Need help with IP Addresses

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
Dougvf-p40
New Member
Posts: 7
Joined: Fri Jan 26, 2007 6:38 am

Need help with IP Addresses

Postby Dougvf-p40 » Thu Feb 05, 2009 7:08 pm

I recently installed a wireless access point in the church and it is connected to the Cisco Firewall. Sometimes when the church computer or laptop connect either wired or wireless, I get a 192.x.x.x IP address and it will not get out to the internet. Sometimes though it gets a 10.x.x.x IP address and it works well. How to I ensure that any computer that connects gets a 10.X.X.X IP address. If I unplug the wireless router is seems to always get a 10. address. Is the computer sometimes getting the IP address from the wireless router instead of the Cisco Router? Is all that I need to do is turn of the DHCP server on the wireless router?

I thought I tried that and it still had the problem, but I could have done something wrong and didn't do it correctly.

A second question is the cisco router only has 4 ports and they are being used by the church FHC computers. I need to get more ports to plug in the wireless router. Can I just plug in a Linksys 8 port router and then plug that into one of the ports on the Cisco router and then plug in the church computer and wireless access poiint into the new switch? Will that work?

Thanks

russellhltn
Community Administrator
Posts: 20758
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Thu Feb 05, 2009 7:44 pm

Dougvf wrote:I recently installed a wireless access point in the church and it is connected to the Cisco Firewall. Sometimes when the church computer or laptop connect either wired or wireless, I get a 192.x.x.x IP address and it will not get out to the internet. Sometimes though it gets a 10.x.x.x IP address and it works well. How to I ensure that any computer that connects gets a 10.X.X.X IP address. If I unplug the wireless router is seems to always get a 10. address. Is the computer sometimes getting the IP address from the wireless router instead of the Cisco Router? Is all that I need to do is turn of the DHCP server on the wireless router?


That sounds like the issue to me. What port of the wireless router are you connecting to the wired network? (It should be the one marked for WAN or modem). It sounds like you've got two DHCP servers going on the same segment.

Dougvf wrote:A second question is the cisco router only has 4 ports and they are being used by the church FHC computers. I need to get more ports to plug in the wireless router. Can I just plug in a Linksys 8 port router and then plug that into one of the ports on the Cisco router and then plug in the church computer and wireless access poiint into the new switch? Will that work?


(Emphasis added). What you want is a switch, not a "8 port router". Yes, a switch should work fine. More routers is just going to make things ugly.
Have you searched the Wiki?
Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

Dougvf-p40
New Member
Posts: 7
Joined: Fri Jan 26, 2007 6:38 am

Postby Dougvf-p40 » Thu Feb 05, 2009 8:24 pm

Thanks for the reply. I did get an 8 port Linksys switch, not a router.

I did not connect the wireless router to the WAN port, I just used port number 1 on the wireless router and port number 4 on the Church Cisco Switch. I actually have two LinkSys wireless routers. So from port number 4 of the Cisco router, I am going to port number 1 of the Linksys WRT150N. Then I put another cable from port number 2 of the first WRT150N to port number 1 of the second WRT150N. It sounds like I need to change that to use the WAN port coming in to both WRT150N WAP

russellhltn
Community Administrator
Posts: 20758
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Thu Feb 05, 2009 9:24 pm

It depends on what you are trying to do. With the wired network plugged into Port 1 like that you have to turn off all the features of the wireless router like the DHCP.

But if you use the LAN port, then you leave the DHCP turned on. All the wireless clients will look like one IP to the Cisco box.

There's pros and cons either way.
Have you searched the Wiki?

Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

User avatar
Mikerowaved
Community Moderators
Posts: 3131
Joined: Sun Dec 23, 2007 12:56 am
Location: Layton, UT

Postby Mikerowaved » Thu Feb 05, 2009 11:54 pm

Dougvf wrote:Thanks for the reply. I did get an 8 port Linksys switch, not a router.

I did not connect the wireless router to the WAN port, I just used port number 1 on the wireless router and port number 4 on the Church Cisco Switch. I actually have two LinkSys wireless routers. So from port number 4 of the Cisco router, I am going to port number 1 of the Linksys WRT150N. Then I put another cable from port number 2 of the first WRT150N to port number 1 of the second WRT150N. It sounds like I need to change that to use the WAN port coming in to both WRT150N WAP

The way you physically have it set up is fine. Using the WAN port needlessly complicates things. To make them work as WAP's, I recommend the following changes be made to each of your router's default configuration:

  1. Change the default login password for accessing the configuration settings.
  2. Turn off DHCP.
  3. Set the SSID to one that is common for every WAP in your building. (We use the same one in all our buildings.)
  4. Set the wireless channels differently on each box using channels 1, 6 or 11. (If you have more than 3 WAP's, space the channels the best you can.)
  5. Set the wireless encryption to WPA-PSK, or sometimes called WPA-Personal. (I would recommend WPA2, but unfortunately, not all wireless equipment can support WPA2, and it usually ends up being a stake president's notebook just before an important meeting. ;))
  6. Set the WPA key to one that's common for each WAP in the building. A longer key is better.
  7. Fix the LAN IP address of each device to somewhere in the range that's 1 to 5 addresses higher than your Cisco firewall. For example, if your Cisco's label says 10.4.23.66, then choose an address in the range of 10.4.23.67 through 10.4.23.71 for each box. These addresses are skipped over by the Cisco's DHCP server and you wont run the risk of an IP conflict. This also lets you directly access each WAP in the future (or ping it to make sure it's still alive.)
  8. Keep records of where each router/WAP is located, how it's connected back to the Cisco box, what its IP address is, what the administrative password is, etc. These will be very helpful down the road when you are asked to do things, like change the WPA key, and have to access each WAP to do it.
Yes, you can add an 8-port switch to expand the number of ports the Cisco has available.
So we can better help you, please edit your Profile to include your general location.

Dougvf-p40
New Member
Posts: 7
Joined: Fri Jan 26, 2007 6:38 am

Postby Dougvf-p40 » Fri Feb 06, 2009 7:40 am

Thanks for the help. I thought that I had turned off DHCP on the WAP's but maybe I didn't do that correctly and that is why it is assigning the 192.X.X.X IP addresses. I will recheck them tomorrow and see if they fixes everything. I will post back once it is solved.

russellhltn
Community Administrator
Posts: 20758
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Fri Feb 06, 2009 11:33 am

Mikerowaved wrote:The way you physically have it set up is fine. Using the WAN port needlessly complicates things.


Depends on what you want to do. Done right, it can render the wireless network unable to access anything on the wired network except the Internet. An added security layer.

One issue I haven't seen come up is how many IPs are allowed to reach the Internet. The older PIX units suppled to FHC were only licensed for 10 users (it could be increased with a phone call). Use of the router in the WAP could extend that number.
Have you searched the Wiki?

Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

Dougvf-p40
New Member
Posts: 7
Joined: Fri Jan 26, 2007 6:38 am

Postby Dougvf-p40 » Sun Feb 08, 2009 1:09 pm

I was able to get everything working so thanks for you help. Here is what the configuration looks like. I have three Linksys WRT160N WAPs. I changed the SSID on each of them to StakeCenter1, StakeCenter2, And StakeCenter3. I set the password to all WAPs to be the same. I set the Wireless password to be the same on all of them.

I turned off DHCP on all three. I did not change the channel but left it to Auto. I plugged the incoming cable from the Church Cisco router to port 1 on the first WAP. I connected the second WAP from port 2 of the first one to port one of the second one. I connected the third WAP from port 2 of the second one to port one of the third one.

I tested everything and it is working great. The Cisco router was already setup to "LDS Extended" so I did not have to change that.

The problem I was having is that the first WAP was going into the WAN port of the second WAP. I also had not turned off DHCP on the third WAP. The Cisco router did not have the IP address on it and I was not sure how to get it.

Thanks for the help.

User avatar
Mikerowaved
Community Moderators
Posts: 3131
Joined: Sun Dec 23, 2007 12:56 am
Location: Layton, UT

Postby Mikerowaved » Mon Feb 09, 2009 1:29 pm

Good deal, Doug. Might I suggest to make it easier on your users to make all your SSID's the same, such as, "StakeCenter". This way they only need to save one configuration and can roam throughout the building.

If your router doesn't have an IP address label on it and it only has 4 LAN ports, then you must have one of the older Cisco PIX routers. In this case, I don't know which (if any) of the IP addresses it skips over for fixed IP devices. (Oops, I see that in your very first post it only has 4 ports.)

BTW, you can easily find the IP address of your router by opening up a command prompt window (run: CMD) on a connected PC and entering IPCONFIG. The IP address showing for Default Gateway will be that of the router.

RussellHltn wrote:One issue I haven't seen come up is how many IPs are allowed to reach the Internet. The older PIX units suppled to FHC were only licensed for 10 users (it could be increased with a phone call). Use of the router in the WAP could extend that number.

That's a valid concern. If this becomes an issue, then I would recommend putting a router between the Cisco box and the FHC, putting the FHC on a different subnet.
So we can better help you, please edit your Profile to include your general location.

russellhltn
Community Administrator
Posts: 20758
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Mon Feb 09, 2009 1:48 pm

Mikerowaved wrote:Might I suggest to make it easier on your users to make all your SSID's the same, such as, "StakeCenter". This way they only need to save one configuration and can roam throughout the building.


While I agree with using a common SSID, write-ups I usually see suggest having a name that isn't an obvious connection to the location. Fewer cues for the hacker. Still, I'd pick something with a church theme so authorized users know it's the right one.


Mikerowaved wrote:That's a valid concern. If this becomes an issue, then I would recommend putting a router between the Cisco box and the FHC, putting the FHC on a different subnet.


That might create a problem for some of the tools used to support the FHC. I'd suggest using the router built into the WAP since that's where the variable PC load is. Not to mention cheaper to use what you already have.
Have you searched the Wiki?

Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.


Return to “Meetinghouse Internet”

Who is online

Users browsing this forum: No registered users and 1 guest