Link to home
Start Free TrialLog in
Avatar of prophet001

asked on

Configuring two wireless routers with one as a guest

 I  was wondering if someone might be able to help me understand how to configure two wireless routers so that one is a work LAN with internet access and the other is a guest LAN with internet access but neither has access to the other.

I asked this question a little back and got some good responses, however I'm not sure about the details of what is going on.

If I plug one wireless router's WAN port into the modem and it gets a WAN address in the subnet then I put its LAN on the subnet then I plug the other wireless router's WAN port into one of the LAN ports on the first wireless router and let it get a WAN address in the subnet but I configure its LAN subnet to be will there be any communication between them? What will happen if someone on the subnet asks for an address on the subnet? Will it get to the first router and be routed to that subnet? Which router would be the guest and which one the work router?

Another option that I've thought of is to set up the modem as DHCP and connect it to a switch coming out of the modem. In that case each wireless router could get a WAN address on the subnet and have a LAN subnet in the address space. Is this a better configuration? What communication would there be between the two in this case?

Another question that I've had while trying to set this up is why the WAN port can't have the same subnet as the LAN on a wireless router. Why can the WAN port not have and the LAN subnet be in the same address space? This is sort of related to the previous question although not directly.

Thank you for any help you can give,

Avatar of hypercube
Flag of United States of America image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of prophet001


First, Thank you for the response. It's very detailed and easy to read and make me feel like it's worth it to be a member on this site. I appreciate it.

A few questions about the configuration that you outlined in the first document. The cascaded routers. Is there anything special about the subnet? If I have the first subnet into the WAN port of router 1 be, the 2nd subnet into the WAN port of router 2 be, and the 3rd subnet on the LAN of router 2 be will that work?

Also, if I set up Router 2 and subnet 3 to be the "guest" network will there still be no connection between subnet 2 and 3? I know that you mention that the subnets can't talk. What will happen if someone on (3rd subnet in my description) requests an address in (2nd subnet in my description)? Will router 2 not recognize that the requested address is on its WAN port subnet and forward it to the WAN?

Thanks again for the help and clarification,
First question: Yes, those subnets will work just fine that way.
There's nothing special about any of them except that they are:
- private ranges
- each a different range
So you could choose /24 subnets as follows:  where the xxx's are each 0 to 255 where yyy is 16 to 31 and xxx is 0 to 255. where xxx is 0 to 255

The configuration on page 2 of Multiple Subnets will isolate the 2nd and 3rd subnets from one another.  In my experience with commodity routers with private subnets on the WAN side, devices on the 2nd and 3rd subnets will be able to see devices on the 1st subnet but devices on the 1st subnet won't be able to see devices on the 2nd and 3rd subnets.

Consider this:
Packets on the 2nd and 3rd subnets destined for the 1st subnet will arrive just fine because their respective routers have a route for the 1st subnet.  Return packets should be destined for the 2nd and 3rd subnet router WANs because of the original source addresses (I think that's a reasonable description as I'm a bit fuzzy on why this works).  

However, packets originated by devices on the 1st subnet and destined for the 2nd or 3rd subnet will go to the first router (their gateway) as the next hop and will be dropped .. because the first router has no idea that the 2nd and 3rd subnets exist (without a static route entered).

I hope this helps, I'm not sure which of the two diagrams you were referring to.
On page 1, with a cascade of routers, you would put the guest network at or near the top and the more private subnets at the bottom.  So, in that case you would not use subnet 3 to be the guest network and would be better off with what's on page 2.

Whatever you do, test the results.

Thank you again,
Best answer I think I've ever had on this website.

Thank you.
Thank you for the kind words!!