Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[dopeselecta]

Hey guys, I am bit of a novice in this area and I maintain the home network at my parents house.  It's a 8k+ sq ft house that covers a lot of land, there are rentals on the property too.  Basically, I have 3 DIR-655, two revA's and one RevB device.  I just purchased the 3rd 655 for a renter, mainly for use of a second guest zone.  However, after setting up the device and connecting to the second guest zone, I get no internet access, total bummer.  Searching these forums, I haven't gotten anywhere and thought I should post my own issue.  Here is my current setup

DIR-655 #1
IP: 192.168.1.1

DIR-655 #2
IP: 192.168.1.3

DIR-655 #3
IP: 192.168.1.4

The subnet masks are all the same.  Router #1 is the gateway and connects directly to the cable modem.  I wanted to get the more advanced users take on the setup.  The gateway router has the guest zone enabled and that works flawlessly.  I need the second guest zone for another renter.  What I'm I trying for is a "hotspot" setup where renters can access a wireless internet connection purely for viewing the web while being isolate from my parents home network (think 10tb on a movie server and my father's person work computer).

I've looked around for possible solutions, see this below:

Configure the second router in gateway/NAT mode and connect the internet/WAN port of the router to a LAN port of the first router. In this case it is important to use a different subnet on the second router then the first router. If the first router uses addresses 192.168.1.* with subnet mask 255.255.255.0 the second router must be outside of this subnet, e.g. it could be 192.168.2.1 with subnet mask 255.255.255.0. Make sure to enable the DHCP server on the second router unless you only want to use static IP addresses in your LAN. If you need port forwarding from the internet to the LAN of the second router, you have to configure the same forwardings on the first router as well. You forward first from the first router to the second and then from the second into the LAN.

taken from:
http://routersetup.blogspot.com/2007/08/two-router-setups.html

But haven't tried that one yet, if anyone can suggest and yay or nay for that setup please let me know.

Also, in my searches, I have come across the DAP-1522 as a possible solution for a "hotspot" but wanted to get more from the power users.  I'd still like to give multiple connections for wireless, "guest zones" for pure internet viewing and no network access.  Please let me know what you think.  I'd hate to think I'd have to go up for an enterprise option to get connectability like i'd see at starbucks.

Any and all help is appreciated.

[EddieZ]

PLease provide a network overview (picture) on the setup of your network. And the number of expected users/guest use etc.

First thought is that you might want to consider different subnets. Also, your intentions will probably bring internet access to a stop if you don't use equipment that enables bandwidth throttling. The DIR is a noce device for SOHO, but when you want to set up more elaborate wireless hotspots you will benefit more from other specialized equipment.

[ddes]

I am using a similar configuration for the same purpose. I have noticed the guest zones, when "enable routing between zones" is turned off, seem to fail to grant an ip--in other words they can't see the the DHCP server of the access point that is delivering this. As a side note the guest zone on the router that is providing the DHCP is working perfectly it's only the secondary guest zones on the access point only 655's that will not allow connection or receive an ip.

I know it's not a solution, as I am seeking one myself !!

Can anyone comment on configuring dual DHCP's to create a virtual guest zone with 655's.

[SpaceCadet0]

I believe the answer lies in implementing "Configure the second router in gateway/NAT mode and connect the internet/WAN port of the router to a LAN port of the first router".

I've been thinking about it a lot, I'm in the same situation.  When "Enable Routing Between Zones" option is checked on the DIR-655, I suspect it does a "255.255.255.255" mask to all traffic except to its internet gateway, whatever that would be.  In a way, that's the way it should be, so that each of the guest cannot see one another and cannot access the host network.  The only traffic that should be allowed would be to the gateway to the internet, that's it.  And that's probably why when that "Enable Routing Between Zones" option is checked, no router acting as an access point will be able to provide internet access to guest.  The gateway that's providing internet access is the first one next to the modem, the other router down the line would have to be configured in gateway/NAT mode, and its WAN port would have to be connected to the LAN port of the first router, in order for the guest zone mode to work correctly.

Now, how does one configure the DIR-655 as a gateway/NAT...  HELP, anyone?  For internet connection type, the DIR-655 has 5 options: 1) Static IP 2) Dynamic IP  (DHCP) 3) PPPoE 4) PPTP 5) L2TP.  I have never been able to set up so that I can plug the WAN port of 1 router into the LAN port of another and make it work.  I'm going to have to delve into it a bit more...

The other solution would be to have routers coexist on the same subnet just as dopeselecta has it, allow "Enable Routing Between Zones", but write in additional firewall rules to block all access from guest computers to just the gateway.  What do you think, which method is easier to implement, which method would result in a more secure guest zone? 

[leatherneckbiker]

More information on the way your network is set up would help, but off the cuff, if security is your number one issue, your best solution would be a hardware firewall.  Find a cheap, used desktop that you can add additional ethernet cards to and run pfSense on the computer creating a hardware firewall between your network and the guest networks.  It's a headless, freeBSD based system that will do it's own routing and traffic shaping among other things.  Since it's so lean, I run it on an old pentium. Without getting into the how on this forum, go to www.pfsense.org and see if that will meet your needs.  There is plenty of support and information available as with most things in the Linux community.

[djgizmo]

IMO, I think your best option is to use the modem as the DHCP (if its also a router) and just setup 3 guest zones.  However, since you would be connecting each 655 as a switch/AP, all the routing/QoS options would be useless.

Guess Wifi is Dlinks own dumbed down version of a vlan segment.


Modem>>Switch Port1>>655(A) -- guest wifi zone3 & primary wifi / hard wired connections.
------->>Switch Port2>>655(b) -- guest wifi zone3
------->>Switch Port3>>655(c) -- guest wifi zone3

[djgizmo]

nm my above thoughts... after reading the below links... its best to set it up like this...

http://www.computing.net/howtos/show/add-a-second-router-to-your-lan/243.html


655(A) (LAN Side):
IP: 192.168.1.1
SM: 255.255.255.0
DHCP Enabled = Yes
DHCP Scope: 192.168.0.100 to 192.168.0.199

655(B) (WAN Side):
IP: 192.168.1.3
SM: 255.255.255.0
Default Gateway: 192.168.1.1

655(C) (WAN Side)
IP: 192.168.1.4
SM: 255.255.255.0
Default Gateway: 192.168.1.1
This will basically double nat your guests, but not your main computers/wifi

655(B) (LAN Side):

IP: 192.168.0.1
SM: 255.255.255.0
DHCP Enabled = Yes
DHCP Scope: 192.168.1.100 to 192.168.1.199

655(C) (LAN Side):
IP: 192.168.0.1
SM: 255.255.255.0
DHCP Enabled = Yes
DHCP Scope: 192.168.1.100 to 192.168.1.199

Turn on regular guest wifi for routers B and C.   Turn on regular wifi for your main router. 
Voila done.

[davevt31]

You all realize you are answering a question that was posted back in September and they haven't been back for any follow-up postings.

[Rexw099]

Here is my configuration, I have went in and flip the switch to make both the B and C DIR-655 access points.
The issue I have is that the 655 will not always hand of a IP Address.
Any ideals why?

655(A) (Router Hardware Version B1 \ Firmware 2.01NA)
IP: 192.168.0.1
SM: 255.255.255.0
DHCP Enabled = Yes
DHCP Scope: 192.168.0.100 to 192.168.0.199

655(B) (Access Point 1 Hardware Version A3 \ Firmware 1.35NA):
IP: 192.168.0.3
SM: 255.255.255.0
Default Gateway: 192.168.0.1

655(C) (Access Point 2 Hardware Version A3 \ Firmware 1.35NA):
IP: 192.168.0.4
SM: 255.255.255.0
Default Gateway: 192.168.0.1

[FurryNutz]

the devices that connect, are they always around or do they come and go. Try to see if you might try to set up static reserved IP addresses on router A so that they always have an IP address that doesn't change.

[Rexw099]

Looks like the static IP's fixed the client issues. But now looks like the DNS between the router and access points has an issue. When surfing the web, you get the dreaded "Internet Explorer cannot display the webpage", but if you hit refresh the page will load. 

If the client is connected to the router either by wire or wireless they will not drop packets. If the client is connect to an access point it will drop 25%+ of there packets. Here are some results of ping test from the clients.

PC-1 Wired : Router
Ping statistics for 192.168.0.1:
    Packets: Sent = 100, Received = 100, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

PC-2 Wired : Router
Ping statistics for 192.168.0.1:
    Packets: Sent = 100, Received = 100, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

PC-1 Wireless : Router
Ping statistics for 192.168.0.1:
    Packets: Sent = 100, Received = 100, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 27ms, Average = 2ms

PC-2 Wireless : Access point 1
Ping statistics for 192.168.0.1:
    Packets: Sent = 100, Received = 73, Lost = 27 (27% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 9ms, Average = 0ms

PC-3 Wireless : Access point 2
Ping statistics for 192.168.0.1:
    Packets: Sent = 100, Received = 67, Lost = 33 (33% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 12ms, Average = 2ms

[FurryNutz]

Might try to see if you need to use DNS relay and turn off Advanced DNS service.
Turning a router into an AP.