DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
Best Approach to Reconfigure Draytek LAN Config
- ytene
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 18
- Thank you received: 0
30 Sep 2019 20:14 #95021
by ytene
Best Approach to Reconfigure Draytek LAN Config was created by ytene
Hello,
Firstly, I am sorry for the length of this post.
I have a Vigor 2860n+ running firmware 3.8.8_BT. Currently, I have a default LAN config; a local IP of 192.168.1.1/24, and run DHCP etc., etc...
I'm starting to add more devices [mainly Raspberry Pi's] and I would like to rethink, to use more logical addressing so I can readily recognise devices [their role on my LAN] by their IP address. Lastly: I work from home with a laptop equipped with Cisco's VPN client; when that connects I see my machine given a virtual IP address from the 10.0.0.0 network. Consequently, I'm a bout nervous about reconfiguring my Draytek to use network 10, so I'm thinking of using a Class B network.
However, I'm super nervous about this, and I'd like to post out my approach here and invite challenges and feedback:-
0. Target Network
I'm going to use 172.16.0.0/12, which I understand to be a reserved address.
1. Backup Current Configuration
Export file for safe keeping
2. Setup...
2.1. Go to LAN >> General Settings and click on "Details Page" button for "LAN 1"
2.2. Change the "IP Address" field from 192.168.1.1 to 172.16.1.1
2.3. Change the Subnet Mask field from 255.255.255.0 to 255.240.0.0 (i.e. 12 bit network address)
2.4. Leave DHCP Server Enabled
2.5. Change the DHCP Start Address from 192.168.1.10 to 172.16.2.200
(I want to use the 200-entry IP count so that all my DHCP addresses are in the range 172.16.2.*)
2.6. Change the Gateway IP Address from 192.168.1.1 to 172.16.1.1
2.7. DHCP Lease - leave at 1 day
2.8. DNS Primary - Set to - 172.16.1.101
2.9. DNS Secondary - Set to - 172.16.1.102
These two addresses will be assigned to a pair of Raspberry Pi's running the PiHole DNS Sink software, extended to provide DNS for my LAN.
3. Other Stuff
3.1. Manually re-configure devices with Static IP (e.g. NAS boxes)
3.2. FORCE DHCP refresh of everything else (work laptop, mini fanless computer, gaming PC, HP & Epson printers, PS/3, PS/4, TV)
Stupid Questions...
There's some tweaking to be done in the sequence... e.g., should I move the manual reconfig of my static IP devices and do that as a first step? Or is it OK to get the bulk done and then manually configure a PC on the 192.168.1.0 network long enough to change their IP and give each a reboot?
If I SNAFU, will a restore of the Step 1 backup be the safest way of restoring the router to pre-snafu settings?
Is there anything that I've forgotten?
Out of curiosity... would the fact that my work machine Cisco VPN uses network address 10 ( as a virtual address, I presume - e.g. allocated once the tunnel is raised) have any risk of cross-impact with the local address? Only asking because I wonder if a class A network with a whole-byte subnet range might be cleaner than a class B network with a 12-bit range?
Thanks if you've read to here - and sorry for the long post. Did I mention I'm nervous?
Thanks in advance for any feedback or suggestions...
Firstly, I am sorry for the length of this post.
I have a Vigor 2860n+ running firmware 3.8.8_BT. Currently, I have a default LAN config; a local IP of 192.168.1.1/24, and run DHCP etc., etc...
I'm starting to add more devices [mainly Raspberry Pi's] and I would like to rethink, to use more logical addressing so I can readily recognise devices [their role on my LAN] by their IP address. Lastly: I work from home with a laptop equipped with Cisco's VPN client; when that connects I see my machine given a virtual IP address from the 10.0.0.0 network. Consequently, I'm a bout nervous about reconfiguring my Draytek to use network 10, so I'm thinking of using a Class B network.
However, I'm super nervous about this, and I'd like to post out my approach here and invite challenges and feedback:-
0. Target Network
I'm going to use 172.16.0.0/12, which I understand to be a reserved address.
1. Backup Current Configuration
Export file for safe keeping
2. Setup...
2.1. Go to LAN >> General Settings and click on "Details Page" button for "LAN 1"
2.2. Change the "IP Address" field from 192.168.1.1 to 172.16.1.1
2.3. Change the Subnet Mask field from 255.255.255.0 to 255.240.0.0 (i.e. 12 bit network address)
2.4. Leave DHCP Server Enabled
2.5. Change the DHCP Start Address from 192.168.1.10 to 172.16.2.200
(I want to use the 200-entry IP count so that all my DHCP addresses are in the range 172.16.2.*)
2.6. Change the Gateway IP Address from 192.168.1.1 to 172.16.1.1
2.7. DHCP Lease - leave at 1 day
2.8. DNS Primary - Set to - 172.16.1.101
2.9. DNS Secondary - Set to - 172.16.1.102
These two addresses will be assigned to a pair of Raspberry Pi's running the PiHole DNS Sink software, extended to provide DNS for my LAN.
3. Other Stuff
3.1. Manually re-configure devices with Static IP (e.g. NAS boxes)
3.2. FORCE DHCP refresh of everything else (work laptop, mini fanless computer, gaming PC, HP & Epson printers, PS/3, PS/4, TV)
Stupid Questions...
There's some tweaking to be done in the sequence... e.g., should I move the manual reconfig of my static IP devices and do that as a first step? Or is it OK to get the bulk done and then manually configure a PC on the 192.168.1.0 network long enough to change their IP and give each a reboot?
If I SNAFU, will a restore of the Step 1 backup be the safest way of restoring the router to pre-snafu settings?
Is there anything that I've forgotten?
Out of curiosity... would the fact that my work machine Cisco VPN uses network address 10 ( as a virtual address, I presume - e.g. allocated once the tunnel is raised) have any risk of cross-impact with the local address? Only asking because I wonder if a class A network with a whole-byte subnet range might be cleaner than a class B network with a 12-bit range?
Thanks if you've read to here - and sorry for the long post. Did I mention I'm nervous?
Thanks in advance for any feedback or suggestions...
Please Log in or Create an account to join the conversation.
- 丨>®@yt3丨
- Offline
- Site Admin
Less
More
- Posts: 14
- Thank you received: 2
09 Oct 2019 09:16 #95061
by 丨>®@yt3丨
Replied by 丨>®@yt3丨 on topic Re: Best Approach to Reconfigure Draytek LAN Config
Hello Ytene,
According to your network setup description I don't think that you will experience any IP address conflicts. If you are planning to enable additional subnets (LAN2,3..) then make sure that vlan tags are applied, and that your switch can handle that (most DrayTek switches do, and most third party 'smart' one too).
If you somehow manage to snafu your network, just factory reset the router and then load the configuration backup file saved earlier.
Regarding your IP change from 192.168.1.1/24 to 172... What's the point? If you need more IP addresses your router running latest firmware can handle /23 range.
BR
According to your network setup description I don't think that you will experience any IP address conflicts. If you are planning to enable additional subnets (LAN2,3..) then make sure that vlan tags are applied, and that your switch can handle that (most DrayTek switches do, and most third party 'smart' one too).
If you somehow manage to snafu your network, just factory reset the router and then load the configuration backup file saved earlier.
Regarding your IP change from 192.168.1.1/24 to 172... What's the point? If you need more IP addresses your router running latest firmware can handle /23 range.
BR
Please Log in or Create an account to join the conversation.
- ytene
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 18
- Thank you received: 0
09 Oct 2019 12:35 #95063
by ytene
Replied by ytene on topic Re: Best Approach to Reconfigure Draytek LAN Config
Hello |>®@Yt3|<,
Thanks for responding...
You ask a really interesting question about "what's the point" of switching the local network range. The simple answer is: I'm not very clever.
Having a slightly more flexible address range means that I can allocate addresses using a logical pattern which makes it trivially easy to identify and trace network activity. For example, if I were to use 172.16.0.0 as my network ID, then I could reserve (for example):-
172.16.1.x for my DHCP pool
172.16.2.x for my local network services (DHCP, DNS, maybe even my NAS boxes)
172.16.3.x for my multimedia appliances (HTPC, BluRay Players, SmartTVs, etc)
172.16.4.x for IP Security Cameras
172.16.5.x for my (under construction) Raspberry Pi Cluster [OK, might be more truthful to label this as "network-connected toys" but you get the idea]
172.16.6.x for the next class of device
I might even be tempted to give each member of the family their own sub-net and see how much trouble I get in to for that... [hint: a lot]
The reason for doing this [and being a bit wasteful of addresses] is that, from workplace experience, I know that once something like this is adopted, it quickly becomes second nature to identify devices based on nothing more than their IP address. It also means that if at some point I want to enact VLANs or to apply slightly more complex usage/control rules on the network (e.g. if I have to block a certain person's XBox from the internet for certain times of day) then it becomes easier to do so with simpler rules.
But to be fair, this is all one big learning curve to me and I'm really seeking a baseline of good practical advice before I start...
Thanks for responding...
You ask a really interesting question about "what's the point" of switching the local network range. The simple answer is: I'm not very clever.
Having a slightly more flexible address range means that I can allocate addresses using a logical pattern which makes it trivially easy to identify and trace network activity. For example, if I were to use 172.16.0.0 as my network ID, then I could reserve (for example):-
172.16.1.x for my DHCP pool
172.16.2.x for my local network services (DHCP, DNS, maybe even my NAS boxes)
172.16.3.x for my multimedia appliances (HTPC, BluRay Players, SmartTVs, etc)
172.16.4.x for IP Security Cameras
172.16.5.x for my (under construction) Raspberry Pi Cluster [OK, might be more truthful to label this as "network-connected toys" but you get the idea]
172.16.6.x for the next class of device
I might even be tempted to give each member of the family their own sub-net and see how much trouble I get in to for that... [hint: a lot]
The reason for doing this [and being a bit wasteful of addresses] is that, from workplace experience, I know that once something like this is adopted, it quickly becomes second nature to identify devices based on nothing more than their IP address. It also means that if at some point I want to enact VLANs or to apply slightly more complex usage/control rules on the network (e.g. if I have to block a certain person's XBox from the internet for certain times of day) then it becomes easier to do so with simpler rules.
But to be fair, this is all one big learning curve to me and I'm really seeking a baseline of good practical advice before I start...
Please Log in or Create an account to join the conversation.
- ytene
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 18
- Thank you received: 0
21 May 2020 17:15 #96235
by ytene
Replied by ytene on topic Re: Best Approach to Reconfigure Draytek LAN Config
Brief Update
I've successfully resolved this question, although not in the way I was originally intending. I began to experience a fault in which my Draytek 2860n-Plus began an intermitted reboot cycle. I was literally seeing my WAN connection drop - and by the time I could get a browser to the web interface, I could see that the entire device had rebooted.
I solved this problem with the virtual sledge-hammer - I bought a 2862AC.
This new router gave me a chance to try a completely different configuration [and use the old router as a fall back].
I configured a Class B network exactly as described here, giving myself a "172.16.*.*" network. Additionally, I reconfigured the new router to use a pair of local Raspberry Pi 4 servers, configured with Raspbian and a copy of "PiHole" (a DNS Sink).
Everything is working perfectly; I have a full Class B network, with IP addresses statically assigned and based on the class of equipment. Could not have been easier. Could not have been more effective.
Can recommend to anyone wanting to experiment with a more complex local network and wanting, perhaps, to apply clearly defined address ranges, or for any other purpose requiring something beyond the default 192.168.1.* network.
I've successfully resolved this question, although not in the way I was originally intending. I began to experience a fault in which my Draytek 2860n-Plus began an intermitted reboot cycle. I was literally seeing my WAN connection drop - and by the time I could get a browser to the web interface, I could see that the entire device had rebooted.
I solved this problem with the virtual sledge-hammer - I bought a 2862AC.
This new router gave me a chance to try a completely different configuration [and use the old router as a fall back].
I configured a Class B network exactly as described here, giving myself a "172.16.*.*" network. Additionally, I reconfigured the new router to use a pair of local Raspberry Pi 4 servers, configured with Raspbian and a copy of "PiHole" (a DNS Sink).
Everything is working perfectly; I have a full Class B network, with IP addresses statically assigned and based on the class of equipment. Could not have been easier. Could not have been more effective.
Can recommend to anyone wanting to experiment with a more complex local network and wanting, perhaps, to apply clearly defined address ranges, or for any other purpose requiring something beyond the default 192.168.1.* network.
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek