A single Annex device can provide amazing functionality, but there are many reasons why we might want to network several together. But how many of us know how to create a network best suited to our Annex needs ? This was what I wanted: To keep my original Household internet untouched, mainly just for common printer access. Add a 'private' subnet with internet access to 2 different locations, both with a shared NAS drive access (Network Attached Storage). Have a separate 'public' subnet with internet access for guests to use, but without access to other network areas.Add a separate 'normally isolated' Annex subnet covering 4 different wifi zones spread over a couple of hundred meters. Ideally the Annex subnet would have the option for internet access if and when required. This article should help anyone to achieve all or just part of that network functionality according to their own requirements.. There's a lot to mention - but not all will be needed... just enough to get your job done. IP Address  For our use, each subnet can address 1 bytes worth (8 bits) of nodes (256) - but 0 is reserved to denote network, and 255 is reserved as the 'all-nodes' broadcast address, leaving only 1 to 254 actually available for node addresses, of which one is needed for the router (usually .1) leaving 253 available for client devices. By 'client device' we mean anything connecting with a node address in 'station' mode to a routers subnet. If Annex does not 'join' a routers network at startup it defaults to 192.168.4.1 as an Access Point (AP) to offer an SSID for a browser connection to allow editing or config changes etc. In this mode it is not part of a network, so cannot send network messages to other nodes. For Annex to send network messages to other network nodes, it must connect to a wifi router in Station mode and join that routers subnet. It must first connect to the routers wifi SSID using the appropriate name and password. Then it needs a valid unique IP address in order to actually be accepted on to that routers subnet. IP addresses can be assigned to network clients in 2 ways, static (embedded configuration), or dynamic (temporary DHCP lease).  Dynamic (DHCP) Address If a connecting device has not been configured to use a reserved 'static' IP address, it can lease a temporary 'dynamic' IP address from a routers DHCP Server 'pool' of available addresses. Different routers use different DHCP server defaults, perhaps a Start address' of 100 might be used with maybe a 'Pool Size' of 100 addresses or perhaps an 'End address' of 200 for example. But importantly, there will only be a limited subset of the available 253 (router has 1) IP addresses for DHCP clients. The 'Lease' duration allows a device to retain use of that IP address for the specified lease period, but if not in use and renewed when the lease expires, then that IP address is returned to the pool again for use by another DHCP client. So be aware that the next time a DHCP client connects, it could be given a different IP address from the pool. This is the same principle that ISP's use to allocate temporary DHCP IP addresses to their internet subscribers, whose allocated IP addresses can often change overnight. Those allocated internet addresses are actually Public addresses which must be unique on the world-wide internet, whereas a local LAN has Private addresses which only need to be unique on that particular subnet.  Requesting a DHCP IP address for an Annex device is just a matter of supplying the router SSID name and password in the Config 'Station Mode' fields and leave all the IP fields blank. Although DHCP has the advantage of simplicity, it has the disadvantage that the device can attach to a network without indication of the assigned IP address... but you will probably need to know its IP address in order to connect to and manage it. There are ways to deal with that... many devices will have a user button and LED which could be used to blink out the IP address on the LED when the button is pressed. Or a new node could send its newly assigned DHCP address to a known existing networked device which can be connected to for retrieving that info. I use an Annex text-to-speech 'Voice Announcer" which can speak the IP addresses of any connecting node at startup. All my networked devices respond to an EasyNet "All Reply" instruction, causing them to udp.reply with their node names and IP addresses.  You could use a utility to scan your subnet for existing devices before powering up a new node, then scan again after to see what is new. Or simply scan and try connecting to any devices which you don't recognise. Static IP Address Alternatively you could manually assign 'static' IP addresses to your devices so that you would always know what address to connect to for each device. To assign a static IP address to an Annex device is just a matter of entering the appropriate details in the IP fields... but those details obviously need to be correct and relevant. To find out that info: assuming you are on a Windows computer connected to the same wifi
router that you wish the Annex device to connect to (I'm using Win7 in a vm),... open a 'cmd' command line window then
run IPCONFIG and take note of the displayed Wireless LAN adapter
details... and especially the all-important 'Default Gateway' IP address. The Default Gateway is normally the address of the controlling master router.  You need to choose a valid static address on that subnet, but one that falls outside of the DHCP pool, and which doesn't conflict with any other static address assigned on the subnet. All 3 Annex IP fields must be populated for a Static address, including the 255.255.255.0 subnet mask.. Summary: the Default Gateway is usually the IP address of the router, whose first 3 bytes are its subnet, which must be the same as the first 3 bytes of the proposed static IP address wishing to join that subnet, and whose last 'node' address byte must be unique on that subnet. Dynamic IP addresses will be assigned automatically from the routers DHCP Server pool
to connecting devices unless the
connecting device is already configured to use a static IP address. Default Gateway The Default Gateway points to the controlling primary subnet router which is responsible for routing all LAN traffic on the local subnet. If the Default Gateway (primary router) does not recognise an address as local it will ignore it, unless remotely connected to a WAN. If a router has a remote WAN connection (meaning it is connected as a client with an appropriate IP address to a remote subnet eg: ISP internet connection) it will have been given the remote WAN routers address to use as the remote WAN Default Gateway. So anything the local LAN router does not recognise gets delegated out to the WAN default gateway for the WAN router to deal with. The internet is basically a network of
networks, so unrecognised subnet traffic will keep being dumped out the
WAN garbage chute for other WAN Default Gateways to deal with, until
eventually one of them recognises it as their own local subnet and
delivers it. Summary: the LAN Default Gateway is the controlling routers address where all local traffic is sent for directing as appropriate. Local traffic (addressed to other nodes on the local subnet) is directed to the relevant local subnet node destination. NON-local traffic (denoted by a different subnet address) gets ejected out through the WAN port (if one is connected) and sent to the WAN Default Gateway for it to deal with... and so on until it reaches its final destination. DNS Computers and electronic devices process numbers, but our human brains are much more comfortable with words. Therefore IP address numbers are not easily digested or remembered by us, especially when there are lots of them to remember.DNS (Domain Name System) makes them easier for us to use, by assigning registered Domain Names of words to the IP numbers. DNS servers act like an internet version of a telephone directory,
allowing us to use Domain Names, which which can be automatically resolved back to IP numbers from DNS lookup tables, which routers can then use to 'route' on to their destination. If you open a CMD prompt then enter "ping" by itself, it will return the Ping Help syntax, and listed under Options you can see... "-a Resolve addresses to hostnames". To see that in action, clear the screen with "cls", then enter "ping -a duckduckgo.com" and notice that it returns the IP address which has been 'resolved' from the domain name (even though the destination ping reply response has been deliberately turned off). Now carry on reading, but later (if you don't forget), see which you remember... the domain name or its IP number. Annex devices address other devices using IP numbers because there is not likely to be a DNS server available on a home LAN. (EasyNet can offer facility to address Annex UDP nodes by name, but this is not about EasyNet, so will be covered elsewhere) If the router has its WAN connected (usually to the internet but possibly to a parent subnet) any messages that the local router does not recognise as local will be dumped out through the WAN port for the parent WAN Default Gateway router to deal with. If
the message is addressed using a Domain Name then the WAN Default
Gateway must use the specified DNS Server to first translate the domain name
into the appropriate IP address number before it can send the message on towards its
destination. That's why the WAN configuration also includes DNS server addresses (Primary DNS, and Secondary DNS as a backup). A
DNS lookup takes a finite amount of time to reach the specified DNS
server, then return with the response - so DNS lookups cause a delay
(which will be dependent on the DNS servers connection speed) even before the
original message can be sent. Most ISPs are likely to 'scrape' all their subscribers
web activities for their own financial purposes, as well as for local legal reasons. So although the closest DNS server will probably be those of the ISP, that doesn't necessarily make them the fastest or best. Other DNS servers can be used if preferred, eg: a fast and ethical global DNS service is provided (free) by Cloudflare 1.1.1.1 Summary: Local home LAN's must use IP numbers to address messages to other local nodes because there is no local DNS server available to locally resolve Domain Names back to their corresponding IP address numbers. If the LAN connects elsewhere using its WAN port (typically to the internet)
the WAN parameters include facility for entering DNS servers to
translate global domain names into their appropriate IP address numbers when
necessary. IP Protocols There are 2 main methods (protocols) for sending networked messages using IP addressing. TCP is like a person-to-person phone call with 2-way conversation to only 1 target, with feedback to resolve misunderstandings. UDP
is like a DJ at a night club broadcasting to anyone listening, but the noisier the environment, the harder to reliably hear. Annex uses UDP for networking, which is easy to use, but being a 'one-to-many' broadcast means there is no feedback mechanism and therefore no error-correction, so
broadcasters take no further interest in their sent messages... and don't care if it was received. IP Traffic Most
people will probably already have a wifi network for their internet access, which should initially be ok for developing projects. But piggy-backing Annex devices onto a live internet environment is far from ideal for reliable Annex UDP interaction. The more network traffic, the less reliable the UDP broadcasts, because UDP has no inbuilt
handshaking or error feedback,Therefore ANY other traffic could prevent a critical Annex UDP broadcast from being received by the intended Annex target. Even if nobody else is using the
network, software such as Google browsers and Microsoft operating
systems regularly send back network messages reporting
'telemetry' (legalised spyware) information about usage. Various other 'agents' are
regularly checking online for availability of software updates, and
vulnerable Microsoft products need to be regularly downloading anti-virus
signature updates to avert malware disasters. And then of course there are the relentless Windows 10 updates. And this is assuming there are no malwares already exploiting resources. So just
being connected to
the internet can generate a surprising amount of network traffic... and that's even
without the usual heavy usage of downloading files or streaming media. And much of the traffic will use TCP, whose 2-way handshaking can more than double the amount of traffic. You get the idea - if you value your children and want them to be safe, don't let them play on a busy main road. But it's not really a huge problem, because routers are cheap enough to add another (you may even have old ones laying around). This project aims to show anyone how they can add one or more routers to create a network that is better suited to their needs. Wifi Standards  HiFi syndrome was when those who could afford it kept upgrading to the "latest" hifi music system when something new and 'better' came out. In this day and age it has been superceded by WiFi syndrome, upgrading to the latest fastest router with the biggest range (or most aerial 'legs'). While it is sometimes overlooked that both the router and the wifi receivers all need to be of equivalent spec to obtain that latest performance, what it does mean is that there are a lot of cheap lower spec 'yesterdays news' routers floating around, any of which is more than adequate for an Annex network of 2.4Gb ESP devices... as seen from the wifi comparison chart. Router The home wifi router is basically a LAN (Local Area Network) controller with a wifi transceiver and some RJ45 LAN cable ports. Most include a DHCP Server used for giving out dynamic IP pool addresses to client devices which don't have a static IP address.
Subnet Address - the first 3 IP bytes are the subnet address,
to which all devices using that same subnet must connect to.
Default Gateway - is the IP address that points all connected client devices to
itself because it is the primary controlling router. Most routers will have some way of connecting to an external router using a WAN or ADSL or Modem
port, for internet access. An ethernet WAN port is not necessarily just for internet
connection, it can connect to a parent router to provide another
subnet. Similarly, other routers WAN ports could be plugged into the local routers LAN ports to provide additional secondary client subnets. Note that the WAN IP address, if configured, is the local routers remote client connection address on a remote WAN subnet. In which case the WAN Default Gateway will be the IP address of the remote router, to which all non-local traffic will be directed. NAS Some routers have a USB port for connecting an external USB HDD to be shared on the LAN as NAS (Network Attached Storage). Configuring Routers To manage a router and
change its configuration requires browser connection to its IP addres
then login with appropriate credentials.It is advisable for
the router to be unplugged from everything except the configuring
computer, to avoid possible IP address conflicts. It is also advisable to reset the router back to the known state of its factory defaults. Connect
to the routers factory default IP address, then login with the default
credentials... often admin and admin, or on a label underneath, else
will need an online search for the specific make and model. The default
credentials are readily available to everyone, so remember to change the
router password and put it on a label stuck to the router (you'll be glad of it one day). Enter the routers new IP address in the appropriate LAN or Network field, then Save and Reboot, then connect to the new address. You are connecting from the LAN port, but if you don't need to connect from the external WAN then disable Remote Admin access. Only enable DHCP server on the primary controlling router of each subnet, and make sure it is disabled on all slave routers. Isolated Network If you just want an isolated wifi network to be reserved only for Annex devices to optimise reliability, then any old wifi router will do. An isolated router does not use a WAN port for connecting to
the outside world, so simply leave the 'Internet' or 'WAN' configuration page details at their unused defaults (and of course no DHCP address can be obtained from an ISP without any WAN connection).  Go to the 'Network' or 'LAN' configuration page and assign the router an IP address that has a different subnet to your internet router to be sure that they can co-exist in harmony together. If your internet router is using 192.168.1.1 for instance, then you might assign 192.168.0.1 or 192.168.2.1 for your 'Annex' router (or even 1.2.3.4 if you wish). Both routers will be the primary router on their respective different subnets, so they can both have a node address of .1 to befit their primary status in their own subnet kingdoms. You may as well enable the DHCP server, taking note of the address pool start and end (or size) so that you can decide on a different range of addresses to use for manually allocating 'static' addresses if you so choose. Obviously you will need to ensure Wifi is enabled, and assign a unique SSID and password for the Annex devices to connect to. You would also be advised to pay attention to wifi channel numbers.  Wifi Channels 2.4Gb routers allow selecting a wifi channel number from 1 to 13, each operating on slightly different adjacent frequencies. Usually a routers channel number defaults to 'auto', which might be ok ... or it might cause it to be affected by your neighbours wifi channels. To avoid adjacent channel interference you can manually set a routers wifi channel number to one of your choice. You will not have control over neighbouring wifi routers channels of course, but wifi range is usually poor, so hopefully your router will may not be affected by the neighbours channels anyway... and even if it is, then you simply set yours to something else.  Channel Overlap When having 2 or more routers yourself though, channel selection needs some thought, because it's not
quite so straightforward. Channels 1, 6 and 11 do not overlap or interfere with adjacent channels. So theoretically you could have 3 wifi routers in the same room which were using channels 1, 6 and 11 without suffering adjacent channel interference. But if any of those routers was using a channel other than 1, 6 or 11 then you could have interference problems.  The more routers used, whether for providing adequate signal strength in areas between buildings or floors etc, or for having different subnets in the same areas (eg: internet and Annex), or perhaps both (I am using 6 routers), the more important channel separation becomes. Be aware that there is a big difference between Channel overlap and Zone or Range overlap. The red and blue zones shown here overlap with all other zones, but none also have channel overlap. The yellow and green zones both use the same channel number, but their zones don't overlap. Wifi range is normally limited to just a few tens of meters (if you are lucky). The range can be made longer but narrower by using a directional antenna, but like the difference between using a sniper rifle or a grenade ... the greater the distance, the better the aim needs to be. Newer routers may offer some form of wifi extender facility, but they obviously still need to be within wifi range of the main router anyway, therefore need range overlap, which means they can only effectively increase overall range by about 50% or so. So in the diagram above it could be used to extend the red range to the blue, but could not extend the yellow to the green. And because their ranges must overlap, they need to use separated channels to avoid adjacent channel interference. Plus there will be an inevitable transmission delay due to the extender having to receive signals before it can re-transmit them. So for one reason or another, a wifi range extender may not be the best way to extend wifi range. That's why many have an RJ45 Ethernet Cable port, allowing them to act as a cabled Remote Access Point for extending wifi range.  Remote Access Points It is possible to connect one or more 'slave' routers in parallel by ethernet cable between their LAN ports to use as remote wifi Access Points. Being connected LAN to LAN means they are all on the primary routers subnet, so they don't need a WAN port, therefore any old routers will do. Ethernet cables can be up to 100m long, and several routers (or Ethernet HUBS/Switches) can be chained together for greater distances..  The slave AP router(s) need to be assigned a client IP address on the primary routers subnet. They also need their default gateway pointing to the primary routers address (not their own), and their DHCP server facility must be disabled, so that devices connecting to their AP SSID will be pointed to the primary router to receive a DHCP address if needed, and the primary router can manage all the routing. SSID's Each enabled wifi will offer an SSID for connecting to - each can be different - OR - they can all have the same SSID if preferred. It is significant for Annex devices, because the SSID and password are embedded in their code... so if you are creating an Annex wifi network which uses different SSID's, then you will need to ensure that each device is configured for where it will be installed. That can be problematic, because the final destination router may be different from the one where it was being developed - so if you forget to change the SSID when siting, it might still manage to connect... but to a much weaker signal, giving poor reliability. Alternatively, all Annex routers could use the same SSID and password, then all the Annex devices can connect anywhere.  Connecting in the overlap area will connect to the same name SSID with the strongest signal. But moving in any direction may move deeper into the connected zone and result in an even stronger signal, or it may move further away into the other zone causing a weaker signal, resulting in poorer performance and reliability. Having different SSIDs offers choice of specific connection depending on preferred destination. LAN  The routers IP address is used as the default gateway for that subnet because it is the controlling primary router for the subnet, to which all local traffic is sent. If
your router does not have enough LAN ports, you don't need to buy an
ethernet HUB or Switch if you have a router available... simply connect
one (or more) 'slave' routers in parallel from LAN to LAN with their wifi disabled so that they just offer additional subnet LAN ports.  WAN A routers WAN connection is like a remote waste disposal chute where it can dump all un-recognised traffic. The WAN connection is basically a client address on a remote routers subnet (often an ISP internet connection), and if the WAN connection is being used it also needs to include the remote routers address to use as the remote WAN Default Gateway. If the WAN is an internet connection, the ISP will also provide Primary and Secondary DNS Server addresses. .Each routers job is to route local subnet traffic to other devices on the local subnet (LAN) while keeping it separated from the external WAN, while at the same time also acting as a bridge to route offsite traffic between LAN and WAN whenever necessary.  Most modern routers will have a different coloured RJ45 ethernet WAN port which is similar to the RJ45 ethernet LAN ports. Some older routers may look like they have a different coloured RJ45 ethernet WAN port, but closer inspection may show it to be a slightly smaller RJ11 ADSL telephone port (with fewer electrical contacts) - if an ethernet cable fits, then it's probably a WAN port. The WAN port is only relevant if you intend daisy-chaining routers in series to create nested multiple subnets (which will be explained shortly), but suffice to say for now that if an ethernet cable can be plugged in, then it probably will be a WAN port. Let's take the existing internet wifi router as the starting point to add another 'child' router with internet access. Take note of the original routers LAN IP address, because it
will be used for the new child routers WAN Default Gateway address. But there is no need to change any of the original routers configuration, so it is best left alone to avoid any unnecessary problems. You will of course need to configure the new child router with an appropriate IP
address which is different to the parent router address. Note: I prefer to use an addressing system which makes things easier for myself...
This system is only my
personal preference cos it makes sense to me - so let's demonstrate it with the following address choices: In the example below, the original parent internet router has LAN address 192.168.1.1 (subnet 1, node 1), so we have given our new child router the adjacent subnet 2 address. And because the child router is still the primary controlling router of its subnet 2 we have given it node address 1 as befits its primary status on its own subnet. So the resulting child router LAN address is 192.168.2.1 To configure the new child router with the chosen IP
address you will initially need to connect to its current IP
address to access the LAN or Network fields where you can enter the new router IP address, then Save, Reboot the router, and reconnect to the new IP. Enable
the DHCP Server and take note of its pool start and end (or size), or
change the settings to something else if you prefer. Enable the wifi and assign a suitable SSID and password. Eventually you may wish to change wifi channels, but that can be done later. (obviously you must always Save any configuration changes, else they will be ignored and lost - and often they may require a reboot) At this point, having now configured the LAN side of the child router, you could connect an Annex node to test the LAN if you wish. After booting the device in Recovery Mode, assign it a static address on the child subnet, eg: 192.168.2.20 Use the routers address of 192.168.2.1 for the Default Gateway field, and of course 255.255.255.0 for the subnet mask. Then try connecting to it in the browser.If all is will with the child LAN, you can move confidently on to the WAN configuration. Connect the WAN port of the child router to any unused LAN port of the parent router. This will make the new child routers WAN connection become a client
on the parent router subnet, so it will need to be assigned a
valid vacant IP address from the existing primary subnet. The parent router is 192.168.1.1, and I have plans for 192.168.1.2, so we'll use 192.168.1.3 for the child WAN address. The WAN Default Gateway address must be set to the subnets primary controlling router, which is 192.168.1.1 The subnet mask will be 255.255.255.0 as usual. Because this is a WAN connection with potential internet access we must provide primary and secondary DNS Server addresses. The parent will already be supplied with the ISP's DNS server addresses, so we can simply point the child DNS to the parent.But I prefer to use the Cloudflare 1.1.1.1 DNS server if possible, so I will use that as the primary, and the parent IP as secondary. This diagram should help make sense of what we've done...  After completing the WAN configuration changes, the new child internet connection can be tested by browsing to any www web site. There are potential advantages to internet isolation - because if you cannot reach the internet, then the internet cannot reach you. If I left home leaving doors and gates wide open, then any consequences of my lazy stupidity would be my own self-inflicted fault. The
same applies to 'cloud' services, which offer free lazy convenience... but the 'cloud' is not white fluffy
innocence, it is the lawless internet - hunting grounds of merciless
ravenous hordes who ruin peoples lives daily for countless different reasons. I strive for system autonomy, but whenever internet access is unavoidable, it is reassuring to keep internet connection to a minimum. Obviously it's not practical to be unplugging a cable... but its a perfect job for Annex, on eg: a Sonoff. I use an old ethernet hub/switch connected between the child WAN and parent LAN ports, and switch it On and Off using Annex on a Sonoff S20. If the 'isolating' Sonoff is logged on to the child subnet then it can only be controlled internally from that subnet, but if logged on to the parent then it could be controlled 'by those in the know' from anywhere in the world. It can also be controlled automatically - so if an event trigger needed to send an email for instance, it could switch on internet access first, send the email, then switch off internet access again after. If an email alert is received (when out shopping for instance), system internet access could be
enabled remotely for whatever reasons, then disabled again afterwards. This can be handy for eg: CCTV DVR server, which could be accessed remotely if needed, but would not normally be available online. You can buy a new 5 port ethernet hub/switches for about a fiver. But you could also use a spare router as an ethernet hub/switch if you disable the wifi... and you can buy a new 2.4Gb routers for about12 quid (with potentially more uses). Whichever you use, simply plug a cable from the Parent into one LAN port, and a cable from the Child into another LAN port, and they will only be connected to each other when the unit is powered up. Adding More Now that you know what to do, it's just as easy to add a second (or more) child subnet alongside the first. You might want to add a 'guest' router subnet with internet access but which isn't able to access anything on your 'private' subnet. Or you might want to add an 'Annex' subnet that would remain completely separate from your 'private' subnet. I can offer guest access to visitors on it if I wish, which provides internet and printer access, but they cannot access anything else. Our 'private' subnet is extended to two different properties, and includes a NAS HDD on its primary routers USB port. The 'Annex' subnet is also extended to the two different properties, plus a sensor zone, covering in total a couple of hundred meters, all on the same SSID so that any Annex devices can contact any others and be moved around if needed. The Annex subnet is normally kept isolated from the internet, but can be connected to the internet whenever necessary. Although your needs will probably be different to mine, hopefully you can adapt what you need to suit your own purpose...  |
Join Our DiscussionCOUNTER |
|