Configuring 2 routers in a network

Posted on 2012-08-22
Medium Priority
Last Modified: 2012-08-23
Hi all,

I have a internet modem, plugged into a router.  Its subnet is, and ip

I want to place another router inside the network connected to a switch with a subnet of and an ip of w/ dhcp enabled to end out 0.1 ip addresses.

1.  Can I do this.
2.  How do I get internet to work.  (Hard code static IP from internet provider?)  Note:  internet plugs into main router  (1.1 router)
3.  How do I get a computer on the 1.1. router to talk to a computer/device on the 0.1 router.  

Is that possible even?
Question by:jwebster77
  • 4
  • 2

Accepted Solution

JT92677 earned 2000 total points
ID: 38322556
Assuming your first router is up and running, and can let you access the internet, the second router can be setup easily.

You can do this by plugging the second router WAN port into the first router LAN port. This will assign a WAN address to the 2nd router in the 192.168.1.x range. Unless some user does a trace route they won't even know about the path taken by packets through router 2, then through router 1 to the cable or dsl modem and onto the public internet.

Then set the LAN ip address of your second router to and let it DHCP to anyone that connects to it. Devices on the 2nd router will be in the 192.168.0.x block.

It will direct any packets outside of through your first router to the internet, essentially bypassing the first class-C network block of 192.168.1.x

This isolates users on the 2nd router from easily accessing devices on your first router's block, but that may be your objective.  A route can be used to make 192.168.1.x visible to the 192.168.0.x network.


Author Comment

ID: 38323213
Thanks Jeff.  In this case I want to allow them to see the decices on the 1.x block.  Do I need to setup the route on both routers?

Expert Comment

ID: 38323227
Just hook the 2nd router LAN port to the first router LAN port, turn off DHCP -- but this kind of defeats the purpose of any network access limits.

A router/Wifi combination is really just a Router with a Wifi Access Port attached to the switch with multiple ports. The switch is then routing packets to the WAN port, or it will simply act like any other switch and let packets go from the WiFi (protocol changing) access point into the switch and out through the network.

DHCP in this case would be handled by the primary router, and all systems would be in the same Class-C network (255 max IP addresses) in the same block.

Put the two Access points on different channels, like channel 1 and channel 11, give them unique names, and one will accept ANY users and the other will restrict access to those with the password.

This will let visitors see all the computers and devices on the LAN.

It's like having two doors to your house -- the front door is locked, the back door is wide open, but both let you into the house. It's not secure since all that is required is to pick the right Access Point, the one with no password, to get into the LAN.

Is that really what you have in mind?

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.


Author Comment

ID: 38323248
So would the lan ip of the second router still be 0.1?

Expert Comment

ID: 38323289
The second router would NOT be doing DHCP, and it won't be used as a router or a gateway.

All you're really doing with the second router (in this example) is using it as an Access Point with an attached Switch. The WAN port, the DHCP, the NAT etc., all not used in this configuration.

You can set the IP address of the 2nd router to be 0.2 for example, so you can get to the HTTP interface of that device, but aside from that, the 2nd router IP address serves no purpose to the networking. That's why I mentioned turning OFF the DHCP on that 2nd router, you want the primary router to be the ONLY DHCP server on the LAN.

In fact, if you fail to turn OFF the DHCP on this second device, it will hand out IP addresses that are very likely to conflict with the first router's LAN Client list.

The primary router will hand out IP addresses, give the gateway address to the clients, and provide the DNS server IP addresses.

Hope this helps.


Expert Comment

ID: 38324014
I am assuming below setup.

Internet Modem -----Router R1--------Router2-------Switch--------Users.
Please give your exact diagram

So users can access the internet from Router2 by having a default route to Router1.
and by doing NATTING on R1.
But first what are the makes of routers and switches ?Is it cisco/juniper ?

Expert Comment

ID: 38325413
Think of router 1 as a router.  Think of router 2 as a switch with an Access Point in this example. It's only called "router 2" because that is how it was supposed to be used, but you can use "router 2" as just a switch with a WiFi AP feature if you ignore router 2's WAN port (don't use it).

You can use SOHO (Small Office Home Office) Routers with WiFi and Switch
Here's a listing that might be helpful

Here are some at eBay. I've used LinkSys, D-Link, Netgear etc and they are all pretty good but for some business, they might think you have to spend hundreds of dollars so you can blame the router if problems occur, typical office politics.


Internet Modem  ---->  

     Goes to WAN PORT on Router 1
          Router 1 WiFi (WPA security) is part of Router 1 LAN Switch

     Add "Router 2" as a WiFi Access point with built-in switch by hooking a LAN
     port on Router 2 to a LAN port on Router 1, turn off DHCP on router 2,
     essentially ignoring the "routing" feature of the 2nd router.

On second router, if all users are to be on the same LAN block, hook up as follows

        Router 1  LAN ---->   <---- LAN Router 2  (nothing hooked to Router 2 WAN port)
On Router 2 turn OFF DHCP.  Router 2 is now just an Access Point with an attached Switch

      Users connect to "Router 2" WiFi port, it goes to the built-in LAN port, out the LAN
      port to Router 1 LAN port to acquire IP address from Router 1 DHCP server feature.

You have TWO switches, one from Router 1 and one from Router 2 acting as just AP/Switch combination.

All the LAN ports provide the same functionality, get IP address from Router 1, go to the internet through Router 1 Gateway, etc.

Two WiFi access points -- one with security (router 1) and one with no security ("router 2" acting as just an Access Point)


Remember, if you want to provide visitors with ONLY internet access, you can use Router 2 as a Router by (1) hooking up to it's WAN port, (2) changing the base address to something outside of router 1 block, and (2) turning on DHCP on router 2.  Now users on Router 2 get an IP address outside of the owner's IP block, they'd have internet access but doing a network list would not see systems on the router1 network block.

An advanced "guest" user could figure out how to access Router 1's network, but it would not be obvious or visible to Windows or MAC network browsing.

Thanks for the points.


Featured Post

Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
Sometimes MS breaks things just for fun... In Access 2003, only the maximum allowable SQL string length could cause problems as you built a recordset. Now, when using string data in a WHERE clause, the 'identifier' maximum is 128 characters. So, …
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question