Results 1 to 13 of 13
  1. #1
    Super Moderator BATcher's Avatar
    Join Date
    Feb 2008
    Location
    A cultural area in SW England
    Posts
    3,413
    Thanks
    33
    Thanked 195 Times in 175 Posts

    One subnet, two routers: Advice please!

    The charity I'm helping at present has a networking problem with their subnet of about 30 PCs and a file-and-print server, all in a Workgroup (no, NOT a domain). Everything is connected by ethernet cables; there is no wireless.
    Unfortunately my networking knowledge is not extensive - even my terminology is probably suspect...

    ORIGINALLY
    • There is one router (call it OldRouter) which provides access to a necessary private network service, but is also used for internet browsing by the PCs.
    • This router is managed by another organisation, and to the charity appears almost entirely as a 'black box', with no access or changes possible by the charity (except by request).
    • OldRouter hands out IP addresses, etc, to the PCs via DHCP, but a non-DHCP range on the subnet means that it is possible to define static IPs on the PCs.
    • Problems have been experienced with the router (or the broadband line, or both) such that both the private network service and internet access get interrupted until the router is power-cycled.
    • The private network service's broadband line also suffers from congestion problems, curiously at the time when Windows Updates are being received and are flooding their network.


    CURRENTLY
    • To improve reliability and throughput, a second router (call it NewRouter) and an associated broadband line were acquired, and DHCP was turned off on this router.
    • Most PCs were set to use static IP addresses outside the DHCP range allocated by OldRouter, with NewRouter as their default gateway, and with Hosts file entries set to access the private network service.
    • Thus the PCs used NewRouter to access the internet, and OldRouter to access the private network service.


    FUTURE
    • The current situation works fine - except when OldRouter is having problems, since the private network service's DNS Servers are accessed via OldRouter, and the work of looking up ordinary web addresses cannot then take place.
    • It is being considered whether to hard code alternative DNS server addresses (e.g. Google's 8.8.8.8, 8.8.4.4) in the PCs, so that DNS lookups will still work even if OldRouter cannot provide access to DNS lookups.
    • One possibility is to arrange for DHCP turned off on OldRouter and have NewRouter hand out IP addresses and DNS server addresses itself via its own DHCP, so that all the static IP information could be removed from the PCs. I regret that the host file entries would still be needed, though.


    I hope that makes sense to network experts! I'd be very interested if someone could comment on what is being done and whether there are better ways of doing it. (Please explain carefully!)
    BATcher

    Time prevents everything happening all at once...

  2. #2
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,164
    Thanks
    47
    Thanked 976 Times in 906 Posts
    Your second router and link is a good solution to your intermittent link problem, but you should have gone the whole hog and used the new router for DHCP and DNS. I'm assuming the private network access does not require DNS because you talk about using hosts entries (always a bad idea in corporate land).

    Qs
    1. How are you routing traffic to the private network? i.e. how do the PCs know which router to use? Do you have routes set up manually or do you just dump the packets on the network and let the routers fight it out?
    2. Is the network connected to one or more switches and a router, then to the old and new routers, or is the whole lot on one/cascaded switch?

    Possibilities.
    1. Are you able to add DNS entries to the new router? If so you can do away with hosts entries. Router model?
    2. Can you install DNS / DHCP on the server, then you can set private network names/addresses and forward all other requests to new router.
    3. Use a 3rd router / master router to manage all traffic and set specific routes for private / internet. Then you can change the external connections at will and make a quick change on the master router to suit, plus it's zero config on the PCs (DHCP only).

    cheers, Paul

  3. #3
    Super Moderator BATcher's Avatar
    Join Date
    Feb 2008
    Location
    A cultural area in SW England
    Posts
    3,413
    Thanks
    33
    Thanked 195 Times in 175 Posts
    Paul: thanks for your reply, but I'm rather concerned to say that I don't actually know the answers to most of your questions.

    Q1: I thought that whichever Default Gateway was defined on a PC implied the router which was going to be used to route the packets from that PC.
    Q2: I've simplified the situation with regard to wiring. In fact there are two 24-port patch panels, one 24-port PoE switch, and OldRouter within a small cabinet, and a few wires leading to NewRouter (a Technicolor TG582n), and a couple of other boxes whose purpose I have not yet understood.

    P1: I have no idea whether I can add DNS entries to NewRouter - the user interface is particularly incomprehensible. Also, I don't know whether that would enable connectivity to the private network service.
    P2: in a former existence, with a domain and proper server, we started with having the server running DHCP and DNS, but moved it to the Netgear router for a now-forgotten reason.
    P3: that possibility is quite some way beyond my competence!

    I'm now amazed the system even works at all!
    BATcher

    Time prevents everything happening all at once...

  4. #4
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,164
    Thanks
    47
    Thanked 976 Times in 906 Posts
    Ouch! Sounds like the usual wing and prayer to me - not being disparaging to you, of course.

    For a network with multiple external gateways to function, each PC must have a routing table to tell it where to send which packet. Try "route print" on a working PC to see what you get.

    Q2: Only one 24 port switch for 30+ devices? How?

    P1: that router seems to be a "less than configurable" unit, so we'll have to keep it simple. With the route information we should be able to work something out.

    Any model nos for the "other" boxes?

    cheers, Paul

  5. #5
    Super Moderator BATcher's Avatar
    Join Date
    Feb 2008
    Location
    A cultural area in SW England
    Posts
    3,413
    Thanks
    33
    Thanked 195 Times in 175 Posts
    Q2: Only one 24 port switch for 30+ devices? How?
    There are a couple of 5- and 8-port ethernet switches, to share one wall socket between a number of PCs.
    Yes, I know...

    The switch is an HP ProCurve HP-E2620-24.
    It has a couple of VLANs on it that I don't want to talk about, except to say that one relates to a VOIP telephone system.

    OldRouter is a fairly hefty Cisco router, but I can't find any model number in the documentation I have at home.

    Here some Route Print info, anonymised.
    Code:
    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0    xx.yy.129.254     xx.yy.129.53     20
          xx.yy.129.0    255.255.255.0         On-link      xx.yy.129.53    276
         xx.yy.129.53  255.255.255.255         On-link      xx.yy.129.53    276
        xx.yy.129.255  255.255.255.255         On-link      xx.yy.129.53    276
           xx.ppp.0.0      255.255.0.0    xx.yy.129.254     xx.yy.129.53     21
           xx.qqq.0.0      255.255.0.0    xx.yy.129.254     xx.yy.129.53     21
            127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
            127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
      127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        192.168.100.0    255.255.255.0    xx.yy.129.250     xx.yy.129.53     21
            224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
            224.0.0.0        240.0.0.0         On-link      xx.yy.129.53    276
      255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      255.255.255.255  255.255.255.255         On-link      xx.yy.129.53    276
    ===========================================================================
    Persistent Routes:
      Network Address          Netmask  Gateway Address  Metric
        192.168.100.0    255.255.255.0    xx.yy.129.250       1
           xx.ppp.0.0      255.255.0.0    xx.yy.129.254       1
           xx.qqq.0.0      255.255.0.0    xx.yy.129.254       1
              0.0.0.0          0.0.0.0    xx.yy.129.253  Default 
    
    NOTES:
    	xx.yy.129.1-254 is the local LAn
    	xx.yy.129.254 is OldRouter
    	xx.yy.129.253 is NewRouter
    I have no info at the moment what are...
    	xx.yy.129.53
    	xx.yy.129.250
    I hope it helps!

    BTW it may help if I say that xx is 10!
    Last edited by BATcher; 2015-05-14 at 13:33. Reason: Add a clue...
    BATcher

    Time prevents everything happening all at once...

  6. #6
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,164
    Thanks
    47
    Thanked 976 Times in 906 Posts
    129.53 is the IP of the machine you are using. That's why it's used for everything else (0.0.0.0).
    129.250 is probably an old router/one of the boxes who's function you don't know. It is/was a gateway to the 192.168 network.

    You have static/persistent routes, which I suspected, and that is how your data gets to the private network.
    Q3. Is this set via a common login script or locally/manually?

    You have at least 2 private networks and possibly some relevant data in the DNS. DNS is the biggest problem as you have no control over it. I can see a case for installing DNS on the server which allows you to split the work between the new router and old router based on network name, e.g. mylan.local requests go to old router and everything else goes to new router. Then you can remove the hosts entries as well.
    P3. The HP switch is layer 3 so you can use it to route traffic instead of using static routes on the PCs. Combined with DHCP/DNS on the server you can move all network config off the PCs.
    Set up and management is pretty simple and as long as you document it anybody can follow it.

    cheers, Paul

  7. #7
    Super Moderator BATcher's Avatar
    Join Date
    Feb 2008
    Location
    A cultural area in SW England
    Posts
    3,413
    Thanks
    33
    Thanked 195 Times in 175 Posts
    Thanks - you seem to have sussed it fairly well!

    Yes, of course 129.53 is my PC - brane fade!
    129.250 is, I think, the HP ProCurve switch.

    Q3 Unfortunately all the IP details are set manually on each PC - it's a workgroup and everyone logs on locally. the server is just another PC of the same model as the others (but with 4GB and rather more disk space, running WS2008R2, not that you'd notice) and is used exclusively as a common file store and for printing.
    BATcher

    Time prevents everything happening all at once...

  8. #8
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,164
    Thanks
    47
    Thanked 976 Times in 906 Posts
    I can't imagine why you'd need a route to your switch - very odd.

    Your choice is either stick with the problematic router / DNS, or fix it properly. As it's a charity I'd leave it alone and show them how to reset the Cisco - until it goes completely pear shaped.

    I would document the PC hard config and routes. Also worth getting a handle on the other devices and documenting...
    BTW, did I mention documentation?

    cheers, Paul

  9. #9
    Super Moderator BATcher's Avatar
    Join Date
    Feb 2008
    Location
    A cultural area in SW England
    Posts
    3,413
    Thanks
    33
    Thanked 195 Times in 175 Posts
    Yes, I've met documentation (I need to do quite a lot because of lack of remembrage) - and I wish the 'person' who set up this @@@@@@ had thought about doing some at installation time!

    As I said, the Cisco router is a black box, and about all that can be/is done is power cycling, on an approximately daily basis.

    Thanks again for your efforts on my behalf!
    BATcher

    Time prevents everything happening all at once...

  10. #10
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,164
    Thanks
    47
    Thanked 976 Times in 906 Posts
    I didn't realise it was a daily thing. I think you should try and fix / replace the Cisco - they're normally very reliable. It may be covered by Cisco maintenance so the fix should be free.

    cheers, Paul

    p.s. you may be able to get the Cisco details over the wire if you have remote access. See method 3 in this post: http://www.techrepublic.com/blog/dat...serial-number/

  11. #11
    Super Moderator BATcher's Avatar
    Join Date
    Feb 2008
    Location
    A cultural area in SW England
    Posts
    3,413
    Thanks
    33
    Thanked 195 Times in 175 Posts
    Sadly the Cisco router got replaced some time ago, with no improvement.
    I think this matter has now been put in the "too difficult" pile...
    BATcher

    Time prevents everything happening all at once...

  12. #12
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,164
    Thanks
    47
    Thanked 976 Times in 906 Posts
    The router may be failing due to a memory/buffer/table filling up, a reset then clears it for a while. http://www.cisco.com/c/en/us/support...-why-hang.html
    It could be flapping BGP routes. http://www.cisco.com/c/en/us/support...c-routing.html

    (I don't have a too hard basket)

    cheers, Paul

  13. #13
    Super Moderator BATcher's Avatar
    Join Date
    Feb 2008
    Location
    A cultural area in SW England
    Posts
    3,413
    Thanks
    33
    Thanked 195 Times in 175 Posts
    Thanks, Paul - I will forward these links to the maintaining firm!
    BATcher

    Time prevents everything happening all at once...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •