3

I am trying to build a home network with three routers and one switch. My search here and on the internet didn't yield much, partly due to every question being very specific and also me being a novice at this (at best).

I'd like to maintain two separate wireless LANs (such that devices are bot being broadcast to the other) on two subnets, while connecting both via cable to the router that connects to the internet. Trying to draft the wired network (with device types):

Internet <---> ZTE MC7010 [192.168.2.1/24] <---> NETGEAR GS105GE <--+--> TP-Link Deco X20 [192.168.1.1/23]
                                                                    |
                                                                    +--> HUAWEI AX3 [192.168.0.1/23]

So I've got three subnets (192.168.2.x, 192.168.1.x and 192.168.0.x), each with its own router and DHCP server. I've really tried to understand how to configure them (esp. the subnet masks), but I think I'm doing something inherently wrong here.

My goal is to access 192.168.0.x devices from 192.168.2.x subnet (and vice versa, but that's not my main concern). By setting the subnet masks of the two LAN routers to /23, I thought I could enable access to the respective subnets, but to no avail. Another concern is that, at the HUAWEI router, I can only plug the LAN cable into the WAN port (otherwise I can't get past the warning in the UI) and that I might be facing some firewall issues. However, I deactivated the firewall in the UI and checked for any other settings that could be causing issues, but didn't succeed.

Any ideas and help would be very welcome! I am really 'working' way beyond my knowledge here... ;)

liatorp
  • 33

3 Answers3

5

By setting the subnet masks of the two LAN routers to /23, I thought I could enable access to the respective subnets, but to no avail.

No, that's very nearly the opposite of how it works.

The subnet mask defines how large the device's (host's or router's) local subnet is. "Local" specifically means all the devices that can be accessed without going through a router (i.e. without using a "gateway") – purely through switches and Wi-Fi access points.

But by switching the subnet masks to these specific /23's, the address ranges of the TP-Link and the Huawei now overlap (it goes all the way from 192.168.0.0 to 192.168.1.255 on both routers).

This means that a device connected to the TP-Link now thinks that devices on the Huawei are local (even though they're not!) and will never try to use a gateway to reach them; it will only make a local ARP query (which will fail). So that's the opposite of what you want.

An important thing to note is that the subnet mask doesn't really make devices accessible at layer2 (i.e. directly via switches/APs); it only informs them about what IP addresses are expected to be accessible at layer2. The subnet mask needs to reflect physical topology – not the other way around.

(Also, this is not a problem with using /23; it is specifically a problem with overlapping networks. As long as the subnet address ranges do not overlap, a /24 or /23 or /19 or any other size would work equally well.)

To make this work (that is, while deliberately keeping the 3 subnets separate), first go back to non-overlapping networks (just switch the configuration back to /24), then configure static routes on each router, pointing them to all other subnets.

For example, the ZTE needs routes to 192.168.1.0/24 via the TP-Link as 'gateway', and to 192.168.2.0/24 via the ZTE. Note that the 'gateway' address must be the one facing the ZTE (because the ZTE already knows how to reach it) – i.e. the TP-Link's "WAN" address, not 192.168.1.1, is the "gateway" from ZTE's perspective.

Most likely, both the TP-Link and Huawei already have their "default" route pointing towards the ZTE router, so now they should technically already be able to reach each other's subnets by bouncing packets off the ZTE, but for better performance you should add static routes on them as well (i.e. from TP-Link directly to the Huawei subnet, and vice versa). Note that they don't need routes for the ZTE subnet as they're already directly in that subnet.

grawity
  • 501,077
2

In addition to the other answer:

Try to draw subnets as straight lines, make all interfaces on routers visible:

192.168.1.*/24              192.168.3.*/24               192.168.0.*/24
     :                            |                             :
     :                            |                             :
     :... TP-Link Deco X20     ---|                             :
     :  192.168.1.1  192.168.3.2  |                             :
     :                            |---    HUAWEI AX3        ....:
     :                            |   192.168.3.3  192.168.0.1  :
     :                            |                             :
     :                            |                             :
                                  |
                              192.168.3.1
                             ZTE MC7010
                              <internet>

(Edit to remove NETGEAR as it is a switch)

In that case, the network topology is simple: every subnet has a single gateway (here, with .1) which would also act as DHCP server, handing out the gateway address.

So you don't even need to distribute routes (which would be necessary for a more complicated topology).

In doubt, keep to the standard /24 subnets (192.168.*.* is big enough, use 10.*.*.* if you have to).

but I pretty much can't access anything

I wrote you don't have to distribute routes, but you need to set routes to 162.168.1.*/24 via 192.168.3.2 and 192.168.0.*/24 via 192.168.3.3 at least on the ZTE (and setting them on the two other routers is also recommended).

Did you do that? Did you also give the TP-Link and the HUAWEI static addresses, e.g. by configuring the DHCP in the ZTE?

I cannot configure static routes on the ZTE (nor on any other of the routers).

Do you have root access to any of the routers? Have you checked if you can install alternative firmware (e.g. OpenWRT) on any of the routers?

Can the TP-Link or the Huawei be configured to bridge the WLAN AP with a LAN interface, or is there always a separation? (If this is possible, you could get something else, e.g. a RaspPi or something with OpenWRT, to act as a router (in the original sense, forwarding IP packets) for the subnets).

dirkt
  • 17,461
2

Starting with your original (corrected) network and dirkt's drawing:

192.168.1.0/24              192.168.2.0/24               192.168.0.0/24
  :                            |                             :
  :                            |                             :
  :... TP-Link Deco X20.    ---|                             :
  :  192.168.1.1  192.168.2.2  |                             :
  :                            |---    HUAWEI AX3        ....:
  :                            |   192.168.2.3  192.168.0.1  :
  :                            |                             :
  :                            |                             :
                               |
                           192.168.2.1
                          ZTE MC7010
                           <routable> -> Internet

Just to note some important things: 192.168.2.0/24 is the NETWORK address (all bits within the network part of the address should be zero) 192.168.2.1 is a MACHINE address -- here, I'm going to presume that it's the address of the ZTE on it's inside interface. Similarly, the TP-Link will have an inside address of 192.168.1.1 , and the Huawei will have an inside address 192.168.0.1

The other things that we'll need is to assign static OUTSIDE addresses to the TP-Link and the Huawei ... 'outside', in this case, being the interface on the ZTE's (inside) network. In this case, We've assigned the TP-Link an address of 192.168.2.2 and the Huawei an address of 192.168.2.3 . So now we have:

      internet -- <routable>  = ZTE     = 192.168.2.1 -- 192.168.2.0/24 
192.168.2.0/24 -- 192.168.2.2 = TP-Link = 192.168.1.1 -- 192.168.1.0/24 
192.168.2.0/24 -- 192.168.2.3 = Huawei  = 192.168.0.1 -- 192.168.0.0/24

With -- indicating the network the interface is on and = being it's address there.

So, now everybody knows how to get to the 192.168.2.0 network, but nobody knows how to rout to the inside networks of the TP-Link and the Huwaei, so you need to add static routes. On the ZTE you need to add:

Name       Network           gateway
TP-Link   192.168.1.0/24 -> 192.168.2.2 
Huawei    192.168.0.0/24    192.168.2.3

On the TP-link, you can optionally add:

Name       Network           gateway
Huawei    192.168.0.0/24    192.168.2.3 =

On the Huawei, you can optionally add:

Name       Network           gateway
TP-Link   192.168.1.0/24    192.168.2.2

The reason why I say that you can optionally add the static routes onto the TP-Link and the Huawei is that the ZTE should point them to each other when they try to forward packets through the ZTE to each other... but you just save the extra work when you add the extra static routes. (the subnets will also still be able to talk to each other, even when the ZTE is down)

darkonc
  • 93