Question A twist to multiple routers

[Tech-help]

We have an ISP Router from ATT, We have in the past connected a linksys router to this router. Now we want to expand and was looking for advise


Option 1
Connect an ER-12 Ubiquiti router to the Lan Port of the Att router (1992.168.4.1)
Connect a Linksys router #1 (IOT devices) to the ER-12 router (192.168.2.1)
Connect a Linksys Router #2 (all other stuff, PC printers, internal nas etc.. ) to the Ubiquiti router (192.168.3.1)
Issue - The ATT router has a pin hole for one port so we can access a nas music library from the public internet which will only point to the er-12 router, as it cant see the others
How do we configure the er-12 to get the port forward to work. IE port forward to the er-12 to the linksys routers port forward to the nas?

Option 2
Connect an ER-12 Ubiquiti router to the Lan Port of the Att router (1992.168.4.1)
Connect a Linksys router #1 (IOT devices) to another Lan port on the att router (192.168.2.1)
Connect a Linksys Router #2 (all other stuff, PC printers, internal nas etc.. ) to the Ubiquiti router (192.168.3.1)
This fixes the port forward issue because we connected the linksys #1 to the att router Lan port
Question - Is having two routers (the er-12 and the Linksys #1) connected to the att router Lan ports going to keep thing secure? or do we have to do something else
thanks

 

[kanewolf]

Why? The edgerouter should be able to do everything you want. Setup multiple VLANs and a single address space on the ER or setup multiple DHCP servers on the ER bound to specific ports. Then switches or access points for WIFI.

 

[Tech-help]

Why? The edgerouter should be able to do everything you want. Setup multiple VLANs and a single address space on the ER or setup multiple DHCP servers on the ER bound to specific ports. Then switches or access points for WIFI.

I dont understand, Are you saying i should physically connect the nas to a port and assign a vlan to that port and then create a port forward?

 

[kanewolf]

I dont understand, Are you saying i should physically connect the nas to a port and assign a vlan to that port and then create a port forward?

That would be one way. Or a DMZ configuration on the ER. I was more thinking of vlans for all functions that the Linksys were supposed to handle.

 

[AtkinsFriendly]

Triple NATing your network is super effective!

Get rid of them Linksys routers and let that Ubiquiti Router SHINE!

Call AT&T, have them turn their modem into a Bridge so YOUR Ubiquiti router is in control and manages all routing/firewall/vlans/etc.

If you want to separate IOT and printers/NAS you can but really unless you got more than 250+ devices its not going to really do any fun and might cause more problems.. BUT lets say you want to seperate anyways, configure the Ubiquity Router to have two different VLANs like KaneWolf said.

Set LAN port 1 on the router is VLAN5 - IOT Devices - network 192.168.2.1/24 (254 devices). Enable DHCP on that port for address range of 192.168.2.2-254.

Set LAN port 2 on router to VLAN6 - System Devices - Network 192.168.3.1/24 (254 devices). You dont have to enable DHCP on this network if you want to set static IPs for everything. Just set static IPs on devices like :

IP 192.168.3.50
Subnet 255.255.255.0
Gateway 192.168.3.1 (your Ubiquiti router for VLAN6)
DNS 8.8.8.8 and/or 192.168.3.1

Port forwards, firewalls, etc can now all be managed on YOUR device and AT&T doesn't complicate things with their equipment and your not triple NATing with all the routers connected to your LAN