Page 1 of 1

Routers routers rah rah rah

Posted: Tue Oct 08, 2013 6:34 pm
by unfaithfulsfan
I do not claim to be any great shakes when it comes to networks and I certainly have only the barest of understanding of the OSI Model but I just do not understand what's happening here.

I take care of the network at Village Hall here where I live and ordinarily it's really not that much of a chore. I installed a new server a couple of years ago and replaced 3 of the 4 client PCs, added a new monster of a copy machine, a couple of network printers and that's about the size of it. I replaced the router, too. It's all very basic utilizing DHCP.

They've been having problems with slow Internet connection. They called Time Warner who came in, replaced the old modem with a newer model that includes a wired/wireless router, upgraded them to 15 Mb service and that was that. However, the Internet is still slower than molasses in sub-zero weather. So I spent a few hours last night monkeying around trying to figure out exactly what was going on. Here's the way it has been set up since before I got involved:

The cable modem connects to the Internet port of the 10/100 router. LAN1 of the router connects to a port of the 8-port switch. 6 of the 7 remaining ports on the switch are home to the server, the 3 client PCs and the printers. There's one port left for when the new Mayor adds a client PC/laptop to the system. If I connect the clients directly to the new modem/router, Internet service screams and I am able to download a 200 MB file in under 5 minutes. Of course I cannot connect to the server or any of the mapped drives because the switch isn't involved.

My thought was, "Why can I not just bypass the old router and just go straight to the switch from the new modem?" The answer is plainly, It won't work. I can intermittently connect to the server and all the mapped drives but there's no Internet. As soon as I connect a PC to the switch I get the little yellow triangle with an exclamation point over the network connection. I'm sure the issue lies in that I can't dial in to the TWC modem, or at least I think that's it but the more I think about it, the less sense that makes. I never dialed in to the 10/100 router when I installed it.

I tried powering off the new router and the switch, making the connections then plugging them back up and that had no bearing on it either. As soon as I add the old router back into the loop, everything works albeit the Internet again is slower than dial-up.

Am I doing something wrong or do I need to replace the old router or the old switch?


Re: Routers routers rah rah rah

Posted: Wed Oct 09, 2013 6:58 am
by bubba
To clarify, what is current order of equipment? What I gather is... New modem - Old router - switch - clients.

You said that the old router has a 10/100 ports, that could be the main part of the problem there. If you have all the clients and servers to a switch that is plugged into a single 10/100 port, its overloading the port. Think 3 stooges trying to get through a door.

If the new modem has built in router, dump the old router, go straight to new modem/router. Use a switch on a port to funnel low traffic stuff off like the printers.

If new modem does not have a router, look at getting a new one with Gigabit speeds.

Re: Routers routers rah rah rah

Posted: Wed Oct 09, 2013 7:54 am
by kenc51
Remove the old router

It should be:
Cable modem --> Switch --> Network

Re: Routers routers rah rah rah

Posted: Wed Oct 09, 2013 3:28 pm
by unfaithfulsfan
You're correct: New modem/router->old 10/100 router->old switch->clients & server. I know all the PCs and the server have gigabit NICs in them.

The problem is when I take the old router out of the loop and go directly from the Time Warner modem/router to the switch, I get no Internet and barely intermittent LAN communication on all the connected computers. That's why I wondered, too, if the switch is not able to handle the speed from the new modem/router? Wouldn't that explain why it works thru the 10/100 router but not directly connected to the TWC unit?


Re: Routers routers rah rah rah

Posted: Wed Oct 09, 2013 8:12 pm
by bubba
the pcs may have gigabit NICs, but the old router tops out at 100, so think sports car in a school zone.

You said if you plug straight to new modem/router net works as it should. now if you plug two things in, say pc and the server) straight to new modem/router (no switch) do they talk as well as have net?

Re: Routers routers rah rah rah

Posted: Thu Oct 10, 2013 2:01 pm
by kenc51
Also check the other PC's for malware & or torrent programs running (seeding)

Re: Routers routers rah rah rah

Posted: Fri Oct 11, 2013 3:48 pm
by unfaithfulsfan
Sorry for the confusion. I know I've probably got you guys talking to yourselves. There is no malware. I just completed a 4-month maintenance on the client PCs a couple of weeks ago. That involves complete anti-virus, malware, junk files, registry scans, etc., plus physical cleaning, e.g. blowing out dust, etc.. They don't do a lot of extraneous surfing. All the machines are running great except for the Internet which should be smoking with 15 Mb service. That's what I have at home and I have no problems.

So, here's the situation since the Time Warner service upgrade:

#1) Original Config = (TWC Router) → (10/100 Router) → (8-port Switch) → (Server & Clients) Result=Everything works but Internet is very slow.

#2) (TWC Router) → (Server & Clients) Result=Internet fast as stink: no LAN com. I expected that.

What is confusing me:
#3 (TWC Router) → (8-port Switch) → (Server & Clients) Result=Nothing works: No Internet, No LAN com. With or without printers connected.

Do I need a new/faster switch?

Hope that's more clear. Again, I apologize for not setting it up this way to begin with. :oops:

Re: Routers routers rah rah rah

Posted: Fri Oct 11, 2013 8:11 pm
by bubba
If you plug them into the router and they all see the net, but each other its not the router. Its a firewall setting or if you run some "internet security" suite, either way there could be a trusted IP range that not matching the new setup thus keeping them from communicating.

Bet if you hook one of them up to old router the IP's are 192.168.X.something with the new router might be 192.168.Y.something

Re: Routers routers rah rah rah

Posted: Sat Oct 12, 2013 6:50 am
by skier
Does the router have a built-in switch? (IE 4-port router) How is the LAN communication with stuff plugged in just the Router?

It seems that the TWC 'Router' isn't doing something right if it is having trouble routing itself. Like Bubba said, check the IP ranges and try turning off the firewall entirely

Also make sure it's actually running DHCP and the machines are getting appropriate addresses and internal gateway. Can also try Pinging (and using as primary DNS server) or and see if it even makes it

if the Server is running DNS and/or DHCP make sure the TWC router has the right LAN ip address (server has the internal Router IP as the gateway) If it's a workgroup I assume the 'server' is just for File/Print services in which case ignore.

If all the machines are getting the right IPs and DNS and Gateway addresses but it's still super slow or no connection on LAN with just machine->switch->TWC Router->modem out, I'd replace the switch.

Re: Routers routers rah rah rah

Posted: Sat Oct 12, 2013 12:32 pm
by unfaithfulsfan
The network is very basic. Essentially a workgroup. Deb (Village Clerk) & Karen (Deputy Clerk & and my wife) have mapped drives to the server. Their PCs back up to the server then to Amazon Web Svcs. Karen has a mapped drive to the 3rd client which is used by the CPA. Deb & Karen share the 2 laser printers in the Clerk's office. CPA has his own local printer.

Each of the routers TWC & the old 10/100 have 4 ports. I have not yet contacted TWC about configuring their router because I really should not need to. However, I perused their forums for info about that particular router and, from 90% of the posts, it's a quagmire in and of itself. Almost all of them complained about TWC's reluctance/refusal to give them access.

I suppose I could try connecting the PCs & server to one router and the printers to the other. I didn't think about trying that. Just eliminate the 8-port switch altogether.

Re: Routers routers rah rah rah

Posted: Sat Oct 12, 2013 1:21 pm
by bubba
Sticking to my thought that its a firewall/security setting issue on the PCs not the router. If the router was the issue all the pcs plugged in would not get net access. Hook two PCs to the new router, disable the firewall and security suite and I bet everything starts working net and LAN communication.

As for the router admin access, by all rights you should have admin access to the router. How else would change WIFI password and SSID name.

Re: Routers routers rah rah rah

Posted: Wed Oct 16, 2013 8:03 pm
by unfaithfulsfan
I'll have to get in touch with TWC to get the credentials to log into the router. This was not an issue before the Internet service upgrade.

Re: Routers routers rah rah rah

Posted: Mon Oct 21, 2013 8:56 pm
by egloeckle
Few things:

Many ISP's are horrible about giving out usernames & passwords. If they outright refuse, tell them to either pass you a static through their router that you can take on your own equipment (read router/firewall) or replace the unit with a modem.

If they pass the ip or replace with a modem, get something decent. More issues then you can imagine are caused by a POS router/firewall. A fairly inexpensive (for business level) and very solid router is an ASA 5505. Remember, this isnt a home you are dealing with. Even though it is local govt which most likely has a minimal budget, spending a little now saves a ton in the long run. Your time isnt free and neither is their employee's when the unit goes out or goes crazy on the network causing downtime. Actually working on a project right now that the customer found this out almost the hard way; lucky we insisted on using their old server as an offsite replica for disaster recovery or they would have lost at least 2-3 days business on top of paying their employees to pretty much sit and do nothing.

Modem (if exists) -> Router -> switch -> devices. Unless you need to set up a DMZ though if you did, you would know it.

If using your own router, save everyone a lot of heartache later and reconfigure to something not 192.168.0/1. They may not have/need one now, but eventually someone will ask for a VPN connection. Getting this done early makes life much easier later on. Yes, you can vpn to 192.168.0/1.* but there are some wonderful hangups that happen very often doing so.

Being that they have a server, run internal DNS that looks to the root servers (not your ISP's servers). ISP's have terrible DNS servers as a rule as they are horrifically over-utilized.

KISS. Drop everything but the minimum for testing. In this case Modem->router->pc/laptop. Seems you did this already and everything worked. So second step; Server -> switch -> pc. You may need to set static's if the server/router isnt your dhcp server. This will also tell you if their router is trying to supply a dhcp address that is outside of your ip range.

This one will probably be stupid, but do you get a link light on the router->switch connection? Something would need to be excessively cheap or really old, but you may just need a crossover cable.

I dont think you need a new switch. Yes the NIC's may be gigabit, but it doesnt matter. "Sports car in a school zone" is a terrible analogy in this case because your internet link is only 15mbps. Any NIC that is gigabit will handshake down to 10mbps half duplex without an issue. The only way the 100mbps is limiting you is on LAN connections and from the sound of it, it isnt. That is unless the switch went bad, which is entirely possible. Ports tend to die when swapping hardware or power cycling (or lightning as happened to one customer a couple of weeks ago, yay insurance!) so this is entirely possible.

Basically there isnt going to be a simple answer I can give you over a forum for this one unless you are leaving out some equipment that you have (managed switch, etc). You need to break this down one step at a time and basically test and figure out what you actually have there. Unless you know what you have there and just arent telling us.

Re: Routers routers rah rah rah

Posted: Sat Oct 26, 2013 6:51 am
by DL126
Sounds to me like the cable company has configured your new modem/router to hand out 1, (possibly more), IP via DHCP.
Then they password protected it to keep you out of it.
Charter cable does the same thing in this area.

Edit: For business accounts, I've seen on many occasions where the cable company will disable all routing/wireless features in their equipment.
I guess they assume the customer wants to use their own router/firewall by default. (Which is pretty much always advisable anyway.)

They'll probably fix it for you .... for $X.00 per month for every machine above the 1.

Replace your old router, or maybe upgrade the firmware in it and hook everything up the way it was.

It has been a while since I've been on LR, but as before, for any network above 5 connected devices, I use and recommend only a pfSense configured device.
You can build your own outta almost any old PC you have lying around in storage.

Re: Routers routers rah rah rah

Posted: Sun Oct 27, 2013 6:28 pm
by unfaithfulsfan
egloeckle wrote:..... Unless you know what you have there and just arent telling us.
I'd like to get the problem resolved. Leaving out details or equipment would be just as big of a waste of my time as everyone else's. BTW, first, I'm not getting paid by the hour for all this aggravation and second, I do not operate that way. I'm dealing with what is now Stage IV Kidney Failure. In short, it takes a hell of a lot of effort for me to get done what I'm able to get done. Up to the addition of this new modem/router things have run pretty damn smoothly from where I sit. A great deal of my ability to make that statement comes back to help I've gotten here. Help for which I have always expressed deep gratitude. I have neither the time nor the inclination to play the games your statement intimates. Nor am I that disrespectful.

Maybe, as far as this network is concerned, I should have refused to help the village from the get-go because, as I said in my original post, a network whiz kid I am not, nor do I claim to be. However, I figured anything I could contribute was better than whatever abysmal and over-priced "support" they had. When I first walked into that closet their server had been down for 3 days and they had yet to receive a call back from their guy. A $15 NIC and about 30 minutes solved the problem.

As I said to begin with, it's a very simple setup. In fact, it's hardly different from the configuration that was there when I came into it however many years ago. I replaced 3 of the 4 W2K client PCs with Win7 Pro boxes. The P3 W2K Server with a PIII 1.4 & 2 GB RAM was replaced with a SBS 2011 Essentials with a Xeon 6000 series & 8 GB of RAM. (BTW, the W2K PCs & server were sold to the village as used at a premium price after being salvaged from one of the guy's "real" clients to whom he had sold a completely new setup.) I replaced the old router & switch within the last year because there were connectivity issues. The only thing I misstated was the copier I thought I had added. I remembered what happened with it but it's a waste of time to get into that at this point. Suffice it to say, the copier is neither part of the issue nor of the configuration.

The cable modem they were using originally was an old Motorola. They were having problems with slow Internet because they were on the Roadrunner package they had been on since before this administration took over in '06. So they upgraded to the new allegedly faster service and even switched their phones over to TWC. Enter the new modem/router combo.

Since its addition, they have had issues with browser timeouts when trying to go to county and state gov't sites they go to on a daily basis for municipal accounts. Many times the browsers time out before their home pages load (yahoo, google, etc..). When I connected directly to the TWC router, the Internet was blisteringly fast, to borrow a phrase, but there was no LAN. The only way I get both is in the configuration it is in now:
  • TWC Router -> DLink Router Internet Port -> LAN1 to DLink Switch -> 3 Clients & Server + Color Laser
And again, in that configuration, the Internet is slow. My wife, the Deputy Clerk, did tell me a few days ago that the Internet has been faster since I did what I did but they're still having timeouts. Up to that point all I had done was what I've described here ad nauseum and eliminated a few Ethernet cables that led nowhere.

There is no blanket AV/Security Suite. There is no firewall in place aside from Windows Firewall. Sloan is not a hotbed of espionage. Anything any of the residents want to know from salaries to virtually anything you can imagine is available via the Freedom of Information Law/Act. The average age in the village is mid-60s. We have 8 residents over 100. Even the mayor has trouble remembering how to check his email. The only "activist" group is headed up by an 88 year-old widow who is bitter against my wife (a by-marriage-only relative) because she won't "leak" info to her--see the above-mentioned FOIL reference. There is no wireless access to Village Hall. We're talking about less than 3500 residents. We're talking the epitome of "Small Town USA" when you get down to it. The last administration didn't use paper shredders. They weren't that smart. They took all the incriminating docs and threw them into the old railroad reservoir.

I haven't been able to get there in several days primarily due to health reasons. My own and those of my mother-in-law who is a paraplegic. Since my wife is the only one who can work and is working 2.5 part time jobs, I do what I can to help take care of her mother. I'm hoping Monday to try to see if I can just get TWC to swap out the router for just a regular modem. Maybe since that's the only new piece of equipment that the problem will just go away with it.

I'll post back here when I find that out.

Re: Routers routers rah rah rah

Posted: Mon Oct 28, 2013 6:00 am
by kenc51
It sounds like the d-link router is the problem, since everything is OK when you connect directly into the modem.

Re: Routers routers rah rah rah

Posted: Mon Oct 28, 2013 10:54 am
by egloeckle
kenc51 wrote:It sounds like the d-link router is the problem, since everything is OK when you connect directly into the modem.
Maybe, maybe not. Here is basically what I see are the most likely candidates. You need to check configuration on everything and ideally get rid of that dlink and replace it with something better.

- DNS issue. You could have a primary dns address/forwarder being assigned/used that is from an old ISP. The old ISP could block all non-customers from using it. This would mean you are having to constantly wait for DNS to time out on that server before going to another that is working. Check your dhcp server, or even try just assigning some dns servers to one machine for testing. and are good candidates to test with. If this is the case, its an easy fix, just change the dhcp assignment if using external dns or set/remove your forwarders from an internal dns server (get rid of the forwarders and look to root would be my recommendation).

- Double NAT. This causes all sorts of nightmares. You mention "connecting directly to the TWC router", but fail to mention how you are getting an IP and if it is the routable IP or a NAT IP. If the TWC router is giving out NAT IP's and you are then going into a DLINK which is then running another layer of NAT, that is most like a huge problem, especially if TWC and the DLINK are serving the same subnet. Routing from 192.168.0.x to 192.168.0.x to the internet makes for some terrible routing tables.

- Bad device. Switch/dlink/cable.

Re: Routers routers rah rah rah

Posted: Thu Nov 14, 2013 11:15 am
by unfaithfulsfan
As it turns out, I swapped the TWC router for a regular cable modem and all is well. It had to be something simple.