IP Address Assignments and DHCP Setup for Complex Home Network

Toggle sidebar Toggle sidebar
J

jacham04

Honorable
Sep 24, 2013
5
0
10,510
I am a moderately experienced novice computer user and network installer, compared to some of the experienced and knowledgeable users within this community. I have setup several home and small office networks over the years, but my latest home networking project is beginning to seem over my head or maybe just overwhelming.

My initial request for help here is related to DHCP, DHCP Reservations, and Static IP addressing for the components within my wired network. I would like to leave my wireless routers and access points in DHCP for the wireless devices that will be connecting but I am not sure whether the wired devices connected to the router(s) should have DHCP Reserved or Static IP connections/addresses.

Beginning with the Zyxel USG50 Firewall Router my assumption is that I should assign a Static IP for each device with a wired connection except for the LAN port connected to the Trendnet Switch so that any device I connect to it will automatically be assigned an IP address. Similarly, for each wired connection to the LAN ports of the Zyxel Router I should assign Static IP addresses with different subnets so that I can segment each of the subsequent networks that will be created. For example, LAN port 1 of the Zyxel Router with wired connection to the Apple Airport Extreme should be given a Static IP of 192.168.1.1, then LAN port 2 of the Zxyel Router to the Linksys Router with Static IP of 192.168.2.1, and so on.

Forgive me if I am not using the correct terminology on any of this or if my diagram is unusable because of any incorrect assumptions I've made. Note I've included direct and indirect wired connections between all routers, the switch, and the server assuming it could be setup in a way to optimize connections within the home so that server would be accessible no matter the wireless router a device was connected, especially from the switch to the server as the cameras will be controlled and recorded by/onto it.

L.png



 
Sort by date Sort by votes
Skeefers

Skeefers

Honorable
Aug 7, 2013
518
0
11,360
If I'm understanding what your goal is, and what you've described and diagrammed above, it looks like you're on the right track for the most part.

As for the static IP versus DHCP reservation question, it really won't matter which you go with in this case. Both essentially have the same end result (i.e. a device always has the same IP on your network), and since it doesn't appear that any of the devices you wish to use the static IP or reservation for are portable, you should be fine either way you go.

My only question is this, why does your server connect to every router and switch? Unless you have some specific reason for it, every device connected to each of your routers and switches will be able to contact the server just fine if it is only connected to one network device (I would recommend leaving it on the firewall router), so those other 3 connections would be a waste of your time to configure and a waste of CAT-5 cable.
 
Upvote 0 Downvote
J

jacham04

Honorable
Sep 24, 2013
5
0
10,510


Thanks for the quick reply. As for the extra wired connections to the server I am not sure I have a reason so thanks for pointing that out.

I am sure this question has been asked countless times in other threads but I keep getting tripped up on router settings, especially when setting up connections between two routers. Is it as easy as assigning a static IP of 192.168.1.1 to LAN port 1 Zyxel Router then make the Router IP of one of my routers 192.168.1.1? Also, should I setup and use Static DNS or WINS?

If anyone could provide a quick example of IP address assignments starting at the Zyxel Router through the Trendnet Switch to one of the TP-Link Access Points I think it would be very helpful, and if nothing else help me pin point my questions.
 
Upvote 0 Downvote
Skeefers

Skeefers

Honorable
Aug 7, 2013
518
0
11,360
I'm at work right now, and I'm a bit busy this morning, so I'll answer when I get a chance. I can explain a good configuration for the IPs, including what is best to have set statically, but it won't be short so it'll have to wait until my lunch break most likely. It's pretty easy to set up, but I want to make sure to explain it thoroughly and I may even do a little diagram for you.
 
Upvote 0 Downvote
Skeefers

Skeefers

Honorable
Aug 7, 2013
518
0
11,360
I'm going to work under the assumption that each of your routers (to include the firewall router) are capable of assigning DHCP IP addresses (WINS doesn't assign IPs). If each router's WAN port is connected to a LAN port on another router, it will pull a DHCP IP address from the next router up the line (i.e. the firewall router will get an IP from the cable modem, the Airport will get an IP from the firewall router). The only devices I suggest setting a static IP on would be the server, printer, and the cameras; DHCP should work for everything else.

In order to make sure everything works well together, and to prevent any major issues with IP addressing, I'm going to suggest the following setup on each of the devices below:

1) set the DHCP scope of the firewall router to begin at a.a.a.10
2) set the DHCP scope of the first Airport router to begin at b.b.b.10
3) set the DHCP scope of the Linksys router to begin at c.c.c.10
4) set the DHCP scope of the second Airport router to begin at d.d.d.10

Each scope should be on a different subnet in order to prevent conflicts. Each letter above (a, b, c and d) should be a number 1-254, and they don't need to match even though I used the same letter in several places. I'm assuming that the switch and the wireless access points are not capable of assigning DHCP IP addresses, and just work to extend the network; if this isn't the case then assign their DHCP scopes to start at .10 of another different DHCP scope.

For your devices that require static IPs (the server, printer and cameras), assign them an IP that matches the DHCP scope of the router they connect to, but end their IP in 1-9 (i.e. the server, when connected only to the firewall router as we discussed earlier, would be assigned a.a.a.1-9).

If this isn't clear (I typed it up pretty fast), or if you have any other questions, let me know and I'll be more than happy to help you out.
 
Upvote 0 Downvote
B

bill001g

Titan
Aug 9, 2012
28,325
2,755
125,640
You are going to have quite a few problems if you let the devices in your network be routers instead of dumb switches and AP. Maybe that is why you intend since you have put the firewall in each vlan with the gateway. I would run all the DHCP from the firewall also because some of the so called "routers" only do DHCP properly when the traffic flows from wan/lan instead of lan/lan. Of course most difficult issue running as a router is the NAT so you want to avoid that and only do the nat int the cable modem or your firewall. So the only device I would propose you have that does routing is your firewall

Another concern would be the assignment of SSID. Since you are going to use different subnets I would also use different SSID. A lot of people like the idea that the PC will switch from AP to AP automatically when you use the same ssid. If we ignore the delays due to keys and security what happens is it will switch and get back on the network but it will not always drop the IP. So in your configuration you now have a IP on the wrong subnet and it will not work until you manually release and renew. Still even if it would manage to somehow get a new IP you are going to lose all your open sessions anyway because the IP changed.

I would just use different SSID then you are in total control of if and when it would switch. It tends to be a pain for uneducated users to have to keep changing the SSID they connect to but having a PC change it unexpectedly tends to more frustrating.
 
Upvote 0 Downvote
RealBeast

RealBeast

Titan
Moderator
Sep 13, 2010
17,109
474
104,790
^ +1 I would follow Bill001g's advise on this, one router at the gateway and different SSIDs for the subnets.

I would assign static addresses to all the routers that are configured as APs, to printers, and only for other devices that require a static address.
 
Upvote 0 Downvote
Skeefers

Skeefers

Honorable
Aug 7, 2013
518
0
11,360
Bill,

Here is my question to you:

If you want to use different SSIDs for each AP/wireless router, which I agree with but forgot to mention in my other posts, how do you propose those devices procure an IP address if each AP/wireless router isn't working as a DHCP server? Will the DHCP client broadcast request push forward through each AP/wireless router to the firewall router to acquire its IP address? I've never tried this, but my assumption was that unless an IP address is statically assigned in these cases, the device wouldn't be able to communicate with the firewall router.

I do agree that NAT should only be turned on at the firewall router, but didn't think of that initially. I also agree with setting the router and AP WAN IP addresses statically, so thanks for picking up on those issues with my idea. That said, I've run several nested DHCP networks like what I described above in the past and never had issues with them; in fact, I've had more problems when using multiple routers/APs using IPs on the same subnet than not.
 
Upvote 0 Downvote
B

bill001g

Titan
Aug 9, 2012
28,325
2,755
125,640
If we assume it is a actual AP it is a end device. You almost always statically configure them. Very technically it does not need a IP at all. The IP is only used to manage the device and if you were running enterprise mode security and it needed to talk to a radius server.

DHCP is broadcast so it forwarded transparently by the device since it is acting as a switch. Broadcasts are only stopped by a router.

You can use a local dhcp server on a segment. That is the old way to do it where you would have some form of actual server on each segment. Most commercial installations do not even run DHCP on the routers they use what is called a helper and point it to a remote server that can be in a different location. Helper is how you get a broadcast to cross a router boundary. You run all the location and all the routers from one central server for the whole company....it really helps when you need to know which users are using what ip addresses.
I tend to just like to have all my DHCP in one place and the easiest in this example in the firewall. I think the key difference in this example is he actually has a device that is designed to support multiple subnets. Most people using consumer routers are lucky if it even will allow a second subnet much less a second or more DHCP pool.
 
Upvote 0 Downvote
Skeefers

Skeefers

Honorable
Aug 7, 2013
518
0
11,360
I've configured helpers on routers in an enterprise environment, so I know exactly what you're saying, I just couldn't think of how to do it with a cable router; of course, I didn't factor in that you suggested switching each of those devices to a switch thus negating the issue. I also didn't know that his firewall router was capable of doing all of what you're saying it is. I do agree that having your DHCP pool in one location is preferable to my initial configuration above, but until you enlightened me I didn't think it was possible with this equipment. Thanks again.

Jacham04, if you need some clarification on how Bill001g's ideas factor in to what I suggested earlier, please let me know and I can lay it out in a more detailed format for you.
 
Upvote 0 Downvote
J

jacham04

Honorable
Sep 24, 2013
5
0
10,510


Wow thanks for all the discussion on the subject as it was very enlightening. I apologize for the delay as I have been building the server to be part of the diagram provided above.

1) I had planned on using different SSIDs.
2) This is my first time using a gateway router as advanced as the Zyxel is so much of the setup I am needing to do is new to me. Each wired LAN has the ability to function independently as a DHCP or can be group together. I thought I wanted to use separate LANs for each network segment as diagrammed in hopes I could make the overall network more efficient. However, my lack of understanding of VLANs and DNS is causing me some confusion. My Zxyel says I can create VLANs over the top of only one LAN not multiple, which had been my assumption. The resulting problem is I am not sure how to keep the LANs physically segment but allow end devices to communicate with each other across the LANs. From my basic understanding my next assumption would be that I add each device to the Zyxel's DNS? For example, if my Mac Laptop is connected through my Airport Extreme wirelessly, and my Airport Extreme connected to my Zxyel firewall on its own LAN, i.e. 192.168.2.1 then I want to send a document to my printer which is connected to my server that is connected to the Zyxel on a different LAN, i.e. 192.168.3.1. In general, how does my Mac figure out that the printer is within my overall internal LAN but just located on a different LAN than itself? Perhaps my assumption about making the network more efficient by segmenting the LANs is false. My plan was to make the segmentation along the lines of media type or device users etc. so that traffic could be divided/balanced physically first then further divided/balanced by VLANs within the Zyxel. After doing some research within the Zxyel's options I see that I can group/ungroup the LAN ports as well as create Bridge Interfaces to allow layer 2 communication between LAN ports.
3) This is also my first time using access points so until reading the above discussion I was not aware that they were considered end devices. My assumption based on Bill's description is that they will function as a wireless broadcaster of the Zyxel's DHCP? However, the routers will receive their IP via Zyxel's DHCP, but each of their connected devices must then be statically assigned their IPs because having multiple DHCP servers can cause problems. That's assuming, which is actually my fear, that my routers do not have the ability to function as access points which can rebroadcast the DHCP from their WAN port.
4) Bill noted that my Zyxel firewall has the ability of multiple subnets, but are we talking about the LAN ports having ability to be segmented or something else. I understand on a standard home router that all devices on the LAN have the same subnet which is the subnet of the routers LAN side, and the subnet of the WAN side must be different so how does this apply towards my goal of segmenting the LANs while opening/creating a way for devices to communicate across separate LANs?
5) If at all possible could someone use my diagram to give me a general idea of standard settings used if the Zxyel is my DHCP for the LAN segment with the Trendnet Switch and one of the other LAN segments with a second router.

Thanks in advance for the time you may take to read my post and consider any replies.
 
Upvote 0 Downvote
S

sg4rb0

Honorable
Dec 4, 2012
214
0
10,760
Hi,

The solution is very simple. See my diagram below

http://postimg.org/image/9makvk3or/

You can see I've assigned a subnet to each interface on the router. You can hard set all the IP's on the network devices (i.e. wireless routers etc. But NOT the clients - these will get DHCP IP's) within the range of that subnet. So the Apple router, for example, you could set it to use 192.168.0.2/24, and the Zyxel to 192.168.0.1/24.

All you need to do on the Apple router is just configure it the IP above, and set the gateway to 192.168.0.1. The Zyxel will then push out the IP addresses to all the cilents.

In the world of Cisco, I'd just say, treat all the wi-fi boxes & the switch as layer 2 devices, and the Zyxel as the only layer 3 device. It keeps management simple.


To answer some of your questions. Configuring my way - you were worried about the re-broadcasting of DHCP. Actually, because you set the access points (AP's) up in the same LAN segment (i.e. the same subnet) the broadcast goes beyond the access point by default. That's why I said treat it as a layer 2 switch. Also, on a side note, you won't connect the zyxel to the AP's WAN port, you will connect it to the LAN port.

The reason for subnetting is fairly simple. In large networks, when you send broadcast packets, they get sent to all the devices within that network range. So in my daigram, if the Zyxel sent a braodcast on the Apple Routers LAN segment (192.168.0.0/24) all the devices between 192.168.0.1 and 192.168.0.255 would be sent a message. However, if you had of just used this one subnet for all of the devices in the entire network, then every device would receive the packet. So we chop it up to stop this flooding.

In reality, you don't see that much broadcast packets (use wireshark on your PC and see how often it occurs). And the main "other" reason is so we can control traffic flow. If we changed your Zyxel to a Cisco or Juniper device, I could then make access lists and QoS configs that apply ONLY to a particular subnet. I can also stop one subnet speaking to another subnet. There's tonnes of stuff you can do. However, you are just trying to make it more efficient, and you won't notice any difference at all.

My diagram would be perfect because it keeps the network simple and easy to manage. It also provides you some flexibility in case you do need to start restricting access to subnets and putting policies in - should you buy a device with that capability.
 
Upvote 0 Downvote
J

jacham04

Honorable
Sep 24, 2013
5
0
10,510


I have updated the http source of my initially added network diagram with most of the addressing added for each appropriate connection. How is it looking? Since my Zyxel has separate Ethernet zones should I use different subnets for each zone as if they were individual routers? Thanks!
 
Upvote 0 Downvote
S

sg4rb0

Honorable
Dec 4, 2012
214
0
10,760
It's still very stetchy. You can't assign the same subnet to two different ports. So port 4 and port 3 are currently 192.168.1.0/24, which you cannot do. Also, you cannot use .0 as an IP address. The lowest starting IP is .1 . So you need to change the .0 addresses on the firewall, which will then require you to adjust all the default gateways.

Next you need to think about how traffic is going to get from the firewall to router linksys wireless-n. As it stands, the traffic from the firewall will only know how to reach the wireless box, however, it will not be able to reach the connected clients. If you want this fixing, you just need to add a static route on the firewall that points to the 172.16.2.0/24 subnet (if you need help with this i found a link from zxcel below. For your destination subnet you should put 172.16.2.0, mask 255.255.255.0, and next-hop to the ip on the linksys wireless router (which you have currently labelled as 192.168.2.1).

I'm not quite sure how you have done your left hand side of the network as the labelling is not very clear.

http://www.zyxel.com/guidemo/ZLD_v210/m_staticroute.html

If u want, send me a link to the file and I will update it. Maybe then it would be clearer
 
Upvote 0 Downvote
J

jacham04

Honorable
Sep 24, 2013
5
0
10,510


I've taken your suggestions and updated my diagram. You are welcome to make any additional updates/suggestions to the actual diagram by going to gliffy.com and logging in with username: jacham04 and password: tomshardware

I apologize if labeling is still unclear as I my method of labeling was effected by both my understanding of IP addressing and the object linking properties of Gliffy's web application.

I am aware that many static routes will need to be added to each router, and my understanding of static routes is they function to direct incoming packets of one subnet node to become outgoing packets towards the next determined subnet node. For example, to allow an end device of the Linksys router's subnet to be connected to an end device of the subnet of the Airport Extreme there must be a static route directing the LAN of the Linksys (192.168.4.1) to the WAN of the Linksys (192.168.2.2), then from the WAN of the Linksys to the LAN of the Zyxel (192.168.2.1), then from the LAN2 of the Zyxel to DMZ of the Zyxel (192.168.3.1), then from DMZ of the Zyxel to the WAN of the Airport Extreme (192.168.3.1), then from the WAN of the Airport Extreme to the LAN of the Airport Extreme (10.0.1.1), and then add static routes in the opposite direct.

While the Zyxel has three LAN Zones: LAN1, LAN2, and DMZ, there are 4 LAN ports which can be assigned to only one of the 3 LAN Zones so if you meant that the devices connected to the zone LAN1 via Port 3 & 4 will have different IP addresses then I understand but if you meant the actual ports would have different addresses then please explain.

Similarly, my understanding of IP addressing for a switch and AP is that they will be addressed as end devices within their subnet and the DHCP of the Zyxel will address any other end devices that connect through them. However, will static routes need to be added to the Zyxel and the TP-Link Access Points to direct packets through the switch? Of course if the switch and APs are end devices then it seems like my previous question would be a contradiction to my understanding of static routes as they function to direct packets from one subnet to the next. My confidence of the addressing for the segment of the Zyxel LAN1 subnet connected through Port 3 is not very high because my experience with these devices has only been within this project.

Thanks again for your help and the expert level of experience that is so gladly shared within this online community!
 
Upvote 0 Downvote
S

sg4rb0

Honorable
Dec 4, 2012
214
0
10,760
Much better.
The default gateway that the apple airport router sending out is incorrect though. It should be gateway 172.16.42.1.
The interface on the firewall, port 3 and port 4 also have the same ip address. You should use 192.168.4.1 on port 4 instead. You will obviously then have to change the server details to reflect this.
 
Upvote 0 Downvote
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom