DHCP broadcasting through WAN port

[Dimi95]

So I have network (Scheme below). It all works great except for one thing. Router is broadcasting DHCP through WAN port somehow (I assume it shouldn't?) and all clients from CLIENT GROUP 1 are getting IPs from it instead of Gateway. I'm required to 'somehow' split those networks and they are, as long as all clients from first group get IP before turning on Router. I'd like for Router only to act as DHCP for Client group 2 and Gateway to be DHCP for Client Group 1.

 

I hope I'm clear enough. Thanks in advance.

 

[brwainer]

What hardware / software is the router? You’re right, it shouldn’t be sending out DHCP on the WAN port, but in order to help we’llneed to know

[Dimi95]

It's simple TP-Link router TL-WR740N.

[brwainer]

1 minute ago, Dimi95 said:

It's simple TP-Link router TL-WR740N.

If you factory default it, does this issue persist? If it does, check for a firmware update from TP-Link, or flash it with OpenWRT.

[Leonard]

If you see a setting for router mode try switching it from gateway to router/client.

[Just.Oblivious]

If you're splitting the networks for security reasons then don't bother with this setup, it doesn't do anything.

 

Doing subnets this way is janky AF.

 

The craptastic router that runs a DHCP server on the WAN side is just the icing on the cake.

[Tabs]

The way DHCP works makes this setup pretty unworkable. Have you confirmed that the router is actually running as a DHCP server and not as a downstream DHCP Relay?

 

One DHCP server on a network through an unmanaged switch can respond to the ENTIRE network. There's no way to force the computers of Client Group 2 to only request certain IP addresses, since the whole point of DHCP is to broadcast the request and it gets responded to by any DHCP server - it doesn't even know what subnet it's on until the response comes through.

 

If you had a managed switch you could create separate vlan segments for each subnet. Remember that DHCP servers don't "broadcast", the clients do. So the problem you're experiencing here is that the machines on Client Group 2 are sending their requests through the router. Check that the router is in client mode as suggested earlier, since that "should" cause it to respond directly to DHCP requests (assuming server, not relay as before) in that mode. As @Just.Oblivious said, this is a really janky setup. Not that it *can't* work, but managing it is going to be a pain in the ass.

 

I just re-read your original post, and I'm sorry, I read it wrong. So the router is responding to DHCP requests on the WAN side and providing DHCP responses to computers in Client Group 1? That's really, really odd. Even ignoring all the other issues with this setup, I'm pretty sure it shouldn't be doing that if it's configured correctly. As above, make sure the router is in client/router mode instead of acting as a gateway, since it's the only thing I can think of that would result in this behaviour. 

Edited November 6, 2017 by Tabs
I read the OP wrong.

[Dimi95]

It not so much for security as much as it is that Client group 1 doesn't see PCs from Client group 2. I'm relying on Subnet mask for Client group 1 not to scan 192.168.2.*. Also switch is unmanaged so VLANs are kinda not possible.

 

Also as you say DHCP doesn't broadcast, but, as I see it, it shouldn't respond to requests coming from WAN port, only to requests coming from LAN/WiFi.

[mynameisjuan]

OP is a little hard to understand, so just to clarify, client 1 is getting 192.168.2.x address correct?

[Dimi95]

Yes, correct

[Just.Oblivious]

Are you sure that the cable coming from the switch is connected to the WAN port of the TP-Link? Is the TL-WR740N on the latest firmware revision?

 

Personally I would just get something like an EdgeRouter X or MikroTik hEX Gr3 (both around $50) and set it up like this:

  

 

 

That way you don't have to invest in a new (VLAN capable) switch, just use the TP-Link as a four port switch (with built-in wireless access point).

[Dimi95]

Yes, it's on WAN port and on the latest revision. It's no problem, I was thinking I can do something with existing equipment but I still don't understand why is router doing that.

[Just.Oblivious]

It definitely shouldn't be giving out IP addresses on the WAN side, that's for sure.

 

• Is there anything plugged into the LAN side of the TP-Link that might cause a network loop?
• Is the wireless of the TP-Link being used by anyone (in client group 1 and/or 2)?
• Is the TP-Link somehow configured in bridge/access point mode? Try factory resetting it.

 

[Dimi95]

1) One PC with cable from LAN2.

2) Client group 1 has own 3 APs and they are being used but also get IP from TP Link. Client group 2 has own WiFi SSID and it works good.

3) I started from factory configuration, it's not in bridge mode. But I will try it again. Thanks

[Just.Oblivious]

Factory reset it one last time. If that doesn't fix it: ditch the thing and get a proper router.

 

Investing $50-100 in a new router shouldn't really be an issue for a client with three access points in place.

[bcguru9384]

On ‎11‎/‎6‎/‎2017 at 9:33 AM, Dimi95 said:

So I have network (Scheme below). It all works great except for one thing. Router is broadcasting DHCP through WAN port somehow (I assume it shouldn't?) and all clients from CLIENT GROUP 1 are getting IPs from it instead of Gateway. I'm required to 'somehow' split those networks and they are, as long as all clients from first group get IP before turning on Router. I'd like for Router only to act as DHCP for Client group 2 and Gateway to be DHCP for Client Group 1.

 

I hope I'm clear enough. Thanks in advance.

 

first device gets 255 255 255 128(gives 2 subnets) with a dhcp pool of 24 addresses to distribute

the 2nd wan device get a static ip gateway from this pool list and its subnet will be 255 255 255 252 with pool list of 64 addresses (now weve used 99 of 126 addresses set by the 128 subnet)

you can use 255 255 255 0 on rest of the clients

with 255 255 255 0 you immediately tell the network theres only 1 network in system

note everything will be under same 192 168 1 # address tree

group one should pull dhcp from main gateway and will use that gateway as its gateway

group 2 grabs from 2nd wan but its gateway is that devices ipaddress as this devices gateway is main gateway

[Levisallanon]

58 minutes ago, bcguru9384 said:

first device gets 255 255 255 128(gives 2 subnets) with a dhcp pool of 24 addresses to distribute

the 2nd wan device get a static ip gateway from this pool list and its subnet will be 255 255 255 252 with pool list of 64 addresses (now weve used 99 of 126 addresses set by the 128 subnet)

you can use 255 255 255 0 on rest of the clients

with 255 255 255 0 you immediately tell the network theres only 1 network in system

note everything will be under same 192 168 1 # address tree

group one should pull dhcp from main gateway and will use that gateway as its gateway

group 2 grabs from 2nd wan but its gateway is that devices ipaddress as this devices gateway is main gateway

You still asume classfull subnets while this isn't neccesary anymore.
Besides some of your numbers seem to be a bit off and it asumes there is a managed switch while the OP says there isn't
Also read the post again. the problem is something different.
The problem is that the devices listed as "router" in the drawing is also sending dhcp packages out of it's wan port.

[bcguru9384]

9 hours ago, Levisallanon said:

You still asume classfull subnets while this isn't neccesary anymore.
Besides some of your numbers seem to be a bit off and it asumes there is a managed switch while the OP says there isn't
Also read the post again. the problem is something different.
The problem is that the devices listed as "router" in the drawing is also sending dhcp packages out of it's wan port.

he is showing 2 networks under 1 network

[Just.Oblivious]

The bigger problem here is the layout of the network.

[Lurick]

11 hours ago, bcguru9384 said:

first device gets 255 255 255 128(gives 2 subnets) with a dhcp pool of 24 addresses to distribute

the 2nd wan device get a static ip gateway from this pool list and its subnet will be 255 255 255 252 with pool list of 64 addresses (now weve used 99 of 126 addresses set by the 128 subnet)

you can use 255 255 255 0 on rest of the clients

with 255 255 255 0 you immediately tell the network theres only 1 network in system

note everything will be under same 192 168 1 # address tree

group one should pull dhcp from main gateway and will use that gateway as its gateway

group 2 grabs from 2nd wan but its gateway is that devices ipaddress as this devices gateway is main gateway

Splitting a network with 255.255.255.252 gives you TWO usable addresses, not 64. For 64 addresses you need a 255.255.255.128 mask because a 255.255.255.192 only has 62 usable addresses, and .128 gives you 126 addresses, not 24.

Telling someone they can subnet half of a network into smaller networks and then use the larger network for the remaining clients is NOT how you subnet. Not on this planet at least.

You either break the network in half using 255.255.255.128 and set one network on the first half and the other network on the second half, or you assign two /24 networks with one per client set, or you put it all under a single network with a common gateway.

 

A /24 in no way shape or form tells you that there is a single network. You can divide a /24 into any number of smaller networks at which point 192.168.1.0/24 or any other mask that encompases all smaller networks becomes the supernet address.

[bcguru9384]

Just now, Lurick said:

Splitting a network with 255.255.255.252 gives you TWO usable addresses, not 64. For 64 addresses you need a 255.255.255.128 mask because a 255.255.255.192 only has 62 usable addresses, and .128 gives you 126 addresses, not 24.

Telling someone they can subnet half of a network into smaller networks and then use the larger network for the remaining clients is NOT how you subnet. Not on this planet at least.

You either break the network in half using 255.255.255.128 and set one network on the first half and the other network on the second half, or you assign two /24 networks with one per client set, or you put it all under a single network with a common gateway.

 

A /24 in no way shape or form tells you that there is a single network. You can divide a /24 into any number of smaller networks at which point 192.168.1.0/24 or any other mask that encompases all smaller networks becomes the supernet address.

gives you 2 networks that support 128 hosts

255 255 255 0 gives you 1 network with 254 hosts

[Lurick]

2 minutes ago, bcguru9384 said:

gives you 2 networks that support 128 hosts

255 255 255 0 gives you 1 network with 254 hosts

I know how to subnet, not really sure what your response is supposed to mean.

Oh and /25 gives you 126 hosts, not 128.

[bcguru9384]

6 minutes ago, Lurick said:

I know how to subnet, not really sure what your response is supposed to mean.

Oh and /25 gives you 126 hosts, not 128.

ya your right as you lose 1 ip to the subnet(#.#.#.0) and 1 to broadcast(#.#.#.255)

but you also lose 1 to gateway

with 255 255 255 0 you have 0 subnet bits, none ,,, effectively disabling subnet from SWITCHING mode and instead place it into a mask mode only

[Lurick]

2 minutes ago, bcguru9384 said:

ya your right as you lose 1 ip to the subnet(#.#.#.0) and 1 to broadcast(#.#.#.255)

but you also lose 1 to gateway

with 255 255 255 0 you have 0 subnet bits, none ,,, effectively disabling subnet from SWITCHING mode and instead place it into a mask mode only

No, that's not how it works, you just go higher into the third, second, or first octet.

There isn't anything called switch or mask mode for subnetting either.

[BSpendlove]

10 hours ago, bcguru9384 said:

 

with 255 255 255 0 you have 0 subnet bits

We are taught that 255.255.255.0 provides no subnet bits but it's misunderstood (this might even confuse someone learning how to subnet first). Of course we have subnet bits.... 255.255.255.128 oh no I just took a host bit and now in theory we can call it a 'subnet bit'

 

255.255.255.0 officially in classful addressing has 0 subnets to play with but that is not relevant in today's networks with classless/cidr subnetting.