168.2.x) I can ping the Shared router at 192.168.2.240
    From LAN 2 (10.2.7.x) I can ping the Shared router at 10.2.7.240

    However that's where the communication stops. I can't ping anything on LAN 2 from LAN 1, or vice versa.

    Do I need static routes inside the Shared router too? Or is the D-link router not appropriate for this test?

    I think the D-link is probably the problem because I think NAT cannot be disabled and it may be interfering with WAN-port functionality.

    eibgrad said:
    jaabi379 said:
    I think, this is the easiest one. but what IP i want to give to the shared router?


    You assign a static IP to the WAN and LAN interfaces that’s valid on the network each happens to be facing.

    Let’s assume the two networks are 192.168.1.x and 192.168.2.x. The WAN side of the shared router must face one of those networks, while the LAN side must face the other. Let’s assume the WAN faces the 192.168.1.x network, and the router used by the 192.168.1.x network is assigned 192.168.1.1. Assuming it’s available, assign the WAN ip of the shared router 192.168.1.2. Similarly, let’s assume the LAN faces the 192.168.2.x network, and the router used by the 192.168.2.x network is assigned 192.168.2.1. Assuming it’s available, assign the LAN ip of the shared router 192.168.2.2.

    You’re just giving the shared router valid IPs on its WAN and LAN interfaces so it’s addressable from each network.

    jaabi379 said:
    Also how to do static route, please put an example. i am not that much experienced.


    Most (but not all) routers will let you add static routes using the router’s GUI. You need to add static routes because the routers used by the respective networks (192.168.1.1 and 192.168.2.1 in our example) don’t know that a gateway between the two networks even exists.

    Continuing w/ our example IP assignments, we go to the GUI of the 192.168.1.1 router and add the following static route:

    Destination: 192.168.2.0
    Mask: 255.255.255.0
    Gateway: 192.168.1.2

    What this says is, any ip address in the 192.168.2.x network should be routed to the gateway at 192.68.1.2 (the WAN ip of the shared router we assigned previously).

    Similarly, we go to the GUI of the 192.168.2.1 router and add the following static route:

    Destination: 192.168.1.0
    Mask: 255.255.255.0
    Gateway: 192.168.2.2

    What this says is, any ip address in the 192.168.1.x network should be routed to the gateway at 192.68.2.2 (the LAN ip of the shared router we assigned previously).

    So now, anytime a client on either network refers to an ip address that resides on the other network, those clients will pass the traffic to their respective default gateways (which is the router on their respective networks), which in turn will pass the traffic to our shared router, because each router now KNOWS how to reach the other network thanks to our static routing.

    Admittedly, a lot of this sounds more complicated than it really is because we’re describing this in text rather than pictures, but hopefully some of it is sinking in.





    As far as you’ve described it, it appears correct. The static routes are only relevant to each network’s respective primary router, NOT the shared router.

    Remember what I stated previously. Ideally you want to disable NAT and the firewall (and for completeness, DHCP). Otherwise, the WAN will not expose the ip scheme on the LAN side. You'll only be able to access the LAN network via port forwarding on the WAN ip. Not very convenient imo. The idea here is to make this as seamless as possible. However, you should be able to ping from the LAN side to the WAN side regardless of configuration, unless you’re simply encountering personal firewalls on those devices.
  23. I'm puzzled why the D-Link isn't working in either direction, but I think it'll be less headaches trying again with a DDWRT router instead. Thanks, your posts above helped me a lot.

    eibgrad said:


    As far as you’ve described it, it appears correct. The static routes are only relevant to each network’s respective primary router, NOT the shared router.

    Remember what I stated previously. Ideally you want to disable NAT and the firewall (and for completeness, DHCP). Otherwise, the WAN will not expose the ip scheme on the LAN side. You'll only be able to access the LAN network via port forwarding on the WAN ip. Not very convenient imo. The idea here is to make this as seamless as possible. However, you should be able to ping from the LAN side to the WAN side regardless of configuration, unless you’re simply encountering personal firewalls on those devices.
  24. eibgrad said:
    If these are independent networks, you can connect them to each other like any other networks, using an ordinary router! Let’s call it the “shared” router. The tricky part is properly configuring it.

    You connect the WAN of the shared router to a LAN port on the router of network 192.168.1.x, and connect a LAN port of the shared router to a LAN port on the router of network 192.168.2.x.

    [192.168.1.1](lan)<-- wire -->(wan)[shared router](lan)<-- wire -->(lan)[192.168.2.1]

    So now you have a physical path between the networks. The shared router acts as a gateway between them. The problem is that clients of either network don’t know that this gateway exists. By default, any network whose whereabouts are unknown will result in the client passing the request to its default gateway (usually its own router). But the router doesn’t know where the other network is either. So you need to add static routes to each network’s router so it can locate the other network, using either the WAN or LAN IP of the shared router, as appropriate. Also disable the shared router's DHCP server (we're not using it to support its own local network, it's ONLY a gateway). Finally, it works a lot smoother and easier if you drop the firewall on the shared router and disable NAT.

    It sounds more complicated than it really is. All you’re really doing is defining a new gateway and using a third router to support it, and updating each network’s router so clients of that network can find that gateway and thus access clients of the other network.


    Hi,
    Thank you for your clear and helpful explanation.
    My question is: why do we need a third (shared) router?
    Isn’t it enough just to connect a network cable from LAN to LAN and setup static routes on each router?
  25. dbgd said:
    eibgrad said:
    If these are independent networks, you can connect them to each other like any other networks, using an ordinary router! Let’s call it the “shared” router. The tricky part is properly configuring it.

    You connect the WAN of the shared router to a LAN port on the router of network 192.168.1.x, and connect a LAN port of the shared router to a LAN port on the router of network 192.168.2.x.

    [192.168.1.1](lan)<-- wire -->(wan)[shared router](lan)<-- wire -->(lan)[192.168.2.1]

    So now you have a physical path between the networks. The shared router acts as a gateway between them. The problem is that clients of either network don’t know that this gateway exists. By default, any network whose whereabouts are unknown will result in the client passing the request to its default gateway (usually its own router). But the router doesn’t know where the other network is either. So you need to add static routes to each network’s router so it can locate the other network, using either the WAN or LAN IP of the shared router, as appropriate. Also disable the shared router's DHCP server (we're not using it to support its own local network, it's ONLY a gateway). Finally, it works a lot smoother and easier if you drop the firewall on the shared router and disable NAT.

    It sounds more complicated than it really is. All you’re really doing is defining a new gateway and using a third router to support it, and updating each network’s router so clients of that network can find that gateway and thus access clients of the other network.


    Hi,
    Thank you for your clear and helpful explanation.
    My question is: why do we need a third (shared) router?
    Isn’t it enough just to connect a network cable from LAN to LAN and setup static routes on each router?




    There's a general networking principle at play here. If you have two separate networks, each w/ its own ip scope (e.g., 192.168.1.x and 10.0.0.x), and presumably each w/ its own gateway/ISP, you can't just simply connect them LAN to LAN and expect things to work correctly. It’s entirely possible that DHCP request from each network might be responded to by the other network’s DHCP server. Plus, you can’t control precisely who can and can’t access which resources.

    IOW, by connecting them LAN to LAN, you have, by definition, made them part of the same physical network. That’s not typically what you want. You merely want to ***route*** between the two networks. And how do you do that? Answer, you use a router!

    Now that said, you have several options in how you implement that router. One is to literally get another router device. Another (and something you would most likely see in a business setting) is to create a VLAN on one of the routers, then connect those routers VLAN to LAN, add static routes, firewall rules, etc. IOW, do it in software. Either way, it’s a router. But since it’s presumptuous to assume VLAN are available, it’s just prudent to recommend a new router device since that will always work.

    This is actually a very simple problem. All you’re doing is trying to find a way to get from one network to another. And you do that via routing. And a router is the mechanism/device that makes routing possible. There’s not a lick of difference in what is needed to route between two local networks and what it takes to route between your local network and the internet.
  26. Thank you for taking the time to explain this to me.

    This is the part I was missing:

    eibgrad said:

    There's a general networking principle at play here. If you have two separate networks, each w/ its own ip scope (e.g., 192.168.1.x and 10.0.0.x), and presumably each w/ its own gateway/ISP, you can't just simply connect them LAN to LAN and expect things to work correctly. It’s entirely possible that DHCP request from each network might be responded to by the other network’s DHCP server.

    Before you explained it to me I thought that each DHCP server can only respond to its own local ip scope.

    Once again, thank you for your clear and helpful explanation.
  27. Daniu said:
    I've tried following these instructions step-by-step, but I think I'm missing something.

    This is what I did:
    [Router 1] (192.168.2.1) (LAN) <-----> (WAN) (192.168.2.240) [Shared Router D-Link 655] (10.2.7.240) (LAN) <-----> (LAN) (10.2.7.1) [Router 2]

    Router 1 set the Shared router to static IP 192.168.2.240 and has the static route:
    Destination: 10.2.7.0
    Mask: 255.255.255.0
    Next Hop: 192.168.2.240
    Router 2 set the Shared router to static IP 10.2.7.240 and has the static route:
    Destination: 192.168.2.0
    Mask: 255.255.255.0
    Next Hop: 10.2.7.240

    From LAN 1 (192.168.2.x) I can ping the Shared router at 192.168.2.240
    From LAN 2 (10.2.7.x) I can ping the Shared router at 10.2.7.240

    However that's where the communication stops. I can't ping anything on LAN 2 from LAN 1, or vice versa.

    Do I need static routes inside the Shared router too? Or is the D-link router not appropriate for this test?

    I think the D-link is probably the problem because I think NAT cannot be disabled and it may be interfering with WAN-port functionality.



    Hi,

    I’m having the same problem, were you able to figure out the solution?

    Thanks
  28. eibgrad said:
    jaabi379 said:
    I think, this is the easiest one. but what IP i want to give to the shared router?


    You assign a static IP to the WAN and LAN interfaces that’s valid on the network each happens to be facing.

    Let’s assume the two networks are 192.168.1.x and 192.168.2.x. The WAN side of the shared router must face one of those networks, while the LAN side must face the other. Let’s assume the WAN faces the 192.168.1.x network, and the router used by the 192.168.1.x network is assigned 192.168.1.1. Assuming it’s available, assign the WAN ip of the shared router 192.168.1.2. Similarly, let’s assume the LAN faces the 192.168.2.x network, and the router used by the 192.168.2.x network is assigned 192.168.2.1. Assuming it’s available, assign the LAN ip of the shared router 192.168.2.2.

    You’re just giving the shared router valid IPs on its WAN and LAN interfaces so it’s addressable from each network.

    jaabi379 said:
    Also how to do static route, please put an example. i am not that much experienced.


    Most (but not all) routers will let you add static routes using the router’s GUI. You need to add static routes because the routers used by the respective networks (192.168.1.1 and 192.168.2.1 in our example) don’t know that a gateway between the two networks even exists.

    Continuing w/ our example IP assignments, we go to the GUI of the 192.168.1.1 router and add the following static route:

    Destination: 192.168.2.0
    Mask: 255.255.255.0
    Gateway: 192.168.1.2

    What this says is, any ip address in the 192.168.2.x network should be routed to the gateway at 192.68.1.2 (the WAN ip of the shared router we assigned previously).

    Similarly, we go to the GUI of the 192.168.2.1 router and add the following static route:

    Destination: 192.168.1.0
    Mask: 255.255.255.0
    Gateway: 192.168.2.2

    What this says is, any ip address in the 192.168.1.x network should be routed to the gateway at 192.68.2.2 (the LAN ip of the shared router we assigned previously).

    So now, anytime a client on either network refers to an ip address that resides on the other network, those clients will pass the traffic to their respective default gateways (which is the router on their respective networks), which in turn will pass the traffic to our shared router, because each router now KNOWS how to reach the other network thanks to our static routing.

    Admittedly, a lot of this sounds more complicated than it really is because we’re describing this in text rather than pictures, but hopefully some of it is sinking in.

    jaabi379 said:
    what you mean by "drop firewall" ? There is no separate firewall or anything here. Also don't have a server also.


    The firewall I was referring to was that of the shared router. By default, most routers block all traffic from the WAN side into the LAN side, while allowing traffic to flow freely from the LAN side to the WAN side. It would make sense to drop/disable the shared router’s firewall in this case. We want traffic to flow freely in either direction. If both these networks are going to share resources, they should be considered ”friendly” to each other, making the use of a firewall between them unnecessary. But if you want to use the firewall and restrict access between them (e.g., only allow specific IPs to talk to each other), you certainly have that option. But at least for initial setup purposes, it’s a lot easier to configure everything and make sure it’s working if you disable the shared router’s firewall.

    jaabi379 said:
    All is just like some computers we connected to a switch and switch to normal router from the Etisalat (provider).


    Sorry, I don’t understand the question (or if it even is a question).


    thanks for the detailed explanation.. this really helped however I have a question..

    My question is why use 192.168.1.2 and 192.168.2.2 as gateways? should we not use 192.168.1.1 and 192.168.2.1 as those will be the ip addresses of the routers?
  29. UrbanMyth said:
    jaabi379 said:
    I'm in a Office where 192.168.2.1 Network with a Router and Switch with 10 people. <...> another Company, with 192.168.1.1 Network with a Router and switch with 16 People. <...>
    How can I connect this two network, so when I ping from 192.168.1.1 to 192.168.2.1 , I get Pinged?

    Assume
    Gateways are 192.168.1.253 and 192.168.2.253
    New server on 192.168.1.252

    You need a "route" between the two networks that is set up on the routers. Your routers are key, as generally only enterprise class routers support what you need:

    On the ..1. network where the new server is, one port on the router need to be given a reserved IP address from the ..2. network - call it 192.168.2.251. NOTE this is a PORT on the 192.168.1.253 router. Cable this port back to the switch on the ..2. network.

    On the ..2. network you then need to define a route for traffic from that network to traverse to the new server .1.252 VIA the port on the ..1. network you just set up (192.168.2.251). Depending on the router, that might need to be an entry for each client, or an overall route on a mask...

    I've done this on Nortel kit connected to just about anything, and using WatchGuards. It is possible to do the routing at a point inside the router if you have a hardware proxy or firewall with added capabilities.... I believe it's also possible using small specialist routers running pfsense/iptables/monowall etc which are *way* cheaper than WatchGuards or Nortel routers :).

    Good luck
  30. If you have not bought the erp software , consider buying allrounder ERP which doesnt have a license problem , like this.
    they trust the clients. so as long as you use it for your company , you need only one license. and it is cloud based 3 tier ERP.
    there is a Job costing module , if your company needs to track and control Jobs

    if you are interested , the following is their contact.

    9895380516
    Pradeep V.K

    Regards
    Noor M.K
  31. I know it's way to late in the game, but the whole "subnetting" 192.168.1.x and 192.168.2.x as two seperate "C" class networks isn't required with CIDR (Classless interdomain routing designed to pump life into IPv4) so feel free to run 192.0.0.1 all the way upto 192.255.255.254


    And it's as legit to split a 10.0.0.1 to 10.0.0.255 class "C" if you want. As for frills and perks to having 2 seperate DHCP servers there MAY be. Just make sure the "scope" (techie term for assigned overlap) doesn't conflict. Many Higher featured "A and C/N" routers have "guest" networks which is a godsend if you take the time to set it up secure. Think of overlapping layers of securtiy. First you need that Crummy WEP only Verizon terd they handed off to you, which cant dreram about security let alone accomplish that. So start with the weakest OUT. Another pet gripe is damn kids and their "have-to-have-UPnP" so they can play (So malware has the freedom to port forward whatever/whenever////) but don't give up hope. Lock each progressive layer down tighter with strict rules (No auto PortForward, No keeping the use of root logons or standard port "22" anyway and that's pretty much the ONLY port you need so port knocking could diguese it by allowing a time window for a sucessful logon. Any other port can be tunneled over SSH and should be anyway. And in my insanity and unwillingness to accept I was CLEAN HACKED for following all this I should have created keypairs and not used passwords. That was my downfall... I don't give a rats ass as of now as I have already lost my job over the CIA putting biochemo-nanotechnology into my body (It's a Old Nazi Mind control thing with Dr Olsen jumpin out a window in the 60's plus a real eye opener in what IS possible NOW. (Off topic but Samsung G5, toss it in the trash along with TV, edcucation, "NO KID LEFT BEHIND") so they at least gave a me a laugh about the "Flash Player Update which running linux got the joke...)" and as I was typing in the dark they substituted my backspace key or a ")" so yeah..... the hard locked (well a solf-brick Netgear WNDR4300) Ohh... BTW always make straight through cables BUT be carefull as they're many different color organazations and all seem legit so if you start the job should finish it. Can also go for nonstandard subnetting like 192.128.0.0 subnet 255/128/0/0 to 192.255.255.254 subnet 255/128/255/255. RFC's should be gone back over and well... Clarified!
  32. I have the same issue,

    I'm trying to connect lan of other company to ours in same floor.. the thing is i only want them to access 1 folder and nothing else. and same goes to them. is that possible?
  33. kikoman69 said:
    I have the same issue,

    I'm trying to connect lan of other company to ours in same floor.. the thing is i only want them to access 1 folder and nothing else. and same goes to them. is that possible?

    Please do not hijack a thread year-and-half old!

    What you will be sharing on that folder? Files? Databases?
    Have you considered something like Dropbox?
  34. Alabalcho said:
    kikoman69 said:
    I have the same issue,

    I'm trying to connect lan of other company to ours in same floor.. the thing is i only want them to access 1 folder and nothing else. and same goes to them. is that possible?

    Please do not hijack a thread year-and-half old!

    What you will be sharing on that folder? Files? Databases?
    Have you considered something like Dropbox?


    Well, big files. minimum of 10 - 20gb per file. the thing is i only need to view certain files so instead of going all the way to their office and burrow a computer to view a file, I could just open it here via network then send them a message regarding my opinion on whatever the file is about.

    but the thing is like i said i dont want them to access another file on my server and also my internet. is that possible?
  35. If you are just going to "view" the file, may be remote-desktop solution will be better idea. Moving 20gb file, even on fast network, will take some time.
  36. eibgrad said:
    dbgd said:
    eibgrad said:
    If these are independent networks, you can connect them to each other like any other networks, using an ordinary router! Let’s call it the “shared” router. The tricky part is properly configuring it.

    You connect the WAN of the shared router to a LAN port on the router of network 192.168.1.x, and connect a LAN port of the shared router to a LAN port on the router of network 192.168.2.x.

    [192.168.1.1](lan)<-- wire -->(wan)[shared router](lan)<-- wire -->(lan)[192.168.2.1]

    So now you have a physical path between the networks. The shared router acts as a gateway between them. The problem is that clients of either network don’t know that this gateway exists. By default, any network whose whereabouts are unknown will result in the client passing the request to its default gateway (usually its own router). But the router doesn’t know where the other network is either. So you need to add static routes to each network’s router so it can locate the other network, using either the WAN or LAN IP of the shared router, as appropriate. Also disable the shared router's DHCP server (we're not using it to support its own local network, it's ONLY a gateway). Finally, it works a lot smoother and easier if you drop the firewall on the shared router and disable NAT.

    It sounds more complicated than it really is. All you’re really doing is defining a new gateway and using a third router to support it, and updating each network’s router so clients of that network can find that gateway and thus access clients of the other network.


    Hi,
    Thank you for your clear and helpful explanation.
    My question is: why do we need a third (shared) router?
    Isn’t it enough just to connect a network cable from LAN to LAN and setup static routes on each router?




    There's a general networking principle at play here. If you have two separate networks, each w/ its own ip scope (e.g., 192.168.1.x and 10.0.0.x), and presumably each w/ its own gateway/ISP, you can't just simply connect them LAN to LAN and expect things to work correctly. It’s entirely possible that DHCP request from each network might be responded to by the other network’s DHCP server. Plus, you can’t control precisely who can and can’t access which resources.

    IOW, by connecting them LAN to LAN, you have, by definition, made them part of the same physical network. That’s not typically what you want. You merely want to ***route*** between the two networks. And how do you do that? Answer, you use a router!

    Now that said, you have several options in how you implement that router. One is to literally get another router device. Another (and something you would most likely see in a business setting) is to create a VLAN on one of the routers, then connect those routers VLAN to LAN, add static routes, firewall rules, etc. IOW, do it in software. Either way, it’s a router. But since it’s presumptuous to assume VLAN are available, it’s just prudent to recommend a new router device since that will always work.

    This is actually a very simple problem. All you’re doing is trying to find a way to get from one network to another. And you do that via routing. And a router is the mechanism/device that makes routing possible. There’s not a lick of difference in what is needed to route between two local networks and what it takes to route between your local network and the internet.


    Hi "Eibgrad" and folks.

    I’ll start asking for excuses about my poor english. I’m a Brazilian guy and I don’t use to write or talk in english often. So, if I made mistakes, please forgive me.

    I’m client of an ISP/IPTV provider that impose me to use a router (they lend this router to the clients) but this is not enough for my needs – specially because the Wireless Radio poor coverage. This “imposing” occurs because this D'Link (DMG-6661) personalized router have some configuring features which are not usual in a ordinary domestic router – like vLan’s setup, etc.

    So, I used the "PPPoE PassThrough" to by pass the authentication to another router that I bought and – this way - my LAN needs were satisfied.

    But, on the IPTV side, I have lost some features from the set top box that uses Internet traffic.

    My present setup is:


    a-) Company’s router have a Class C LAN configured at 192.168.1.x range with DHCP on 192.168.1.200 to 254 for itself because the 3 set top boxes.

    b-) my own router does the PPPoE authentication and its LAN is configured on the 192.168.0.X range --- managing about 12/15 devices/clientes (eg laptops, smartphones, Smart Tv’s, etc...).

    What I’m needing now?

    Transfer to Company’s Router (192.168.1.1) – from my own router - the WAN connection, recovering those interactive features that I lost.

    I’m not networking experienced and all my last tries failed.

    Reading this topic I guessed if "Eibgrad" solution could work for me? But I’m preferring to ask before spent more money buying the “shared router" to get no sucess.

    If any ideas / advices ... I’ll be grateful

    Thanks in advance.
  37. Marco_ar said:

    Hi "Eibgrad" and folks.

    I’ll start asking for excuses about my poor english. I’m a Brazilian guy and I don’t use to write or talk in english often. So, if I made mistakes, please forgive me.

    I’m client of an ISP/IPTV provider that impose me to use a router (they lend this router to the clients) but this is not enough for my needs – specially because the Wireless Radio poor coverage. This “imposing” occurs because this D'Link (DMG-6661) personalized router have some configuring features which are not usual in a ordinary domestic router – like vLan’s setup, etc.

    So, I used the "PPPoE PassThrough" to by pass the authentication to another router that I bought and – this way - my LAN needs were satisfied.

    But, on the IPTV side, I have lost some features from the set top box that uses Internet traffic.

    My present setup is:


    a-) Company’s router have a Class C LAN configured at 192.168.1.x range with DHCP on 192.168.1.200 to 254 for itself because the 3 set top boxes.

    b-) my own router does the PPPoE authentication and its LAN is configured on the 192.168.0.X range --- managing about 12/15 devices/clientes (eg laptops, smartphones, Smart Tv’s, etc...).

    What I’m needing now?

    Transfer to Company’s Router (192.168.1.1) – from my own router - the WAN connection, recovering those interactive features that I lost.

    I’m not networking experienced and all my last tries failed.

    Reading this topic I guessed if "Eibgrad" solution could work for me? But I’m preferring to ask before spent more money buying the “shared router" to get no sucess.

    If any ideas / advices ... I’ll be grateful

    Thanks in advance.


    This is a very different problem from the OP. And it deserves its own thread. But I’ll make an attempt.

    What you have from the ISP is a special modem+router that supports VLANs. The ISP requires that certain services have their own unique public IP (e.g., IPTV) separate from your other internet services (browsing, email, etc.). And that’s done by tagging the traffic so that your modem+router can distinguish one type of traffic from another, then direct that traffic out the apppropiate VLAN and associate port(s).

    But now you’ve decided to reconfigure the ISP’s modem+router into only a modem (i.e., bridge mode) and now YOU have to take responsibility for dealing w/ that tagged VLAN traffic. But that assumes a) you have a VLAN capable router and b) you know how to configure VLANs and tagging. That may be more than you’re currently capable of both in terms of hardware and skills.

    That’s why it’s probably better that you DON’T bridge the ISP’s modem+router, and instead just connect your new router to the LAN port(s) designated for general purposes, and connect the other port(s) to their specific services (e.g., IPTV). Not unless you can give me a very specific reason this doesn’t work for you. Because setting up VLANs and tagging is a complex process.
  38. Edited
  39. eibgrad said:


    This is a very different problem from the OP. And it deserves its own thread. But I’ll make an attempt.

    What you have from the ISP is a special modem+router that supports VLANs. The ISP requires that certain services have their own unique public IP (e.g., IPTV) separate from your other internet services (browsing, email, etc.). And that’s done by tagging the traffic so that your modem+router can distinguish one type of traffic from another, then direct that traffic out the apppropiate VLAN and associate port(s).

    But now you’ve decided to reconfigure the ISP’s modem+router into only a modem (i.e., bridge mode) and now YOU have to take responsibility for dealing w/ that tagged VLAN traffic. But that assumes a) you have a VLAN capable router and b) you know how to configure VLANs and tagging. That may be more than you’re currently capable of both in terms of hardware and skills.

    That’s why it’s probably better that you DON’T bridge the ISP’s modem+router, and instead just connect your new router to the LAN port(s) designated for general purposes, and connect the other port(s) to their specific services (e.g., IPTV). Not unless you can give me a very specific reason this doesn’t work for you. Because setting up VLANs and tagging is a complex process.



    Hi "Eibgrad"

    Thanks for replying.

    You’re complete right when you said to open new thread and I already did it.

    You’re complete right again when say that I have not enough networking skills to deal with vLans. And that’s because I’m looking for some help.

    And I guess I also wasn’t clear enough to clarify the situation.

    Like I already told to “provider” clients support, - nobody must be an Electrician Engineer to be able to have a refrigerator at home. But I cannot be obliged to accept a “free refrigerator” that doesn’t make me “ice”!!!

    The Provider installed a Fiber Optic Modem that connects to their custom DLink DMG-6661. This router, like I said, offers some unusual features – like vLans tagging, Coaxial HPNA support to set top boxes signals), etc.

    But it’s unable to:

    - wireless stream 2 (or more) simultaneous HD videos;
    - using LAN to LAN the wireless doesn’t transfer anything more than 50mbps – slower than downloading from internet (100mbps my link). Backing up is a pain in the ….
    - 5Ghz radio doesn’t connects anything far from more than 10 feet and 2,4Ghz coverage is a (bad) joke.

    I tried to use the HPNA cabling + Range Extenders but the bandwith was not enough to WAN and IPTV demands. IPTV signal freezes.

    That’s why I bypassed PPPoE authentication transferring WAN (vLAN 10 tagged through DMG-6661 gigabit switch) traffic to another (and better) router. I bought a D Link DIR-850L for compatibility which is sold to 200m² (667 ft²) coverage, AC1200 mbps with free cloud services and others cosmetics.

    But, these cloud services depends on DIR-850L being directly connected to the WAN. If bridging - cloud services doesn't works. Double NAT issues (I guess).

    This is my specific reason to not bridging.

    So, my networking needs was totaly satisfied with.

    But, the interactive features from the set top boxes were lost. It needs WAN traffic that DMG-6661 are not doing anymore.

    Finally, I’m trying to get a way to send WAN traffic from DIR-850L to DMG-6661.

    - I connected both using LAN to LAN ports and both networks (192.168.1.x and 192.168.0.x) dropped.
    - I connected a third router (DLink DIR-524) creating another LAN (192.168.2.x) from the DIR-850L - LAN to WAN ports - and to DMG-6661 using LAN to LAN ports. Nothing again. LAN 192.168.0.x (DIR-850L doesn’t dropped). LAN 192.168.1.X (DMG-6661 also doesn’t dropped). But no WAN on DMG-6661.

    Now I’m guessing about “advanced routing rules” to solve this question. But I don’t know how to.

    I guess I’m close to deal with this issue but DLink and “Telefonica Brasil” doesn’t offer quality technician support.

    Am I wrong thinking “static routing” could solve if using this “third (shared) router”???
  40. jaabi379 said:
    I'm in a Office where 192.168.2.1 Network with a Router and Switch with 10 people. On the Same Floor, there is another Company, with 192.168.1.1 Network with a Router and switch with 16 People. Both Company is Under One Management. Then also using different Internet.

    Now planning to Purchase FOCUS ERP Software with One License to use on both Company.

    How can I connect this two network, so when I ping from 192.168.1.1 to 192.168.2.1 , I get Pinged?

    Please help. I can pull the Network cable from here to there.



    Your Problem is simple. If you can pull LAN cable between the two networks, just have a switch hub and only one router that provides DHCP (say the 192.168.1.1 router gate way only that provides 192.168.1.2 to 192.168.1.250 IP addresses) with fast internet on that router. Computer stations + Servers not yet exceeded 250 right? You can do this.
  41. eibgrad said:
    dbgd said:
    eibgrad said:
    If these are independent networks, you can connect them to each other like any other networks, using an ordinary router! Let’s call it the “shared” router. The tricky part is properly configuring it.

    You connect the WAN of the shared router to a LAN port on the router of network 192.168.1.x, and connect a LAN port of the shared router to a LAN port on the router of network 192.168.2.x.

    [192.168.1.1](lan)<-- wire -->(wan)[shared router](lan)<-- wire -->(lan)[192.168.2.1]

    So now you have a physical path between the networks. The shared router acts as a gateway between them. The problem is that clients of either network don’t know that this gateway exists. By default, any network whose whereabouts are unknown will result in the client passing the request to its default gateway (usually its own router). But the router doesn’t know where the other network is either. So you need to add static routes to each network’s router so it can locate the other network, using either the WAN or LAN IP of the shared router, as appropriate. Also disable the shared router's DHCP server (we're not using it to support its own local network, it's ONLY a gateway). Finally, it works a lot smoother and easier if you drop the firewall on the shared router and disable NAT.

    It sounds more complicated than it really is. All you’re really doing is defining a new gateway and using a third router to support it, and updating each network’s router so clients of that network can find that gateway and thus access clients of the other network.


    Hi,
    Thank you for your clear and helpful explanation.
    My question is: why do we need a third (shared) router?
    Isn’t it enough just to connect a network cable from LAN to LAN and setup static routes on each router?




    There's a general networking principle at play here. If you have two separate networks, each w/ its own ip scope (e.g., 192.168.1.x and 10.0.0.x), and presumably each w/ its own gateway/ISP, you can't just simply connect them LAN to LAN and expect things to work correctly. It’s entirely possible that DHCP request from each network might be responded to by the other network’s DHCP server. Plus, you can’t control precisely who can and can’t access which resources.

    IOW, by connecting them LAN to LAN, you have, by definition, made them part of the same physical network. That’s not typically what you want. You merely want to ***route*** between the two networks. And how do you do that? Answer, you use a router!

    Now that said, you have several options in how you implement that router. One is to literally get another router device. Another (and something you would most likely see in a business setting) is to create a VLAN on one of the routers, then connect those routers VLAN to LAN, add static routes, firewall rules, etc. IOW, do it in software. Either way, it’s a router. But since it’s presumptuous to assume VLAN are available, it’s just prudent to recommend a new router device since that will always work.

    This is actually a very simple problem. All you’re doing is trying to find a way to get from one network to another. And you do that via routing. And a router is the mechanism/device that makes routing possible. There’s not a lick of difference in what is needed to route between two local networks and what it takes to route between your local network and the internet.


    Your explanation is very very helpful thanks for that
    my question though is if I want to go about it using software i.e creating a VLAN and then connecting it to the LAN
    The scenario Im dealing with is that the two networks that I have to connect are in two different buildings a mile apart.
    so how do I connect the VLAN to the LAN in my case
  42. 6707099936 said:
    I know it's way to late in the game, but the whole "subnetting" 192.168.1.x and 192.168.2.x as two seperate "C" class networks isn't required with CIDR (Classless interdomain routing designed to pump life into IPv4) so feel free to run 192.0.0.1 all the way upto 192.255.255.254


    And it's as legit to split a 10.0.0.1 to 10.0.0.255 class "C" if you want. As for frills and perks to having 2 seperate DHCP servers there MAY be. Just make sure the "scope" (techie term for assigned overlap) doesn't conflict. Many Higher featured "A and C/N" routers have "guest" networks which is a godsend if you take the time to set it up secure. Think of overlapping layers of securtiy. First you need that Crummy WEP only Verizon terd they handed off to you, which cant dreram about security let alone accomplish that. So start with the weakest OUT. Another pet gripe is damn kids and their "have-to-have-UPnP" so they can play (So malware has the freedom to port forward whatever/whenever////) but don't give up hope. Lock each progressive layer down tighter with strict rules (No auto PortForward, No keeping the use of root logons or standard port "22" anyway and that's pretty much the ONLY port you need so port knocking could diguese it by allowing a time window for a sucessful logon. Any other port can be tunneled over SSH and should be anyway. And in my insanity and unwillingness to accept I was CLEAN HACKED for following all this I should have created keypairs and not used passwords. That was my downfall... I don't give a rats ass as of now as I have already lost my job over the CIA putting biochemo-nanotechnology into my body (It's a Old Nazi Mind control thing with Dr Olsen jumpin out a window in the 60's plus a real eye opener in what IS possible NOW. (Off topic but Samsung G5, toss it in the trash along with TV, edcucation, "NO KID LEFT BEHIND") so they at least gave a me a laugh about the "Flash Player Update which running linux got the joke...)" and as I was typing in the dark they substituted my backspace key or a ")" so yeah..... the hard locked (well a solf-brick Netgear WNDR4300) Ohh... BTW always make straight through cables BUT be carefull as they're many different color organazations and all seem legit so if you start the job should finish it. Can also go for nonstandard subnetting like 192.128.0.0 subnet 255/128/0/0 to 192.255.255.254 subnet 255/128/255/255. RFC's should be gone back over and well... Clarified!


    subnet 255.128.255.255 ? :-P I need some of what you're on...
Ask a new question

Read More

to LAN Connection routing Networking