We help IT Professionals succeed at work.

adding a second router to a LAN to segregate personal from business

wfcrr asked
Medium Priority
Last Modified: 2012-08-13
We have a LAN that is a router and a couple of hubs and there is one internet modem connected to that. In order to allow personal computers to have internet access, but not have LAN access, I have been linking a second router via one of the hubs ports so that  we could have a separate network and all share the same internet modem. I would like to know about security.  The reason for the second router is simply so that others can use the internet without being on our company LAN.  Hopefully I am making sense. This is a small home based company and the LAN is for the SBS and workstations. The second router is for personal computer use.  By doing it this way, am I keeping the personal computers separate and segregated from the company LAN?
Watch Question

Distinguished Expert 2018
Unfortunately not, if I understand the topology as you described it. The problem is that by plugging into one of the ports on the hub, you still have full layer-2 connectivity and someone with talent can manipulate that....even if that person is remote or has compromised one machine in some way.

You can solve this situation with VLANs if your network equipment supports it. Or you can segregate your entire network at the layer-3 level with a better router or by putting a routing-capable OS at your network edge with multiple discreet legs...something like untangle would work.

But as it stands now, you have some planning to do.


Explore More ContentExplore courses, solutions, and other research materials related to this topic.