Method Two - Router with Static Routes
There are a few more steps to this option, but they are quick and easy:
- Turn off NAT.
- [Optional] Disable Firewall / SPI
- Change the downstream router's LAN IP.
- [Optional] Turn off the wireless radio on the downstream router.
- Assign a Static IP to the downstream router's WAN port.
- Create a Static Route on the upstream router.
- Connect an Ethernet cable from a LAN port on the upstream router to a WAN port on the downstream router.
Step 1: Disable Network Address Translation (NAT) in the downstream router. NAT is the function that enables a router to share a single Internet connection with multiple devices. But this can interfere with network connectivity to corporate VPNs, VoIP, and other services connected through the downstream router because of the "Double NAT" configuration. So Figure 7 shows NAT disabled on a Linksys BEFW11S4.
Figure 7: Disabling NAT
There are a several things to note here, however. First, not all routers have the option to disable NAT, such as D-Link's DIR-655. If your downstream router doesn't allow for disabling NAT, you could be better off with Method One described above.
Other routers have a configuration that disables NAT and routing, such the D-Link DGL-4300's "Bridge Mode" which essentially turns the device into a switch, or in the case of a wireless router, a switch and wireless access point. If your router has a Bridge Mode, then all you need to do is enable it and you have your extra ports.
Finally, yet other routers may call disabling NAT something different, such as the Netgear FVS336G which refers to its non-NAT mode as "Classical Routing" as shown in Figure 8.
Figure 8: Another method of disabling NAT
Step 2: [Optional] Disable the firewall on the downstream router. Your upstream router has a firewall, so running a second firewall inside your LAN is likely not doing anything for you. Figure 9 shows the radio button to disable the firewall on a Linksys WRT54G. This step is optional because not all routers provide a firewall disable. If your router has a control to disable SPI (Stateful Packet Inspection), you can disable that, too.
Figure 9: Disabling the firewall
Step 3: Change the downstream router's LAN IP to a different subnet than the upstream router. Connect a PC to the upstream router, open a command window and type ipconfig. For example, my PC shows an IP address of 192.168.3.201 from my upstream router. So I need to set the IP address of the downstream router to a different subnet, using a number (between 1 and 253) for the third octet. I chose 192.168.199.1 as shown in Figure 10. The key is to ensure the numbers in the third section of the IP address are different on the upstream and downstream routers.
Figure 10: Downstream router IP address set to new subnet
Note that we're leaving the DHCP server on in the downstream router. Usually, the DHCP server will automatically adjust the IP address range to be in the same subnet as the IP address assigned to the LAN interface. In Figure 10, I have configured the LAN IP to 192.168.199.1. Notice that the DHCP server range is now 192.168.199.100 to 149.
Step 4: [Optional] Disable the downstream router's wireless if it has it, for the same reasons described in Method One.
Step 5: Assign a static IP address to the downstream router's WAN port. Use the same procedure described in Method One, Step 3. But change the WAN IP, not the LAN IP. You will also need to enter the LAN IP address of the upstream router as the downstream router's gateway, 192.168.3.1 in my case. You can leave the subnet mask set to 255.255.255.0
Figure 11 shows that I assigned a WAN IP of 192.168.3.158 to my downstream router and entered 192.168.3.1 for the Gateway.
Figure 11: Setting the downstream router WAN IP
NOTE: With a static IP address on the downstream router's WAN port, you may or may not need to set the DNS IP address used by the downstream router WAN. DNS problems are usually indicated when you can't reach a website by its domain name, but can by entering its IP address.
If devices connected to the downstream router cant access the web, first check the downstream router WAN status information. Most routers today support DNS proxy, which means the downstream router can use the upstream routers gateway address as the DNS IP address.
Figure 12 shows WAN status from a D-Link DGL-4300. The Gateway and DNS Server IP addresses are the same, indicating that DNS proxy is supported by the upstream router.
Figure 12: WAN status showing DNS server
If the downstream router is not showing an DNS server IP address, you'll need to enter the proper IP address in the downstream router's WAN settings. An easy way to do this is to let the downstream router first obtain its WAN IP information automatically, then use that same information (except for the WAN IP address) for the static settings.
Step 6: Create a static route on the upstream router so packets targeted for the LAN of the downstream router can reach their destination. In Figure 13, I've configured my upstream router to send all packets with a destination IP address of 192.168.199.x, i.e. the downstream router's subnet to the WAN IP address (192.168.3.158) of my downstream router.
Figure 13: Adding a static route
Step 7: Connect the routers. This time, plug an Ethernet cable into a LAN port on the upstream router to the WAN port on the downstream router. This leaves all four LAN ports on the downstream router available for use!
The value of this solution is two-fold. You have gained an extra port over Method One. And by routing between the upstream and downstream LANs, you've effectively created a broadcast separation between the two networks, which can improve overall network performance in a busy LAN.