Layer 3 needed?

[jediatzinger]

I work with some engineering guys and they honestly don't know much about IPs and networking. I've told them for years they should be using some VLAN and/or Layer 3 switching out in the field.

They typically have two networks:
#1 - 192.168.0.x/24 (internet access over a USB-A network adapter). This is a hardware device (CradlePoint) that provides AT&T/Verizon access. This device is setup as DHCP and provides IPs that are physically connected.

#2 - 10.0.0.x/24 (built in LAN). This is what they use for communicating with the PLC, etc.

GoToMyPC is used to access the PC over the internet (in through the CradlePoint via 192.168.0.x/24).

Recently they've asked me how to add an additional USB-A ethernet adapter for communicating with a piece of equipment on 192.168.250.x/24.

I received a call earlier that GoToMyPC was not always able to connect and that they also couldn't communicate with the equipment on the 192.168.250.x network.

Wouldn't this be best setup long-term with a Layer 3 switch and clearly defined routes? What would you do?

 

[Paladin]

Let me start by saying that I am not 100% confident I understand the scenario. It sounds like you are saying you are using a cradlepoint router with a single LAN port (and a WAN/internet via 4G/5G cellular obviously) and you are/have tried to add LAN interfaces to it by adding USB network adapters to it?

That's an interesting choice.

If it works I guess it is fine but it sounds like it is not working well so... I guess don't do that.

How about this instead? Do they have the ability to get a cradlepoint with the appropriate number of integrated network ports (plus a couple spare for the future)? If not, I get it but that seems like the easiest and most reliable/simple option.

Alternately, yes, you change everything to being VLANs on the LAN and have a single cable/LAN port from the cradlepoint to a VLAN capable managed switch (hopefully also cloud managed for remote control sanity) and then simply put network 1 on port 1, network 2 on port 2, network 3 on port 3, and the uplink to the cradlepoint on the 'last' port (8 or 16 or whatever).

The cradlepoint router is still the router in that scenario, you are simply using VLANs to simplify the physical equipment situation to eliminate the USB adapter jank. This assumes the cradlepoint can reasonably manage VLAN config and the access rules for traffic between the networks, if any is needed. Maybe dump Gotomypc as well in favor of AnyDesk or Teamviewer if they are more reliable (which is likely). The switch is still all layer 2 (plus VLANs but still layer 2) so no need for anything fancy there, just any basic managed switch that can do VLANs. Those start as cheap as probably $20-30 or so but for a decent one that might last a few years before the cloud management service evaporates you might pay more like $50-70 for a 5 to 8 port model. TPLink 'Festa' or 'Omada' might be something to look at or HPE/Aruba Instant On stuff. https://instant-on.hpe.com/ That should be around for a good while where TPLink has less of a name to protect.

 

[jediatzinger]

Let me start by saying that I am not 100% confident I understand the scenario. It sounds like you are saying you are using a cradlepoint router with a single LAN port (and a WAN/internet via 4G/5G cellular obviously) and you are/have tried to add LAN interfaces to it by adding USB network adapters to it?

Correct, but I left out an important part.

There is a basic (unmanaged) 5-port switch that the CradlePoint is connected to on its single LAN port. There is a Windows PC that I’m describing in the scenario.

CP — SWITCH (Port 1)
Windows PC (USB-A network adapter) — SWITCH (Port 2) 192.168.0.x/24 (this has always worked w/ GoToMyPC for remote access)
Windows PC (built in LAN): ethernet connection to the PLC (10.0.0.x/24)

this is what’s new
Windows PC (USB-A network adapter) — Ethernet connection to another piece of equipment (192.168.250.x/24)

We rebooted the CP and everything is accessible, but I’m not entirely sure how… I’d have thought you’d need a router or L3 switch, but the engineers are telling they can remotely access both the PC, PLC, and the piece of equipment.

I wanted to clarify on the scenario…

 

[Paladin]

Wait... is this all one PC? And you're adding USB network adapters to the PC? So it can have multiple IP addresses that are in different subnets?

If so, just pull out all the USB adapters and add additional IP addresses to the existing network interface. Windows can have more than one IP address on an interface and they don't have to be in the same network.

https://woshub.com/assign-multiple-ip-addresses-single-nic-windows/

As for why it works, it's because that's how networks work.

You have Device A with 192.168.1.5 (mask 255.255.255.0) and Device B with 10.1.1.10 (mask 255.255.255.0) and device A and B both plug into the same switch and you want Device C to talk to both?

Just have Device C have its first IP address be 192.168.1.6 (mask 255.255.255.0) or similar, so it is part of the 'main' network that has a default gateway for internet access etc. and then add a secondary/additional IP address in the other subnet (network) like 10.1.1.15 (mask 255.255.255.0) and no gateway. That will allow Device C to communicate with Devices A and B without issue.

The only problem in that scenario is that Device B won't have internet access unless the gateway device can be configured to run an address (and the requisite network address translation and stuff) in the second network like 10.1.1.1 (mask 255.255.255.0) so Device B can use it as a gateway to reach the internet.

Using 'cloud' dependent remote access tools like gotomypc or anydesk etc to access Device B require Device B to be accessible over the internet because for Device B to register itself with the service requires it to have working internet. There may be some ability in some programs to connect directly to Device B from a connected network (like from Device C to Device B since they all share connectivity because C has an IP address in both networks). But for things to really work right, the gateway should be configured to provide internet service for any networks that might want to access it.

 

[KD5MDK]

Do the ethernet cables from the PC USB network adapters run directly to the PLC and additional piece of equipment? Or are those plugged into the 5 port switch too?