Setting up a DIR-655... Correctly.

[motolube]

Guys, I need your help. I know my way around computers but Networking/Wireless Routers and I just don't get along... or so it seems.

First a little bit of History...

1 Server under Win2K Server + 3 workstations under Windowx XP Pro w/SP3. All 3 workstations use the same Accounting Managment Software and until recently, were using AT&T ADSL 6Mbit internet + 6 lines... plenty of problems with Customer Service and them trying to scam us out of money every other month so I decided to change to another provider (Comcast).

The network was run by a Motorola ADSL Modem that was also wireless + a Lynksys 8 port switch (10/100/1000). From MOdem to switch and from switch to Server + workstation to be able to utilize the 1000 speeds. All Ethernet in Server + PC are also 1000 capable.

Changes went well and smooth but I have just a little hickup that I don't know what to do with now.

1.- Comcast Modem
1.- Same Linksys 8 port 10/100/1000 Switch
1.- D-Link DIR-655 Gigabit N wireless router

Network is as follows...

Coaxial cable from outside to Comcast Modem, ethernet wire from Comcast modem to INTERNET port on Router. Ethernet wire from Port 1 of router to port 8 of Switch, all other ports use for the other PC's.

My little issue is the following, Getting to the login of the Accounting Managment Software in the server takes proximately 1 to 2 minutes (something that used to take less than 10 secs before), once we have inputed our passwords, the software seems to be slightly faster than even before (seat of the pants of course).

My friends tells me that he thinks this is because of the security software that D-Links uses, that because of it being moe secure than the one we used to use with the AT&T motorola router, the intiial time is delayed.

Well, like I said, I know nothing about networking but I do know that this is very annoying and I need to do something to expedite this.

Installation of the D-Link router went smooth and after that, I have not been inside it because it is not user friendly at all as the old wrt54g linksys router that I used to have at home.

I am wondering if something can be done with the setting of the router to make hard for hackers to get in but not harder for me to work on my stuff.

Thanks a lot

 

[YeOldeStonecat]

Is your server running active directory...a domain? If so, was it running DHCP (it should be). If so, did you disable DHCP on your router? DNS issue is suspect
What make/model is the Comcast "router"?

 

[gimp]

Is your server running active directory...a domain? If so, was it running DHCP (it should be). If so, did you disable DHCP on your router? DNS issue is suspect
What make/model is the Comcast "router"?

this

changing the router itself should have virtually no effect on the internal network, security-wise.

the router can't stop viruses in the LAN from spreading throughout the LAN, so ignore what that person told you.

 

[motolube]

WOW, cool... quick responses.

I'll try to answer your question to the best of my abilities but bare with me please.

Is your server running active directory...a domain?

I am afraid I don't understand the question that much but I am going to say YES... we were all (workstations) using the same Database on the server to sell our product (part numbers choosen from the same file on the server can be used by 1 or all workstations at the same time)

I hope this answers the question?

Is it prudent to post an image of the settings of the router here?

If so, was it running DHCP (it should be).

I think so... look here

Connection Type : DHCP Client

QoS Engine : Active

Cable Status : Connected

DNS Status : Online

Network Status : Established

If so, did you disable DHCP on your router? DNS issue is suspect

I don't know, I don't think I have enable or disable anything since I have only brwose thru the inside of the router settings... as stated before, they are not very user friendly to me.

What make/model is the Comcast "router"?

SMC 8014

S/W Rev 4.01.17.CCR

H/W Rev 1B

 

[gimp]

ehh... need a definite yes or no on running AD.

from the sounds of it, you did not setup the server.

do the computers have local accounts, or domain accounts?

This can easily be found: at the logon screen, do you have a "Log on to:" drop down box? If not, there may be an "Options >>" button, click that, and see if a "Log on to:" drop down box appears.

If it does, there should be atleast (minimum) 2 options; 1 will be: computername (This computer), the 2nd would be the name of the AD domain.

edit: FYI, those DHCP and DNS settings look like they came from the router maybe....?

 

[YeOldeStonecat]

Yeah need a concrete answer on if your server is running a "domain" or not, and if you workstations are logging into the domain, or if your network is just setup as a simple peer to peer network.

Comcast usually ships an SMC "Gateway", which is a combo modem/router running a 10.1.10.xxx network on the inside.

If you stick your own router behind that....by default you're double NAT'ing unless you IP map another public IP address from your static block to the WAN interface of your own router. We can get into these details later, first need to determine why your network is bogging down...I suspect DHCP/DNS related.

 

[PTNL]

I am afraid I don't understand the question that much but I am going to say YES... we were all (workstations) using the same Database on the server to sell our product (part numbers choosen from the same file on the server can be used by 1 or all workstations at the same time)

That does not indicate whether the computers are on a domain or not. Quickest way is to do this from each machine:
1) Right-click "My Computer" --> Properties
2) Click "Computer Name" tab
3) Look below "Full Computer Name:" section.... Does it say "Domain:" or "Workgroup:" ?

 

[gimp]

That does not indicate whether the computers are on a domain or not. Quickest way is to do this from each machine:
1) Right-click "My Computer" --> Properties
2) Click "Computer Name" tab
3) Look below "Full Computer Name:" section.... Does it say "Domain:" or "Workgroup:" ?

der.. duh. that is the easiest way. hah.
guess my brain isn't completely functioning yet this morning.

 

[motolube]

OK, we are behind a Workgroup "Motolube"...

Yes, the Server was not setup by me... as stated before, Networking is not my cup of tea, although, I have learn the basics sans the lingo

Local or Domain Accounts... is that question still pending or did I answered it already by stating that we are behind a Workgroup and not a Domain?

Yes, the settings I posted came from the Status Option on the Router.

Comcast usually ships an SMC "Gateway", which is a combo modem/router running a 10.1.10.xxx network on the inside.

Ahhh, this is why I was able to run the network even before I installed the Router.

If you stick your own router behind that....by default you're double NAT'ing unless you IP map another public IP address from your static block to the WAN interface of your own router. We can get into these details later, first need to determine why your network is bogging down...I suspect DHCP/DNS related.

Well, the reason why I installed my own router is because the Comcast Tech told me their routers were not wireless and didn't have a good built in security.

I have to assume that I am indeed double NAT'ing but I have no idea how to turn that off or disable it from the router or modem.

If you guys require any other information, I am just a click away... I need to fix this

 

[gimp]

ok that helps.
as for local/domain accts, that was answered when you specified you are, in fact, in Workgroup mode. So all local accounts. This is good.

One thing you COULD try... since you still have the Comcast router/gateway in place...

plug a computer straight into that router. Do an IPCONFIG and note the IP address and default gateway.

NEXT... plug into the DLink router. Change the DLink's local IP to one-up from the Comcast router. IE, if with the Comcast router the default gateway is 10.1.100.1, then change the DLink to 10.1.100.2

next.... turn off DHCP on the DLink.

3rd, plug a LAN port from the Comcast router into a LAN port on the DLink.

This will clear up any double-NAT that's currently happening (essentially turning the DLink into nothing more than a switch+WAP)


ninja edit: or... you could just plug all hard-wired computers into the SMC. What will the wireless be used for? You could keep the double-NAT if the wireless will be for customers waiting.

 

[YeOldeStonecat]

How you set your router up depends on how you use your network. The SMC gateway is a 1/2 decent router with some decent features. However at all my clients using Comcast Biz I have my own routers in place, with my own routers obtaining the static public IP address on their WAN interface. The SMC is used pretty much as a modem in this case. But this isn't the source of your slow login problem, so lets leave this discussion until your issue is solved. Just a note, if you wanted to leave the SMC as is, and if your network is able to have its IP setup changed, I'd flip the DLink to be run as an access point.

Sooo...question, did you change the DLink to run on a different IP range? Give it a hard reset? Anything else change on your network? Changing ISPs should not have changed this. If your network is really just running peer to peer...this shouldn't have affected much. I'm wondering if whoever setup your network did lmhost/host files, and you changed your IP range so they're not longer valid.

 

[motolube]

Router was installed because there are times when we need to run our laptops and since the comcast modem doesn't have wireless capabilities, they told us to get that d-link router specifically... the router I got from Newegg and not from Comcast in case you are wondering.

j-sta, I can try to do what you told me to do but it will have to be on Non-working hours because I don't want to have any downtime.

So, you are saying that the Comcast modem security would suffice and/or I could use the Router only as a Switch + the added security? if so, that is exactly what I need... what ever is easier to do, I am all for it.

I don't need NSA security, I am sure the security I was using with the AT&T router was not top notch either and so far... we have had good luck (knock on wood! )

 

[gimp]

for all intents and purpose, a router is a router is a router. It's only as secure as you set it up to be

As long as you don't open ports, there won't be a huge difference in security between a DLink and an SMC. They all do the same basic function, and do help prevent the bad guys from getting into your network.

I agree with YeOlde, in that maybe whoever originally set everything up, did something non-standard. As YeOlde stated, just changing an ISP or router should not cause any negative side effects when it comes to your internal network.

since it sounds like you haven't even really touched the config on any of the hardware, and YeOlde stated maybe the person that set it up added some entries into the lmhosts or hosts file...
go here: C:\Windows\System32\Drivers\etc

you will need to make sure hidden files and protected OS files are not hidden.

if you open both the hosts and lmhosts files in Notepad, they should not have too much in them (there are a couple entries, plus several comments in each by default)

 

[motolube]

for all intents and purpose, a router is a router is a router. It's only as secure as you set it up to be

As long as you don't open ports, there won't be a huge difference in security between a DLink and an SMC. They all do the same basic function, and do help prevent the bad guys from getting into your network.

Hmmmm, this does not give me a warm and fuzzy feeling inside since I could have easily not spend the money on the D-Link but, as stated before, there are times we do need to use our laptops and Wireless is the only way to go.

I agree with YeOlde, in that maybe whoever originally set everything up, did something non-standard. As YeOlde stated, just changing an ISP or router should not cause any negative side effects when it comes to your internal network.

If by setup you mean the new Comcast lines, then... NO, he did not setup or touched my d-link router.

As stated before, the network worked perfectly when he switch to the comcast modem/router, which, I thought it was not going to be possible, simple or that easy.

The delayed has only started after I installed the router and now the servers and workstations are behind the router and comcast modem.

since it sounds like you haven't even really touched the config on any of the hardware, and YeOlde stated maybe the person that set it up added some entries into the lmhosts or hosts file...
go here: C:\Windows\System32\Drivers\etc

you will need to make sure hidden files and protected OS files are not hidden.

if you open both the hosts and lmhosts files in Notepad, they should not have too much in them (there are a couple entries, plus several comments in each by default)

The Host file hast not been touched at all, it is as its default settings.

What is the easiest way of disable the D-Link router and only use it as a Switch + have Wireless capabilities? I think that would be the sweet spot... unless of course, I can disable the comcast modem and just use it as a bridge and let the router take care of everything

 

[gimp]

ok... so it worked fine after Comcast installed their SMC gateway/modem combo.

And it continued to work fine until you hooked up the DLink.

Correct?

hmmm....

did you by chance check the LMHOSTS file also?
although it would be strange for an AT&T modem/router combo to have the same IP range as the Comcast, but is possible.

edit: to use the DLink as nothing more than a switch... you would need to disable DHCP, and then have a cable from the SMC to a LAN port on the DLink.
But... generally you would first want to change the IP address of the DLink to one in the same range as the SMC, so that it will be easier to access for configuration down the road.

 

[motolube]

ok... so it worked fine after Comcast installed their SMC gateway/modem combo.

And it continued to work fine until you hooked up the DLink.

Correct?

hmmm....

Yes, that is exactly right.

did you by chance check the LMHOSTS file also?

If this is an option within the D-Link router, I don't believe I enable/disable it as I don't believe I saw it as an option and for the most part, if I don't understand what they do or don't do, I just leave them alone

although it would be strange for an AT&T modem/router combo to have the same IP range as the Comcast, but is possible.

perhaps it did change on its own after I restarted all the PC's but I just didn't noticed it?

edit: to use the DLink as nothing more than a switch... you would need to disable DHCP, and then have a cable from the SMC to a LAN port on the DLink.

I do believe that's how the Comcast Tech had it set but I went ahead and changed it to the INTERNET port.

But... generally you would first want to change the IP address of the DLink to one in the same range as the SMC, so that it will be easier to access for configuration down the road.

This is the part I would need a little more info then,as I have a basic understanding about the logic behind it but not enough knowledge to do so myself w/o botching something up.

So, what you are saying is this... basically

Run the Ethernet cable from the Comcast Modem/router to the LAN Port of the D-Link router (Port 1 as an example).

Run the other Ethernet cable from the D-LInk on Port 4 to the Linksys Gigabit Switch to port 8 (also as an example).

Disable DHCP on the D-Link router but then, what option do I choose to have it on?

 

[YeOldeStonecat]

If you're going to stick to using the SMC as your router (depends on what you want to do with your static IP address, as the one the SMC obtains is not your assigned static WAN IP, you use that on your own router. BUT...you may not need that..so using the SMC may be fine for you.

Anyways, SMC web admin is 10.1.10.1
Username is cusadmin or custadmin
password is highspeed

Now, plug a PC into your DLink router, and change its LAN IP to 10.1.10.2 or 10.1.10.253 (I commonly use .253 for access points, it's the common last octet for them..or .245) Just remember what you made it.
Next..disable DHCP on the DLink

Now...uplink your DLink to your main switch using a LAN port of the DLInk, you WILL NOT use the WAN/Internet port of the DLink. You don't need to do anything else, it is now running as an access point. You don't need to disable NAT, you don't need to disable SPI or any firewall features..you're not using the WAN/internet port..thus those do not come into play.

Next..uplink a LAN port of your SMC gateway to your main switch, using a LAN port of the SMC.

Now your router and access point are equally linked to your primary switch. You don't want to daisy chain your SMC into your DLInk into your main switch...that's not as efficient as uplinking each one to the main switch.

The SMC by default runs DHCP for your network, since you're not running it on your server.

 

[gimp]

Yes, that is exactly right.

ok, good to know it didn't start right after the initial install or anything; helps eliminate possibilities.

If this is an option within the D-Link router, I don't believe I enable/disable it as I don't believe I saw it as an option and for the most part, if I don't understand what they do or don't do, I just leave them alone

The LMHOSTS file would be in the same place as the HOSTS file. It's on the computers.

perhaps it did change on its own after I restarted all the PC's but I just didn't noticed it?

This is definitely possible. What it could be, is a line in the LMHOSTS file pointing a particular IP address to a particular hostname (ie, server name). The computer will look in the LMHOSTS and HOSTS file first, before it attempts to resolve the computer name to an IP on it's own. What could be happening, is there is a line in LMHOSTS, so the computer keeps trying to talk to the server at a no-longer-existant IP address, then after it fails, it goes out and finds the new IP. This could explain the long delay.

I do believe that's how the Comcast Tech had it set but I went ahead and changed it to the INTERNET port.

well, either way is bad, without reconfiguring the DLink, depending on how the SMC is setup. Either way will work, but can cause headache down the road.

This is the part I would need a little more info then,as I have a basic understanding about the logic behind it but not enough knowledge to do so myself w/o botching something up.

So, what you are saying is this... basically

Run the Ethernet cable from the Comcast Modem/router to the LAN Port of the D-Link router (Port 1 as an example).

Run the other Ethernet cable from the D-LInk on Port 4 to the Linksys Gigabit Switch to port 8 (also as an example).

Disable DHCP on the D-Link router but then, what option do I choose to have it on?

yes, that is the basic jist. First thing first... basically remove the DLink from the SMC. Hook a computer into the SMC. Do an ipconfig and note the default gateway. The default gateway IP address is the IP of the SMC router. May be something like 192.168.0.1, 192.168.1.1, 10.1.10.1, something like that. The last number will be a 1 or 254.
So, with that IP, let's just pretend it's 192.168.2.1. So now, on the DLink which is hooked to nothing but a computer, you shoudl be able to change it's IP address. Make it, say, 192.168.2.2.
It will need to be in the same "range" as the SMC.
Once that's done, then you can turn off the DHCP server portion of the router.
Once that's done, plug a cable into the LAN port on the SMC, and the other end into a LAN port on the DLink.

 

[motolube]

j-sta I have read both of your last 2 replies and before I respond to it I just want to say THANKS for taking the time to help.

It is getting to a point where I am getting a little confuse with everything we want to do but I am always willing to try as long as I am clear of what I am doing

You said "If I want to use the SMC instead of the D-Link", this tells me that I may have a choice between using either of them? If so, I rather utilize the D-Link since I would have the Wireless option that the SMC does not provide and the reason why I bought the D-Link in the first place.

If this is not an option (having the D-Link as Primary Router), I just soon get rid of it and don't utilize it at all, this way I will avoid all this mess and since I won't have wireless, why do I need to use it?

 

[gimp]

j-sta I have read both of your last 2 replies and before I respond to it I just want to say THANKS for taking the time to help.

It is getting to a point where I am getting a little confuse with everything we want to do but I am always willing to try as long as I am clear of what I am doing

You said "If I want to use the SMC instead of the D-Link", this tells me that I may have a choice between using either of them? If so, I rather utilize the D-Link since I would have the Wireless option that the SMC does not provide and the reason why I bought the D-Link in the first place.

If this is not an option (having the D-Link as Primary Router), I just soon get rid of it and don't utilize it at all, this way I will avoid all this mess and since I won't have wireless, why do I need to use it?

you could use the SMC instead of the DLink. It's already a router, so it can do all you need, sans wireless.
You could exchange that DLink router for a WAP (Wireless Access Point), to provide the wireless capability you're looking for.

That may be the easiest, least confusing way for you to go, since you stated you and networking don't get along too well.

a WAP would hook into the SMC, and do nothing more than provide a wireless signal.

 

[YeOldeStonecat]

I laid out the roadmap above on changing the DStink to a WAP.

 

[motolube]

OK... I am all for that (even though I doubt Newegg will take it back for a credit or refund).

What WAP would you guys recommend me using/buying to use with that SMC router?

 

[gimp]

well in that case, if you got it at NewEgg....

rather than spend more money, put that DLink to use.

YeOlde explained what needed to be done a couple posts up

 

[motolube]

well in that case, if you got it at NewEgg....

rather than spend more money, put that DLink to use.

YeOlde explained what needed to be done a couple posts up

Well, before I proceed to do what YeOlde proposes, I would need to know if by doing that, I am still going to be able to have WIRELESS capabilities or not, otherwise, I just use the SMC modem/router and be done with it.

I rather resell the D-Link or give it to a friend in need and buy the WPA because installing the WPA might be a lot easier than doing what YeOlde wants me to do with the D-Link... at least for me


P.S.: Guys, I just checked and I have until the 10th to refund/ the D-Link, there is a Restocking Fee but I may be able to get the WPA from Newegg and get away with the Restocking fee. I would like to buy the best WPA possible... can you suggest one?

 

[YeOldeStonecat]

Yes converting the DLink to access point mode will give you wireless abilities.

Your alternative is to set the WAN interface of your DLink with the static public IP address that Comcast gave you on your information sheet when you signed up. It is NOT the same public IP address that the SMC obtains on its WAN interface.

You set that static info into the WAN interface of your DLink, you uplink the DLinks WAN/Internet port to one of the LAN ports of the SMC. You plug a PC into one of the LAN interfaces of the SMC..log into its web admin, and disable the firewall features. Now..the SMC is basically acting like a pure bridged modem and allowing your DLinks WAN interface to pass through it without NAT or anything, and you use your DLink as your one and only router, this way you're not double NAT'ing.

 

[motolube]

Yes converting the DLink to access point mode will give you wireless abilities.

Your alternative is to set the WAN interface of your DLink with the static public IP address that Comcast gave you on your information sheet when you signed up. It is NOT the same public IP address that the SMC obtains on its WAN interface.

You set that static info into the WAN interface of your DLink, you uplink the DLinks WAN/Internet port to one of the LAN ports of the SMC. You plug a PC into one of the LAN interfaces of the SMC..log into its web admin, and disable the firewall features. Now..the SMC is basically acting like a pure bridged modem and allowing your DLinks WAN interface to pass through it without NAT or anything, and you use your DLink as your one and only router, this way you're not double NAT'ing.

Thank you... Again (to both of you guys).

Now, I will go ahead and attempt to do what you told me on the previous post but I may need you to hold my hand a bit... I hope you don't mind wasting a little more time on me since you have already wasted a lot

One thing that has me a bit baffled is, the use of a PC directly connected to the Router is just to make the necesary changes, right? Once I am done, I should re route it to how I had it before?

I know that re reading my posts is going to be annoying so, to help me further and make it easier for you, is it more convenient to you if I were to list the setup I have at this moment and then you make new instructions for me or do I attempt to do what you have described before and then ask questions?.

 

[YeOldeStonecat]

One thing that has me a bit baffled is, the use of a PC directly connected to the Router is just to make the necesary changes, right? Once I am done, I should re route it to how I had it before?
.

Yes..you temporarily plug a PC into the back of the SMC..it will pickup a 10.1.10.10x address so you can log into the SMC web admin at 10.1.10.1....make your changes. Remove PC from back of SMC, plug back into your main network so it picks up a 192.xxx address..and you're back in business.

 

[motolube]

Yes..you temporarily plug a PC into the back of the SMC..it will pickup a 10.1.10.10x address so you can log into the SMC web admin at 10.1.10.1....make your changes. Remove PC from back of SMC, plug back into your main network so it picks up a 192.xxx address..and you're back in business.

Ahhhhh OK, I'll try your instructions first thing is the morning before my partners make it to the office... hopefully I won't make scrambled eggs out of this.

I'll come back to post my findings

 

[motolube]

Your alternative is to set the WAN interface of your DLink with the static public IP address that Comcast gave you on your information sheet when you signed up. It is NOT the same public IP address that the SMC obtains on its WAN interface.

You set that static info into the WAN interface of your DLink, you uplink the DLinks WAN/Internet port to one of the LAN ports of the SMC. You plug a PC into one of the LAN interfaces of the SMC..log into its web admin, and disable the firewall features. Now..the SMC is basically acting like a pure bridged modem and allowing your DLinks WAN interface to pass through it without NAT or anything, and you use your DLink as your one and only router, this way you're not double NAT'ing.

This is exactly what I did... I had a few issues with Subnet Mask and Default Gateways but after a while, I got it going.

Again, thank you kindly for the time I hope others can gain from this.