Questions

Network gurus, can you help segment LAN using router?

+
0 Votes
Locked

Network gurus, can you help segment LAN using router?

kratasek
Folks, after many years abroad I came home and this is what I see. An antenna on the roof, ethernet cable from the antenna to a RJ-45 coupling, plugged into an electrical outlet, ethernet cable from the coupling to a 8-port switch. I'm guessing I have a microwave connection to my ISP, the "powered" coupling is a home made PoE injector powering the antenna and the whole setup is part of my ISP's local network. Like my house was just another room in their building. All of my equipment is getting IP 192.168.1.xxx after plugging into the switch. I have a lot of personal stuff on my network, several NAS device and so on and I assume the ISP can easily see all of it..
I want to completely separate my home network from my ISP's and add wireless. I have a Linksys WRT610N router. Can this be done? Can someone please advise me as to how?
  • +
    1 Votes
    OH Smeg

    Plug in the Ethernet Cable from the 8 Port Switch to the Uplink Port of the Router and then with a Ethernet Cable setup the Router and if you want/need to have the Wired and Wireless LAN's communicate with each other bridge them in the Routers Setup.

    Then from the Wired LAN Connections on the back of the router run a Ethernet Cable to the 8 Port Switch. That will isolate the Internal LAN from the Public side of the LAN.

    Col

    +
    0 Votes
    markp24

    Hi,

    you may want to also ensure you have a firewall enabled on your PC, (i tend to like Zone alarm)

    +
    1 Votes
    TekyWanabe

    Having worked with microwave radios in the past to provide last-mile Internet access solutions, then it's not unlikely that the 'RJ-45 coupling' is itself connected to another configurable device with at least 2 IP addresses....one facing the ISP and the other to serve as the gateway for your network. If you do a tracert to an external website or IP address, you may be able to see what the IP address facing your ISP is.
    I guess we could say that every subscriber to a broadband provider or ISP is actually just 'another room' in the provider's office in a manner of speaking... :-)

    +
    0 Votes
    kratasek

    Thanks much everybody, appreciate your advice..
    What would happen if I took out the switch and plugged that ethernet cable into the WAN port of the router? How does the router's firewall work in this mess? Is the ISP gonna know that I put the router on the network? I obviously don't want to create any problems for them.. And lastly, does RIP have to be enabled on the router?
    I know, you probably say that I'm overthinking this but I was never faced with this situation before, I'm sure some of you were..
    thanks again..
    Mike

    +
    0 Votes
    Spitfire_Sysop

    1. yes, do that.
    2. Yes the router firewall will work. It filters trafic between the dish and your switch in the prescribed setup.
    3. They certainly could. The only way to fool them is to spoof the MAC address of the device that they are expecting to see on the other end.
    4. Directly connected networks come first in the routing table with no routing protocol required. (RIP = NO)

    +
    1 Votes
    Alpha_Dog

    First, plug your ISP's connection, the one going to the PoE devise at the wall plug into your router's WAN port, which in your case is labelled Internet. Plug the rest of the devices into the LAN side of the house; the rest of the ports.

    Optional, but a good way to keep surprises to the minimum, set your router configuration to the default (soft reset).

    Next change your internal IP address to something other than the 192.168.1.x it gets from the ISP device. 192.168.0.x is fine. Set the router's IP at 192.168.0.1 and make sure DHCP is turned on with a sufficient pool of addresses for your devices.

    Lastly, change the administration password to the router as well as the wireless settings to reflect the desired security.

    Congratulations you are done.

    +
    0 Votes
    TekyWanabe

    Better still, he could turn off DHCP, use a 10.0.0.x subnet for his own LAN and assign static IP addresses depending on the number of devices he's got and whether there'll be a lot of traffic (I mean devices joining and leaving the network...which I doubt based on the setup he's described)

    +
    1 Votes
    oldbaritone

    Your router will get a 192.168.1.x address on the WAN side.

    I ended up setting my internal network to the 172.16-31.0.0 (172.16/12 prefix - I use 172.22.33.x) so there is no confusion about which addresses came straight from the ISP and which are on the internal subnet. If you're going to stick with the 192.168.x.x subnet, pick a recognizable number as your own, like 192.168.150.x or 192.168.250.x - something that is not generally used by ISPs or unconfigured consumer routers, like 0, 1, 2, or 100.

    +
    0 Votes
    kratasek

    Spitfire_Sysop, Alpha_Dog, TekyWanabe and lastly oldbaritone, all of you guys deserve a big cheers for taking the time answering my question. I'm gonna set the whole deal up tomorrow and will definitely post results here..
    thanks again everybody

    +
    0 Votes
    theNetNanny

    very curious about the issues brought up in this setup, how did it turn out?

    +
    1 Votes
    will_smith

    IMO, its weak that your wireless internet provider is NATing a private address to you. These steps above are great. I have worked for a wireless internet provider, and i would be embarrassed to host a service where i could not promise each customer their own unique public address. IF one person within that WISP company gets black-listed and blocks the ip address, everyone behind this provider will no longer have access to the internet. I would suggest your contact your provider and make them give you a public ip address.

    +
    0 Votes
    kratasek

    It's been forever and I forgot to tell you guys the resolution to this. Everybody involved, thank you one last time for all the good replies. So this is what I did:
    I ended up talking to my ISP about what I wanna do anyway, just to make sure there's no surprises. I was told, that there is an actual router inside the antenna with a DHCP server, hence the 192.168.1.x addresses I was getting. He told me just like some of you did to take the switch out and plug the ethernet cable feeding it to a WAN port of my router and change the router IP to a 192.168.100.1 so there's no conflicts. Everything else stays the same, just like I had it when I was on cable in the US.

    will_smith - that's a legit concern, do you think that with the fact, thant there's a router inside the antenna itself, I actually have my own public address? I checked the iplookup on flashfxp.com and got 217.66.183.xx So it looks fine, right?


    Everybody, thanks once more, it's good to be part of a community that helps you..

  • +
    1 Votes
    OH Smeg

    Plug in the Ethernet Cable from the 8 Port Switch to the Uplink Port of the Router and then with a Ethernet Cable setup the Router and if you want/need to have the Wired and Wireless LAN's communicate with each other bridge them in the Routers Setup.

    Then from the Wired LAN Connections on the back of the router run a Ethernet Cable to the 8 Port Switch. That will isolate the Internal LAN from the Public side of the LAN.

    Col

    +
    0 Votes
    markp24

    Hi,

    you may want to also ensure you have a firewall enabled on your PC, (i tend to like Zone alarm)

    +
    1 Votes
    TekyWanabe

    Having worked with microwave radios in the past to provide last-mile Internet access solutions, then it's not unlikely that the 'RJ-45 coupling' is itself connected to another configurable device with at least 2 IP addresses....one facing the ISP and the other to serve as the gateway for your network. If you do a tracert to an external website or IP address, you may be able to see what the IP address facing your ISP is.
    I guess we could say that every subscriber to a broadband provider or ISP is actually just 'another room' in the provider's office in a manner of speaking... :-)

    +
    0 Votes
    kratasek

    Thanks much everybody, appreciate your advice..
    What would happen if I took out the switch and plugged that ethernet cable into the WAN port of the router? How does the router's firewall work in this mess? Is the ISP gonna know that I put the router on the network? I obviously don't want to create any problems for them.. And lastly, does RIP have to be enabled on the router?
    I know, you probably say that I'm overthinking this but I was never faced with this situation before, I'm sure some of you were..
    thanks again..
    Mike

    +
    0 Votes
    Spitfire_Sysop

    1. yes, do that.
    2. Yes the router firewall will work. It filters trafic between the dish and your switch in the prescribed setup.
    3. They certainly could. The only way to fool them is to spoof the MAC address of the device that they are expecting to see on the other end.
    4. Directly connected networks come first in the routing table with no routing protocol required. (RIP = NO)

    +
    1 Votes
    Alpha_Dog

    First, plug your ISP's connection, the one going to the PoE devise at the wall plug into your router's WAN port, which in your case is labelled Internet. Plug the rest of the devices into the LAN side of the house; the rest of the ports.

    Optional, but a good way to keep surprises to the minimum, set your router configuration to the default (soft reset).

    Next change your internal IP address to something other than the 192.168.1.x it gets from the ISP device. 192.168.0.x is fine. Set the router's IP at 192.168.0.1 and make sure DHCP is turned on with a sufficient pool of addresses for your devices.

    Lastly, change the administration password to the router as well as the wireless settings to reflect the desired security.

    Congratulations you are done.

    +
    0 Votes
    TekyWanabe

    Better still, he could turn off DHCP, use a 10.0.0.x subnet for his own LAN and assign static IP addresses depending on the number of devices he's got and whether there'll be a lot of traffic (I mean devices joining and leaving the network...which I doubt based on the setup he's described)

    +
    1 Votes
    oldbaritone

    Your router will get a 192.168.1.x address on the WAN side.

    I ended up setting my internal network to the 172.16-31.0.0 (172.16/12 prefix - I use 172.22.33.x) so there is no confusion about which addresses came straight from the ISP and which are on the internal subnet. If you're going to stick with the 192.168.x.x subnet, pick a recognizable number as your own, like 192.168.150.x or 192.168.250.x - something that is not generally used by ISPs or unconfigured consumer routers, like 0, 1, 2, or 100.

    +
    0 Votes
    kratasek

    Spitfire_Sysop, Alpha_Dog, TekyWanabe and lastly oldbaritone, all of you guys deserve a big cheers for taking the time answering my question. I'm gonna set the whole deal up tomorrow and will definitely post results here..
    thanks again everybody

    +
    0 Votes
    theNetNanny

    very curious about the issues brought up in this setup, how did it turn out?

    +
    1 Votes
    will_smith

    IMO, its weak that your wireless internet provider is NATing a private address to you. These steps above are great. I have worked for a wireless internet provider, and i would be embarrassed to host a service where i could not promise each customer their own unique public address. IF one person within that WISP company gets black-listed and blocks the ip address, everyone behind this provider will no longer have access to the internet. I would suggest your contact your provider and make them give you a public ip address.

    +
    0 Votes
    kratasek

    It's been forever and I forgot to tell you guys the resolution to this. Everybody involved, thank you one last time for all the good replies. So this is what I did:
    I ended up talking to my ISP about what I wanna do anyway, just to make sure there's no surprises. I was told, that there is an actual router inside the antenna with a DHCP server, hence the 192.168.1.x addresses I was getting. He told me just like some of you did to take the switch out and plug the ethernet cable feeding it to a WAN port of my router and change the router IP to a 192.168.100.1 so there's no conflicts. Everything else stays the same, just like I had it when I was on cable in the US.

    will_smith - that's a legit concern, do you think that with the fact, thant there's a router inside the antenna itself, I actually have my own public address? I checked the iplookup on flashfxp.com and got 217.66.183.xx So it looks fine, right?


    Everybody, thanks once more, it's good to be part of a community that helps you..