[SOLVED] Daisy Chain 2nd Wireless Router for I.o.T. Security

chubasco

Distinguished
May 7, 2001
53
0
18,530
WHAT I WANT TO DO:
My wife has started purchasing "smart" devices and I can no longer just say no. So, I'd like to separate my Smart / Internet of Things (IoT) devices from all of the other devices on my home network by creating an entirely different network through my single home internet account (single modem). I'd like to avoid buying any new hardware or software, so I'm hoping I can reuse one of the old wireless routers that I have laying around. Also, I am just tech savvy enough to be dangerous (mostly to myself).

WHAT I DON'T KNOW:
- Can I simply plug one of my old wireless routers into one of the Ethernet ports on my current wireless router, thus creating an entirely separate network for these less trustworthy IOT devices?

- If yes, then is there anything I need to do / configure on the second router to avoid problems (ex to avoid IP conflicts)?

- Also, will this configuration actually prevent the devices connected to the second/daisy chained router from connecting to or otherwise communicating with devices on the primary router?

WHAT I HAVE:
ASUS RT-AC86U Wireless Router - currently used for my home network. Plugged directly into modem. Connected to non-IoT devices (ex laptops, mobile devices, gaming systems, streaming devices, etc).

Netgear Wireless N 300 Router WNR2000v2 - hoping to use as wireless router for IOT devices (ex TV's, smart plugs, etc).

Linksys E3000 Wireless Router - could be an alternate to Netgear router above.

Single Cable internet connection / account through Motorola Surfboard SB6141 modem.

WHAT I HAVE DONE:
I've already plugged the Netgear (secondary) Router into one of the ports on the ASUS (primary) router, and confirmed that the Netgear router can access the internet. I've also configured the Netgear router with its own SSID, new passwords (admin & wifi), and updated the firmware.

Any help appreciated, thanks in advance!
 
You only sort-of create a separate network without a VLAN on your primary router. Once the IOT devices traffic is on the wired ports of the second router (even the WAN port) then it is intermixed with the rest of your network unless you can VLAN the port on your primary router. Most home routers don't support VLANs. Second source firmware may allow you to VLAN. Are you running Merlin firmware on the Asus ?
 
Thanks @kanewolf! I am not running Merlin firmware on the ASUS, just the latest firmware from the manufacturer.

So, if I have these two routers (ASUS & Netgear), neither of which have a VLan feature, then is there some other relatively inexpensive (less than $75) piece of hardware (like a switch) that I can put between the modem and the two routers that will allow me to segregate the IoT devices from all other devices in my house, and with minimal configuration and maintenance?

To clarify, I don’t need the IoT devices to interface with any of the other non-IoT devices in my household, so having two separate home networks would be OK...assuming I can do this with my single home internet account.
 
So, there is no hardware (router, firewall, switch) that can be installed between the modem and the two WiFi routers? I thought setups that support multiple separate home networks using a single internet account effectively segregated all devices from eachother on the separate networks...
 
So, there is no hardware (router, firewall, switch) that can be installed between the modem and the two WiFi routers? I thought setups that support multiple separate home networks using a single internet account effectively segregated all devices from eachother on the separate networks...
I provided you the links to do that. A VLAN on the Asus will isolate the traffic from the second router from the rest of your network.
If that is unacceptable, then you could put a firewall with multiple ethernet ports after your modem. But you would be doing the same thing. Creating separate networks. That is what a VLAN does.
 
Again, thank you very much @kanewolf!

I couldn’t find any reference to a VLAN on the ASUS-WRT Merlin site, but will look into further. Also, I’ve recruited the help of a network security buddy of mine, who also mentioned the firewall configuration.

I’ll report back here with whatever solution we end up with.

I provided you the links to do that. A VLAN on the Asus will isolate the traffic from the second router from the rest of your network.
If that is unacceptable, then you could put a firewall with multiple ethernet ports after your modem. But you would be doing the same thing. Creating separate networks. That is what a VLAN does.