[SOLVED] How to set up a secure home office network within home network

[stargooo]

I have a D-Link 2888A providing a wired and wireless home network.

I'd like to connect a separate home office network to the home network so that the home office can use the same internet connection, but also be invisible to any of the devices on the home network.

This guide on TomsGuide.com would do the trick, however I'd prefer to only purchase one extra bit of hardware (the router for the office network) rather than purchasing two routers as would be required in that guide.

It doesn't matter if the office network devices can see the home network devices, but I don't want anything on the home network to be able to access anything on the office network.

The house is wired up with cat6 Ethernet so I might as well make use of it.

Is it possible to do what I want with only purchasing one extra router? How do I set this up? Or will I need to get two routers as per the TomsGuide article?

D-Link 2888A modem/router
+ (wifi)
| + home phones, tablets, etc
+ (ethernet)
....+ Main PC
....+ D-Link DGS-1016A 16 port Switch
....|....+ home network PCs
....+ D-Link DGS-1005A 5 port switch
....|....+ lounge devices
....+ [TBA] Home office network << PROPOSED
........+ (ethernet)
........|....+ office PCs, printers (4 devices)
........+ (wifi) (optional)
............+ office laptop

 

[SamirD]

Depends on what the reason is to not have the 3rd router. You can do this using vlans and a managed switch. Or you can do it with an enterprise grade router and can use a single router--except that you still need another device for wifi since your router is actually a modem/router combo and would need to be in bridge mode for the enterprise router (which typically don't have wifi built-in).

Some smb routers also can do vlans as some higher end consumer routers will too.

 

[stargooo]

Depends on what the reason is to not have the 3rd router.

Cost savings, basically.

 

[kanewolf]

Is it possible to do what I want with only purchasing one extra router? How do I set this up? Or will I need to get two routers as per the TomsGuide article?

Yes. You can isolate the office by putting it on the LAN side of a second router. The home network is fed to the WAN port on the router. Traffic from the home network is blocked by the second router just like unsolicited traffic from the internet is blocked by your primary router.
You need to ensure that the LAN IP address range on the second router is different than the home network. This would mean a change in the third set of numbers. For example if the home is 192.168.1.x then you would want to configure the second router IP address and DHCP to be 192.168.9.x (something other than 1).

 

[stargooo]

Traffic from the home network is blocked by the second router just like unsolicited traffic from the internet is blocked by your primary router.

Thank you, the way you've explained that makes such perfect sense it falls into the "why didn't I figure that out for myself?" category!

 

[kanewolf]

Thank you, the way you've explained that makes such perfect sense it falls into the "why didn't I figure that out for myself?" category!

As long as all you want is "internet" access, then my description will work. If you need access to a printer or some other device on the WAN side of the second router, it is much more difficult.

 

[stargooo]

As long as all you want is "internet" access, then my description will work. If you need access to a printer or some other device on the WAN side of the second router, it is much more difficult.

No, internet access is all I need for the office. All the equipment for the office is within that network, completely separate from the home network and equipment.

 

[punkncat]

Such changes can readily be made within the "Workgroup" settings within the Win 10 ecology as well.

 

[kanewolf]

Such changes can readily be made within the "Workgroup" settings within the Win 10 ecology as well.

That doesn't provide any physical separation. An android network scanner would still find all the "office" assets. A second router provides the second NAT protection.