Why are PCs pulling IPs from the wrong router? (Diagram included)
January 8, 2013 1:06 AM   Subscribe

We have two offices, front (sales) and back (paperwork) and we have our "main" router in the front, which serves the front desk computers, and then from the router we have run Ethernet to the back office into a hub which then serves a bunch of PCs, a printer, and, we would like, a Wi-Fi router (or rather a router with Wi-Fi). The purpose of the Wi-Fi router connected to the hub is only to allow Wi-Fi devices access to the network. Unfortunately, for some reason, when the router is connected to the hub, all the other PCs also connected to the hub pull their IPs from the Wi-Fi router's DHCP / use it as gateway instead of the "main router" in the front office. Why is this?

Here is a link to a masterfully crafted diagram of the setup.

As long as the wi-fi router isn't connected, everything works. Once connected to the hub, the back office PCs switch to using it and pull IPs from it etc.
posted by Unhyper to Computers & Internet (8 answers total) 1 user marked this as a favorite
The problem is that your Wi-Fi access point is configured to provide DHCP services on its LAN ports. You have two options:
  1. Put the Wi-Fi access point into bridging mode (sometimes there is an explicit option for this, sometimes it's automatic when you turn off the access point's DHCP server) and connect the access point to the hub via one of its LAN ports.
  2. Alternatively, leave the Wi-Fi access point's configuration alone, but connect the access point to the hub via its WAN port, not one of its LAN ports. The downside of this is that wireless devices will be double-NATed.

posted by RichardP at 1:25 AM on January 8, 2013 [2 favorites]

Yep, similar to #1 by RichardP, you'll want to disable the DHCP server on the wireless router. If all you're trying to do is extend the network to include wireless, you don't need a router, just an access point. "Bridge mode" basically turns the device from the former into the latter.
posted by maxim0512 at 4:57 AM on January 8, 2013 [2 favorites]

BTW, to actually answer your question, PCs on the network broadcast that they need an IP address and accept the first response they get from a DHCP server. So, it appears that your Wi-Fi router is quicker to respond to DHCP requests than the VPN router.
posted by maxim0512 at 5:00 AM on January 8, 2013

It may be worth investigating whether you can flash your wifi router with different firmware- I've had good results with dd-wrt, others prefer tomato. I've found that the dd-wrt firmware gives me much better control over the router- including disabling the dhcp server, which is probably what you need to do here.
posted by jenkinsEar at 5:34 AM on January 8, 2013

If I remember correctly, you want to set the secondary, wireless router to access point or bridge mode.
posted by gjc at 6:39 AM on January 8, 2013

All you need to do is turn off the DHCP server in the wireless router, and make sure all network connections go through the LAN ports (nothing plugged in the WAN port). I would also assign a static IP (outside the DHCP range of the vpn router, but on the same subnet) to the wireless router so you can access the configuration. Wireless security is set on the wireless router, but it doesn't do any DHCP stuff, and simply passes through all DHCP requests back to the VPN router. No custom firmware or putting the wireless router in bridge mode needed.
posted by defcom1 at 8:26 AM on January 8, 2013 [1 favorite]

Unless you're doing something unusually complicated in your office, you never want more than one router. Everything else should be configured as a switch.
posted by empath at 9:23 AM on January 8, 2013

Yeah, custom configuration/firmware is definitely overkill. What you're doing here is turning your wireless router into a wireless access point - turning off its DHCP server component is the simplest way to achieve this.

For future reference, a Wireless Access Point (WAP) is both cheaper and simpler to setup as a 2nd/3rd etc wireless device on a small network, as it just provides wireless access without any of the other stuff that comes with a router.

To further explain some of the terms tossed about above;

A router routes from one disparate network to another; specifically, it routes data from your internal local network to the external, internet network (and back again). This requires knowledge of both networks, because neither network is aware of, or capable of talking to each other on their own. Thus the router has a fairly complex set of config and rules to do this, though most of them come automagically configured for standard setups.

A bridge simply connects two physical networks into one - like a physical bridge, traffic can cross from both sides freely, and knows where it's going already. A wireless access point is basically a wireless-to-LAN bridge.

Pretty much all wireless routers also have a bridge built in already - they bridge traffic from the wireless network to the internal wired network by default (i.e. a wireless laptop can see the resources on a wired pc, as well as access the internet). On more advanced kit, it is possible to separate the two by turning off the bridge; so they can both be routed to the internet, but not be able to talk to each other, which is why the suggestion to make sure this bridging function is on - unless you're doing some fairly complex fiddlin', it already should be.

Some routers also have a an 'access point' or 'wireless bridge' mode; generally, this turns off ALL the routery bits of the device, allowing you to use the 'WAN' or 'internet' network socket as an additional lan/local network port. Technically speaking, just turning off the DHCP server doesn't actually disable all the router bits, but it does enough for it not to matter, so if you don't need the extra physical LAN socket in the back room, you don't need to worry about going that far.

The reason they're conflicting in the first place is that when PCs etc need an IP address and the other network info, they send out a DHCP (dynamic host control protocol, echh) request to the local network as a whole; the first valid DHCP response they get back, they use, so if you have two DHCP servers running on the same network with different settings - as you do - it's pot luck which one they end up connected to, regardless of which is the 'right' one - the computers can't tell the difference. Killing the 'rogue' DHCP server means there's only one authoritive server to hand out IP addresses, and tada, problem solved.
posted by ArkhanJG at 3:33 PM on January 8, 2013

« Older Please help me stay asleep before I go insane.   |   Funding for photography exhibition in London or... Newer »
This thread is closed to new comments.