Using wireless router as a separate LAN

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › Using wireless router as a separate LAN

Vapour

8 posts

Wannabe Geek

#237763 17-Jun-2018 12:24

Hi there,

I am trying to create a separate network with WiFi connected to my main network at home for guests.

I have a spare wireless router (Netcomm NF5) that I would like to plug into my main router and use a couple of cabled ports as well as the wireless from that router.

Is this possible through configuration? I've had a quick scan regarding VLANs but networking isn't really my strength and some of it goes right over my head.

Any help would be appreciated!

Cheers
Fabian

Spyware

3818 posts

Uber Geek
+1 received by user: 1366

Lifetime subscriber

#2039053 17-Jun-2018 12:42

Consumer grade routers like you have typically don't support vlans (on LAN interface ports) or the ability to configure LAN ports to be on different networks (as the ports are part of a switch). Only option is double NATing. WAN interface (DHCP or STATIC) of second router connected to LAN of first.

yitz

2238 posts

Uber Geek
+1 received by user: 594

#2039059 17-Jun-2018 12:59

Are you after any sort of isolation? With double NAT set up on the NF5 you could probably isolate between your main network and wired and wireless clients hanging off the NF5 using static route to nowhere for the main network LAN IP range but that's about it.

Although you may see the words VLAN on many consumer routers/gateways the configuration is usually restricted to set use cases, do not expect it to be fully configurable.

sbiddle

30853 posts

Uber Geek
+1 received by user: 9996

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#2039097 17-Jun-2018 13:24

A double NAT scenario may not necessarily offer any form of network isolation at L3 level.

Plugging a 2nd router into your existing one also doing NAT and on a different subnet will offer L2 isolation, but you'll still typically have L3 routing between the two subnets.

richms

29098 posts

Uber Geek
+1 received by user: 10207

Trusted

Lifetime subscriber

#2039112 17-Jun-2018 13:44

sbiddle:

A double NAT scenario may not necessarily offer any form of network isolation at L3 level.

Plugging a 2nd router into your existing one also doing NAT and on a different subnet will offer L2 isolation, but you'll still typically have L3 routing between the two subnets.

Only from the second nat to the first one, which means you would want your private stuff behind the second router so that clients on the main ISP one cannot get into it.

If its that important, start looking at the unifi gateway, switch and APs to set them up.

Richard rich.ms

Vapour

8 posts

Wannabe Geek

#2039182 17-Jun-2018 18:15

Thanks everyone. What's the difference between L2 and L3 isolation?

All I'm concerned about is people on the other network not being able to see my computers etc.

richms

29098 posts

Uber Geek
+1 received by user: 10207

Trusted

Lifetime subscriber

#2039186 17-Jun-2018 18:28

Network layer, if you just give people different IP addresses but they all share the same lan, then its not really that good since firstly anyone can just change their IP address, and also things that do broadcast to advertise themselves will still show to the other computer but then not work if they try to open them.

Really need seperate layer 2 to have any security at all, either thru vlan capable switches and APs and a second SSID, or just running more cables and seperate cheap gear for the guests.

Richard rich.ms

Apple TV

Stream your favourite shows now on Apple TV (affiliate link).

yitz

2238 posts

Uber Geek
+1 received by user: 594

#2039199 17-Jun-2018 18:53

Static route to drop packets destined to IPs on the first routers subnet could be a half arse substitute for proper L3 isolation, but you will also need to block any other IPs on the first router such as its Internet/WAN IP. If you block the first routers subnet you will also block access to the DNS relay on the first router's LAN IP so will need to staticly set Google Public DNS on the guest router or something like that. Off course turn off uPnP and all that.

Vapour

8 posts

Wannabe Geek

#2039220 17-Jun-2018 19:33

yitz: Static route to drop packets destined to IPs on the first routers subnet could be a half arse substitute for proper L3 isolation, but you will also need to block any other IPs on the first router such as its Internet/WAN IP. If you block the first routers subnet you will also block access to the DNS relay on the first router's LAN IP so will need to staticly set Google Public DNS on the guest router or something like that. Off course turn off uPnP and all that.

OK, so what kind of switches/APs would you recommend that are reasonably easy to set up? I just want something with a few LAN ports and decent WiFi.

yitz

2238 posts

Uber Geek
+1 received by user: 594

#2039222 17-Jun-2018 19:48

The Edgerouter paired with Ubiquiti APs looks good and going by the Edgerouter thread you will receive plenty of help here if you need. I have configured one so I know it is quite capable but don't own one myself.

Nothing necessarily wrong with re-purposing a freebie router as guest router/AP for home use, others and myself have made some workable suggestions but as you can see it is more of a hack with limitations certainly not the way to go if you need to have things done properly.