Guest Internet Access - Multiple Access Points

[jdcountryboy91]

Hello all, Here is my setup:
Netgear WNDR3700 - Main router, DHCP turned on
4x Netgear WNR2000 - Setup as Access Points (DHCP turned off), connected to main router via LAN ports

I only want the guest network to have internet access. I have the guest network enabled on the router and access points with the option to "Allow Guest network to access main network" disabled. My problem is that since the access points aren't hooked directly to my modem via the WAN port, the guest network broadcasted from the access points does not have internet access.

I have read up on setting up a separate subnet for the guest network using DD-WRT but was curious if there was a way to get the desired result with the stock Netgear firmware.

Thanks.

 

[Emerald]

use the WNR2000 as routers by connecting the WAN to the LAN of the main router.

change the LAN IP of the WNR2000 to 192.168.5.1 with DHCP enabled

 

[jdcountryboy91]

Would I change all 4 WNR2000's to this same subnet?

 

[Emerald]

yes since they cannot talk to each other it will be fine

 

[jdcountryboy91]

Thanks Emerald, that did the trick. I assigned each WNR2000 a different subnet. How can I access the WNR2000's while connected to a different subnet. I can only access a router if my laptop is connected to it.

Edit: Actually, I can't access any host across the different subnets.

 

[john-b691]

Working as designed. You can only administer most routers via a LAN address, if it has the option to enable remote admin via the wan you may be able to use the WAN address.

The reason they cannot talk is the same reason someone on the internet cannot access your machine. You will need to port forward on the routers to a particular machine. Then you must access these using the WAN address of the router they are attached to

 

[jdcountryboy91]

Knowing this information, What would you recommend? I need to be able to access hosts across the entire network. I need to have a secured WiFi Network and a Guest WiFi network that only has internet access (I'd like to setup QOS to limit the guest bandwidth). I have the 1 main router which the entire wired LAN runs through containing various switches (the other WNR2000 routers were meant to just be wifi access points). I have a file server that also hosts a few network applications. All the desktops, printers, and IP cameras in the office have static IP addresses but a few laptops are dynamic.

With the above info, would it be easier to drop back to just a single network like before and install DDWRT on the access points to configure a Guest "internet only" WiFi? I'm not too familiar with port forwarding but if that design is easier, I'm all for it.

Thanks guys!

 

[jdcountryboy91]

Any ideas? I need local network access on these access points. I'm going to have to change the setup back to get my LAN connection back.

 

[john-b691]

The only way to really make this work when you need guest and local on all the devices is to run vlans. You will need dd-wrt to do that in most cases.

 

[jdcountryboy91]

Thanks john, I have read how to do that dd-wrt. I'll experiment with that later on this week.