Avatar of prophet001
prophet001 asked on

Configuring two wireless routers with one as a guest

Hi,
 I  was wondering if someone might be able to help me understand how to configure two wireless routers so that one is a work LAN with internet access and the other is a guest LAN with internet access but neither has access to the other.

I asked this question a little back and got some good responses, however I'm not sure about the details of what is going on.

If I plug one wireless router's WAN port into the modem and it gets a WAN address in the 192.168.1.0 subnet then I put its LAN on the 192.168.2.0 subnet then I plug the other wireless router's WAN port into one of the LAN ports on the first wireless router and let it get a WAN address in the 192.168.2.0 subnet but I configure its LAN subnet to be 192.168.3.0 will there be any communication between them? What will happen if someone on the 192.168.3.0 subnet asks for an address on the 192.168.2.0 subnet? Will it get to the first router and be routed to that subnet? Which router would be the guest and which one the work router?

Another option that I've thought of is to set up the modem as DHCP and connect it to a switch coming out of the modem. In that case each wireless router could get a WAN address on the 192.168.1.0 subnet and have a LAN subnet in the 192.168.2.0 address space. Is this a better configuration? What communication would there be between the two in this case?


Another question that I've had while trying to set this up is why the WAN port can't have the same subnet as the LAN on a wireless router. Why can the WAN port not have 192.168.1.1 and the LAN subnet be in the same address space? This is sort of related to the previous question although not directly.

Thank you for any help you can give,

 Preston
Wireless NetworkingRoutersNetwork Architecture

Avatar of undefined
Last Comment
hypercube

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
hypercube

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
prophet001

First, Thank you for the response. It's very detailed and easy to read and make me feel like it's worth it to be a member on this site. I appreciate it.

A few questions about the configuration that you outlined in the first document. The cascaded routers. Is there anything special about the 192.168.0.0 subnet? If I have the first subnet into the WAN port of router 1 be 192.168.1.0/24, the 2nd subnet into the WAN port of router 2 be 192.168.2.0/24, and the 3rd subnet on the LAN of router 2 be 192.168.3.0/24 will that work?

Also, if I set up Router 2 and subnet 3 to be the "guest" network will there still be no connection between subnet 2 and 3? I know that you mention that the subnets can't talk. What will happen if someone on 192.168.3.0/24 (3rd subnet in my description) requests an address in 192.168.2.0/24 (2nd subnet in my description)? Will router 2 not recognize that the requested address is on its WAN port subnet and forward it to the WAN?

Thanks again for the help and clarification,
 Preston
hypercube

First question: Yes, those subnets will work just fine that way.
There's nothing special about any of them except that they are:
- private ranges
- each a different range
So you could choose /24 subnets as follows:
10.xxx.xxx.0/24  where the xxx's are each 0 to 255
172.yyy.xxx.0/24 where yyy is 16 to 31 and xxx is 0 to 255.
192.168.xxx.0/24 where xxx is 0 to 255

The configuration on page 2 of Multiple Subnets will isolate the 2nd and 3rd subnets from one another.  In my experience with commodity routers with private subnets on the WAN side, devices on the 2nd and 3rd subnets will be able to see devices on the 1st subnet but devices on the 1st subnet won't be able to see devices on the 2nd and 3rd subnets.

Consider this:
Packets on the 2nd and 3rd subnets destined for the 1st subnet will arrive just fine because their respective routers have a route for the 1st subnet.  Return packets should be destined for the 2nd and 3rd subnet router WANs because of the original source addresses (I think that's a reasonable description as I'm a bit fuzzy on why this works).  

However, packets originated by devices on the 1st subnet and destined for the 2nd or 3rd subnet will go to the first router (their gateway) as the next hop and will be dropped .. because the first router has no idea that the 2nd and 3rd subnets exist (without a static route entered).

I hope this helps, I'm not sure which of the two diagrams you were referring to.
On page 1, with a cascade of routers, you would put the guest network at or near the top and the more private subnets at the bottom.  So, in that case you would not use subnet 3 to be the guest network and would be better off with what's on page 2.

Whatever you do, test the results.
ASKER
prophet001

Awesome.

Thank you again,
 Preston
Your help has saved me hundreds of hours of internet surfing.
fblack61
ASKER
prophet001

Best answer I think I've ever had on this website.

Thank you.
hypercube

Thank you for the kind words!!