Broadband PPPoE connection

[Anthony5]

There was me today fiddling with my fresh cable internet connection, and at one point I lost connection to the internet.

Whatever I tried impossible to connect again. My PC was unable to identify the network

So at the end I decided to set up a new connection.

I then get the option to get Broadband PPPoE connection, enter my username and password, and the next minute I'm connected to the internet.

When I go to network connections it shows Broadband connection and Local Area Connection.

When in the Network and sharing center I click on network ( it now calls multiple networks by the way), I get afraid.

Where it normally would show Anthony5 PC as the only computer, it now shows maybe 20 or more PC's, all with names I can't identify.

I have logged out as quickly as possible because I assumed that all those PC's I could see would also be able to see mine, and probably connect to my shared folders.

At the end I had no other possibility as to uninstall my networkcard and reinstall, and now get the internet connection working again under local area connection.

So my question is, did I do something wrong and could all those PC's connect to my shared folders, or is Broadband connection indeed the correct way to go, but maybe with different settings?

Edit to add: I wasprovided with a cable modem and wireless router separately, where the router holds the password for the cable connection.

I guess with the "broadband connection" setup I bypass the router?

Edited September 1, 2015 by Anthony5

[thedemon]

Yes from your description that must be what happened. Obviously your cable modem is in bridge mode and the provided router is intended to negotiate the PPPoE connection on it's WAN port. Your PC and other devices are then allocated an IP address (in the private range) by DHCP on your router and NAT shares the WAN connection.

In the case you describe, your PC must have been allocated an IP address directly by your ISP, possibly a public IP. As you surmised that isn't secure. I'm not sure why you were able to see other PC's unless they are doing the same thing and not behind NAT either. Often when on a hotel connection I have seen the same thing but in that situation we are all on the same LAN subnet.

What ISP is that? I'm guessing it's not TRUE because they don't allow "pure bridge" connections to their cable network.

[RichCor]

If the cable modem is indeed working in Bridge Mode that might not be a bad thing!

Just connect your own Router(Gateway) to it and set it up with PPPoE.

You'll be happy.

Story:
A few years ago I rented a place that didn't have Internet so used the local 3BB 99baht/mo Hotspot as my 10/10 connection. Worked fine.

But kept getting security warnings from my network suite. Did a network test and found that I could connect to over 3000 PCs and a few 100 servers sitting naked on the ISPs network. If the owner had shared access to their machine, so did I. Scary.

I then locked down my PC security software to allows only the barest of bare minimum of network interaction and services.

[Anthony5]

Yes from your description that must be what happened. Obviously your cable modem is in bridge mode and the provided router is intended to negotiate the PPPoE connection on it's WAN port. Your PC and other devices are then allocated an IP address (in the private range) by DHCP on your router and NAT shares the WAN connection.

In the case you describe, your PC must have been allocated an IP address directly by your ISP, possibly a public IP. As you surmised that isn't secure. I'm not sure why you were able to see other PC's unless they are doing the same thing and not behind NAT either. Often when on a hotel connection I have seen the same thing but in that situation we are all on the same LAN subnet.

What ISP is that? I'm guessing it's not TRUE because they don't allow "pure bridge" connections to their cable network.

The ISP is the local cable tv company called BTV, and yes it probably was a public IP address, as the network also showed public network instead of home network.It most have all been PC's quite a distance from me because they had names like Aldi computer, Antony PC ( not me), and other foreign names, and in my direct area I'm the only foreigner. Most of the PC names also showed 2 or 3 times.

If the cable modem is indeed working in Bridge Mode that might not be a bad thing!

Just connect your own Router(Gateway) to it and set it up with PPPoE.

You'll be happy.

Story:

A few years ago I rented a place that didn't have Internet so used the local 3BB 99baht/mo Hotspot as my 10/10 connection. Worked fine.

But kept getting security warnings from my network suite. Did a network test and found that I could connect to over 3000 PCs and a few 100 servers sitting naked on the ISPs network. If the owner had shared access to their machine, so did I. Scary.

I then locked down my PC security software to allows only the barest of bare minimum of network interaction and services.

They provided a Tenda router as well, and yesterday when I plugged in, I just had to refresh the network connection and it automatically installed Network 2 aside of the Network I was using previously.

Don't know what went wrong when unplugging and reconnecting the router, but it didn't want to identify Network 2 anymore.

Currently it is working through mu Local area connection and below is what I see in my router.

[RichCor]

You'll need the identity the equipment they gave you and how it's configured a bit more.

Which one is acting as your Router/Gateway/NAT/DHCP.

The Tendra seems to be for WiFi, but might also be configured and meant to be used the Main Router/Gateway/NAT.

If so, then you'll need to connect the incoming CABLE line to the Cable Modem -> Cable Modem LAN Port (providing a Public IP Address) So ONLY connect to -> Tendra WAN port

The Tendra LAN port should now be the LAN side of your NAT Firewall so you can connect your Ethernet Switch setup or other local devices here.

If you need, enter the Tendra WebConfig and configure the LAN Connnection as needed

WAN: automatic detection

LAN: 192.168.2.1

Subnet: 255.255.255.0 provides 254 IP Addresses for your local LAN

Gateway: 192.168.2.1

DNS: ISP preferred, or manually enter your preferred DNS

DHCP: Enabled

WiFi: WPA2 encryption

SSID: {whateveryouprefer}

SSID PSK password: {whateveriseasytorememberbuthardtoguess}

Channel: {whatever channel has the least amount of concurrent traffic}

The Tendra should be configured

Edited September 1, 2015 by RichCor

[Anthony5]

You'll need the identity the equipment they gave you and how it's configured a bit more.

Which one is acting as your Router/Gateway/NAT/DHCP.

The Tendra seems to be for WiFi, but might also be configured and meant to be used the Main Router/Gateway/NAT.

If so, then you'll need to connect the incoming CABLE line to the Cable Modem -> Cable Modem LAN Port (providing a Public IP Address) So ONLY connect to -> Tendra WAN port

The Tendra LAN port should now be the LAN side of your NAT Firewall so you can connect your Ethernet Switch setup or other local devices here.

If you need, enter the Tendra WebConfig and configure the LAN Connnection as needed

WAN: automatic detection

LAN: 192.168.2.1

Subnet: 255.255.255.0 provides 254 IP Addresses for your local LAN

Gateway: 192.168.2.1

DNS: ISP preferred, or manually enter your preferred DNS

DHCP: Enabled

WiFi: WPA2 encryption

SSID: {whateveryouprefer}

SSID PSK password: {whateveriseasytorememberbuthardtoguess}

Channel: {whatever channel has the least amount of concurrent traffic}

The Tendra should be configured

Yes the Tenda is the main router, and the LAN cables are connected as you described.

I have now reset the IP address to 192.168.2.1

As wireless security I have mixed WPA/WPA2 - PSK

Encryption TKIP & AES

Similar to my other routers.

As password I've used something else as the very long password you suggested.

DHCP server gives me the range from 100 to 250.

Should the router IP addresses be inside the range or not?

[RichCor]

The DHCP 'pool' of IP addresses you make available (contiguous range, starting point, and size) are up to you.

Just know that all connecting equipment must me assigned a unique non-duplicate IP Address, so if the IP address has already been used as a 'static' manually entered address on a device or piece of equipment then it is ineligible to be included in the contiguous 'pool'. [Think "secretarial pool" or "pool of actors", not water pool]

So the Router having a fixed IP address of 192.168.2.1 means it has already been assigned and not eligible for the 'pool' of assignable DHCP addresses.

Some routers start the pool from 2. Some start from 100. I like to reserve the low numbers for Static assigned devices, and 100+ for DHCP client devices. DHCP IP Addresses are temporarily assigned, or 'leased', only to connecting equipment requesting them. When the 'lease' time expires (without the connecting equipment requesting to renew the lease) then the previously assigned IP address is released and returned to the 'pool' for reassignment.

Also, many routers will let you have a quasi static IP address delivered via DHCP request. I use this for my laptop and smartphone so they always has a known IP address by setting the router to 'reserve' and assign the IP to only a specific MAC (hardware) address of my wireless interface. This way I can leave my laptop and smartphone WiFi interface to grab dynamic IP addresses when I travel, but always get the same IP address on my home LAN.

[RichCor]

I'm going to consolidate your two topics here. So here's the answer to the question from the other thread:

I'm a bit confused as to what you're doing here (with what equipment).

If you are pulling the old router (192.168.2.1) out of the equation, then the new router should take its place as 192.168.2.1.

Deeper Explanation:

If you have TWO or more active router/gateways active on the same system, and they both are providing DHCP service to connected Ethernet devices for automatic/Dynamic IP, DNS and Gateway acquisition when they connect to the network -- then having the TWO DHCP services active will conflict.

Also, if you have manually set STATIC IP, DNS and Gateway on any connected device, they will ALWAYS use the Gateway set in that setup.

Easiest thing to do is to make the new modem/router take the exact place and settings of the previous setup.

I always give all devices connected to my network a static IP, so I gave the new router that IP address manually.

I have 3 routers include the one that came with the cable internet, which is a Tenda 300M.

The other 2 routers are set as access point, but I just notice that the router to which previously my 3G aircard was connected has DHCP server enabled.

So I assume that I should disable the DHCP server on the previous router, correct?

In the Tenda router internet connection is set to PPPoE and DHCP server is enabled.

The 3rd router has DHCP dissabled.

In the router DHCP server I can set the client start IP and end IP. What IP addresses should I set there?

My routers are 1 - 2 and 3, but my cameras, PC, server and other devices connected to the network all have a static IP address above 150.

"I have 3 routers", "the other 2 routers are set as Access Point, but I just notice that the router to which previously my 3G aircard was connected has DHCP server enabled."

The DHCP should only be active on the device that is the active Gateway (your 192.168.2.1) so it should be disabled on the other routers.

On the routers you've 'repurposed' to work as only WiFi Access Points, disable DHCP, Firewall, Filters, and connect to them only via their LAN ports (The WAN port goes unused). This prevents the router from trying to 'process', 'route', or 'filter' data packets and put them back on your network.

"In the router DHCP server I can set the client start IP and end IP. What IP addresses should I set there?"

"My routers are 1 - 2 and 3, but my cameras, PC, server and other devices connected to the network all have a static IP address above 150."

As I mentioned in the previous post, the DHCP pool must be contiguous but you can control the starting address and the size. If the DHCP Pool currently conflicts with your currently IP Address use plan then something needs to change (either the starting point and size of the DHCP Pool, or all the static IP addresses you've assigned). It's up to you.

My DHCP pool is limited to 25 IP addresses starting at .95 (with the first 5 as "reserved" assigned to specific DHCP enabled equipment) so basically DHCP addresses are dynamically assigned to guest devices requesting IP Addresses from .100 - .120. Addresses below .95 and above .120 are available for static assignment.

[Anthony5]

I'm going to consolidate your two topics here. So here's the answer to the question from the other thread:

I'm a bit confused as to what you're doing here (with what equipment).

If you are pulling the old router (192.168.2.1) out of the equation, then the new router should take its place as 192.168.2.1.

Deeper Explanation:

If you have TWO or more active router/gateways active on the same system, and they both are providing DHCP service to connected Ethernet devices for automatic/Dynamic IP, DNS and Gateway acquisition when they connect to the network -- then having the TWO DHCP services active will conflict.

Also, if you have manually set STATIC IP, DNS and Gateway on any connected device, they will ALWAYS use the Gateway set in that setup.

Easiest thing to do is to make the new modem/router take the exact place and settings of the previous setup.

I always give all devices connected to my network a static IP, so I gave the new router that IP address manually.

I have 3 routers include the one that came with the cable internet, which is a Tenda 300M.

The other 2 routers are set as access point, but I just notice that the router to which previously my 3G aircard was connected has DHCP server enabled.

So I assume that I should disable the DHCP server on the previous router, correct?

In the Tenda router internet connection is set to PPPoE and DHCP server is enabled.

The 3rd router has DHCP dissabled.

In the router DHCP server I can set the client start IP and end IP. What IP addresses should I set there?

My routers are 1 - 2 and 3, but my cameras, PC, server and other devices connected to the network all have a static IP address above 150.

"I have 3 routers", "the other 2 routers are set as Access Point, but I just notice that the router to which previously my 3G aircard was connected has DHCP server enabled."

The DHCP should only be active on the device that is the active Gateway (your 192.168.2.1) so it should be disabled on the other routers.

On the routers you've 'repurposed' to work as only WiFi Access Points, disable DHCP, Firewall, Filters, and connect to them only via their LAN ports (The WAN port goes unused). This prevents the router from trying to 'process', 'route', or 'filter' data packets and put them back on your network.

"In the router DHCP server I can set the client start IP and end IP. What IP addresses should I set there?"

"My routers are 1 - 2 and 3, but my cameras, PC, server and other devices connected to the network all have a static IP address above 150."

As I mentioned in the previous post, the DHCP pool must be contiguous but you can control the starting address and the size. If the DHCP Pool currently conflicts with your currently IP Address use plan then something needs to change (either the starting point and size of the DHCP Pool, or all the static IP addresses you've assigned). It's up to you.

My DHCP pool is limited to 25 IP addresses starting at .95 (with the first 5 as "reserved" assigned to specific DHCP enabled equipment) so basically DHCP addresses are dynamically assigned to guest devices requesting IP Addresses from .100 - .120. Addresses below .95 and above .120 are available for static assignment.

Thanks for the informative and knowledgeable response.

My additional routers not only function as Wifi access points, but also as a switch since they have a camera connected through the LAN port.

Does that make a difference for the settings you suggested?

So do I understand correctly that to avoid IP conflicts, the Static IP addresses are best set outside the DHCP pool, or reserved if they are inside the pool ?

I notice in my DHCP client list from the Tenda router, it doesn't list any connected devices. This morning it listed my PC's IP address, but about an hour later that one disappeared as well.

In the Tenda router I have an Extender function, which can be set to Disabled - Universal repeater - WISP mode or WDS bridge. Which setting I should select there?

I'm still confused about the routing table that shows 192.168.2.0

Edit: Additional question : Is there a way to prevent my server to download anything from the internet, other than setting the DNS server to a fake DNS address?

Edited September 2, 2015 by Anthony5

[RichCor]

"My additional routers not only function as Wifi access points, but also as a switch since they have a camera connected through the LAN port.

Does that make a difference for the settings you suggested?"

No difference. The built-in Switch on a consumer router is usually 'unmanaged' and functions in the background so long as there is power.

My ZTE Fiber Optic Router has settings where you specify what DHCP addresses can be given out (leased) on each individual port, handy if you want to quickly identify 'where' a DHCP connected client might be. If I 'repurposed' this router to act just as a Switch, I'm not sure what effect this setting would have (probably none as it's tied to DHCP, that would be disabled when repurposed). But you have to look for these things and see if they'll have any side effects.

"So do I understand correctly that to avoid IP conflicts, the Static IP addresses are best set outside the DHCP pool, or reserved if they are inside the pool ?"

Yes, correct. Must is probably a better word that 'best'.

"I notice in my DHCP client list from the Tenda router, it doesn't list any connected devices. This morning it listed my PC's IP address, but about an hour later that one disappeared as well."

Most routers will always display a list of DHCP IP Addresses it has granted (and are actively leased), and some routers might also include a list of all connections/devices with which it has recently exchanged data.

"In the Tenda router I have an Extender function, which can be set to Disabled - Universal repeater - WISP mode or WDS bridge. Which setting I should select there?"

Disabled, if you are connected to your LAN network over Ethernet cable.

Extender functions are used for wireless installations, where running a physical Ethernet cable is impractical. "Extender function" allows the WiFi Router device to connect an existing WiFi

SSID signal and then extent that same connection as its own.

"I'm still confused about the routing table that shows 192.168.2.0"

A .0 address is invalid, so it's used to represent a 'shorthand notation' the whole subnet of numbers. In your case, 192.168.2.0 represents your LAN subnet addresses of 192.168.2.1 - 192.168.2.255

"Additional question : Is there a way to prevent my server to download anything from the internet, other than setting the DNS server to a fake DNS address?"

If you remove the Gateway address from its network interface, it won't be able to communicate beyond your LAN.

Also, if the running software on the machine already knows (is using) an numerical IP Address to make the remote connection then it doesn't even need to even query DNS. This is why sometimes some software will continue working while your browser remains broken (when only DNS lookup/resolve service is impaired or broken).