Some routers support a separate "guest" network for these purposes. Not sure how widespread this feature is, but I know the D-Link DIR-655 has it.
You can accomplish pretty much the same thing using multiple routers (and before we had guest networks, that’s what you had to do).
[modem](lan)<-- wire -->(wan)[tenant router](lan)<-- wire -->(wan)[landlord router]
In this case, the landlord’s network is protected by a firewall. But the landlord still has access to the tenant’s network because it lies upstream. You also have to make sure each router is using different networks/subnets (e.g., 192.168.1.x and 192.168.2.x). One downside (for the paranoid) is that at least theoretically, the tenant *could* engage in ARP poisoning of the traffic coming from the landlord’s router as it traverses the tenant’s network.
For *the* most secure network, you really need 3 routers in a Y configuration.
[landlord router](lan)<-- wire -->(wan)[primary router](wan)<-- wire -->(lan)[tenant router]
Of course, the primary router is connected to the modem over its WAN port.
Now you have complete isolation, neither network can access the other (of course, since the landlord has physical access to all the equipment, there is at least some theoretical risk to the tenant, but that’s always an issue in this type of relationship). And you can even use the same network/subnet as long as you have no intention to access each other’s network.
Facebook
Twitter
Instagram