Configure Router as Switch

How to configure router as switch?
Most likely you will ask this question if you plan to expand you home network, and you have only extra Ethernet router but not switch. At the same time you try to make use this extra router if possible without paying more on extra switch. Well… It’s pretty simple to get it done, keep on reading.

As you can see from 2 examples below, we can use second Ethernet router to expand existing wireless network or Ethernet home network, so that you can connect more computers to your network. Please note that first and second routers must be located on same network, because the second router just acts as a switch, not router anymore.

Ok. Let’s start to configure second router as switch.

1) Connect first router’s LAN port to second router’s LAN port by using a crossover cable. If one of the routers supports auto MDI/MDI-X feature, you can use either straight or crossover cable. Remember, don’t make any connection to second router’s WAN or Internet port.

2) Ok. Now assuming your first router's LAN IP is 192.168.1.1 with subnet mask 255.255.255.0, and then this will act as gateway for entire network (including the computers that connect to second router). If you would like to enable DHCP, then just enable the DHCP setting on first router and it will act as DHCP server for entire network (you don't need to enable DHCP on second router anymore). As an example, you can enable DHCP with IP range 192.168.1.2-250, subnet mask 255.255.255.0, gateway 192.168.1.1, DNS servers 208.67.222.222 and 208.67.220.220 on first router.

3) After talking about first router's configuration, proceed to log on to second router’s configuration page, then give this router an IP by configuring an IP and subnet mask under LAN setting. The IP that you configure should be located on subnet same with first router's subnet and this IP is not being used by any other device. If you have configured first router’s LAN IP and DHCP setting as shown in step 2 above, you can easily configure second router with LAN IP 192.168.1.251, 192.168.1.252 or 192.168.1.253 and subnet mask 255.255.255.0.

4) After that, don’t enable DHCP or any other settings on second router. If you have enabled DHCP or other settings, disable them. Finally SAVE all the settings. And now your have completed your mission of making second router as switch.

5) If you have computer that is configured to obtain IP automatically, connect it to other LAN port of this new "network switch", then it should be able connect to network, ping router IP and access to internet.

Make Your Internet Faster

How To Make Your Internet Faster (Windows XP, Vista, 7,8)

Slow internet connection is the annoying thing that many people don't want to have. If your internet download speed is slow or your internet connection took long time to load the page, so you are not viewing your Security Camera / DVR. Don't worry today we will teach you how to make your internet faster by change DNS server in the control panel. There are many tricks and tips that also can increase internet speed, but we will show you the effective one.

In here we will walk you through step by step on how to change DNS servers that can increase your internet speed to maximum. Make sure to follow the step correctly for better result.

Step 1 : Open Control Panel

Step 2 : Go to Network and Internet >>> Network and Sharing Center

Step 3 : Click on Local Area Connection >>> Select Properties

Step 4 : Find and double click on "Internet Protocal Version 4 (TCP/IPv4)"

Step 5 : Tick on "Use the following DNS server addresses"

Step 6 : Fill up the DNS server like the same down below :

Preferred DNS Server : 8.8.8.8 
Alternate DNS Server : 8.8.4.4

or

Preferred DNS Server : 208.67.222.222
Alternate DNS Server : 208.67.222.222 

Step 7 : Click OK and Restart your computer.

Cleaning Up Your Computer

No matter how fast your internet is, If there are a lot of junk files and temporary files in your system, Your internet speed and system performance will drop. Also, there are many program installed in your computer and running on the background, Those programs that running in the desktop can slow down your internet speed also.

If you have many junk files and unnecessary programs installed in your PC, you should delete them out of your system.

Scan For A Virus

Virus is a main problem that causes your fast internet to run slow. Running your system with a virus can slow down your system performance, decrease your internet speed, and cause many more problems. If there are virus in your system, make sure to scan and get rid of it. You should scan for your system once a week for better security.

How do I setup IP forwarding/filtering with the Connect WAN

Introduction

The WAN supports four features which provide security and IP traffic forwarding when using incoming or Mobile Terminated connections:

1.      Network Address Translation (NAT)

2.      Generic Routing Encapsulation (GRE) forwarding

3.      TCP/UDP port forwarding

4.      IP Filtering

This document describes each function, how they are used in conjunction with each other, how they are used, and what issues can occur with each if not used properly.

Network Address Translation (NAT)

NAT allows the Connect WAN to have a single public IP address on the mobile link, while allowing multiple private IP addressed devices connected to the Ethernet interface. 

Outgoing traffic (mobile initiated) from the private network to the public mobile network assumes the IP address of the public mobile interface.  An internal table tracks which internal IP address made the outgoing request so that responses get sent to the proper requestor.

For example, a workstation at IP address 192.168.1.15 sends a request to www.arindamcctvaccesscontrol.blogspot.com.  The source IP address is changed by the Connect WAN address translation to the public 

Incoming (mobile terminated) traffic is either designated to the Connect WAN itself (i.e. HTTP or telnet connections for configuration or monitoring), or is forwarded to hosts via the Ethernet interface based either on GRE or TCP/UDP port forwarding which is covered below.

NAT provides two main benefits:

1.      Security: NAT hides the Private IP addresses of the devices on the Connect WAN''''s Ethernet network.

2.      IP Address Availability: IP addresses are in short supply and cost money.  The Connect WAN need be provided only one IP address from the wireless carrier.

NAT is enabled by default on the Connect WAN.  It should not be disabled unless there is a specific reason to do so.

Generic Routing Encapsulation (GRE) forwarding

GRE is a transport layer protocol, designated as IP protocol number 47, is used by many routers, WAN switches and VPN concentrators, to effectively tunnel traffic over a WAN between routers.  Note that GRE itself provides no encryption but protocols such as PPTP can use GRE.  IPSec can be encapsulated in GRE (and vice-versa).  GRE uses IP-in-IP and allows private IP addresses to be tunneled through a public network.

The Connect WAN provides a simple checkbox to turn on GRE forwarding to pass GRE traffic from the mobile interface through to a router on the Ethernet interface.  Note the Connect WAN only passes GRE traffic and does not terminate it.

Here is an example diagram:

Figure 1 - GRE Forwarding

The HQ router''s peer GRE address is the mobile IP address of the Connect WAN, which in this case is 166.213.229.218.  The Connect WAN has GRE forwarding enabled and will send to the router''s Ethernet WAN port, in this case 192.168.1.2.  Typically this connection is a directly connected Ethernet cable.

An example similar to the above is where GRE tunneling is used to create a backup WAN connection to a primary Frame Relay connection through the Connect WAN and wireless network. 

TCP/UDP Port Forwarding

Normally, traffic initiated from a host site to a Connect WAN is blocked by NAT, unless the traffic is destined for the Connect WAN itself.  Port forwarding provides a means to pass traffic from the mobile interface to devices connected to the Connect WAN''''s Ethernet port.  There are two main applications where port forwarding is required:

1.      Pass application data traffic, such as polls or requests, to Ethernet connected devices, and

2.      Pass VPN traffic, such as IPSec-in-UDP, through to routers or VPN appliances.

For example, three devices are attached to the Connect WAN''''s Ethernet port:

Figure 2 - TCP Port Forwarding

The application uses a protocol that polls the devices using the device IP address and TCP port 502 (which is Modbus).  On local LANs and publicly routable IP addresses this is not a problem. 

NAT hides the private Ethernet IP addresses of the devices connected behind the Connect WAN''''s Ethernet port.  The application can then only send polls to one IP address the mobile IP in this case 166.213.229.218. 

TCP port forwarding is used to forward the IP polls to one or more devices on the Connect WAN Ethernet port.  Different TCP port numbers are used to designate which device gets the proper traffic. The application must be able to support changing the TCP protocol port number from the default of 502.  In this case the application is configured to poll according to this table:

Remote Device	Destination IP Address	Destination TCP Port
One	163.213.229.218	12001
Two	163.213.229.218	12002
Three	163.213.229.218	12003

Notice the destination IP address is the Connect WAN''''s mobile IP address.

The Connect WAN is configured with a TCP/UDP forwarding table as follows:

Source TCP Port	Destination IP Address	Destination TCP Port
12001	192.168.1.2	502
12002	192.168.1.3	502
12003	192.168.1.4	502

Incoming traffic is then routed to the proper device.  The devices can use their standard TCP port of 502.

The main issue with port forwarding in this case is when the polling application does NOT allow the user to specify the TCP or UDP port used.  The workaround is to use routers that support GRE, VPN, or other forms of tunneling that can be forwarded through the Connect WAN.

Another example of port forwarding is forwarding of IPSec-in-UDP traffic to a VPN appliance or router attached to the Connect WAN''''s Ethernet port.  Figure 1 above shows a GRE tunnel.  In much the same way, IPSec traffic can be encapsulated in UDP to prevent NAT from modifying the IPSec headers (which would invalidate the traffic).  IPSec-in-UDP implementations always use UDP port 500 for IKE/ISAKMP, but can use various UDP port numbers for the AH/ESP traffic.  Here is an example of UDP port forwarding entries on a Connect WAN for IPSec in UDP:

Protocol	Source Port	Destination IP Address	Destination Port
UDP	500	192.168.1.2	500
UDP	4500	192.168.1.2	4500

IP Filtering

IP Filtering is a security feature that allows the user to block all incoming, mobile terminated traffic into the Connect WAN except for traffic from specific IP addresses and/or subnets.  There are three IP Filtering settings on the Connect WAN:

1.      Only allow access from the following devices and networks.  When checked this blocks ALL incoming traffic except for the traffic from the IP address/subnets listed in the "allow access" tables.

2.      Automatically allow access from all devices on the local subnet.  This allows out-bound traffic from the private Ethernet network out to the mobile network and beyond.

3.      Allow access from the following devices and/or subnets.  When the "Only allow access from the following devices and networks" box is checked, you must provide entries here to allow in-coming mobile traffic to be passed through the Connect WAN.

CAUTION: Incorrect settings here can stop some or all traffic.  For example, checking "Only allow access from the following devices and networks" without adding IP addresses or subnets to the "allow access" tables will block ALL incoming traffic, even responses from outgoing requests.

Remote Device

Destination IP Address

Destination TCP Port

One

163.213.229.218

12001

Two

163.213.229.218

12002

Three

163.213.229.218

12003

Source TCP Port

Destination IP Address

Destination TCP Port

12001

192.168.1.2

502

12002

192.168.1.3

502

12003

192.168.1.4

502

Protocol

Source Port

Destination IP Address

Destination Port

UDP

500

192.168.1.2

500

UDP

4500

192.168.1.2

4500