Question Setting up a separate Network for Garden House

[xterd]

Hello IT/Network Specialists, CAN YOU HELP ME PLEASE?
I could really use your advice on a personal home network challenge!

Here’s the situation: I have a network set up in my home with a router (FritzBox 7590), and from there, I’m using a TP-Link Deco M4 as a network extender to reach my basement. Now, I’d like to run a 50-meter UTP cable from the Deco M4 in the basement to my garden house and set up a new wireless network there.

The catch: I need the internet to come from my main house, but I want to ensure that devices in the garden house can’t access the devices in my home network.

My question: Is it possible to simply connect a new router in the garden house (which is connected to the Deco M4 in my home) and enable Guest Network mode, or is there a better approach to achieve this setup?

Looking forward to your insights!

Thanks in advance!

 

[bill001g]

I am going to bet it will not work.

Key here is the concept of "guest". The way this is implemented on consumer routers is kinda a firewall thing rather than a true different network. If you were to look at the IP you get on the guest network and the main network they come out the same DHCP pool.

What most consumer routers do is say devices on the "guest" network can only go the the internet. Which is fine except this so called guest network is only implemented between the wifi chips and the router chip inside the router.

You are talking about different physical boxes and want to have different networks between boxes. When traffic passes between boxes it loses the concept of "guest"

Actually very simple to do if you have something that at least partially supports enterprise features. Your firtz box likely does but not very likely the tplink deco stuff.

What you would do is make different vlans. Even though very technically the traffic is all on the same network when it passes between devices there are tags on the packets that prevent the data from being sent between the vlans.

A kinda hack solution that works in simple cases might be to buy a router that has some basic firewall ability for the remote location. Lets say your main network is 192.168.0.x and your second network is 192.168.1.x. You would put a firewall rule in the remote router that says 192.168.1.x devices can talk to everything except 192.168.0.x. Now I guess if you were to buy another fritz box you could put in multiple different networks and let some of them talk to the main network and others not. Gets more and more complex.

Most more complex installs you have to use vlans.

 

[Ralston18]

@xterd

Your post appears to be very much a homework like question and Forum rules prohibit doing homework and/or work assignments.

No way to know the full truth of the matter from this end.

What you need to do is to present a plan that includes the necessary network devices and the applicable network configuration settings.

Explain what you believe will work and include reasons and references.

Sketch out a network diagram and fill in the details. Show your requirements and your work thus far.

Identify specific problems and questions.

Then others may post comments and suggestions as necessary and applicable.