Setting Up 2 Separate Networks from Single FIOS Line

biocentrism · Dec 3, 2014

I have FIOS at home. I also have a home office where employees come work. For security reasons I want to make sure that the employees cannot access other computers on my home network. So I was thinking of setting up 2 separate networks at home (a "home" network and a "work" network) using my single FIOS line.

Can I just add a separate "work" network by adding a 2nd modem and router connected to a different FIOS outlet and give that router a different SSID and that would be separate network from my home network? Since I will hide the SSID and password protect my "home" network my employees should not be able to access it? Will this work?

Or will the fact that these routers share the same FIOS line screw things up and make my home network accessible by the work network?

Also, can I do this using just 1 modem but having 2 routers, and if so, how?

Thank you.

morrisct · Dec 3, 2014

You can get a quality router such as an Asus Ac-RT68U that allows for multiple (separate) wifi networks.

Guest · Dec 3, 2014

Set subnet masks on the 'work' devices so that theyre unable to see/communicate with your 'home' devices (or vice versa I guess).

Alabalcho · Dec 3, 2014

You cannot add second modem - the rule is "one wire, one modem". So, to isolate PCs, you will need either router capable of that (custom firmwares often can do that), or router with "Guest" network capability (if all your office PCs are wireless).

Guest · Dec 3, 2014

...or configure your network appropriately, removing the need to spend money.

kanewolf · Dec 3, 2014

Since FIOS requires you to use their router (generally), it is a little more difficult. But you have a couple options.

If you plug a second router into the FIOS router, then you would be in a "double NAT" configuration. The devices (wired or wireless) wouldn't see the rest of the devices connected to the FIOS router. There is a tutorial for creating a VLAN on your actiontec router to further isolate the traffic. (this is what @ChrisPat referred to)

The other option is, as @morrisct is to get a router with a guest network. There are many that have that feature, you are not limited to the AC68U he identified.

Guest · Dec 3, 2014

Nope, I wasn't referring to VLANs at all.

kanewolf · Dec 3, 2014

If you don't care to elaborate, I guess none of us will benefit from your "appropriate" network configuration insights...

Guest · Dec 3, 2014

Thank you for the "appropriate" use of quote marks however my answer is above and I see no need to elaborate for your benefit.

kanewolf · Dec 3, 2014

Except netmasks will only work if you assume that ONLY the work devices will be DHCP. Whatever netmask you setup in the DHCP server will be the same for all DHCP devices. If your private phone DHCPs then wouldn't it be visible to the work DHCP devices? Or are you assuming that work devices are static IP and static netmask?

Your statement about setting the netmask on the work devices is not very specific.

bill001g · Dec 3, 2014

You only option with consumer grade routers is if you can get a guest network function to work but be aware this only works for wireless no consumer router has the ability to put lan ports in a guest network.

If you put a second work router behind the first it does not protect you at all in fact it is backwards. The users on the home network can not access the work network because of the NAT but the users on the work network can access the home network and the internet because to them you home network is internet since it is on the wan side of the router.

You can to a point do this if you would put a firewall rule in the second router to prevent access to the home network ip range.

Pretty much to do it any other way you are going to have to get a router that actually lets you run multiple subnets which means running third party firmware unless you want to buy a commercial router.

BuddhaSkoota · Dec 3, 2014

What keeps the work users from resetting the netmask and IP to the home network, thus allowing access to the home network?

The OP is trying to secure the network, and this suggestion to set subnet masks is terrible.

kanewolf · Dec 3, 2014

BuddhaSkoota :

I obviously concur.

I suppose the TRUELY secure answer would be to have TWC pull an internet connection to the same house, put the work machines on TWC and the home machines on FIOS. That also allows the entire cost of the TWC connection to be a business expense. No tax problems with a percentage of the FIOS cost being deductible.

DerekVGH · Dec 4, 2014

You could do it with a Sonicwall router such as the TZ 105W. This router allows you to set up separate zones on different ports and allow/deny traffic between zones just like you allow/deny traffic between the LAN zone and the WAN zone. As this is a commercial router, you also get features such as QoS, VPN and 1:1 NAT.

biocentrism · Dec 8, 2014

kanewolf :

I REALLY have to say that this is a BRILLIANT solution!!!!!! Totally out-of-the-box but soooo simple. All this advice about subnet, masks, VLAN, NAT I have no idea what that all means let alone how to properly configure it.

But man, why didn't I think of this myself. Just use TWC (actually its Comcast) set up a totally separate connection from FIOS. It doubles the cost of the internet but that is fine and it is totally secure (I think?).

Thanks so much kanewolf!!!!!!!!! This made my day!

Search

Setting Up 2 Separate Networks from Single FIOS Line

biocentrism

Reputable

kanewolf

morrisct

Honorable

Guest

Guest

Alabalcho

Titan

Guest

Guest

kanewolf

Titan

Guest

Guest

kanewolf

Titan

Guest

Guest

kanewolf

Titan

bill001g

Titan

BuddhaSkoota

Admirable

kanewolf

Titan

DerekVGH

Honorable

biocentrism

Reputable

TRENDING THREADS

Latest posts

Moderators online

Share this page