Two connections 1 router confusion, router recommednation of cisco fix

[moe_w]

Dear All,

I have been having a problem for over a couple of years now, we have 2 DSL connections connected directly to a Cisco 2811 router.

The problem is, we are unable to make quick changes (NATing /Port forwarding/ etc) to it because we are not knowledgeable in setting it up via it's command line, and whenever we bring in some technicians, they somehow manage to screw up the whole network.

The way it currently works (although its not working perfectly yet)

DSL Line 1 (this serves as the DHCP server for day to day PC use around the house )
DSL Line 2 (this is only static ip's for camera's and other fixed devices)

Each DSL line gives us 5 static ip's each, some of them are given to dedicated fixed devices


Problem.
We would like to have the whole network be on one subnet so all the devices can talk to each other

Not sure if there is some easy setup guides or tweaking guides for the CISCO router as the ones I found really sound like there talking in another language.

Or, if anybody can suggest a router that is easier to set up that can handle the above scenario.

Thank you

 

[eibgrad]

Hmm, that's a pretty sophisticated router. If you need to manage your own, and find it beyond your capabilities, then why not use something simpler, esp. if (at least based on your description) your needs are relatively basic.

Almost any multi-WAN router can be configured so the WANs are only used for load balancing and/or failover (i.e., should one fail, the other kicks in to carry the load, transparently). From the perspective of the LAN users, they're all on ONE local network and have no knowledge which of the WANs is servicing their requests at any given time (perhaps BOTH).

Obviously there could be a lot more going on here than I can possibly discern from a single post, but based on the limited information you've provided, it seems that you've unnecessarily created a complex configuration, and now find it hard to maintain. So the first thing I’d like to know is the rationale (just in plain English) for using separate networks (VLANs?) in the first place? It’s just hard to imagine a situation where a home user ever *needs* multiple local networks. It just becomes a mess when you need to share resources (as you’re discovering).

 

[moe_w]

Thank you for your response.

Plainly, DSL line 1, services static dedicated equipment (such as, home automation controllers, security cameras, finger print scanner, some printers, NAS, VOIP and so on) Some of these devices have their own static WAN ip’s from DSL line 1, I did not want to distribute the IP’s to some of these devices, but couldn’t get the NATing to work properly, it works sometimes.

Like if I were to access my NAS, I would have to give the NAS its own static WAN IP, some devices work whereas the device gets 192.168.20.100 -> (NAT) -> 123.123.123.123 (WAN IP) port 12345 so if I wanted to access that device, I would just type in the WAN IP and the port and it will automatically be routed to that device that has the port 12345 forwarded on the router.

DSL line 2, services all PC’s and sometimes heavy downloading messes up the network, which is why home users only use DSL line 2 as to not interfere with DSL line 1 bandwidth.

Both DSL lines are from the different providers. I would also like to set up a LAN so I can securely access my network from abroad.

I know the CISCO 2811 can do all this, but it’s not a sensible option because I do not have the capabilities to configure it, if something goes wrong my hands would be tied.

 

[moe_w]

bump.

 

[eibgrad]

Based on you what you’ve described as your desires, and contrasted w/ your current configuration, it seems to me your whole approach is misguided.

As soon as you introduce two separate ISP connections, you have, by definition, created independent, disparate networks. Not unless you use a multi-WAN router and those two connections for load balancing, failover, etc. At least in that case, you *do* maintain a single network, while gaining many of the benefits you seek. But you don’t quite have the level of control you describe. You typically don’t assign individual devices to a specific WAN. But that’s precisely what creates all the hassles and complications! You want total control + simplicity. Things don’t usually work that way. You usually have to sacrifice one to get the other.

So first thing *I* would do is dump this whole notion of segregating devices per WAN. I just can’t see why that’s necessary for a home user. Heck, I’m a software developer/engineer by trade, with more equipment here than you can imagine, and even *I* have a lowly, wireless G router, a single ISP and WAN, and one network (192.168.1.x). Somehow over many decades I’ve never found the need for more. You’re not a business, right? You don’t need to segregate for security reasons, right? By using only one ISP, or at worst, two ISPs and a multi-WAN router, your life will improve dramatically. Esp. if all you’re seeking is more bandwidth for your network as a whole.

But if you insist on the current approach, it’s endless problems (that’s why businesses are forced to hire Network Admins ($$$)). As I said, by definition, all your devices will be part of different networks. And now you have to find numerous mechanisms to make them accessible from each other for this or that reason. Now you’re into manipulating the firewall, learning IPTABLES commands, setting up and managing VPNs, VLANs, yada, yada. Yeah, it can be done, but is this really where you want to be? Do you have the expertise, or the will to learn it? Again, no one could make a better case for such complexity than me, and while I have to deal w/ some complexity from time to time, I avoid it as much as possible. Simplify, simplify, simplify! Only add complexity when you absolutely, positively have no other choice.

I might have a different response if this was just a case of someone who appears to be both willing and capable of dealing w/ the complexity, but I get the distinct impression this isn’t the case. Instead, you’ve turned down the wrong road, and now feel committed to that path no matter what, rather than backing up and choosing the other fork in the road. Nothing you’d described so far convinces me you’re on the right path, quite the contrary.

Convince me otherwise.

 

[moe_w]

You are correct in many of the points you have mentioned. I too agree that this is a misguided approach and we should be fine with only one ISP. The only reason why some devices have their own WAN static ip is because the port forwarding would not play nice with certain devices.

There is also the problem where our area has limited bandwidth which is why 2 ISP's was an non-negotiable option. One connection max's out at 450 kb/s and the other at 350 kb/s (this is a physical limitation and nothing short of changing were we live can fix that) we have 12 people in the house hold, our activities are impossible to run smoothly on 1 ISP.

Each ISP handed out 4-6 static IP's each as part of the service, those same devices are however located on the same subnet (the ones within the same ISP).

I would like to simplify matters as much as possible, and it is not that I am unwilling to learn, I just know my limitations when it comes to this level of networking. Even though I do come from a fairly technical background, reading that manual was like reading a new language.

If you can steer me in the correct simplified approach, I would look into it and change the current strategy accordingly. I would not mind getting a network admin to get things started, but I would need to be on the right track, where things can work in a more straight forward manner where network devices cooperate more and can talk to each other.

Thank you for taking the time to respond.

 

[eibgrad]

Well now that we have some numbers, I can at least see why you would need multiple ISPs. Those are rather abysmal download speeds (and I suspect the upload side is no better). I'm not even impressed w/ the aggregated results.

Let’s talk about the static IPs. Having multiple static IPs is nice, but it’s hardly necessary, and in fact complicates management of the network in some respects. Obviously you need one for each WAN. But if you’re NATing all the devices behind the router, and then forwarding these static IPs to their respective devices and local IPs, I don’t see all that much benefit from them. The best case for using static IPs would be, for example, if you had two XBOX’es, and each needed to use the same port forwards on your router. That would introduce a conflict since you can only port forward to one internal/local IP address per static IP, and you can’t change the ports used by the XBOX. By adding another static IP, you get around that problem. Now each XBOX can be port forwarded independently.

So unless you have a situation like the XBOX, I recommend you ignore the fact you have multiple static IPs and simply work w/ the one static IP for each WAN, at least for now. Remember, the goal here is to start w/ the simplest configuration, and only add complexity when it’s absolutely necessary.

And let’s configure the router as ONE logical network (e.g., 192.168.1.x) and use the multiple WANs for load balancing and failover protection. I understand, it may not work exactly as you like, esp. w/ those lowly download speeds, but try it. Start simple, examine the results, and add complexity later as needed.

Do NOT configure any devices on the local network manually! That’s a maintenance headache. The ONLY time you should be doing that is when it’s an infrastructure device (secondary router, repeater, bridge, etc.). In all other cases, your devices should be using DHCP. If those devices need a *local* static IP (e.g., 192.168.1.100), use the router to associate its MAC address w/ that IP. And never use static IP assignments for any device that you have no intention of accessing directly. Always use the DHCP pool for those devices (e.g., iPad, iPhone, internet radio, VOIP adapter), anything where it serves no useful purpose to knows its IP address.

At this point you have a single local network, so all your sharing problems have disappeared. And all your devices are using DHCP, so there’s no need to manage individual devices. All your port forwarding is based on the two static IPs used by the WANs, and you only need to port forward those to the one local network.

Whether you want to somehow logically split up which WAN is used for remote access for various remote clients is up to you. But at least you do have some control how the bandwidth is allocated inbounds, if much less so outbounds. And your router will automatically keep track of which WAN to use for sending responses to those inbound clients.

That’s where I would start. Get that configured and then solve specific problems as they arise.

Since it's obvious this will become an issue, let's discuss it. One way to manage your limited bandwidth is w/ QoS (Quality of Service) controls. IOW, rather than use a coarse-grained approach where you attempt to dedicate this or that device to one or the other ISP, use the much finer grained controls of QoS to manipulate the *protocols*, *ip addresses*, *mac addresses*, etc., over the one logical network. So, for example, if Junior is creating havoc w/ the VOIP adapter due to all his downloading during the evening, rather than trying to keep him and the VOIP adapter on different ISPs, use the QoS feature to give the VOIP adapter higher priority! Don’t worry about which ISP is used. You have a sophisticated router, let it do the work for you. You’re just telling it what you want as an outcome (x is more important than y), let *it* figure out how to make it happen! If the router is sophisticated enough, you can probably control/change these settings according to the time of day, day of the week, etc.

That’s how you exploit this equipment. Let it do the work so you don’t have to. But that’s only going to happen if you configure it properly. As soon as you start trying to “man handle” the whole thing and over-think the solution, that’s when it starts to fall apart.

Now again, that doesn’t mean you won’t discover problems, weaknesses, things that need adjustments. But it’s a lot easier to move from the simpler to the complex, than the other way around. Address those issues as they arise.

P.S. Notice too, by using my approach, you've increased the reliability of the network. If one of the ISP connections is lost, your router will failover to the other ISP. Your network devices will be none the wiser, although you will obviously lose some bandwidth. Using your approach, if one of the ISP connections is lost, you lose that entire portion of the network!