AVS Forum banner
Status
Not open for further replies.
1 - 17 of 17 Posts

·
Registered
Joined
·
483 Posts
Discussion Starter · #1 ·
I would like to install two 10/100MB ethernet routers in my home network. I have a D-Link DI-604 wired router (could be any generic home-type 4-6 port router) installed now and it is working fine. It presently interfaces to a Motorola Surfboard on the WAN side for internet access, and the house devices are on the LAN ports.


I want to add a wireless access point IN ADDITION to the wired router, to facilitate placement of the Wi-Fi antenna in a strategic location away from the structured wiring cabinet (and to provide a couple more wired ethernet ports in that location as well.) I have purchased a D-Link DI-524 (again, could probably be any generic home Wi-Fi type router) and propose to put it downstream of the wired router, using one of the wired routers LAN ports as an uplink to the wireless router.


Anyone else done this, and have any suggestions on how this might work out?


Here are some of the questions that come to mind not directly addressed in the D-Link manuals:


-The wired router is set for DCHP, and it is now properly assigning IP addresses to the connected devices, and negotiating IP with the Cable modem. Should the wireless router also be set for DCHP? Will the wired router assign an IP address to the wireless one downstream? And then will it in turn assign IP addresses to both wireless and wired clients? Or should i try to set up a fixed IP address for the connection between the two routers (but DHCP toward clients)?


-Neither the wired or wireless router has a dedicated "uplink" port, however the manual for both routers imply that all ports are auto-sensing. It that is true then a router-to-router link between LAN ports should work, no? But should the cable bridging the two routers be straight through or crossover?


-Would there be any advantage in reversing the roles, i.e. make the wireless router the primary WAN interface, and let the wired one be the downstream router? Both the D-Link units appear to have the same level of firewall and filtering capability, so that isn't an issue. My physical layout lends itself better to making the wired router the WAN interface, but there is enough 5e between the two locations to go out and back if needed to make the wireless router primary.


I know the IT guys do this kind of thing all the time in very large networks with dozens or hundreds of cascaded routers and switches, but it's not clear to me if the simpler home type gear lends itself to this. And no, my budget doesn't allow me the luxury of getting Cisco or other "professional" routers and wireless access points right now!


Thanks in advance for your ideas,


Mike
 

·
Premium Member
Joined
·
7,093 Posts
I use a wired 4 port router, a wireless access point and an additional 5 port switch uplinked from the router to do all that. You just need one router to connect to the broadband modem, as many switches as you need for additional and properly placed ports, and an access point to handle wireless. The switches have uplink ports.
 

·
Registered
Joined
·
660 Posts
Quote:
Originally Posted by Satori84
Anyone else done this, and have any suggestions on how this might work out?

Mike
When I add one more computer I will have to struggle with this.

I had bookmarked this site for future review.


Another resource: http://support.dlink.com/supportfaq/

Select your cable router number and click go then:

Click on the + box next to Advanced Features and then click on Connect router to router


Let us know how you work this out.
 

·
Registered
Joined
·
483 Posts
Discussion Starter · #4 ·
Thanks semigolfer and greywolf. That is exactly the kind of information I needed to move ahead with the added router.


Mike
 

·
Registered
Joined
·
40 Posts
The best way I've found for situations like this is to ignore the WAN port on the downstream router altogether..


Hook it up to a computer and go into the config, assign it a static address in your existing IP range, disable DHCP server, plug lan port on downstream router to lan port on upstream router (unless one of them has auto MDI/MDI-X you'll need a crossover cable for this). In 99% of home routers the wireless interface is bridged to the lan ports on the back of the router, by plugging the crossover between the lan sides you've just created a switch+access point out of the downstream 'router'. The downstream won't be routing anything since it's DHCP server is turned off- so it won't be setting itself as anyone's default gateway.


If you set up things like this make sure you've definitely turned off the DHCP server in the downstream, 2 DHCP servers in the same network is not something you want to have :)
 

·
Premium Member
Joined
·
7,093 Posts
I still don't get the purpose of using a second router. It just adds uneeded complexity and hardware expense. Also, a static IP may be an extra cost item with some providers.
 

·
Registered
Joined
·
40 Posts
it wouldn't be a static ip with the provider, it would be one within the internal network



[teh internets] (external ip) current router (internal ip, eg 192.168.1.1) local private ip network (probably 192.168.1.0/24 or similar) (lan side of new router eg 192.168.1.200) new router w/ wifi


by changing the internal address to something static on your own internal network and leaving the WAN unplugged on the second new router, you get a switch and an access point out of it without introducing the complexities of double-nat'ing that you'd have if you plugged the wan side of it into the lan side of the existing.
 

·
Registered
Joined
·
297 Posts
I'll vouch for ragzilla's approach. My home net is set up just that way. The benefit of using a second router vs an access point is that you get a free switch out of the deal and currently you can find wireless routers for less than an access point+separate switch. As said, if you just don't plug anything into the WAN port and turn off DHCP on the second router, all works great.
 

·
Premium Member
Joined
·
7,093 Posts
I guess router prices are a lot closer to access point prices now than they were when I set up my system.
 

·
Registered
Joined
·
146 Posts
I was looking for a wireless access point when I bought my Netgear wireless router. It was actually cheaper to get the router than a comparable speed WAP. I've got it configured as described above and it works fantastic...
 

·
Registered
Joined
·
331 Posts
I have done pretty much the same thing only I made sure the wireless network was on a different subnet than the wired network. I'm picky like that.
 

·
Registered
Joined
·
42 Posts
Ragzilla's approach should work fine.


What needs to be understood is that the common hardware in all of these components is switched ports. The router is just software performing that function. So, if you connect LAN ports on one device to LAN ports on another device you are essentially just creating a larger LAN. Turn off DHCP on one of the devices. A PC's (or any device) request for a DHCP IP address is a broadcast. So, when the request is received by the switch it is plugged into, that switch will re-broadcast the message to the other switch as well. Then the closest/fastest DHCP server will respond.


Unless the LAN ports are auto-MDIX or auto-crossover a crossover cable would be necessary to make the two LAN ports communicate.


This setup should work just fine. Now the downfall to this setup is that you have just integrated a wireless, and potentially large security hole, into your home LAN. If you live in the country it's probably not an issue. However, it's not difficult to break into these wireless networks. From there it's not hard to get to your other machines. Where I imagine one could find financial data, password, maybe codes to garage doors or safes, etc... That's where the DMZ ports or router capabilities come in nice. You can segment the wireless users off so they are protected by your router still but not sitting on your LAN with free reign.


"And no, my budget doesn't allow me the luxury of getting Cisco or other "professional" routers and wireless access points right now!"


Unless you know what you're doing with them it would be a waste of money. I think the only thing that would benefit most home users is the built-in security capabilities. You'd have to be pretty familiar with TCP/IP and networking to implement them though.


Garrett Whitney

Network Engineer for a med. size business

Cisco Certified
 

·
Registered
Joined
·
483 Posts
Discussion Starter · #14 ·
Quote:
Originally Posted by gw6
Now the downfall to this setup is that you have just integrated a wireless, and potentially large security hole, into your home LAN. If you live in the country it's probably not an issue. However, it's not difficult to break into these wireless networks.
Is a wireless router cascaded downstream of a wired one any more of a security hole than just the wireless AP with internal router alone? I would think in either case if the wireless AP has its security configured correctly, i.e. no default settings, login required, etc., the risk is the same.


OBTW, in my case the reason I want the AP as part of a second router is that the primary wired router (D-Link DI-604) lives inside a closed metal box, my structured wiring cabinet, which is a terrible place for an RF-based device. I plan to put the wireless router (D-Link DI-524) in the home theater area, on top of or just behind the furniture, which is an open, central location in the house. And I'll also get 4 more wired ethernet ports for "free" for local devices in the entertainment unit, such as the good old Rio Sonic Blue media player, the future HTPC, or whatever newer client-type devices may need to live there.


Thanks all for your excellent links and advice; good thread. Hope to get to actual installation next weekend.


Mike
 

·
Registered
Joined
·
4 Posts

Satori84 said:
Is a wireless router cascaded downstream of a wired one any more of a security hole than just the wireless AP with internal router alone? I would think in either case if the wireless AP has its security configured correctly, i.e. no default settings, login required, etc., the risk is the same.


I believe the risk would be the same in both cases.


Although a wireless LAN is certainly a potential security risk, there is plenty one can do to minimize it. You can't really stop someone who knows what he is doing and is determined, but you can prevent accidental/intentional intrusions.


Cfar305
 

·
Registered
Joined
·
42 Posts
The risk is the same. Either way the wireless users will connect to the same LAN as each other and your wired computers/systems/devices. I can totally understand why you are designing things the way you are. Metal (and many other materials) is not good for 802.11 wireless signals. Not to mention if you are doing any high bandwidth media or phone through your network you probably want a wired solutions for those systems. Wireless can only support one or two of those types of systems and maintain acceptable performance.


Network security is all about minimizing risk. You assess what your acceptable risks are and apply the proper security to reach that level. So, you can do anything from the basics to Fort Knox. Here's another Tom's article on "Securing your WLAN":

http://www.tomsnetworking.com/Sections-article124.php


(If you're not familiar with Tom's it has a ton of info)


Make sure you at least perform the basics. Encryption, change the SSID, etc... If you don't have a lot of friends coming over and use the same systems all the time then hard coding your MAC addresses is a lot more than most people do in the world. Basically, just take a little time to make it a bit harder for someone to get in. Unless the potential hacker is looking for a challenge or has a vendetta against you there are many other much easier targets out there. At least in the Seattle area based on what I have seen.


...and patch your Windows systems regularly.
 

·
Registered
Joined
·
1,611 Posts
If you really want to have fun.....


Use 2 wireless routers in-line with each other. The first router is the one that connects to the Internet directly, performs DHCP services and port forwarding. Connected to this first router are any external machines (think web/ftp server) and any wireless "guests" that come over (wireless is only turned on while they're here).


The second router is then connected from the WAN port to the first router's LAN port. That's right...this second router is also performing firewall functions, as well as DHCP. All of my internal machines, including wireless devices, connect here. Wireless is protected with WAP, a different SSID, broadcasting turned off, and MAC filtering.


The benefit to me is that I can allow wireless access to anyone and host external services with no worries. If any of those machines are compromised, there is still a second firewall (that doesn't respond to pings) protecting my "sensitive" machines. An attacker would never know about them.
 
1 - 17 of 17 Posts
Status
Not open for further replies.
Top