Segregate Home Network Using Routers, Switches, Same Gateway

Posted on 2008-11-06
Last Modified: 2013-11-09
I want to achieve the following

segregate a section of my home network but still use the same gateway. a portion of my network i allow anyone to use the wifi, however, i'd like to segregate my personal computers and laptops from that area of th network. i have the following equipment
Cable Modem >> connected to Linksys wireless router (dhcp) with an OPEN wireless for people

I want to attach a Netgear router to the Linksys wireless router and provide services (lan) to my personal equipment.

Please see the attached image and let me know if this is possible or if i am overlooking something.
The section in red is already setup. What i want to attach to th network is the blue section.
Question by:thesurg3on
    LVL 18

    Accepted Solution

    A few questions:
    Do you want to give access to the Internet via the wireless network?
    Do you personal computers need to access the computers on the wireless network?

    Assuming yes to the above questions:
    You should be able to set this up with the one router.
    On the router, set a DMZ so that only the computers on the private network can access the Internet. Most routers have this option.

    You then have several choices in preventing network access to your systems:

    -You can configure the host files on the public network PCs so that all requests to the named computer on your private PCs point to
    -Set the firewall up so that the private PCs don't accept incomming packets from the public PCs.
    -Set private PCs on a different subnet than the public ones, eg private ip 10.1.1.x, private 10.1.2.x

    Your proposal is also a possible solution, however the router, switch, and AP can all be one device.
    I recommend using the Linksys WRT54GL with DD-WRT installed on it. You can pick one up for under $100.



    To set up with your method use the Linksys WRT54GL to connect to the private wireless router. You can tell the public router to disallow the private PCs access to it if you don't want them communicating. You would also need to block the public PCs from accessing the private ones via a firewall. Still set up the DMZ as mentioned above.

    Author Comment

    i would want both the wireless router in the red area to provide internet access via DHCP to public users, and in the blue area, i would also want internet access provided (it doesnt have to be DHCP at all).

    essentially i want both routers to provide internet access using the same cable modem. if i can set it up with the equipment i already have, then i will try it.

    not too familiar with the DMZ setup but will try. Also putting host files on all computers connecting in the red zone is not an option.
    LVL 18

    Expert Comment

    In that case you don't need a DMZ.

    As long as your current router has enough ports for the physical cables, and the wireless access for the rest then you should be able to set it up without extra equipment.

    You can set everything up as the same network and restrict file access to certain computers via software firewalls on the private PCs. You should be able to use the free version of Zone Alarm for this purpose if you don't already have a firewall.

    Author Comment

    Yes, the soft firewalls is something I considered, my main concern is that i have two UPnP devices on the private network with Media sharing which is why I want to isolate these machines from the public part of the network. I do not want people accessing my xbox360 or NAS appliance.

    I will setup the network today with the diagram I presented. Thanks.
    LVL 18

    Assisted Solution

    Fair enough. I would still merge the router, switch, and wireless AP in the blue section into a single device, unless you already have the hardware.

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Join & Write a Comment

    I recently purchased a Bluetooth headset called the Music Jogger (model BSH10). The control buttons on it look like this: One of my goals is to use it as the microphone and speakers for Skype calls. In that respect, it works well. However, I …
    This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now