Here is the scenario: A crisis intervention center that has a homeless shelter for its residents and an internal network of business-related computers. Broadband comes in via Verizon FIOS through a ZyXel Prestige 861H-G1G2 modem that converts the FIOS phone signal to ethernet an then feeds an ActionTek Router which feeds the business systems.. My goal is to create two completely different networks--one for confidential internal use and another for use by the residents. My original plan was to put a switch between the ZyXel Modem and the ActionTec router and run another router off of that switch, but for some reason, even when I try connecting directly to the ZyXel I cannot get out to the internet. I can only get there via the ActionTek router (192.168.1.1). I tried connecting a second router (192.168.2.1) to the ActionTek Router but I was able to cross back over and access the business systems that way, which I want to protect from that router.
I'm looking for ideas as to the most efficient way to create these two subnets.