Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsLAN (ethernet/Wifi/routers/Bluetooth)Home network setup help
eranda

29 posts

Geek


#309275 4-Oct-2023 11:29
Send private message

I have a self-contained flat downstairs of my house and the plan is to rent it out. 

 

I need to set up a separate Wi-Fi network for the person who lives there and should not have any sort of access to the devices in my main network.

 

When the house is being built I put up a CAT cable down to the flat from the router/fiber ont location.

 

Question: What sort of options do I have to create a completely separate wifi network from my main network?

 

Also, the flat is some sort of fire-rated so the main router's signal strength is not enough to get the default guest network to the flat.

 

Devices I currently have:

 

NETGEAR NightHawk RAXE300 router (main router, currently approx 30 wifi devices connected)

 

TP-Link EAP615 access point with TP-Link TL-POE150S poe injector (Currently connected using Cat cable to the flat and has a separate SSID)

 

I would like to see what options are available for me and sort out simple to complex order. Please let me know what devices I need to get as well.

 

 

 

FYI I'm not a network professional, but software.

 

 

 

 

Create new topic
CYaBro
4590 posts

Uber Geek

ID Verified
Trusted

  #3142704 4-Oct-2023 12:41
Send private message

Are you providing internet as part of the rent or will the tenant pay for that themselves?




Opinions are my own and not the views of my employer.



huckster
844 posts

Ultimate Geek

ID Verified
Lifetime subscriber

  #3142705 4-Oct-2023 12:42
Send private message

If you have a cable going from the ONT area to the flat, could the tenant not get their own Fibre service on the 2nd ONT port?

 

 

eranda

29 posts

Geek


  #3142710 4-Oct-2023 12:49
Send private message

CYaBro: Are you providing internet as part of the rent or will the tenant pay for that themselves?

 

Internet is included in the rent, it is just 1 bedroom flat for 1 person. So I don't mind sharing my connection.



eranda

29 posts

Geek


  #3142713 4-Oct-2023 12:51
Send private message

eranda:

 

CYaBro: Are you providing internet as part of the rent or will the tenant pay for that themselves?

 

Internet is included in the rent, it is just 1 bedroom flat for 1 person. So I don't mind sharing my connection.

 

 

If I do that I believe it is getting another new connection by singing up with a provider. This is a single address (not a duplex) so I'm not sure how it is going to play with. 

frankv
5680 posts

Uber Geek

Lifetime subscriber

  #3142729 4-Oct-2023 13:39
Send private message

You need to set up a router between your network and the flat. Typically, a "modem" incorporates a router, which by defaults allows all wired devices to see all other wired devices. Depending on the router, you may be able to set up the routing tables so that it doesn't forward messages from the flat's wire to anywhere but the ONT, and likewise doesn't forward messages from any other wires or the the WiFi to the flat's wire. That will achieve what you want to do.

 

I'm not familiar with the NETGEAR NightHawk RAXE300 router, so can't comment on whether that allows you to control the routing as I've described. Some modems don't.

 

However, depending on how much bandwidth you have from your ISP, you may find that a single person can use a lot of it, and slow down you own downloads and streams. Also, you as the owner of the connection could be legally responsible for whatever your tenant does. In the unlikely event that RIAA decides to chase down pirates again, your name will be what they find first.

 

 

Lias
5590 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #3144289 8-Oct-2023 15:21
Send private message

frankv:

 

 In the unlikely event that RIAA decides to chase down pirates again, your name will be what they find first.

 

 

Short of a law change, they'd have to go through the Copyright Tribunal processes and that body hasn't issued a decision in nearly a decade.. I'd suggest OP has a better chance of winning lotto than being chased by RMNZ.




I'm a geek, a gamer, a dad, a Quic user, and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it. If you use my Quic signup you can also use the code R570394EKGIZ8 for free setup.

shk292
2858 posts

Uber Geek

Lifetime subscriber

  #3144426 9-Oct-2023 08:56
Send private message

Depending on your tenant's needs, a cost effective solution would be to connect a mesh system that has a Guest network, with a node in the apartment. This will allow the tenant to access internet through your network but not to access any device on the main network. The downside is their own devices will be isolated from each other, so Chromecast etc wouldn't work

 
 
 
 

Trade NZ and US shares and funds with Sharesies (affiliate link).
eranda

29 posts

Geek


  #3144432 9-Oct-2023 09:05
Send private message

shk292: Depending on your tenant's needs, a cost-effective solution would be to connect a mesh system that has a Guest network, with a node in the apartment. This will allow the tenant to access internet through your network but not to access any device on the main network. The downside is their own devices will be isolated from each other, so Chromecast etc wouldn't work

 

Yes, I found out TP-Link EAP615 access point has the capability to create a separate guest network isolated from the router's main Wi-Fi network. Like you said it doesn't see other devices connected to the guest network and Chromecast is not working. However, if you use a network scanner like Fing, it still shows all the devices in the network included in the main Wi-Fi network, but you can't ping them. This is not really the ideal solution I'm looking for.

shk292
2858 posts

Uber Geek

Lifetime subscriber

  #3144433 9-Oct-2023 09:24
Send private message

eranda:

shk292: Depending on your tenant's needs, a cost-effective solution would be to connect a mesh system that has a Guest network, with a node in the apartment. This will allow the tenant to access internet through your network but not to access any device on the main network. The downside is their own devices will be isolated from each other, so Chromecast etc wouldn't work


Yes, I found out TP-Link EAP615 access point has the capability to create a separate guest network isolated from the router's main Wi-Fi network. Like you said it doesn't see other devices connected to the guest network and Chromecast is not working. However, if you use a network scanner like Fing, it still shows all the devices in the network included in the main Wi-Fi network, but you can't ping them. This is not really the ideal solution I'm looking for.


I think that if you just connect a router by its WAN port to a LAN port on your network you'll get the same effect, but without client isolation between the new routers clients. There shouldn't be any way for clients on the new network to access those on your network. This new network will have double NAT, but that isn't an issue for most users. Worth a try if you have an old router to experiment with

coffeebaron
6235 posts

Uber Geek

Trusted
Lifetime subscriber

  #3144443 9-Oct-2023 09:45
Send private message

If your main router can do separate subnets assigned to each Ethernet port, then you just run their Wi-Fi AP on its own subnet connected to the assigned port.




Rural IT and Broadband support.

 

Broadband troubleshooting and master filter installs.
Starlink installer - one month free: https://www.starlink.com/?referral=RC-32845-88860-71 
Wi-Fi and networking
Cel-Fi supply and installer - boost your mobile phone coverage legally

 

Need help in Auckland, Waikato or BoP? Click my email button, or email me direct: [my user name] at geekzonemail dot com

tangerz
625 posts

Ultimate Geek


  #3145600 12-Oct-2023 10:11
Send private message

This would be an ideal situation for VLANs which would be able to do exactly as you want. However, as it appears your router doesn't support VLANs, another possibility, (if you can live with double NAT on YOUR network), is to use a second router before your own router, (let's call this the 'Internet router').

 

 

 

Your network would look like this:

 

ONT -> Internet router WAN -> Internet router LAN -> Your router WAN -> Your router LAN/WiFi devices   (Double NAT, Your network private from tenant)

 

 

 

Tenant network:

 

ONT -> Internet router WAN -> Internet router LAN -> TP-Link EAP615 -> Tenant WiFi devices   (Single NAT, Tenant network visible to you)

 

Or with another router for tenant:

 

ONT -> Internet router WAN -> Internet router LAN -> Tenant router WAN -> Tenant router LAN/WiFi devices   (Double NAT, Tenant network private from you)

 

 

 

Only thing to be aware of in setup is to use a different address space on the WAN and LAN side of your router, such as:

 

Internet router LAN / Your router WAN is 192.168.10.x

 

Your router LAN is 192.168.1.x

 

 

 

Don't do as below, this is the reverse of above as the tenant has a private network but your network is visible to the tenant.

 

shk292: 

 

I think that if you just connect a router by its WAN port to a LAN port on your network you'll get the same effect, but without client isolation between the new routers clients. There shouldn't be any way for clients on the new network to access those on your network. This new network will have double NAT, but that isn't an issue for most users. Worth a try if you have an old router to experiment with

 

 

eranda

29 posts

Geek


  #3145604 12-Oct-2023 10:34
Send private message

tangerz:

 

This would be an ideal situation for VLANs which would be able to do exactly as you want. However, as it appears your router doesn't support VLANs, another possibility, (if you can live with double NAT on YOUR network), is to use a second router before your own router, (let's call this the 'Internet router').

 

 

 

Your network would look like this:

 

ONT -> Internet router WAN -> Internet router LAN -> Your router WAN -> Your router LAN/WiFi devices   (Double NAT, Your network private from tenant)

 

 

 

Tenant network:

 

ONT -> Internet router WAN -> Internet router LAN -> TP-Link EAP615 -> Tenant WiFi devices   (Single NAT, Tenant network visible to you)

 

Or with another router for tenant:

 

ONT -> Internet router WAN -> Internet router LAN -> Tenant router WAN -> Tenant router LAN/WiFi devices   (Double NAT, Tenant network private from you)

 

 

 

Only thing to be aware of in setup is to use a different address space on the WAN and LAN side of your router, such as:

 

Internet router LAN / Your router WAN is 192.168.10.x

 

Your router LAN is 192.168.1.x

 

 

 

Don't do as below, this is the reverse of above as the tenant has a private network but your network is visible to the tenant.

 

shk292: 

 

I think that if you just connect a router by its WAN port to a LAN port on your network you'll get the same effect, but without client isolation between the new routers clients. There shouldn't be any way for clients on the new network to access those on your network. This new network will have double NAT, but that isn't an issue for most users. Worth a try if you have an old router to experiment with

 

 

 

 

 

 

Hey appreciate your reply. Speaking of Vlan, I was researching TP-Link Omada gears. Even for the above your example, I have to get another router, so I can get TP-Link Omada ER605 and use it as 'Internet router' and use one of Omada switches (most of them are VLAN supported, I'm still figuring out which one), And then create 2 VLans (Vlan-1 and Vlan-2) and setup ACLs. In Vlan-1 use Netgear RAXE300 as an access point for my network (That router has great coverage) and use TP-Link EAP615 as a tenant access point in Vlan-2. Of course, I have to learn the configuration as I go. 

 

Any thoughts, or concerns about this setup?

tangerz
625 posts

Ultimate Geek


  #3145716 12-Oct-2023 11:53
Send private message

eranda:

 

Hey appreciate your reply. Speaking of Vlan, I was researching TP-Link Omada gears. Even for the above your example, I have to get another router, so I can get TP-Link Omada ER605 and use it as 'Internet router' and use one of Omada switches (most of them are VLAN supported, I'm still figuring out which one), And then create 2 VLans (Vlan-1 and Vlan-2) and setup ACLs. In Vlan-1 use Netgear RAXE300 as an access point for my network (That router has great coverage) and use TP-Link EAP615 as a tenant access point in Vlan-2. Of course, I have to learn the configuration as I go. 

 

Any thoughts, or concerns about this setup?

 

 

 

 

Yeah what you outline will work fine and if you're happy to go to the expense of all the extra gear and learning involved for setup of VLANs and configuration then go for it.

 

 

 

My example above doesn't require VLANs at all, (but does introduce double NAT, which may or may not matter to you). The 'Internet router' could just be something decent, (but cheap!), like a used Fritz!Box (7490, 7560, 7590) off TradeMe. If you wanted a third router for the tenant to have their own private network too you could use pretty much anything.

 

 

 

An example of setup, (for pretty much your exact situation), look here:

 

https://www.smallnetbuilder.com/lanwan/lanwan-howto/howtotwoprivlan/

eranda

29 posts

Geek


  #3145723 12-Oct-2023 12:25
Send private message

 

Yeah what you outline will work fine and if you're happy to go to the expense of all the extra gear and learning involved for setup of VLANs and configuration then go for it.

 

 

 

My example above doesn't require VLANs at all, (but does introduce double NAT, which may or may not matter to you). The 'Internet router' could just be something decent, (but cheap!), like a used Fritz!Box (7490, 7560, 7590) off TradeMe. If you wanted a third router for the tenant to have their own private network too you could use pretty much anything.

 

 

 

An example of setup, (for pretty much your exact situation), look here:

 

https://www.smallnetbuilder.com/lanwan/lanwan-howto/howtotwoprivlan/

 

 

 

 

Appreciate your reply. I was mainly thinking, can those older routers handle the load, currently I have around 30 internet-connected devices and the tenant is also going to add more. Also I'm thinking to seperate my reolink and Eufy devices into a separate network. 

 

Also, I noted that ER605 itself has VLAN capabilities. So to start with I will be getting ER605 and creating 2 Vlans. Use EAP615 for tenants and RAXE300 for me.

tangerz
625 posts

Ultimate Geek


  #3145728 12-Oct-2023 12:51
Send private message

eranda:

 

Appreciate your reply. I was mainly thinking, can those older routers handle the load, currently I have around 30 internet-connected devices and the tenant is also going to add more. Also I'm thinking to seperate my reolink and Eufy devices into a separate network. 

 

Also, I noted that ER605 itself has VLAN capabilities. So to start with I will be getting ER605 and creating 2 Vlans. Use EAP615 for tenants and RAXE300 for me.

 

 

Yeah if you're looking to create more VLANs for your own network anyway then that is the way to go. You could just set up the tenant VLAN to have internet access only and no access to the rest of the network.

 

 

 

In the other example, the 'Internet router' really only has to deal with traffic from 2 clients, your router and the tenants router, all the traffic just passes through it, and any of those Fritz!boxes will easily handle a gigabit internet connection.

Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright