Configuring two wireless routers with one as a guest

 I  was wondering if someone might be able to help me understand how to configure two wireless routers so that one is a work LAN with internet access and the other is a guest LAN with internet access but neither has access to the other.

I asked this question a little back and got some good responses, however I'm not sure about the details of what is going on.

If I plug one wireless router's WAN port into the modem and it gets a WAN address in the subnet then I put its LAN on the subnet then I plug the other wireless router's WAN port into one of the LAN ports on the first wireless router and let it get a WAN address in the subnet but I configure its LAN subnet to be will there be any communication between them? What will happen if someone on the subnet asks for an address on the subnet? Will it get to the first router and be routed to that subnet? Which router would be the guest and which one the work router?

Another option that I've thought of is to set up the modem as DHCP and connect it to a switch coming out of the modem. In that case each wireless router could get a WAN address on the subnet and have a LAN subnet in the address space. Is this a better configuration? What communication would there be between the two in this case?

Another question that I've had while trying to set this up is why the WAN port can't have the same subnet as the LAN on a wireless router. Why can the WAN port not have and the LAN subnet be in the same address space? This is sort of related to the previous question although not directly.

Thank you for any help you can give,

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Fred MarshallPrincipalCommented:
Take a look at the attached paper on this subject.

The subnet question is "it depends".  You can set up multiple routers on the same subnet as shown in one of the papers.  Or, you can set up multiple subnets with multiple routers as you wish.

Two routers with NAT enabled (the normal thing) that are cascaded can't be on the same subnet.  Imagine this:
public address <> Router 1 <> private subnet 1 <> Router 2 <> private subnet 2

If Router 1 and Router 2 have the same LAN subnet then Router 2 will have both its WAN and LAN ports on the same subnet (if it will even allow you to do that - it might).  Then when a packet arrives on the WAN of Router 1 that is destined for one of the LAN addresses, the router will simply put it out "on the wire".  When Router 2 sees the packet, it sees that it's not addressed to Router 2 WAN address and ignores it.  
But, I suppose that some routers might behave differently .. I don't know.  It seems to me that I've seen this setup and it seemed to work but I didn't test it in any real way.
The best advice is: "Avoid it".

But to get around the issue, don't use the WAN port on Router 2 at all.
Use a LAN port instead and turn off DHCP.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
prophet001Author Commented:
First, Thank you for the response. It's very detailed and easy to read and make me feel like it's worth it to be a member on this site. I appreciate it.

A few questions about the configuration that you outlined in the first document. The cascaded routers. Is there anything special about the subnet? If I have the first subnet into the WAN port of router 1 be, the 2nd subnet into the WAN port of router 2 be, and the 3rd subnet on the LAN of router 2 be will that work?

Also, if I set up Router 2 and subnet 3 to be the "guest" network will there still be no connection between subnet 2 and 3? I know that you mention that the subnets can't talk. What will happen if someone on (3rd subnet in my description) requests an address in (2nd subnet in my description)? Will router 2 not recognize that the requested address is on its WAN port subnet and forward it to the WAN?

Thanks again for the help and clarification,
Fred MarshallPrincipalCommented:
First question: Yes, those subnets will work just fine that way.
There's nothing special about any of them except that they are:
- private ranges
- each a different range
So you could choose /24 subnets as follows:  where the xxx's are each 0 to 255 where yyy is 16 to 31 and xxx is 0 to 255. where xxx is 0 to 255

The configuration on page 2 of Multiple Subnets will isolate the 2nd and 3rd subnets from one another.  In my experience with commodity routers with private subnets on the WAN side, devices on the 2nd and 3rd subnets will be able to see devices on the 1st subnet but devices on the 1st subnet won't be able to see devices on the 2nd and 3rd subnets.

Consider this:
Packets on the 2nd and 3rd subnets destined for the 1st subnet will arrive just fine because their respective routers have a route for the 1st subnet.  Return packets should be destined for the 2nd and 3rd subnet router WANs because of the original source addresses (I think that's a reasonable description as I'm a bit fuzzy on why this works).  

However, packets originated by devices on the 1st subnet and destined for the 2nd or 3rd subnet will go to the first router (their gateway) as the next hop and will be dropped .. because the first router has no idea that the 2nd and 3rd subnets exist (without a static route entered).

I hope this helps, I'm not sure which of the two diagrams you were referring to.
On page 1, with a cascade of routers, you would put the guest network at or near the top and the more private subnets at the bottom.  So, in that case you would not use subnet 3 to be the guest network and would be better off with what's on page 2.

Whatever you do, test the results.
Do You Have a Trusted Wireless Environment?

A Trusted Wireless Environment is a framework for building a complete Wi-Fi network that is fast, easy to manage, and secure.

prophet001Author Commented:

Thank you again,
prophet001Author Commented:
Best answer I think I've ever had on this website.

Thank you.
Fred MarshallPrincipalCommented:
Thank you for the kind words!!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Wireless Networking

From novice to tech pro — start learning today.