Can an External and Internal Lan Cards be on same network segment

[Guest]

Hi,

I have 2 w/l routers + 1 wired adsl modem-router+ 1 w/l Access Point
connected wirelessly . Its a mess and my clients are not connecting and i
would welcome any advise . I have Win2k3 Server.

I wish to eliminate the w/l access point thru either of the foll. options
if they are workable .

1)I want to know if I can make a Network Bridge between the public Internet
connection and the private network connection. I have windows firewall . If I
do this it will eliminate the need for the w/l access point. How advisable is
this ?

2)If I replace the 502T with an ADSL W/L Modem+Router 604T (both of Dlink),
then can I eliminate the w/ access point also ? But this means External and
Internal Lan Cards are on same network segment because both their cables go
into 2 ports of the 604T ..is this possible ? Is it possible to have the 2
lan connections (1 external internet and 1 internal lan) on 2 separate
network segments but connected to a single router ? That is if internet is on
192.168.1.2 and lan on 192.168.2.200 and router on 192.168.1.1, can the lan
on server be accessed by client machines ?


My current situ is as under :

a. ADSL Wired Modem-Router link 502T thru which my BB comes. (IP:192.168.1.1)

b. This is connected to my win2k3 server which has 2 lan cards. One
(IP:192.168.1.2)links to the 502T, the other (192.168.2.200)to my pronet
wireless accesspoint(192.168.2.3). Upto here no problem.

c. A Dlink 604T wireless router(IP:192.168.2.188) receives signals thru the
pronet and then passes it to 3 thin clients (Wyse 1250- IP 192.168.2.15(PLUS
16 AND 17)) which are connected to it thru the cables.

d. The 4th slot of the 604T is wired to a Linksys WRT54G.(IP:192.168.2.4).3
of the linksys ports connect to 3 thin clients again
wired.(IP:192.168.2.20(PLUS 21 AND 22))

e. The 604T and the WRT54G communicate with each other but unless the 604T
communicates with the Pronet, I am stuck.

f.Since the Pronet AP , 604T w/l Router and the WRT54G W/L Routers are all
on the same 2 series network segment, why am i not being able to connect the
Pronet to the 2 Routers ? All the ips ping when i connect them to my laptop
but the routers dont ping the AP.

Also, when i type 192.168.2.3 and the pronet url opens up, i put in the
192.168.2.188 and 192.168.2.4 in the textboxes which open up below the router
name and the ssid and the channel info under " wep authentication" . I was
told this only meant that those routers required wep authentication and didnt
mean that the 192.168.2.3 recognised them which in any case it doesnt because
i get a " settings saved, device restarting " note and i dont get back the
url page again.

Sorry for this long post, but i am at my wits end and desperately need help.
Thanks.

 

[Robert L [MS-MVP]]

I am not sure I understand the issues. But let me try here.

1. I think you should use NAT instead of bridge.
2. You should not setup multihomed server using the same IP range.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Hi,

I have 2 w/l routers + 1 wired adsl modem-router+ 1 w/l Access Point
connected wirelessly . Its a mess and my clients are not connecting and i
would welcome any advise . I have Win2k3 Server.

I wish to eliminate the w/l access point thru either of the foll. options
if they are workable .

1)I want to know if I can make a Network Bridge between the public Internet
connection and the private network connection. I have windows firewall .. If I
do this it will eliminate the need for the w/l access point. How advisable is
this ?

2)If I replace the 502T with an ADSL W/L Modem+Router 604T (both of Dlink),
then can I eliminate the w/ access point also ? But this means External and
Internal Lan Cards are on same network segment because both their cables go
into 2 ports of the 604T ..is this possible ? Is it possible to have the 2
lan connections (1 external internet and 1 internal lan) on 2 separate
network segments but connected to a single router ? That is if internet is on
192.168.1.2 and lan on 192.168.2.200 and router on 192.168.1.1, can the lan
on server be accessed by client machines ?


My current situ is as under :

a. ADSL Wired Modem-Router link 502T thru which my BB comes. (IP:192.168.1.1)

b. This is connected to my win2k3 server which has 2 lan cards. One
(IP:192.168.1.2)links to the 502T, the other (192.168.2.200)to my pronet
wireless accesspoint(192.168.2.3). Upto here no problem.

c. A Dlink 604T wireless router(IP:192.168.2.188) receives signals thru the
pronet and then passes it to 3 thin clients (Wyse 1250- IP 192.168.2.15(PLUS
16 AND 17)) which are connected to it thru the cables.

d. The 4th slot of the 604T is wired to a Linksys WRT54G.(IP:192.168.2.4).3
of the linksys ports connect to 3 thin clients again
wired.(IP:192.168.2.20(PLUS 21 AND 22))

e. The 604T and the WRT54G communicate with each other but unless the 604T
communicates with the Pronet, I am stuck.

f.Since the Pronet AP , 604T w/l Router and the WRT54G W/L Routers are all
on the same 2 series network segment, why am i not being able to connect the
Pronet to the 2 Routers ? All the ips ping when i connect them to my laptop
but the routers dont ping the AP.

Also, when i type 192.168.2.3 and the pronet url opens up, i put in the
192.168.2.188 and 192.168.2.4 in the textboxes which open up below the router
name and the ssid and the channel info under " wep authentication" . I was
told this only meant that those routers required wep authentication and didnt
mean that the 192.168.2.3 recognised them which in any case it doesnt because
i get a " settings saved, device restarting " note and i dont get back the
url page again.

Sorry for this long post, but i am at my wits end and desperately need help.
Thanks.

 

[Guest]

Hello Bob,

a. I dont understand where I should change the NAT and if so what it should
be.
b. I made a line drawing of my set up - i dont think attachments are
allowed here - how may i send it, if i could, for you to have a look, if
possible ?

Thanks !

 

[N. Miller]

I have 2 w/l routers + 1 wired adsl modem-router+ 1 w/l Access Point
connected wirelessly . Its a mess and my clients are not connecting and i
would welcome any advise . I have Win2k3 Server.

You need a plan.

I wish to eliminate the w/l access point thru either of the foll. options
if they are workable .

1)I want to know if I can make a Network Bridge between the public Internet
connection and the private network connection. I have windows firewall . If I
do this it will eliminate the need for the w/l access point. How advisable is
this ?

That is what the D-Link DI-502 already does. Why change this?

2)If I replace the 502T with an ADSL W/L Modem+Router 604T (both of Dlink),
then can I eliminate the w/ access point also ?

Well yes, but...you can make things work with what you already have.

But this means External and Internal Lan Cards are on same network segment
because both their cables go into 2 ports of the 604T ..is this possible ?

The network segment is identified by the subnet mask, not the physical
equipment. In fact, you really don't need to use both of the LAN cards in
that Win2K3 server; just one will suffice.

Is it possible to have the 2 lan connections (1 external internet and 1
internal lan) on 2 separate network segments but connected to a single
router ?

To what end? This is both confusing, and unnecessary.

That is if internet is on 192.168.1.2 and lan on 192.168.2.200 and router
on 192.168.1.1, can the lan on server be accessed by client machines ?

Oh my aching head. The Internet will be on the far side of the DI-502.
Everything else should flow from that.

My current situ is as under :

a. ADSL Wired Modem-Router link 502T thru which my BB comes. (IP:192.168.1.1)

b. This is connected to my win2k3 server which has 2 lan cards. One
(IP:192.168.1.2)links to the 502T, the other (192.168.2.200)to my pronet
wireless accesspoint(192.168.2.3). Upto here no problem.

If you don't want 192.168.2.0/24 to have Internet access, you are correctly
connected. Windows Server 2003 has the Internet on one LAN card, and the
intranet on the other. But, if your intent is for all devices to share
Internet access, this won't work. You have to change things; instead of
wiring the ProNet WAP to the second Win2K3 LAN card, you need to wire the
ProNet to a second LAN port on the DI-502; if it has one. Or wire the
ProNet to the DI-502, and the Win2K3 to the ProNet. Only one LAN card on
the Win2K3 box should be used.

c. A Dlink 604T wireless router(IP:192.168.2.188) receives signals thru the
pronet and then passes it to 3 thin clients (Wyse 1250- IP 192.168.2.15(PLUS
16 AND 17)) which are connected to it thru the cables.

d. The 4th slot of the 604T is wired to a Linksys WRT54G.(IP:192.168.2.4).3
of the linksys ports connect to 3 thin clients again
wired.(IP:192.168.2.20(PLUS 21 AND 22))

e. The 604T and the WRT54G communicate with each other but unless the 604T
communicates with the Pronet, I am stuck.

f.Since the Pronet AP , 604T w/l Router and the WRT54G W/L Routers are all
on the same 2 series network segment, why am i not being able to connect the
Pronet to the 2 Routers ? All the ips ping when i connect them to my laptop
but the routers dont ping the AP.

Also, when i type 192.168.2.3 and the pronet url opens up, i put in the
192.168.2.188 and 192.168.2.4 in the textboxes which open up below the router
name and the ssid and the channel info under " wep authentication" . I was
told this only meant that those routers required wep authentication and didnt
mean that the 192.168.2.3 recognised them which in any case it doesnt because
i get a " settings saved, device restarting " note and i dont get back the
url page again.

Sorry for this long post, but i am at my wits end and desperately need help.
Thanks.

OK. Here is what I would do (if you select a mono-space font, such as
courier, this will look better!):

D-Link DI-502:

LAN IP address - 192.168.3.1 (see Note 1 at the end)
Subnet mask - 255.255.255.0

LAN port 1 to Windows Server 2003
LAN port 2 to ProNet WAP
(This assumes that the DI-502 has a multiport switch. If that is not the
case, you will have to make a change; let me know!)
-------------------------------------------------------

Windows Server 2003:

LAN card 1 IP address - 192.168.3.2
Subnet mask - 255.255.255.0
LAN card 2 {No connection}
-------------------------------------------------------

ProNet WAP:
IP address - 192.168.3.3
Subnet mask - 255.255.255.0

MAC filter for 192.168.3.4
MAC filter for 192.168.3.188
-------------------------------------------------------

D-Link DI-604:
LAN IP address - 192.168.3.188
Subnet mask - 255.255.255.0

LAN port 1 to ThinClient IP address 192.168.3.15
LAN port 2 to ThinClient IP address 192.168.3.16
LAN port 3 to ThinClient IP address 192.168.3.17
-------------------------------------------------------

Linksys WRT54G:
LAN IP address - 192.168.3.4
Subnet mask - 255.255.255.0

LAN port 1 to Client IP address 192.168.3.20
LAN port 2 to Client IP address 192.168.3.21
LAN port 3 to Client IP address 192.168.3.22
-------------------------------------------------------

This puts all devices on the same LAN segment, and gives all equal access
to the Internet. If that is not your intent, then specify which devices
shouldn't have Internet access; it should be possible to set up separate
network segments in that case, using the second LAN card in the Windows
Server 2003 box.

If all wireless devices can handle WPA with AES, use it! If only TKIP is
available instead of AES, that will do. If any device can't handle WPA, but
only WEP, replacing it with a WPA capable device is advisable.

Leave SSID broadcast enabled. MAC filtering is mostly useful to keep the
same IP address with the same computer in a DHCP environment. Neither MAC
filtering, nor disabling SSID broadcast offers much in the way of security;
mostly "security by obscurity", which is not secure at all! WPA encryption
with AES (if possible), or TKIP is your best security measure at this time.

No need to wire the Linksys WRT54G to the D-Link DI-604, is there? All
wireless routers have been demoted to WAPs in this scheme; routing is
handled by the D-Link DI-502; this is also your Internet gateway.

Note 1: There is no particular reason to favor '3' over some other number
in this LAN IP address; however, some networks have 192.168.0.0/24, or
192.168.1.0/24 hard coded in a manner that can make LAN configuration
difficult. When configuring your own LAN, it is probably wise to pick a
number which is between '2' and '255' for this part of the LAN IP address.