Network Development

Chapter 3

The Router and ISDN

Well, I keep living and learning, I think. My great mission of the winter was to configure a telecommute station to go with my network, and attempt to integrate the internet at the same time. Given the availability of ISDN locally I concluded that this should be the basis of the communications circuit. I ordered a NetGear RT328 ISDN router, a Netgear XM128 ISDN terminal Adapter (ISDN MODEM), and a DS108 Netgear Hub so I could offer 10BaseT circuit to connect with the router as it did not do 100BaseT as the rest of my network does.

Disable DHCP unless you really want it.

I also asked USWEST to pull the ISDN circuit. The long and short of it is that The USWEST phone man showed up a week after the service was promised and declared that he was a week early. He then came back in a week and did part of the work and hasn't been seen since. As I write this in early January 1999, the hardware is all here but USWEST is still missing. The router is interesting, and provided me a few experiences before I got control of it. It is shipped with the factory defaults apparently assuming that it is going to be connected to a Peer to Peer Win 95/98 network. I say this because it comes with DHCP enabled in the sense that it thinks that it is the DHCP server. After I got it, I took my network down to change the hub so I could use it, and while the network was down I plugged this router in and rebooted the network. As fate would have it, half of my workstations booted normally and the other half didn't. After much grief, I figured out that the router was competing with my 'real server' to provide IP addresses to my workstations.

Use WINIPCFG to clear DHCP Leases

Once I figured this out, I knew I had to jump right in and configure the router. As with many routers it has two configuration options. It has a serial port and may be configured via the serial port with a dumb terminal or once you get it working it is accessible via telnet. Both entry paths give you the same menu system. I had to start out with the terminal method as it had my network in shambles. I used a provided serial cable and Hyperterminal as provided with Windows NT. Once I had disabled it DHCP sever attribute, I was then able to recover control of my network by going from workstation to workstation and using WINIPCFG to cancel the leases on the bogus IP addresses. it took me a while to 'remember' this however. After years of conditioning I've developed the reflex response that when you need to change a configuration option on a computer you can just make the change and reboot the computer and all will be well. When you monkey with DHCP this is not necessarily true as DHCP dispenses the IP addresses on a 'lease basis' and you have to manually force a renegotiation of the lease in order to get the configuration change to 'take'. WINIPCFG is the WIN98 utility suitable to that purpose.

USWEST is slow

Get your SPIDS

Ultimately USWEST did return (after numerous phone calls and about 6 weeks) and complete the installation of my ISDN circuit. I then had to learn about SPIDs. It seems that ISDN lines have not only phone numbers but also circuit identifiers. the circuit identifying number is the number that the telephone switch uses to recognize the circuit. The first order of business in hooking up a router to an ISDN line is to put your SPIDS in. At least in my case, the SPIDS were the 10 digit version of your phone number (area code plus 7) followed by "1111" (four ones). The ISDN circuit consists of 3 channels. Two of these channels are the 64k circuits that are 'user accessible' and the third channel is a narrower 'control channel' which helps the main channels do their thing. The control channel is 'up' all the time which implies that your router really needs to be a permanent part of the wood work. The next thing that you learn as you read about ISDN is that it is not as standard around the world as one would wish. If I got this straight, by the European convention, the background control circuit terminates in a control box installed by the phone company on your site, whereas in North America, the end of the phone company equipment is simply an RJ45 terminal block nailed to the wall and the termination for the background channel is integrated into the router or other ISDN appliance.

Think about where to locate the router

There are plenty of technical pages about ISDN around so please pardon the casual description of very technical issues here. One of the problems that I had to deal with and to do with physically locating my router. In my office configuration the 'telephone room' and the 'computer room' are different rooms some distance apart (actually about 60 feet apart). I had to figure out whether the router was a piece of telephone equipment that belonged in the telephone room or a piece of computer equipment that should be in my 'server room'. I've changed my mind on this a couple of times. My office phone system is a good old fashion Bell System analog Merlin 820 which is nailed to the wall in the phone room next to my phone jacks. A Bell System classic, it handles up to 8 outside analog lines, and 20 extensions. The router has 2 POTS ports and my plan was to feed the POTS ports right back into the Merlin system so the ISDN legs would be two additional outside lines on my phone system when not busy doing computer things. This dual purpose in inherent in the design of the ISDN, and was of particular interest to me because the ISDN circuits due to telephone company switching limitations on my local switch were hot-wired by the phone company to a different telephone exchange effectively giving me foreign exchange access at the local rate. Stated bluntly, by ordering the ISDN line, I got two POTS lines to the Portland calling area for the price of the ISDN circuit ($70.00 per month) which is saving me from $150 a month in toll charges that we formerly had. The bad news is that the free lunch probably isn't forever as someday they may actually put a ISDN switch in St. Helens which will take the fun out of it. Enough said.

Security is an issue

I guess I have digressed a bit. If I was to locate the router in the phone room it would be convenient for the purpose of jumpering the POTS lines into the analog phone system, but it would be less convenient for the purpose of making the interface into the computer system My first decision was locate the router in the computer room and in consequence I pulled 2 RJ11 cables for the POTS lines and a CAT 5 RJ45 cable for the ISDN circuit. This let me locate the router next to the sever where I could watch the idiot lights on it, and also save me pulling an RS-232 line all the way from the computer room to the phone room for the RS 232 configuration circuit It also provisioned me with a POTS port in the computer room convenient for deal use of analog modems. At least in the configuration state, I think this approach makes sense. Particularly if you are like I was and never configured one before, you need to be able to see the lights on the router from where you are doing the configuration Other than the initial setup, however, I have never used the serial port circuit again and will likely take that down at the next opportunity Having the RS 232 port on the router is important in case you get locked out of it, but once it is in service, with the basics, it is far easier to telnet into the router. You can do that from any station on the network and need only to know the IP address of the router (which is your router is working will also be the readily available default gateway IP address as well) and the router password. Security is an issue here. Access to the Netgear router configuration is password protected, with the only loophole being the ability to 'reset the router' which is available via the serial port access. This implies that for security purposes the router must be located in a physically secure place (to keep stray laptops with RS232 cables from reaching it) and strongly password protected to keep telnetters out of it. Remember, the router is the interface between your network and the rest of the world, and contains within it the parameters for allowing/disallowing/controlling dialup acces into you network, and also contains options which simply allow your server to be made visible to the rest of the world over the internet. The option of making your server visible over the internet is just another menu item among many in the router configuration program, so if security is an issue, you control your router access pretty carefully.

Many configuration approaches

You can face configuring the router in several ways. First Netgear furnishes a program called 'Firstgear' which is a router configuration application that you can load onto your system. It has two modes, a 'quick' configuration and an 'advanced' solution. Upon loading Firstgear, it first searches the network for routers and demands the router access password unless you have been careless enough to leave the router set to the default password in which case it just enters the router. The 'quick' configuration performs a general reset of the router to default conditions, and then follows this with a menu driven configuration routine that takes you from beginning to end of the install. By contrast the 'Advanced' routine does not reset the router to its default state and allows you to individually select and change configuration items. In either case, once you have done the configuration, Firstgear saves the configuration by dowloading it to the router. The Telnet solution is the alternative. In this approach, there is no user friendly application on your hard drive. You interactively hook right to the router via telnet and what you see are the terse menus embedded in the router ROM. Of course, as I have mentioned you can use a dumb serial terminal to get in via the serial port, or any PC in a serial terminal emulation mode (Hyper Term)

The Netgear RT328 router (and its brother the RH428) are designed for the SOHO market and by default contemplate working on a small Peer to Peer network which is why they ship with DHCP turned on. The difference between the RT328 and the RH428 is that the latter has a 4 port 10bastT hub integrated into it while the former doesn't. If all you are after is integrated and shared internet access you can simply plug up to 4 WIN 98 machines (with network cards) into the 4 RJ45 ports on the RH428 and have 4 computers sharing an ISDN line (once you get it configured). The less expensive RT328 router has only one RJ45 cable for network access so you either have to plug it to a hub (which I did) or us the provided cross over cable and plug it straight to a single computer in case you have a 'one computer' network.

Brave new world

Having never dealt with either a router or ISDN before, my learning curve was incredible. There are simply a multitude of issues that you have to resolve. Once you get the SPIDS in along with the phone numbers, your POTS lines will work. In my case this made evone happy because the POTS access to Portland was the cost benefit. The next thing that I learned was that the POTS lines are of a very high quality. The POTS circuit can, of course, be used or an analog dialup modem. With a USRobotics V90 modem I get a 50,333k connection each time and every time which is pretty good for analog modems connections. My less expensive Gateway WIN modem seems to prefer 48k. In either even those are good POTS numbers.

Need ISDN internet provider

However, ISDN is where I was headed. I finally found an internet provider that supported ISDN at a reasonable price. In contrast to the customary unlimited access on POTS accounts, ISDN accounts universally have hour limits on them. At least here in Oregon that is likely driven by the phone company tariff which has a 200 hour per month limit on ISDN circuits for the basic charge. They don't want them competing with fractional T1 lines although technically that is effectively what they are.

I ordered an account with ISDN service and was off and away, almost. At first they failed to configure the ISDN on their end and I didn't know this which cause me a bunch of grief because I could not for the life of me understand why I couldn't make an ISDN connection hold. I could dial in to their system but as soon as I logged in, it kicked me off. Oh, Well, live and learn. I had more challenges. The real one was finally coming to understand how Netscape or Explorer would ever come to figure out that you had a router on your network or that behind the router was a path to an ISP. I've wondered about that for years, and guess what, it doesn't. There are several critical configuration options in your network that you must make for this to work correctly.

Default Gateway

One of the first things that you much configure is a 'Default Gateway'. In the TCP/IP scheme of things, the default gateway is sort of the dead letter box with a back door. Every computer on your network has a TCP/IP address and communications intended for another addressee are dumped out on the network where they are broadcast to all clients on the net, but only accepted by the one to whom they are addressed. Messages for unknown addressees go into the bit bucket, unless, of course, there is a default gateway. Locally unknown addresses are presumed to be on the other side of the gateway, so you computer tosses them at the default gateway address which needs to be the address of your router. If you have a Windows NT network, the default gateway is a 'property' of the range of DHCP addresses which you define when you configure DHCP within Windows NT. Consequently, a critical step of getting your router to work is to make sure that your network has a defined 'default gateway, and make sure that the address assigned to that default gateway matches that of the router. the IP address is the router is a configuration item as is an address for a default gateway in your network operating system. You have to get them on the same page. You can view the assigned default gateway IP address with a "route print" command from the Dos prompt on your workstation, or by loading "WINIPCFG.EXE" from the Dos prompt. Once you have aligned the address of the default gateway and that of the router you should be able to PING your way out of your network and to your ISP. Specifically, if you have things working as they should if you enter from the Dos prompt a command such as "ping [ISP address]" this command should sail into your router, trigger the ISDN circuit to go active and look for the IP address on the other end of the ISDN connection. Ping will likely time out and return a not found report the first time you do this because it will give up before the ISDN connection goes active, but if you try it again shortly after it fails the first time you should get a response. Although the ability is ping out of your local network and on to the ISP is a critical precondition of getting the Internet access to work, it is not all. Your favorite browser works from those user friendly URLs. Again you don't directly tell Netscape to 'use the router, stupid!" You have to sneak up on it. Your user friendly browser will resolve the user friendly domain name such as "www.europa.com" into an IP address by looking it up in a domain name server. You need to tell your computer where to look for the domain name server. to be sure you can configure Windows NT to be a domain name server, but that is not what you want to do here. what you need to do here is to configure your workstation (Under TCP/IP properties associated with your network card) to give it the IP address of the domain name server associated with your ISP. In this way when you give netscape a URL to find, it will go looking for it on the equipment with the DNS address which you have supplied which will just happen to be an IP address not recognized on your local network, so it will head for guess where? The router! Where all locally unrecognized IP addresses go.

The AMD k2/350 upgrade

Some days, I think the quality of this electronic stuff leaves something to be desired. In December of 1998, I decide that my old Multi-user Dos server had been sitting around long enough, so I decided to upgrade it to make another network client. The fan bearings in the power supply had dried out so the cooling fan squealed as did the auxiliary fan in the bottom front of the case. Worse, the BIOS was too old to work correctly with a giant hard drive I wanted to install, and beside that, it was a Pentium Pro 200 (one of those Giant Socket 8 hummers). I decided an motherboard change was the way to go. I ordered a Shuttle 555 motherboard from one supplier and an AMD 233 from another (egghead). Both orders proved disasters. Egghead slipped me a mickey and shipped a Cyrix 133 in an AMD 233 box (and absolutely refuses to respond to my customer service complaints about it). I faxed them several times and have emailed them 3 or 4 times and never a live response. The auto responder acknowledges the emails but that is all. As for the shuttle motherboard. I never could get it to work. I've previously installed Shuttles in half a dozen computers without a problem, but this one was a no go. I spent so much time messing around trying to get this upgrade to work that the 233 speed processors virtually disappeared from the market. When I finally decided to reorder, my favorite supplier of the moment was featuring the S1590 Tyan Trinity with an AMD 350. This sounded like fun as decent AT style motherboards are getting hard to find. I bought it only to discover that I needed to get some PC100 RAM if I was going to get the front side bus (FSB) to work at 100 Mhz, and the SIMMS that I had were all for 66 MHz motherboards. Indeed all 72 pin memory assumes a 66 MHz motherboard speed. the Board has a jumper for 66 or 100 FSB but .....

All was well and good. I finally got a system that will boot and run under windows 98. Even though the boot time is nothing to write home about, the overall performance of the system seems reasonable and perkier than that of the P233 systems. Then I decided to put a network card in the system. My first effort was a Netgear FA310. Card. This is what I had in the rest of my network except for the server which came with a 3COM card in it. Disaster. Windows 98 mis-recognizes this card as a DEC card and insisted on installing the DEC card drivers in lieu of the correct drivers. You are suppose to be able to manually delete the DEC drivers to prevent this behavior but I never could find all of them. I had this problem to a lesser degree on my other systems which also use this card, but with them if you disabled the spurious driver, the system never tried to put it back again. While this dogged determination to install the wrong driver was never a problem on my Intel installations, I finally figured out how to circumvent it and actually make the correct installation. The problem was that if you tried to delete the DEC drivers the system would lock up during the exit and never jet the job done. Ultimately, I drilled into the SYSTEM Icon in the control Panel and instead of removing the offending drivers, I Disabled them. This allowed the system to shut down normally, and restart without using the drivers. In a second pass through I was able to remove the DEC drivers and in a third pass to install the NetGear driver. Too bad the thing still didn't work. The Card was deaf. It could transmit but couldn't hear.

After failing with the Netgear card, I was off at Fry's on other business and picked up a Linksys network card figuring surely it would work. Well, it doesn't work either. Diag says the card is ok, (loopback etc), but it won't ping anywhere. Ultimately the results were similar to that of the Netgear card. I could get the network idiot lights to blink all over the network with a ping command but it never could hear the network respond.

Two weeks later. Well, I got a third brand of card, a 3com 3c905B, and tried it. The results are approximately the same. Actually The 3COM card broke the system so badly that I couldn't even get the diagnostics program to load. I have about concluded that this motherboard doesn't like network cards. Boy am I a slow learner. I've even tried slowing the FSB down to 66 in hopes this would help, but it didn't seem to make any difference. One more clean install and I think I will give up on this motherboard.

Later: A friendly email from a reader advises that if I had just turned on the USB option in the BIOS the network card would have worked. No matter that I wasn't using the USB. Oh well, I got rid of the computer.

Still later (February 1999 to be exact). I tossed in the towel on getting the AMD / TYAN Super7 to work. Support inquiries disclosed it was suppose to work, but it didn't. I ordered an new style Enlight ATX case and an Abit BX6 revision 2 board with a Pentium II 350. I then stripped the Ram, the Hard drive, the video card, the CDROM and the floppy drive out of my existing system along with the network card and plugged the same into the new bare bones. Windows ground for a while as the Plug and Pray did its thing, and the computer fired off the first time. I had even tossed in an internal Zip drive for good measure. It found the Network as soon as it was plugged in. I didn't even reinstall WIN 98, just transplanted the Hard Drive. I don't know what to make of it, but I am at least wondering if the power supply in the cae is haywire. The case was the one I had used for years with my disbanded multi-user system, and it refused to boot after sitting around for a while. Previously I had installed a Shuttle board in it and that wouldn't boot either. The Tyan board appeared to operate normally except I could get the Network card to work in more than one direction. Psst! Anyone want a bad luck case? Anyhow, the hand writing is on the wall about the cases anyway. The old AT style cases are out and the ATX form factor is in. As much as I hate to admit it, the ATX form factor is an improvement. The I/O ports are all integrated on the motherboard saving a bunch of cables. Boy have we come a ways on integration over the years. I won't miss the ribbon cables for serial ports. What a pain!

I'm pretty warm on the Enlight 7237 mid tower case. It comes with rails for the 5.25 inch objects so they just snap in, and the entire 3.5" caddy snaps into place. Other than the case cover being a bit hard to remove working inside is a delight. The case is a couple of inches deeper than most so the 3.5" drive caddy is in front of the motherboard instead of on top of it. The version of the case I bought came from " http://www.tccomputers.com " and they provide the optional 300 watt power supply and a second fan on the bottom front. I looked at some Antel cases at Fry's which looked pretty junky by comparison.

FIRE the SYS-ADMIN

Problems like those just described can be absolutely maddening. I finally gave the computer that I couldn't get to work away, and ultimately built three more based on Enlight cases without ever figuring out what was wrong. The subsequent computers that I built had mixed results. One would go on the network and the other wouldn't. Months later when I was reconfiguring my network, I discovered why. The problem is that the SYS-ADMIN (me) is an idiot. It seems that the last time I had messed with the network, I had hard coded the IP address of a network printer instead of putting it on DHCP and for reasons beyond comprehension I had assigned it the next number up the list above the number of computers that I then had on the system, and then I had failed to exclude the IP address in the DHCP exclusion list.

The combined effect of these two exercises of stupidity was that I had an IP address conflict on the network which is a well understood way to make a network not work. Worse, because it was with a printer, for reasons not clear to me no error messages complaining of a conflict ever appeared. If I would add two computers to the system at the same time then of course, one would work and one wouldn't, etc. Anyhow, any SYS-ADMIN that screws up the IP addressing as badly as I did ought to be fired. Unfortunately, one of the penalties of being self employed is that the luxury of immediate termination is not available as a remedy for this sort of a mess.

Continued.....

- - written July 17, 1999 (11:31am)

- - Updated 12/16/2012
- - Updated 04/25/2008
- - Updated 2/8/01
- - Updated
- - Updated 03/21/2008