Configuring a separate second home network

3

1

I'm setting up a second network in my office at home:

I've checked some other related questions, however I think my setup is a little different - clients connecting to two completely separate networks with different routers using different NICs.

To explain:

I've a pre-existing home network that runs fine, all over wireless, with a Linksys WAG320N as the router.

I've a second router - a BT Home Hub (yes - the one I replaced with the linksys) that I want to use to establish a second LAN based network within my office room.

This second network is to have no outside access in or out - the client machines should use the primary network for this.

All machines to be used have both wireless and wired NICs.

So far I've got the following configs:

First network

  • Router is on 192.168.1.1
  • Clients have static IPs, eg 192.168.1.20
  • SubnetMask is set to 255.255.255.0
  • Default Gateway is 192.168.1.1
  • DNS servers are configured as for my ISP

Second network

  • Router is on 192.168.2.1
  • Clients have static IPs, eg 192.168.2.10
  • I've used a different subnet to my first: 255.255.255.0
  • The default gateway is empty. This stops windows using this network for internet traffic.
  • The first DNS host is configured for my router (ie 192.168.2.1), wiht the second left blank.

On the config screens for the second router I can see the clients connecting ok, with their assigned IP showing in the network map.

The problem is that the clients on the second net cannot see each other, either via ping or other connections (eg IP in windows explorer etc, SQL etc etc). All clients can ping the router.

All client machines involved are running Windows 7 (either HP or Pro)

Does anyone have any pointers to anything I need to change?

Updated: Following advice I've switched my subnets to all be the same (255.255.255.0)

Updated: As requested a couple IPConfig dumps from client machines:

Updated: Also posted route print from one of the clients:

First Client

Windows IP Configuration

   Host Name . . . . . . . . . . . . : DEVLAPTOP    
Primary Dns Suffix . . . . . . . :    
Node Type . . . . . . . . . . . . : Hybrid    
IP Routing Enabled. . . . . . . . : No    
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :    
Description . . . . . . . . . . . : Intel(R) WiFi Link 5100 AGN    
Physical Address. . . . . . . . . : 00-21-6B-10-D9-34    
DHCP Enabled. . . . . . . . . . . : No    
Autoconfiguration Enabled . . . . : Yes    
Link-local IPv6 Address . . . . . : fe80::c875:d5ee:4e79:e4a7%12(Preferred)    
IPv4 Address. . . . . . . . . . . : 192.168.1.20(Preferred)    
Subnet Mask . . . . . . . . . . . : 255.255.255.0    
Default Gateway . . . . . . . . . : 192.168.1.1    
DHCPv6 IAID . . . . . . . . . . . : 218112363    
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-D1-CA-FE-00-14-0B-61-8F-DD
DNS Servers . . . . . . . . . . . : 194.74.65.68
                                       194.72.9.34    
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :    
Description . . . . . . . . . . . : Intel(R) 82567LF Gigabit Network Connection    
Physical Address. . . . . . . . . : 00-14-0B-61-8F-DD    
DHCP Enabled. . . . . . . . . . . : No    
Autoconfiguration Enabled . . . . : Yes    
Link-local IPv6 Address . . . . . : fe80::99ee:81fa:bf15:70bc%11(Preferred)    
IPv4 Address. . . . . . . . . . . : 192.168.2.10(Preferred)    
Subnet Mask . . . . . . . . . . . : 255.255.255.0   
Default Gateway . . . . . . . . . :    
DHCPv6 IAID . . . . . . . . . . . : 234886155    
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-D1-CA-FE-00-14-0B-61-8F-DD
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1   
NetBIOS over Tcpip. . . . . . . . : Enabled

Second Client

    Windows IP Configuration

Host Name . . . . . . . . . . . . : LAPTOP    
Primary Dns Suffix  . . . . . . . :    
Node Type . . . . . . . . . . . . : Hybrid    
IP Routing Enabled. . . . . . . . : No   
WINS Proxy Enabled. . . . . . . . : No

    Ethernet adapter Local Area Connection:

       Connection-specific DNS Suffix  . :    
Description . . . . . . . . . . . : Marvell Yukon 88E8055 PCI-E Gigabit Ether net Controller    Physical Address. . . . . . . . . : 00-16-D3-63-58-DF    
DHCP Enabled. . . . . . . . . . . : No    
Autoconfiguration Enabled . . . . : Yes    
Link-local IPv6 Address . . . . . : fe80::a912:2155:a57:9a93%11(Preferred)    
IPv4 Address. . . . . . . . . . . : 192.168.2.20(Preferred)    
Subnet Mask . . . . . . . . . . . : 255.255.255.0    
Default Gateway . . . . . . . . . :    
DHCPv6 IAID . . . . . . . . . . . : 268441299    
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-BF-14-3C-00-16-D3-63-58-DF
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                    fec0:0:0:ffff::2%1
                                    fec0:0:0:ffff::3%1    
NetBIOS over Tcpip. . . . . . . . : Enabled

    Wireless LAN adapter Wireless Network Connection:

       Connection-specific DNS Suffix  . :    
Description . . . . . . . . . . . : Intel(R) PRO/Wireless 3945ABG Network Connection    Physical Address. . . . . . . . . : 00-19-D2-8E-77-23    
DHCP Enabled. . . . . . . . . . . : No    
Autoconfiguration Enabled . . . . : Yes    
Link-local IPv6 Address . . . . . : fe80::2d5e:5d70:df59:312d%10(Preferred)    
IPv4 Address. . . . . . . . . . . : 192.168.1.30(Preferred)    
Subnet Mask . . . . . . . . . . . : 255.255.255.0    
Default Gateway . . . . . . . . . : 192.168.1.1    
DHCPv6 IAID . . . . . . . . . . . : 184555986    
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-BF-14-3C-00-16-D3-63-58-DF
DNS Servers . . . . . . . . . . . : 194.74.65.68
                                    194.72.9.34    
NetBIOS over Tcpip. . . . . . . . : Enabled

Route Print:

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.20    281
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.20    281
     192.168.1.20  255.255.255.255         On-link      192.168.1.20    281
    192.168.1.255  255.255.255.255         On-link      192.168.1.20    281
      192.168.2.0    255.255.255.0         On-link      192.168.2.10    276
     192.168.2.10  255.255.255.255         On-link      192.168.2.10    276
    192.168.2.255  255.255.255.255         On-link      192.168.2.10    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.2.10    276
        224.0.0.0        240.0.0.0         On-link      192.168.1.20    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.2.10    276
  255.255.255.255  255.255.255.255         On-link      192.168.1.20    281
===========================================================================

Jon Egerton

Posted 2011-10-28T13:56:32.003

Reputation: 399

Do you have clients connected to both networks? Is that a typo on the subnet mask - it should read 255.255.255.0 if you are connecting clients to both networks simultaneously. If they can ping the router but not each other, then I would suspect a mask issue - check that the subnet mask is consistant, given that you are using static addresses (it is still best to use DHCP and issue static addresses from the router, rather than hard coding). What are you using DNS to do on the second network - what would it resolve? – Paul – 2011-10-28T14:07:43.840

I put the mask different as the networks are different - thought this may help the problem as I had the issue with the masks being the same too. The static IPs are because its more reliable address between then machines than using names and DHCP. Good point about the DNS - have removed that from the second net clients completely. – Jon Egerton – 2011-10-28T14:14:33.587

2The networks are different - the mask is what defines the network portion of the address. So 255.255.255.0 means the first three octets are the network address - 192.168.1 or 192.168.2 and the last octet is the machine address. If you said 255.255.0.0 then you are saying 192.168 is the network address, which means that anything in 192.168.0.0 - 192.168.255.255 are in the same network. – Paul – 2011-10-28T14:29:14.983

1My DHCP comment was to use static addresses issued by DHCP - so the addresses are always the same. Pretty much all routers can do this. It has nothing to do with your problem, though it might be hiding a subnet issue. – Paul – 2011-10-28T14:30:12.580

Can you post an ipconfig from two machines that can't see each other? – Paul – 2011-10-28T14:30:58.460

@Paul- re subnets. I get you - I read some of the subnetting stuff but it was a bit messy for a noob (I'm a software guy rather than hardware) – Jon Egerton – 2011-10-28T14:58:26.287

Could this be related to the old chestnut about windows 7 forcing networks to be treated as public if there's no default gateway configured on them? - would this restrict my traffic? – Jon Egerton – 2011-10-28T15:03:01.477

Answers

2

The network mask tells the routing scheme what part of the address belongs to identifying the network (specifying a sub-net) and what part belongs to identifying individuals on that network. The reason you want to make both masks the same is to isolate the networks from each other while using the same infrastructure. This works by using the first 24 bits of the address (i.e. the first 3 segments of the IP address) to specifying the "sub-net" they should talk on, leaving the last 8 bits (the last segment of the address) to identify the machines on each disparate "sub-net".

That being said, it sounds like you want to have all your clients on the same sub-net so they can talk to each other but prevent some of them from accessing the internet. Since you're hard coding all the IPs and Gateways for all your clients you don't have to worry about them being on the same sub-net since internet access is defined by the Gateway setting.

How are your routers connected to each other?

Jack

Posted 2011-10-28T13:56:32.003

Reputation: 21

The routers are not connected. The second network is intended to be internal only with no access in or out. – Jon Egerton – 2011-10-28T14:57:10.063

Meant that to be a comment and not an answer, sorry. – Jack – 2011-10-28T15:00:14.507

I see. Do a "route print" on a command prompt for one of your machines while it is connected to both networks and post it on here. The results of an "ipconfig" like Paul suggested earlier may also shed some light. – Jack – 2011-10-28T15:07:50.270

In your icmp ping tests to other clients on the copper network (Network 2), are the results saying "Connection Timed Out" or something else like "Destination Unreachable"? Also, they can all see the internet while their wireless nic is enabled, correct? – Jack – 2011-10-28T17:11:58.893

IIRC Windows 7 blocks ping requests by default so you may want to address that before using that as a viable test measure. To check this, in windows firewall select advanced settings and filter the inbound rules by the group named "File an Printer Sharing". See if the rules for echo requests for ICMPv4 are allowed. Selecting home or work in the network setup dialog may have set these rules to predefined states automatically given their security considerations. – Jack – 2011-10-28T17:37:05.323

Getting "Request Timed Out" on ping. Yes they can see t'interweb (via network 1). – Jon Egerton – 2011-10-28T17:38:04.357

As mentioned in the other comments, the network 2 is forced to be a public network because the default gateway is empty. Could this be a problem? – Jon Egerton – 2011-10-28T17:39:41.687

Asked: 2011-10-28T13:56:32.003

Viewed: 4 377 times

Active: 2013-04-07T01:22:35.843