Two isolated networks, one service point: how?

[jwc98]

I have an apartment downstairs I rent out. It comes with its own internet and the level of service I want to supply is high (50 Mbps 24x7 and as many 9's as possible). Tenants are in there only for a few months at the most, then they move on and someone else moves in.

What I would like to do is combine my Internet service with the apartment below, and be billed for only one account. I want users on each network to be oblivious of the other, so that downstairs tenant can not see devices on my network, and vice-versa. I also want to allow file sharing and device discovery within each network.

I want it so that network connection on both my part and the tenant's part is as easy as possible... This means as little device configuration as possible. Same or different SSIDs don't really matter -- I have considered a second router to accomplish this.

ISP is Verizon FIOS. Looking at their 75 Mbps service level for this, as likely there will be significant video demands.

So, possibilites... please rank according to security, viability, feasibility:

1 - two routers (second router uses first as gateway) - different SSID
2 - guest network for tenant, private network for me - is that secure for him? (guessing no)
3 - subnet?
4 - something else I'm not seeing?

THANKS!!!!

 

[bill001g]

You could run router behind router as you propose. Users on the first router would not be able to access the second because of nat on the second router. But the users on the second router could access the first because to them this is internet. That can be fixed with a rule in second router. It depends who controls the second router.

You could do it with a single router if that router can assign different vlans to different lan ports. You would assign 1 port a different subnet and cable it to the other area. You could then put a AP or a router. This router with 2 vlans would need to prevent traffic from going between them.
The things you buy in the store called routers are not actually routers since they can only have a single lan. The simplest way to solve this is to buy a router you can load third party firmware like dd-wrt on. Some routers come preloaded with dd-wrt (buffalo i think). I would by a asus or tplink that is compatible and load dd-wrt though.

 

[littleleo]

At my house I wanted guest to be able to access the internet w/o seeing my family network. I have a Linksys model that allows me to setup a Create a guest network. They have their own login and they have access to the internet and their email accounts on the web. They can't get access to my network with out the password so its worked out well for me. You can buy a separate device to do the same thing I'm sure.
http://www.linksys.com/us/p/P-EA6900/

 

[jwc98]

At my house I wanted guest to be able to access the internet w/o seeing my family network. ....

Thanks Leo, that is a nice simple solution. It's pretty much analogous to what I'm looking for except that my guest will be visiting a bit longer (~3 mos). Thanks, I will look into the Linksys.

 

[jwc98]

....You could do it with a single router if that router can assign different vlans to different lan ports. ....

Excellent, I'll look into using dd-wrt as well. Thanks for a very in-depth reply.