Can I daisy chain wireless routers?

Factual Questions
1

I recently converted from Comcast cable/internet service to Verizon-FIOS. With my Comcast service, I used my own n-wireless router plugged into the Comcast interface. The interface provided by Verizon-FIOS is g-wireless router with four outlets. I’m told I have to use the FIOS router for everything to work correctly.

I used to let my across the street neighbor log-in to my n-router – she can’t do it now. Apparently the wireless g-router with FIOS isn’t as strong as my n-router.

So can I just plug my old n-router into one of the FIOS router ports to let my neighbor log-in? I can disable the wireless capabilities of the FIOS router if necessary.

2

It should work. Routers are meant to be daisy chained.

3

Yeah, it shouldn’t be a problem, though you’ll have to reconfig your old WAP to the new gateway (and dns if you are using it for DHCP) info of your new system. I’m doing something similar myself. My QWEST DSL system comes with a built in AP, but it sucks (too small a range) so I just shut it off and am using my old Linksys WAP with extended antennas for wireless.

I’d suggest that you encrypt your wireless traffic (WPA or WPA2) and turn off your SSID broadcasts, then just tell your neighbor your SSID and PSK info, if you aren’t doing that already.

-XT

4

How interesting. My FIOS is going to be installed on Tuesday, so I will have to do the same thing.

I do this all the time with routers. There are many options, but they are usually variations on two themes:

Configuration 1 - Both routers used as DHCP servers and NAT firewalls

In this configuration, you have plugged the WAN port of router B into one of the LAN ports of router A.

Looks like this:
Router A
WAN IP Address: 69.31.112.33 (or whatever your ISP gives you)
LAN Network: 192.168.1.x

Router B
WAN IP Address: 192.168.1.2 (or whatever Router A handed out)
LAN Network: 192.168.2.x

In this configuration, you have two networks. Since NAT routers act as a one-way-valve, letting you see the Internet without letting the Internet see you, clients in network A cannot see clients in network B (the nested network). However, clients in network B can see clients in network A.

You will likely want to set up a static IP for router B.
You might want to set up static IP for print servers or NAS devices on network A if things in network B need to see them.

If you turn on wireless on both routers, you will have two wireless networks that match the attributes of network A and B.

This is my own home configuration right now. I do this so that I can use router A to limit access to everything attached to the kids’ router (router B), even if it is an iPod Touch or an XBox.

Configuration 2 - Only one router used as DHCP server and NAT firewall

In this case, the WAN port of router B is usually ignored.
You must go to the Config Screen for router B and turn off DHCP and possibly select other router-specific options to turn it into a Wireless Access Point.

Now, hook one of the LAN ports from router B to one of the LAN ports of router A.

Router A is now issuing IP addresses; router B is simply acting as a WAP, extending your network.
All devices attached to either router A or router B will see each other, and they will all share the same subnet (e.g. 192.168.1.x).

At the end of the day, you can turn on WiFi on the good WiFi device and turn it off for the crappy device, regardless of where they are in your network. Just make sure you are aware of which configuration your are setting up. If you just start hooking routers together, you will likely end up with the situation I described in the first configuration, with multiple networks.

5

I’ve done this before, when my ISP wanted to charge me rent on the wireless card for the router. I had the modem/router from the ISP, and then I plugged in my own store bought router, and assigned it an IP address. Then I just connected wirelessly to my router, and poof, wireless internet. The advantage is that if you move, or change ISPs, or whatever, you can keep your router, and not have to change all the settings on your devices (in my case: my computer, my wife’s computer, my Nintendo Wii, Nindendo DS, the wife’s Nintendo DS, and a printer).

The only thing is that if you decide to do any port forwarding, you need to remember to do it on both routers.

6

Wow! Lots of info. Don’t understand everything that was said but I conclude the answer is Yes, with no problems.

7

Hi,

I need help with a very similar problem. I also have Verizon FiOS service for TV, telephone, and internet. I have a Verizon supplied ActionTec MI424WR modem/router. Around Christmas I decided to add an Apple Air Port 3TB Time Capsule to the mix for the better features on this unit. After contacting Apple support I was instructed that the best way to do this was to hardwire the two routers with a cable going from the a LAN port on the ActionTec router (A) to the WAN port on the Apple router (B). I was then instructed to turn the wireless feature off on the router A. Router B it seems defaulted to “bridge mode.” At this point everything seemed to work fine and the IP addresses assigned to my wireless devices (Apple & IBM laptops, iPads, iPhones, Apple TV, etc) were all in the range of 192.168.1.x meaning that they came from router A (I am assuming).

I’m a programmer, but not a networking guy so this is all still a bit confusing for me and I am going to need explanations that a non networking pro can understand :slight_smile:

The real problem arose when I purchased a Hewlett Packard M451DW Laserjet Pro 400 Color Wireless Printer. I saw in the reviews on Amazon that many people found the install to be difficult. I decided to try and do the install from my Mac Book Pro.

It didn’t work after hours on the phone with HP and I waited a week and half for a callback from HP level-2 support where the guy finally asked me to try and ping the IP address that was assigned to the printer (e.g. 192.168.1.6) from the laptop (I’m assuming another 192.168.1.x address). It would not ping! I could ping other devices like the Apple TV etc.

So after calling Apple back I was instructed to change one of the setting on router B from “Off (Bridge Mode)” to “DHCP and NAT”. Now the printer was showing an IP address of 10.x.y.z which I am told is in the range of addresses that router B provides. Finally the printer was working however the Airport Utility was displaying the message “Double NAT Issue” which Apple has told me recently to simply ignore.

I was originally told to put router A in “bridge mode” but it seems that neither Verizon nor ActionTec says this is possible and since router A still supplies TV guide info and Video on Demand and some other things it seems that this router cannot be removed from the mix. I asked about them supplying (or me buying) just a cable modem and this is also not possible. Router A is fed by a coax cable and I have read that you can run a Cat 6 cable from your ONT to router B instead. I’d like to do that at some point, but it seems that requires its own set of changes and I’m still not clean on whether router A still needs to be in the mix–it’s all so darned confusing. There something called MoCa in the system which I believe is IP data going over the coax, but I’m not clear on what it is.

So I guess my question is why was the HP printer not pingable from the Mac Book Pro? I do have some software called AirParrot which allows me to redirect video from the Mac Book Pro to my Apple TV and that works fine, so it seems that the Mac Book can certainly communicate with other wireless devices on the network, just not the HP printer.

I still feel that I have a less than optimal set-up and wanted to post this question here in the hopes that someone like *minor7flat5 *who really seems to know this stuff well will be able to help.

Thanks in advance for any info and please feel free to drop me a PM or email if need be.

8

Your problem makes no sense to me. The only thing I can think of is that you manually configured the printer IP and missed something (like mismatched subnet mask - for 192.168.1.x the subnet would be 255.255.255.0) It’s highly unlikely the printer has pings turned off or a firewall blocking pings (two other culprits in some devices). Perhaps your airport did not default to bridge mode, it just seemed to because it used the same IP range on the LAN as it obtained from the WAN? Did you explicitly set Bridge option or verify it on the Airport setup?

From what I’ve read, in bridge mode, the WAN port is just another LAN port on the Airport. (too many “port”!!) I see no reason why that would not work. The scenarios described in 2010 are “cascaded” and “bridged”. In most other routers, the WAN port is always the WAN port. The thing that stops the second router from routing in “bridged” is that it’s not the default gateway (DHCP hands that out; B has DHCP turned off) so nobody sends it packets to forward out the WAN port - they all go to Router A.

On a windows PC, after a bunch of PINGs you can do an “arp -a” to see the MAC address of the devices it has found, even if they did not reply to pings, as long as they acknowledged they existed on the network.

By turning bridge mode off, your Airport is now “cascade”. Devices on the wifi side (and using Airport LAN ports) can see the network on the WAN port (just like they can see the internet). However, anything on the WAN side of the Airport cannot see the LAN/Wifi side.

Plus, a lot of local network functions (like autodiscover) rely on broadcasts, and the two networks on each side of the Airport cannot see each other’s broadcasts.

9

Hi md2000!

Thanks for your reply. I didn’t change anything on the printer manually when I went to set it up–I just took it out of the box and plugged it in. First thing I noticed was that the LCD screen showed an IP address of 192.168.1.6…I believe these are dynamically assigned to my wireless devices and this is the one the printer “received” during setup. The setup never completed and then on Monday I noticed that the printer was displaying an IP address of 192.168.1.10 or something that was different than what it was a couple weeks ago.

The Apple router was originally in bridge mode (I believe this was the default out of the box as I don’t recall ever setting it, but I may have done so back around Christmas when I originally tried to get this thing working with Apple support). I did verify on Monday that a particular setting (I’ll check the name when I get home) was originally set (out of the box I believe) to “No (Bridge Mode)” and they had me switch it (explicitly) to “DHCP and NAT”. This is on the Apple router which is router B. So doesn’t B have DHCP turned “on?”

After this was changed and applied, I noticed that the printer was displaying an IP address of 10.x.y.z (I don’t recall it) but Apple confirmed that it was in the range of the IPs supplied by the Apple router. At this point the printer is printing wirelessly, I’m just not comfortable with how I got there and certainly would like to understand why the wireless printer did not work with my original setup.

Please let me know what you recommend I try with this setup.

10

I don’t know. I can’t find anything that says Time Capsule/Airport defaults to Bridge mode.

I’m wondering if you ended up with an AirPort router where both sides are the same numbering scheme. If so, the results can be unpredictable. Certainly, whether the number schemes match or not, something on the WAN side of the Airport-as-router cannot see/ping anything on the LAN/Wifi side; while the LAN side of the AirP can see the Verizon device’s LAN. That sounds like what you were encountering.

Another test that you can do with a PC (on any LAN) is the DOS command “ipconfig /all” which will tell you what the DHCP server (source of address) is. I believe on an apple the command line is the UNIX command “ifconfig /all”. Can you print a status page to get all the printer’s setup details like DHCP server address?

If you are determined to make the device work…
I assume this is the one with 3 LAN ports, Wifi, and a WAN port.
Leave the Verizon device as the main router, as it is now.
Do NOT connect the Airport WAN. Connect only the LAn side.
Put it in bridge mode, i.e. turn off DNS and DHCP

Ethernet 201:
A switch is a multi-way bridge.
At Layer 2 of Ethernet, the one machine sends to the MAC address of another machine.
When the higher level functions require a packet to be sent to a particular address, it asks Layer 2 to send the data,
Local layer 2 - the source device broadcasts an “arp” which basically says “hello, who is x.x.x.x?” (Broadcast, to 255.255.255.255, because it has no idea what the MAC address is.)
The target machine replies with “That’s me” and tells the source its MAC.
The machine can now send a packet - [destination MAC][Source MAC][Data]

you can use “arp -a” on a PC to see the list of recent MACs it knows about.

If the destination is outside the local address range (based on subnet mask) the device sends to the default gateway instead. The gateway knows how to send it on.
The source device may have started by asking DNS what the IP address of a network name is.

A switch watches the traffic going by. Every packet it sees, tells it which wire which MAC address is on (remember packet includes source’s MAC). It builds a table.
It sends any incoming packet to all other connections at first - but as soon as it hears and knows a MAC address, it only sends (and only needs to send) the packet out that connection. (Broadcasts of course, go out all connections).

DHCP hands out default gateway as well as IP address (and subnet). Remember, all packets destined for outside the subnet are sent to the gateway.

You could connect to the Verison box or the Airport and whichever is/are doing DHCP, you should see a list of MAC addresses, device names, and DHCP information. This will tell you who is doing what.

So when a device is a router, it or some other DHCP server on the subnet (LAN) says “this is the default gateway” (and it knows how to pass the data on to the WAN port).
When a device is a “bridge”, it will pass a packet from one device to another but nobody thinks it is the default gateway, so nobody send it packets to be forwarded. But, since it hears all the other devices on the LAN side, it will pass packets between them all. If it is also Wifi, then Wifi simply acts like another network cable - it keeps track of MAC addresses it hears, and if a packet come in on the wires, and the MAC is wifi, it sends it out the radio; ditto, incoming wifi packets could be forwarded to wired.

if you don’t turn of DHCP but the WAN is not connected to the internet, then some devices will have the wrong gateway and send packets where there is no internet, and you will be able to see local but not internet from those devices.

If there are two DHCP on a network, then it’s luck of the draw or dueling device speeds who responds to address requests first.

When you make changes to DHCP, either reboot a device or unplug network cable for 10 seconds to force a new DHCP request for the new DHCP setup. Otherwise, the device will keep using its address until its lease is up - often 8 days.

Several options -
-if your printer was on the other side of a router than the MacBook, then the broadcasts (simplest way to find an unknown printer on what was supposed to be a local network) would not work.
-bridge mode supposedly turns Airport WAN port into a LAN port. (and turns off DHCP, on the assumption someone else is the router / gateway and DHCP).
-if you did change router setup, if the link to the printer did not go down (i.e. power of/on the airport) then it would have no reason to obtain a new improved IP address.
-the printer config (panel or print status page) would tell you IP, mask, and gateway which should tell you what to do.
-bad bad idea to have two DHCP on network unless configured not to overlap. they should also agree on the layout - mask, who’s default gateway, etc.

11

Thanks again for all of the info, as a networking novice I am trying to digest it, but I don’t understand all of what you are saying yet–maybe you or someone can simplify it a bit for me.

Re the Time Capsule being in “bridge mode” would it have sensed the cable being plugged into the WAN port and gone into that mode? I’ll get the name of the setting when I come home and post it. I can also call Apple support to find out what the story is there. They may have had me set that back around Christmas when I set up the two routers and I just don’t recall.

I don’t know what you mean by “you ended up with an AirPort router where both sides are the same numbering scheme”–what are the two sides of the router? Remember with the original set up all my devices received IP addresses of 192.168.1.x which are the Verizon IPs although the devices were connected to the Apple router. Is this the correct behavior when the Apple WAN is connected to the Verizon LAN with the Verizon radio turned off? The HP printer also received a Verizon IP address but the Mac Book could not ping it. I **could **ping the Apple TV which is another wireless device attached the same way, so I’m not sure what is/was going wrong. Is there more I could have done at this stage in the set-up to try and understand what the problem was? It seems this was the critical point right?

Are you saying that I should attach a LAN port on the Apple router to a LAN port on the Verizon instead? Do I need to power down the routers at this point? I’m never sure when I need to restart routers/devices and when I don’t. The printer seemed to pick up the correct IP addresses without any restart.

Still confused here, so thanks for any additional insight!

12

A router has a WAN side and a LAN side.
Sticking to simple home routers…
The WAN side is attached to the internet (usually). The WAN port picks up an address. Some have the option for other network connections - PPPoE (Point to Point Protocol over Ethernet) is the favorite for DSL telephone internet service. For cable, typically, the service is just Ethernet, plugged into the cable modem.

The WAN gets its address from the sevice provider, usually. It would be a DHCP “Client”, asking for and getting the address, subnet mask, next hop gateway, etc.

The LAN side can be multiple devices- your PC or MAC or several, printers, your webcam and NEST thermostat and iPhones, yada yada. Most of the time the home router is the DHCP server on the LAN side, handing out addresses.

Most home router LANs are numbered with “unroutable” IP addresses. 192.168.x.x and 10.x.x.x are invalid addresses on the real internet. This is good because so many homes use the same numbering, while real internet IP’s have to be unique in the world.

The LAN devices get out on the internet by a trick called “NAT” - Natural Address Translation. They send the data packet to the default gateway - the router - which then forwards it onto the internet. However, the router changes the “From” address from the internal address to the WAN address, so it looks like all the traffic is originating from the router. It keeps track of the conversations and when replies arrive for that conversation, it changes the “To” address to send the data to the computer that started that conversation.

hence the firewall function that a home router does naturally. If unsolicited packets arrive from the internet - someone tries to start a data conversation from the outside - the router has no idea who to send it to. Unsolicited data is dropped. (You can program some home routers to forward to a specific inside device, but by default they do not.)

The routing works on a simple assumption. All data sent is either for the same IP subnet (same IP numbering, same mask) or external (different subnet). Fancy industrial routers can handle multiple routes to the same IP subnet, but home routers are built on the premise they have only one gateway and only one internal LAN IP subnet.

You can cascade home routers. The WAN side does not have to be real internet - but it cannot be the same numbering as the LAN side.

When a computer wants to send a packet, it asks DNS for the IP associated with the name. It then looks at the IP; apply the subnet mask - does the IP match the local network with mask applied? I.e. if the address is 192.168.1.x then any traffic aimed at 192.168.1.x is considered local the LAN and it uses a broadcast ARP to try to find that device. No response to “who is 192.168.1.216?” Then it is not on the network.

Only if the subnet is different - i.e. you’re on 192,168,1,x and you want to send to 8.8.8.8 - only then does the packet go to the default gateway (usually the router).

So if your Verizon LAN is 192.168.1.x and the Verizon gives out DHCP, but the Airport is in router mode and it also hands out 192.168.1.x - the both sides of the airport will be the same subnet. That won’t work.

You are plugged into the Verizon side, the Airport’s WAN side. You ping 192.168.1.10; it’s on the other (LAN) side of the Airport. Your PC broadcasts ARP “who is 192.168.1.10?” The firewall function of the Airport does not pass broadcasts, so 1.10 the printer never hears, never responds.

Ditto a device on Wifi. It pings the Verizon modem. But the device braodcasts on the airport LAN “who is 192.168.1.250?” That’s on the WAN side of the airport, which does not pass broadcasts, so the other side never hears and never responds.

If the Verizon LAN and Airport LAN are different subnet IP numbering, no problem. Device on wifi (192.168.1.10) wants to send to 192.168.0.244 - that’s a different subnet, 192.168.0.x not 192.168.1.x - so packet is sent to default gateway and Airport repeats it out the WAN port with address translation. However, 192.168.0.244 cannot ping 1.10 - because it sends outside traffic to its default gateway the Verizon box, which probably does not know about the airport unless you add the Airport as a route gateway to the Verizon route table. (a higher lesson) SO the connectivity is one way, from the inside to the outside.

If you want one flat network, do not plug in the Airport WAN, run everything off the LAN. Turn off Airport’s DHCP and DNS, leave all that up to the Verizon box… strictly bridge mode.

13

md2000,

A lot of good information here, thank you for taking the time to write it all out. The option in the Airport Utility that I changed to get the printer to work is called “Network” and I changed the value from “Off (Bridge Mode)” to “DHCP and NAT”. Now last night I started having issues where the internet on my PC didn’t seem to work any longer and Netflix on my Apple TV also failed. So I went back to the Airport Utility and changed the value back to “Off (Bridge Mode)” and restarted the Apple TV and Netflix was working again! I didn’t have a chance to check the PC laptop to see if I could now access the internet again.

SO it seems that what you are telling me is that I should connect a cable from a LAN port on the Actiontec router to a LAN port on the Apple router right? I believe the Apple router is now back in bridge mode. Do I need to reset the Apple router after switching the cable? I’m not sure if they originally told me to use the WAN port or not. Maybe I simply plugged it in there. What does using the WAN port as opposed to the LAN port do in terms of change of functionality? I’m a bit surprised that LAN and WAN ports use the same connector, but maybe there’s a good reason for this.

What I was trying to avoid was having the Apple router constrained by the Actiontec router since it was my understanding that the Apple router is a faster more advanced router. Do you see this happening with it being hooked up LAN/LAN?

Thanks for any additional info!

14

Let’s leave the entire network, DHCP and DNS, running off the Verizon router box.
Since it seems questionable whether the WAN port on the Airport is usable in bridge mode as a LAN port, why complicate things?
Just leave Airport WAN unconnected.
Connect airport LAN to Verizon box.
Airport should be in Bridged mode.
Be sure DHCP is off on AirPort. Thus, all addresses are handed out by Verizon box
you may need to hard-code the LAN side IP settings of the Airport box.

Wifi mode on Airport should repeat over LAN to Verizon box and other destination, and vice versa - so you can access the internet wirelessly, your IP on Wifi should have the Verizon box as the DHCP server, and you should be able to reach the internet from Wifi.

This is the simplest configuration.

you may need to reset any devices that had gotten IP addresses from the Airport so they get new ones from the Verizon box.

15

Thanks again for the reply. When I get home tonight 'll move the cable from the WAN port on the AirPort to one of the 3 LAN ports and restart it. I’m pretty sure that DHCP is off when the AirPort is in bridge mode as the drop-down options for Network are:

  1. DHCP and NAT
  2. DHCP
  3. No (Bridge Mode)

I’ll ensure that it’s in “bridge mode” (option 3) and will try to ping the printer from the Mac Book Pro. I’ll report back here after I try this.

Thanks!

16

STATUS UPDATE:

So last night I moved the cable from the WAN port on my Apple AirPort router to one of the LAN ports and rebooted the router. I verified that the router was still in Bridge Mode as it had been from the night before when I switched it back after having issues with my Apple TV.

I then tried to access the internet from my iPhone, iPad, and Mac Book Pro and all worked. I plugged in my HP wireless printer (which had been unplugged for at least a day) and printed a photo from my iPhone and it printed without any issues!

The only issue I had was that my PC laptop (a Lenovo) wanted to install some Microsoft updates which I did. It downloaded and installed them seemingly without an issue. It also installed some Adobe software which also seemed to go smoothly. Then went I went to the internet from IE or Safari and it failed. I shut it down and restarted it and it still failed to access the internet. I’m running Windows 7 and have had some problems accessing the internet off and on from that PC. Before I installed the updates it seemed that I could access the internet from that laptop. I ran out of time last night trying to figure it out although it did say that the connection was refused when it attempted to connect to whatever it connects to (the router?). It does have a strong wireless signal and the downloads were done wirelessly so it’s kind of a strange problem. I hate Windows 7 and I hear that 8 is even worse. So I’m not sure what to do with it at this point. I will open a terminal window and see if I can ping the router or another device from the PC and try to take it from there.

Anyway, I just thought you’d be interested in my progress…I feel like I have taken about 3 steps forwards and one back, but at least I feel more confident in the router set-up and seem to understand it a bit better now. Thanks so far to all of the help from md2000! minor7flat5 was kind enough to contact me as well via PM, I replied, but have not heard back yet.