Access across two local networks using a consumer grade WiFi Router

Question

Background -

Illustration - https://i.sstatic.net/DFSMh.png

We have a embedded device(referred to as PC2 ahead), which is hosting a UI/webpage, in a Class C network(Network 2 in the diagram above). As we do not have access to Network 1 settings, we need to add our own WiFi Router and create a Network 2, which facilitates us to keep the IP of our devices static. In this scenario we need to access the webpage hosted on PC2 which is in Network 2 from PC1 which is in Network 1.

Conditions to be met -

1. We must be able to configure a static IP for PC2/embedded device preferably with WiFi Router B only.
2. PC2 being in Network 2 must be accessible to PC1, so that PC1 can see the webpage hosted on PC2.

Iterations Performed -

1. Iteration 1 -

   • Connections - CAT5 from LAN port of Router A to WAN port of Router B.
   • Both Router A and Router B are operating in WiFi Router/NAT Mode.
   • Observations -
     i. I'm not able to reach PC2(192.168.1.100) from PC1(192.168.0.100) but when I try it the other way around, PC2 is able to reach PC1(This must be because of NAT).
     ii. PC2 has internet access

2. Iteration 2 -

   • Connections - CAT5 from LAN port of Router A to WAN port of Router B.
   • Both Router A and Router B are operating in WiFi Router/NAT Mode.
   • Observations -
     i. I'm not able to reach PC2(192.168.1.100) from PC1(192.168.0.100) but when I try it the other way around, PC2 is able to reach PC1(This must be because of NAT).
     ii. PC2 has internet access
   • I have tried configuring the following Routing Table in Router A as follows -

ID	Destination Network	Subnet Mask	Gateway	Interface
1	192.168.1.1	255.255.255.255	0.0.0.0	LAN & WAN
2	192.168.1.0	255.255.255.0	192.168.1.1	LAN & WAN
3	192.168.0.0	255.255.255.0	0.0.0.0	LAN & WAN

3. Iteration 3 -
   • Connections - CAT5 from LAN port of Router A to LAN port of Router B.
   • Both Router A and Router B are operating in WiFi Router/NAT Mode.
   • Observations - i. I'm able to reach the PC2(192.168.1.100) from PC1(192.168.0.100) i.e. the webpage hosted on PC2 will be visible, but PC2 doesn't have access to the internet.
   • I have configured the Routing Tables in both the routers as follows -
     i. Router A - Same as above (i.e. Iteration 2)
     ii. Router B - \

ID	Destination Network	Subnet Mask	Gateway	Interface
1	192.168.0.1	255.255.255.255	0.0.0.0	LAN & WAN
2	192.168.1.0	255.255.255.0	0.0.0.0	LAN & WAN
3	192.168.0.0	255.255.255.0	192.168.1.1	LAN & WAN

4. Iteration 4 (Router B as Access Point)-
   • Router A(Network -->192.168.0.0, Router IP --> 192.168.0.1) and Router B(Network -->192.168.0.0, Router IP --> 192.168.0.100)
   • An RJ45 ethernet cable is connecting a LAN port from Router A to the WAN port of Router B.
   • Router A is operating in WiFi Router/NAT Mode and Router B is in Access Point Mode
   • Observations -
     i. I'm able to reach, PC1(connected to Router A) from PC2(connected to Router B) and vice versa, both the devices have internet access.
     ii. Unable to see, PC2 in the clients list of Router A, which is responsible for assigning IP addresses, since Router B is in access point mode. This prevents me from making the IP of PC2 static from Router A or B.

Questions -

1. Are my Routing tables in Iteration 3 correct, if yes, what is the reason for it not working properly?
2. Is the behaviour in Iteration 4 when the Router B is configured as an Access Point, desirable? Is it correct to not see the devices connected to Router B in the Clients list of Router A?
3. Is there any alternative/better way to approach this problem, given the fact that we are looking for a solution that is highly cost effective and doesn't involve things like adding an expensive VLAN capable router?

Answer 1

Yes, in #1 and #2, PC2 can reach PC1 because router B still has NAT enabled, even though routes are not fully configured.

Your route probably doesn't work because the 'gateway' address (192.168.1.1) is on the wrong side. As you're adding the route to router A, the "gateway" should likewise be an address that's "facing" router A.

Remember that router B has two IP addresses – 192.168.1.1 on its LAN interface and 192.168.0.??? on the WAN interface, received via DHCP from router A.

So you only really need this one route on Router A:

Destination	Netmask	Gateway	Interface
192.168.1.0	255.255.255.0	192.168.0.???	LAN

For limited access (e.g. just HTTP on port 80), an alternative approach would be to use "port forwarding" in router B instead – that is, to make use of the NAT support that it has anyway. Now using NAT inside a network is indeed somewhat ugly, but in this specific situation of creating a "self-contained" unit, it could be excused (after all, Docker operates in much the same way).

In #3, I wouldn't recommend such connection in general – directly connecting the LAN ports creates one large physical subnet that just happens to have two IP subnets running on it, and while that's technically completely valid, it can cause some headaches due to broadcast packets freely going through the link. For example, it becomes impossible to control which of the two DHCP servers will handle which devices – PCs on Router A's LAN ports could pick up leases from router B, etc.

That being said, it should actually work.

In #4, the result is indeed correct. When router B is in "access point" mode, it is not a router – it's a bridge that blindly relays everything, including DHCP lease requests, to router A.

In most routers, "connected device" lists are actually built primarily from the DHCP lease table, so if router B is no longer issuing address leases, it won't show any devices in this list.

(And similarly, in models which also use the router's ARP cache to augment this list, an "access point" will not have any entries in its ARP cache either, as it forwards everything at MAC layer rather than IP layer.)

In general, there is no mandatory "greeting" or "handshake" in Ethernet networks that would allow building a device list. (There are plenty of optional protocols for that – DHCP, LLDP, CDP, mDNS, MNDP... – but your embedded device can just stay completely quiet if it wants to.)

Is there any alternative/better way to approach this problem, given the fact that we are looking for a solution that is highly cost effective and doesn't involve things like adding an expensive VLAN capable router?

There are plenty of cheap VLAN capable routers. Some of them are highly popular in the "Prosumer" / "Home lab" markets (e.g. ER-X or RB951G or RB750G) and go for around $50, and possibly even less for old models lacking Gigabit Ethernet.

That being said, you don't need VLANs here, but often those routers also have another advantage of not having the rigid "WAN & LAN" configuration, and instead allowing you to create e.g. three networks if you wish.

Finally, you can build your own router from just about any device that can run Linux (or FreeBSD) and has enough Ethernet ports. For example, a Raspberry Pi running Raspbian (with a USB-Ethernet dongle duct-taped to it), or a used NUC running pfSense/OpnSense, could handle routing between wired Ethernet just fine.