Tags:



...



I will buy square wheel before I buy another Netgear router.
July 13, 2006 5:42 PM   RSS feed for this thread Subscribe

I want to plug a WPA-enabled Netgear WGR614 POS-edition (that I hate) into a WEP-using Linksys WRT54G (that I love). It doesn't work, and I'm about ready to inentionally brick the Netgear just out of spite.

I've searched the archives and couldn't find anything helpful. Some questions deal with bridging or repeating a single network, but I'm more interested in setting up two interlocking ones.

Here's the setup: Cable Modem > Linksys using WEP > Netgear using WPA. I want this particular setup because some of the computers on the network only run WEP, but I'd like an alternative that uses WPA so its easier for visitors to get on. Should this be unworkable I can potentially ditch the Netgear, but the Linksys stays, hence it must use WEP.

Anyway, so the Linksys works fine. Gets Internet, can get to DNS, works like a dream, love the thing. It gets DHCP and lives at 192.168.1.1 locally, doing DHCP of its own from 192.168.1.2 through 192.168.1.20. So then I plug the WAN/Internet port on the Netgear into one of the LAN ports on the Linksys. It is set to get settings via DHCP, and in turn do its own DHCPing, from 192.168.1.100-192.168.1.120. When I go into the settings of the Linksys I can see that it sees and is assigning an IP to the Netgear, and in the Netgear's status I can see that it is getting those settings: IP (192.168.1.3), Subnet(255.255.255.0), gateway (192.168.1.1), DNS (44.20.whatever.myISPs.DNServers.are).

I can connect to both networks, but only the Linksys gets internet. I can connect to the Netgear's network and ping the router, but CANNOT ping the gateway, namely the linksys at 192.168.1.1. The Linksys is on channel 1, the Netgear on 11. The Netgear's local IP is set to 192.168.1.3, like what it gets via DHCP. I realize that this could change (the DHCP IP lease time on the linksys is set to 24 hours), and is another problem I'll have to address, but I want to get the damn thing working first. So, is this set-up possible with the equipment I have? What am I doing wrong?
posted by ChasFile to computers & internet (17 comments total)
Can you try updating the drivers on the computers that only run WEP to see if they'll support WPA?
posted by k8t at 5:47 PM on July 13, 2006


Can't you just disable DHCP on the Netgear? I've done something similar to this before, and that's how I did it.
posted by Brian James at 6:02 PM on July 13, 2006


I've set up things like this before, though not for the exact same reasons. The 2 important things to make sure of are
  1. turn off the DHCP server on the router that's not directly connected to the internet, in your case the Netgear needs it turned off, and
  2. Run the cable between the two routers using the LAN ports on both. In your case, that means the WAN port on the Netgear should be unused. You may need a crossover Ethernet cable, available for rip-off prices at any office supply store, for this to work.
Having 2 DHCP servers on the same LAN doesn't work because the Netgear will mis-assign itself as the Default Gateway, which means that packets destined for the internet will go to the Netgear instead of the Linksys.
posted by boaz at 6:02 PM on July 13, 2006


When nesting NAT routers you should use different IP ranges for each one.
posted by cillit bang at 6:11 PM on July 13, 2006


Boaz is suggesting bridging both routers on the same wired LAN, so that you're *not* nesting them, which is how you're hooking them up now.

He's correct, that will put both wireless adapters on the same network segment, on the back side of the NAT that connects to the Internet (and I don't think it matters which one that is at that point), but it does require -- as he also notes -- that you turn DHCP off on one of the routers.
posted by baylink at 6:30 PM on July 13, 2006


It's been my experience that d-link routers are buggy about passing DHCP through when doing WPA in an arrangement like boaz suggested. It's possible netgears are too.
posted by rbs at 6:30 PM on July 13, 2006


cillit bang probably has your answer. Let the Linksys be 192.168.1.x and the Netgear will get its WAN address assignment from the Linksys DHCP and become, say, 192.168.1.3 on its (the Netgear's) WAN port. You should be able to specify a range of addresses for the Netgear's DHCP server to hand out. Make this range 192.168.2.1 to 192.168.2.5 or something.

For a less flaky set up, you might be able to hard code the WAN address of the Netgear router, by making the appropriate hard coded entries in both the Linksys and Netgear setup screens; the advantage of doing this is that you don't have to hope that the DHCP servers come up in the right order (Linksys before Netgear) when re-booting the routers.
posted by paulsc at 6:33 PM on July 13, 2006


2. Run the cable between the two routers using the LAN ports on both. In your case, that means the WAN port on the Netgear should be unused. You may need a crossover Ethernet cable, available for rip-off prices at any office supply store, for this to work.

If you do this then you're essentially using the Netgear as a glorified WPA-enabled access point, which might actually be what you are looking for. I'd agree that two routers both doing DHCP seems unnecessary.

Also, you don't really want to double-NAT if you can help it, as it just adds another level of complexity.
posted by ranglin at 6:34 PM on July 13, 2006


You should not use WEP. It is completely insecure and can be cracked in under 5 minutes by anyone with a _tiny_ clue. Ditch the Netgear and switch the Linksys to WPA. If you have devices that use WEP only, consider them obsolete and trash them.

I'm serious.... your traffic can be snooped and hijacked from well over a mile away using equipment that costs under $100. If they spend more, they can hit you from further still.

WPA is, at the moment, considered pretty good. It probably won't last forever, but it's good right now. WEP, however, is completely broken and should never be used.

Recovering from a hacker is an extremely painful and expensive process. Replacing WEP-only equipment is cheap in comparison. If your identity is stolen, which would be easily possible, it could take years to repair the damage.
posted by Malor at 7:26 PM on July 13, 2006


OK, I'll look into the "turn the Netgear into glorified WPA-enabled access point by turning off DHCP" solution, which seems fine. How, if I wanted too, would I "nest" the networks? Is there a tutorial or procedure or something on that?
posted by ChasFile at 9:17 PM on July 13, 2006


Also, I very much feel you on the "Throw out the machines that can't WPA" tip. Unfortunately, its not really an option; its a company machine that a) has to be used and b) can't have new hardware or software installed on it (for security reasons, I guess :-)
posted by ChasFile at 9:26 PM on July 13, 2006


What you were *doing* was nesting the networks: putting one router *behind* the other one. In cabling the two lans together, you're taking the *router* of the second one out of play entirely, and treating it as a hub with a WAP attached.

This is much safer than trying to run one router behind the other; plugging oue router's uplink into the other one's hub.

(There *are* reasons to do that; primarily offering public wifi off the outside router and private "secure" wifi off the inside one, but I gathered that wasn't what you were trying to do.)
posted by baylink at 9:57 PM on July 13, 2006


How, if I wanted too, would I "nest" the networks? Is there a tutorial or procedure or something on that?

Nesting simply means plugging the input/WAN/internet port of one router into one of the output/LAN/network ports of another.
posted by cillit bang at 8:56 AM on July 14, 2006


If at all possible, can you acquire a dedicated access point instead of using a neutered router (tee hee)?

I was using a D-Link router with DHCP off as a second AP until I traced my chronic network problems to it. Plugged in, file transfers would get aborted and SMB browsing was impossible. Unplugged, everything worked fine.

This was an overstock special and my current D-Link router (used as a router) works fine, and this isn't a D-Link so obviously it may not be a problem at all for you.

But for $65 or so you can pick up a Linksys WAP54 which by all accounts is quite nice and use that as a WEP only AP. Not that you should do such a thing from a security perspective.

It may be worth your while to (if security is a concern) set up a software encrypted tunnel or VPN that works over the WEP link as WEP is pretty much useless.
posted by Skorgu at 10:21 AM on July 14, 2006


Hijack: do any of the reasonably informed people who are inhabiting this thread know if *anyone's* WAP/wrouter hardware is physically capabale of service two different WLANS at the same time? Should I just ask this up top?
posted by baylink at 11:09 AM on July 14, 2006


baylink, what you're asking about is generally known as VLAN (virtual LAN) support - for the Linksys WRT54G this has been "sort of implemented" in OpenWRT. But this kind of thing generally requires more processing power than is generally available in SOHO level wireless routers, since it is generally more a requirement of larger WLAN systems, with more clients and security/service profiles. Pro gear suppliers such as Symbol Technologies and Cisco make a point of it.
posted by paulsc at 10:26 PM on July 14, 2006


If you'd like to read that Symbol whitepaper and don't feel like dealing with idiotic (and broken) signup pages, try the horse's mouth.
posted by Skorgu at 8:09 AM on July 17, 2006


« Older Have any MeFites had experienc...   |   Help me learn to properly mix ... Newer »
This thread is closed to new comments.