I am helping a buddy who started a coffee shop set up his network. We decided to do two subnets — one for the POS system and one for the office/employee computers. We decided to do this because the POS provider has access to the POS devices and we'd like to prevent the POS system from communicating to the office.
Additionally, I'll be purchasing and installing a Synology DS214.
I am wondering the best way to set up this network. The three options I was considering were:
1) Three RT-N66U routers — connect the modem to the first router (192.168.1.1), then connect the other two routers via LAN ports (192.168.2.1 and 192.168.3.1).
I'm not sure if this gives me the security that I think it does? Could a user just change his gateway to access the other network? Are there other disadvantages/problems?
Could I simply connect my NAS to the first router to allow all devices to connect to it?
2) One RT-N66U flashed with third party software using VLANs — I've never used Tomato or DD-WRT, but my understanding is that I can flash Tomato (Shibby) or DD-WRT onto my router and set up two VLANs to prevent the devices from talking.
Could the NAS still communicate between both VLANs?
3) Get a business class router (Cisco or Ubiquiti?) — I've never set up a business network and therefore only have experience with consumer routers. I assume the process would be similar as #2 (VLANs).
We will probably add security cameras and maybe guest wi-fi down the road if that makes any difference.
Additionally, I'll be purchasing and installing a Synology DS214.
I am wondering the best way to set up this network. The three options I was considering were:
1) Three RT-N66U routers — connect the modem to the first router (192.168.1.1), then connect the other two routers via LAN ports (192.168.2.1 and 192.168.3.1).
I'm not sure if this gives me the security that I think it does? Could a user just change his gateway to access the other network? Are there other disadvantages/problems?
Could I simply connect my NAS to the first router to allow all devices to connect to it?
2) One RT-N66U flashed with third party software using VLANs — I've never used Tomato or DD-WRT, but my understanding is that I can flash Tomato (Shibby) or DD-WRT onto my router and set up two VLANs to prevent the devices from talking.
Could the NAS still communicate between both VLANs?
3) Get a business class router (Cisco or Ubiquiti?) — I've never set up a business network and therefore only have experience with consumer routers. I assume the process would be similar as #2 (VLANs).
We will probably add security cameras and maybe guest wi-fi down the road if that makes any difference.