I know (but don’t completely understand) that it’s A Bad Thing to daisy-chain a second router onto my first and have them both be DHCP servers.
But I have a situation that seems to be a variation, it’s working and I’d like to understand why.
Here’s the setup:
I have my incoming internet connection and it has a static IP address.
That plugs into a router that is at the traditional 192.168.1.1 and has a subnet of 255.255.255.0.
I have another router. (Ominous music here.) I take the WAN (internet) port of this router and connect it to a LAN port of the first router. This second router’s IP address is at 192.168.199.1.
Both routers are set up as DHCP servers.
I can browse the internet from a PC on either.
Is there a problem waiting to happen here? If so what and why?
Frankly, I expected the PC plugged into the second router to make bad noises and refuse to do anything (maybe self-format the C: drive out of spite) when I did this, but then I thought that the .199.x range was a safe place to be… but then imagined reasons why it might not be, resulting in a headache and a decision to ask here.
Googling for an answer mostly seems to get me many, many articles about why you should never have two routers in the 192.168.1.1 range and I almost understand this–but that should be a separate thread.
So, as asked above: What pitfalls have I just not found yet?
What you’re doing sounds fine to me. You’ve got two subnets (192.168.1.0/24 and 192.168.199.0/24). The PC on the second should get an IP in the same range as its subnet from the router’s built-in DHCP. I don’t think there should be any problems with the DHCP, as long as the second-level router has its address and subnet manually configured, and isn’t trying to configure itself via DHCP.
FWIW, multi-level DHCP setups are actually fairly common. My own router gets its external address via DHCP from Verizon FIOS, and serves my computers DHCP addresses in my private /24 subnet.
If you had two routers serving DHCP on the same subnet, that would be bad indeed.
The second router only serves up DHCP on its inside interface. Unless you make a special effort (a helper address) to move DHCP between VLANs, then DHCP requests and responses won’t cross a router.
You are CASCADING routers from my understanding of the situation. on the first router A you have plugged into its LAN port a router B. This is OK. All that happens is that the 199 subnet has to go through two routers, 2 levels of adress translation will be a little slower. Also, units on B will not be able to see A network (unless you set up DNS and point things right, since generaly small networks rely on braodcasts)
What you may have heard is where someone tries to use Router B as a switch, to plug it into Router A with LAN to LAN (not WAN to LAN) connection. This is bad on several levels. First, you have 2 units handing out addresses on the same subnet. If the addresses are the same, then you have a router (gteway IP) address conflict; let’s say both routers think they are 192.168.0.1; either one quits or they both respond, screwing up networking royally.
Less crashworthy but more confusing, some routers default to 192.168.1.1 and use that subnet. Then, your PC may or may not pick up an address from the router connected to the internet. (depending on who is faster, A or B) If yes, you work fine. If no, you look to have a valid (.1.) IP, but can’t get to the internet.
You can use your 2nd router as a switch - give it a compatible, not conflicting internal (LAN side) address, then disable DHCP so there is only one DHCP server (and the default gateway address is the router on the Internet connection) and tada- you have another switch, everyone can see everyone on one simple subnet.
This was my arrangement for years. I did this so that I could put the kids on a separate network, completely and totally filtered by me at the main router.
It worked like this: I put dd-wrt on a Linksys WRT-54G, to provide granular access control. I then plugged the WAN port of the kids’ router into one of the LAN ports of my Linksys router.
Then, since the Linksys saw the kids’ router as a single IP address (e.g. 192.168.1.2), I was able to set access rights for that address, with firewall rules and time limits.
I did this because it was painfully clear to me that nannyware on a PC wouldn’t work at all: the kids have many different gadgets that all need wifi access in order to be useful, such as a Wii or a iPod Touch. By giving them their own wireless network and throttling the WAN cable that went into it, I was able to fairly successfully limit their Internet usage.
Thank you everyone. Since it did seem to be working properly, all prior experience has shown me, usually means it’s lying in wait to fail spectacularly at the most inopportune moment. NIce to know this might not be the case.
OK, the real simple skinny is this:
It means nothing much to the casual user. It only would cause acid indigestion for some rare cases that don’t like NAT (Network Address Translation) and direct connects for some specialized software.
First, 192.168.whocares is a special PRIVATE network group. ANYONE can use it with impunity, as NOBODY with a working brain would TRY to route that which is unroutable.
So, it REALLY depends on WHAT you’re trying to do.
NOTHING will work from outside to the 192.168. ANYTHING network, it’s dedicated as a test network. As is 10.ANYTHING…
So, anyone that gives me an IP of 192.168.anything or 10.anything for a file transfer goes into the trashcan, save if I were on the LOCAL network.
HTH. If not, shoot me a message and I can help. It’s only math…
Oh, it did. Thanks. I’m not trying to do anything complicated so much as I wasn’t sure why I hadn’t been struck by lightning. I had a problem when everything first booted up but it started working correctly right after I reset everything so I suspected that there was something that was going to go wrong later.