Ok, In theory I think this should work, but I wanted to get a second opinion.

My daughter lives with a family that has a secured wireless router. However, they do not know the key so she can't connect wirelessly. They also don't want to reset the router, because no one there know how to set it up.

So my thought was to give her a spare wireless router that I have. Have her connect it, via a patch cord, to their router. She can then configure that router for her access. She doesn't need to share anything on their network except the internet connection.

Will this work? Since the second router is hardwired to the first one, the key shouldn't apply. So all she would need to do is configure the IP of the router to not conflict with the other, then set it up for her own security. Is that correct?

Scott<>

It will work if it can be configured as an "access point" with a fixed IP address on the network. This I can guarantee.

Some routers can. Some cannot.

Not sure, if it will work otherwise.

If a router is configured to get it's address via DHCP, you have to be able to find it. On a small network; ping x.y.z.255 and an arp -a before and after it plugged in should let you find it. If you give it a different network name, then potentially it will work but printers, etc won't be easily accessible.

example from my network:

Pinging 10.0.1.255 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 10.0.1.255:
Packets: Sent = 4, Received = 0, Lost = 4 (100&#37; loss),

C:\Documents and Settings\normal>arp -a

Interface: 10.0.1.3 --- 0x10005
Internet Address Physical Address Type
10.0.1.1 **-**-**-**-**-** dynamic
10.0.1.2 dynamic
10.0.1.205 dynamic
10.0.1.207 dynamic
10.0.1.210 dynamic
10.0.1.215 dynamic
10.0.1.220 dynamic

I commented out all of the physical addresses.
Above 200 is fixed. 2 printers, 1 access point, 1 wireless printserver (dud), wireless repeater

You can figure out what they are by looking for the MAC address and comparing it to the number on the bottom of the device.

.1 is the router
.2 is the computer I am using now (DHCP)

So all she would need to do is configure the IP of the router to not conflict with the other, then set it up for her own security. Is that correct?

Mostly. The second router if she's going to use it wirelessly should have it's radio channel set to something other than what the first router is using. Non-overlapping channels are 1, 6, and 11 for 802.11 B,G. There still could be an issue with interference if the existing router is set to scan for best channel.

Another gotcha could be the existing router will require a password for configuration via either telnet or http access using the wired ports. Seems improbable to me that someone would have configured secure wireless and then left the wired side of the router completely open. Additionally, any wired services (e.g. DHCP) offered by the existing router should be disabled on the second to avoid any networking conflicts for wired clients.

Do the right thing and have them get someone to reset the router, configure, and document it. Nothing pisses me off more than to arrive on a service call and be told to set something up and make it work with the existing gadget they didn't mention beforehand, that no one knows anything about, that isn't documented, and that cannot be modified.

My thinking here was that the second router would be assigned an IP in the scope of the first router. The second router's DHCP would then be used to assign an IP when she connects to that router using its SSID. I was thinking of using a different scope for the second router.

The guy who set this up for them barely knew what he was doing. So I doubt if they secured the wired portion, but we will see.

If my theory is correct, she should be able to plug the second router into their router and connect her laptop directly to the second router and that should give her Internet access. If it doesn't, then I can remotely connect to her PC and configure the second router.

Sounds like a plan. The more full featured the second router is, the easier the integration will be with the existing router.

Ok, here's an update. My daughter plugged in te second router (which is the same model-Linksys WRT54GS) then plugged in her PC and was able to get on the Internet. So I suspect the wired portion is not encrypted and my plan may work.

Oddly, however, the family's Sirius readio which is run through the PC, cut out. I can see no reason for this. My daughter disconnected and they rebooted and the radio came back.

I spoke to their son (who doesn't live there) who set up the system and he doesn't remember setting up a key. But when my daughter checks for available networks theirs is lised as Secured!

Admittedly my knowledge of this is more conceptual than practical. So I'm not 100&#37; sure what is done to a wireless router so it shows up as secured on the list.

So I suspect the wired portion is not encrypted and my plan may work.

The wired portion won't be encrypted.


Oddly, however, the family's Sirius readio which is run through the PC, cut out.

Have to think about that one. I don't know anything about Sirius. Was Sirius the only thing or did all Internet access stop?

For this particular router, I'd expect the following possibility if all Internet access stopped. Use "ipconfig /all" from the command line on the existing computer and see if the default gateway is correct. If DHCP is enabled on the second router the existing computer may be getting an incorrect configuration. DHCP cannot be disabled on a per interface basis on this router. Enabling it at all on the second router (for the wireless) also enables it for the wired interface - both interfaces share the same subnet. When a wired or wireless client broadcasts a DHCP request, both routers with DHCP enabled will respond and it's hit or miss which offer is accepted by the client. Try turning off DHCP on the second router. Her laptop should be dynamically addressed on the existing subnet even wirelessly by the DHCP server on the existing router. Statically configuring her IP address in the same subnet but outside of the DHCP range would also work.

Also, are you using the Internet interface on the second router to connect to the other router or one of the switch group ports? Using the Internet interface connected to one of the existing router's switch ports could give her her own subnet and firewalled protection (if configured so) from the family's subnet and eliminate any DHCP duplication issues.


So I'm not 100% sure what is done to a wireless router so it shows up as secured on the list.

The wireless interface will be configured with an authentication method and an encryption suite. The specifics vary from router to router. For the WRT54GS, they are listed as security modes WEP and WPA-Preshared Key with a TKIP or AES algorithm on the wireless tab in the router's web-based administration interface.

If DHCP is enabled on the second router the existing computer may be getting an incorrect configuration. DHCP cannot be disabled on a per interface basis on this router. Enabling it at all on the second router (for the wireless) also enables it for the wired interface - both interfaces share the same subnet. When a wired or wireless client broadcasts a DHCP request, both routers with DHCP enabled will respond and it's hit or miss which offer is accepted by the client. Try turning off DHCP on the second router. Her laptop should be dynamically addressed on the existing subnet even wirelessly by the DHCP server on the existing router. Statically configuring her IP address in the same subnet but outside of the DHCP range would also work.

Also, are you using the Internet interface on the second router to connect to the other router or one of the switch group ports? Using the Internet interface connected to one of the existing router's switch ports could give her her own subnet and firewalled protection (if configured so) from the family's subnet and eliminate any DHCP duplication issues.
.

The second paragraph is my plan. Once she connects to the Internet I plan on remoting into her PC and configuring the second router to use a different subnet and DHCP scope. I have no problem given a static IP, but I would only want it to work when connected wirelessly to the second router.

The second paragraph is my plan.

Ok, then I don't know why Sirius might break. Hmm...


I have no problem given a static IP, but I would only want it to work when connected wirelessly to the second router.

Connected this way, static not really needed to avoid dealing with equipment limitations. But, a second network connectoid could be setup. Have one for DHCP and one for HOME. She can pick the network for where she is or set the HOME to be automatic. Possibilities are somewhat dependent on whether Windows or the network adapter software is managing the connections.

Here is an example of what will work (without using two different subnets):
Wireless router with DHCP:
Acquire WAN address from ISP via DHCP
IP 192.168.1.1
SM 255.255.255.0
DNS address for ISP's DNS servers
DHCP Scope 192.168.1.50-100
Wireless security turned on

Connect one of the LAN ports on each router together.

Second wireless router:
IP 192.168.1.2 (or other address not is DHCP Scope)
SM 255.255.255.0
DHCP Scope DISABLED
Wireless security turned off

When a computer connects to your network via wired or wireless connection, only one DHCP server will answer and will hand the appropriate address of your router. You can have multiple DHCP servers as long as they have different Scopes, but each one MUST be configured to hand out only the ONE gateway address on your network. You do not want multiple gateway address possibilities.

Thanks Chuck, but you have me a little confused.

What I was thinking is this:

Wireless router with DHCP:
Acquire WAN address from ISP via DHCP
IP 192.168.1.1
SM 255.255.255.0
DNS address for ISP's DNS servers
DHCP Scope 192.168.1.2-100
Wireless security turned on

Connect one of the LAN ports on each router together.

Second wireless router:
IP 192.168.2.1 (or other address not is DHCP Scope)
SM 255.255.255.0
DHCP Scope 192.168.2.1-10
Wireless security turned off

Won't this cause the DHCP server on the second router to assign the IP? I don't want to make any changes to the main router (not even sure if I will be able to get into it to do so). That's why I thought of going with 192.168.2.x

Also, Do I need to configure the second router first. I'm not sure what the default address is for the second router. It might be the same as the first one. So I though I might have to connect it to her PC first and change that.

I have no problem given a static IP, but I would only want it to work when connected wirelessly to the second router.

I have no idea what the above means: 1) You want it to work as a wireless repeater or 2) You want it connected wired, but have you daughter's laptop connect wirelessly.

There also some confusion on which ports were used for the test. Was the uplink port used?

The routers usually act like a hub/switch if just the ports are used.

The ping/arp thing allows you to find out what is on the network. You can find the current IP address of the extra router by looking for the MAC address in the arp table. You MIGHT be able to discover if the extra router is dishing out an address by DHCP.

The arp table also would help you determine what addresses to use because they are typically assigned seqentially So, if addresses 192.168.1.1, 1.2, 1.3, 1.4 are shown to be assigned. Bumping to an fixed address of 192.168.1.100 with a DHCP scope of 1.101 - 1.120 probably wouldn't interfere.

Doing a tracert from the connected PC MIGHT discover how a packet is getting to the gateway. i.e. Does it pass through the extra router.

The default address of the router should be in the documentation, but if you never reset it, it should be the same. 192.168.1.1 is a common value, although I don't know what it is for the Linksys.

I think it was entirely possible that the Sirrus radio was interrupted by being assigned the same address or both routers having the same IP address.

NetStumbler.com (http://www.netstumbler.com) is a free application which will tell you a lot about available wireless connections such as the s/n ratio, the type of encryption and the actual access point (MAC address) your connected to.

Scleros:

I didn't understand the purpose of the port looping.

Scott:
To re-iterate. Make sure the extra router is connected to the permanent router via the uplink port.

Scott,
You presented Option A and I presented Option B. Two ways to tackle the same problem.

A) - two different networks, one secondary routed to the other (primary) with the Internet connection. You would have to connect the WAN port on the second router to LAN port on the first router. The second router would be set to obtain a DHCP address on the WAN port from the first router. This way, it will obtain the route TO the first router. You will probably need to also add a static route in the first router BACK to the second router.

B) - one network, one router, one DHCP server, two access points.

Note: in your example, the second router is addressed within the DHCP Scope. You would need to move the DHCP Scope to something like 192.168.2.11-20. Also, you are correct, the DHCP server in each network will hand out addresses for that network. So you can point your wireless adapter to either one - secured or not secured.

In my example, the first router should be setup as I have described. No changes necessary. There is only ONE DHCP server which will hand out addresses for BOTH access points (WAP's). One WAP is secured, the other is not.

NetStumbler.com (http://www.netstumbler.com) is a free application which will tell you a lot about available wireless connections such as the s/n ratio, the type of encryption and the actual access point (MAC address) your connected to.



KISS, thanks for the link.

Scleros: I didn't understand the purpose of the port looping.

Heh, and I don't understand what you mean by port looping. It wasn't clear how the physical connections were to be made. Those routers have an Ethernet Internet port and a 4 port switch group. Connected switch to switch, the second router would function as merely an access point and share the existing subnet. Connected Internet to switch, it would function as a router and create a second wired/wireless subnet. If something I wrote could be construed as a wiring loop, point it out so it can be corrected.

Scerlos:

That's what I get by not rechecking before posting. I must have misread something like post #14 which wasn't yours. Sorry.

I think the above post does paint a very clear picture.

Do, you agree that the second router should function as an access point with DHCP and NAT disabled with the second router given a fixed IP address?

Or do you think it would be better functioning as a router?

I like the former option better as long as a fixed IP address can be found for the second router (access point).

Do, you agree that the second router should function as an access point with DHCP and NAT disabled with the second router given a fixed IP address? Or do you think it would be better functioning as a router?

I agree it would work that way, but if it was me, I'd do the router setup so I'd be insulated from any crap that might infect the family's computers and any breaches they might have in their wireless security.

Scerlos:

That's what I get by not rechecking before posting. I must have misread something like post #14 which wasn't yours. Sorry.

I think the above post does paint a very clear picture.).

It is an addendum to #11.



Do, you agree that the second router should function as an access point with DHCP and NAT disabled with the second router given a fixed IP address?


Yep, for your namesake... KISS.:D

Either way will work. If the kiddo is prone to downloading viruses and the like, then the extra security of an additional routed network may be the answer., but then I am a DINK by definition - Dual Income No Kids.

OK, latest in this saga. I just talked to the kiddo and we configured the router's IP to 192.168.2.1. However, the DHCP scope is hard coded to start at 192.168.1.x. Only the x is changeable. The default is 100 with 50 users. So I assume that means a scope of 100-149. I had her change it 200.

They were using the Internet at the time so we didn't take the second step to connect her router to theirs. We'll do that another time.

So my next question is will it work with the scope being different form the router's IP? Or should I cahnge the router to 192.168.1.200 and start the scope at 201? Also do we connect their router to her WAN port or the uplink port.

Scott:

It would really help if you posted the results of the ping/arp scan of that network.

Results from the cmd prompt can be copied to the clipboard by right-clicking on the top of the window, selecting mark. Highligt and depress <return>.

If what you say is true about the hard-coding, it just reinforces "I hate Linksys" additude that I have. Their stuff doesn't work and their support is bad. My experience anyway. Once you make changes like that, the router typically has to re-boot or power-up/power down for those changes to take effect.

The new router needs an address on the network that doesn't conflict.

If the address is not on the original network, then the WAN of the new router gets connected to the LAN of the existing one. NAT and DHCP should be enabled.

If the address is on the existing network, then the LAN of the new to the LAN of the old should suffice. No firewall stuff happens. NAT and DHCP should not be enabled.

In both cases, we asre assuming that the router's address is not assigned via DHCP.

Scott,
Change the router address to 192.168.2.1 then save it. You will find that the "hard coded" DHCP Scope will then automatically change with the router's network ID.

Found that out the hard way too; got the mug and T-shirt on that lengthy visit.

Scott,
Change the router address to 192.168.2.1 then save it. You will find that the "hard coded" DHCP Scope will then automatically change with the router's network ID.

Found that out the hard way too; got the mug and T-shirt on that lengthy visit.

Ahh that's been done and saved. So the next time I open up the config It should show 192.168.2.200? Even if is shows 192.168.2.100 that's fine as long as it doesn't conflict with their router.

So my next step will be to connect hers to theirs. Should I go into her WAN port or the uplink port?

Aside to Kiss, the laptop is 800 miles away. Right now I can't get it to connect to their network to do any pings. When I can get it to do so, I'll post the results.

Any computer on the network will do.

Connecting into the computer probably won't happen either, because you have to port forward the required ports on the router you aparently don't have access to.

So my next step will be to connect hers to theirs. Should I go into her WAN port or the uplink port?


When you change the IP of the router, you will have to reconnect to it using the new address. You should immediately see the change in your DHCP Scope. It should then agree with the new network ID of 192.168.2.x instead of 192.168.1.x.

Set the WAN port on the second router to obtain an IP address manually and assign one to it in the 192.168.1.x network that does not confict with any other addresses (example 192.168.1.2). You could set it to DHCP but there is a lease period for DHCP and it would have to continuously reaquire the address and update the route table if it changed. Not a big deal if you did set it to DHCP. Add a static route on router #1 to route 192.168.2.0 mask 255.255.255.0 to 192.168.1.2 (as in example above). This will provide your return path from the primary to the secondary network. Herein lies the problem. You still have to make a change to the setup of the first router.:(

Connect WAN port on router #2 to LAN port on router #1. Connect kiddo's laptop to either LAN port ethernet cable or to wireless on router #2. All of the other family computers would connect to LAN port ethernet or wireless on router #1.

Add a static route on router #1 to route 192.168.2.0 mask 255.255.255.0 to 192.168.1.2 (as in example above). This will provide your return path from the primary to the secondary network. Herein lies the problem. You still have to make a change to the setup of the first router.:(

The first router doesn't need to know anything about the .2 network or a route to it if the second router NATs. Any return packets will have a destination address of the second router's WAN port which is on the local LAN of the first router.

The first router doesn't need to know anything about the .2 network or a route to it if the second router NATs. Any return packets will have a destination address of the second router's WAN port which is on the local LAN of the first router.

Totally agree... IF it NATs. Using DHCP on the WAN port of router #2 would help in this regard since the address it is provided automatically becomes part of the table in router #1.

Just wanted to l;et you guys know the results.

It Works!!

When she reloaded the router config, the scope did change to 192.168.2.200. She then connected their router to the WAN port on hers and she had Internet access. So she then disconnected her laptop from her router and searched for wireless networks, the SSID she setup was listed and she was able to connect to it and get Internet access. Nor was their network interfered with. I then setup MAC filtering for her so they can't get on her network.

And she is a happy camper.