Am I properly using a router in my dorm room? Or is it acting like a switch in this case?

Solution 1:

You say this:

However I could not get it to work by hooking up from the jack to WAN port. I had to go from the Ethernet jack to LAN port 1 then hook up my computer, Xbox and PS4 in ports 2 through 4.

If you are not using the WAN port as your main network connection that then feeds LAN ports 1 through 4 — and just using those LAN ports — then you are effectively using your “router” as a switch in some odd way.

I am using it as a switch for my consoles and computer.

Yes. Indeed. You are using your router as a switch. By connecting an Ethernet cable to to your dorm’s Ethernet jack and then hooking that up into LAN port 1, you are completely circumventing the NAT (Network Address Translation) functionality that a router is designed to facilitate.

What is NAT (Network Address Translation) in the context of a simple router?

With NAT happening, all traffic going from the WAN would then be NAT-ed from the WAN to LAN. Meaning — as far as the school network goes — you would have one IP address connected to the router and anything past that router would be on your LAN. So as far as the school’s network administrator goes, they would only see one address connected to that Ethernet port.

That said, the oddball setup you describe must be working because now each device on that “router” — which is now effectively acting like a switch — would have to get its own IP address from the school’s network. Meaning the main DHCP (Dynamic Host Configuration Protocol) server on your school’s network is assigning one IP address to each item on your odd “router/switch” setup individually: the computer, the Xbox and the PS4.

What are the repercussions of using a router as a “switch?”

So as far as the school’s network administrator is concerned, they can definitely see that all three devices are taking up IP addresses on their network.

And past that absolutely anyone else on the school’s network who might be scanning for services and servers will see your computer, Xbox and PS4. So that poses a slight security risk for you.

When a router is properly working with main traffic flowing through the WAN port, you are effectively blocking traffic—not exactly firewalling, but close enough—so only the services from the outside world you want to get through can get through. Without that router acting as a “traffic cop” your systems are more exposed.

My advice? Figure out why the WAN port setup is not working. Maybe it’s a simple configuration tweak. But if you want to “hide” your devices from the larger school network, the setup you are describing won’t work. You must use the WAN port as your main networking port.

Solution 2:

First of all, I would recommend that you disconnect your router immediately. As @JakeGould alluded to, you're using your router as a switch in a "weird way". The weirdness here is that your router is still running a DHCP server, potentially serving IPs to other computers on your school's network.

It's likely that your network administrator already has filters in place to prevent students like you from running DHCP servers and serving IPs to other students. Whether or not they do, they're going to notice this and they're going to be annoyed with you.

Even if your router's DHCP server isn't causing issues for the network at large, it could cause issues for you. Your devices will probably get IP addresses assigned by your DHCP server, not the school network's. If the school network uses the same IP block (10.0.0.0/8, 192.168.0.0/16, or whatever) then your router may assign your device an IP already owned by another student's computer, and that will also cause havoc and/or annoy your network admin. If you do want to continue using your router as a simple switch, disable the DHCP server.

Now, on to the question of why plugging the router's WAN port into the network drop in your room didn't work. At the face of it, this could work, and it could allow you to run multiple devices in your room. Be careful with this, though. If this is disallowed by your network admin's policies, then doing this could anger your network admin. At my college, we had to pay an extra (nominal) fee to hook up multiple devices, and I would recommend you do so rather than try to hide them. Don't annoy your network admin.

It's possible that you could hide NATing like this from your network admin as you suggested, but there are a few other ways for them to tell aside from packet inspection:

  • Your router has a MAC address that has a manufacturer ID that would heavily suggest to interested parties that it is a router and not a computer.
  • Your router can fairly easily be fingerprinted by tools like nmap, which would also suggest that it's a router.

Why didn't it work? I can think of a couple of potential issues. First, your network admin may require registering devices for use on the network, so they might be disallowing your router from communicating. They could also have rules to deny all MAC addresses for devices made by popular router manufacturers in an attempt to enforce a no-NAT policy.

You could also have a simple IP range conflict. If your router is using, say, 10.0.1.0/24 for its internal network, and your school's network is 10.0.0.0/8, your router will get very confused. I think this may well be the problem here because the addresses your router is assigning your devices now do allow them to communicate on the school network. Newer routers are starting to detect this situation and modify their configuration automatically, but older ones won't. You'll need to change your router's internal network to a non-conflicting IP range. In the example above, 192.168.1.0/24 would work.

In summary, don't break the rules and don't anger your network admin. Remember that you may be at this school for a few years and that internet access is important to you. You probably don't want to make your network admin remember your name.