Sign in with
Sign up | Sign in
Your question

How to set up separate Wireless network (no access to network resources) for internet access

Last response: in Networking
Share
May 9, 2013 2:10:46 PM

G'day Everyone,

I've got myself 2 TP Link W8960N router/ADSL2 modems and I'm looking at implementing a free public network to provide internet access to various people through a wireless connection. I have an ADSL connection through my own personal local LAN & WIFI connection and I would like this to be on a separate network (so those accessing the free WIFI can not access my media server).

Basically what I would like is to be able to share my ADSL connection to the new router which will be on a separate network and have a separate WIFI hotspot.

How do I go about doing this?

I know my stuff pretty well when it comes to networking, but i just can't think of how to go about doing this? Happy to provide more info or further clarification if required.

Hayden C
May 9, 2013 2:55:42 PM

Onus said:
There are a variety of products out there which can provide "Guest" network access. I'm using one of these: http://www.newegg.com/Product/Product.aspx?Item=33-122-... which has that feature, although I haven't used it.


This is exactly the kind of functionality I'm looking for but was thinking it would be available (albeit more complicated to set up) with the router/s I have currently got. Is there some way of creating a virtual LAN that can be broadcast through wireless?
Related resources
May 9, 2013 3:02:26 PM

You'll have to go through your router's documentation and/or setup screens. Their web site may have a forum, where someone has done it already.
May 9, 2013 4:06:54 PM

The problem is that these are COMBO devices, meaning the modem and router are one device. And that means neither one exposes a WAN port; the connection between the modem and router is internal, making it unnecessary. But that makes them unsuitable for reuse in many instances. Here you have a classic case.

If they were just routers, you could designate one the private router/network, the other the guest router/network. You’d make the guest router/network the primary router (i.e., connected to the standalone modem), then daisy chain the private router/network (over its WAN) to a LAN port on the guest router/network. The firewall of the private router/network would prevent access by the guest router/network.

That said, it’s not perfect. There is the potential (albeit slight) for ARP poisoning by guest users since traffic from the private router/network must still traverse the guest router/network.

But all of this is moot since you don’t have that option anyway! That’s just one of many reasons using combo devices is usually not a good idea. It’s good for ISPs, of course, since they usually save a little money w/ an all-in-one device. And it makes configuration a little easier too. But for the customer, esp. one who might be interested in reuse, it’s usually a bad investment. Now you see why.

About the best you can do w/ these devices is configure the second modem+router as a wireless AP, thus adding more LAN ports and a second AP. But all those clients will be using the SAME physical and logical network, and therefore it offers no separation/security between the private and guest users. You need to separate those users into two networks, and that’s only possible via routers. And again, that’s only possible if those devices expose a WAN port.

P.S. It would be possible to use these devices *if* one of them supported VLANs. You could create to separate *logical* networks, configure the other as an AP, and assign each AP to its own VLAN. But I’m only including this information for completeness. It’s highly unlike your average consumer router would support VLANs.

So unless these devices either support a guest wireless AP natively, or can otherwise be reconfigured to expose a WAN (perhaps converting one of the LAN ports to a WAN), I think you’re up the creek, at least as far as using these devices.
May 9, 2013 6:20:17 PM

These are higher-end devices that DO apparently support VLANs, not your typical cheap $50 consumer router. I'd have to return to the documentation, but I believe it uses an entirely different subnet for DHCP services to give to the "guest" network.
!