Scanning local networks larger than 256 devices

Frank_YYZ · August 27, 2019

I have a home network on IP addresses 192.168.17.xxx. My Ubiquity Unifi system also allows me to set up a guest WiFi network on a separate VLAN. (In my case 192.168.16.xxx). That way guests can access the Internet but can't see any of my home devices.
Is there any way to have my Fingbox scan both networks to let me know what's going on with my guest network, while staying in touch with my regular LAN? If you choose the IP addresses wisely, you can arrange it so that Fingbox doesn't have to scan a huge number of addresses. (In the case above, only 512.)

It seems to me that, if I could set the Fingbox netmask to 255.255.254.0 I could accomplish this, but I haven't seen where I can specify a netmask. (While we are at it, it would be really nice to be able to give Fingbox a static IP, outside my DHCP range.)
Is there a menu somewhere that allows be to set this? Maybe a future rev could implement this?

mozarella · August 28, 2019

I'm also using this kind of setup. Unifi network, LAN and guest-LAN/wifi. I also use 2 fingboxes for this two networks.

As Robin said, Unifi is splitting the LAN and Guest-LAN into two seperated LAN-systems (differnt DNS, DHCP, Gateway, IP-ranges...).

@Frank: you do not need to have direct access between fing.app and fingbox-guest. Fingbox is connecting over LAN to Internet and fing.app is also connected to Internet. Once the fingbox is set up and activated (*) you just need to have internet-access with fing.app and woldwide you could monitor both fingboxes. Just need to change network in top middle pulldown-field of fing.app. Alerts will be pushed via fing website, doesn't matter wich fingbox is generating the alert.

(*)to set up a fingbox, you need to have fing.app connected to that network. So you could plug in the fingbox to guest-LAN and your Smartphone to guest-wifi. Then open fing.app and search for new fingbox.

VioletChepil · August 27, 2019

I'm looking for more details, I've also turned this into a question thread and once a suitable answer comes in you can accept the answer!

Pooh · August 27, 2019

Frank_YYZ said:

I (While we are at it, it would be really nice to be able to give Fingbox a static IP, outside my DHCP range.)

I set up a Mac address reservation on my Eero Mesh\Router to force it on a known IP address.

Robin_Ex_Fing · August 27, 2019

Hey @Frank_YYZ (I'm on Support team here)
Here are some more details about Fingbox and guest networks.

The guest network creates a separate network gateway so that network cannot connect with the main network. It keeps the connections separate. The Fingbox is designed for the average home network. It can manage/control one LAN or VLAN and one 2.4 GHz /5 GHz Wi-Fi network with the same SSID. You will need to pick one of your SSIDs to monitor/control via the Fingbox.

There a few things that are best practices:

1. On a large number of routers the Admin user ID and password are right on the bottom of the router.
2. Some Guest & primary networks share the same password.

Every home grade router has these features and please follow these steps for adding security:

1. Change the admin password to something with 11 characters or more. 11 characters as a base make it hard for password crack utilities to break. Having more than 16 is even better.

2. Change the Guest network password or even turn it off when not in use.

So, in your case, if you want to monitor the guest network, you could use a separate Fingbox and just block all the devices.

Also, Fingbox does not support static addressing as of now. If you wish to assign a static IP address to Fingbox, you need to make changes on the router's page. Assigning Static IP address to most devices is easy, just go to its network settings, look for DHCP option and turn it OFF. Once you do that, you'll see a text area to enter Static IP address. Enter the new IP address there, save changes.

If you are unsure of how to assign a static IP address, then you can either watch this link as a base or you can get in touch with your ISP and they will be able to guide you better.

Link to external article: https://www.youtube.com/watch?v=8UhiORc5QAc

Frank_YYZ · August 27, 2019

I would be willing to get a second Fingbox to monitor my guest network. But how would I talk to it? Wouldn't I have to constantly disconnect from my home network and jump onto my guest network to communicate with it? This would be a fairly massive inconvenience. Otherwise, the Fingbox would have to have it's user interface on one subnet while being set to scan another subnet. (This seems like a fairly major FW change.)
Could I remotely monitor this Guest Fingbox?

Anyway, the Ubiquity Unifi system is pretty good about separating guest from home WiFi networks and most of the suggestions above have already been implemented. I went through several manufacturers' home routers that had limited, buggy SW before settling on this system.

Frank_YYZ · August 28, 2019

mozarella,
This looks like the neatest and simplest solution to my problem. I'll get a second fingbox and access it remotely.
I appreciate the time you took to detail the various steps involved. You've made the process pretty well idiot proof!
Frank

Scanning local networks larger than 256 devices

Best Answer

Answers

Categories