Private subnet - One Care Firewall

X

Xenor

I have seen multiple threads here regarding the automatic switching of a
"Private" network to a "Public" network, espeically when it comes to a second
machine joining/rejoing the private network. Unfortunately, my situation is
slightly different than those posted, and may be the reason why the solutions
are not working for me. I'll do my best to give all the details up front.

My Setup, I have two (sometimes three) machines in my office. A desktop and
two laptops. The machines are all Multihoned because they are all running
wireless for internet connectivity as well as subnet connection to my Media
Center machine on another floor. Each machine in my office also has an
ethernet port which I would "like" to be able to use for file transfers in my
office at Gigabit + FE speeds rather than bog down the wireless connection.
The wireless network is running 192.168.1.x subnet with 255.255.255.0 mask.
All except one of the machines are DHCP, as I have rules setup on the
wireless router firewall (Linksys 350N) to my desktop machine in the office
(Remote Desktop, etc..).
I have setup the ethernet in my office as the 192.168.10.x subnet (same
mask) for rapid syncing between the laptops and my desktop. I do not have
Internet Sharing turned on, nor would I like to have it running. The either
is on a NETGEAR GS605 v2 (gigabit switch). In an ideal world, whenever I
come home and dock my laptop under the monitor of my desktop machine, I would
like to be able to quickly sync offline files (500MB .pst file, a few Word
and OneNote docs, etc.), Remote from the desktop into the laptop from time to
time, etc. This should all occur over the ethernet, and the machine should
know which subnet to take for Internet vs. home net traffic. On some
occasions, when the laptop is undocked, I may also wish to remote into the
office desktop. or sync small files. Hopefully, the setup should be clear at
this point. Intially, when I setup/create the private network on each
machine, it works fine...but after a reboot or undock/redock...the ethernet
setup falls apart. The laptop will be docked, but will use the wireless
network to sync. When I ping the desktop (ZEUS) I get the correct response,
but traffic doesn't otherwise travel on this subnet.

My configuration:
On both the desktop and the laptop, I have manually configured the IP and
subnet mask. There is no gateway (unmanaged switch) and there are no DNS
designated. (I'm relying on NetBIOS broadcasts on .255)

Here is the ipconfig /all from the desktop (ZEUS), which is running Vista
Ultimate:

*******************************************************
Windows IP Configuration

Host Name . . . . . . . . . . . . : Zeus
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : IXONA

Wireless LAN adapter Wireless:

Connection-specific DNS Suffix . : IXONA
Description . . . . . . . . . . . : Marvell TOPDOG (TM) 802.11n Wireless
(CB82) #2
Physical Address. . . . . . . . . : 00-18-39-18-CC-31
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . :
fe80::c0a1:edea:3212:4be2%24(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, April 02, 2008 11:14:24 PM
Lease Expires . . . . . . . . . . : Friday, April 04, 2008 12:18:02 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
68.105.28.12
68.105.29.12
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter LAN:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8169/8110 Family PCI
Gigabit Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-50-8D-B6-0E-B4
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.10.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : IXONA
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
**********************************************************

Here is the ipconfig /all for my laptop (HIPPOCRATES) running Vista Business:
**********************************************************
Windows IP Configuration

Host Name . . . . . . . . . . . . : Hippocrates
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : IXONA

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : IXONA
Description . . . . . . . . . . . : Intel(R) PRO/Wireless 3945ABG Network
Connection #2
Physical Address. . . . . . . . . : 00-19-D2-72-0C-1F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . :
fe80::f922:d6f1:3a19:bc8d%14(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, April 03, 2008 12:19:51 AM
Lease Expires . . . . . . . . . . : Friday, April 04, 2008 12:19:51 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
68.105.28.12
68.105.29.12
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter LAN:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection
Physical Address. . . . . . . . . : 00-15-B7-5B-3A-64
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.10.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . :
isatap.{5EC1E503-0921-4308-A847-FF0783210312}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : IXONA
Description . . . . . . . . . . . : isatap.IXONA
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 10:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . :
2001:0:4137:9e50:3025:1a88:3f57:fefc(Preferred)
Link-local IPv6 Address . . . . . :
fe80::3025:1a88:3f57:fefc%15(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
*********************************************************

So, my problem is the same as others. My machines keep switching from
Private back to public, and I keep losing ethernet as the preferred network
when both are connected (reconnected) to the switch. Ocassionally, if I ping
from one machine to the other the connection seems to wake up and work
properly, but other times it does not. I even have to sometimes reboot the
laptop to get the Sync center to finally recognize that the "server" is
connected and it can begin.

The first twist is the fact that I do not desire to have intenet connection
sharing running. The second twist is that I am running Live OneCare on both
machines. I'm an old school MCSE (1998), and consider myself pretty
knowledged on Microsoft networking basics. If I was behind a managed router
I'd know how to tweak things, and I think Vista would find a real network
instead of calling it an (Unidentified network) [Like were in a diner
outside Roswell or something]. Also, if I were running Norton or a few other
desktop firewall programs, I would know how to add a subnet, designate it as
trusted, and be off and running. OneCare has been dumbed down for the
average home user, and a lack of (truly) advanced config abilities has got me
stumped.

Can anyone assist me with how I might tweak my ethernet or OneCare settings
so that I can get back to writing email and papers instead of jacking with
the network?


Thanks in advance for your help. I may be missing something obvious, so
please feel free to ask simple or complex ?'s and to point out a basic config
error I might have made.
 
P

Phillip Windell

You can run 250-300 machines on one segment before the load begins to effect
performance.

Forget the whole duel-home/multiple subnet stuff.

Run a single subnet. Use the one created by the Linksys 350n for that. I
recommend you change the Default IP Range it uses to something that is much
less "over-used"

Plug the Netgear Switch into one of the switch ports on the 350n (might need
to use the MDIX port if it is not "auto").

Plug the Media Center machine into the Switch or one of the Switch ports on
the 350n (they both do the same thing).

Use all the other non-wireless machines on the same segment just like the
Media Center machine. The wireless ones will continue as they are on the
same segment by connecting wirelessly to the 350n.

Switches already isolate every single communication session into its own
Virtual Circuit. That is what Switches do,..that is what makes them
Switches. There is absolutely no point in multple subnets in your situation.

There are two reasons to use multiple Layer3 IP Segments (subnets)

1. To breakdown the Broadcast Domains into smaller pieces to protect from
broadcasts eating up the bandwidth. The break-off point is 250-300 hosts,
so using a regular /24 bit mask (255.255.255.0) creates subnets of 254 hosts
which masks the /24 bit subnet the perfect size.

2. To create a security partition by using a LAN Router between two or more
LAN Segments to control access. This is done by creating Access Control
Lists (ACLs) on the Router. The size of the segment is not relevant to this
choice but the segment still should be allowed to grow beyond the 254 Hosts.

The Linksys box and any other similar retail "home-user" internet device
are *not* routers. That was a *marketing decision* to call them that and it
was a bad decision, but the horse is already escaped the barn. Those
devices in reality are "NAT Based Firewalls" on the lower end of the quality
scale and they do not apply to what I am talking about in point #2 here
concerning LAN segmenting and ACLs on LAN Routers.


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.mspx

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------


Xenor said:
I have seen multiple threads here regarding the automatic switching of a
"Private" network to a "Public" network, espeically when it comes to a
second
machine joining/rejoing the private network. Unfortunately, my situation
is
slightly different than those posted, and may be the reason why the
solutions
are not working for me. I'll do my best to give all the details up front.

My Setup, I have two (sometimes three) machines in my office. A desktop
and
two laptops. The machines are all Multihoned because they are all running
wireless for internet connectivity as well as subnet connection to my
Media
Center machine on another floor. Each machine in my office also has an
ethernet port which I would "like" to be able to use for file transfers in
my
office at Gigabit + FE speeds rather than bog down the wireless
connection.
The wireless network is running 192.168.1.x subnet with 255.255.255.0
mask.
All except one of the machines are DHCP, as I have rules setup on the
wireless router firewall (Linksys 350N) to my desktop machine in the
office
(Remote Desktop, etc..).
I have setup the ethernet in my office as the 192.168.10.x subnet (same
mask) for rapid syncing between the laptops and my desktop. I do not have
Internet Sharing turned on, nor would I like to have it running. The
either
is on a NETGEAR GS605 v2 (gigabit switch). In an ideal world, whenever I
come home and dock my laptop under the monitor of my desktop machine, I
would
like to be able to quickly sync offline files (500MB .pst file, a few
Word
and OneNote docs, etc.), Remote from the desktop into the laptop from time
to
time, etc. This should all occur over the ethernet, and the machine
should
know which subnet to take for Internet vs. home net traffic. On some
occasions, when the laptop is undocked, I may also wish to remote into the
office desktop. or sync small files. Hopefully, the setup should be clear
at
this point. Intially, when I setup/create the private network on each
machine, it works fine...but after a reboot or undock/redock...the
ethernet
setup falls apart. The laptop will be docked, but will use the wireless
network to sync. When I ping the desktop (ZEUS) I get the correct
response,
but traffic doesn't otherwise travel on this subnet.

My configuration:
On both the desktop and the laptop, I have manually configured the IP and
subnet mask. There is no gateway (unmanaged switch) and there are no DNS
designated. (I'm relying on NetBIOS broadcasts on .255)

Here is the ipconfig /all from the desktop (ZEUS), which is running Vista
Ultimate:

*******************************************************
Windows IP Configuration

Host Name . . . . . . . . . . . . : Zeus
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : IXONA

Wireless LAN adapter Wireless:

Connection-specific DNS Suffix . : IXONA
Description . . . . . . . . . . . : Marvell TOPDOG (TM) 802.11n Wireless
(CB82) #2
Physical Address. . . . . . . . . : 00-18-39-18-CC-31
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . :
fe80::c0a1:edea:3212:4be2%24(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, April 02, 2008 11:14:24
PM
Lease Expires . . . . . . . . . . : Friday, April 04, 2008 12:18:02 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
68.105.28.12
68.105.29.12
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter LAN:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8169/8110 Family PCI
Gigabit Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-50-8D-B6-0E-B4
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.10.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : IXONA
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
**********************************************************

Here is the ipconfig /all for my laptop (HIPPOCRATES) running Vista
Business:
**********************************************************
Windows IP Configuration

Host Name . . . . . . . . . . . . : Hippocrates
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : IXONA

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : IXONA
Description . . . . . . . . . . . : Intel(R) PRO/Wireless 3945ABG
Network
Connection #2
Physical Address. . . . . . . . . : 00-19-D2-72-0C-1F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . :
fe80::f922:d6f1:3a19:bc8d%14(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, April 03, 2008 12:19:51 AM
Lease Expires . . . . . . . . . . : Friday, April 04, 2008 12:19:51 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
68.105.28.12
68.105.29.12
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter LAN:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network
Connection
Physical Address. . . . . . . . . : 00-15-B7-5B-3A-64
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.10.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . :
isatap.{5EC1E503-0921-4308-A847-FF0783210312}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : IXONA
Description . . . . . . . . . . . : isatap.IXONA
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 10:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . :
2001:0:4137:9e50:3025:1a88:3f57:fefc(Preferred)
Link-local IPv6 Address . . . . . :
fe80::3025:1a88:3f57:fefc%15(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
*********************************************************

So, my problem is the same as others. My machines keep switching from
Private back to public, and I keep losing ethernet as the preferred
network
when both are connected (reconnected) to the switch. Ocassionally, if I
ping
from one machine to the other the connection seems to wake up and work
properly, but other times it does not. I even have to sometimes reboot
the
laptop to get the Sync center to finally recognize that the "server" is
connected and it can begin.

The first twist is the fact that I do not desire to have intenet
connection
sharing running. The second twist is that I am running Live OneCare on
both
machines. I'm an old school MCSE (1998), and consider myself pretty
knowledged on Microsoft networking basics. If I was behind a managed
router
I'd know how to tweak things, and I think Vista would find a real network
instead of calling it an (Unidentified network) [Like were in a diner
outside Roswell or something]. Also, if I were running Norton or a few
other
desktop firewall programs, I would know how to add a subnet, designate it
as
trusted, and be off and running. OneCare has been dumbed down for the
average home user, and a lack of (truly) advanced config abilities has got
me
stumped.

Can anyone assist me with how I might tweak my ethernet or OneCare
settings
so that I can get back to writing email and papers instead of jacking with
the network?


Thanks in advance for your help. I may be missing something obvious, so
please feel free to ask simple or complex ?'s and to point out a basic
config
error I might have made.
 
P

Phillip Windell

Phillip Windell said:
2. To create a security partition by using a LAN Router between two or
more LAN Segments to control access. This is done by creating Access
Control Lists (ACLs) on the Router. The size of the segment is not
relevant to this choice but the segment still should be allowed to grow
beyond the 254 Hosts.

sorry,...*not* allowed to grow beyond 254 hosts"
 
X

Xenor

Phillip,
Thanks for your response. however, I may not have clearly stated my
configuration. The office, with switch, desktop computers and laptop, is
some distance from the cable modem and WRT350N, where the Media Center also
resides. The purpose of the switch in the office is to try and create a
local wired ethernet in the office, so that the traffic doesn't saturate the
wireless. Does this make sense?

-Michael
 
P

Phillip Windell

Xenor said:
Phillip,
Thanks for your response. however, I may not have clearly stated my
configuration. The office, with switch, desktop computers and laptop, is
some distance from the cable modem and WRT350N, where the Media Center
also
resides. The purpose of the switch in the office is to try and create a
local wired ethernet in the office, so that the traffic doesn't saturate
the
wireless. Does this make sense?

You cannot do that without a Wireless Bridge (actually a pair of them).
You appear to have two wired sections of the LAN. Notice, I did not say
subnets or segments.
One is where the 350N and Media Center machine is.
The other is where these other Desktops and Latops are.
In order to wirelessly connect wired sections together you have to "bridge"
them with a pair of Wireless Bridges. The bridges only do *one*
thing,...they join the two wired sections together,...you cannot connect
hosts to them. You cannot connect your Laptop to a Wireless Bridge.

This diagram can easily be all one IP subnet.

[Wired area #1]-----<wireless access point>
| |
<wireless bridge #1> [wireless clients]
{
}
{
}
{
}
<wireless bridge #2>
|
[Wired area #2]-----<wireless access point>
|
[wireless clients]

You may want to throw out the wireless idea....
A wired Ethernet run can go up to 300 feet (100 meters). Run the cable
from the 350N to the "office" with these machines. If you can't do that,
then you will need a pair of wireless bridges,...or you will need to have a
new CableTV run added to the Office and move the Modem, the 350N, and the
Media Center machine into the office area.

As far as "saturating" the wireless component,...things just aren't that
simple. Don't try to fix a problem where it isn't proven that you have such
a problem. I see on a daily basis the absolute messes people create for
themselves by trying to fix problems that only exist in their imaginations.

Can you overload an Access Point,..yes.
Can you overload a Wireless Bridged connection,...sure.
But the way that each can possibly be overloaded is different.
Things just aren't that simple,...it isn't like water flowing through pipes
where the water just simply goes everywhere there is an opening to let it
go. It just doesn't work that way. TCP/IP traffic flows based on Routing
Tables, ARP Tables, and Protocol behavior. It does not go over a wire or
radio wave just because it is there.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
 
X

Xenor

Phillip,
Let me see if one last detail helps out. I don't want to bride the two
wired networks. Each laptop and the desktop already have a wireless adapter
for internet access. I want a separate, small wired network in the office so
that those machines can talk with one another at high speeds.

[Wired area #1]-----<wireless access point>
| { {
Media Center/Xbox } }
{ {
} }
[Desktop] [laptop]
| |
[Wired area #2]

Media Center, Xbox, Desktop & Laptop all access intenet from the WRT350N.
(Some Wireless, some wired....192.168.1.x subnet. Desktop and Laptop access
Media Center over the wireless (192.168.1.x subnet). Desktop and laptop
(when docked) access one another in the office wired network (192.168.10.x
subnet). Why do this when I can use wireless? 2 scenarios. When desktop is
running games, P2P, video chat, etc....accessing its shares causes many
collisions and occasionaly I have to reset the WRT350N. Also, when
transferring 500MB .pst file (when syncing laptop in docking station after
being out for the day) takes 10-15 minutes. That same transfer takes about
1min-1min30sec over wired switch. So, maybe I don't have to create a
different subnet, but I do want a way to configure my network so that when my
laptop is docked and sitting 2 ft away from my desktop, it uses a much faster
FE/GE network. When the laptop is undocked (and every other client normally)
accesses the desktop over the wireless.


DId I do a better job of explaining it this time? Sorry for the confusion
and thanks for your patience.



Phillip Windell said:
Xenor said:
Phillip,
Thanks for your response. however, I may not have clearly stated my
configuration. The office, with switch, desktop computers and laptop, is
some distance from the cable modem and WRT350N, where the Media Center
also
resides. The purpose of the switch in the office is to try and create a
local wired ethernet in the office, so that the traffic doesn't saturate
the
wireless. Does this make sense?

You cannot do that without a Wireless Bridge (actually a pair of them).
You appear to have two wired sections of the LAN. Notice, I did not say
subnets or segments.
One is where the 350N and Media Center machine is.
The other is where these other Desktops and Latops are.
In order to wirelessly connect wired sections together you have to "bridge"
them with a pair of Wireless Bridges. The bridges only do *one*
thing,...they join the two wired sections together,...you cannot connect
hosts to them. You cannot connect your Laptop to a Wireless Bridge.

This diagram can easily be all one IP subnet.

[Wired area #1]-----<wireless access point>
| |
<wireless bridge #1> [wireless clients]
{
}
{
}
{
}
<wireless bridge #2>
|
[Wired area #2]-----<wireless access point>
|
[wireless clients]

You may want to throw out the wireless idea....
A wired Ethernet run can go up to 300 feet (100 meters). Run the cable
from the 350N to the "office" with these machines. If you can't do that,
then you will need a pair of wireless bridges,...or you will need to have a
new CableTV run added to the Office and move the Modem, the 350N, and the
Media Center machine into the office area.

As far as "saturating" the wireless component,...things just aren't that
simple. Don't try to fix a problem where it isn't proven that you have such
a problem. I see on a daily basis the absolute messes people create for
themselves by trying to fix problems that only exist in their imaginations.

Can you overload an Access Point,..yes.
Can you overload a Wireless Bridged connection,...sure.
But the way that each can possibly be overloaded is different.
Things just aren't that simple,...it isn't like water flowing through pipes
where the water just simply goes everywhere there is an opening to let it
go. It just doesn't work that way. TCP/IP traffic flows based on Routing
Tables, ARP Tables, and Protocol behavior. It does not go over a wire or
radio wave just because it is there.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
 
P

Phillip Windell

I know what you want. I knew what you were describing pretty much from the
beginning.
I'm telling you to "stop" wanting it,...and to approach the situation
properly.

This is a common problem, so no offense...but you might have the idea that a
wired section and a wireless section are two different networks,...they are
not. There is no *true* such thing as a "wireless network",...there are
wireless connections to a network (host connections) and there are wireless
connections within a network (bridged links),...but beyond that a network is
just a network,...the medium (copper, fiber, "air") that the data travels
over is irrelevant.

There are some more things you mention below that you that I need to comment
on. Continued below.....
subnet). Why do this when I can use wireless? 2 scenarios. When desktop
is
running games, P2P, video chat, etc....accessing its shares causes many
collisions and occasionaly I have to reset the WRT350N.

There are no collisions. It just flat out ain't happening. The wired
portion or your LAN is fully Switch,...collisions just don't happen on
switched networks,...it is impossible.

There is also no such thing as a collision with wireless either. It is
impossble with the way the technology works. It can slow down under a load,
but there are no collisons. It is all controlled by the WAP and the clients
only "talk" when the WAP tells them that they can. The Radio Traffic and the
control of it,...is very very complex. Just guessing, but probably only half
of the packets that travel over it are the actual data. The rest is all
connection control and maintainence. Wireless has an extremely high
functional overhead and is very very inefficient compared to wired. So even
with exactly identical bandwidth the wired will always run faster than the
wireless.

The WRT350N is having to be rebooted because it is just not that high
quality of a device. The are reasons why it costs what it does and
comparable commercial grade devices cost $3000.00 to $10,000.00 dollars.
Updating the Firmware on the device or waiting until they produce an update
may help the device do better.
transferring 500MB .pst file (when syncing laptop in docking station after
being out for the day) takes 10-15 minutes. That same transfer takes
about
1min-1min30sec over wired switch.

Yes, that is normal and expected. Marketing, particularly with home user
grade equipment, is very "over-promised & under delivered". The 10 to 15
minutes is annoying but not really unexpected,..at least not to me.
different subnet, but I do want a way to configure my network so that when
my
laptop is docked and sitting 2 ft away from my desktop, it uses a much
faster
FE/GE network. When the laptop is undocked (and every other client
normally)
accesses the desktop over the wireless.

When it is docked and therefore expected to use the wired connection you are
supposed to turn off the wireless Nic. It will either be a physical switch
on the Laptop or will be a "Fn Key" combination. That is the way it is
supposed to be handled. Everybody does that. Heck,..I do that,...I'm doing
it right now at this moment from this very laptop that is in a docking
station in exactly the same situation you describe.

If you do not turn off the wireless adapter when you connect into the wired
part of your LAN it will *ignore* the wired nic and will continue to use the
wireless nic as long as the signal is good.

So, turn off the wireless nic when you need to and.... Build your LAN this
way:

All one subnet.
No LAN routers.

[Internet]
|
|
|
[Area #1]-----<WRT350N>-------<MediaCenter &
| | other wired
clients>
| [wireless clients]
|
|
|
|
| <---long cable to other part
| of building *if* you need it
| [300 ft (100m) max dist]
|
|
|
|
|
[Area #2]-----<Switch>-----<more wired clients>
|
|
<optional 2nd
Wireless Access Point>------<more wireless clients>


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
 
X

Xenor

Phillip,
Thank you. I was misusing words and it was adding to the confusion.
When my laptop is trying to access the internet, and my Media Center is
downloading a file from my desktop, I think of them as "collisions"...but
they are not. The wireless router is under load, and performance rapidly
degrades when it tries to handle 2 concurrent requests.

I thought it was possilble to create preference on networks, by
assigning a "cost" to each route, thereby creating a preference. This may be
the case, but it is more of an issue for routers (real ones) and not for
desktops.

I guess I knew I could switch off the wireless, just thought I could
find some way to make it automatic so that it wouldn't have to worry about
it. Also, sometimes I like to use a PCMCIA N card, which isn't controlled by
the switch. But alas....logic, low-cost, and science don't always get
together.

That only leaves 1/2 of the problem left. Hopefully getting a single
subnet will clean things up and the OneCare firewall will stop dropping the
"Private" designation. I'll be back if not...maybe I can find a OneCare
specific group...

Thank you again for your patience and assistance.

-Michael

Phillip Windell said:
I know what you want. I knew what you were describing pretty much from the
beginning.
I'm telling you to "stop" wanting it,...and to approach the situation
properly.

This is a common problem, so no offense...but you might have the idea that a
wired section and a wireless section are two different networks,...they are
not. There is no *true* such thing as a "wireless network",...there are
wireless connections to a network (host connections) and there are wireless
connections within a network (bridged links),...but beyond that a network is
just a network,...the medium (copper, fiber, "air") that the data travels
over is irrelevant.

There are some more things you mention below that you that I need to comment
on. Continued below.....
subnet). Why do this when I can use wireless? 2 scenarios. When desktop
is
running games, P2P, video chat, etc....accessing its shares causes many
collisions and occasionaly I have to reset the WRT350N.

There are no collisions. It just flat out ain't happening. The wired
portion or your LAN is fully Switch,...collisions just don't happen on
switched networks,...it is impossible.

There is also no such thing as a collision with wireless either. It is
impossble with the way the technology works. It can slow down under a load,
but there are no collisons. It is all controlled by the WAP and the clients
only "talk" when the WAP tells them that they can. The Radio Traffic and the
control of it,...is very very complex. Just guessing, but probably only half
of the packets that travel over it are the actual data. The rest is all
connection control and maintainence. Wireless has an extremely high
functional overhead and is very very inefficient compared to wired. So even
with exactly identical bandwidth the wired will always run faster than the
wireless.

The WRT350N is having to be rebooted because it is just not that high
quality of a device. The are reasons why it costs what it does and
comparable commercial grade devices cost $3000.00 to $10,000.00 dollars.
Updating the Firmware on the device or waiting until they produce an update
may help the device do better.
transferring 500MB .pst file (when syncing laptop in docking station after
being out for the day) takes 10-15 minutes. That same transfer takes
about
1min-1min30sec over wired switch.

Yes, that is normal and expected. Marketing, particularly with home user
grade equipment, is very "over-promised & under delivered". The 10 to 15
minutes is annoying but not really unexpected,..at least not to me.
different subnet, but I do want a way to configure my network so that when
my
laptop is docked and sitting 2 ft away from my desktop, it uses a much
faster
FE/GE network. When the laptop is undocked (and every other client
normally)
accesses the desktop over the wireless.

When it is docked and therefore expected to use the wired connection you are
supposed to turn off the wireless Nic. It will either be a physical switch
on the Laptop or will be a "Fn Key" combination. That is the way it is
supposed to be handled. Everybody does that. Heck,..I do that,...I'm doing
it right now at this moment from this very laptop that is in a docking
station in exactly the same situation you describe.

If you do not turn off the wireless adapter when you connect into the wired
part of your LAN it will *ignore* the wired nic and will continue to use the
wireless nic as long as the signal is good.

So, turn off the wireless nic when you need to and.... Build your LAN this
way:

All one subnet.
No LAN routers.

[Internet]
|
|
|
[Area #1]-----<WRT350N>-------<MediaCenter &
| | other wired
clients>
| [wireless clients]
|
|
|
|
| <---long cable to other part
| of building *if* you need it
| [300 ft (100m) max dist]
|
|
|
|
|
[Area #2]-----<Switch>-----<more wired clients>
|
|
<optional 2nd
Wireless Access Point>------<more wireless clients>


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
 
P

Phillip Windell

Xenor said:
Phillip,
Thank you. I was misusing words and it was adding to the confusion.
When my laptop is trying to access the internet, and my Media Center is
downloading a file from my desktop, I think of them as "collisions"...but
they are not. The wireless router is under load, and performance rapidly
degrades when it tries to handle 2 concurrent requests.

Yes, I guess it could be a problem with devices that have multiple things
built into one device. If it were a separate stand-alone Access Point that
was under a load it would only effect clients connected to that one WAP and
not effect the whole LAN. If nothing else, the Linksys is sharing the one
Processor for everything instead of a separate one for NAT,..for
Switching,...and then for the WAP like you would get if they were all
separate devices.
I thought it was possilble to create preference on networks, by
assigning a "cost" to each route, thereby creating a preference. This may
be
the case, but it is more of an issue for routers (real ones) and not for
desktops.

There are "metrics" for routes, but I don't know that it would be a very
good application of that in this case.
I guess I knew I could switch off the wireless, just thought I could
find some way to make it automatic so that it wouldn't have to worry about
it. Also, sometimes I like to use a PCMCIA N card, which isn't controlled
by
the switch. But alas....logic, low-cost, and science don't always get
together.

You can set the Binding Order of Nics so that one is prefered over the
other, but I don't think it would be very dependable in this case. I have
tried that and the wrong nic would still cause me problems sometimes. It is
more solid and definate to just disable the wireless when it isn't needed.
That only leaves 1/2 of the problem left. Hopefully getting a single
subnet will clean things up and the OneCare firewall will stop dropping
the
"Private" designation. I'll be back if not...maybe I can find a OneCare
specific group...

Thank you again for your patience and assistance.

-Michael

Ok. Good luck with it Michael!

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top