Create a guest access without using the "Guest wifi" feature

[7sebas]

I have a large network which connects to the internet via a dedicated modem. This modem is hooked up to a big switch to which my router as well as other computers are conencted. Now I want to set up a guest access over a different router so that people who visit can connect to the internet and not see anything thats on my network. Mind you that I can´t change the network infrastructure and the guest access on the currently installed router won´t work (It wouldn´t work because in order for the guest access to work the router would have to be acting as a modem). Any help would be greatly appreciated!

 

[RealBeast]

To be clear your setup is: Modem > Switch > Router ? That is odd unless you have multiple IP addresses with your ISP.

And more details of your hardware would be helpful. If your current device does not work then it must be a DSL modem/router combo and you need to buy a plain router.

In any event what you need to do is set up the guest router as an isolated router by attaching to the guest router WAN port, using a WAN gateway address that is the network DHCP server, set the guest router IP to an address outside the main network range to create a distinct subnet, then set up security and wireless channels as you wish. That will isolate the guest wireless from the rest of the network. Here is a picture of what you are doing more or less (the shield router as it is labeled would be the guest router).

 

[boosted1g]

To be clear your setup is: Modem > Switch > Router ? That is odd unless you have multiple IP addresses with your ISP.

And more details of your hardware would be helpful. If your current device does not work then it must be a DSL modem/router combo and you need to buy a plain router.

In any event what you need to do is set up the guest router as an isolated router by attaching to the guest router WAN port, using a WAN gateway address that is the network DHCP server, set the guest router IP to an address outside the main network range to create a distinct subnet, then set up security and wireless channels as you wish. That will isolate the guest wireless from the rest of the network. Here is a picture of what you are doing more or less (the shield router as it is labeled would be the guest router).

This wont prevent router 2 from accessing devices on router 1, only router 1 -> router 2.
Bottom line this can not be done without configuring router 1 to create a separate VLAN for guests.

At OP: Not sure where you got mislead to think that for guest access the router has to be a modem
As stated there is no gain in having a switch between a router and modem. A router is needed to share the 1 internet connection with 1 IP from the ISP to many computers, thus anything else plugged into that switch with router 1 will not work (unless modem is a modem/router combo).

 

[RealBeast]

Sure it will, it is a different subnet that only accesses the Internet through the gateway router. I've done this setup many times for users that want it and then have to modify when they decide that they want access.

I understand that my inelegant wording created confusion. Each subnet has a distinct address set and each has its own DHCP running, the only access from the guest device is to the Internet by using the main router IP address as its WAN address.

Agreed that more information on exactly what is the goal would help.