Sign in with
Sign up | Sign in
Your question

Setting up a network with 2 subnets

Tags:
  • Routers
  • PCS
  • Networking
Last response: in Networking
Share
August 9, 2006 12:09:16 AM

I have a home network with a Rogers cable modem, a WRT54G wired/wireless) router, a Belkin MIMO router (wired/wireless), 2 8-port switches and 4 PCs (legacy clients), one laptop (one or more PCs can be deligated as servers). I would like to set up 2 subnets, and use the routers as well for DHCP. My existing network is one subnet, but would like to set up 2. All PCs go to the router for IP. Do I need a multi-homed PC (multiple NICS for bridge) or do I have adaquate H/W to set this up? Not sure where to begin? The O/S is XP/2K mix. Thx.

More about : setting network subnets

August 9, 2006 2:32:02 AM

There is no real reason to set up 2 subnets unless you have more than 255 computers.

Do some research into subnet masks, if you want to pursue this further.
August 9, 2006 8:56:26 PM

If your routers support DHCP relay than you have all the equipment you need.
Related resources
August 14, 2006 8:17:37 AM

I'm with jjw here, your network isn't nearly big enough to need subnetting, neither from a bandwidth or number of hosts point of view. Still though, is there a particular reason you want to do this?
August 15, 2006 9:18:43 PM

Yep i agree with you, the essence of subnetting is to reduce your broadcast domain when you are managing a large network , there is no need for you to have two different subnets with just four PC's,if its for security reasons there are other ways to go about it, you can restrict object access using SACL
December 24, 2008 6:55:17 PM

just help the guy, don't tell him not to do what he wants to do!

i'm in the same boat with him. i have two routers to double my NAT protection. i don't care if you think i'm paranoid. the outside router is also my modem and i don't trust at&t. but the outside router provides wifi, therefore i want to subnet the outside clients (who are subjected to wep security) with the inside clients. please don't advise me that this is not a good idea. i just want to do it.
December 26, 2008 4:49:15 PM

Leave DHCP turned on on both routers. Change the gateway IP address on the second router to something different from the first router. This will give you two networks with two seperate DHCP servers.
December 27, 2008 4:11:03 AM

I don't really know what kind of setups those two routers have, but you will probably need three subnets. I'll give an example how they should maybe be setup, but you will have to figure out what to set in the routers.

WRT54G router will need a LAN IP of 192.168.0.1 with a subnet of 255.255.255.192
Belkin MIMO router will need a LAN IP of 192.168.0.65 with a subnet of 255.255.255.192
These will be the gateway IP's for the computers depending on what router LAN they are connected to.

Next, you will need a subnet between the two routers so use 192.168.0.129 with a subnet of 255.255.255.252 on the WRT54G router and use 192.168.0.130 with subnet of 255.255.255.252 for the Belkin router.

I'm assuming the WRT54G router's WAN port will be connected to the modem? You will then connect say LAN1 on the WRT54G to the LAN1 on the Belkin router. LAN2 on each router will be connected to a switch and (one or two)computers connected to a switch.

You will then have to put in static routes to each network on each router. WRT54G will need a static route to the 192.168.0.64 network, and the Belkin will need a static route to the 192.168.0.0 network.

When you are done you will have 61 hosts available for each network 192.168.1.2 - 192.168.1.62 and 192.168.1.66 - 192.168.126 which should be enough.

I don't know if I forgot something or messed something up since I don't play with networking much, but I hope this helps. :) 

Edit: I just realized how old this thread was lol. :p 
February 26, 2009 1:14:42 AM

DarkNet said:
I don't really know what kind of setups those two routers have, but you will probably need three subnets. I'll give an example how they should maybe be setup, but you will have to figure out what to set in the routers.

WRT54G router will need a LAN IP of 192.168.0.1 with a subnet of 255.255.255.192
Belkin MIMO router will need a LAN IP of 192.168.0.65 with a subnet of 255.255.255.192
These will be the gateway IP's for the computers depending on what router LAN they are connected to.

Next, you will need a subnet between the two routers so use 192.168.0.129 with a subnet of 255.255.255.252 on the WRT54G router and use 192.168.0.130 with subnet of 255.255.255.252 for the Belkin router.

I'm assuming the WRT54G router's WAN port will be connected to the modem? You will then connect say LAN1 on the WRT54G to the LAN1 on the Belkin router. LAN2 on each router will be connected to a switch and (one or two)computers connected to a switch.

You will then have to put in static routes to each network on each router. WRT54G will need a static route to the 192.168.0.64 network, and the Belkin will need a static route to the 192.168.0.0 network.

When you are done you will have 61 hosts available for each network 192.168.1.2 - 192.168.1.62 and 192.168.1.66 - 192.168.126 which should be enough.

I don't know if I forgot something or messed something up since I don't play with networking much, but I hope this helps. :) 

Edit: I just realized how old this thread was lol. :p 


Yes it's an old thread but I've just come across it as I sit here having wasted another whole evening trying to get my home network up and running! But I'm thinking that you might have the knowledge to help me, DarkNet!

I have two wired/wireless routers and a cable modem. Router A is connected to the modem through its WAN port and has a PC connected to one of its LAN ports. This router has an IP of 192.168.0.1 and is allocating addresses from 192.168.0.100 - 192.168.0.254 with a subnet mask of 255.255.255.0.

Router B is configured in 'Station' mode. It is allocated a static IP of 192.168.0.254 by Router A. Since the two routers are not physically connected, being at two different ends of the house, this IP address applies to Router B's wireless 'side' (can you tell I don't really understand this yet? :D  ). Router B is configured internally (presumably on its wired 'side') with an IP of 192.168.1.1. It is allocating addresses from 192.168.1.1 - 192.168.1.254 with a subnet maks of 255.255.255.0. Connected to one of the wired LAN ports on Router B is a laptop, configured with a static IP of 192.168.1.101.

Ok, so as I understand it I have two discrete networks with two different subnets, not for any supposed security benefit but because I'm using the internal, wired LAN ports on Router B it seems unavoidable.

The laptop connected by an ethernet cable to Router B gets Internet access and I can ping Router A and the attached PC on the other subnet (192.168.0.0). I can even open shares on the PC from the laptop on the other subnet if I use the IP address rather than the computer name in the address. I can also ping the laptop connected to Router B from the PC connected to Router A if I first add a route on the PC using the 'Route Add' command to configure a route through the wireless 'side' of Router B (i.e. 'Route Add 192.168.1.0 mask 255.255.255.0 192.168.0.254).

That's all well and good but I want to be able to see the devices on one subnet when I open the 'Network' window in Windows Vista on devices in the other subnet. I want to see 'PCNAME' show up in the Network window of 'LAPTOP'. All of this is a precursor to my original goal to connect my XBOX 360 through an ethernet cable to Router B (wish I'd just stumped up the cash for the XBOX 360 Wireless Adapater now, although if I can get this working I'll have 802.11N speeds around the house for streaming HDTV).

So what am I doing wrong? Why will the devices on these two subnets not see each other? I have tried literally everything I can think of. I've spent all of this evening, my third such wasted evening, changing subnet masks on routers and hosts to 255.255.0.0 thinking that this would specify that the devices were all on one big happy network and thus prompting them to communicate properly but this hasn't proved to be the case.

I know this is a horrendously long post but if ANYBODY could help me out with this there's a good chance they could have my daughter's hand in marriage if I ever have kids. And they liked girls. And one of my kids was a girl. Point is, I'd love that person forever!

P.S. There are lots of similar posts online similar to this but none I can see quite like mine where there are essentially two wired networks joined together by a wireless connection.
February 26, 2009 1:16:46 AM

DarkNet said:
I don't really know what kind of setups those two routers have, but you will probably need three subnets. I'll give an example how they should maybe be setup, but you will have to figure out what to set in the routers.

WRT54G router will need a LAN IP of 192.168.0.1 with a subnet of 255.255.255.192
Belkin MIMO router will need a LAN IP of 192.168.0.65 with a subnet of 255.255.255.192
These will be the gateway IP's for the computers depending on what router LAN they are connected to.

Next, you will need a subnet between the two routers so use 192.168.0.129 with a subnet of 255.255.255.252 on the WRT54G router and use 192.168.0.130 with subnet of 255.255.255.252 for the Belkin router.

I'm assuming the WRT54G router's WAN port will be connected to the modem? You will then connect say LAN1 on the WRT54G to the LAN1 on the Belkin router. LAN2 on each router will be connected to a switch and (one or two)computers connected to a switch.

You will then have to put in static routes to each network on each router. WRT54G will need a static route to the 192.168.0.64 network, and the Belkin will need a static route to the 192.168.0.0 network.

When you are done you will have 61 hosts available for each network 192.168.1.2 - 192.168.1.62 and 192.168.1.66 - 192.168.126 which should be enough.

I don't know if I forgot something or messed something up since I don't play with networking much, but I hope this helps. :) 

Edit: I just realized how old this thread was lol. :p 


Yes it's an old thread but I've just come across it as I sit here having wasted another whole evening trying to get my home network up and running! But I'm thinking that you might have the knowledge to help me, DarkNet!

I have two wired/wireless routers and a cable modem. Router A is connected to the modem through its WAN port and has a PC connected to one of its LAN ports. This router has an IP of 192.168.0.1 and is allocating addresses from 192.168.0.100 - 192.168.0.254 with a subnet mask of 255.255.255.0.

Router B is configured in 'Station' mode. It is allocated a static IP of 192.168.0.254 by Router A. Since the two routers are not physically connected, being at two different ends of the house, this IP address applies to Router B's wireless 'side' (can you tell I don't really understand this yet? :D  ). Router B is configured internally (presumably on its wired 'side') with an IP of 192.168.1.1. It is allocating addresses from 192.168.1.1 - 192.168.1.254 with a subnet maks of 255.255.255.0. Connected to one of the wired LAN ports on Router B is a laptop, configured with a static IP of 192.168.1.101.

Ok, so as I understand it I have two discrete networks with two different subnets, not for any supposed security benefit but because I'm using the internal, wired LAN ports on Router B it seems unavoidable.

The laptop connected by an ethernet cable to Router B gets Internet access and I can ping Router A and the attached PC on the other subnet (192.168.0.0). I can even open shares on the PC from the laptop on the other subnet if I use the IP address rather than the computer name in the address. I can also ping the laptop connected to Router B from the PC connected to Router A if I first add a route on the PC using the 'Route Add' command to configure a route through the wireless 'side' of Router B (i.e. 'Route Add 192.168.1.0 mask 255.255.255.0 192.168.0.254).

That's all well and good but I want to be able to see the devices on one subnet when I open the 'Network' window in Windows Vista on devices in the other subnet. I want to see 'PCNAME' show up in the Network window of 'LAPTOP'. All of this is a precursor to my original goal to connect my XBOX 360 through an ethernet cable to Router B (wish I'd just stumped up the cash for the XBOX 360 Wireless Adapater now, although if I can get this working I'll have 802.11N speeds around the house for streaming HDTV).

So what am I doing wrong? Why will the devices on these two subnets not see each other? I have tried literally everything I can think of. I've spent all of this evening, my third such wasted evening, changing subnet masks on routers and hosts to 255.255.0.0 thinking that this would specify that the devices were all on one big happy network and thus prompting them to communicate properly but this hasn't proved to be the case.

I know this is a horrendously long post but if ANYBODY could help me out with this there's a good chance they could have my daughter's hand in marriage if I ever have kids. And they liked girls. And one of my kids was a girl. Point is, I'd love that person forever!

P.S. There are lots of similar posts online similar to this but none I can see quite like mine where there are essentially two wired networks joined together by a wireless connection.
March 1, 2009 7:42:15 PM

I use parprouted in a similar situation when I needed to get Virtualbox host to communicate with guest wirelessly.
Anonymous
November 24, 2009 10:43:22 AM

Well, I would like to re-open this thread again, because I still don't understand quite yet. Here is my situation:
I install automation equipment called Control 4 that is completely network related to control the lighting, heating and cooling, TV equipment, etc. Anyway, We want to setup two seperate routers, one for the home networking and one for the Control 4. We do this so downloading and network activity does not disturb the Control 4 system from working.
Setup: I have the modem into the home router WAN port. Home router is set to 192.168.2.1. I have a link from LAN1 to Control 4 router WAN port. I use the IP 192.168.2.254 for the WAN side of the Control 4 router. This gets internet to both, however, I have an external hard drive on Control 4 network that cannot be accessed from the home network even when searching for the exact IP. I also have an AppleTV on the home network that does not see the music share on the Control 4 hard drive. Still following?? LOL.
How can I make these two networks talk, but still keep there subnets seperate?
November 25, 2009 2:21:08 AM

IP addresses have to be different for each network.

Control 4 router
IP 192.168.2.254 for the WAN side; 192.168.3.1 (or whatever you want) on the LAN side
It should already know how to get to network 192.168.2.0/24 through the WAN port

Home router
I presume ISP assigned IP address on the WAN side, 192.168.2.1 on the LAN side
Add a route to network 192.168.3.0/24 through 192.168.1.254

If my understanding is incorrect, please draw a schematic of your network and post it.

April 11, 2010 7:11:38 AM

phil2415,

I too have 2 wired lans conected by a wifi link.
isp router on one floor. Edimax BR6204WG on the 2nd floor. I have been trying to get a 2nd xbox 360 which wired to the isp router, to see the media files on my server which is on the 2nd floor.
Without luck.
Now what I can tell you from what I have read about xbox 360's and the way they connect you will never manage this if they are on different subnets. As the 360 only looks on it's subnet for sources.
What you need instead of 2 subnets is the 2nd floor (router B) set up as a repeater for router A.
i.e. no DHCP on 2nd router.
The fact that there is almost no documentation for the Edimax BR6204WG relating to repeater mode. And that all solutions that come back from Edimax support will only involve buying more Edimax kit to solve my query. I have been unable to achieve this as yet.
If anyone would like to provide me with the details of setting Edimax BR6204WG to repeater mode I'd be grateful.

Muppet
April 15, 2010 12:29:27 PM

You can set up your 2nd floor router to route your packets to it

IE Setup a static route, so if your first router is 192.168.1.1 then you can setup your second router's gateway to 192.168.1.1 and it will route your traffic to it.
April 16, 2010 5:31:14 PM

I'd go this way.

Setup both routers to assign IPs based on MAC addresses. Change the DHCP subnet to 255.255.0.0.

One router can give out IPs in the 192.168.0.2-254 range and the other *.1.2-254

Subnets are just bit-masks to determine if a client needs to forward the packet to the gateway or if it can talk directly to the destination. In your case, your routers are one two different subnets, which means the clients on each subnet will incorrectly forward their packets to their gateways/routers.

All you need to do is make the subnet include the IPs from the other routers. So instead of 255.255.255.0, you use 255.255.0.0
April 19, 2010 3:26:38 AM

I came across this thread running google searches. It came up a few times with different searches. I don't have a problem with the setting up of the subnets, that much I understand. My question is this. Will the two subnets, though physically connected be absolutely unaware of one another.

Let me explain. I frequently take in systems from family/friends/friends of friends for repair/upgrade (hobby more then anything). Lately I'm seeing alot more virus/malware issues then typical. I've been careful. Making certain when dealing with a system with virus/malware all systems on my network are off or removed from the network before plugging in the infected system in case whatever virus they have is network aware. I haven't had any issues thus far but its a pain to remove multiple systems/media devices while working.

Ideally, I'd like to statically setup subnet A with all my home systems/laptops/network media devices leaving DHCP to handle subnet B for any foreign systems I'm temporarily adding to the network for troubleshooting. Will subnet A be invisible to subnet B containing the trouble system? Or will it still be at risk.

I'm currently thinking that this is the case, that Subnet A will not be protected from Subnet B, but want to confirm before I pursue other options.

Any suggestions on how to achieve this? Both subnets will need to be able to share the internet connection, but nothing else. I currently have three seperate dlink routers attached to the existing network to work with. Only one of which is actively handling DHCP/intenet connectivity, the other two currently have everything disabled and are operating solely as connectivity devices.

Any insight would be appreciated.
April 26, 2010 3:06:55 AM

I also came across this link via Google. I am trying to setup two subnets for a class project. How do I setup the wired lan as subnet 1 and the wireless as subnet 2?

I am using a MI424-WR router. Any advise would be greatly appreciated.

Thanks.

J Lee Watts
Anonymous
April 29, 2010 5:44:36 AM

Flash the firmware on your WRT54GL with DD-WRT!

Then you could implement VLAN's with multiple DHCP Servers(one for each subnet).

Another setting you might consider is SSID client-client isolation and SSID isolation for the wireless. Basically this disables any peer-to-peer between the wireless clients and your network.

Then basically all you need to do is configure your Firewall(iptables) rules.

There is lot's of howto's on the dd-wrt site.

- jleewatts, if you check your hardware in the dd-wrt database you'll see it's supported too!
April 29, 2010 6:52:36 PM

Tson said:
I came across this thread running google searches. It came up a few times with different searches. I don't have a problem with the setting up of the subnets, that much I understand. My question is this. Will the two subnets, though physically connected be absolutely unaware of one another.

Let me explain. I frequently take in systems from family/friends/friends of friends for repair/upgrade (hobby more then anything). Lately I'm seeing alot more virus/malware issues then typical. I've been careful. Making certain when dealing with a system with virus/malware all systems on my network are off or removed from the network before plugging in the infected system in case whatever virus they have is network aware. I haven't had any issues thus far but its a pain to remove multiple systems/media devices while working.

Ideally, I'd like to statically setup subnet A with all my home systems/laptops/network media devices leaving DHCP to handle subnet B for any foreign systems I'm temporarily adding to the network for troubleshooting. Will subnet A be invisible to subnet B containing the trouble system? Or will it still be at risk.

I'm currently thinking that this is the case, that Subnet A will not be protected from Subnet B, but want to confirm before I pursue other options.

Any suggestions on how to achieve this? Both subnets will need to be able to share the internet connection, but nothing else. I currently have three seperate dlink routers attached to the existing network to work with. Only one of which is actively handling DHCP/intenet connectivity, the other two currently have everything disabled and are operating solely as connectivity devices.

Any insight would be appreciated.


It comes down to the true difference between a router and a switch.

A Switch(Layer 2) forwards frames/packets based on MAC addresses. It could care less about the IP addresses.

A Router(Layer 3 aka Layer3 switch) forwards frames/packets based on IP and/or MAC addresses.

Most small consumer grade switches are layer 2. Even if you have multiple subnets on the same switch, the packets are still getting sent to the receiver, but the receiver ignores them.

The devices receiving packets will ONLY talk to it's gateway if the packet is outside of it's subnet AND you don't have a static route setup on your machine. A network device will play dumb and just ignore the packets, even through they're received.

Assuming malware is running with admin privs, it is possible and very easy for that malware to watch ALL traffic coming to the NIC regardless of the subnet. Most programs use standard rules when it comes to network protocols, but malware could easily communicate and *fake* packets to make them look like they're within another machines subnet. Switches do not validate anything and I'm assuming you're not using IPSec to validate secure connections, so this is entirely possible.
Anonymous
July 27, 2010 2:13:35 AM

Quote:
Well, I would like to re-open this thread again, because I still don't understand quite yet. Here is my situation:
I install automation equipment called Control 4 that is completely network related to control the lighting, heating and cooling, TV equipment, etc. Anyway, We want to setup two seperate routers, one for the home networking and one for the Control 4. We do this so downloading and network activity does not disturb the Control 4 system from working.
Setup: I have the modem into the home router WAN port. Home router is set to 192.168.2.1. I have a link from LAN1 to Control 4 router WAN port. I use the IP 192.168.2.254 for the WAN side of the Control 4 router. This gets internet to both, however, I have an external hard drive on Control 4 network that cannot be accessed from the home network even when searching for the exact IP. I also have an AppleTV on the home network that does not see the music share on the Control 4 hard drive. Still following?? LOL.
How can I make these two networks talk, but still keep there subnets seperate?



Your solution is simple - order a cisco wrn4400n router. You can set up to 4 SSID's and designated if they can see each other plus a ton more options for $200 not to mention you get USA support when needed!
September 10, 2010 6:52:58 PM

I have a good one. I am running a cable modem for wan link. I have one fsv11 net gear collecting an address from the service provider. It hands out dhcp. I have a second router wrt54g that i have connected to lan1 port on the fsv11. The point is I want to provide wireless internet access to the rest of the users in the building without them being able to see or ping the computers connected to the fsv11 including the router its self. What is the best configuration. I want to be able to provide connection to the second router without ever having them be able to see the other computers. is subnetting a good way to do this.
March 8, 2011 1:58:49 AM

Assuming cable modem provides DHCP....

Cable modem LAN port to the upload port on a 5 port SWITCH.

One of the LAN ports of the 5 port switch to the WAN port of router #1

Another LAN port from the 5 port switch to the WAN port of router #2.

Set both routers to have their WAN port address assigned automatically.

Set both routers to provide DHCP to their respective LANs

Cable modem is the gateway.

Neither routers LAN can see the other routers LAN.

In regards to wireless... MAC address filtering (allow only...), WPA, and do not broadcast SSID from network you want to keep private.

AND yes I know this thread is old, but like the others I was looking for something similar and found it.
March 24, 2011 8:14:48 PM

Aha!
Adding a switch between the two routers and the modem may be the solution I'm looking for. Here's my scenario:

Coffee shop. Static IP assigned by the ISP. I'd like one set of IPs (192.168.0.*) for the POS and office systems, and another set of IPs (192.168.3.*) for the customers.

I don't want any communication between the two.
March 24, 2011 10:30:08 PM

EricI said:
Aha!
Adding a switch between the two routers and the modem may be the solution I'm looking for. Here's my scenario:

Coffee shop. Static IP assigned by the ISP. I'd like one set of IPs (192.168.0.*) for the POS and office systems, and another set of IPs (192.168.3.*) for the customers.

I don't want any communication between the two.


Won't work, not if your ISP only allows a single public IP. The switch does nothing to prevent each router from trying to obtain the only available public IP for itself. One or the other is always going to be denied.

The following post describes how you could configure two routers, one that remains private, the other that’s public, while both still have Internet access. The public network does not have access to the private network, but the private networks does have access to the public network.

http://www.maximumpc.com/forums/viewtopic.php?f=25&t=10...

It’s also possible to segregate users within a single router if your router supports a guest network (as mentioned in that same thread).

While using two routers as described above does work, the better solution is to use THREE routers in a Y configuration. That’s solves the single public IP problem (something the addition of the switch did NOT solve). Now both the public and private networks are TOTALLY isolated from each other, but share access to the Internet via the third router (the one connected to the ISP via modem).
August 5, 2011 12:30:39 AM

Hey I also found this thread through Google.

Here's my situation / setup. It works great sometimes but crashes and burns at other times. If anybody has suggestions or advice would be much appreciated.

1. Uverse Wifi router/modem (POS but I can't change it) has the DHCP server. Most of the time everything works ok connected and any issues it has I blame AT&T for. (House)

2. iMac connected wirelessly to uverse sharing connection to a Linksys N router. Sometimes works but much of the time I can't get a correct IP address. I would like for this to be a separate DHCP server if possible. (Church)

3. Wireless Linksys bridge connected to the iMac's shared router. This bridge is connected to another router and would just like it to get the DHCP from the Linksys router. This has worked a couple of times but hasn't connected all summer. (School)

This is all for a house, church and school. Right now my biggest issue is getting the second router to do anything after going through the mac. I've just installed Tomato and I have high hopes for it.

Thanks in advance
August 27, 2011 12:05:38 AM

Kewlx25 said:
I'd go this way.

Setup both routers to assign IPs based on MAC addresses. Change the DHCP subnet to 255.255.0.0.

One router can give out IPs in the 192.168.0.2-254 range and the other *.1.2-254

Subnets are just bit-masks to determine if a client needs to forward the packet to the gateway or if it can talk directly to the destination. In your case, your routers are one two different subnets, which means the clients on each subnet will incorrectly forward their packets to their gateways/routers.

All you need to do is make the subnet include the IPs from the other routers. So instead of 255.255.255.0, you use 255.255.0.0


I know this is old, but it is relevent to what im trying to achieve.
My Only goal is to provide a network of communication where i have 255+ ip based devices

My questions here are:
WHERE do you set the subnet to 255.255.0.0? On the routers? On the Machines?
Can I simply configure a router or server to use the following range:
192.168.0.1-192.168.1.255 with a subnet of 255.255.0.0

I dont have the ability to have both routers branch off different ways. Everything on this network has to eventually run through 1 switch as it uses a fiber connection to feed the entire infrastructure with individual switchs at each stop along the connection.
September 15, 2011 11:27:14 AM

router has to have an ipadress in the net for example 192.168.1.254 with this adress you tell him also the subnetmask 255.255.255.0 , the clients have the range in this net from 192.168.1.1 - 192.168.1.253 with gateway: 192.168.1.254 , because 192.168.1.254 is the router, the 192.168.1.0 is the net and 192.168.1.255 is the broadcast adress, so the three are reserved in this setup.
You need to configure the adress and subnet on each device on this network.

Hope this helps
December 12, 2011 7:38:38 PM

EricI said:
Aha!
Adding a switch between the two routers and the modem may be the solution I'm looking for. Here's my scenario:

Coffee shop. Static IP assigned by the ISP. I'd like one set of IPs (192.168.0.*) for the POS and office systems, and another set of IPs (192.168.3.*) for the customers.

I don't want any communication between the two.



Use three routers. The first router (192.168.1.1 with DHCP on) connect to the ISP's modem to the wan port. Then connect router 2 (192.168.2.1 with DHCP on) and router three (192.168.3.1 with DHCP on) to router one using the wan port on router 2 and 3 to the lan ports on router 1. Everyone has internet. Users on router 2 and 3 can't see each other. Hang a printer off router one and you can share with all three routers.

dlc
December 18, 2011 2:28:46 PM

Thanks to everyone for keeping this great post going. It has proved to be invaluable to our company as we provide surveillance cameras to residential homes, and since the cameras are opened up to a lot of people like neighbors, insurance agents, enforcement officials, block watch members, etc, it is important for us to be able to create a subnet even if the resident only had one computer. great thread.... thanks
January 16, 2012 11:06:14 PM

My problem seems to dance around the others just enough I can't get my head around it. The main problem is.. of course.. U-verse and the ATT 2-Wire modem that's the only one that you can use. IT'S problem is you can't disable DHCP.
Currently running all computers (home & small home business) from it on 1 subnet. I'm setting up a Server 2011 off a 2nd router (because server 2011 has to be a DCHP provider and as far as I can tell you can't set it up otherwise, so I need 2 subnets) for the work computer so I can use Exchange among other things. I want to have both subnets see each other so I can transfer files between home computers and the "work" computers if necessary.
The 2-Wire address on the LAN is 192.168.2.254 serving *.2.1 thru 253 and the 2nd router at 192.168.1.1 serving *.1.2 thru 254. Several of the computers are wireless laptops connecting thru the 2-Wire on the home side, which I want to keep (router 2 is not wireless), with the work computers running off the server (DHCP, firewall, etc disabled on that router) but that can not have a static IP because of the way the 2-Wire works (no static IP's thru the DMZ) so has to get it's address via DHCP off the 2-Wire, which renews addresses daily. I'm not sure exactly what to assign to each router and their hosts. Everything has internet connection right now; all I want to do is find out how to make them see each other on the LAN without adding more equipment, or buying another router #2 that's wireless and running everything off that. I'd rather keep them separate using the equipment I have.
This should be easy to do, since ATT sends the same 2-Wire to business customers but I haven't found anything real specific online. The ATT forums address people trying to do the opposite, which seems to be happening anyway since the 2 subnets don't see each other at all. Neither pings the other. Maybe I need special subnet masks? I don't understand that part. The 2-Wire's 255.255.0.0 and the other is 255.255.255.0 currently (Server 2011 won't allow both having the same one). I'm also nut sure what to set the 2 gateways at. I've tried both without good result. I don't want to buy a stack of expensive books from Amazon just to find what I need somewhere amongst them. This is about as far as I want to take networking..... I'm not setting up a corporate empire. Any help from a kind soul appreciated!
Sorry if all this sounds ignorant... it probably is. Uncharted waters...
-- network noob
January 18, 2012 5:58:29 PM

Hello, I am using DD-WRT on my primary router, with both public and private WLAN subnets. Both subnets can access the internet, and neither subnet can access the other, which is how I want it to work. My question is this: Can I add a 2nd DD-WRT enabled wireless router to act as a repeater bridge for BOTH subnets. I want to extend the range of both the private and public WLANS. Anyone try this before?

JMMazza53
January 18, 2012 10:59:49 PM

Horrabin said:
My problem seems to dance around the others just enough I can't get my head around it. The main problem is.. of course.. U-verse and the ATT 2-Wire modem that's the only one that you can use. IT'S problem is you can't disable DHCP.
Currently running all computers (home & small home business) from it on 1 subnet. I'm setting up a Server 2011 off a 2nd router (because server 2011 has to be a DCHP provider and as far as I can tell you can't set it up otherwise, so I need 2 subnets) for the work computer so I can use Exchange among other things. I want to have both subnets see each other so I can transfer files between home computers and the "work" computers if necessary.
The 2-Wire address on the LAN is 192.168.2.254 serving *.2.1 thru 253 and the 2nd router at 192.168.1.1 serving *.1.2 thru 254. Several of the computers are wireless laptops connecting thru the 2-Wire on the home side, which I want to keep (router 2 is not wireless), with the work computers running off the server (DHCP, firewall, etc disabled on that router) but that can not have a static IP because of the way the 2-Wire works (no static IP's thru the DMZ) so has to get it's address via DHCP off the 2-Wire, which renews addresses daily. I'm not sure exactly what to assign to each router and their hosts. Everything has internet connection right now; all I want to do is find out how to make them see each other on the LAN without adding more equipment, or buying another router #2 that's wireless and running everything off that. I'd rather keep them separate using the equipment I have.
This should be easy to do, since ATT sends the same 2-Wire to business customers but I haven't found anything real specific online. The ATT forums address people trying to do the opposite, which seems to be happening anyway since the 2 subnets don't see each other at all. Neither pings the other. Maybe I need special subnet masks? I don't understand that part. The 2-Wire's 255.255.0.0 and the other is 255.255.255.0 currently (Server 2011 won't allow both having the same one). I'm also nut sure what to set the 2 gateways at. I've tried both without good result. I don't want to buy a stack of expensive books from Amazon just to find what I need somewhere amongst them. This is about as far as I want to take networking..... I'm not setting up a corporate empire. Any help from a kind soul appreciated!
Sorry if all this sounds ignorant... it probably is. Uncharted waters...
-- network noob


Hi Horrabin,

I'm not sure I understand perfectly, but I have set-up two separate subnets (192.168.1.2-253 and 192.168.199.2-253) on the same router using dd-wrt software. Both subnets can access the internet through the same modem. Look for instructions on the internet on how to change your ATT modem/router combo into a dumb modem. Once you do that, you will want to get a router that supports dd-wrt firmware using the Broadcom chipset. To the best of my knowledge, the Broadcom based wireless routers can break apart the LAN ports in the switch, so that you could put 2 of the ports on one subnet and the other two on the 2nd subnet, providing you're using dd-wrt software. Until I modified the firewall so that no traffic would travel between the subnets, I was able to ping from one subnet to the other. In my case, the one subnet included all the LAN ports on the router with WLAN, and the other subnet was WLAN only. The Broadcom chipset would allow you to have LAN and WLAN on both subnets. You can then just add network switches to the two subnets on the router to expand your wired LAN's as needed. Info on the specifics of doing this can be found on the dd-wrt website. Did this make any sense to you?
February 2, 2012 11:50:54 PM

Horrabin said:
My problem seems to dance around the others just enough I can't get my head around it. The main problem is.. of course.. U-verse and the ATT 2-Wire modem that's the only one that you can use. IT'S problem is you can't disable DHCP.
Currently running all computers (home & small home business) from it on 1 subnet. I'm setting up a Server 2011 off a 2nd router (because server 2011 has to be a DCHP provider and as far as I can tell you can't set it up otherwise, so I need 2 subnets) for the work computer so I can use Exchange among other things. I want to have both subnets see each other so I can transfer files between home computers and the "work" computers if necessary.
The 2-Wire address on the LAN is 192.168.2.254 serving *.2.1 thru 253 and the 2nd router at 192.168.1.1 serving *.1.2 thru 254. Several of the computers are wireless laptops connecting thru the 2-Wire on the home side, which I want to keep (router 2 is not wireless), with the work computers running off the server (DHCP, firewall, etc disabled on that router) but that can not have a static IP because of the way the 2-Wire works (no static IP's thru the DMZ) so has to get it's address via DHCP off the 2-Wire, which renews addresses daily. I'm not sure exactly what to assign to each router and their hosts. Everything has internet connection right now; all I want to do is find out how to make them see each other on the LAN without adding more equipment, or buying another router #2 that's wireless and running everything off that. I'd rather keep them separate using the equipment I have.
This should be easy to do, since ATT sends the same 2-Wire to business customers but I haven't found anything real specific online. The ATT forums address people trying to do the opposite, which seems to be happening anyway since the 2 subnets don't see each other at all. Neither pings the other. Maybe I need special subnet masks? I don't understand that part. The 2-Wire's 255.255.0.0 and the other is 255.255.255.0 currently (Server 2011 won't allow both having the same one). I'm also nut sure what to set the 2 gateways at. I've tried both without good result. I don't want to buy a stack of expensive books from Amazon just to find what I need somewhere amongst them. This is about as far as I want to take networking..... I'm not setting up a corporate empire. Any help from a kind soul appreciated!
Sorry if all this sounds ignorant... it probably is. Uncharted waters...
-- network noob



I'm assuming you need router #2 to be on the DMZ so there's no way you can give it a static WAN IP. First, DO NOT disable the firewall on router #2 if you're going to put it on the DMZ. Secondly, does it necessarily have to be on the DMZ or can you just pinhole the ports you need accessible from the outside? Will the firewall config allow you to forward ports based on IP address or only hostname (IIRC it's only via hostname). If there's no way to give router #2 a static IP address on the WAN interface then I'm afraid there's no way for it to act as a gateway to 192.168.1.0 for hosts on 192.168.2.0 (or is it 192.168.0.0 -- you sure 255.255.0.0 is the mask for the LAN side on the 2Wire?).

One possibility is to have another router or PC with 2 NICs connected to the LAN ports on both routers so that it can route traffic from the 2Wire LAN to router #2 LAN. You would have to make the third router the default gateway to 2Wire clients or add a static route for 192.168.1.0 using the third router as the gateway.

Another way it could work is if you are able to resolve the 192.168.2.x IP address of router #2 by hostname and then have a job running on all of your clients to update their routing tables for 192.168.2.0 with the new gateway address anytime there is a change. Royal PITA.

At that point it's proabably too messy to consider over just getting a wireless router to replace router #2, especially if you are unable to reconfigure the default gateway address for DHCP on the 2Wire -- then you would have to configure all of your 2Wire clients with static IP addresses.
February 16, 2012 6:31:50 AM

This has been a most interesting thread and I have a similar situation, but cannot get 2 routers to talk to each other.

My situation is that we have a gamers setup at a home and the ADSL router is only has 10/100 ports. We have a second router in a section where we have a LAN Games setup and has (also ADSL router) gigabit lan connections and N wireless. This second router does not have a WAN port, but we do still want to be able to connect to the Internet as many of the games today do require this.

I tried to connect the ADSL router via a long ethernet cable to the "games" router, but everything, including the other side of the network seems to go all haywire.

In order to get the benefit of the faster network speed, we currently just disconnect the ADSL router and connect the "Games" router, however we then lose the Internet.

We do have the hardware and we don't want to spend more money on things, so if it is possible to do this, that would be great.

I am not all that familiar with setting up things like DMZ's and subnets, so any help would be greatly appreciated.

I know this is an old thread, but this is about as close to anything similar I have found to my situation.

Thanks
Hans
February 23, 2012 6:00:47 PM

I have a similar problem I made some graphics to explain what I am trying to do and what I am facing.
I have a DSL modem with 2 routers attached. I can connect to both routers wirelessly. However, Router #1 is the primary router I connect to; it provides a direct connection to the internet and sites I connect to see what my IP address is. I have custom firmware installed in Router #2 and am permanently using OpenVPN in Router #2 which hides my real IP address from sites I visit. I use Router #2 for downloading torrents.
I have network attached storage running Transmission plugged into Router #2

My problem is that I cannot figure out how to map a network drive from my laptop connected to Router #1 to the network attached storage connected to Router #2. I think the solution involves using the static routing feature in my DSL modem, but I don't know what to type. I have typed many different things into the static routing menu but it either fails and is rejected by the router, or otherwise it does not accomplish the intended task. Please help! any ideas?


March 22, 2013 12:33:10 PM

pajamas said:
just help the guy, don't tell him not to do what he wants to do!


Thank you, Pajamas. You said what I was thinking. It bothers me when someone asks how to do something just to have people tell them he shouldn't.

I am in a growing business which has used up most of the 255 IPs available. I want to split out the VoIP traffic (phones), data traffic/KVM traffic and put the ILO addresses on their own subnet. I did a Google search on making a new subnet and wound up here. But, instead of finding an answer, I find people telling the asker to not do what he is trying to do.

Anyway, I hope more people understand what we are saying. It seems that others below have provided some great information. We just had to weed through the garbage answers to get to the good stuff.

June 5, 2013 10:48:27 AM

You need to add a route to tell your PC how to get to the network attached device since it is on another network. You can add it in your router (add a route to 192.168.2.0 with a subnet mask of 255.255.255.0) or you can simply add the route to your pc by doing the following:

Start -> Run -> Type "cmd" and hit enter -> type "route add 192.168.2.0 mask 255.255.255.0 -p" (adding -p will make the route permanent, otherwise you will need to add this route every time you restart your PC)

June 6, 2013 9:39:23 AM

jjw said:
There is no real reason to set up 2 subnets unless you have more than 255 computers.

Do some research into subnet masks, if you want to pursue this further.


not true at all. the reason you would set up two subnets is for security protection. if you want to divide your network and not let the computers from one side see and talk to the computers on the other. if you have a server room and don't want anyone to see or access those computer but also have a side of your network where people can see and talk to one another at their desk.

just because you don't have 255 computers doesn't mean you don't have a reason for subnetting
October 9, 2013 12:32:34 AM

I have multiple devices that I have laying around and am interested in seeing what I can build with them.

I have:
Windows Server 2003 r2
(2) wireless N gigibit routers (NETGEAR WNDR3700 v1(Multiple SSIDs), Asus RT-AC68U)
(1) linksys wrt54g router with ddwrt on it
(2) Netgear 5 port gigibit switches
(1) Trednet 8 port gigibit switch
(2) DLink switches 10/100
(1) 4TB NAS

I want one router (ASUS) to come directly off cable modem(easy) and then one subnet with just a regular network (family, friends), and another (FUN one :-)). I really would like to have a 2nd subnet (run by server 2003 DHCP) with one wifi/wired network that is secure, no way (viruses/malware/...) can access rest of network, and an another wifi/wired network (still run from server 2003(gets DHCP from server 2003)) that can access everything. I dont know if this is all possible but i feel its probable.

I need help visualizing the network diagram and IP/Subnet settings :-)

If there is anything else that is cool and interesting that you can think of that i can do, please let me know

Thanks in advance
October 9, 2013 5:53:50 AM

technowizz101 said:
I have multiple devices that I have laying around and am interested in seeing what I can build with them.

I have:
Windows Server 2003 r2
(2) wireless N gigibit routers (NETGEAR WNDR3700 v1(Multiple SSIDs), Asus RT-AC68U)
(1) linksys wrt54g router with ddwrt on it
(2) Netgear 5 port gigibit switches
(1) Trednet 8 port gigibit switch
(2) DLink switches 10/100
(1) 4TB NAS

I want one router (ASUS) to come directly off cable modem(easy) and then one subnet with just a regular network (family, friends), and another (FUN one :-)). I really would like to have a 2nd subnet (run by server 2003 DHCP) with one wifi/wired network that is secure, no way (viruses/malware/...) can access rest of network, and an another wifi/wired network (still run from server 2003(gets DHCP from server 2003)) that can access everything. I dont know if this is all possible but i feel its probable.

I need help visualizing the network diagram and IP/Subnet settings :-)

If there is anything else that is cool and interesting that you can think of that i can do, please let me know

Thanks in advance


I have asked for a virtualization subforum to help people like this.

First thing, stop thinking of it as physical hardware. We want virtual hardware!

If you setup a server (2008 or 2012) with hyper-V, you can connect both PHYSICAL switches to your "server." That gives you redundancy. Both switches then can directly connect to your router. that's your physical network.

Switches will need static IPs and default gateway info (which would be your router).

On your virtualization server, that's where you can really start creating a bunch of virtual switches (vswitch) and virtual nics (vnics) to expand out your virtual network with subnets, etc.
October 9, 2013 7:59:06 PM

riser said:
technowizz101 said:
I have multiple devices that I have laying around and am interested in seeing what I can build with them.

I have:
Windows Server 2003 r2
(2) wireless N gigibit routers (NETGEAR WNDR3700 v1(Multiple SSIDs), Asus RT-AC68U)
(1) linksys wrt54g router with ddwrt on it
(2) Netgear 5 port gigibit switches
(1) Trednet 8 port gigibit switch
(2) DLink switches 10/100
(1) 4TB NAS

I want one router (ASUS) to come directly off cable modem(easy) and then one subnet with just a regular network (family, friends), and another (FUN one :-)). I really would like to have a 2nd subnet (run by server 2003 DHCP) with one wifi/wired network that is secure, no way (viruses/malware/...) can access rest of network, and an another wifi/wired network (still run from server 2003(gets DHCP from server 2003)) that can access everything. I dont know if this is all possible but i feel its probable.

I need help visualizing the network diagram and IP/Subnet settings :-)

If there is anything else that is cool and interesting that you can think of that i can do, please let me know

Thanks in advance


I have asked for a virtualization subforum to help people like this.

First thing, stop thinking of it as physical hardware. We want virtual hardware!

If you setup a server (2008 or 2012) with hyper-V, you can connect both PHYSICAL switches to your "server." That gives you redundancy. Both switches then can directly connect to your router. that's your physical network.

Switches will need static IPs and default gateway info (which would be your router).

On your virtualization server, that's where you can really start creating a bunch of virtual switches (vswitch) and virtual nics (vnics) to expand out your virtual network with subnets, etc.


I am little confused still. Does WIN server 2003, have virtualization standard, as i am trying not to spend that much money (or any at all :-)) and i do have access to win server 2008/2012, but i believe my current hardware is too outdated (i believe p4 h/t, non x64, i think my board is an Intel entry server board SE7221BA1-E). I know you dont know my exact case, but can you go a little more in depth? This sounds like tons of fun. Can you provide some great sites to help with this, or give me some keywords to search for?

Ohh Boy...let the fun begin :-)

October 12, 2013 11:26:23 AM

TechNet.microsoft.com Just search for Hyper-V 2012

Win2k3 doesn't have virtualization. If you want it, you'll have to go to at least Win2k8, but I would highly recommend Win2k12.

Take this concept:

You have a single server with 2 NICs in it. With Windows, you can Team the NIC (Use both as one essentially). From there, within Hyper-V virtual networking, you can create a virtual switch. From there, your hosted VMs (guests) can each get a virtual NIC (or more). You can put QoS (Quality of service) on the NICs to mandate how much bandwidth they get over your physical network Team. All this is done within Windows, never having to touch a physical network switch. Also, you can vLAN tag traffic that leaves the Windows host out to your network if you had a network port that was trunked for vLans.
There is a ton more on virtual networking alone within Windows, such as cloud hosting and separation of data like Windows Azure. (If you have Win2k12, you can create your own Azure type cloud.).
October 12, 2013 12:44:48 PM

riser said:
TechNet.microsoft.com Just search for Hyper-V 2012

Win2k3 doesn't have virtualization. If you want it, you'll have to go to at least Win2k8, but I would highly recommend Win2k12.

Take this concept:

You have a single server with 2 NICs in it. With Windows, you can Team the NIC (Use both as one essentially). From there, within Hyper-V virtual networking, you can create a virtual switch. From there, your hosted VMs (guests) can each get a virtual NIC (or more). You can put QoS (Quality of service) on the NICs to mandate how much bandwidth they get over your physical network Team. All this is done within Windows, never having to touch a physical network switch. Also, you can vLAN tag traffic that leaves the Windows host out to your network if you had a network port that was trunked for vLans.
There is a ton more on virtual networking alone within Windows, such as cloud hosting and separation of data like Windows Azure. (If you have Win2k12, you can create your own Azure type cloud.).



Hey riser,

Thank you for the reply. That all sounds amazingly interesting. I would love to put server 2012 even 2008 on my box but I think it's too outdated and I can't afford to buy/build a new machine. It's a P4 ht socket 775,with an entry server board which I looked up and it only supports p4 not core2_ as I have a core 2 quad q8200 lying around. Trust me if I had the ability to install a newer version of win server I would in a heartbeat, but I don't think I can. I understand I can't use all the features you listed in win server 2003,but what can I do with the equipment/software I have.


Thanks,
Steve
!