2 Separate Networks - Same Internet Connection

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › 2 Separate Networks - Same Internet Connection

CGG

14 posts

Geek

#191798 17-Feb-2016 00:00

Hello, firstly, please excuse my ignorance.

My brother lives 200 metres away from me and I would like to broadcast him some internet. - (Only internet).

I have a couple of those cheap outdoor wireless CPE bridges (2km range).

What I would like to do is create 2 networks. My Wireless Modem/Router is a TP-Link TL-WDR4300. On this network I have several computers, a printer and media HDD etc.

I would like to run a cable to my spare ASUS N66U Modem/Router and create a 2nd network independent from the last, however sharing the internet only.(Not sure if this is possible?)

I would then like to connect the ASUS Router Network to the CPE and broadcast it down the road so that multiple devices can access the internet.

I have drawn a diagram...

Please tell me if this is possible. - Much appreciated in advance.

Jase2985

13459 posts

Uber Geek

ID Verified

Lifetime subscriber

#1493555 17-Feb-2016 05:24

with a VLAN yes

michaelmurfy

meow
13242 posts

Uber Geek

Moderator

ID Verified

Trusted

Lifetime subscriber

#1493562 17-Feb-2016 07:26

I do exactly this with a VLAN from my Edgerouter Lite. You could potentially go the double-nat method (hooking your 2nd router up to your first) but double-nat is terrible and I wouldn't recommend it.

Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#1493572 17-Feb-2016 07:56

It's easily done but you'll need to buy better hardware to do it. Something such as a Edgelite as mentioned above or a Mikrotik router will allow you to create two fully isolated networks on their own VLAN.

CGG

14 posts

Geek

#1493843 17-Feb-2016 11:55

sbiddle:

It's easily done but you'll need to buy better hardware to do it. Something such as a Edgelite as mentioned above or a Mikrotik router will allow you to create two fully isolated networks on their own VLAN.

I would still like to have WIFI capability on both networks. Where would the Edgelite Router go? - Would this replace my ASUS Modem/Router (As shown in diagram)?

Thanks

CGG

14 posts

Geek

#1493844 17-Feb-2016 11:56

michaelmurfy:

I do exactly this with a VLAN from my Edgerouter Lite. You could potentially go the double-nat method (hooking your 2nd router up to your first) but double-nat is terrible and I wouldn't recommend it.

I would still like to have WIFI capability on both networks. Where would the Edgelite Router go? - Would this replace my ASUS Modem/Router (As shown in diagram)?

Thanks

NonprayingMantis

6434 posts

Uber Geek

#1493849 17-Feb-2016 12:03

worth mentioning that this is probably against your ISPs terms and conditions.

Not that they will know you are doing it or anything (or really care all that much) but just in case you ever talk to them about it, then probably best not to mention it :)

Also bear in mind that as the account holder you are still responsible for any traffic that goes through the connection, so if your brother down the road likes torrenting stuff, and gets an infringement notice, then YOU will actually get the notice, and potentially a fine if it ever gets that far.

CGG

14 posts

Geek

#1493852 17-Feb-2016 12:10

NonprayingMantis:

worth mentioning that this is probably against your ISPs terms and conditions.

Not that they will know you are doing it or anything (or really care all that much) but just in case you ever talk to them about it, then probably best not to mention it :)

Also bear in mind that as the account holder you are still responsible for any traffic that goes through the connection, so if your brother down the road likes torrenting stuff, and gets an infringement notice, then YOU will actually get the notice, and potentially a fine if it ever gets that far.

I see where you are coming from and I had considered it myself also, however it's kind of like a farm. Same piece of land. - But yes, there are definitely risks. :) (If I can't trust my brother, who else is there?)

Thanks

Equinox IT

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#1493922 17-Feb-2016 12:25

CGG:

sbiddle:

It's easily done but you'll need to buy better hardware to do it. Something such as a Edgelite as mentioned above or a Mikrotik router will allow you to create two fully isolated networks on their own VLAN.

I would still like to have WIFI capability on both networks. Where would the Edgelite Router go? - Would this replace my ASUS Modem/Router (As shown in diagram)?

Thanks

Yes. That would function as the primary router. If you're connected via ADSL2+/VDSL2 you'll also need a modem that supports bridge mode as the new router will be your primary router.

For WiFi capability you'll need to buy new AP's for each location or reuse existing routers as AP's which will work, but not really the best solution.

CGG

14 posts

Geek

#1498819 24-Feb-2016 21:32

Hello,

Thanks for all your help to this point.

I have managed to acquire a Mikrotik RouterBoard 750G which seems quite complex.

I'm not sure exactly what I am trying to do, but I want to create two completely separate networks.

I have included a picture.

Does anyone have experience using the WinBOX Config Utility, and how do you set up two networks within?

Thanks in advance.

PhantomNVD

2619 posts

Uber Geek
Inactive user

#1498832 24-Feb-2016 21:43

As you DO trust your brother... Why the need for completely seperate networks?

I did something very similar with a neighbour when the queue for a port on our rural exchange was over two years long. We actually liked the fact we were sharing so much I ran a hardware Ethernet between the houses (trenched) and we happily shared my crappy 1mb adsl line for nearly 3 years...

CGG

14 posts

Geek

#1498839 24-Feb-2016 21:49

PhantomNVD: As you DO trust your brother... Why the need for completely seperate networks?

I did something very similar with a neighbour when the queue for a port on our rural exchange was over two years long. We actually liked the fact we were sharing so much I ran a hardware Ethernet between the houses (trenched) and we happily shared my crappy 1mb adsl line for nearly 3 years...

Can't trust his wife! ;)

chevrolux

4962 posts

Uber Geek
Inactive user

#1498852 24-Feb-2016 22:31

The great thing about Mikrotik is RouterOS has a great wiki and lots and lots of forum posts to read about. So here are some basic steps to get you started.

First off your network layout should go.

VDSL Modem (bridging) - Mikrotik - 'client' routers

Upgrade your Mikrotik to the latest version (6.34.2 as of this post).

Change the admin password.

Set up the PPPoE client (perhaps on ether1) on the Mikrotik. As in, this is where your internet connection will terminate. (you need to have already set up your vdsl modem for bridging and vlan tagging)

Set up the firewall to stop the big bad wolf getting in.

Now to have separate networks in a home situation like this I would just use up an interface for each network rather than actually tag a true VLAN. So....
On 'ether2', set an appropriate IP address and subnet. Add DHCP server if required.
On 'ether3, set an appropriate IP address and subnet (but obviously a different one). Add DHCP server if required.

Set up a NAT masquerade rule so that each subnet gets NAT'd out the PPPoE interface.

Now you should be able to plug a device in to ether2 or ether3 and get an internet connection.... but they won't be isolated yet.

Now you need an appropriate firewall rule to stop access between the two LAN segments. Again, give it a google - won't be hard to find. But to give you a clue the 'forward' chain is important here.

This isolates things at layer 3 but isn't true layer 2 isolation like a proper vlan would give but seriously, just don't see the point in the home situation.

webwat

2036 posts

Uber Geek

Trusted

#1500162 26-Feb-2016 20:39

I still have a really old ADSL modem that supported LAN "groups", essentially VLANs, but sadly was never very reliable. Some modems/routers allow you to block access to the LAN from wifi users, but sounds like you need to separate the wired LAN ports from each other so thats basically a VLAN. You could find an older managed switch to do it, but setting up VLAN trunks to your modem and stuff might be a bit complicated.

Time to find a new industry!