two routers on a switch connected to modem

R

Red Squirrel

[H]F Junkie
Joined
Nov 29, 2009
Messages
9,211
For some reason, I had this working before and now it wont. Basically, as title says, I have two routers (one being a pfsense box) plugged into a switch, and that switch is plugged into the DSL modem. The pfsense box network picks up an IP fine, but the other router just stays stuck at obtaining an IP. I thought maybe by chance my ISP ran out of IPs (I've seen this happen, worked at the helpdesk there) so I unplugged my other router but still nothing. My ISP does allow up to two IPs.

I tried plugging the non working router directly into the modem and it works. Why wont it work when it's plugged to the switch? The port lights up so I know it's not a layer 1 issue.

If I can't get this to work, I am planning of just plugging the second router into another nic of the pfsense box and making a DMZ/vlan. Will this be 100% safe? Basically this second network is used for PCs that have viruses on them and such, and may even be used for dangerous experimentation, so I can't afford any of it's traffic ending up on my main network, that's why I prefer having it outside of the pfsense box completely.
 
Have you tried letting a PC grab the 2nd IP instead of the other router? That would at least narrow down whether or not you're actually able to receive 2 IPs...
 
I have done this exact setup twice now in the past 2 days. My personal network is:
AT&T Residential Gateway ---> Netgear WNDR3700.

For that here is what I did. I pulled the Netgear off the RG, I reset it back to factory defaults. I plugged a laptop directly into the router without any WAN/LAN connections outgoing.
If your first router is handling DHCP, you just shut that off on the 2nd router, setup the router with a IP address outside of the scope of your DHCP server, basically if 192.168.1.1 is your router, and you're handing out IP's starting @ .2, then set your 2nd router to like 192.168.1.110, that way there's no conflicts and you can pick up the traffic and still direct it back to the gateway properly. This allows me to use the Netgear for Wireless, and Wired, and also to keep Gigabit traffic on its ports, since the RG is only 100 mbit ports.. Sure my uplink to the RG is limited to 100mbit, but the only thing I have running off its ports is my VoIP boxes and my printer, so its never an issue.

Now, there's no guarantee this will work for you, but thats how I went about it. Make sure that you aren't double natting, it causes a crap ton of issues. Lemme know if anything I went through helps jar some thoughts for you.

The one I did today is basically the same as above, EXCEPT I had to let it take DHCP ip's from the 1st router (it would not work statically), and then it worked. I don't argue with why, I just know that was the only solution that in 1 hour of work solved the problem. POS old Linksys Router was the front end, so that may explain its finicky behavior.
 
Been messing with this for a bit. It SHOULD work, but I think what's going on is the switch is getting confused and not "routing" the packets properly. It's probably trying to send them to the firewall's outside port instead of to the modem's inside port. Been playing around adding a cross over cable at various spots to see if it fixes the issue, but no go.

Given I have 2 extra ports on the firewall think I'll just use those for the external network and avoid pulling two IPs while still keeping the traffic separate.
 
I'd go that route as well...

However your switch just deals with frames, therefore it does not route. When you connect either of those to the switch, they should both use the broadcast address looking for a DHCP server, which your cable modem should pick up immediately if you are indeed getting 2 IPs. Also both routers should know (once they get the gateway) that the ISPs router is the next hop, they shouldn't forward frames to each other... Unless you have DHCP server enabled on either of those interfaces, that really should not cause an issue.
 
Generally multiple IP setups over cable modems use static not DHCP...never heard of anyone wanting to do that...kind of defeats the purpose.
 
The ISP may have changed their policy and now only gives 1 IP to the first MAC address they see. Have you contacted them?
 
Ok so I got around to setting up one of the spare interfaces on my firewall. I now have two LANs. This is actually very powerful as I can make various rules on how these two LANs can talk to each other. So I blocked the "external" one from being able to talk to the "internal" but if I need to give access to certain resources, I can. This is pretty cool. Really, I need to drop the two routers out of the equation and just go straight to a switch. This would make things easier as right now I have two nats inside their own nat. Port forwarding is not very fun. lol

And with all this, I have a spare switch now.
 
You must log in or register to reply here.
Back
Top