Does having multiple RJ45 jacks degrade the Internet signal a lot?

I could see a network with QOS priority making sense. I guess the "quality" feed is sent to a switch from the router, and then all the VOIP goes on that switch.

I've got their stuff for free or maybe a few bucks, but I'd have a hard time suggesting anyone consider Airlink 101 for anything serious. I did set up two of their routers for other people. Documentation is slim, but thus far no failures, so I guess I could recommend Airlink 101 over Netgear, but I'd sooner take Dlink over Airlink 101 any day, simply due to better documentation and easier to use firmware. I've haven't had any dlink failures, if a sample of 5 means anything.

I do have a 2701HG, but not on AT&T. I managed to get it to run on what is now Megapath. They made a modem as well, based on a sample of one I saw at a house in Vegas. You can't buy a 2wire in a store as far as I know. They only sell to ISPs. I've heard about the power supplies being a problem, but thus far, no problem in 3 years, and the unit was used. I grabbed another at the flea market should it croak.

Sell what they support. Well sort of. My isp have been bought once and merged twice. I have a decent collection of crappy DSL modems, only being a Zyxel which is supposed to be good. I have an old modem from Telocity (whatever that Cupertino company was called) that never locked up, but I couldn't figure out how to hook it up to Covad when Telocity went TU.

Note that Linksys will not update my router firmware. There is a GPL issue, which was discussed elsewhere on this newsgroup. Not only will they not update the firmware, they won't even put it on the net for download. I can certify Linksys as a company that won't upgrade at least one model of router, namely my WRT330N. [The New Egg reviews are not very good. I got it when it came out, so there wasn't information out there.]

I guess next time I will spring for a Cisco branded router. I assume they don't leave their small business customers out to sea.

Yeah, but I brought this up because the modem kind of looks like a one port router and you need to be aware of it's address so there are no conflicts when you attached your router. [I think Jeff cringes when I say one port router, but I don't know what else to call it.]

Maybe the idea is if you just had a switch after the modem rather than a wifi router, you would need some management features in the modem. In my case, I DMZ the modem to the router, and then do all management from the router.

Hey, I learned plenty on this thread.

There are/were plenty of one port routers on the market, especially if we mean one LAN port.** That's all that are needed, and the minimal number of ports doesn't make it any less of a router. It just means you'll probably connect the switch of your choice to the LAN side rather than use the built-in switch (since in the case of a one port router there is no built in switch).

**Technically, a router can get by with just one port which would be used for both WAN and LAN, but I don't know of any examples of that, given the context of this discussion.

I still don't know why there would be possible address conflicts, though. Properly configured, a router never has the same subnet on its WAN and LAN sides.

Oh, wait, Jeff mentioned that some DSL modem/routers default to a certain IP range on their LAN side, and adding a second router might introduce the possibility of THAT device also wanting to use that same IP range. But in his example, the DSL modem/router auto configured itself to avoid the conflict. The possibility exists, I suppose, that not all DSL modem/routers are smart enough to auto configure themselves that way, and some standalone routers don't give the user the capability to configure the LAN subnet. Nearly all of my recent experience is with dd-wrt, though, so configuring the subnet is second nature and I sometimes forget that stock firmware may not offer that.

Correct. If you use a switch with a combo modem/router device, the router in the combo device is where you'll make all of your configurations. However, if you add a second router in series, then it makes sense to "DMZ the modem to the router", as you call it, and then make all of your configurations in the second router.

Yes, I know "DMZ" is the wrong term for what we're discussing, but Linksys bastardized it long ago so I'm just using it the way they do. Network engineers no doubt are cringing, as they should.

My earlier Google search turned up your second link above, so now I have two copies of the 4200 User Guide. Absolutely no doubt about it, it's a combo DSL modem + router + 4-port switch. What are you seeing that makes you think it's just a DSL modem, because I don't see that.

Think about it for a second. Just because you set the combo device to bridge mode doesn't mean it should disappear, from a management perspective! It would be horribly broken if it DIDN'T continue to respond to its management traffic, even while in bridge mode. If it disappeared after setting it to bridge mode, doing so would be a one way street with no way to return, other than possibly doing a full factory reset. Obviously, that's not the case.

Nope, bad assumptions have led you to a bad conclusion.

My own experience lies with cable modems, and as you say, they do this "redirection" fine. It's not exactly redirection, but I know what you mean.

You've switched topics midstream, which is always confusing.

You started this example by mentioning that the router portion of the

4200 is able to forward all ports to a second (standalone) router, which only applies to new connections coming from the WAN side, going to the LAN side. (Return traffic needs no port forwarding.) That's not unusual or amazing behavior, as I pointed out. It's the exact equivalent of putting one LAN-connected PC in the router's DMZ, if you'll allow me to use Linksys terms.

But now you've turned things around, talking about traffic going from the LAN side to the WAN side, destined for the DSL modem/router. That has nothing to do with the port forwarding mentioned earlier.

No matter how badly written you may think Skype is, my guess is that it's much (MUCH!) worse than you think, if this presentation is to be believed.

Not exactly a conflict, but a simple routing problem. Let's say your modem's LAN interface is 192.168.1.254 (/24), as you suggested above. Now you connect a router to the modem's LAN interface, and you configure the router's LAN interface to be 192.168.1.1 (/24). Both devices are using the 192.168.1.x/24 subnet.

Given that scenario, there are no addressing conflicts, but you won't be able to reach the LAN interface of the modem because there's a router between you and the modem. You fire off a packet to

192.168.1.254 and your PC's network stack checks its netmask, determines that the target IP address is within that netmask, so it uses ARP to translate the IP address to a MAC address. Well, it doesn't get a reply since ARP doesn't pass through a router. Ergo, no communication from the PC to the modem. The fix, as you stumbled upon, is to use a different subnet (or at least a more restrictive subnet mask).

Not applicable/relevant. The problem isn't that the same IP address might be assigned twice. The problem is that there's a router in between these two same-numbered networks. Can't do that. See my more detailed reply to miso.

My understanding is that different subnets are required for a different reason, not to avoid IP address duplication. If both ends of a VPN are using the same subnet, how would the VPN endpoint know that traffic should be passed through the tunnel?

I remember the good old days when the phone company did the telephone wiring.

Christopher A. Young Learn more about Jesus

.

Yeah, but I brought this up because the modem kind of looks like a one port router and you need to be aware of it's address so there are no conflicts when you attached your router. [I think Jeff cringes when I say one port router, but I don't know what else to call it.]

Maybe the idea is if you just had a switch after the modem rather than a wifi router, you would need some management features in the modem. In my case, I DMZ the modem to the router, and then do all management from the router.

Back when I had dialup internet, I got an offer for trial of cable internet. I really love it. Much faster.

Christopher A. Young Learn more about Jesus

.

My earlier Google search turned up your second link above, so now I have two copies of the 4200 User Guide. Absolutely no doubt about it, it's a combo DSL modem + router + 4-port switch. What are you seeing that makes you think it's just a DSL modem, because I don't see that.

Think about it for a second. Just because you set the combo device to bridge mode doesn't mean it should disappear, from a management perspective! It would be horribly broken if it DIDN'T continue to respond to its management traffic, even while in bridge mode. If it disappeared after setting it to bridge mode, doing so would be a one way street with no way to return, other than possibly doing a full factory reset. Obviously, that's not the case.

Nope, bad assumptions have led you to a bad conclusion.

My own experience lies with cable modems, and as you say, they do this "redirection" fine. It's not exactly redirection, but I know what you mean.

You've switched topics midstream, which is always confusing.

You started this example by mentioning that the router portion of the

4200 is able to forward all ports to a second (standalone) router, which only applies to new connections coming from the WAN side, going to the LAN side. (Return traffic needs no port forwarding.) That's not unusual or amazing behavior, as I pointed out. It's the exact equivalent of putting one LAN-connected PC in the router's DMZ, if you'll allow me to use Linksys terms.

But now you've turned things around, talking about traffic going from the LAN side to the WAN side, destined for the DSL modem/router. That has nothing to do with the port forwarding mentioned earlier.

Thanks for the info. I had no idea; I'll look into it.

I've been fighting that problem with VPN's since they were invented. What a VPN does is assign a block of IP addresses, that belong to the other end of the VPN tunnel, to the local network. For example: Remote Network = 192.168.222.xxx Local Network = 192.168.111.xxx The remote VPN router is configured to deliver a block of addresses to be used by VPN callers. Let's say that: Remote Network VPN address pool = 192.168.222.50 -> 99 Remote Network DHCP pool = 192.168.222.100 -> .253

When I connect via the VPN tunnel, my computah will have two IP addresses assigned to it. One is something like 192.168.111.xxx, which is used to talk to machines on the local network. The other is an address from the remote VPN address pool, something like

192.168.222.55. This works well and there are no duplicated IP's.

However, let's pretent for a moment that the Class C networks on both ends are the same. Both system use the 192.168.111.xxx address block. The local DHCP server has no knowledge of the remote VPN pool. It assigns addresses based on NOT being able to ping addresses. Since it can't ping anything on the remote end until AFTER the VPN tunnel has been successfully established, there's a very real chance that the local DHCP server will dispense IP addresses that are currently in use at the remote end.

I've seen it happen and it sucks. The worst case is duplication of the router IP address. If both routers have the same IP address, there are several surprises. The most obvious is that the default gateway is now duplicated on two devices. Outgoing packets don't know whether to hit the internet via the the local router or the remote router. It's not unusual to connect to a remote VPN, and then have all that computers internet traffic go out to the internet via the remote router, which is usually quite slow. Another problem is the inability to administer both routers. When I setup a VPN, I have to have access to both routers. If they both have the same IP address on the VPN, that's not going to happen.

For a while, I was administering a remote VPN that was on

192.168.111.xxx, which was the same as my office LAN (because their admin didn't have a clue and just cloned my setup). When I connected, I could not see their NAS box. That's because my office network printer was on the same IP as their NAS box.

Some VPN implimentations take all this into consideration and make an effort to at least prevent gateway IP duplication. In effect, it hides the remote router, making unwanted outgoing traffic impossible, but also blocks remote admin. Sonicwall does this quite well. Linksys and Netgear do not.

Look again. The 4100 and 4200 both have a single ethernet port with no 4 port switch.

I think the basic disagreement is whether a device that does NAT to a single IP address, and to a single ethernet port, should be considered a router. By definition, a router glues two networks together. On one side, we have the entire internet via the DSL port. On the other side, we have a single machine with a single IP address with all

65,000 IP ports going to this single IP address. Whether to consider a single machine to be a network seems a bit dubious, but lacking any other suitable definition, I guess we now have a one machine network. It's certainly not a bridge as it's working on ISO layer 3 (IP) and not layer 2 (MAC) used in bridging.

I'm sure it's the modem doing the redirection. That's because I've tried configuring various modems at various locations through the router. Some modems work, while others do not. I can change modems around, and the one's that work follow the modem, not the router. I can change routers on a setup that works, and there's no effect.

Yep. It seems to have been introduced somewhere in the Cablelabs specs. I haven't bothered digging in there for the details. The problem is that I don't know what to call it. "Management IP redirection" is the best I can invent.

Yep. Guilty. Sorry(tm).

No, I said that the DSL modem section is doing the redirection. Redirection still works in the bridge mode, which disables the NAT and therefore the router section. Therefore, it must be the DSL modem section doing the redirection.

I think we're both in agreement that the Linksys DMZ is not a real DMZ firewall with its bastion host and inside firewall.

Yep, that's exactly what I'm talking about. This is NOT about a DMZ, where INCOMING traffic is directed to a specific IP address. This is about OUTGOING traffic, being sniffed for anything with a destination IP address pointing to the management IP address of the DSL modem, and getting redirected to the internal management web server. Please forget about DMZ as it only has relevance for INCOMING traffic, while this redirection is all about OUTGOING.

One more, for hacking the 4100/4200:

Ugh... he calls it a router. Grumble.

I think you're missing what I'm saying. It's trivial to adjust the DHCP scope so that DHCP collisions are completely avoided. Many times, it's also easy to ensure that static assignments, including the gateway, are not duplicated. Given all of that, my point is that I still don't think it will work because the VPN endpoint won't know that it should send traffic through the tunnel if both ends of the tunnel are on the same subnet.

Have you tried that? I don't have the resources at the moment, but I don't think it will work.

Agreed, in your photo there's a single Ethernet port, but in the 4200 User Guide you linked earlier, there are multiple references to "Ethernet Ports (1-4)", such as on page 7, "With your computer powered off, connect the Ethernet cable to an Ethernet port (1-4) on the Router." Apparently, someone at Speedstream is confused or there are multiple hardware versions, or...?

I admit, I'm completely baffled by your confusion. Routers don't need to incorporate a switch in order for them to be a router. Heck, a router really only needs a single Ethernet connection, which can be shared WAN/LAN. (Think "router on a stick".) The lack of an included switch, if true, takes nothing away from the router section.

Some clues, taken from the 4200 User Guide:

1. Speedstream always refers to it as a router, never a modem or bridge.
2. Firewall
3. NAT/NAPT
4. Stateful Inspection Firewall
5. Attack protection, Firewall Security
6. DMZ
7. Port Forwarding
8. Session Tracking
9. Content filtering
10. Internet address filtering/blocking
11. Has settings for IP, netmask, and default gateway
12. Includes a DHCP server and DNS forwarder
13. Static routes can be configured
14. RIP 1/2 (Routing Information Protocol)
15. Port Forwarding
16. DynDNS
17. Time Client
18. Has a routing table (static & dynamic routes).

Those things are from a quick skim through the 4200 User Guide. Note that all of those items are typically found in routers, and none of those items are typically found in bridges. I'm unable to explain why you missed the presence of the router.

If you've ever held a 4200 in your hands, you were holding a combo DSL modem and router, and according to the User Guide it also had a 4-port switch, however that detail seems to be in question and not supported by the picture you found.

Redirection? Is this the upstream thing again? I thought we were done with that. I'm much more interested in the downstream direction, where you seemed surprised about the capability to forward all ports to a single IP, i.e., what Linksys calls DMZ. Typical router stuff.

Anyway, I don't quite know what to make of the paragraph above. You refer to modems and routers, but with the confusion regarding the 4200 I don't know which terms to trust. Do you typically add a second router to the mix when you deal with 4200's? Do you refer to the 4200 as a modem, and when you say router you mean a second router attached to the LAN side of the 4200?

I'm talking about the downstream direction. You keep changing the topic to the upstream direction. Focus, please.

Totally agree, but Linksys put the term into common (mis)usage, so no matter how wrong it is, it's out there.

I'm much more interested in the downstream direction, where the 4200's router makes its presence known. The upstream direction is mundane and uninteresting.

So does Speedstream.

Linksys calls the WRT54G a router, too, but it's a router, a bridge, a switch, and an access point, among other things. I guess you gotta call it something, so you let the marketing department loose on it and see what they come up with.