#2 How to connect and have two separate networks with 1 modem and 2 routers?

microdol

Distinguished
Mar 11, 2006
19
0
18,510
This is maybe a question a little different than the others.
Can I use my modem, use a 4-port switch, and plug in TWO routers to the switch?
One router is going to be specific to my desktop WORK PC, the other is going to be used for everything else, my personal PC's, my tablet, my smart phone.
My work says I can plug in all my stuff into the router they are going to supply to me, but if I let them do that they can monitor everything I do.

*I know I can plug one router into the other router's WAN port, I don't think I want to do that.
Can I use my modem, a switch off that, and plug in each router to a port on that switch?
Could I use a T splitter off the coax coming into the house and run two modems, each with their own router?
I really don't want to get into having to change the Net/Subnet and all that stuff, I just want it to work without 'big brother' (my company) being able to watch EVERYTHING I do.
 
Solution

That's not, how it works.
Connecting to your work network most likely will require setting up VPN connection.
The connection will be available to your pc only and not to other devices.

How exactly do you imagine your work to be monitoring anything you do on other devices?
Like examining logs of your router or something? Change access password of the router, disable access to router control from wan interface.
 
As indicated you can just hook 2 routers to a modem because you only have 1 ip address.

In general if you were to plug the work router wan port into a lan port on your main router it would mostly isolate things. The traffic from your personal devices go directly to the main router so the work router could not monitor the traffic.

Now if you really worry about things technically the work pc behind the work router can access you devices on the main network. They can not actually monitor traffic but it could for example mount file shares. If you protect you pc with passwords it should prevent access.

I strongly suspect what the work router does though is run all the traffic via a VPN so that would prevent access between the networks.
 

microdol

Distinguished
Mar 11, 2006
19
0
18,510
I have one modem, and my own personal router which is an Asus RT-AC1200 dual-band, my work one is a Cisco Meraki MX64W, which I know nothing about. Still in the box.
First I thought I could port from one modem to a switch and have two routers, some places say I can't,
so I was just trying to find a way to keep my personal data and web surfing tendencies out of the eyes of my bosses - which they have admittedly said they COULD see if they wanted to.
My thought was - Modem -then my ASUS - then the Cisco into a port on my Asus - and shut off the wireless part of the Cisco, have it be wired CAT5-only to my work-only tower PC, an H-P fwiw.
Them use my laptop and my son's laptop going into my wireless Asus.
 
That method will work to prevent them from seeing any web activity on the machines your network. It really doesn't matter if you connect to the asus via ethernet or wifi they are all connected inside the router.

This is pretty much the same reason for example your pc can not see what your sons pc is doing. They would have to somehow gain control of your router or attack your pc to see anything.
 

USAFRet

Titan
Moderator


No.
The modem serves one and only one downstream device.
A single router or PC.

It will not talk to 2 routers.



If you pay the ISP for two independent connections. $$$.
 
Using the switch will work if your ISP provides more than one IP.

ISP are often using a NAT on the public IPs they buy, which makes them less stingy with their IPs.

Test it with the switch or router by plugging the modem into one of the LAN ports of your router and then put two devices on it.
 
I dont see why you wouldnt go Modem ---> Work router (meraki, say it is 192.168.0.1 for example) --> plug your personal router into the Meraki router, give your personal router a different IP to dish out via DHCP (eg 192.168.1.1). connect your work devices to the meraki's extra ports/ wifi connection. Connect your personal devices to your routers extra ports/wifi - this should provide a reasonable amount of isolation as your work devices would be have an IP of 192.168.0.X while your personal devices would have a 192.168.1.X address
 


If the packets go through the work router they can get them.

I doubt they will let him configure it either.
 

microdol

Distinguished
Mar 11, 2006
19
0
18,510


That's what I am afraid of, that's why I want to go:

1) Modem
2) My router - mainly for WiFi
3) Work router - CAT6 wired to work PC, WiFi shut off, wired into the WAN port of my router.

I know little about VPN, I am hoping I can let them allow me to shut off WiFi on the work router,
if not I will just have to play with channels and hope the one I pick doesn't interfere with the other one,
since they will be about 2-3' apart.

 


To properly nest them you will go modem->wan(yours) -> lan -> wan (theirs)
make sure the third number in the subnet is different.

Did you test to see if you can get 2 ips?
 

microdol

Distinguished
Mar 11, 2006
19
0
18,510
Guys, I will play with it next weekend more.
In the meantime, I hooked up this way - modem-'my Asus'- then 'work Cisco', G/F tried getting into her work,
and it denied her because her IP address was different. I think her work was expecting to see
her work cisco IP or MAC address, but since the Asus was the 'lead' router, it saw that one instead.
(G/F's work gave her the Cisco and told her she HAS to use it)
So I pulled the ASUS out because she has to be able to work, for now anyway.

To do what I want I have to have my Asus first, then the Cisco, so I need to either change the settings in the
ASUS, to a VPN or something, but either way the settings from the Cisco have to go thru the Asus unabated,
unchanged, so her work sees its' settings and not mine.
I want all wireless to go to the ASUS, and her work tower is wired CAT6 into her Cisco, I don't even want to
use the Cisco for anything wireless.
We do not have the provision to get into the Cisco and make any changes.

ASUS is an AC-1200, and I cannot find any aftermarket firmware that might allow me to do other things... if that matters.
 


MAC isn't sent out over layer 3. They can only see public ip, source and destination port until the connection is made.
They could of configured specific rules on the router so that the source port from their viewpoint is specific and/or rules for your public ip. If they want specific source ports then you have no choice but to have that router at the edge of your network, unless you can configure some rules yourself. If you can't then the only way to split it is to get 2 ips from your isp.
 
Solution