PDA

View Full Version : Network router question



Mike Henderson
09-23-2013, 9:02 PM
I have a situation where I want to provide Internet access to a computer but I don't want that computer to be able to see the rest of the network.

I remember someone mentioning that they had set up a router to split the network - so that there were two domains, both of which got Internet access, but the users of each domain could not see into the other domain.

Anyone know about this, and if you do, can you point me to more info on it and maybe a product?

Mike

Sean Troy
09-23-2013, 9:10 PM
I have a situation where I want to provide Internet access to a computer but I don't want that computer to be able to see the rest of the network.

I remember someone mentioning that they had set up a router to split the network - so that there were two domains, both of which got Internet access, but the users of each domain could not see into the other domain.

Anyone know about this, and if you do, can you point me to more info on it and maybe a product?

Mike
Sense I've looked at wireless access points lately, I saw one that you can do just that with I believe. NETGEAR ProSAFE N300 Wi-Fi Access Point (WN203)

Matt Meiser
09-23-2013, 9:15 PM
I've got something like that set up in my house, using a single board computer running pFsense and a separate access point for guests. They get a login page kind of like at a hotel. Many routers have guest functionality now.

One nice thing on ours, I can limit the bandwidth available to guests (usually my daughter's friends iPods and iPhones) so they are dragging down our whole connection.

paul cottingham
09-23-2013, 9:29 PM
The easiest way to set up a separate network is to take an old computer, put two nics in it, create two subnets and create a route between the subnets. You can actually download router software that is contained on a floppy, boot off it, and away you go. I suspect you can find such software for a USB key as well.
If that is not an option ( I realize that it may be intimidating ) you can likely do the same thing with a commercial router, but I have never done that. You can definitely do it with some of the Linux distros that can be installed on old routers.

Myk Rian
09-23-2013, 10:17 PM
I have a Belkin router that limits guests to not have network access.

Lee Schierer
09-23-2013, 10:31 PM
I have a Belkin router that limits guests to not have network access.

My Cisco router doesn't show the network to guests either.

Mike Henderson
09-24-2013, 12:00 AM
I have a Belkin router that limits guests to not have network access.

I assume you mean access to the rest of the network and not to the Internet, Myk. If so, would you give me the model number, please?

Also, does anyone know what the feature is called so I can search on it?

Mike

Mike Henderson
09-24-2013, 12:01 AM
My Cisco router doesn't show the network to guests either.
Would you give me a pointer to your unit, Lee? Either a link or the model number.

Mike

Lee Schierer
09-24-2013, 8:14 AM
Here you go: Cisco E1200 (http://www.amazon.com/Cisco-E1200-Linksys-Wireless-N300-Router/dp/B004T9RR6I) Click on the show more in the description area and take note of the sixth bullet point. (Give visitors password-protected Internet access on a separate network?so your visitors have access to the Internet, but not your computers or data)


Would you give me a pointer to your unit, Lee? Either a link or the model number.

Mike

Curt Harms
09-24-2013, 9:39 AM
Mike, you might be able to do that without buying anything if you have a router that will support DD-WRT. If memory serves, DD-WRT will support 5 virtual/guest wireless access points in addition to the 'normal' one. I'm not certain about the DD-WRT guest accounts, you might be able to set what resources each guest account can access. For instance, users of a guest account might be able to use your printer(s) but not be able to access any data. I think most integral guest accounts can only 'see' the internet connection, nothing local. At least that's my understanding.

Brian Kerley
09-24-2013, 9:42 AM
All you need to do is setup a subnet on your current router. Most routers support this out of the box. It will prevent the two subnets from talking to each other. Can be tricky if you are trying to provide separate WIFI SSIDs though, unless you run something like Tomato or DD-WRT.

If you are wanting to buy a router, ASUS routers have this feature as well (http://www.newegg.com/Product/Product.aspx?Item=N82E16833320158, $30, offers "guest mode")

Mike Henderson
09-24-2013, 10:06 AM
Here you go: Cisco E1200 (http://www.amazon.com/Cisco-E1200-Linksys-Wireless-N300-Router/dp/B004T9RR6I) Click on the show more in the description area and take note of the sixth bullet point. (Give visitors password-protected Internet access on a separate network?so your visitors have access to the Internet, but not your computers or data)

Thanks, Lee. That's exactly what I want. And not very expensive.


All you need to do is setup a subnet on your current router. Most routers support this out of the box. It will prevent the two subnets from talking to each other. Can be tricky if you are trying to provide separate WIFI SSIDs though, unless you run something like Tomato or DD-WRT.

If you are wanting to buy a router, ASUS routers have this feature as well (http://www.newegg.com/Product/Product.aspx?Item=N82E16833320158, $30, offers "guest mode")

I'll check my router to see if it supports subnets. Thanks for the suggestion, Brian.

Mike

Larry Browning
09-24-2013, 10:31 AM
Mike,
Just about any of the new Cisco/Linksys routers have this feature, and as Brian points out many other manufactures have this feature as well. It is called guest access. The guest access works similar to the way most hotels wireless access works. Your computer or device will see 2 network SSIDs One will allow full access and the other will only allow internet access. Mine are named CleverWillow and CleverWillow-guest. When you connect to the guest SSID, you do not need to enter a WPA or WEP password, but the first time you use the browser you are redirected to a page where you have to enter the guest access password.

Myk Rian
09-24-2013, 9:39 PM
Belkin N750
http://www.tigerdirect.com/applications/SearchTools/item-details.asp?EdpNo=1139381&SRCCODE=WEBGOOKWL&cm_mmc_o=mH4CjC7BBTkwCjCs81CjCE&gclid=CK2h0_C05bkCFY5r7AodVUkAFg
I got mine at Walmart or Bestbuy for a little cheaper, I think. Shop around.

Mike Henderson
09-26-2013, 1:01 PM
My particular problem is that I want to segment an Ethernet (wired) part of the network from the rest of the Ethernet (wired) part of the network. A network friend made this suggestion to me.

Get a router with the flavor of WiFi that you like (just so I have wireless access). Plug this new router into your existing access box (which includes the modem and a router). Plug the segregated Ethernet line into the the existing access box. Plug all of your wired connections into the new router. Since the new router will have NAT (and DHCP), anyone on that segregated Ethernet connection will not be able to see into the network connected on the new router because of the NAT.

Does that sound correct? And if I want to offer guest access on WiFi, I'll select a new router that provides that feature.

Mike

Brian Kerley
09-26-2013, 2:39 PM
My particular problem is that I want to segment an Ethernet (wired) part of the network from the rest of the Ethernet (wired) part of the network. A network friend made this suggestion to me.

Get a router with the flavor of WiFi that you like (just so I have wireless access). Plug this new router into your existing access box (which includes the modem and a router). Plug the segregated Ethernet line into the the existing access box. Plug all of your wired connections into the new router. Since the new router will have NAT (and DHCP), anyone on that segregated Ethernet connection will not be able to see into the network connected on the new router because of the NAT.

Does that sound correct? And if I want to offer guest access on WiFi, I'll select a new router that provides that feature.

Mike

Segmenting the Ethernet is super easy on your current router (most likely). Segmenting WiFi is more difficult, and I would suggest a new router for this feature even if your current router can be made to do it with aftermarket firmware.

To do a segmented Ethernet, you need to know which ports you want to have assigned to a particular network. When I said "subnet" earlier, I kinda messed up in my terminology. What you want is a VLAN (which creates a separate subnet). Under the "Advanced" settings of your router is probably a section for VLAN. If you give me your model number, I'll be more than happy to research and provide info via PM....

Mike Henderson
09-26-2013, 3:11 PM
Segmenting the Ethernet is super easy on your current router (most likely). Segmenting WiFi is more difficult, and I would suggest a new router for this feature even if your current router can be made to do it with aftermarket firmware.

To do a segmented Ethernet, you need to know which ports you want to have assigned to a particular network. When I said "subnet" earlier, I kinda messed up in my terminology. What you want is a VLAN (which creates a separate subnet). Under the "Advanced" settings of your router is probably a section for VLAN. If you give me your model number, I'll be more than happy to research and provide info via PM....
The existing router is built into my U-Verse box, which is made by 2Wire. I've looked at the setup and there's nothing that indicates VLAN support - at least nothing I can find. That's why my friend suggested just using another router.

I'd appreciate a suggestion for a router box that supports VLAN and good WiFi support (802.11n). That would give me another option for setting up the network.

Mike

Brian Kerley
09-26-2013, 3:19 PM
The existing router is built into my U-Verse box, which is made by 2Wire. I've looked at the setup and there's nothing that indicates VLAN support - at least nothing I can find. That's why my friend suggested just using another router.

I'd appreciate a suggestion for a router box that supports VLAN and good WiFi support (802.11n). That would give me another option for setting up the network.

Mike

Those 2WIRE boxes are not very flexible...dang.

I like ASUS routers, personally. I think they have really good wifi speeds and excellent throughput. I linked one a bit further up-thread which seems to have good reviews and offers guest wifi, etc.

Larry Browning
09-26-2013, 4:24 PM
I have been drooling over this one, hoping my current one hiccups.
http://www.amazon.com/TP-LINK-TL-WDR4300-Wireless-Gigabit-300Mbps/dp/B0088CJT4U/ref=sr_1_9?s=pc&srs=2530652011&ie=UTF8&qid=1380226612&sr=1-9&keywords=tp+link+wireless+router

Benoit Rochon
09-27-2013, 8:09 AM
check if you can split your router into 2 VLANs.

Mike Henderson
09-27-2013, 1:26 PM
check if you can split your router into 2 VLANs.
Thanks for the suggestion, Benoit. If you mean my existing router, we discussed that earlier in the thread. But I will make sure that any new router I purchase has VLAN support.

Mike