Re: Connecting Cisco 831 Router behind the D-Link Router
- From: "Trendkill" <jpmason@xxxxxxxxx>
- Date: 29 Mar 2007 03:46:27 -0700
On Mar 28, 8:47 pm, "Yajesh Shanker" <y...@xxxxxxxxxx> wrote:
"Trendkill" <jpma...@xxxxxxxxx> wrote in message
news:1175009603.046072.63780@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Mar 27, 11:10 am, "Yajesh Shanker" <y...@xxxxxxxxxx> wrote:
"Trendkill" <jpma...@xxxxxxxxx> wrote in message
news:1175001618.603420.88780@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Mar 26, 5:14 pm, "Yajesh Shanker" <y...@xxxxxxxxxx> wrote:
"Trendkill" <jpma...@xxxxxxxxx> wrote in message
news:1174842273.743040.73750@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Mar 25, 9:00 am, "Yajesh Shanker" <y...@xxxxxxxxxx> wrote:
Hi!
My home network uses D-Link Router providing 192.168.1.x addrress
throughout
our home network. When I connect Cisco 831 Router so that I can be
be
part
of our office VPN network, My D-Link address scheme changes to
10.10.x.x.
I'm not sure why it is doing that.
My Cisco 831 router is sitting behind D-Link router. The following
may
illustarte the setup:
Cable Modem----DHCP------->WAN Port on D-Link--------->One of the
LAN
Ports-------192.168.1.x----->Cisco Router
The Cisco Router does see the 192.168.1.x adress provided by
D-Link.
However, when I disconnect Cisco Router LAN Cable from the D-Link
router,
I
am back to 192.168.1.x address throught my home network and
obviously
everything works fine.
Can one explain the possible cause of this and what should I
set/check
to
solve this issue.
yaj
Sounds to me like your Cisco router is setup for dhcp and is giving
out IP addresses to your dlink clients before your dlink can
respond.
At its most basic level, the dlink is a switch, and just had a dhcp
server built into its software. When a client sends a dhcp request,
the dlink will forward that request out all LAN ports as it is a
simple broadcast. Since there are usually no other dhcp servers,
the
dlink's dhcp server request is used and gives out a 192.168.x.x.
But,
and this is not uncommon, the Cisco router is probably receiving the
request and is configured to give out a 10.x. network range address
via its own dhcp configuration. You need to look at your cisco
config......why not just use the cisco router as both your gateway
and
vpn termination? I'm sure your office is using private IP
addressing
anyway, so its not like client traffic will mistakenly go
there...and
if your office is allowing vpns in this scenario, obviously they
aren't that security conscious.
Just a guess........
Interestingly you touch the exact points that I thought seemed to be
happening.
Understood! Cisco and D-Link having inherent router specific
functionality,
will
generate an IP Address in the range specfied. i.e. 192,168.1.x and
10.10.10.x
respectively.
What I think is happening, Ciscco is passing that IP to D-Link and
sometimes D-Link
turns around and overrides its own generated IP (192.168.1.x) and
passes
along 10.10.10.x
address within Home Network. Seems like a voodoNetwork setup.
Having learnt this, it also means if Cisco Router traffic is channeled
through D-Link Gateway
address 192,168.1.1. Is this a correct statement?
Tell me!
Does htis mean, that home network is exposed to Cisco router while on
VPN
through Cisco
connection?
I think to solve this entire issue it would be ebst to subscribe to 2
seperate IP addresses and
segment two networks using NetGear Hub. Network A will service
192.68.1.x
while Network B
will service 10.10.10.x devices.
Yajesh
Well, you are confusing layer 2 and layer 3 a bit. IPs are at layer 3
and are routed, and switches are at layer 2. Your DLINK router is
both a layer 3 router and a layer 2 switch. The 4 ports on the back
of it (or however many you have) are switch ports. When a node
broadcasts for an IP address, it goes into the dlink switch, and the
dlink software router hears that request and gives the client a
192.168.x.x address. However, the nature of switches is that
broadcasts are forwarded out all switch ports since it is a
broadcast. If you have another dhcp server or router that is plugged
into a switchport in the same network, that device will also hear the
request and try to service it. At that point, it comes down to which
device is faster in servicing the request, in which case it sounds
like the Cisco is responding first and thus providing a 10.10.10.x ip
address first.
That being said, I'm not sure what you are trying to do here. If you
are desiring to have a permanent VPN tunnel between the Cisco router
and your office, and have clients behind that router have direct
access to your work network, then you need to turn off DHCP on the
interface that goes to DLINK, and turn on DHCP on the internal side of
the router. However then we get complicated as you would need static
routes on the dlink to tell it how to get to the new network behind
the Cisco.
I think your best bet is to stop using the DLINK as a router and rely
on your Cisco. To do this, plug your internet connection into your
Cisco ethernet port and configure as needed (turn off dhcp), turn on
DHCP on another internal ethernet interface, and run a cable between
that interface and one of the DLINK's switchports. You will no longer
be using the dlink's WAN port, and you want to disable dhcp on the
dlink altogether. At this point you will be using the Cisco router as
your router, and the dlink as just a switch (if you disable DHCP on
the dlink and do not use the WAN/Internet Port, it is essentially a
switch only).
Personally, this is not complicated but you may want to find some
local help by someone who has experience. Based on your questions,
I'm unsure of your experience level, and I'd hate to have you start
down this path only to realize that its not working and you don't
understand why or what to fix.
I believe I understand exactly what you are saying and certainly
comprehend
the recommendations you make. Certainly as I thought before, between
two DHCP srevrs running, one is contending with the other.
Obviously a dotted line picture could be worth a million words
I assume this means, I create static routes within D-Link for Home
Network
and use
Cisco default gateway to getb out on the Internet.
yaj
Yes, that is correct. Although if you use the second scenario and
cutoff the DLINK router part, you would not need that as the cisco
will be your only layer 3 device.
Well! I found a good solution, an easy one. Don't get upset now.
Got my cable company to give me second IP.
Connected to hub, and split up the networkk that way.
Avoids all the voodoo stuff.
Thanks! for your help.
Yaj
Not mad, even better than what I had proposed! Hopefully they didnt
charge you!
.
- References:
- Connecting Cisco 831 Router behind the D-Link Router
- From: Yajesh Shanker
- Re: Connecting Cisco 831 Router behind the D-Link Router
- From: Trendkill
- Re: Connecting Cisco 831 Router behind the D-Link Router
- From: Yajesh Shanker
- Re: Connecting Cisco 831 Router behind the D-Link Router
- From: Trendkill
- Re: Connecting Cisco 831 Router behind the D-Link Router
- From: Yajesh Shanker
- Re: Connecting Cisco 831 Router behind the D-Link Router
- From: Trendkill
- Re: Connecting Cisco 831 Router behind the D-Link Router
- From: Yajesh Shanker
- Connecting Cisco 831 Router behind the D-Link Router
- Prev by Date: Cisco ASA, VPN and Veritas Netbackup
- Next by Date: Re: ASA's CSC module not scanning traffic
- Previous by thread: Re: Connecting Cisco 831 Router behind the D-Link Router
- Next by thread: NAT Overload and load sharing
- Index(es):
Relevant Pages
|
|
