Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsLAN (ethernet/Wifi/routers/Bluetooth)Options for Separate Internet Access for Tenants
Earbanean

723 posts

Ultimate Geek


#275683 3-Sep-2020 16:33
Send private message

We have a self-contained flat in the basement of our house that we're going to rent out again.  Previously, we've let it to friends or family and they have shared our internet.  However, with potentially strangers in there, I want to look at options to offer them internet access, but keep their access separate from ours.  The flat has it's own WAP (Cambium cnPilot E400 and one ethernet socket, both cabled back to our managed switch and router (Edgerouter Lite).  We have another couple of WAPS and lots of ethernet ports in the main house and we also use a geo-unblocking dns service on the router.

 

The options I see are:

 

1. VLAN

 

Set up a new SSID on the flat WAP and VLAN tag it.  I'd also, VLAN tag the port on the switch for the flat ethernet.  This would mean I'd have to get up to speed with VLAN tagging and separation rules on the ERL.  I'd probably also need to ensure the flat VLAN didn't have the geo-unblocking DNS.

 

2. Router Port

 

I could connect the flat WAP and ethernet port to Eth2 on the ERL, thus putting them on a separate subnet.  I'd have to wipe existing SSIDs off the flat WAP and replace with just the new guest SSID.  This would be simple to set up and is easy to set DNS at interface level in the ERL.  Are the subnets completely separate?

 

3. Separate ONT

 

If for some reason the tenants wanted their own router and ISP account, could I get a second port provisioned on the ONT and patch that to the ethernet to the flat.  They could then connect their own router to the flat's ethernet socket.

 

 

 

What are the various pros and cons of these approaches and things I might have missed or need to consider?

 

 

Filter this topic showing only the reply marked as answer Create new topic
Handle9
9641 posts

Uber Geek

Trusted
Lifetime subscriber

  #2556574 3-Sep-2020 16:40
Send private message

@michaelmurfy would probably be best to comment.

 

I'd probably just do 2 and give them a nude ethernet socket to do with what they wished.

 
 
 
 

You will find anything you want at MightyApe (affiliate link).
nztim
2832 posts

Uber Geek

ID Verified
Trusted
TEAMnetwork
Subscriber

  #2556577 3-Sep-2020 16:45
Send private message

I would create a separate network (however you wish to do this) with a different Subnet fire walled from your home subnet

 

If you go down the VLAN path

 

SSID with a unique VLAN which would also have to be on your switch and the Edge Router, the tagged port on the edge router would need a different subnet, with different DHCP scope from your LAN

 

If you use a different port

 

use the another port on your Edge router to a different WAP with a different subnet and DHCP scope

 

 

 

 




Any views expressed on these forums are my own and don't necessarily reflect those of my employer. 

sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #2556579 3-Sep-2020 16:51
Send private message

Remember if you're just using a different subnet (via VLAN or physical port) that you'll need appropriate firewall rules to isolate traffic.



Earbanean

723 posts

Ultimate Geek


  #2556584 3-Sep-2020 17:08
Send private message

Yeah, as I said in option 1, I'd have to get up to speed with setting rules for VLANs.  I thought maybe with the different physical port (and bridging not turned on), that I might not have to.  Is that not the case?

nztim
2832 posts

Uber Geek

ID Verified
Trusted
TEAMnetwork
Subscriber

  #2556587 3-Sep-2020 17:13
Send private message

Earbanean:

Yeah, as I said in option 1, I'd have to get up to speed with setting rules for VLANs.  I thought maybe with the different physical port (and bridging not turned on), that I might not have to.  Is that not the case?



You will need turn of bridge and assign another subnet as well as obtain another WAP and as @sbiddle said firewall the two networks from seeing each other

This is the best option if you don't understand how VLANs work




Any views expressed on these forums are my own and don't necessarily reflect those of my employer. 

shim99
80 posts

Master Geek

ID Verified

  #2556591 3-Sep-2020 17:21
Send private message

I had a similar situation a while ago and used the following blog post to help me navigate around the edgerouter and e400

 

https://blog.gruby.com/2015/07/05/setting-up-a-guest-network-with-the-edgerouter-lite/comment-page-1/

 

The most difficult part was the edgerouter, the bit on the cambium is pretty easy as its just a new SSID that uses the appropriate VLAN tag. Happy to provide more information if useful. 

PolicyGuy
1543 posts

Uber Geek

ID Verified
Lifetime subscriber

  #2556594 3-Sep-2020 17:25
Send private message

I would first ask the tenant if they want landlord-provided Internet.
They might say "no" because they've got a Wireless Internet modem & account already, or they are quite happy to hotspot off their mobile, or they just don't want Internet - yes, it does happen.
If they say "yes", get them to contact their RSP to get the second ONT port livened, you just provide an Ethernet cable from the ONT to the flat, where they can put their RSP- or self-provided router.

 

That way, it's nothing to do with you, you will have no explaining to do if they do something extremely dodgy, it won't be on your IP address.
Besides that risk, allowing a tenant to 'share' your Internet connection may be in violation of your RSP's Ts&Cs.

 

Two ports on the ONT, use them!

 

 

 

 

 

Edit: speeling



Earbanean

723 posts

Ultimate Geek


  #2556595 3-Sep-2020 17:26
Send private message

shim99:

 

I had a similar situation a while ago and used the following blog post to help me navigate around the edgerouter and e400

 

https://blog.gruby.com/2015/07/05/setting-up-a-guest-network-with-the-edgerouter-lite/comment-page-1/

 

The most difficult part was the edgerouter, the bit on the cambium is pretty easy as its just a new SSID that uses the appropriate VLAN tag. Happy to provide more information if useful. 

 

 

Thanks, I'll have a look a that.  I was fairly confident the VLAN tagging bit would be easy, on both the WAP and the switch, but I thought the firewall rules would be a bit of a learning curve.  I'd hoped maybe different subnets from the physical ports on the router (with bridging off) might do it for me, but seems not.

Earbanean

723 posts

Ultimate Geek


  #2556596 3-Sep-2020 17:31
Send private message

PolicyGuy:
Besides that risk, allowing a tenant to 'share' your Internet connection may be in violation of your RSP's Ts&Cs

 

 

Hmm, not sure in a case where it's the same address that's not subdivided.  i.e. If I have a flatmate or boarder, they can use my internet connection.  If they're in a part of the house that happens to have it's own kitchen area and bathroom, I'm not sure it changes.

 

Although, I get your point about them potentially doing something dodgy on our connection.  

danfaulknor
860 posts

Ultimate Geek

Trusted
Prodigi

  #2556613 3-Sep-2020 19:10
Send private message

It's already been mentioned but personally I would under no circumstances allow strangers to use a residential internet account in my name. You're in for a world of hurt if they do something dumb, illegal or both. A secondary port on the existing ONT is probably the safest option, though not the cheapest.




they/them

 

Prodigi - Optimised IT Solutions
WebOps/DevOps, Managed IT, Hosting and Internet/WAN.

Filter this topic showing only the reply marked as answer Create new topic





News and reviews »

New Air Traffic Management Platform and Resilient Buildings a Milestone for Airways
Posted 6-Dec-2023 05:00

Logitech G Launches New Flagship Console Wireless Gaming Headset Astro A50 X
Posted 5-Dec-2023 21:00

NordVPN Helps Users Protect Themselves From Vulnerable Apps
Posted 5-Dec-2023 14:27

First-of-its-Kind Flight Trials Integrate Uncrewed Aircraft Into Controlled Airspace
Posted 5-Dec-2023 13:59

Prodigi Technology Services Announces Strategic Acquisition of Conex
Posted 4-Dec-2023 09:33

Samsung Announces Galaxy AI
Posted 28-Nov-2023 14:48

Epson Launches EH-LS650 Ultra Short Throw Smart Streaming Laser Projector
Posted 28-Nov-2023 14:38

Fitbit Charge 6 Review 
Posted 27-Nov-2023 16:21

Cisco Launches New Research Highlighting Gap in Preparedness for AI
Posted 23-Nov-2023 15:50

Seagate Takes Block Storage System to New Heights Reaching 2.5 PB
Posted 23-Nov-2023 15:45

Seagate Nytro 4350 NVMe SSD Delivers Consistent Application Performance and High QoS to Data Centers
Posted 23-Nov-2023 15:38

Amazon Fire TV Stick 4k Max (2nd Generation) Review
Posted 14-Nov-2023 16:17

Over half of New Zealand adults surveyed concerned about AI shopping scams
Posted 3-Nov-2023 10:42

Super Mario Bros. Wonder Launches on Nintendo Switch
Posted 24-Oct-2023 10:56

Google Releases Nest WiFi Pro in New Zealand
Posted 24-Oct-2023 10:18








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







Backblaze unlimited backup






RSS feeds
Main feed
Forums feed
Copyright
©2002-2023 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Affiliate links
Mighty Ape
Sharesies
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright


This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.