1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help me understand IP visibility

Discussion in 'Networking' started by bill222, Feb 16, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. bill222

    bill222 Thread Starter

    Joined:
    Feb 16, 2013
    Messages:
    24
    I have a westell DSL modem/router supplied by Frontier. It connects only to the telephone line and via cat5 to my main router, a cisco EA6500. Everything seems to be working fine, I just would like to understand a few things.

    I disabled wireless radio on the westell, enabled it on the cisco, so I have just one WIFI network active.

    I know I am not supposed to have two DHCP servers active, but I did not know how else to be sure the CISCO would get a good address, so I left DHCP active on the WESTELL, and also enabled it on the CISCO to provide service for the rest of the net.

    The WESTELL admin interface is at 192.168.1.1, and assigns addresses in this range.
    According to the WESTELL, the CISCO is at 192.168.1.27, which I assume was assigned by DHCP.
    The CISCO has an admin interface at 10.144.224.224, and assigns addresses in this range to all the other devices on my net.

    As I say, everything works. I can access both router admin pages with a browser on my main 10.144.224 network, and can ping both.

    But I don't understand why it works. What rules allow me to talk to the WESTELL admin page from the CISCO private network, but do NOT propagate the DHCP access which is at the exact same IP address.

    It is great that it works. But should I really have disabled DHCP on the WESTELL and assigned a static address to the CISCO? Or is this situation actually provided for in the rules, not just a lucky accident that it works?

    Why does the scanner say that the CISCO DHCP is "Unknown" rather than Authorized or Unauthorized? Is there something I can or should do to get it to be "Authorized"?

    And why: I can ping 192.168.1.1, but not the 192.168.1.27 (times out), and yet when I ping a non-existent 192.169.1.3 I get "Reply from 192.168.1.27: Destination host unreachable".

    Probably all silly questions, but could someone educate me a little?

    Bill
     
  2. kanaitpro

    kanaitpro Account Closed

    Joined:
    Feb 13, 2013
    Messages:
    493
    when you ping the 192.168.1.27 and it times out, where are you pinging from? what should happen in your setup is the signal comes into the westell and the outside sees an ip assigned by your isp. the 192.x.x.x signifies a private ip range, they cannot be used on the internet. the other range is also private, 10.x.x.x. if you type my ip into your browser, it will tell you your outside ip address. 192.168.1.1 or .0.1 are very common default gateway ip addresses, they are what the router uses by default internally, hence the term gateway.
    generally, the router is configured to hand out a certain number of ip's in the same range as determined by the subnet mask. if you open a command prompt and type ipconfig/all you can see this info. the most common subnet on a home network is 255.255.255.0. the 255 means that all the bits in that octect must match for computers to be on the same subnet.
    for example, with a 192.168.1.1/24 (different way to write 192.168.1.1 and 255.255.255.0), then everything from 192.168.1.2 through 192.168.1.254 are on the same subnet. this would mean that your westall and your cisco router should be able to ping each other.
    the cisco router is handing out ip addresses to the network in the 10.x.x.x range, so you should not be able to ping the westall router from a computer unless it was hooked to the westell by ethernet, as the wireless is disabled. the only reason i think you can access the westell is because this is the source of the signal, and it makes sense that the 10.x.x.x cannot ping the 192.168.1.27, they're on different networks.
    it is kind of hard to provide a concise explanation of routing, this is just a very basic example and leaves a bunch of stuff out. i learned this and a lot more during my pursuit of an associates degree in computer networking. i'm trying to think of where to point you on the net for more reference, but not sure where to start. maybe you can start searching for routing fundamentals? i had two cisco courses and four other networking courses over two years and it got in depth, but that makes it hard to give you a basic explanation, too much information.
     
  3. bill222

    bill222 Thread Starter

    Joined:
    Feb 16, 2013
    Messages:
    24
    Thank you for trying to help, Kanaitpro. But I guess I did not state my questions clearly enough.

    I understand that the private IP ranges are not usable on the internet. The computer I am talking about for both the ping tests and accessing both router admin pages is on my LAN, and thus has a 10.144.224.x address allocated by DHCP on the Cisco.

    I expected that I would not be able to access any of the 192.168.1.x addresses from the 10.144.224.x computer, so I was pleasantly surprised that I can in fact log into the router admin pages at 192.168.1.1. But since this DOES work, then that makes me wonder why the DHCP function at that same address is not visible to the 10.x.x.x network. Again it is good that it is not, that's the way we want it to be so that it does not generate any conflicting assignments, but I would like to know what rule causes the Cisco to pass through the HTTP traffic to 192.168.1.1 but not the queries for DHCP services. And similarly, since I can ping 192.168.1.1 from a 10.x.x.x device, why can't I ping the 192.168.1.27 that is on the same network as 191.168.1.1.

    I think I have a fair idea of how routing works in general, but the specific rules about what gets passed through the Cisco NAT boundary to the next network are confusing me.
     
  4. TerryNet

    TerryNet Moderator

    Joined:
    Mar 23, 2005
    Messages:
    77,937
    First Name:
    Terry
    a. The Cisco LAN doesn't know what to do with 192.168.1.1 so it throws it over the wall to the WAN side. The WAN side knows that addr. is part of its network so it forwards it.

    b. Some routers will do "loopback," meaning that trying to access their WAN (192.168.1.27 for you) works, and some do not. Apparently your Cisco router does not.

    c. 192.168.1.3 is like (a), but it turns out that no device with that address exists so the Cisco WAN reports the failure. I assumed that you did not really mean 192.169.1.3, as that should have led to a simple "Timed out" unless some device on the web replied.
     
  5. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    6,069
    Let's have a quick discussion about DHCP. As everyone knows, DHCP is a protocol to hand out IP addresses (among other network parameters) to client devices requested this information. DHCP is a layer 2 protocol in the OSI model. Because of this, it is bad to have two DHCP servers on the same layer 2 network due to how DHCP functions (a whole other long discussion). Because routers operate at layer 3, any DHCP generated traffic is stopped at the router. Hence why if you switches to a network, the DHCP traffic still propagates through the switches because switches are layer 2 devices.

    In your setup, the DHCP boundaries are at the Westell modem and at the Cisco router. The WAN interfaces are router interfaces and therefore layer 3 interfaces. This is why the DHCP server on the Westell modem/router does not interfere with the Cisco one. It would be different if you plugged the Westell modem router's LAN port into one of the LAN ports on your Cisco switch. Now you have two layer 2 devices plugged together both doing DHCP which is a no no.
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1089817

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice