Author Topic: 2 Routers - 2 Networks - 1 ISP connection  (Read 1779 times)

0 Members and 1 Guest are viewing this topic.

Offline TB-AV

  • Honorable Ex-Mod
  • All Time Legend
  • *****
  • Posts: 14966
  • Good Vibes 329
2 Routers - 2 Networks - 1 ISP connection
« on: October 19, 2016, 03:24:15 pm »
I want to create a 2nd Network for some automated lighting to get it off my main network.

I did a quick search just to be sure I'm not overlooking anything and ran into to0 one question.


Let's say my ISP is 1.2.3.4

MAIN ROUTER WAN = 1.2.3.4
-- Router ADDRESS 192.168.1.1  //  255.255.255.0
--DHCP 192.168.1.2-50
--DNS - x.x.x.x - configured


AUX Router for Lighting Automation
-- WAN = 192.168.1.51
-- Router ADDRESS 192.168.2.1  // 255.255.255.0
-- DHCP 192.168.2.2-50
-- DNS - should I also enter DNS servers on this router???

Also the first article I saw said to disable UPnP ( Universal Plug n Play ) on the AUX router, but does not say why.

My main question is why? and if I turn it off the concern is the lighting will not be recognized. This lighting is basically setup as follows..

Plug bulb in.
Locate it as a network in your wireless settings. ( It shows up automatically --- UPnP??? )
Connect to it. It then asks you which network you want it to participate on. You select that SSID and type in the pass code. At that point it's done, you just do whatever automation you want. Some it totally local, and some is cloud based, thus it's need for access to the Primary router for the ISP.

So does anyone know the deal with the UPnP on the AUX Router? Or see any other issues?

The final thing is.... My phone will be connected to MAIN ROUTER. For some reason I feel like controlling the lights on AUX Router is going to get confused. Will my phone app, that configured the lights from MAIN  192.168.1.20... be able to talk to 192.168.2.X to control the lights?

Something tells me I'm thinking this is too easy.


Gone

Offline Majik

  • Stadium Superstar
  • ******
  • Posts: 2057
  • Good Vibes 124
Re: 2 Routers - 2 Networks - 1 ISP connection
« Reply #1 on: October 19, 2016, 04:47:41 pm »
-- DNS - should I also enter DNS servers on this router???

Yes, and point them at the IP of your main router (192.168.1.1).

Quote
Also the first article I saw said to disable UPnP ( Universal Plug n Play ) on the AUX router, but does not say why.

I'm not entirely sure why either. UPnP (specifically "UPnP-IGD") works by asking the upstream router to allow "pin holes" through the router from outside selectively bypassing the normal firewall rules which would usually block that traffic. If you disable these, then the UPnP requests have nowhere to go to (I'm pretty certain the Aux router will not forward them on to the upstream one).

Note that in the context of the Aux router, everything which isn't on it's LAN interfaces is "outside", including other stuff on your normal network. If you cannot turn off the firewalling on the Aux router then you won't be able to directly control the lights from anything on the main network.

Quote
My main question is why? and if I turn it off the concern is the lighting will not be recognized. This lighting is basically setup as follows..

Plug bulb in.
Locate it as a network in your wireless settings. ( It shows up automatically --- UPnP??? )

Connect to it. It then asks you which network you want it to participate on. You select that SSID and type in the pass code. At that point it's done, you just do whatever automation you want. Some it totally local, and some is cloud based, thus it's need for access to the Primary router for the ISP.

This doesn't sound anything like UPnP Discovery to me (which, by the way, is normally nothing to do with the "UPnP" setting on most routers).

It sounds to me like the bulb is broadcasting it's own Wifi hotspot. You discover and attach to this hotspot in the same way as you would connect to any other wifi network, but it is a closed network which only gives you access to the device settings. This, incidentally, is similar to how Chromecast's are set up.

The chances are, this device doesn't use UPnP at all, so it may not be affected either way by the UPnP settings on the router, although some routers do some dumb #$&! when UPnP is enabled, which may be the reason for the advice.

Quote
The final thing is.... My phone will be connected to MAIN ROUTER. For some reason I feel like controlling the lights on AUX Router is going to get confused. Will my phone app, that configured the lights from MAIN  192.168.1.20... be able to talk to 192.168.2.X to control the lights?

Not directly. Your main network has no knowledge of the subnet sitting behind the Aux router and it will send any traffic addressed to this IP addresses to the main router which also doesn't know about it.

However, this *may* not matter. A lot of "IoT" devices are designed to work even if you aren't directly connected to the same network. They do this by always communicating via a central server so, as long as you have an Internet connection for both the bulb and the controller app, such devices will work.

There's a lot of "ifs and buts" in this setup (such as which vendors equipment is involved) which means that a definitive answer is impossible. In general I would suggest experimentation.

Cheers,

Keith
Guitars: PRS Singlecut S2, Fender Tele Lite Ash, G&L Legacy Tribute, Freshman Apollo 2 OCBX, Gibson SG Special P90
Amps: Bugera G5 Head, Boss Katana 100
All sorts of other stuff.

Offline TB-AV

  • Honorable Ex-Mod
  • All Time Legend
  • *****
  • Posts: 14966
  • Good Vibes 329
Re: 2 Routers - 2 Networks - 1 ISP connection
« Reply #2 on: October 19, 2016, 05:20:33 pm »
The MAIN router is DD-WRT and I hope this old router I have can be DD-WRT as well.

The other AUX router is an old Netgear WNR2000v3 N 300.

Isn't there some way to set up "routes" within the routers so they know to talk to each other?


the lights are LIFX and yes they each are basically their own AP built in... No hub for them. Each bulb is a stand alone network ID.

I don't want to create a constant 192.168.1.x to ISP back to 192.168.2.x setup.

I want 192.168.1.x to talk directly to 192.168.2.x   Is that not possible by any means? 

I don't have a lot of potential control hardware. So maybe MAC addresses could be allowed to communicate from x.x.1.x  to x.x.2.x ??

That's the part I'm not clear on ... can 2 different networks communicate directly by some easy means to share. ETA.. typo fixed... "I'm -not- clear on"
« Last Edit: October 19, 2016, 05:54:06 pm by TB-AV »
Gone

Offline Majik

  • Stadium Superstar
  • ******
  • Posts: 2057
  • Good Vibes 124
Re: 2 Routers - 2 Networks - 1 ISP connection
« Reply #3 on: October 19, 2016, 05:56:55 pm »
Isn't there some way to set up "routes" within the routers so they know to talk to each other?

The Aux router doesn't need it, because everything is upstream of it, so the default route is the correct route. You do need to configure the route in the main router though, else there's no way back.

If you can put this route into the main router pointing back at 192.168.2.x/24 with the WAN address of the Aux router (192.168.1.51) as the next-hop then it may work as long as you aren't using NAT on the Aux router and have no firewall blocking anything.

Ping is your friend for testing this.

Quote
the lights are LIFX and yes they each are basically their own AP built in... No hub for them. Each bulb is a stand alone network ID.

I don't want to create a constant 192.168.1.x to ISP back to 192.168.2.x setup.

I want 192.168.1.x to talk directly to 192.168.2.x   Is that not possible by any means?

That largely depends on the software on the devices and the control apps.

Traditionally networked Home Automation systems have used direct connections between controllers and controlled devices, but this either requires manual registration/configuration of devices so they know how to talk to each other, or some sort of network discovery capability. UPnP is one such mechanism, but UPnP has limitations (it does cross routers, requires multicast which many consumer routers do badly, etc.).

The new "Internet of Things" (IoT) way of doing things is for each device and each controller to "phone home" to a central server which registered everything and handles the control. As each device calls out, firewalls and NAT are not an issue. And they also work if the controller is on a different network to the device (which UPnP does not support).

Some IoT systems may be clever enough to work out that controllers and devices can talk to each other directly, and allow them to do that. But that's something the vendor has to have put in as a capability. You can't force it.

Also, some IoT vendors may have a direct API you can use to control each device. Normally you will need to assign fixed IP addresses for this, and your control system will need to know that "kitchen bulb" is 192.1682.15, etc.

You will also have to program your own controller to use these. The normal purpose of such APIs is to support direct integration with third-party systems. For instance, my home security system can control my lights.

I would set up the local route on your main router and get it working with pings. Then if it can be used by the LIFX system then it will at least be available.

Cheers,

Keith
« Last Edit: October 20, 2016, 04:17:34 pm by Majik »
Guitars: PRS Singlecut S2, Fender Tele Lite Ash, G&L Legacy Tribute, Freshman Apollo 2 OCBX, Gibson SG Special P90
Amps: Bugera G5 Head, Boss Katana 100
All sorts of other stuff.

Offline Majik

  • Stadium Superstar
  • ******
  • Posts: 2057
  • Good Vibes 124
Re: 2 Routers - 2 Networks - 1 ISP connection
« Reply #4 on: October 19, 2016, 06:00:56 pm »
FOOTNOTE:
There are many dangers of IoT systems.
One is that many of them rely on the vendor's central server to function. If the vendor goes out of business, or abandons the product then all your devices become expensive door-stops.

The other is security. Security is a huge topic with many angles but it boils down to "How secure is the ecosystem?". Some issues are:

Privacy
if someone can access or monitor the system either by monitoring the protocol stream or by breaking into the vendor's servers, they may be able to discover things about your habits they can use against you. For instance, it may be able to determine when you aren't at home.

Control
Do you really want random hackers controlling your systems? With all of the "smart" devices out these days, a hacker could turn on/off your lights, mess with your thermostat settings, access your CCTV to snoop on you, or disable your alarm system.  There was even a recent case where Siri was used to gain access to someone's home simply by shouting "Siri, unlock the front door" which was picked up by the tablet inside the house.

Botnets
There is a massive global problem with botnets, and poorly-secured, Internet-connected consumer equipment is one of the biggest enablers of Internet hacks these days. Only a week or so ago there was a well-publicised attack where a widespread vulnerability in many consumer CCTV systems allowed a botnet to create directed, sustained attacks of multi-gigabits per second data rates. This is enough to take out large chunks of Internet infrastructure. If you have a poorly secured device on your network, then there's a good chance it's being used to conduct cyber-terrorism.

The following articles are worth reading:
I have seen the future of the Internet: Millions of rogue fridges will render it unusable
The Internet of Ransomware Things

Cheers,

Keith

« Last Edit: October 20, 2016, 07:07:00 pm by Majik »
Guitars: PRS Singlecut S2, Fender Tele Lite Ash, G&L Legacy Tribute, Freshman Apollo 2 OCBX, Gibson SG Special P90
Amps: Bugera G5 Head, Boss Katana 100
All sorts of other stuff.

Offline marcusmarkmus

  • Stadium Superstar
  • ******
  • Posts: 1919
  • Good Vibes 68
  • \,,/ SandmarX \,,/
    • my guitar playing videos! =) check them out!
Re: 2 Routers - 2 Networks - 1 ISP connection
« Reply #5 on: October 20, 2016, 06:11:04 pm »
Can I ask why you want it off your main lan?
Just curious.
My band on Facebook: Sandmarx
on youtube: SandmarxTube

Offline TB-AV

  • Honorable Ex-Mod
  • All Time Legend
  • *****
  • Posts: 14966
  • Good Vibes 329
Re: 2 Routers - 2 Networks - 1 ISP connection
« Reply #6 on: October 20, 2016, 07:46:33 pm »
Just to cut down on traffic. It may not be causing any issues but I figured since they are constantly doing something, like changing colors, turning on off, dimming, whatever.... why not just give them their own private network... then on the occasion they need internet access, they have it via the main net.

... and I've acquired quite a few, so I just figured I would give it a try.

Gone

Offline Majik

  • Stadium Superstar
  • ******
  • Posts: 2057
  • Good Vibes 124
Re: 2 Routers - 2 Networks - 1 ISP connection
« Reply #7 on: October 20, 2016, 11:08:40 pm »
That would only work if they had significant traffic between themselves. Any traffic to the Internet won't be impacted by this specifically.

In most cases, internal traffic isn't an issue. Modern routers can easily cope with multi-megabit and even Gigabit speeds. Your Internet pipe is likely to be less than 100 Mbit/s.

On the other hand, putting this stuff behind a separate router does partly hide your main network from your devices. This means, for instance, that it is more difficult for a device to discover other stuff on your home network.

As an example, LG televisions have, in the past, been found to scan local networks and to report back to LG servers on what other devices and fileshares were on the local network, and what files were stored in those fileshares. In most home networks there's nothing stopping any smart TV, lightbulb, thermostat or camera from doing the same thing. Especially if they are hacked by a third party.

Given access to your local network, a device can do all sorts of nasty things, including spoofing websites, bypassing https encryption, and stealing passwords and bank account details.

Having such things on a separate local network makes a lot of sense to me from a security point of view, especially if some care is taken to adjust firewall rules to limit what access they have to the main network.

Cheers,

Keith
Guitars: PRS Singlecut S2, Fender Tele Lite Ash, G&L Legacy Tribute, Freshman Apollo 2 OCBX, Gibson SG Special P90
Amps: Bugera G5 Head, Boss Katana 100
All sorts of other stuff.

Offline TB-AV

  • Honorable Ex-Mod
  • All Time Legend
  • *****
  • Posts: 14966
  • Good Vibes 329
Re: 2 Routers - 2 Networks - 1 ISP connection
« Reply #8 on: October 20, 2016, 11:45:24 pm »
That was sort of in the back of my head too.  If it's all on one network and something does go wrong, I can basically have one gate to close and not be looking for several.

I mean I think I paid $4 for this extra router at the thrift shop. IF... I can get it all on that router, I think it will be easier to keep track of.

Even if the traffic is a non-issue, it still seems like a nice contained environment.

I'll probable go down that rabbit hole this weekend to see if I can do it.
Gone

Offline Majik

  • Stadium Superstar
  • ******
  • Posts: 2057
  • Good Vibes 124
Re: 2 Routers - 2 Networks - 1 ISP connection
« Reply #9 on: October 22, 2016, 10:54:05 am »
Guitars: PRS Singlecut S2, Fender Tele Lite Ash, G&L Legacy Tribute, Freshman Apollo 2 OCBX, Gibson SG Special P90
Amps: Bugera G5 Head, Boss Katana 100
All sorts of other stuff.

 

Get The Forum As A Mobile App