Question Two houses are sharing same internet plan! Alternative ways to add more access points?

[ismmostaar1]

Two houses are sharing same internet plan, they have this setup:
Router (house 1) → Switch (house 1) → Access Point 1 (house 1) & Access Point 2 (house 2)
meaning the two APs are linked to the switch via LAN cable, now house 2 want to add two extra APs in the upper floors, while i know that the best simple way to do this is by just plugging extra cables to the switch, but for whatever reasons i need to know the best alternative way to do it in which APs 3&4 will be linked to the AP2 in house-2 not to the router/switch in house-1 if that possible,

which option would be the best alternative that will assure stability and maximum bandwidth/internet speed flowing between the APs
Option 1: Access Point 2 → Access Point 3 → Access Point 4 (APs are linked sequentially via LAN cables)
Option 2: Access Point 2 → Access Point 3 & Access Point 4 (APs 3&4 are linked to AP2 via LAN cables)
Option 3: Access Point 2 → Switch 2 → Access Point 3 & Access Point 4 (same as opt2 but a switch's between AP2 & APs3+4)

last question please, if it's option 2 or 3, and giving that the internet plan is 100mb, should AP2 have 1GB LAN port to assure stable flow of the 100MB between APs 3&4? or it won't make a difference if AP2 is also 100Mb port, thank you so much.

 

[kanewolf]

Two houses are sharing same internet plan, they have this setup:
Router (house 1) → Switch (house 1) → Access Point 1 (house 1) & Access Point 2 (house 2)
meaning the two APs are linked to the switch via LAN cable, now house 2 want to add two extra APs in the upper floors, while i know that the best simple way to do this is by just plugging extra cables to the switch, but for whatever reasons i need to know the best alternative way to do it in which APs 3&4 will be linked to the AP2 in house-2 not to the router/switch in house-1 if that possible,

which option would be the best alternative that will assure stability and maximum bandwidth/internet speed flowing between the APs
Option 1: Access Point 2 → Access Point 3 → Access Point 4 (APs are linked sequentially via LAN cables)
Option 2: Access Point 2 → Access Point 3 & Access Point 4 (APs 3&4 are linked to AP2 via LAN cables)
Option 3: Access Point 2 → Switch 2 → Access Point 3 & Access Point 4 (same as opt2 but a switch's between AP2 & APs3+4)

last question please, if it's option 2 or 3, and giving that the internet plan is 100mb, should AP2 have 1GB LAN port to assure stable flow of the 100MB between APs 3&4? or it won't make a difference if AP2 is also 100Mb port, thank you so much.

Put a switch in house 2 then run all the house2 APs to that switch. The uplink from that switch goes to house 1.
This may violate the terms of service of the internet provider for house 1.

 

[bill001g]

It will actually be quite a challenge to find new AP that uses a 100mbps internet almost everything uses 1gbit now days. Older stuff uses 100mbps but it also does not support the newer wifi also. Unless you are sharing files between machines inside your house it doesn't really matter since there is only 100mbps of internet total.

 

[ismmostaar1]

Put a switch in house 2 then run all the house2 APs to that switch. The uplink from that switch goes to house 1.
This may violate the terms of service of the internet provider for house 1.

There is no violation, everything is consensual between the owners, house 2 owner just wants WIFI signal in all floors and doesn't want more cables hanging out of the house, now if I understand your better there is an option 4 where the setup should look like this?
Router (house 1) → Switch (house 1) → Access Points 1 (house 1) & Switch (house 2) → APs 2 & 3 & 4. right?

 

[kanewolf]

There is no violation, everything is consensual between the owners, house 2 owner just wants WIFI signal in all floors and doesn't want more cables hanging out of the house, now if I understand your better there is an option 4 where the setup should look like this?
Router (house 1) → Switch (house 1) → Access Points 1 (house 1) & Switch (house 2) → APs 2 & 3 & 4. right?

It has NOTHING to do with the home owners. It has to do with the agreement home owner 1 has with the ISP. Generally the terms and conditions for home internet service prohibit sharing it to a second address.
Switch1 (house 1) -> switch2 (house 2) -> AP1, AP2, AP3

 

[evermorex76]

You didn't mention models being used but Options 1 and 2 probably aren't available because generally APs don't have multiple LAN ports to allow them to be daisy-chained unless they are very expensive models. Some of them have 1 passthrough port but those are still more expensive models. Option 3 would just be ugly and still depends on AP2 having a pass-through LAN port on it. @kanewolf's response is the proper way to configure a network (as you laid out in your response) as long as everyone trusts everyone else (everyone in the two houses can see everyone else's devices right now and with the new arrangement).

Option 4 would be setting up a mesh via AP2, with AP3 and AP4 connecting wirelessly to AP2. Assuming the signal strength is good enough, there ought to be plenty of bandwidth to share only a 100Mbps Internet connection and not have to run cables. You didn't say anything about the design of the houses. Do you have an Ethernet cable just running outside between buildings? Not only is your setup violating your ISP's terms of service, but you're violating building codes and risking equipment damage if lightning strikes nearby, and of course risking the security and privacy of the people in both houses by sharing networks.

 

[ismmostaar1]

You didn't mention models being used but Options 1 and 2 probably aren't available because generally APs don't have multiple LAN ports to allow them to be daisy-chained unless they are very expensive models. Some of them have 1 passthrough port but those are still more expensive models. Option 3 would just be ugly and still depends on AP2 having a pass-through LAN port on it. @kanewolf's response is the proper way to configure a network (as you laid out in your response) as long as everyone trusts everyone else (everyone in the two houses can see everyone else's devices right now and with the new arrangement).

Option 4 would be setting up a mesh via AP2, with AP3 and AP4 connecting wirelessly to AP2. Assuming the signal strength is good enough, there ought to be plenty of bandwidth to share only a 100Mbps Internet connection and not have to run cables. You didn't say anything about the design of the houses. Do you have an Ethernet cable just running outside between buildings? Not only is your setup violating your ISP's terms of service, but you're violating building codes and risking equipment damage if lightning strikes nearby, and of course risking the security and privacy of the people in both houses by sharing networks.

I never said that this setup belongs to me in particular, consider it as general knowledge information, or can't hurt to know kind of discussion, not that I encourage this but where I live fiber prices are high and sharing internet plans is a common thing, and cables are managed carefully using wire loom tubes where the ethernet cables goes inside to protect them from rain and sun heat.

Anyways I agree with you on the mesh option but it's only the better option if you don't care about receiving the full internet plan speed in all house stories/areas, like if a plan is 100Mb you're okay with receiving only half of that or less in the second floor, but if you for whatever reasons needs to achieve maximum speed possible in most of the house then I'd go with the option that @kanewolf suggested, which is setting a switch to switch connection between the two houses then linking more APs to it.

You've also mentioned something about risking the security and privacy of the people in both houses, can you elaborate on that please! as far as i know routers/access points are secure and someone that's connecting to router 1 can't spy on someone who's connected to router 2 or am i wrong? i mean if it's risky then why people are using same WIFIs in Cafés/Companies/schools & Universities Etc. , And what can you advice on keeping privacy for people who are in these situations? thanks.

 

[bill001g]

Lan was never meant to be secured. First you only have 1 router and even if you have 2 it still has limitation on what it can restrict.

The first exposure is that your machine by default will assume "private" network security options. This is so you can share files and printers but this also exposes your machine to others and they can attempt to hack it.

Even if you were to secure the machine and even have a fancy firewall to prevent traffic between machine you can do nothing when someone can touch and change the hardware. It takes little effort to say place a switch in the path that makes copies of all your data to a second port. So someone can see all your data....this is not as bad as it used to be because traffic is encrypted but there are ways to attempt to hack past that if someone is very determined.

The largest issue is to the owner of the internet account. If someone does something bad the police will come to your door and they aren't going to be real receptive to the "it wasn't me" argument. This is why people that post child porn tend to do it from open shared wifi.

 

[ismmostaar1]

Lan was never meant to be secured. First you only have 1 router and even if you have 2 it still has limitation on what it can restrict.

The first exposure is that your machine by default will assume "private" network security options. This is so you can share files and printers but this also exposes your machine to others and they can attempt to hack it.

Even if you were to secure the machine and even have a fancy firewall to prevent traffic between machine you can do nothing when someone can touch and change the hardware. It takes little effort to say place a switch in the path that makes copies of all your data to a second port. So someone can see all your data....this is not as bad as it used to be because traffic is encrypted but there are ways to attempt to hack past that if someone is very determined.

The largest issue is to the owner of the internet account. If someone does something bad the police will come to your door and they aren't going to be real receptive to the "it wasn't me" argument. This is why people that post child porn tend to do it from open shared wifi.

here's what i understand so far, other than the risk of what someone can post online, only sharing files inside the network is the issue? and i guess that can be dealt with by specifying to share only with particular devices is that right or wrong? a second question is it possible to hack people's personal information remotely just from inside the network itself? and i don't mean sending links to emails but in relation to sharing a network, like can you do it from a router or something? I'm not asking for tutorials or deep explaining but only for general knowledge, can you please explain this two examples in a simple ways that an average person (not tech savvy) would understand? (making sharing files inside network safe, and the possibilities of hacking people's information inside same network remotely).

 

[cruisetung]

The easiest way to solve security issue is use 3 routers.

The following setup allow each home has its own network and won't see each other

As long as no one is hosting server facing outside world, double NAT setup is a non-issue.

Nothing to fiddle with , really. Except LAN IP.

cable or fiber in --->  ISP router ------- Home A router and APs
                                      |
                                      |
                                      +--- Home B router and APs

Let's say ISP router LAN IP is 192.168.1.1

and Home A router's assigned WAN IP is 192.168.1.11 by ISP router's DHCP
and Home B router's assigned WAN IP is 192.168.1.111 by ISP router's DHCP

all you have to do is:

change Home A router's LAN to something like 192.168.10.1 and
change Home B router's LAN to something like 192.168.20.1

that's it

 

[BFG-9000]

Far and away the simplest method is to use a gateway router that can be configured for VLANs, which all three large 3rd-party firmware projects allow.

Normally, a VLAN is used to trunk multiple connections over a single port, which obviously requires an AP at the other end that understands this.

However the simplest form of VLAN simply assigns one whole ethernet port to a different VLAN, which is the one you run to the other house, and you can use any switch or AP on that end then. Both the LANs can then access the internet but neither can see each other so one house can't see the network shares or print to network printers of the other.

If you want to use an off-the-shelf router then the Guest network on them operates exactly like this, but is usually limited to wifi. Using an AP in wireless client mode to convert that back to ethernet has its own issues which has been covered here before

 

[BFG-9000]

I should point out that VLANs are exactly how those large apartment complexes do it using managed switches.

With a consumer-grade router you are limited to 4 VLANs this way because none of those 8-port routers seem to actually use a 9 or 10-port switch chip internally but two 5 or 6-port ones, with one being unmanaged. But you could supply internet to a four-plex simply, each with one ethernet port and no complicated trunking or managed switch required, with nothing in double-NAT. And each tenant can add as many switches + APs as they like on their own LAN, with everything served up by their own virtual gateway router running in software on the real gateway.