Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IP Address Routing Between Networks Issue


  • Please log in to reply
6 replies to this topic

#1 Nawt0k

Nawt0k

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:47 AM

Posted 24 February 2015 - 11:30 AM

I am stumped with an issue that has been going on with 2 servers that I am working with.  Bear with me as I try to give the best description possible.....

 

Right now I have a server running with 2 NIC cards in it on with the following configurations:

 

NIC 1: 192.168.1.220

NIC 2:  192.168.2.100

Subnets: 255.255.0.0

Gateways:  192.168.1.1

 

The first NIC card broadcasts points/data to the .1 network while the .2 network builds an arhitecture of another 30 devices.  Right now only 2 devices are in place (.107 and .108).  Using software on my server I see all my devices on the .2 network.  There is another workstation on the .1 network (192.168.1.100) that reads the points that my server broadcasts (via BACnet).  All these points can be read fine and 100% as they broadcast from NIC1. 

 

The issue comes with seeing any device on the .2 network from the workstation on the .1 network.  The "idea" was for the user on the workstation to be able to access the system on the .2 network via a web portal without needing to access 2 separate computers to do their work.  For reference, the "web portal" is actually just browsing to the 162.168.1.220 address via IE or Firefox.....No actual web/internet access exists.  Its just a portal across a local network.  When the user accesses the web portal from the workstation (.1.100) it can open the site software but all of the .2 network devices show a comm fail.  With the subnet set up the way it is, there should be no issue with the third octet of the IP address being different.

 

On my server, I can see all devices via the web portal with no issues.  The technician on the site has created the following network install:

 

A local Blackbox LB005 switch houses a connection to each of the devices - NIC 1, NIC 2, 107, and 108

The blackbox switch then has a CAT-5 cable running to a router which jumps over to the .1 network.

 

As a test to rule out any sort of loop back issues, I disabled NIC 2 so only NIC 1 and the 2 other devices the only addresses communicating to the switch.  I attempted to use the "web portal" from my server and I could not see anything on the .2 network even though its all connected to the same switch.

 

The goal is to allow the .1 workstation to see/communicate with all the devices on the .2 network.  I have a feeling that Blackbox switch is not an intelligent switch and needs to be upgraded, but there could be something else going on in my settings.  Any and all help is greatly appreciated.  Thanks!



BC AdBot (Login to Remove)

 


#2 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 24 February 2015 - 12:36 PM

What are you trying to accomplish with this configuration?

 

Really makes no sense to have two different ips on two server nics when they are in the same subnet.  To my knowledge windows will just ignore one since it would be hard to determine if you wanted it talking out the right side of its mouth or the left side of its mouth.  It's just going to talk out of one mouth.

 

I think the problem here is what the concept behind different networks.  You appear to think that .1 and .2 are different networks but they are not when in the /16 subnet.  They are on the same network as is .3 to .255 since /16 results in 192.168.0.0 - 192.168.255.255.  This assumes you are not using 255.255.255.0 on the workstations

 

This is not a switch issue.



#3 Nawt0k

Nawt0k
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:47 AM

Posted 24 February 2015 - 01:10 PM

Honestly, my goal is to make the best out of a bad situation that I was handed.  I originally had everything on 1 network but was told to "isolate" my new devices on .2 because the IP addresses on the .1 were filling up quickly.  My server is actually a server for a control network.  Its not networking to actual computers and doling out any autentication to them.

 

I had people in the field make changes, set up the hardware, and do it all in the configuration I stated above.  Now that it doesn't work, everyone wants me to make it work.

 

At the end of the day, my server needs to be accessable by a workstation on the .1 network for the control software that it houses and communicate with the .2 devices.  Would the best solution be to disable NIC2, unplug it from the switch, and configure NIC1 to 192.168.2.100 leaving the subnet and gateway @ 255.255.0.0 and 192.168.1.1?



#4 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 24 February 2015 - 02:13 PM

I would disable nic2 but wouldn't change any of the ip addresses of the .2 devices.  You have one network which means .2 can talk to .1 and visa versa.

 

But I don't think we have the whole story yet.

 

"was told to "isolate" my new devices on .2 because the IP addresses on the .1 were filling up quickly" doesn't make any sense unless you were using 255.255.255.0 on the dhcp server.  That subnet mask would limit .1 to 254 or less available addresses [based on what was statically assigned]

 

But you say you are using /16 which would give you 65534 available ip addresses. This is why the information so far is not adding up.

 

Is the router providing dhcp services?  Some SOHO routers don't support supernetting which is what you are doing with a class C address range and a Class B subnet mask.

 

I suspect your issue is due to the router using a class c subnet mask.  You have two choices given the present state of information

 

1. disable server nic2, configure the dhcp server to use the /16 subnet mask, configure the server to use the /16 subnet mask

2. put server nic2 in a completely different subnet like 172.16.0.0.  No dhcp server present for that subnet so you would have to manually [static] assign ip addresses to the devices connecting on that ip range.  Then this network would be isolated [also with no internet access] and it would be able to talk to the server.


Edited by Wand3r3r, 24 February 2015 - 02:18 PM.


#5 Nawt0k

Nawt0k
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:47 AM

Posted 24 February 2015 - 03:25 PM

I believe my word usage has been misleading.  Isolate was a poor word choice.  Relocate would have been better.  This is a control network and not your typical server/client computer network.  Everything is set to static so we know what IP is assigned to what piece of equipment.  The network was initially assigned to be 255.255.255.0 and an IP range of 192.168.1.100+.  As the remaining IPs were filling up quickly, my equipment was to be reassigned to a fresh .2 network in the range of 192.168.2.100+.  My server was sent to the site and its IP configurations changed so NIC1 was 192.168.1.220 and NIC2 192.168.2.100.  As descibed previously, there was the expectation of cross communication between the two systems.  Everyone making the changes had not consulted with me and left the subnet at 255x3 which would prevent any communication to any devices associated with the .2.

 

I have learned that a field installer had changed the network wiring so NIC1 went to a router on the workstation's network while NIC2 connected to a switch that would maintain a NEW riser for our equipment on the .2 range.

 

What I need to do is reassign the IP addresses as needed so my equipment and server stay on the 192.168.2.xxx schema while getting the workstation on the 192.168.1.xxx schema to communicate with it.  CAT-5 cables can be moved around as needed to allow for proper comm. 

 

I am tempted to disconnect NIC2, disable it, readdress NIC1 to 192.168.2.100, connect NIC1 with the other equipment to a the LB005 switch, and connect that switch to the router on the .1 scheme.  I hope this extra writeup is helpful in clearing up the mud.  I've been trying to clear things up myself as people made changes/decisions without consulting anything and now its up to me to "just make it all work."



#6 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 24 February 2015 - 04:11 PM

If using 255.255.255.0 [as I suspected] you would need a router to have the .2 network talk to the .1 network.  SUPERnetting puts these two ip ranges in the same network.  SUBnetting as in using /24 gives you two separate networks that can't talk to each other without a router doing nat between them.

 

"I have learned that a field installer had changed the network wiring so NIC1 went to a router on the workstation's network while NIC2 connected to a switch that would maintain a NEW riser for our equipment on the .2 range."

 

But you previously wrote there was a cable from switch to router so they are all on the same physical network.  You can not get .2 to talk to .1 on this one physical network.

 

"What I need to do is reassign the IP addresses as needed so my equipment and server stay on the 192.168.2.xxx schema while getting the workstation on the 192.168.1.xxx schema to communicate with it."

 

Again you have no router.  Perhaps you want to consider turning the server into a router between the two subnets by engaging RRAS

 

"CAT-5 cables can be moved around as needed to allow for proper comm."

Only by removing the cable between router and switch would results in two physical networks.  But that is pointless since you have two separate subnets that can't talk to each other anyway.

 

"I am tempted to disconnect NIC2, disable it, readdress NIC1 to 192.168.2.100, connect NIC1 with the other equipment to a the LB005 switch, and connect that switch to the router on the .1 scheme"

This would accomplish nothing.  .2 can't talk to .1

 

If you don't want to put a router in between the two subnets then consider supernetting using 255.255.252.0 which will give you 1022 ip addresses  [192.168.0.0/22] which will give you the single subnet so everyone can talk with a range of 192.168.0.0 - 192.168.3.255.  You would only use one server nic and it could be assigned either .1 , .2 or .3 and still be able to communicate with the others.


Edited by Wand3r3r, 24 February 2015 - 04:15 PM.


#7 Orecomm

Orecomm

  • Members
  • 261 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roseburg, Oregon
  • Local time:09:47 PM

Posted 27 February 2015 - 10:42 AM

From what I glean from your messages, it seems like the server needs to be accessible from the "outside" while the devices it controls need to be accessible from the server and do not need direct access to or from anywhere else. All access to the controlled devices is through the server. If this is correct, your dual NIC, dual address plan is correct but the network mask on all devices needs to be 255.255.255.0. This creates two unique networks, 192.168.1.0-255 and 192.168.2.0-255. The 192.168.1.x network is connected to your router and one NIC on the server. It provides all of the access to the server itself, and the server's gateway should be set to the router's address, probably 192.168.1.1. The second NIC would be addressed on the 192.168.2.x network, probably as 192.168.2.1, and would have no gateway defined. It would be connected to a switch (or switches) supporting your statically addressed managed devices. Your static devices on the .2.x network won't have a Gateway either (use the address of the server if they insist on having something defined) and will not have access to DNS. In this mode the Server "knows" about both networks and will be able to access your devices on the "private" .2.x network while talking to the rest of the world on the .1.x network. Devices on the .2.x network will never see or know of the existence of any network outside of their own .2.x subnet. Any access to the .2.x network will have to come from the server, i.e. if your devices are web managed you would need to remotely run a web browser on the server to access the attached devices. This is a common configuration for SCADA, machine control, video surveillance, and other isolated network systems. Just be aware that for any access to the .2.x devices you must originate the connection from your server. No other device on the planet will even be aware they exist.

 

One caveat, if another 192.168.2.x network is ever defined on the "public" side of the network it will break your network as the server won't know which way to send traffic. That address block must be forever reserved within your organization. That may be a good reason to use another address block, like 172.16.1.x, for your device network.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users