2 Routers, 1 Modem

[spolo85]

I've been researching this online for a while now and I keep seeing mixed answers on how-to or even if it's possible from threads that seem to be years old and outdated. Before I ask the question and have the mob with pitchforks come after me, let me briefly describe why I'm doing this setup. I have a small business in which I'd like to supply a 'guest only' wifi access. Meaning that it's secured and separate from my main network. Now I have several POS stations, several internet ready media devices as well as an ATM all hard-wired into my office where my main router is. It's a Belkin AC1200 WIFI router that has a 'guest wifi mode'. The problem is that due to the location of my office and all the dense materials/walls between the office and the main floor where my customers are, the guest wifi is pretty much non-existent. My solution to this was to hard-wire a second router (also Belkin AC1200) from LAN to WAN to the main floor, and turn on the 'guest wifi mode' on there and everything would be all set and done. Unfortunately I found out recently that the two networks aren't actually separated from each other and people on the guest wifi can still ping devices on my main network. So I thought I ask the community here today and see if it is still possible to do what I need to do or if the only solution is to get a modem with 2 separate IP's from my IPS and separate the 2 routers that way. Below is my setup

Main Router
IP Address: 192.168.1.1
subnet mask: 255.255.255.0
DHCP Range: 192.168.1.10 - 200

*Second Router (connected from LAN to WAN)
IP Address: 192.168.2.1
subnet mask: 255.255.255.0
DHCP Range: 192.168.2.10 - 200

*the main WIFI is password protected while I turned on Guest Mode with an open network

I thought by changing the 3rd segment of the IP address would be enough to create 2 separate networks but apparently I was wrong. I'm not too versed with subnet masking but does changing that in any way achieve what I need?

 

[bill001g]

The main problem is the device you are using are not actually "routers" they are better called gateways because they only support a single network.

If it was a actual router you could just define a guest subnet and assign it vlans.

The only chance you have to do it simple is if the second router has firewall rules that allow you to prevent traffic going out the wan port from going to the 192.168.1.x network.

 

[spolo85]

The main problem is the device you are using are not actually "routers" they are better called gateways because they only support a single network.

If it was a actual router you could just define a guest subnet and assign it vlans.

The only chance you have to do it simple is if the second router has firewall rules that allow you to prevent traffic going out the wan port from going to the 192.168.1.x network.

These Belkin routers, or gateways, don't support that kind of tweaking with any firewall rules. Maybe if I installed 'DD WRT' on it, it may have those options available but I'd rather not. I've done that in the past with an old WIFI router but I just don't want to do that here. Do you think there is a device I can connect between these two routers that would achieve this? Preferably something affordable.

 

[bill001g]

I doubt you will find a device that is cheaper than buy a different router for the second device that has the ability to filter/firewall traffic.

If you put a device in the path your would need a firewall that could run at a layer 2 level so you avoid adding even more ip blocks. Actual firewalls are not cheap boxes. Maybe you could find a switch that has the ability to filter traffic. Still you may be better off buy a inexpensive asus or tplink router. I am pretty sure the asus rt-1200 which cost $49 has traffic filter. Asus runs a single image on all their router. The main thing I know is this particular router is one of the few asus routers you can not load the merlin image on so you would have to check it supports firewall. Then again the older ac56r is under $100 and has full merlin support. Merlin is a lot more stable than dd-wrt but has most of the features.

You may just want to buy the better asus and replace your main router and use merlin to create a vlan.

 

[spolo85]

I found a solution that was at no extra cost for me. I had a spare linksys router laying around in which I flashed DD-WRT onto it. Then I followed this guy's blog in which he needed to achieve the exact same result as I do. Worked like a charm.

http://blog.danjoannis.com/?p=1362.

I'm assuming this "pretty much" does what setting up VLANs on the main router would have done. I didn't want to flash or replace my main router so this was a better solution for me. Either way I now have a secured Guest Network!