Thread: Superhub How can I configure Shub2ac?
View Single Post
Old 10-05-2015, 18:47   #10
andrewclark
Inactive
 
Join Date: May 2015
Posts: 8
andrewclark is an unknown quantity at this point
Re: How can I configure Shub2ac?
Quote:
Originally Posted by Jong1 View Post
I think you need to explain exactly what you are trying to set on the SuperHub that leads to this error, because on the face of it what you are doing is really straight forward.

On the SH2, set the SH2's LAN IP to 192.168.x.1 (I would always use .1 rather than .2 for the SuperHub) in DHCP Settings and the Draytek to 192.168.x.2 in DHCP Reservation, for example.

On the Draytek, you then setup your Draytek as a router on a different subnet (if x=2, then the Draytek subnet could be 192.168.0.* or 192.168.1.*. With the normal issues around double nating this should work fine.

This should all "just work", so it sounds like you are getting confused somewhere and it would help if you spelt out exactly what you are setting and where.

But the reason people are replying some what quizzically to this question is because what you are doing is not at all, in your words, "common". There are two things people commonly do:

- Use another router altogether. Here they put the SuperHub into "modem mode" and don't use the superhub' firewall or WiFi at all

- Use the SuperHub as the router and firewall but extend their network by using a second router as an "Access Point" (AP). Here the second device (eg. Your Draytek) has its firewall and its DHCP server disabled (either by explicitly settings "AP Mode", or by manually disabling them, and is assigned a static IP on the same subnet as the rest of the LAN. The AP provides 3/4 more LAN ports and another WIFi network to reach the parts the SuperHub cannot reach

You seem to be trying to use the Draytek to provide a 2nd firewall/NAT, but only for some devices (not those that connect directly to the SuperHub by Ethernet or WiFi) and maybe a 2nd wifi network. This is very unusual and could cause problems ("double NATing" is not generally a good idea). But, double NAT issues aside there is no reason why what you are doing should simply "not work". I'd recommend you decide either to use your Draytek as a router/firewall, if not happy with the SH2's, leave it on all the time and put the SH2 into modem mode, or use the Draytek as an AP to provide extended wifi and more ports. Ethernet switches are dirt cheap these days if you just need more LAN ports. But if you really want to do things your way it should be really easy, so tell us exactly what you are doing on the SH2 and I'm sure it can work.
Hi Jong

Thanks for your very full and considered reply.

I don't profess to be any kind of network expert (although I have worked in IT for 30 years) and it may be that I am missing something here. (Ian has suggested another possibility that the error is being generated by the Shub2ac not being connected to cable, but I have not yet activated this unit and didn't want to until I was sure I could use this hub as the old one still works fine - so I cannot currently check that theory).

My basic assumption (possibly wrong) was that my firewall would have to run different subnets on the WAN and LAN side to work.

If that is not the case then there is, as you say, no need for all this double-NATing.

At present my firewall LAN IP is set to 192.168.0.1 to match my existing Home/Office network which has a number of fixed-IP devices like print servers etc. in the range 192.168.0.x and remaining ones allocated via DHCP. I could change that if necessary but with a lot of hassle. However that is also the default IP address of the Shub2ac so I set out to change that first as it will cause an IP conflict.

As I explained in the original post I started trying to set it to 192.168.2.1 (which happens to be what the old Shub is set to and it allocates 192.168.2.2 to the WAN side of my old Draytek). That generates the error message I gave above.

I have currently set Shub2ac at 192.168.0.100 and got the Firewall connected to it and receiving 192.168.0.101 as its DHCP-allocated WAN IP.

If that is a valid configuration with both sides of the firewall in the same subnet I will happily run with that, but I'd like you to confirm that that is correct, if you will, before I attempt to activate the Shub2ac with Virgin.

Regards
Andrew

---------- Post added at 19:47 ---------- Previous post was at 19:42 ----------

Ian

You could well be correct.

However connecting the Shub2ac to the cable does not result in it being given a WAN IP by Virgin at present so I would probably have to ring them to get the device activated properly. I am reluctant to do that until I can prove that it will work with my firewall (see my fuller response to Jong1 above).

Regards
Andrew
andrewclark is offline   Reply With Quote