Extreme Networking Help!

[SpugEddy]

Thanks again guys. One more question.
Im attaching a photo of my current Network. The callouts
in blue are my questions.
Remember I am trying to keep ALL wireless connections on
"one leg" of the network and not go through my main router.
But I do want to be able to see both wired and wireless
networks. That's why I am upgrading my switch to a Managed
switch and I am thinking about upgrading my Main Router
to something a little more prosumer. Once the upgraded
equipment comes in, I will be able to setup a VLAN as
suggested by a couple of replies.

 

[SpugEddy]

I also forgot to mention in the picture. The Netgear switch
that is in place now has to stay in the equation. I am going to
be moving ALL equipment into a 19" rack. All of my RJ-45
jacks in my office are running into the switch. I would have
to rewire my office to move them to the new location. So,
it's just easier to leave that switch in place and uplink it to
the new switch

 

[bharvey2]

From what I can see, your routers aren't acting as router per se but rather as just switches. Or in the case of the two DIR-655s as APs. Also, if your cable modem has four ports, I suspect it is a combination modem and router. If you wish to keep the current configuration, I think you could change each of the "internal" router to a different subnet. (e.g. 10.0.1.1, 10.0.2.1, etc.) You would have to place static routes in your head router (assuming it will let you do that.I think you'd need to be able to specify the interface and I'm not sure it would have that capability) to point to the other routers.

Question: Why are their two DIR 655s? Are they far enough apart that two are needed? (Say different buildings or floors?)

 

[SpugEddy]

If I put the Cisco router on 10.0.1.x and the 2 D-links on 10.0.2.x how
would the 2 subnets see each other, say from my main PC? Static routing
or through VLan? Only the D-Link routers have static routing capabilities now.
Unfortunately, the static routes can only be programmed using the WAN. I
did find a way to rewrite the HTML code in the router to be able to fool the
unit into using the LAN interface, but I prefer to do it the right way.
So I intend to upgrade the switch to a Managed Switch and
I'm planning on upgrading my "Main" router as per some of the replies here.
The amount of traffic is too much for $40 routers in my opinion.

The 2 DIR-655 routers are in fact in 2 different buildings. I have an office
out in my back yard where my Internet d-mark is located. The D-Links
are connected through a CAT6e cable running from in the house to the
office via underground pipe. The HOUSE D-Link is hosting only 1 wired
connection and is acting as a Wireless Access Point. Both D-Links broadcast
the same SSID for wireless. (WiFiOnly) This way, wireless devices are only
looking to connect to that one specific name and can connect to either depending
on signal strength. (A pretty cool little trick I picked up doing some research)

 

[bharvey2]

Your routers would handle traffic between subnets. (That is their purpose) You don't need a router until you need to traverse between subnets. Technically you could have two wireless APs and all of your wired devices connected to one large switch. That switch would be connected to your router/modem and that would be all you need.

Out of curiosity, how many wired/wireless devices do you have and how many of those need to connect to the internet?

 

[SpugEddy]

In my office I have 10 wired devices. Printers, NAS, Network drives,
Access Control Security System, CCTV DVR, computers, etc.
Not all of them need Internet full time, but at some point they
need Internet access for firmware upgrades or special needs.
( ie. CCTV DVR doesn't need full time Internet, but when we are
away, I can see live video of all my cameras. Some people send
pictures directly to my printer rather than e-mailing them to me. So,
the printer is online 24/7. I stream my NAS for music when I am on
the road sometimes. )

In the house there must be about 20 wireless devices. Phones,
iPads, iPods, Kindles, etc.
My buddy down the street calls our house NASA because of all
the communications going on. He said he's gonna start wrapping
his head in tin foil when he visits to avoid the radiation! LOL

 

[bharvey2]

While that seems like a lot, that is about the number of devices I have at home as well. I'd be surprised if all of those need internet traffic at once. Even so, you internet pipe is probably the bottleneck. Here are a few suggestions that might help:

1. If a devices stays on the network (such as the wired computers, NAS devices, printers, CCTV DVR and cameras if those are IP as well) assign it a static IP address.

2. If you can, disable multicast traffic on those devices. You may want to keep multicast traffic going on the printer so wireless devices can see it. This will reduce the broadcasts from devices. You already know they're there.

3. Convert the DIR 655s to APs only.

4. Your new managed switch should have all gigabit ethernet ports. This is getting pretty common.

4. Directly connect the wired devices, the APs and the internet modem/router directly to the new gigbit managed switch. Either the head modem/router or the new smart switch can handle DHCP requests of you wireless devices. Start you IP range at about 100 to leave enough room for static devices.

(FYI: If you like Ubiquiti products, they just came out with a 24 port EdgeSwitch (non PoE) that is a managed, very capable layer 3 switch for about $200. I've bought three to replaced older switches at work and really like them so far.)


I think these steps would clean things up and improve traffic flow on your network.

 

[SpugEddy]

Yes a few of you guys suggested the Ubiquiti name and so far,
I like what I see. Right now my eye is on the ES-24 switch
and the ERPoe-5 router.

 

[bharvey2]

I've never used the 5 port router but have used both their 3 and 8 ports. I've also used the 24 port switch. I think you'll have a log of options if you go that route. Give a shout if you have any questions once you get your new toys.

 

[SpugEddy]

That's great BHarvey. I appreciate the offer and
I just may take you up on it since the Managed
switch will be a new experience to me.

 

[SpugEddy]

Latest update. I bought an Ubiquiti ERPoE-5 router and
Ubiquiti ES-24 Lite 24 port managed switch.
Right off the bat I'm finding that the router programming is very
different than what I'm used to. (I've had to factory default the router
8 times! YES, 8)
One issue I'm having is: when I use the wizard to set the WAN and
LAN ports, I opt NOT to bridge eth2, eth3, and eth4 to eth1 because
it says that it will affect overall performance when you bridge the ports.
But it creates a switch on a different subnet. (Example: eth0 is my WAN.
eth1 becomes 192.168.1.1. Eth2, eth3, and eth4 become part of switch0
which is now 192.168.2.1) As soon as I try to change that in the programming,
I lose connectivity and I'm locked out of the router needing to factory default.

It obviously doesn't make sense to bridge the ports because I now
have a managed switch to do that for me. I'm still using the older
Netgear unmanaged switch because i want to understand the router
programming and get that running right FIRST, then add the switch and start
the programming of that.
Looks like trying to program a VLAN is gonna be the death of me. I've tried
3 times now to go out and run in traffic, but everybody around here must know me
because they keep swerving around me and missing me.

 

[bharvey2]

It's been a while since I set up one of the UBNT routers via a wizard but I recall one call WAN+2LAN that should get you up and running fairly quickly. In doing so, you should see a checkbox to enable "Hairpin NAT" and you want to select that. I don't recall any bridging requirements with that mode although if you have a newer firmware that could be why you're seeing that.

Setting up a VLAN can be a source of frustration until you get your head wrapped around the concepts involved. Of course, you need to get the router up and running first. Here is a quick synopsis:

1. The VLANS are first created in your router. UBNT has a button in the Dashboard screen that allows you to add an interface. You will add them here, assign them a unique number and associate them with a particular interface. That interface will be you LAN interface. You could think of it as layering one network over another.
So, if you LAN port is ETH0, with an IP range of 192.168.0.0/24 your VLANS may be:
ETH0.100 IP 192.168.5.0/24
ETH0.200 IP 192.168.10.0/24
ETH0.300, IP 192.168.15.0/24 etc.

2. Those same VLANS will be added to your switch.

3. Assigning membership: Here is the tricky part and this is what you need to understand: The whole concept of VLANS revolves around an addition piece of information being sent along with each data packet on the network. That is the VLAN tag or identifier. To be included in a particular VLAN, that identifier must be present in the packet of information being sent. You will need to assign each active port to be members of one or more VLANS. Your usual options for VLAN membership are EXCLUDED, UNTAGGED, TAGGED and TRUNKED.

EXCLUDED: This one is obvious, it isn't a member

UNTAGGED: consider this like a default VLAN. Most computer hosts ports will be an untagged member since computer network cards don't always generated a VLAN tag. A port can only be an untagged member of one VLAN

TAGGED: The port expects the attached client to generate the VLAN tag. Ports can be members of multiple TAGGED VLANS (and one UNTAGGED VLAN)

TRUNKED: These are members of all VLANS and are used to interconnect switches, routers etc. Some devices don't have a TRUNKED option and if the port is used to interconnect switches, you'd need to ensure that it is a member of all of your VLANS manually.

Another term to remember is MANAGEMENT VLAN. This is the default VLAN of the device. For instance if your management VLAN is 0, the computer should be an untagged member of the same VLAN in order to communicate with the switch. If it isn't, the router with the VLAN programming will need to be present to facilitate communication.

I hope some of this makes sense. It would be a good idea to hunt down some websites that do a better job of describing VLAN principles than is done here before you try to tackle this. Shoot a post back if you have any other questions.

 

[SpugEddy]

OK so I have successfully configured the ports on the router like this:
eth0 - WAN port to modem
eth1 - LAN port with IP 192.168.2.1/24
eth2, eth3, eth4 - LAN ports but on switch0
switch0 - 192.168.1.1/24

I created a VLAN and called it 20
VLAN20 is configured:
Parent - switch0
IP - 192.168.2.50/24
VLAN interface - switch0.20

Then I went to the switch and created a duplicate VLAN there.
VLAN20
I "T"agged port 1 on the switch for the connection
I "U"ntagged ports 23 and 24 for the VLAN to exist on
and "E"xcluded all other ports from the VLAN on the switch.

Cable is connected from Router port eth3 (software switch0) to physical Switch (EdgeSwitch) port 1
Another cable is plugged into physical Switch port 23 to D-Link Router (IP 192.168.2.2)

Everything is still up and running with no major faults. However,
I am still not able to ping across subnets. (computer 192.168.1.10
is unable to ping 192.168.2.31, etc) Do I need to do this through
routing now?

***EDIT***
But, before you answer that, let me throw in another thought.
My main concern is; I have a device in the house that is on the
192.168.2.xx network (It's IP is 192.168.2.31). It comes outside from Router3 (192.168.2.3)
to Router2 (192.168.2.2) This device has to have access to another
device on a different subnet (192.168.1.40)

Wiring diagram:
Device 192.168.2.31 -------> LAN port of Router3 (192.168.2.3) (DHCP Disabled) (Router2 and Router3 are D-Link DIR-655's)
192.168.2.3 WAN port -------> LAN port of Router2 (192.168.2.2)
192.168.2.2 WAN port -------> eth1 on Comcast Cable Modem (4 port Cable Modem)

Can I achieve this by creating another VLAN on the switch and connecting
one of the LAN ports of Router2 to the switch? Then plugging the 192.168.1.40 device
into the switch?

 

[bharvey2]

Glad to hear you've made some progress. I am a bit confused though. In the first paragraph, you mention switch0 at 192.168.1.1/24 and in the second paragraph, switch0 is 192.168.2.50/24 on VLAN20

When a VLAN is created, it usually auto-creates a static route. Check in your Edge Router router tab and see if they are there. You should be able to ping the VLAN interface.

Are you using the DLink routers' WAN ports at all? I don't know if the VLAN tag will pass through. I'd suggest not using the WAN port (LAN ports only) or wire omit them alltogether and wire directly to your Edge Switch.

I mentioned in an earlier post about the Management VLAN. If your Management VLAN of any device isn't set to the IP range of that device, you may have trouble communicating with it across the VLANs.

For simplicity's sake, I'd put all of the switches/routers on the same subnet/same VLAN/same Management VLAN.