cancel
Showing results for 
Search instead for 
Did you mean: 

VLAN

Steevo
Grafter
Posts: 418
Registered: ‎17-01-2013

VLAN

I'm considering splitting my network into two so that I can provide a guest network via two APs whilst keeping my business network private. Currently using Windows Homegroup to do this, but wondering whether a VLAN router would be a better bet. Can anyone advise further please?
23 REPLIES 23
VileReynard
Hero
Posts: 12,616
Thanks: 582
Fixes: 20
Registered: ‎01-09-2007

Re: VLAN

You might do better to connect via a different ISP.
This would allow your business network to have a very limited amount of redundancy.

"In The Beginning Was The Word, And The Word Was Aardvark."

Steevo
Grafter
Posts: 418
Registered: ‎17-01-2013

Re: VLAN

Could you explain this please?
nanotm
Pro
Posts: 5,756
Thanks: 156
Fixes: 2
Registered: ‎11-02-2013

Re: VLAN

you could do this with a single wifi router,method;
your current network is 192.168.1.x>xxx subnet 255.255.255.0
new wifi router hook it up to laptop with a wire enter admin mode, configure it's dhcp server to run from 192.168.2.x>xxx subnet mask 255.255.255.5 save and restart
unplug the wire from the laptop and plug it into the current network router, bingo you have an unmapable separate network for guests that still has internet access giving you complete isolation between work and guest network.
you can also utilise QoS to rate limit the bandwidth available to the guest network so that cheeky people cant be streaming movies and blocking your work access Smiley
no idea what foxy is on about but I suspect he's implying you should have fall over redundancy for your internet connection using multiple isp's and leased lines (which is hugely pricey)
edited a typo
just because your paranoid doesn't mean they aren't out to get you
Steevo
Grafter
Posts: 418
Registered: ‎17-01-2013

Re: VLAN

Wow! That sounds rather handy if I can do it as simply as that. I wasn't aware you could daisy chain two routers like that and that one would take the IP from the previous, but could also then assign IPs itself using a different set of IPs.
pwatson
Rising Star
Posts: 2,470
Thanks: 8
Fixes: 1
Registered: ‎26-11-2012

Re: VLAN

Do NOT do what nanotm has suggested!!!
As described (connecting the LAN port of the second router to a LAN port on the 1st router) will not work at all.  Connecting the WAN port of the 2nd router to a LAN port on the 1st will result in a working system *but* all the devices on the 1st LAN will be visible on the 2nd!!!
Far better either putting a firewall between the two networks, preferably with a captive portal that displays acceptable use polices etc when first used.  At the very least, investigate routers that implement access isolation.
VileReynard
Hero
Posts: 12,616
Thanks: 582
Fixes: 20
Registered: ‎01-09-2007

Re: VLAN

Quote from: vilefoxdemonofdoom
You might do better to connect via a different ISP.
This would allow your business network to have a very limited amount of redundancy.

Simply subscribe to a totally different ISP with its own router/access point.
If your Plusnet connection fails, you could use the "guest" connection as a temporary backup.
(Obviously all guests would have to be kicked off).

"In The Beginning Was The Word, And The Word Was Aardvark."

nanotm
Pro
Posts: 5,756
Thanks: 156
Fixes: 2
Registered: ‎11-02-2013

Re: VLAN

Quote from: pwatson
Do NOT do what nanotm has suggested!!!
As described (connecting the LAN port of the second router to a LAN port on the 1st router) will not work at all.  Connecting the WAN port of the 2nd router to a LAN port on the 1st will result in a working system *but* all the devices on the 1st LAN will be visible on the 2nd!!!
Far better either putting a firewall between the two networks, preferably with a captive portal that displays acceptable use polices etc when first used.  At the very least, investigate routers that implement access isolation.

I didn't specify the exact steps but thanks for pointing out you have to use the wan port on the secondary router, (the one I'm currently using its in lan port 1 because there isn't a wan port and that's what the manufacturer recommends)
@steevo its slightly more involved than I indicated, there's more setup steps required in the admin mode side of the secondary router, but essentially it is as simple as changing the network address space provided by the secondary router,
the exact steps to take will depend on the router you purchase to use for the guest network, and what router your using as a primary, personally I have a billion 7800dx primary router and then have a buffalo airport as the secondary router, so for me it was a case of using the lan port on the router to a lan port on the other router with separate address space's.
the secondary unit clients cannot see or here any of the primary network, and the primary network can only see the secondary router but none of the clients on it.
and its a hell of a lot simpler than trying to create virtual LAN's
here's a quick search of methods people have used to set things up in the past https://www.google.co.uk/?gws_rd=ssl#q=create+guest+network+with+second+router
hopefully you will get yours up and running in under an hour just like I did Smiley
just because your paranoid doesn't mean they aren't out to get you
pwatson
Rising Star
Posts: 2,470
Thanks: 8
Fixes: 1
Registered: ‎26-11-2012

Re: VLAN

Again DO NOT DO THIS (apologies for shouting, but it's important that the point is made!)
Simply connecting a second router to the first means that everything on the first LAN is visible on the second!!!
Steevo
Grafter
Posts: 418
Registered: ‎17-01-2013

Re: VLAN

Now I'm all confused!!
@vilefoxdemonofdoom thanks for your suggestion but I don't want a second ISP/connection/cost etc. I'm happy to split the existing connection.
Would something like this do as a second router coming off my Plusnet modem router? Or perhaps this if I were to replace the 582N?
Sorry for the dim questions. I'm not too bad with technology, but happy to admit I'm totally out of my depth here.
pwatson
Rising Star
Posts: 2,470
Thanks: 8
Fixes: 1
Registered: ‎26-11-2012

Re: VLAN

Please see my post above!
If you're going to buy a new router, buy one that has properly implemented Guest network facilities and use it as your only router.
Steevo
Grafter
Posts: 418
Registered: ‎17-01-2013

Re: VLAN

Thank you @pwatson. I shall steer clear of using two standard routers as above.
Are you able to suggest a few such routers please? I've seen consumer routers that have "Guest WiFi" but I could do with a wired solution so I could assign one specific port to guests to split from there.
pwatson
Rising Star
Posts: 2,470
Thanks: 8
Fixes: 1
Registered: ‎26-11-2012

Re: VLAN

Regrettably it's not a subject I've looked into, so I can't recommend specific hardware.  I'd look into the Draytek range as they have VLAN facilities or routers that can run firmware such as OpenWRT, DD-WRT or Tomato .
Oldjim
Resting Legend
Posts: 38,460
Thanks: 787
Fixes: 63
Registered: ‎15-06-2007

Re: VLAN

this is a bit old but may help http://www.pcworld.com/article/2038219/8-essential-features-you-need-in-a-business-router.html
Otherwise if you Google Router with VLAN is may bring up a few options
Steevo
Grafter
Posts: 418
Registered: ‎17-01-2013

Re: VLAN

Thanks Oldjim. That's where I found the two Ciscos.