Help - Network Issue Driving Me Nuts....

[sillyfools]

I have a zyxel broadband router that sits at 192.168.1.1

I have a Linksys WAP54G Access Point that sits at 192.168.1.2 to serve my connection indoors.

I have a Linksys WAP54G Access Point that sits at 192.168.1.3 to serve my connection outdoors.

The indoors one runs the stock firmware.

The outdoors one runs the dd-wrt firmware as it allows me to crank up the power if needed.

My gateway settings are 192.168.1.1 (the router) which also runs DHCP. My PC have fixed IP numbers. Only laptops and phones use dhcp to get a number assigned.

I can ping the outdoors one (x.x.x.3) but not the indoors one (x.x.x.2) when the outdoors one is on.

When I ping 192.168.1.2, I get a reply from 192.168.1.3 (!!!!!!) saying destination unreachable.

In fact, even more bizarre (I'm running a ping -t) I just was able to ping it for 2 seconds, end it is unreachable again.

192.168.1.2 is forwarding the DHCP from my broadband router in the range 192.168.1.100-110 so there is no overlap.

I have absolutely no idea why I cannot even ping it. I even have to log in via my iPhone to that access point and use its IP address that way to be able to get to the settings.

I don't want to flash the indoors WAP54 to dd-wrt as it took me over a day last time and I don't really have that much time left to get back to work.

What can I do and why do pings to .2 get answered from .3?

[anothertorres]

when you are running a ping, are you doing that from a PC that is in the .100+ range? and which access point router are you connected to when you perform the ping?

in the meantime, might i suggest something to help troubleshoot? manually set your indoor router to something like 192.168.2.1 and then set the outdoor to 192.168.3.1.

got off them both 192.168.1.X.

[sillyfools]

when you are running a ping, are you doing that from a PC that is in the .100+ range? and which access point router are you connected to when you perform the ping?

in the meantime, might i suggest something to help troubleshoot? manually set your indoor router to something like 192.168.2.1 and then set the outdoor to 192.168.3.1.

got off them both 192.168.1.X.

Hi anothertorres,

I am running it from 192.168.1.61 and I am directly patched in by utp-cable to the switch. That is the switch that connects to my broadband router as gateway and to the two APs.

I have just found out that my laptops that connect through the indoor AP can get on the net. I can also access the admin of the AP from the laptop's side.

However from my main workstation I cannot ping to it or access the admin.

I think somehow the outdoors AP might be taking over somehow? Broadcasting dns info in a way? I'm not at all familiar with routing over different subnets. Can you specify the instructions about that?

Thanks for your help.

[sillyfools]

The strangest thing to me is that sometimes I get a ping from the device for 1 or 2 seconds. Then it goes back to Destination host unreachable and the reply comes from 192.168.1.3

[sillyfools]

I've set them up like this now. Please let me know if I made any mistakes or what I should do next.

adsl router at 192.168.1.1 subnet 255.255.0.0

indoors ap at 192.168.2.1 subnet 255.255.0.0

outdoors ap at 192.168.3.1 subnet 255.255.0.0

I have set my workstation as 192.168.1.40 subnet 255.255.0.0 and gateway 192.168.1.1

I can still connect to 192.168.3.1 admin

I can still not connect to 192.168.2.1 admin

when I do I get a destination host unreachable and the response comes from 192.168.3.1

[welo]

If your two Linksys APs run in router mode, then you probably have a seriously massed up setup (both, your original and your modified setup)

If they are in AP only mode, then everything is OK. They won't do NAT or run a DHCP server, and your network topology should actually be pretty simple (all sharing one subnet).

In what mode do you run your Linksys routers. I recommend switching them to AP-only mode.

A word on the router mode:

The routers will do NAT, and will route between the external and internal LAN. The external LAN being the Zyxel (if connected on the WAN port), the internal LAN being devices connected on the LAN ports or wireless.

The router will have an IP on the external LAN and another one on the internal LAN. Usually routers don't allow to setup an internal LAN IP in the same subnet as the external LAN, in your case 192.168.1.x. So I'm not sure what your setup is right now.

This setup might even be more confusing when the Zyxel is not connected on the WAN port but on one of the standard LAN ports.

Your second setup doesn't really change anything. All three IPs still share the same subnet because you changed the subnet mask as well t0 255.255.0.0. Change the subnet mask to 255.255.255.0 and you will have three different subnets.

However, the problem is most likely the router mode, and no change in the IP setup will actually change that.

[welo]

Any update?

[astral]

It may not be relevant, but have you checked the frequencies used by your two wireless AP's

Other traffic in the frequency may be affecting your access.

It would also be better if the two AP's were on different frequencies.

The frequency you use is defined in the wireless settings.

Netstumbler http://www.netstumbler.com/downloads/

will allow you to see what is going on in your local neighbourhood.

[sillyfools]

@welo

The outdoors (DD-WRT) Linksys is in router mode.

It has the choice between DHCP server or DHCP forwarded so I checked forwarding and entered my gateway which acts as an DHCP server.

Under routing it has also "Dynamic Routing". I can choose the interface between (1) Lan & WLAN [currently selected), (2) disable, (3) WAN, 4 (both)

The outdoors (stock firmware) Linksys is in Access Point mode. Nowhere do I see a router option.

I have given it a static Ip and the gateway is 192.168.1.1

@astral

My access points use different channels away from the predominant frequencies used around here (1,6,12 :-)). It is not an issue of not being able to connect to them wirelessly, I cannot get into the admin (neither ping them) from my wired network.... and worrisome is indeed that the 192.168.3.1 is responding to pings I send to 192.168.2.1

[Prasert]

The usual headache: bridges, accesspoints, routers.

The magic word: OSI model.

Layer 1

This consists of the physical network - in this case the utp wiring for the LAN part and the radio signals for the WiFi part. There's 4 non-overlapping bands in the 2.4GHz range: if you configure channels 1, 5, 9 and 13 on 4 nearby accesspoints, these will not interfere with eachother.

Layer 2

This layer has nothing to do with TCP/IP yet. It's the layer where MAC addresses play a role. An accesspoint works as a bridge on this layer: it bridges traffic between the wired and non-wired physical networks. To perform this function, it only needs to know which MAC addresses are on both physical networks and it'll keep track of these addresses in a table.

Layer 3

This is where the IP protocol starts. All physical networks that are bridged together at layer-2 are seen as 1 network on layer-3. This means that all devices on this network will have an IP address from the same range, and they will all be able to ping each other.

An accesspoint has an IP address, but that's only for the purpose of configuring/managing the accesspoint. It's IP address does not play any role in it's basic function: bridging between the wired and wireless network.

In the setup of the OP there's a network consisting of 2 accesspoints and a router which connects this network to the internet. The easiest setup is to make this one single layer-3 network:

Use the network 192.168.0.0/24 (/24 means the subnet mask is 255.255.255.0)

Give the router address 192.168.0.1

Give accesspoint1 address 192.168.0.2 and set it to channel 5

Give accesspoint2 address 192.168.0.3 and set it to channel 9

Configure the same SSID on both accesspoints; any device will automatically select the strongest signal.

If you're using a wireless router as an accesspoint: use one of the LAN ports to connect it and leave the WAN port unconnected. Only configure an IP address, subnet mask and default gateway.

Configure only one dhcp service, e.g. on the router that connects to the internet.

[sillyfools]

The usual headache: bridges, accesspoints, routers.

The magic word: OSI model.

Layer 1

This consists of the physical network - in this case the utp wiring for the LAN part and the radio signals for the WiFi part. There's 4 non-overlapping bands in the 2.4GHz range: if you configure channels 1, 5, 9 and 13 on 4 nearby accesspoints, these will not interfere with eachother.

Layer 2

This layer has nothing to do with TCP/IP yet. It's the layer where MAC addresses play a role. An accesspoint works as a bridge on this layer: it bridges traffic between the wired and non-wired physical networks. To perform this function, it only needs to know which MAC addresses are on both physical networks and it'll keep track of these addresses in a table.

Layer 3

This is where the IP protocol starts. All physical networks that are bridged together at layer-2 are seen as 1 network on layer-3. This means that all devices on this network will have an IP address from the same range, and they will all be able to ping each other.

An accesspoint has an IP address, but that's only for the purpose of configuring/managing the accesspoint. It's IP address does not play any role in it's basic function: bridging between the wired and wireless network.

In the setup of the OP there's a network consisting of 2 accesspoints and a router which connects this network to the internet. The easiest setup is to make this one single layer-3 network:

Use the network 192.168.0.0/24 (/24 means the subnet mask is 255.255.255.0)

Give the router address 192.168.0.1

Give accesspoint1 address 192.168.0.2 and set it to channel 5

Give accesspoint2 address 192.168.0.3 and set it to channel 9

Configure the same SSID on both accesspoints; any device will automatically select the strongest signal.

If you're using a wireless router as an accesspoint: use one of the LAN ports to connect it and leave the WAN port unconnected. Only configure an IP address, subnet mask and default gateway.

Configure only one dhcp service, e.g. on the router that connects to the internet.

Hi Prasert,

1) Thank you a lot for your post. A question regarding layer 1. I have a lot of traffic around me and most of them on channel 1, 6, 11. Currently I have my AP's set up for channel 4 and 8 as they seem to be rather empty. Is that a good choice or should I change it to 5 and 9 anyway even though my signal strength may weaken?

2) Regarding layer 3. I'm no expert on subnets so bear with me :-). I have it currently set up as 192.168.1.1 .. is there any way that I can keep that? I had someone set up a vpn connection to my machine from my web server so I can access my mail remotely. I uses my 192.168.1.61 ip address somehow and I have no idea how it would need be changed. Is there any other solution to this?

3) The last points were clear and are what I think I was doing. I just don't understand why 192.168.3.1 is responding to pings to 192.168.2.1 (before I changed them it was the same 192.168.1.3 responding for 192.168.1.2)

[Prasert]

1) Thank you a lot for your post. A question regarding layer 1. I have a lot of traffic around me and most of them on channel 1, 6, 11. Currently I have my AP's set up for channel 4 and 8 as they seem to be rather empty. Is that a good choice or should I change it to 5 and 9 anyway even though my signal strength may weaken?

If you configure channel 1, you're also using channels 2-4. The entire bandwidth used for a wifi connection spans 4 channels. So at least configure the ranges on your own accesspoints non-overlapping. Channels 5 and 9 are the best choice, since all WiFi antennas are constructed for the middle of the frequency band (channel 7)

2) Regarding layer 3. I'm no expert on subnets so bear with me :-). I have it currently set up as 192.168.1.1 .. is there any way that I can keep that? I had someone set up a vpn connection to my machine from my web server so I can access my mail remotely. I uses my 192.168.1.61 ip address somehow and I have no idea how it would need be changed. Is there any other solution to this?

Of course you can choose any subnet. 192.168.1.0/24 is ok as well. But it's more important that you understand what a subnetmask actually means.

3) The last points were clear and are what I think I was doing. I just don't understand why 192.168.3.1 is responding to pings to 192.168.2.1 (before I changed them it was the same 192.168.1.3 responding for 192.168.1.2)

This has to do with the subnetmasks you mentioned earlier. 255.255.255.0 indicates a network with 254 hosts. Subnetmask 255.255.0.0 indicates a network with 65534 hosts!

If not all devices use exactly the same mask, strange things can happen.

Stick to the setup I described, and yes, you can change 192.168.0.x to 192.168.1.x, as long as you are consequent in changing it everywhere. Even more important: understand what you are changing and why.

[welo]

@OP

I can see that your original IP setup (plus your modified 2nd setup) is basically identical to what Prasert suggested, both should put all devices within the same IP subnet.

To understand this part you should read about the meaning of the subnet mask - this part basically determines which parts (octets) of the IP address determine the subnet, and which the individual clients. '255' marks the parts that determine the subnet, the rest will be used to number the clients.

192.168.1.x/255.255.255.0

192.168.0.x/255.255.255.0

192.168.x.x/255.255.0.0

This is why even your 2nd modified setup didn't really change anything and still placed all devices within a shared subnet, because you changed the subnet as well. This is perfectly legal and is used to allow a larger number of devices to share the same subnet.

EDIT: I just read Prasert's recent post. Good to point out the possible pitfalls of not using consistent subnet masks!

But as I said earlier, your IP setup is not the problem. I assume that you have a routing problem.

My idea/guess:

Your dd-wrt Linksys is actually in 'router mode'.

I thought that the Linksys WAP54G is a router, but it is actually just a plain access point - at least with stock firmware! I assume that the dd-wrt firmware actually implements routing functionality on this device, and this causes the problems on your network.

That's why I advised you to switch both Linksys into AP mode - however, the one with the stock firmware is a plain access point without any routing features, so no problem here - but the dd-wrt probably messes things up! At least this is my guess at what happens!

That's why Prasert recommended to not connect to the WAN port on the Linksys - however, the Linksys WAP54G DOES NOT HAVE ANY WAN port by default because it is designed as access point, but the dd-wrt firmware turns the (one) LAN port there is into the WAN port, and start routing between this port and the wireless clients

Therefore you have to find a way to disable any routing functionality for the dd-wrt, not sure if the firmware supports a AP-only mode.

Otherwise disable any DHCP option (NO NEED TO FORWARD DHCP - any wireless client will find the Zyxel DHCP server without problems), and disable any routing functionality. How you do this exactly depends on the software, the wording is sometimes not very exact, it might be described as 'bridge' mode (Prasert will probably now point out that routing and bridging is working on different OSI levels, and he is correct, but still, the term is sometimes used in this manner).

Good luck!

welo

Edited July 1, 2010 by welo

[welo]

Here a tutorial to setup a device with dd-wrt v24 as wireless Access Point.

You basically disable the WAN part, set the mode to 'router' but disable all routing features. But please check the tutorial carefully.

http://www.dd-wrt.com/wiki/index.php/Wireless_Access_Point

[Prasert]

I know the Linksys WAP54G only has one single ethernet interface.

The architecture of this board is not designed at all to perform routing functions. Maybe dd-wrt programmed it into their firmware, but it'll have poor performance.

Getting a stronger signal by pushing more power into the radio will

a. improve transmission but not reception!

b. heat up the chip which is not a smart thing to do in this climate.

The best way to improve range, is to use a bigger antenna. Since an antenna is a passive element, it will not take more power but will improve range; both in transmission and reception of the signal.

Another massive headache in WiFi is wireless-N. It uses 3 bands at the same time to improve throughput. Of course that's nice if you're the owner of the network, but if someone else in the vicinity has such a device with a strong output, it will interfere with your wifi network.

For 802.11b/g WiFi, only 4 non-interfering bands are available at the same location!

[welo]

I know the Linksys WAP54G only has one single ethernet interface.

Just wanted to make it clear to the OP, because *I* had confused the WAP with the WRT before, and you had said: "If you're using a wireless router as an accesspoint: use one of the LAN ports to connect it and leave the WAN port unconnected."

The architecture of this board is not designed at all to perform routing functions. Maybe dd-wrt programmed it into their firmware, but it'll have poor performance.

Are you sure? Looking at the hardware specs the major difference seems to be the smaller FLASH memory, but micro processor and memory specs are very similar (and vary between different revisions): http://www.dd-wrt.com/wiki/index.php/Supported_Devices#Cisco_Linksys_.28Wireless_a.2Fb.2Fg.29

Getting a stronger signal by pushing more power into the radio will

a. improve transmission but not reception!

b. heat up the chip which is not a smart thing to do in this climate.

The best way to improve range, is to use a bigger antenna. Since an antenna is a passive element, it will not take more power but will improve range; both in transmission and reception of the signal.

I learned something today!

About dd-wrt:

It seems that the dd-wrt is a bit more stable than the custom stock firmware. The WAP54G models with only 2MBit flash memory can only load the 'micro edition' anyway, which is said to bring only view more features.

There seems to be an issue with the MAC address not being set correctly after flushing dd-wrt micro edition. Maybe OP should check that as well.

With the Linksys stock firmware there seems to be a problem with the web interface not being accessible when the device is in 'bridge mode', but this doesn't apply to the OP's setup - still, I wanted to mention it, you never know...

sources:

http://forums.speedguide.net/showthread.php?t=240131

http://www.dd-wrt.com/phpBB2/viewtopic.php?t=5025

http://www.dd-wrt.com/wiki/index.php/Linksys_WAP54G

http://toroid.org/ams/linksys-wap54g-firmware