Router behind Uverse 2wire for public wifi access

[lizvick]

Have a small business set up with 5 pc's on a wired LAN - using ATT Uverse 2wire the connections from the ports are
1 and 2 go directly to pc's in close proximity to 2wire (office)
3 goes to a network hub/switch 150' from 2wire router behind cinderblock walls
then from switch 3 other pc's are connected (shop)

I would like to provide public wifi for our customers in shop area so I purchased a linksys n600 with guest access to protect our private network. I also need wireless in the office area.

I was successful in setting up the Linksys directly behind the 2wire, with 1,2 and 3 connections moved to the linksys wireless router and changing the config on the 2wire to detect the router behind the router and turning off the wireless on the 2wire. However, the Linksys wireless signal does not reach the shop area (and customers to whom I wish to provide wifi). Tried a wifi extender (repeater) but the signal was weak and inconsistent.

Tried moving the linksys to the shop area, and connecting the 3 pc's there to the Linksys - problem was that now those 3 pc's are on a separate network and the wireless signal does not reach the office area. Turned the wireless back on on the 2wire but then the internet kept dropping in all pc's.

Any ideas or suggestions? Speak slowly, cause I'm not an IT person, but I follow direction well...

 

[Alabalcho]

Use your new router to provide WiFi to your customer's WiFi using Guest network, and connect that router by cable to your 2Wire.
Get cheap router to provide WiFi to your employees, again connecting it by cable to 2Wire..
On both routers, disable WAN ports and make all connections thru LAN ports. If you run out of LAN ports, use simple Ethernet switch as an extender.

 

[bill001g]

Not going to be easy.

The main problem you have is the guest wireless feature only prevents traffic from going between the 2 groups of users controlled by that router. So when you moved the router your 3 users were protected from the guest BUT the guest as well as your three users could get to the stuff in the other location because from the routers viewpoint that is the WAN port so it is internet.

The router also only protect the wireless there is no way to have a guest wired connection.

A partial solution if you do not need wireless in the shop area for anyone other than guest.

Change everything back to the way you had it. Now plug the new router into the switch in your shop. You can configure a SSID for guest but it doesn't really matter the whole device should be considered guest. This will allow the users to access the internet. Unfortunately it will also let them access you main network. So lets say you use 192.168.0.x for your main network and 192.168.2.x for your new network. What you can do is put a filter rule in the new router that prevents anyone from going to 192.168.0.x It should allow any other addresses so they can get to the internet.

 

[lizvick]

thank you both, I will give both these answers a try!

 

[lizvick]

A partial solution if you do not need wireless in the shop area for anyone other than guest.

Change everything back to the way you had it. Now plug the new router into the switch in your shop. You can configure a SSID for guest but it doesn't really matter the whole device should be considered guest. This will allow the users to access the internet. Unfortunately it will also let them access you main network. So lets say you use 192.168.0.x for your main network and 192.168.2.x for your new network. What you can do is put a filter rule in the new router that prevents anyone from going to 192.168.0.x It should allow any other addresses so they can get to the internet.

Should the 2nd router (Linksys EA2700) have DHCP enabled or disabled? I don't see where I can filter ip addresses in the router configuration.

 

[bill001g]

You want the DHCP on.

Seems this is what I get for not actually reading the manual. I saw it supported guest networks and had firewall support. Unlike many other routers firewall support does not mean you can filter packets. The only thing you could do is use parental support limits but it looks like it only wants URL and will not take IP addresses...then you can only put in 10.

Normally I would recommend a DD-WRT firmware but this router is also in the grey area if it supports it or not some sites say it does and other say the 5g doesn't work.

I can't see a way to protect your users in the other building/network from the guest users with this equipment. Maybe change you main network to some less popular ip range like 10.99.123.x and hope the guest users don't figure out what it is. That really isn't security though since it depends on luck.