I'm helping out a small organization with their networking. Yesterday something destroyed one of their switches and one of their firewalls. The only thing I could do was to replace both for the time being with a standard WRT54G. I got that running just fine, and I added a 24-port switch today. Everything works as it should...except...

This side of their network uses the IP address range of 192.168.200.xxx. In the router's configuration screen, I have DHCP starting at 192.168.200.1 and a maximum of 30 users. My problem is that it won't let me assign more users. If I tell it to start higher (I have machines on this network with assigned addresses from 1 to 9), it shrinks the number of maximum users I can have.

Why is this happening? Is this a limitation of the device I'm using? Previously the firewall was acting as DHCP server, distributing the signal to at least 40-50 computers.

Thanks for any help you can offer.

Sounds like it doesn't like 192.168.200.31 and above. Is the subnet mask set correctly? If it were 255.255.255.224 (i.e. "/27"), then the behaviour you report would be correct. Or is the router itself on 192.168.200.31? Don't forget to allow for its own IP address in your calculations.

I just tried on my WRT54G and it's fine with starting at 192.168.1.100 and max 155 users (netmask is 255.255.255.0 or "/24").

Peter

Install DD-WRT, then start trouble shooting. The thing that pops out is that in a standard configuration, .1 is the router's address, not a PC on the network. It doesn't half to be, but it's it'll be a head scratcher for anyone who comes after you if it's not.

I'd be concerned using a WRT54G for 40 or 50 active workstations, but as long as they lay off the bittorenting you might be all right.

The router its self is .1, though I have DHCP set to start at .1. I assume the router is smart enough not to lease that address out to another computer, right?

The subnet mask is .224. I can't remember why I set it that way. I think it was because the incoming internet connection (which is static IP), has a .224 subnet mask, but it's not a requirement that they match, is it?

I probably should install DD-WRT, but the network is under pretty heavy use right now (about 25 users, a few servers, and a bunch of printers - hence the issues I'm having). Plus, DD-WRT is seriously annoying to install on the latest 54Gs. Have you tried recently? A couple years ago it was a simple matter of using the built-in firmware upgrade process, and now you have to log in via SFTP, run something at the command level, then install the new firmware over the same. It's doable, but these routers are part of my inventory, and I don't want to screw one up and be out $45.

*edit*
ps- heavy use is the wrong phrase. There's a lot of users, but it's all web surfing and emails. This is technically a school network, but it's all offices, a newsroom, and a computer lab. I think the WRT54G will do fine...

Possibly, but it certainly isn't smart enough to avoid your other static IPs at .2 to .9. Set it to start at .10.


No, there isn't, and if the network had >30 users before the previous firewall failed, then it can't possibly have been using a .224 subnet mask. Unless your organisation really does have separate subnets in different parts of 192.168.200.xxx, set the subnet mask on the internal network to 255.255.255.0.

Peter

Yeah, the .224 subnet mask will do it. 224 is 11100000 in binary, leaving 5 bits for the subnet. 2^5 = 32, one IP lost to subnet number, one to broadcast, and you're left with 30 addresses.

In short, they don't need to match. Cisco's first CCNA book is 50% subnetting(or maybe just seems that way), and well worth reading if you do this kind of thing regularly.

I havn't bought a wrt54g in quite a while, I'm happy with my myriad of Buffalo's and am waiting for an open source firmware supported 802.11N router.

Matthew

Okay guys, thanks. I've set the subnet mask to 255.255.255.0, and DHCP leases 16 to 150 (just to be safe). But now a bunch of the computers on the network can't get on the network. They're complaining about IP address conflicts. I've rebooted these computers, power cycles the router and all attached switches, but they're still giving me the problem. I've tried releasing and renewing the IP addresses, but that can't even get going...

This is one of those "power cycle the building" issues. Every computer remembers it's IP, and the router has no clue which ones are in use. Every time you power cycle the computer, the router hands it an address, which one of the other computers is still using, so it refuses to use anything. Reboot the building, and you're all set.

Easier said than done. To accomplish the same thing, unplug all the switches, let them rest long enough that all computers have dropped their links, then plug them back in.

Matthew

Perhaps your network has more static IP addresses than you thought? If you have a machine with a IP address conflict, you can find the MAC address of the conflicting machine by (a) temporarily disconnecting the one reporting the conflict (b) running ping <conflicted-IP-address> on a separate machine (c) running "arp -a" on that separate machine. At least if it's Linux.

Of course, if the sysadmin's record-keeping isn't good enough to work out which MAC address corresponds to which machine, that doesn't help.

Rebooting the router, of course, causes it to forget which IP addresses it handed out to which MAC addresses, and start again from .16. If you're concerned that some hosts are keeping hold of IP addresses given by a previous incarnation of the router, change the DHCP range to a disjoint one (e.g. 150-250). That operation itself should not reboot the router. Then, once all the incorrect leases have expired (the default least time on a WRT54G is one day), you can change the DHCP range back to what you want it to be.

Peter

Most managed switches will show you which MAC address is connected to which port. "sh mac-address-table" on most Cisco switches.

I think your last suggestion is what I'll go with. I unplugged all the networking equipment for a few minutes, so we'll see if that helps. I'm reasonably certain that there's 15 static IPs at most, but no, the record keeping here is not good. I was lucky just to find enough information to properly configure the router in the first place. I also have a full 24-port switch with no labels whatsoever, so I know that most of them go to one room, and a few of them go to these other few rooms, but I couldn't identify a specific one. I hate non-labeled cables.

Anyway, it's looking good now. Thanks so much for all your help guys. Matthew_k, you mentioned one place to find information, but if I wanted to learn more about networking (other than in the middle of a crisis with 40 people looking to me to help them), where would you recommend? Online is preferable, but I'm willing to get a book if it's really good.

Thanks, Bitt. I'll look into that. This is just the least expensive 24-port 10/100 switch I could find (they wanted to go cheap), so I don't know if it has that capability or not. It's a Netgear product. Pretty nice, though.

I just wanted to thank you all again. You really helped me out and I appreciate it. If you're ever in the DC area, dinner's on me!

Doubt it will have it then. You need to specifically buy the managed version for it. The smart version can do it as well I think... Either way, not the cheapest option.

Obviously you'll need some sort of UI on the switch: telnet, web-based, whatever. But if it's the cheapest you could find, I seriously doubt it'll have one.

Oh well, not an essential for these folks. They might be moving to another building at some point, and then I'll strongly suggest proper labeling.

Don't know if you need it and, I don't know if that particular router supports it, but you may be able to assign static DHCP addresses. With this, particular IP addresses are reserved for and always given to specific MAC addresses.