1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Sharing WEP and WPA2 network with 2 routers?

Discussion in 'Networking' started by ehymel, Aug 12, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. ehymel

    ehymel Thread Starter

    Joined:
    Aug 12, 2007
    Messages:
    696
    Hi all,

    I have seen the post here: http://forums.techguy.org/networking/568284-solved-mixing-wireless-wep-wpa.html, however this does not seem to work for me.

    My details -
    1. D-Link DIR655 ("new") router running WPA2 for most wireless and some wired connections, configured to IP 192.168.0.1 internally and externally to my static IP address from my ISP. This is connected to my cable modem and is working beautifully.
    2. Linksys WRT54GS ("old") router running WEP encrytion that hooks up to wireless cameras that are not WPA capable.

    Question: how to hook these 2 routers up so that they both connect to the internet? I have connected the "old" router's WAN connection to a port on the "new" router. I'm now unsure how to configure the 2 routers to make this work. I have tried setting the IP address of the old router to a static address 192.168.0.51 and then putting that IP address in the DMZ on my new router. SSID's of the 2 routers are different. I can individually connect to either router either wired or wirelessly. From the new router I can see the internet and other devices connected to that router. Connecting to the old router lets me see devices connected to it but not to the internet. It's like the two are on separate networks and not talking to each other.

    Does anyone have any ideas? I feel like it's probably something simple that I'm missing.

    Thanks in advance.
     
  2. TerryNet

    TerryNet Moderator

    Joined:
    Mar 23, 2005
    Messages:
    76,670
    First Name:
    Terry
    "It's like the two are on separate networks and not talking to each other."

    The LANs ARE separate networks. But since the WAN of the old router is also on the LAN of the new router, the two routers have to be using different LAN subnets. If the old router is using 192.168.0.x, change it (e.g., to 192.168.1.x). (Or, if more convenient, change the LAN of the new router.)

    But if you really want all devices to be on the same network, capable of communicating with each other, I'll suggest a different configuration of routers.
     
  3. ehymel

    ehymel Thread Starter

    Joined:
    Aug 12, 2007
    Messages:
    696
    Thanks, TerryNet.

    It's the alternate configuration of routers that you suggested that I'm interested in. I'm all ears for your assistance, or alternatively I would appreciate a link to some other instructions.

    E.
     
  4. TerryNet

    TerryNet Moderator

    Joined:
    Mar 23, 2005
    Messages:
    76,670
    First Name:
    Terry
    JohnWill's procedure for configuring a secondary router as a switch and, optionally, wireless access point follows.

    Connecting two SOHO broadband routers together.

    Configure the IP address of the secondary router to be in the same subnet as the primary router, but out of the range of the DHCP server in the primary router. For instance DHCP server addresses 192.168.0.2 through 192.168.0.100, I'd assign the secondary router 192.168.0.254 as it's IP address.

    Disable the DHCP server in the secondary router.

    Setup the wireless section just the way you would if it was the primary router.

    Connect from the primary router's LAN port to one of the LAN ports on the secondary router. If there is no uplink port and neither of the routers have auto-sensing ports, use a cross-over cable. Leave the WAN port unconnected!
     
  5. ehymel

    ehymel Thread Starter

    Joined:
    Aug 12, 2007
    Messages:
    696
    Works beautifully. Thanks very much.
     
  6. TerryNet

    TerryNet Moderator

    Joined:
    Mar 23, 2005
    Messages:
    76,670
    First Name:
    Terry
    You are welcome. Please mark this 'solved' using the Thread Tools at the upper right.
     
  7. cwwozniak

    cwwozniak Trusted Advisor Spam Fighter

    Joined:
    Nov 28, 2005
    Messages:
    59,670
    First Name:
    Chuck
    Hi,The method described by TerryNet will work but has one very big difference from the method that I used (I was the OP of the linked thread in your first post.) Anybody connecting wirelessly to the WEP protected router will have some amount of access to any computers and servers connected wired or wirelessly to the WPA protected router. This, in effect eliminates any higher level of protection provide by WPA in the second router. It is my understanding that WEP can now be cracked in matter of minutes.

    The set-up we use has our cable modem configured as a gateway that passes our static public IP address to its LAN port. The WAN port of the WEP router connects to the LAN port on the modem. The LAN side of the WEP router has an IP address of 192.168.0.1 with a subnet mask of 255.255.255.0 Our cameras have wired and wireless connections to the WEP router using static IP address. DHCP is enabled on the router with a small number of IP addresses above the static IPs. This allows visitors to the office that bring their own laptops and need an internet connection.

    Our new WPA enabled router has its WAN IP Address set to 192.168.0.2. The WAN side of this router plugs into a LAN port on the WEP router. The WEP router has port 192.168.0.2 set as a DMZ.

    The LAN side of the WPA router has an IP address of 192.168.1.1 with a subnet mask of 255.255.255.0. A 24 port switch expands the number of LAN port on the WPA router. All the computers in the office and two servers connect to the 24 port switch. Our sales people in the office that have laptops use a wireless connection to the WPA router. This gives them access to the servers and printers.
     
  8. ehymel

    ehymel Thread Starter

    Joined:
    Aug 12, 2007
    Messages:
    696
    Thanks, Chuck. Excellent point and quite true. I additionally noted with the setup described by TerryNet, even with DHCP disabled on the WEP router that clients connecting through the WEP router were assigned an IP address by the WPA router. Interesting, but of course it makes sense.

    I already have a server connected (by wire) to my WPA router in my DMZ, so I was looking for another solution.

    What I did was to enable the wireless MAC filter to permit only those MAC addresses corresponding to my legacy (WEP-only) cameras to connect through the router wirelessly. If anyone knows how secure this is I'd appreciate the feedback. Of course SSID broadcasting is also disabled, though I'm not sure how reliable this is.

    E.
     
  9. cwwozniak

    cwwozniak Trusted Advisor Spam Fighter

    Joined:
    Nov 28, 2005
    Messages:
    59,670
    First Name:
    Chuck
    Are you talking about a web server that needs to be accessed from the Internet or a server that is strictly for internal use? In our case, both servers are for internal use only and needed to be isolated from being accessed from the Internet and from a WEP wireless connection as much as possible.

    Do the cameras need to be accessible locally and/or from the Internet.
     
  10. ehymel

    ehymel Thread Starter

    Joined:
    Aug 12, 2007
    Messages:
    696
    The server in my DMZ is web, email, and various other uses, so yes it does need to be open to the internet. I used to forward specific ports to the server from my router firewall, but I ran out of ports in the configuration screen for my Linksys WRT54G router with stock firmware. I may switch to this method again with my new router and drop the DMZ. My Linux box firewall is pretty strict, but it never hurts to be too careful.

    The cameras do not necessarily need to be accessible from the internet, at least for now. Is there a way to isolate them to my intranet using my current hardware setup?
     
  11. TerryNet

    TerryNet Moderator

    Joined:
    Mar 23, 2005
    Messages:
    76,670
    First Name:
    Terry
    Anybody who can break WEP, whether in 3 minutes or an hour, can break MAC address filtering and SSID broadcast disabling in less than a minute. They make your network harder to use and are useless as security precautions unless you have a situation where you cannot even use WEP; then they'll keep most people out.

    But, again, if you are using encryption with a non-guessable key/passphrase then don't bother with the other so-called security measures.
     
  12. ehymel

    ehymel Thread Starter

    Joined:
    Aug 12, 2007
    Messages:
    696
    My key is a non-sense string of numbers representing the hex codes for a meaningless string of characters spit out by a password generator. No way it could ever be guessed.

    But then, I've never assumed that a strong password (key) mattered for WEP cracking. My understanding is that the encryption key is extracted by reverse encoding of the wireless packets. Given enough packets of information encoded by the same key, any key can be reconstructed. The strength of the key/passphrase is irrelevant in this circumstance.
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Solved Sharing WPA2
  1. Jensa86
    Replies:
    1
    Views:
    194
  2. swepres
    Replies:
    7
    Views:
    396
  3. Ahmed140
    Replies:
    1
    Views:
    195
  4. Ahmed140
    Replies:
    0
    Views:
    170
  5. abby_again
    Replies:
    2
    Views:
    234
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/608583

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice