Sign in with
Sign up | Sign in
Your question

2 Router Setup vs. 3 Router Setup

Last response: in Networking
April 22, 2006 6:24:34 PM

I read this article: and am interested in making 2 private LANs. I was wondering is the difference between using 3 routers(Modem--->Router 1-->Router 2 and Router 1--->Router 3) instead of 2 routers (Modem---->Router 1---->(Router 1 LAN port to Router 2 WAN port)

April 24, 2006 3:36:26 PM

Cost :p 

When going from router-to-router with say Linksys, you want to connect LAN port to LAN port no LAN to WAN. Depending on the router you'll most likely need a crossover cable to connect them. You may want only 1 of the routers to handle DHCP as well.
April 25, 2006 11:47:47 PM

What is the difference in terms of security if you connecting LAN to LAN rather than LAN to WAN?

Related resources
April 26, 2006 1:43:57 PM

There is no security differenc. It's just in my experience I've never had it or seen it work when connecting LAN to WAN.

Always LAN to LAN with that stuff.

The WAN port on SOHO routers is the only port that really makes the devices a router. The other 4 ports is just a switch.

So what you'll wanna do with your setup is have Internet>>>Router1>>PC's and ROuter2 connected to the switchport>>>and from Router2 you'll have your wireless or otther PC's. Just be sure to assign a static address for your second router because I don't think it will pull an address thru DHCP.
April 26, 2006 6:51:15 PM

lan to lan or lan to wan depends on how many different networks you want.
With 2 routers you can have two different networks. Each router will handle dhcp for its own network.
With 3 routers you could have 3 networks. Each router running its own dhcp of course.
Now if you want all three networks to be able to talk to each other then your going to need some routing tables.

If your hooking lan to lan you might as well just get a switch instead of a router.
June 21, 2006 3:51:22 PM

I have the exact opposite experience. We have 4 netgear products. 1 is teh firewall w/no dhcp on a .0.x network. I then have 3 netgear wifi router connected to it all running dhcp. router 1 and 2 are on a .0.x network and are setup to give ip address ranges that are seperate from each other and are connected lan to lan to teh netgear firewall. I've noticed that when a client connects to router 1 or router 2 there's a 50/50 chance it will get an ip address from either one. That bothers me and the internet works half of teh time on router 2.

the 3rd router has a network range of .10.x and when clients connect to it they also don't get the right ip address. Sometimes they get a .0.x from router 1 or 2 and sometimes they actually get a .10.x ip. the only way I have been able to get this wifi router working properly is to connect lan to wan from firewall to router. then the clients connect to that specifi wifi router and get a 10.x network.

I still don't understand why router 1&2 are behaving the way they are and why router 2 doesn't serve internet to wifi users properly. I've noticed if a wifi client connects to router 2 and gets an ip address from router 1 then the internet works like a charm.

Pleaese respond with any suggestions, b/c Netgears support team has been unable to solve the issues. They actually have techs saying different things. one said connect router lan to wan with firewall and teh day before they said always go lan to lan.
June 21, 2006 4:10:56 PM

So If I'm understanding this correctly when you connect to router 2 you might pull an address from router 1? If thats the case why not configure router 1 to handle the DHCP address only or if possible have the firewall hand out DHCP for the other 3 routers. And set the 3 router to static addresses. I'm not sure though how well DHCP pass thru works on wireless. I know on Linksys routers it doesn't like working at all.

How does access work on the 3rd router?

What happens if you give the PC's connected to any of the routers a static address?
June 21, 2006 4:29:06 PM

I think having the firewall handle the dhcp addresses is going to be 1 solution. The reason it is not is b/c we setup a new business (a) in a leased office space sharing a wall with another business (b). We worked an arrangement to split the T1 cost with them. I wanted to do as little changing as possible to (b)'s current network setup which was having their netgear wifi router plugged directly into the t1 router.

When we moved in I put a firewall/vpn netgear product into the mix and had the T1 router go into it's wan port instead of (b)'s router. I then plugged (b)'s router lan to lan into teh firewall as well as (a)'s wifi router. That seemed to work ok. (a) and (b)'s routers are set as static ip's of .0.10 and .0.20. (a)'s router hands out dhcp's of .50-.100 and (b)'s router hands out .101 - .253. At this point everything seemed to work well. All the hardwired clients to (a) and (b) were getting proper IP's if not static already and they could get to internet. I could connect to (a)'s router via wifi and wpa/psk encryption and surf the web. The gateways on both of these routers are set to point to .0.1 which is the vpn/firewall going to the T1.

All goes down hill with the 3rd router. Originally I set it up in our mgrs office connected to (a)'s router. It needed to be on a different IP scheme though so wifi users could not ping around and find the POS systems and manager computer. In the end I ran a cable and ultimately connected wan to lan on the vpn/firewall. The lan ip setup was, subnet of 255..0 and dhcp handing out addresses between .10.2 - .10.199. It's internal ip is setup to be, subnet of, and gateway of I can't explain the windows, but b/c it's a netgear wgr614 wifi router it lets you give it a lan ip setup scheme different than the basic setup scheme. I was told by techies that this is so you can put your dhcp clients on a different ip scheme than other pc's on the same network.

At this point we couldn't connect to (a)'s router via wpa/psk. We could connect to the 3rd router's ssid but we would usually get an ip from (a)'s router but not internet connect (although the hardwired pc's got internet) or we would get an ip in (b)'s range and the internet would work. If we actually got a .10.x ip we would also not get internet.

That's why I'm wondering if I need to be going form the firewall's lan port to all routers wan port in order to keep the dhcp crosstalk down. when I brought router 3 to our main office and hooked it up to our switches, lan to lan I had same results. Got an ip from the dhcp on our server and not the router + internet worked. As soon as I moved the cable from lan to wan on the router my laptop dropped teh signal, picked it back up, gave me a .10.x ip address and internet worked. I had the gateway of the router point to our firewall/gateway which is connected to our switches.

Thanks for the suggestion and reply.
June 21, 2006 4:48:08 PM

I could be mistaken, I'm not familiar with how netgear's operate. Going from LAN to WAN might be the correct way to do it with them.

I think one of the reasons router 1 and router 2 mess up is because they are both handing out addresses for DHCP on the network 192.168.0.x. Even though they are handing out different ranges the PC will get DHCP from whichever server responds first. I also think you need to configure the routers LAN IP with an address in 192.168.0.x network. And for router 3 configure it with the LAN IP 192.168.10.x. That way the router should recognize when it gets a DHCP request from the certain networks it knows to hand out DHCP for that one only.

Also on the WAN side of the routers you might want to configure a different scheme then, such as a network scheme. Or if possible give them live addresses from your address pool if you have enough.
June 21, 2006 5:15:39 PM

Ok I followed you up to the point about the wan port having a different ip scheme of like 10.x.x.x.
I got a call from netgear stating that router 3 should be connected lan to wan with the firewall. i'm going onsite and they are supposed to call me back in an hour while I'm out there.

There is an internet port which I set to be fixed at and, with a subnet of and dns nubmers given from our ISP. Are you saying I need to change those values to something given to us from our ISP or make them and respectively?
June 21, 2006 5:50:51 PM

If the Internet (WAN) ports on the routers 1 and 2 are fixed and and then you have 192.168.0 net as the LAN as well?

Is it possible to configure the interfaces on the netgear firewall with different networks. And then from there configure it with multiple DHCP pools to handle multiple networks? Basically having it serve as the gateway to all the other routers.

Actually you shouldn't have to change anything on the WAN ports except for routers 1 and 2. The reason why you receive addresses from router 1 when connected to router 2 is because they are on the same subnet(both 192.168.0.x). So what you can do is setup the Netgear firewall to hand out DHCP for the 192.168.0.x network. And have router 3 hand out its DHCP for network
June 21, 2006 6:55:46 PM

Sounds like a headache. Why not just buy the right equipment for the right job? spend a few extra bucks and get higher end equipement.
June 21, 2006 10:39:46 PM

Gee Mikey, your so full of wonderful advice. You've left me speechless with what, for "a few extra bucks", I would by to fix specifically this issue.

In all actuality Netgear support was not much help. After visiting with a trusted friend we finally worked it out. We solved it by placing a 4 port switch between the T1 router and the rest of the devices. We then got a hold of our isp to get a list of ip addresses that we owned for that T1. We owned 5. So we connected lan to wan to the fvs114 (used it as a router for business (a)), lan to wan on the 614 (business (b)) and then lan to wan to the wifi router (3) for unsecure clients. We then configured each wifi router with the ip routers for the company and all the same gateway (which is the T1 route). They are all running dhcp.

Everything seems to be working great now and we have the seperation of business that we wanted in the beginning. I just needed a fresh set of eyes and a few posts to get this running.

Thanks to you who actually posted with a possible solution. I never understood why people posted with something like, "gee, that wasn't the right way...." and never put how they would have done it.
June 21, 2006 11:49:17 PM

Ok, FIRST OFF I never said it was not the right way. You do what you need to do. I jsut simply stated that you should buy specific equipment for specific task. In example buy a firewall for a firewall feature or buy a gateway for a gateway and a router for a router. It seems to me that it is a bog headache and a run around to link multiple routers together. Sorry for not posting up to your par. You do your thing the way you want to do it and whichever way you decide. I was just making a comment. Am I not aloud to do this?? Also as far as your first message it was taken as you only had 1 IP. If you had all these IP's then that is not a issue to set this up and woudl not be a headache trying to route/not route non routable IP's.
June 22, 2006 2:49:58 AM

Before I ignore you thready I think you ought to look at Zakka's thread and look at your thread and see which threads are more helpful. I think any logical mind would agree that between the 2 people that chimed in on my issue yours was the least "positive, beneficial, or forward moving". As a matter of fact the way we set it up in the end saved us quite a bit of money. With so much functionality being built into modern day switches, routers, and wap's there's no need to buy single function pieces of equipment if you can help it. In the end we spend less than $200 bucks to set this up but I just needed a little help from people who were able to actually give advice rather than post non helpful/general statements such as "what a headache" but don't actually look at teh problem and post an attempt at a solution.

June 22, 2006 11:14:50 AM

Actually Im not going to waste my time. See ya, loser.
June 30, 2006 1:51:15 PM

I just skimmed the thread so forgive me if I missed anything. I'm currently running a 3 router setup in my home network. To keep things a bit standard, I've stuck with all Netgear products. I hvae a Netgear WGR614 as the first router that connects to my ISP. I then cascade 2 routers off of the WGR614. One is a WGT624 and the other is a FVS318. Everything works flawlessly with only an occassional hiccup where the WGT624 does something wierd and produces some sort of broadcast storm. Hasn't happened in a while and was too lazy at the time to do a packet sniff. Power cycling the WGT624 fixes the problem everytime. Anyways, back to the issue. You need to enable RIP to get the routers to play nice with each other. I like this setup as I have a dedicated DMZ network and decent isolation between my wireless and wired networks.