Networking 2 Identical Routers, Both With Guest Networks
Tags:
- Routers
- Computers
- Networking
Last response: in Wireless Networking
Ryan Orr
September 16, 2014 10:12:06 AM
Hello, my name is Ryan, and I'm the Director of Technology at my house of worship. Computer networking, admittedly, has always been a sharp learning curve for me, however I have been able to hold my own for quite some time. However I need some big help with my church's computer networking, and I'm pretty sure I've come to the right place.
We have two identical Linksys routers, and I especially liked the Guest Wireless options, as well as the Parental Control features. We have a separate Comcast modem, which is connected to our office's router (We'll call it Router "A"). This router not only provides hardwired and wireless connectivity to our office copiers, secretary computer, and staff laptops, but it also is hardwired to our separate church building's router (Router "B") via one of the LAN ports. Router "B" mainly provides wireless access for our guests on Sunday mornings, as well as wireless and hardwired connectivity for our staff.
My ideal functions of this two router setup would have these desired features:
-Router "A" and Router "B" will provide staff only networking and internet access on it's "normal" 2.4Ghz & 5Ghz bands.
-Router "A" and Router "B" will also provide guests their own wireless guest network, which does not let guests see other devices connected to our network, but only provide internet access.
I need our staff only network(s) to be able to map and access all other devices/computer on the network...as in, I want to be able to access the secretary's computer in the office building all the way from my Tech. Dir. laptop that's in the seperate church building...going through two routers, etc.
I DON'T want any guests on the guest network to be able to see any of the staff devices...just to have internet.
...............
Now, as far as I have been able to do...
I've able to have both staff networks and guest networks on Router "A" work as planned. Guests can't see any devices on the network, but still have internet access. Staff devices on the staff hardwired and wireless network can see each other, as well as have internet access, of course.
When I hardwire Router "A" and Router "B" together, change the IP and disable DHCP on Router "B", the staff only network works just fine. We have complete connectivity to all devices on Router "A" & "B"...however, disabling the DHCP on Router "B" essentially disables the guest network for "B" only. This makes sense that this problem happens, because our guests need the DHCP of router "B" to assign their device an IP. Originally, I thought router "A" would take over the whole network's DHCP assigning IPs, but of course I didn't think that through and it doesn't work like that.
I've heard ideas like changing the IP of router "B" to 162.168.2.1, and leaving DHCP enabled, but that doesn't work either.
..............
Here's the crucial parameters I need to adhere to, and I'm hoping you guys can give me answers that also stays within the following means:
1) I need to use these particular routers. There isn't a budget to purchase more equipment.
2) I need the guest networks of both routers to provide internet access only.
3) I need the staff networks of both routers to provide essentially an all access kind of connectivity. Computers/devices need to be able to connect to one another, regardless which router they are connected to. This of course includes internet access.
..............
I'm FAIRLY competent in basic networking now, however any answers needs to be helpful and descriptive please. No "just buy this" or commentary like "why did you do it this way"...I would appreciate any straightforward solutions to my current equipment and setup as possible.
Thank you so much for reading my very lengthy post and any solutions you can answer!
Ryan
We have two identical Linksys routers, and I especially liked the Guest Wireless options, as well as the Parental Control features. We have a separate Comcast modem, which is connected to our office's router (We'll call it Router "A"). This router not only provides hardwired and wireless connectivity to our office copiers, secretary computer, and staff laptops, but it also is hardwired to our separate church building's router (Router "B") via one of the LAN ports. Router "B" mainly provides wireless access for our guests on Sunday mornings, as well as wireless and hardwired connectivity for our staff.
My ideal functions of this two router setup would have these desired features:
-Router "A" and Router "B" will provide staff only networking and internet access on it's "normal" 2.4Ghz & 5Ghz bands.
-Router "A" and Router "B" will also provide guests their own wireless guest network, which does not let guests see other devices connected to our network, but only provide internet access.
I need our staff only network(s) to be able to map and access all other devices/computer on the network...as in, I want to be able to access the secretary's computer in the office building all the way from my Tech. Dir. laptop that's in the seperate church building...going through two routers, etc.
I DON'T want any guests on the guest network to be able to see any of the staff devices...just to have internet.
...............
Now, as far as I have been able to do...
I've able to have both staff networks and guest networks on Router "A" work as planned. Guests can't see any devices on the network, but still have internet access. Staff devices on the staff hardwired and wireless network can see each other, as well as have internet access, of course.
When I hardwire Router "A" and Router "B" together, change the IP and disable DHCP on Router "B", the staff only network works just fine. We have complete connectivity to all devices on Router "A" & "B"...however, disabling the DHCP on Router "B" essentially disables the guest network for "B" only. This makes sense that this problem happens, because our guests need the DHCP of router "B" to assign their device an IP. Originally, I thought router "A" would take over the whole network's DHCP assigning IPs, but of course I didn't think that through and it doesn't work like that.
I've heard ideas like changing the IP of router "B" to 162.168.2.1, and leaving DHCP enabled, but that doesn't work either.
..............
Here's the crucial parameters I need to adhere to, and I'm hoping you guys can give me answers that also stays within the following means:
1) I need to use these particular routers. There isn't a budget to purchase more equipment.
2) I need the guest networks of both routers to provide internet access only.
3) I need the staff networks of both routers to provide essentially an all access kind of connectivity. Computers/devices need to be able to connect to one another, regardless which router they are connected to. This of course includes internet access.
..............
I'm FAIRLY competent in basic networking now, however any answers needs to be helpful and descriptive please. No "just buy this" or commentary like "why did you do it this way"...I would appreciate any straightforward solutions to my current equipment and setup as possible.
Thank you so much for reading my very lengthy post and any solutions you can answer!
Ryan
More about : networking identical routers guest networks
-
Reply to Ryan Orr
price_th
September 16, 2014 10:35:18 AM
Hi Ryan, Router A would take over all DHCP if Router B wasn't a router but an access point only. The fact that you do have two routers, I would go this way. Make a small investment in a switch, $20 to $40 should do nicely for an 8 port. With this you can make the uplink connection to the switch and then just use Router B connected to the switch as an access point with DHCP. The only issue may be is if anyone in the area of Router B needing wireless access to the other parts of the network would have issues. Reason being they would pickup an IP from Router B and without translations, not have access to the equipment on Router A.
-
Reply to price_th
m
0
l
boosted1g
September 16, 2014 10:47:03 AM
When creating a geust network you are creating an issolated IP subnet (a VLAN). So if your office computers IP address are 192.168.1.x then when it creates a guest network it creates it on say 192.168.2.x, thus the two networks cant talk to each other.
Since you are configuring router B as an access point (as you should be doing) router B is accessing the 192.168.1.x subnet and thus cant create an additional subnet of the 192.168.2.x guest network.
If your router supports DD-WRT firmware then you can flash it to that and then should be able to configure a guest network on router B. Doing so will void any warranty on the router though and there is always a risk of bricking the router when flashing it.
Since office computers on Router B need to talk to office computers on Router A price_th's suggestion will not work.
Now you can hookup a third router and configure it as a router with a different IP address scheme for its LAN interface (so 192.168.6.x instead of 192.168.1.x).
In order to remote manage the new Router, Router C, you will want to set it to Static IP for the WAN settings. If Router A is 192.168.1.1 set ROUTER C WAN ip to 192.168.1.3, subnet of 255.255.255.0, gateway IP to that of the router, and just to make sure it cant connect to any office PCs, set dns server to 8.8.8.8 and 8.8.4.4. You would then configure LAN IP to be say 192.168.6.1, subnet 255.255.255.0 and set DHCP server to addresses in the 192.168.6.x range.
Since you are configuring router B as an access point (as you should be doing) router B is accessing the 192.168.1.x subnet and thus cant create an additional subnet of the 192.168.2.x guest network.
If your router supports DD-WRT firmware then you can flash it to that and then should be able to configure a guest network on router B. Doing so will void any warranty on the router though and there is always a risk of bricking the router when flashing it.
Since office computers on Router B need to talk to office computers on Router A price_th's suggestion will not work.
Now you can hookup a third router and configure it as a router with a different IP address scheme for its LAN interface (so 192.168.6.x instead of 192.168.1.x).
In order to remote manage the new Router, Router C, you will want to set it to Static IP for the WAN settings. If Router A is 192.168.1.1 set ROUTER C WAN ip to 192.168.1.3, subnet of 255.255.255.0, gateway IP to that of the router, and just to make sure it cant connect to any office PCs, set dns server to 8.8.8.8 and 8.8.4.4. You would then configure LAN IP to be say 192.168.6.1, subnet 255.255.255.0 and set DHCP server to addresses in the 192.168.6.x range.
-
Reply to boosted1g
m
0
l
Related resources
- How to connect 2 PC networks with 2 wireless routers (Both BT Home Hubs) so I can access the PCs and printers from either netw - Forum
- Create a Guest Wireless Network using a 2nd router - Forum
- How to set up three different wifi systems from a single cable modem: 1 primary home network and 2 additional guest networks. - Forum
- Getting Internet on Guest Network from 2nd Router - Forum
- How to connect 2 home routers to connect 2 separate networks? - Forum
Ryan Orr
September 16, 2014 10:49:34 AM
If you are correct, then your suggestion for a Switch wouldn't work. I need devices on the staff only wireless networks to connect regardless which router they are connected to.
Also, it seems like the current Access Points from Linksys cannot be hardwired together via ethernet. I don't want this. I've heard bridging wirelessly between a wireless router and an access point essentially kills your speeds by half. I can't have this. Eventually we're going to be upstreaming our services online, and any networking solution that compromises it's speed is a no-go.
Also, it seems like the current Access Points from Linksys cannot be hardwired together via ethernet. I don't want this. I've heard bridging wirelessly between a wireless router and an access point essentially kills your speeds by half. I can't have this. Eventually we're going to be upstreaming our services online, and any networking solution that compromises it's speed is a no-go.
-
Reply to Ryan Orr
m
0
l
boosted1g
September 16, 2014 10:50:43 AM
Ryan Orr
September 16, 2014 10:51:44 AM
price_th said:
Hi Ryan, Router A would take over all DHCP if Router B wasn't a router but an access point only. The fact that you do have two routers, I would go this way. Make a small investment in a switch, $20 to $40 should do nicely for an 8 port. With this you can make the uplink connection to the switch and then just use Router B connected to the switch as an access point with DHCP. The only issue may be is if anyone in the area of Router B needing wireless access to the other parts of the network would have issues. Reason being they would pickup an IP from Router B and without translations, not have access to the equipment on Router A.If you are correct, then your suggestion for a Switch wouldn't work. I need devices on the staff only wireless networks to connect regardless which router they are connected to.
Also, it seems like the current Access Points from Linksys cannot be hardwired together via ethernet. I don't want this. I've heard bridging wirelessly between a wireless router and an access point essentially kills your speeds by half. I can't have this. Eventually we're going to be upstreaming our services online, and any networking solution that compromises it's speed is a no-go.
-
Reply to Ryan Orr
m
0
l
boosted1g
September 16, 2014 10:54:03 AM
When you use a repeater you half the network bandwidth as you have to split it between talking from router->repeater and repeater->client device.
If you use a wireless bridge or access point you have one interface that is ethernet and one interface that is wireless thus you have two adapters handling it and thus it does not split the bandwidth like a repeater does.
If you use a wireless bridge or access point you have one interface that is ethernet and one interface that is wireless thus you have two adapters handling it and thus it does not split the bandwidth like a repeater does.
-
Reply to boosted1g
m
0
l
boosted1g
September 16, 2014 10:55:16 AM
Ryan Orr
September 16, 2014 11:03:40 AM
boosted1g said:
If your router supports DD-WRT firmware then you can flash it to that and then should be able to configure a guest network on router B. Doing so will void any warranty on the router though and there is always a risk of bricking the router when flashing it.So in short, this would be the solution IF I can configure it correctly:
- Router "A"s subnet is 192.168.1.X
- Router "A"s guest network is automatically a subnet set to 192.168.2.X
- Router "B" subnet should be different like 192.168.3.X
- Router "B" guest network is automatically set to a subnet of 192.168.4.X
Since both guest networks are automatic, both guest network subnets are automatically set to 192.168.2.X, and that's where the problem is???
So what you are saying is, if I'm somehow able to configure Router "B" guest network's subnet to something like 192.168.4.X...this would ALL work? Because I'm under the impression that being on different VLAN, there won't be any connectivity between the office and church devices...
-
Reply to Ryan Orr
m
0
l
boosted1g
September 16, 2014 11:13:29 AM
No,
Router A normal network is 192.168.1.x
Router A auto-created 192.168.2.x through guest network setup
Router B has no DHCP thus it is an extension of 192.168.1.x (anything else would result in office PCs on Router A and B to not be able to talk to each other).
As sits, Router B can not connect to 192.168.2.x as it is tied to the 192.168.1.x subnet
You either need better firmware or an additional router to create an additional guest network on 192.168.3.x.
I hope that makes more sense.
Router A normal network is 192.168.1.x
Router A auto-created 192.168.2.x through guest network setup
Router B has no DHCP thus it is an extension of 192.168.1.x (anything else would result in office PCs on Router A and B to not be able to talk to each other).
As sits, Router B can not connect to 192.168.2.x as it is tied to the 192.168.1.x subnet
You either need better firmware or an additional router to create an additional guest network on 192.168.3.x.
I hope that makes more sense.
-
Reply to boosted1g
m
0
l
boosted1g
September 16, 2014 11:21:50 AM
Ryan Orr
September 16, 2014 11:46:11 AM
boosted1g said:
Router A normal network is 192.168.1.xRouter A auto-created 192.168.2.x through guest network setup
Router B has no DHCP thus it is an extension of 192.168.1.x (anything else would result in office PCs on Router A and B to not be able to talk to each other).
As sits, Router B can not connect to 192.168.2.x as it is tied to the 192.168.1.x subnet
Excuse me, you are correct. I mistyped that:
- Router "A"s subnet/IP should be 192.168.1.1
- Router "A"s guest network is automatically a subnet set to 192.168.2.X
- Router "B" subnet/IP should be different like 192.168.1.2
- Router "B" guest network needs to be set to a subnet of 192.168.3.X
Since both routers are on the same subnet (with different IPs), they are still on the same Staff Only network, and all devices can access each other. However, with Router "A"s guest network on subnet 192.168.2.X, and IF I can somehow get Router "B"s guest network on subnet 192.168.3.X, my whole network setup would work as planned.
As far as I know, without a hack/modded firmware, there is no option to change the subnet of either router's guest network...through the browser access of either router, those options are not available. Unless there's a super secret, backend way to change that, I don't have any options with my current equipment to fix this, huh?
-
Reply to Ryan Orr
m
0
l
boosted1g
September 16, 2014 11:49:42 AM
As far as what the subnet is for the Router B guest network, that is not even important for your needs. Your roadblock is that the current firmware is not capabile of creating a guest network on an access point with DHCP dissabled. Other firmwares are advanced enough to dissable DHCP for the 192.168.1.x network but provide DHCP for the guest network.
In all reality the best method for garanteed success is to get Router C.
In all reality the best method for garanteed success is to get Router C.
-
Reply to boosted1g
m
0
l
boosted1g
September 16, 2014 11:56:22 AM
I just had a though, the possibility of success is completley dependent on how linksys firmware is designed but worth a shot.
On router A, set DHCP server range to say 192.168.1.50-192.168.1.100 (the numbers are not imporant, just make the range 50 addresses).
Now on Router B, re-enable DHCP server and set it 192.168.1.101 (or +1 number of whatever you set Router A to be) - 192.168.1.150.
Now see if you can configure a guest network on Router B.
On router A, set DHCP server range to say 192.168.1.50-192.168.1.100 (the numbers are not imporant, just make the range 50 addresses).
Now on Router B, re-enable DHCP server and set it 192.168.1.101 (or +1 number of whatever you set Router A to be) - 192.168.1.150.
Now see if you can configure a guest network on Router B.
-
Reply to boosted1g
m
0
l
Ryan Orr
September 16, 2014 12:00:44 PM
boosted1g said:
As far as what the subnet is for the Router B guest network, that is not even important for your needs. Your roadblock is that the current firmware is not capabile of creating a guest network on an access point with DHCP dissabled. Other firmwares are advanced enough to dissable DHCP for the 192.168.1.x network but provide DHCP for the guest network.In all reality the best method for garanteed success is to get Router C.
Hmm...I think I see your point.
Both of my routers are Linksys AC1200+, which with a quick Google search it doesn't seem like it's supported. Can you confirm this boosted1g? I appreciate all your help so far.
-
Reply to Ryan Orr
m
0
l
boosted1g
September 16, 2014 12:05:21 PM
As of currently there is no support.
Ironic that Linksys in the old WRT54G days was the staple for modified firmware and was the one everyone was making firmwares for. Ever since the jump to wireless N, Linksys has most of their devices locked out. Strangly enough their sales and percent of market share has dropped. Coincidene, probably not.
Ironic that Linksys in the old WRT54G days was the staple for modified firmware and was the one everyone was making firmwares for. Ever since the jump to wireless N, Linksys has most of their devices locked out. Strangly enough their sales and percent of market share has dropped. Coincidene, probably not.
-
Reply to boosted1g
m
0
l
Ryan Orr
September 16, 2014 12:25:21 PM
boosted1g said:
I just had a though, the possibility of success is completley dependent on how linksys firmware is designed but worth a shot.On router A, set DHCP server range to say 192.168.1.50-192.168.1.100 (the numbers are not imporant, just make the range 50 addresses).
Now on Router B, re-enable DHCP server and set it 192.168.1.101 (or +1 number of whatever you set Router A to be) - 192.168.1.150.
Now see if you can configure a guest network on Router B.
I did what you asked, and my iPad is now being assigned an IP address from Router "B", however it seems to have no internet access...
-
Reply to Ryan Orr
m
0
l
boosted1g
September 16, 2014 12:26:27 PM
Ryan Orr
September 16, 2014 12:41:49 PM
boosted1g said:
Ok, one of those worth a shot deals.Looks like the only option then is to get a third router.
Can I just be a bit more though with my setup details...maybe there's a devil in the detail problem happening.
Router "A"
IP Address: 192.168.1.1
Subnet: 192.168.1.X
DHCP Server: ON...range is 192.168.1.50-99
Router "B"
IP Address: 192.168.1.254 (I set that so there was a very distinct distance in both router's IP addresses)
Subnet: 192.168.1.X
DHCP Server: ON...range is 192.168.1.100 - 149
Does the IP address of Router "B" need to be within the DHCP range of "A"s?
-
Reply to Ryan Orr
m
0
l
boosted1g
September 16, 2014 1:54:57 PM
No, you want it to be outside the range of the DHCP server. The DHCP is there to assign IP addresses to computers, since you manual assigned an IP address it does not need one assgned to it.
If under the suggested configuration you have internet on the office network but not the guest network on Router B then there is nothing else that can be done with existing equipment, it is just a limitation of the firmware.
If under the suggested configuration you have internet on the office network but not the guest network on Router B then there is nothing else that can be done with existing equipment, it is just a limitation of the firmware.
-
Reply to boosted1g
m
0
l
Ryan Orr
September 16, 2014 3:58:24 PM
boosted1g said:
No, you want it to be outside the range of the DHCP server. The DHCP is there to assign IP addresses to computers, since you manual assigned an IP address it does not need one assgned to it.If under the suggested configuration you have internet on the office network but not the guest network on Router B then there is nothing else that can be done with existing equipment, it is just a limitation of the firmware.
Okay thank you so much for all your advice bosted1g.
You suggested using a 3rd router, and make that the guest network of the church building instead. How would the settings need to be for everything if I were to go that route? How would everything be hardwired together?
Also...keep in mind that there is a single ethernet cable running from the office to the church building, and the cable modem MUST be in the office. So if we were to call the office router "A", and connect another router called "B" to "A" ("B" being in the church and handling the staff network), then connect a new router called "C" to "A" also...basically like the illustration below shows...what would be the settings now?
-
Reply to Ryan Orr
m
0
l
bill001g
September 16, 2014 4:35:22 PM
You are going to have a issues trying to get this to work securely.
I have not read this entire thread but you can not use the IP the way you have them drawn. You can not have router b on the same subnet with dhcp on. You either must run this as a AP and let the router a give out ip or completely change the range say to 192.168.4.x. The DHCP range on router v needs to be in the 192.168.3.x network.
Still this does not solve your security issue. The users on router c can not access the users on router b (assuming you run as a router) but they can access the users connected to router A. You might be able to limit that with firewall rules in router c that does not allow traffic to go to 192.168.1.x addresses.
You will need a small switch to plug both routers into if you only have a single cable.
The only way to do this with a single router is to use vlans which are not supported on most consumer routers with factory firmware.
I have not read this entire thread but you can not use the IP the way you have them drawn. You can not have router b on the same subnet with dhcp on. You either must run this as a AP and let the router a give out ip or completely change the range say to 192.168.4.x. The DHCP range on router v needs to be in the 192.168.3.x network.
Still this does not solve your security issue. The users on router c can not access the users on router b (assuming you run as a router) but they can access the users connected to router A. You might be able to limit that with firewall rules in router c that does not allow traffic to go to 192.168.1.x addresses.
You will need a small switch to plug both routers into if you only have a single cable.
The only way to do this with a single router is to use vlans which are not supported on most consumer routers with factory firmware.
-
Reply to bill001g
m
0
l
Ryan Orr
September 16, 2014 5:29:31 PM
bill001g said:
The users on router c can not access the users on router b (assuming you run as a router) but they can access the users connected to router A. You might be able to limit that with firewall rules in router c that does not allow traffic to go to 192.168.1.x addresses.It's my understanding that because "A" and "B" are on the same subnet of 192.168.1.X, they are technically on the same network, and thus all connected devices can be seen. Because the guest network of "A" is automatically generated as 192.168.2.X, then on "C" I would change the subnet to 192.168.3.X, thus creating a VLAN that won't allow guests to see "A" or "B"s subnet 1's network...which is exactly what I'm wanting. They still will get internet, but not access to other devices.
Also, because I am creating static IPs for all the routers, which are outside of each and every routers DHCP Server range, there won't be any conflicts...from what I've gathered...so there shouldn't be any handling issues.
-
Reply to Ryan Orr
m
0
l
bill001g
September 16, 2014 5:37:16 PM
If you use router B as a AP then they are in the same subnet as router A.
The WAN address on router C must be in the same subnet as all the users behind router A and router B. Sure you can use 192.168.3.x for the lan and say nat it to 192.168.1.200 (or whatever you pick for router C wan address.) This means that the users on router a and router B can not get to 192.168.3.x because of the NAT but the the users on the 192.168.3.x network can get to the users in the 192.168.1.x network because from their viewpoint that is a internet address.
Be aware your routers can not actually create vlans. You need vlan tags to keep the traffic seperate.
The WAN address on router C must be in the same subnet as all the users behind router A and router B. Sure you can use 192.168.3.x for the lan and say nat it to 192.168.1.200 (or whatever you pick for router C wan address.) This means that the users on router a and router B can not get to 192.168.3.x because of the NAT but the the users on the 192.168.3.x network can get to the users in the 192.168.1.x network because from their viewpoint that is a internet address.
Be aware your routers can not actually create vlans. You need vlan tags to keep the traffic seperate.
-
Reply to bill001g
m
0
l
Ryan Orr
September 16, 2014 6:43:44 PM
Okay, so it seems like there is no solution I can obtain with my current equipment and setup.
So, what would be your suggestion in equipment be for an organization like mine? Two different buildings, with one overall "Staff Only" hardwired/wireless network, and one overall "Guest" wireless network that has only internet access, with no access to other network devices?
So, what would be your suggestion in equipment be for an organization like mine? Two different buildings, with one overall "Staff Only" hardwired/wireless network, and one overall "Guest" wireless network that has only internet access, with no access to other network devices?
-
Reply to Ryan Orr
m
0
l
Ryan Orr
September 17, 2014 7:09:15 AM
Today I just wanted to try an idea...
Modem > Office "Router A" > Church "Router B"...Staff Only > Church "Router C"...Guest Only
(Everything is hardwired through the LAN ports of each device)
-Router A:
192.168.1.1
DHCP: On
DHCP Range: 192.168.1.3 - 254
-Router B (Staff Only):
192.168.1.2
DHCP: Off
-Router C (Guest Only):
192.168.3.1
-DHCP: ON
-DHCP Range: 192.168.3.2 - 254
I thought, since A & B were on the same subnet of "1", they would both be one network. And since C was on it's own subnet of "3", and with it's DHCP Server handling it's own IP addressing, I thought it would work.
However, C still doesn't have internet...which makes absolute sense now that I think about it...I think I'm just burned out and need to just deal with the security hole...which isn't desired at all. We've already have had someone snooping around the connected staff computers and I don't like that at all...
Modem > Office "Router A" > Church "Router B"...Staff Only > Church "Router C"...Guest Only
(Everything is hardwired through the LAN ports of each device)
-Router A:
192.168.1.1
DHCP: On
DHCP Range: 192.168.1.3 - 254
-Router B (Staff Only):
192.168.1.2
DHCP: Off
-Router C (Guest Only):
192.168.3.1
-DHCP: ON
-DHCP Range: 192.168.3.2 - 254
I thought, since A & B were on the same subnet of "1", they would both be one network. And since C was on it's own subnet of "3", and with it's DHCP Server handling it's own IP addressing, I thought it would work.
However, C still doesn't have internet...which makes absolute sense now that I think about it...I think I'm just burned out and need to just deal with the security hole...which isn't desired at all. We've already have had someone snooping around the connected staff computers and I don't like that at all...
-
Reply to Ryan Orr
m
0
l
boosted1g
September 17, 2014 8:10:44 AM
You should have the following connections with --> being an ethernet cable:
Modem-->Wan port router A
Lan port router A --> Lan port router B
Lan port router B --> Wan port router C
Router C needs the following settings
WAN IP: 192.168.1.3 (verify this address is not in use by Router A)
WAN SUBNET: 255.255.255.0
GATEWAY: 192.168.1.1
DNS: 8.8.8.8
DNS 2: 8.8.4.4
LAN IP: 192.168.3.1
SUBNET: 255.255.255.0
DHCP Server: 192.168.3.50-192.168.3.100 (it is good practice to have several IPs before the DHCP range, and it is also best to keep the DHCP server range too big so that too many devices cant connect).
Router B and Router C need to use IPs (WAN IP on Router C, LAN IP on router B) that are outside the DHCP server of Router A.
As a troubleshooting test you can also try connecting Lan port router A to Wan port router C to see if that works.
Modem-->Wan port router A
Lan port router A --> Lan port router B
Lan port router B --> Wan port router C
Router C needs the following settings
WAN IP: 192.168.1.3 (verify this address is not in use by Router A)
WAN SUBNET: 255.255.255.0
GATEWAY: 192.168.1.1
DNS: 8.8.8.8
DNS 2: 8.8.4.4
LAN IP: 192.168.3.1
SUBNET: 255.255.255.0
DHCP Server: 192.168.3.50-192.168.3.100 (it is good practice to have several IPs before the DHCP range, and it is also best to keep the DHCP server range too big so that too many devices cant connect).
Router B and Router C need to use IPs (WAN IP on Router C, LAN IP on router B) that are outside the DHCP server of Router A.
As a troubleshooting test you can also try connecting Lan port router A to Wan port router C to see if that works.
-
Reply to boosted1g
m
0
l
Ryan Orr
September 17, 2014 9:29:42 AM
boosted1g said:
You should have the following connections with --> being an ethernet cable: Modem-->Wan port router A
Lan port router A --> Lan port router B
Lan port router B --> Wan port router C
Router C needs the following settings
WAN IP: 192.168.1.3 (verify this address is not in use by Router A)
WAN SUBNET: 255.255.255.0
GATEWAY: 192.168.1.1
DNS: 8.8.8.8
DNS 2: 8.8.4.4
LAN IP: 192.168.3.1
SUBNET: 255.255.255.0
DHCP Server: 192.168.3.50-192.168.3.100 (it is good practice to have several IPs before the DHCP range, and it is also best to keep the DHCP server range too big so that too many devices cant connect).
Router B and Router C need to use IPs (WAN IP on Router C, LAN IP on router B) that are outside the DHCP server of Router A.
As a troubleshooting test you can also try connecting Lan port router A to Wan port router C to see if that works.
What would be my DNCP Server settings be on A, B, & C?
-
Reply to Ryan Orr
m
0
l
boosted1g
September 17, 2014 9:49:33 AM
DHCP server is there to provide your devices an IP address which is how the router knows what computer asked for what data.
For router A primary network, you should be fine with 50 devices unless your church + other builidng has more devices then that on its office pc network.
Thus you can make it 192.168.1.50-.100
For Router A Guest Network it probably does not let you set a range, at best the number of devices, so you can set it to 20-50 whatever you think you need.
For router B. DHCP server is dissabled
For Router C you can set it to 192.168.3.50-192.168.3.150 since it is only handling geust traffic.
For router A primary network, you should be fine with 50 devices unless your church + other builidng has more devices then that on its office pc network.
Thus you can make it 192.168.1.50-.100
For Router A Guest Network it probably does not let you set a range, at best the number of devices, so you can set it to 20-50 whatever you think you need.
For router B. DHCP server is dissabled
For Router C you can set it to 192.168.3.50-192.168.3.150 since it is only handling geust traffic.
-
Reply to boosted1g
m
0
l
Ryan Orr
September 17, 2014 10:50:55 AM
Thanks everyone for your help, but especially to boosted1g! My setup is working finally.
-Here's what I needed to do to my network to get it all working:
1)Instead of 2 routers, I ended up using 3.
2)Router A was our Office router, which had it's own guest network.
3)Router B was our church building's "Staff Only" wireless router.
4)Router C was our church building's "Guest Only" wireless router.
-Plan:
1)Router A & B needed to essentially create one network, so that all Staff devices can talk to each other. Router A's guest network was available, which allowed guests to access the internet, without seeing any of the staff devices.
2)Router C was for Guests only. It uses the main wireless networks, however due to the settings (listed below), it still acts like a guest network feature, where our guests can access the internet, but none of the staff devices.
-Hardware/Hardwire Connections:
1)The modem connected to Router A via Wan.
2)Router A connected to Router B both via LAN.
3)Then I connected one of Router B's LAN to Router C's WAN
-Settings:
~Router A:
1) Ip: 192.168.1.1
2) DHCP Server: ON | Range: 192.168.1.3 - 254
~Router B:
1) Ip: 192.168.1.2
2) DHCP Server: OFF
(Note: Router A's DHCP is suppose to handle all IP assigning, so that's why B's DHCP is disabled. However, disabling B's DHCP stopped any device trying to connect to the routers guest account feature. Devices were always showing that they were waiting for an IP address to be assigned, but never got them.)
~Router C:
Lan IP: 192.168.3.1
Subnet: 255.255.255
DHCP Server: ON | Range: 192.168.3.2 - 254
Wan IP: 192.168.1.3
Wan Subnet: 255.255.255.0
DNS1: 8.8.8.8
DNS2: 8.8.4.4
And that's that. With the addition of a 3rd router and it's DNS settings and WAN connection to the LAN port of Router B, I now have a guest network that doesn't show any of the staff network devices, but has internet access. I'll admit, I haven't a slightest clue what the DNS settings are doing, or why LAN to WAN connection was needed...I just don't have that knowledge or experience in computer networking to know. However, thanks to everyone, especially boosted1g, I have my solution, and next Sunday our guests will have their internet needs supplied.
Thanks a lot,
Ryan
-Here's what I needed to do to my network to get it all working:
1)Instead of 2 routers, I ended up using 3.
2)Router A was our Office router, which had it's own guest network.
3)Router B was our church building's "Staff Only" wireless router.
4)Router C was our church building's "Guest Only" wireless router.
-Plan:
1)Router A & B needed to essentially create one network, so that all Staff devices can talk to each other. Router A's guest network was available, which allowed guests to access the internet, without seeing any of the staff devices.
2)Router C was for Guests only. It uses the main wireless networks, however due to the settings (listed below), it still acts like a guest network feature, where our guests can access the internet, but none of the staff devices.
-Hardware/Hardwire Connections:
1)The modem connected to Router A via Wan.
2)Router A connected to Router B both via LAN.
3)Then I connected one of Router B's LAN to Router C's WAN
-Settings:
~Router A:
1) Ip: 192.168.1.1
2) DHCP Server: ON | Range: 192.168.1.3 - 254
~Router B:
1) Ip: 192.168.1.2
2) DHCP Server: OFF
(Note: Router A's DHCP is suppose to handle all IP assigning, so that's why B's DHCP is disabled. However, disabling B's DHCP stopped any device trying to connect to the routers guest account feature. Devices were always showing that they were waiting for an IP address to be assigned, but never got them.)
~Router C:
Lan IP: 192.168.3.1
Subnet: 255.255.255
DHCP Server: ON | Range: 192.168.3.2 - 254
Wan IP: 192.168.1.3
Wan Subnet: 255.255.255.0
DNS1: 8.8.8.8
DNS2: 8.8.4.4
And that's that. With the addition of a 3rd router and it's DNS settings and WAN connection to the LAN port of Router B, I now have a guest network that doesn't show any of the staff network devices, but has internet access. I'll admit, I haven't a slightest clue what the DNS settings are doing, or why LAN to WAN connection was needed...I just don't have that knowledge or experience in computer networking to know. However, thanks to everyone, especially boosted1g, I have my solution, and next Sunday our guests will have their internet needs supplied.
Thanks a lot,
Ryan
-
Reply to Ryan Orr
m
0
l
Best solution
boosted1g
September 17, 2014 11:00:44 AM
Using the WAN port makes Router C an issolated network. The DNS settings just provides an additonal layer of protection from guests accessing office PCs. By using the DNS server from google they are immediatly being routed outside of your network (past your modem to the outside world) and wont be able to just get back in to access any PCs on the office network.
Please mark an answer as best solution.
Glad I could help.
Please mark an answer as best solution.
Glad I could help.
-
Reply to boosted1g
Share
bill001g
September 17, 2014 11:04:33 AM
They WILL be able to access the PC in the office network. They can easily just type in any of the 192.168.1.x addresses and access the machine.
You need to put in a firewall rule in router C that prevents any access to 192.168.1.x addresses coming from the 192.168.3.x addresses.
The part that is prevented by default is the 192.168.1.x addresses accessing the 192.168.3.x addresses but that is the reverse of your security issue.
You need to put in a firewall rule in router C that prevents any access to 192.168.1.x addresses coming from the 192.168.3.x addresses.
The part that is prevented by default is the 192.168.1.x addresses accessing the 192.168.3.x addresses but that is the reverse of your security issue.
-
Reply to bill001g
m
0
l
boosted1g
September 17, 2014 11:09:12 AM
boosted1g
September 17, 2014 11:23:07 AM
Ryan,
Go to a computer on the office network and open command prompt and type ipconfig to get its IP address.
Now take a windows device and connect to the guest network from router C. Open command prompt and type ping and the IP address from earlier, so if the address was 192.168.1.50 then type ping 192.168.1.50.
Let me know if it times out or if reports packets recieved successfully.
Go to a computer on the office network and open command prompt and type ipconfig to get its IP address.
Now take a windows device and connect to the guest network from router C. Open command prompt and type ping and the IP address from earlier, so if the address was 192.168.1.50 then type ping 192.168.1.50.
Let me know if it times out or if reports packets recieved successfully.
-
Reply to boosted1g
m
0
l
bill001g
September 17, 2014 11:56:49 AM
Related resources
- SolvedLooking for guest network WiFi router Forum
- SolvedPluging router into Hotel Network causing guest IP errors Forum
- Solved2 ISPs 2 routers 2 networks and a failover Forum
- Solved2 routers, 2 networks, 1 house Forum
- Need to run 2 networks and 1 internet but share printers over both. Forum
- How to Configure 2 separate routers to create two separate networks Forum
- SolvedHow to connect and have two separate networks with 1 modem and 2 routers? Forum
- Connect 2 different networks using 2 routers Forum
- Have 2 computers one wireless router how network both Forum
- Networking issues involving 2 routers and a switch. Forum
- Do I need to connect two wireless modem/routers together in a network to use them both in my house? Forum
- Recommend router or AP that does guest network in AP mode? Forum
- Connect 2 networks together (They both have internet connection) Forum
- Netgear router creating BOTH G and N Networks Forum
- Connect 2 routers on different networks to one computer Forum
- More resources
Read discussions in other Wireless Networking categories
!