Help with IP addressing, routing, ...

[rado3105]

I can get from PC 2 to main router, but I cant get from PC1 to router2 and AP3. Can you help if it is possible and how to setup it to be it able?
I need it for configration of router2 and APs behind him. Or help me to find any manual about routing, to solve my problem.

 

[JustAGuy51]

Nice diagrams! I suspect NAT problem.

From PC2 to main router:
1) PC2 traffic NAT'ed once at AP Client 2 (wisp NAT). So Router-2 would see PC2 traffic as 10.13.55.424 on its eth2 interface
2) It is NAT'ed again at Router-2 (masquerade). So when it comes out of Router-2, it will be seen as 192.168.10.6. Main Router will see PC2 traffic as Router-2 traffic (src 192.168.10.6)
Can you confirm this is the case on main router by turning on debug?

For PC1 to Router-2/AP-3 problem:
1) From PC1, can you at least get to Router-2 eth1 interface?
== If this is the case, then NAT is the problem. Why do you need NAT'ing in the first place?
== If this is not the case, then the problem lies (obviously) on main router, AP1 or AP2

Other questions:
1) What drawing software you used to have those cool-looking Cisco diagrams?
2) If you don't mind, can you tell me a bit about the purpose of this network?
Thanks!

 

[rado3105]

I used LanFlow to diagram network.
The purpose of network is internet sharing, and me as a administrator, I want to have access from main router to other routers and aps(to check traffic, signal, snmp...). The network is working right, but I can get from PC1 to router2 and devices behind him.
I was thinking to write mannualy gateways, or use dynamic routing, but dont have experiences with that.

 

[JustAGuy51]

The network is working right, but I can get from PC1 to router2 and devices behind him.

I thought you said you CAN'T get to Router-2 from PC1. If you can, what is the new problem?


Instead of running dynamic routing protocol, you can just set up static routes in your 2 routers unless you want to set those up for learning purposes.

 

[rado3105]

Sorry, mistake, I cant get from PC1 to router2 and everything behind him

 

[rado3105]

Sorry, mistake, I cant get from PC1 to router2 and everything behind him. Can you help me with that static routes? I have no idea how to set it.

 

[JustAGuy51]

Sorry, mistake, I cant get from PC1 to router2 and everything behind him. Can you help me with that static routes? I have no idea how to set it.

You have 4 networks.
- 192.168.1.0/24
- 192.168.10.0/24
- 10.13.55.0/24
- 10.17.17.0/24 (this net won't be seen by the rest becoz it is NAT'ed by AP-Client2, more later)

In setting up static routes, command syntax depends on specific router model. You don't need static
routes for directly connected networks.

In Main Router:
- set up 1 static route so that if it receives packets with destination IP 10.13.55.x, forward that
to Router2, specifically Router2 eth1 IP

In Router2:
- set up 1 static route so that it will forward 192.168.1.x packets to Main Router. One thing unclear to me: what is masquerade doing at the Router2? To me masquerade means NAT. You don't need NAT here.

Concerning your 10.17.17.0/24 net:
- nodes in that net can talk to any other nodes in the rest of networks including Internet BUT
- nodes in other networks won't be able to talk to 10.17.17.x nodes due to NAT'ing at the AP-Client2 (unless you can configure to port-forward SPECIFIC ports or VPN tunnel is involved between nodes)
- I can say if you take out NAT at AP-Client2 (which also means eliminating 10.17.17.0/24 network), then your problem will disappear.

Configuring Default Gateways on nodes:
- nodes in 192.168.1.0/24 and 192.168.10.0/24 should have Router 1 respective IPs as default gateways
- nodes in 10.13.55.0/24 should have Router 2 10.13.55.1 as default gw. I assume 10.17.17.0/24 net no longer exist here.
- you also need to enable (or unblock in case of firewall) icmp-redirects at the Main Router's eth1 interface. You might find that it may be enabled automatically by default

 

[JustAGuy51]

One clarification:
What I meant by "eliminating 10.17.17.0/24" is to restructure your IP addressing so that those nodes, 10.17.17.x, will now receive 10.13.55.x addresses.

If you still want to keep that scheme, you can place an additional router behind AP-Client2 and more static routes.

 

[rado3105]

Thank you very much, your explanation helped me to understand routing basics.
I have another question:
In that diagram 2 routers are connected over wirelless bridge. I want to ask if it is better to let it like it is or is better to give every wirelless interface different subnet and route it?

 

[rado3105]

2 routers(router 1 and router2), or can you help best way of ip addressing? I heard that there is better not to use bridge at all and everything to route.
I have no idea how is routing computer hungry compared to bridge?

 

[JustAGuy51]

No problem. Glad to help!!! I got something out of it too.

Quoting "if it is better to let it like it is or is better to give every wirelless interface different subnet and route it? ",

In your case, it doesn't make sense. The purpose of wireless bridges in your network is to connect physically different LAN segment wirelessly. For i.e, if AP1 wlan1 and AP2 wlan1 becomes dedicated network, they will act more like access points, which defeats the purpose just described. And how would the routing works in that case?

Bridges and routers both reduce collision domains: routers at layer 3 and bridges at layer 2. Routers more efficient. If you add a lot more nodes and collisions become a problem, consider VLANs and VLAN-aware wireless bridges.

 

[JustAGuy51]

Wait, scratch the last line I said "If you add a lot more nodes and collisions become a problem, consider VLANs and VLAN-aware wireless bridges."

I said it w/o deep thinking. If you are adding VLANs, you are better to allocate one subnet for each VLAN.

 

[rado3105]

So if I understand you are telling that there is better to bridge APs than route. And you are right AP1 will be access point where will be connected more client devices, but only one will be of them will be main - the traffic going through will go to other router(router2). I will make tomorow better scheme and send it here.


I am using mikrotik routerboards or alix devices. That devices have mini-pci card - for wirelles and ethernet ports, can act as router or bridge(you can install there linux, mikrotik routeros...). Till now I have been using bridged network, but want to do everything routed, that scheme was just a part of my network(I will post here more detailed scheme). Please dont you know any links to some pages about routing, network topology, subnetting. I have problem with this. And I want to route it best way it is possible. Also want to route, because later I want to use dynamic routing - OSPF.

 

[JustAGuy51]

So if I understand you are telling that there is better to bridge APs than route. And you are right AP1 will be access point where will be connected more client devices, but only one will be of them will be main - the traffic going through will go to other router(router2). I will make tomorow better scheme and send it here.

Originally, I was saying that coz I was making assumption for AP with limited functionality. Since you are using Linux, (I think) you can do routing and serving clients at the same time. That AP also needs to forward packets from other networks too.

I am using mikrotik routerboards or alix devices. That devices have mini-pci card - for wirelles and ethernet ports, can act as router or bridge(you can install there linux, mikrotik routeros...). Till now I have been using bridged network, but want to do everything routed, that scheme was just a part of my network(I will post here more detailed scheme). Please dont you know any links to some pages about routing, network topology, subnetting. I have problem with this. And I want to route it best way it is possible. Also want to route, because later I want to use dynamic routing - OSPF.

Subnetting:
- http://www.3com.com/other/pdfs/infra/corpinfo/en_US/501302.pdf
- Wanna subnet/VLSM in your head? Read the chapter on subnetting in Todd Lemmle's ICND-1 exam book

Static Routing:
- static routes are trivial, not much more than what you already know

Dynamic Routing:
- Actual commands to issue are not much, concepts/troubleshooting are much involved
- if you want to do production router, I prefer to use Cisco. I've set up Quagga OSPF router (for simple network) before and they do work with Cisco but some functionalities found in Cisco are missing and Quagga has history of bugs
- I don't know good links

Network Topology:
- wireless topology? CWNA study guide - I find it quite useful though I was just flipping a couple of pages
http://www.amazon.com/CWNA-Certified-Wireless-Network-Administrator/dp/0471789526/ref=pd_bbs_sr_3?ie=UTF8&s=books&qid=1239743610&sr=8-3
- Try CCDA/CCDP books. I haven't