LocostBuilders - powered by XMB

Network issues :(

BenB - 19/11/13 at 07:44 PM

Okay, here's the problem. At work we have a manually configured network using 10.X.X.X IPs with a 255.255.255.71 subnet mask. I've bought some fancy heating automation device which insists on having a 192.168.1.222 IP (presumably expecting a standard 255.255.255.0 subnet). If I manually reconfigure my IP to 192.168.1.x then I can "see" the device and it works fine BUT it kicks me off outlook, our work cloud-based software, the internet etc etc.

Ideally I want to be able to keep my 10.x.x.x IP whilst being able to use the device demanding a 192.x.x.x IP....

Now I could just have two computers on my desk but it seems a bodge- I'm going to want to control the device once a month max. Or I could have batch files on my desktop to automate the IP change and accept that when I go to "192.x.x.x" mode I'm going to experience crashes. Any ideas? I'm thinking I could presumably get another network card and have two LANs on the computer and set mine up as a bridge- but that seems a bodge also. I can't see why I couldn't get a device which would interface with the device almost like a mini-router (IE it would "translate" signals to / from the heating device from a 10.x.x.x to a 192.168.x.x IP. Not sure if such a thing exists though.

Any other ideas? Apart from hunting down and beating the person who decided that all networks would be on a 192.X.x.x/255.255.255.0 address?

garyo - 19/11/13 at 07:55 PM

If it's a windows PC then you shouldn't need to have multiple network cards, and depending on the OS can normally find an 'advanced' button inside the TCPIP settings for the adaptor and set up multiple IP addresses, each with their own netmask.

Xtreme Kermit - 19/11/13 at 07:58 PM

Isn't there something odd about the 192.168 and the 10. Networks that states they are not routable?

Definitely hunt down the vendor and reprogram them...

britishtrident - 19/11/13 at 08:22 PM

192.168 networks are pretty common, more so in my experience so than 10. .

I the device has a web browser http interface you could boot Puppy Linux off a pen drive.
Another easy solution would be plug in a USB Ethernet interface.

britishtrident - 19/11/13 at 08:28 PM

quote:
Originally posted by Xtreme Kermit
Isn't there something odd about the 192.168 and the 10. Networks that states they are not routable?

Definitely hunt down the vendor and reprogram them...

Yes not routable but they can be linked by bridgingng, the bridge can simply be a PC with two network cards.

r1_pete - 19/11/13 at 08:33 PM

192.168.. are private network ranges and cannot be 'published' on the internet, any traffic from such devices is NATd (Network address Translated) at the internet access point, hence why you cannot connect to the cloud, presumably a pseudo public cloud available over the internet.

Can you connect to the device using 192.168.1.222 similar to the way you would connect to your router to configure it?

scudderfish - 19/11/13 at 08:40 PM

You should be able to have more than one IP address on the network card.

mark chandler - 19/11/13 at 09:12 PM

That's an odd mask for a private LAN, 255.255.255.71 as you are restricting the number of devices when you will be NAT'ing to the public side, is there any reason for this?

If not I would just change the mask to 255.255.255.0 on all devices as you have implied that the new device will allow a 10. range with a more standard mask.

BenB - 19/11/13 at 09:22 PM

If only I could change the local IPs. Trouble is they're set by the NHS IT dept who control everything including to the connection to the N3 connection. I think I would get in trouble (understatement of the year) if I changed all the local IPs

BenB - 19/11/13 at 09:24 PM

Never spotted the "alternative configuration" under IP4. Let's hope it allows me to connect to them both at the same time. That would be nice. Then it's just a question of whether the software will talk to the device via one connection and connect to the device's internet portal via another. Fingers crossed.

Cheers peeps. Font of all knowledge as per

Brett Jones - 19/11/13 at 09:38 PM

What is the make and model of this heating device as I'm sure there is a way to change it the 10.X.X.X range.

ashg - 19/11/13 at 09:45 PM

from my understanding it will only use the alternate config if it doesn't pick up dhcp. if you cant open out the subnet then the only way is to reconfig the 10. device

have a read of this http://www.tcpipguide.com/free/t_IPAddressClassABandCNetworkandHostCapacities.htm

chances are if you put your pc into the 192 range as a temporary measure then go to the admin interface on the heating device you will be able to change the static address to a 10.* address. once that is done you can put your pc back on its normal address and access the heating device on its new 10 address.

as you are on N3 you will need to raise an rfc ticket telling them the mac and host name of the new device to have a static ip allocated otherwise there is a high probability it wont work, when I stopped working on N3 about 4 years ago they were just about to go forward with 802.1x which makes it much more difficult for users like you to add rouge devices to the network, although im not sure if they ever managed it.

jeffw - 19/11/13 at 10:13 PM

255.255.255.71 is not a subnet mask so I think you've made a typo there.

Simply change the IP on your PC to the 192,168.x.x subnet and then log on to the interface for the heating device and change the IP address to a 10.x.x.x address, defining the correct default gateway and IP Subnet Mask.
Both of the these ranges (192.168.0.0/16 and 10.0.0.0/8) are part of RFC1918 which defines non-routed private address space, the other range is 172.16.0.0/12

The Internet Assigned Numbers Authority (IANA) has reserved the
following three blocks of the IP address space for private internets:

10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)

chrism - 19/11/13 at 11:42 PM

quote:
Originally posted by garyo
If it's a windows PC then you shouldn't need to have multiple network cards, and depending on the OS can normally find an 'advanced' button inside the TCPIP settings for the adaptor and set up multiple IP addresses, each with their own netmask.

What this guy says is correct, on the general page with the IP settings click on the advanced button and it will let you add another IP address and subnet for your network card. This only works if your not using DHCP to automatically get an address, if you are using DHCP then you will need to set your normal address as static and get the IT guys to reserve/exclude it from the DHCP server so you dont get a conflist.

The alternative tab is as others have said only there to configure an manual IP address as a backup if yout PC cant find a DHCP server if its set to use one.

snakebelly - 20/11/13 at 08:42 AM

Its a perfectly valid subnet mask, a strange one granted but perfectly valid, As above, use multiple IP's on the NIC and you'll be good to go. this is a commonly used setup so that normal users wont have access to the device. Just done an implementation where all the PC's Servers etc were on a 192.168 range, all infrastructure devices, switches etc were on on the 172.16 range and all the building management systems stuff was on a 10.10. range.

HTH

quote:
Originally posted by jeffw
255.255.255.71 is not a subnet mask so I think you've made a typo there.

Simply change the IP on your PC to the 192,168.x.x subnet and then log on to the interface for the heating device and change the IP address to a 10.x.x.x address, defining the correct default gateway and IP Subnet Mask.
Both of the these ranges (192.168.0.0/16 and 10.0.0.0/8) are part of RFC1918 which defines non-routed private address space, the other range is 172.16.0.0/12

The Internet Assigned Numbers Authority (IANA) has reserved the
following three blocks of the IP address space for private internets:

10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)

GreigM - 20/11/13 at 11:01 AM

Another option would be to use a virtual machine (vmware, virtualbox, Vitual PC, hyper-v etc) to just boot a "separate" machine, reconfigure its network details to be on the 10.X range and should work fine.

VM technology these days is very quick and efficient. You can even download "free" images from microsoft direct for whatever flavour of VM you want to use: http://www.modern.ie/en-us/virtualization-tools#downloads

jeffw - 20/11/13 at 01:31 PM

quote:
Originally posted by snakebelly
Its a perfectly valid subnet mask, a strange one granted but perfectly valid, As above, use multiple IP's on the NIC and you'll be good to go. this is a commonly used setup so that normal users wont have access to the device. Just done an implementation where all the PC's Servers etc were on a 192.168 range, all infrastructure devices, switches etc were on on the 172.16 range and all the building management systems stuff was on a 10.10. range.

HTH

quote:
Originally posted by jeffw
255.255.255.71 is not a subnet mask so I think you've made a typo there.

Simply change the IP on your PC to the 192,168.x.x subnet and then log on to the interface for the heating device and change the IP address to a 10.x.x.x address, defining the correct default gateway and IP Subnet Mask.
Both of the these ranges (192.168.0.0/16 and 10.0.0.0/8) are part of RFC1918 which defines non-routed private address space, the other range is 172.16.0.0/12

The Internet Assigned Numbers Authority (IANA) has reserved the
following three blocks of the IP address space for private internets:

10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)

Seriously? You have me worried now.

255.255.255.71 is not a valid subnet mask

0.0.0.0 /0
128.0.0.0 /1
192.0.0.0 /2
224.0.0.0 /3
240.0.0.0 /4
248.0.0.0 /5
252.0.0.0 /6
254.0.0.0 /7
255.0.0.0 /8
255.128.0.0 /9
255.192.0.0 /10
255.224.0.0 /11
255.240.0.0 /12
255.248.0.0 /13
255.252.0.0 /14
255.254.0.0 /15
255.255.0.0 /16
255.255.128.0 /17
255.255.192.0 /18
255.255.224.0 /19
255.255.240.0 /20
255.255.248.0 /21
255.255.252.0 /22
255.255.254.0 /23
255.255.255.0 /24
255.255.255.128 /25
255.255.255.192 /26
255.255.255.224 /27
255.255.255.240 /28
255.255.255.248 /29
255.255.255.252 /30
255.255.255.254 /31
255.255.255.255 /32

these are the valid subnet masks.

I also find it more than a little odd that you have used potentially enormous subnets (10.10.0.0/16 is 65K addresses as is 172.16.0.0/8) for network kit. Very strange design.

britishtrident - 20/11/13 at 02:04 PM

71 (binary 1000111 ) is valid if illegal it just gives a subnet which is not any use to anybody.

[Edited on 20/11/13 by britishtrident]

snakebelly - 20/11/13 at 03:11 PM

Correct!
And I didn't mean we actually used a 10.10.0.0 I was abbreviating to show that using multiple IP Schemas on a single set of infrastructure is not unusual.

jeffw - 20/11/13 at 03:29 PM

quote:
Originally posted by britishtrident
71 (binary 1000111 ) is valid if illegal it just gives a subnet which is not any use to anybody.

[Edited on 20/11/13 by britishtrident]

You are wrong, it is not a valid subnet as defined by RFC1878. IPv4 does not support 255.255.255.71 as a subnet.

BenB - 20/11/13 at 05:52 PM

Update. I was talking nutsack as per usual- the subnet mask was 255.255.255.192. Not sure where I got .71 from (well actually I do it was the last digit of the 10.x.x.71 IP address and I was remembering them all of the top of my head). Makes more sense doesn't it (I've done a little reading on IP subnets since last night). The good news is that I can now connect to the Max! eq-3 heating device and our network at the same time by configuring an alternative IP address in the network connections. The network device still can't see the internet as that's via the 10.x.x.71 IP connection but I don't really need to connect (and it's probably just as well it can't talk to computers on the net!).

Happy bunny

Now if only I could get my thermostat to work. I've set it to 20 degrees but it seems to be turning my room into a sauna

thanks to everyone and sorry for talking borrocks re the 71

jeffw - 20/11/13 at 05:59 PM

Your subnet now makes perfect sense. I would suggest getting admin access to the heater and set a static address on there which is in your main IP allocation. You can then remove the additional IP from your PC and manage the device.

[Edited on 20/11/13 by jeffw]

stevebubs - 20/11/13 at 06:32 PM

quote:
Originally posted by jeffw
Your subnet now makes perfect sense. I would suggest getting admin access to the heater and set a static address on there which is in your main IP allocation. You can then remove the additional IP from your PC and manage the device.

[Edited on 20/11/13 by jeffw]

In normal managed services terms, that means �� on the managed service bill. So long as the switch ports aren't tied down and monitored, I'd just leave it as it is otherwise the surgery's IT costs will rise with no real benefit...

jeffw - 20/11/13 at 06:52 PM

OK....I do number of bits and pieces for Hospices around network/security as well as working for several Investment Banks on IT security so you can IM me if you have any questions.