two router guest network issues

Discussion in 'PC Hardware, Software and Displays' started by Sxotty, Sep 12, 2014.

  1. Sxotty

    Veteran

    Joined:
    Dec 11, 2002
    Messages:
    4,890
    Likes Received:
    344
    Location:
    PA USA
    I want to connect from modem to my router for my lan then use second router to provide guest wifi. However, if I use the 2nd router I also need to use a lan port on 2nd router for htpc. Is there a way to keep lan ports of 2nd router on same subnet as first router and still have the WiFi of 2nd router isolated?

    Basic layout:
    Modem-router 1 with most of lan and wifi-router 2 with guest wifi and rest of lan

    Should I just hook up switch for rest of lan and hook router 2 to switch or is it possible to do what I want with just two routers?

    edit:

    LOL I apparently forgot that I had set my laptop not to obtain the IP address automatically at some point when I was messing about. The second router said it did not have internet access and I believed it. Upon changing laptop to obtain IP automatically I was able to get on the internet through lan port of the 2nd router which has the AP isolated. I will have to check and see if it actually is later. What is the best way to do this? Will the getmac command alone be sufficient?

    Bah I can see all the other computers on my network through WIFI so apparently the set AP isolated command in ASUS routers is ineffective, but the getmac command did not show them.
     
    #1 Sxotty, Sep 12, 2014
    Last edited by a moderator: Sep 12, 2014
  2. itsmydamnation

    Veteran Regular

    Joined:
    Apr 29, 2007
    Messages:
    1,297
    Likes Received:
    396
    Location:
    Australia
    don't rely on "security" commands on a consumer POS router ( all consumer kit is a POS).

    what do you mean by isolation? at layer 2 (vlans) , at layer 3 (VRF's ) ? . do you want to firewall between layer 3 segments?

    Generally speaking you wont find many consumer devices that implement any of this very well if at all. just use WPA2 without WPS and live with everything being on the same segment, WPA2 is likely the thing implemented most securely as the have follow a standard for that to actually work.
     
  3. RudeCurve

    Banned

    Joined:
    Jun 1, 2008
    Messages:
    2,831
    Likes Received:
    0
    Is your 2nd router being used as a wireless repeater to connect to the 1st router? If physical distance is not an issue than I would use a small switch to add more ports to the main router and then use a separate "extender/repeater" to add guest WiFi access.

    Normally you can't cascade routers unless you turn off the DHCP servers on the cascaded routers and turn them into dumb access points/switches.
     
    #3 RudeCurve, Sep 13, 2014
    Last edited by a moderator: Sep 13, 2014
  4. pcchen

    pcchen Moderator
    Moderator Veteran Subscriber

    Joined:
    Feb 6, 2002
    Messages:
    2,749
    Likes Received:
    127
    Location:
    Taiwan
    If what you want is to avoid computers on the 2nd router to be able to see other computers on the 1st router, then the best way for a consumer router is to make it a NATed subnet of the 1st router. i.e. you connect it to the 1st router through its "WAN" port, using DHCP. This puts all clients on the 2nd router in a NATed domain. This could cause some problem for a few applications but it should be secure. However, if you do it this way, the HTPC connected to the 2nd router wouldn't be able to see computers on the 1st router.

    Using different subnets is not secure because it's easy to manually change IP address.
     
  5. RudeCurve

    Banned

    Joined:
    Jun 1, 2008
    Messages:
    2,831
    Likes Received:
    0
    Not only that but the HTPC isn't isolated from the WiFi guess computers either...
     
  6. Sxotty

    Veteran

    Joined:
    Dec 11, 2002
    Messages:
    4,890
    Likes Received:
    344
    Location:
    PA USA
    Thanks for the info.
    I have an ASUS RT-AC68U for the main router and an ASUS RT-AC66U for the secondary router. It does appear that the functions of the AC66U are not really active if the DHCP server is off. I wanted to use it as a router so I had access to the bandwidth management and so forth. If I make it an AP then I cannot do that anymore. Maybe the problem is that the first router is the DHCP server so anything connecting to the network has to get access through the AC66 to the AC68. I have an old netgear switch lying around that I can plug into the network between the two routers, but it seems wasteful to run a 16port switch just for the HTPC :).

    @Pcchen, yes I tried that earlier and it worked to isolate the network, but the HTPC obviously could not get the NAS on the primary network.
    Right now I had this
    Code:
                    ____primary network (NAS and everything else)
                   /
    MODEM--> AC68U<              HTPC
                   LAN of AC66U<
                                  - GUEST network
    
    Which was obviously insecure.




    So if I do connect it like this

    Code:
                    ____primary network (NAS and everything else)
                   /
    MODEM--> AC68U<         HTPC
                    SWITCH<
                            WAN of AC66U - GUEST network
    
    Then it should make the GUEST network properly isolated and secure while retaining the ability of the HTPC to access the rest of network. Basically I was just wondering if that was the only easy way to do this. The AC68U should be able to limit the bandwidth of the 66U and thus the guest network, but the switch seems kind of lonely with only two connections :).
     
Loading...

Share This Page

  • About Us

    Beyond3D has been around for over a decade and prides itself on being the best place on the web for in-depth, technically-driven discussion and analysis of 3D graphics hardware. If you love pixels and transistors, you've come to the right place!

    Beyond3D is proudly published by GPU Tools Ltd.
Loading...