I am having trouble alternating between wired and wireless routers from the same client computer. Both routers use the IP address 192.168.1.1 but they are different networks. The client computer is a laptop which both wired and wireless NICs. The only way I have found to alternate routers is to disable the v3 firewall until the IP address is assigned from the router then re-enable firewall protection. This seems rather odd. It also seems I’d have to do the same thing anytime the router changes such as connecting from a hotel, coffee shop, etc. It’s also the most vulnerable time for connecting so it’s illogical to disable the firewall during IP assignment. Would someone please point me in the direction of a solution?
Welcome to the forums, FredThompson!
IP addresses on a LAN are supposed to be unique. If you have two routers, both 192.168.1.1, your laptop can’t tell which is which without more information at the hardware level.
That hardware level is something known as ARP, the Address Resolution Protocol. More details about ARP are at this Wikipedia article
There are some methods of attack that will use ARP, so CFP has a protection mechanism to preserve hardware-to-IP addressing. Because you have two different pieces of hardware trying to use the same IP address, one of the two is going to get locked out. Which is exactly what you are seeing.
Disabling the CFP ARP protection would not help if these two routers are in-use at the same time. You would experience some very very strange connection problems in that case.
The fix, is to change the IP address used by one of your two routers. Leave one at 192.168.1.1, and change the other router to something like 192.168.1.254.
I should have been more explicit. Both routers are not in use at the same time.
When I disable the wireless NIC in my laptop, followed by connecting a cable controlled by another router, I’m not seeing the proper IP address assignment. It looks like that silly hardware default of 169.x.x.x or something like that. That what has me confused. Why would previously using a router at 126.96.36.199 on one NIC prevent using the same IP address on a separate NIC…uh…non-concurrently? Will this mean problems trying to connect to other routers which use 192.168.1.1? Basic issue, I know, but it’s far better to conquer this confusion now than in an airport…
Thank you for the clarification.
Then what you describe becomes a question of timing, and caching. Windows maintains a cache of hardware-to-IP addresses in an “arp cache”. This cache does timeout after a few minutes (10 to 15 minutes, as I recall). So as an entry changes, it will eventually migrate over to a new value. Windows has a command line tool “arp” that will let you see what is in the cache, and to change entries explicitly if need be. You can enter “arp -?” to get a summary of the options.
CFP has a arp cache protection mechanism. Which is very useful in a wired LAN, but less so in a laptop. To disable that arp checking, open CFP and click Firewall → Advanced, Attack Detection Settings, the Intrusion Detection tab, and at the bottom there is a checkbox for ARP protection. Clear the ARP checkboxes.
In moving around wifi hotspots, as you move from one to the other, the ARP cache gets cleared each time you power down or reboot. You shouldn’t have any problem with any connections. To force a wholesale reset of the arp cache, use the command line tool with “arp -d *” and let Windows rebuild the cache by querying the connectin for the proper values.
Then you should be all set, and literally good to go.
Oh, it makes sense when you know what’s happening! Releasing and renewing ipconfig weren’t fixing the situation.
Based on your comments, I found Windows Reference - Windows How To's, Tips, Tricks which states the CLI command, “netsh interface ip delete arpcache” will force clearing the cache.
Thanks for explaining this to me and mentioning the default settings which might be better changed than left in their initial state.
It does seem odd to me, though. The OS is Tablet XP Pro so I’d expect better support for alternating between NICs.
I am still having this problem with CFP preventing DHCP service. ARP protection is off. I clear the ARP as described above. There are 2 routers in my home with different IP addresses. The only way I can get it to work is to disable the firewall, connect to the route, then re-enable the firewall. Any other ideas how to solve this problem?
Seems to me each NIC must have its own address. This way your client computer will know how to send information/responses back to the originating server/router.
I have finally found a way to make this work but … it is awkward, unreliable and requires more software.
It’s far easier to configure each router for a different IP address.
That’s what I’ve done.
Actually, That was what I was thinking you would have to try when i saw the board heading listed under new posts (he still has this problem?). From what I was taught about NICs and using multiple NICs, using different IPs for each is probably the safest and most reliable solution anyhow.