+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 19
Wireless Networks Thread, Separate guest wifi in Technical; The requirements: House with ajoining holiday let; Currently with dial-up access but new ADSL line now going in; Owners want ...
  1. #1

    Join Date
    Oct 2007
    Location
    Cambridgeshire, UK
    Posts
    306
    Thank Post
    58
    Thanked 23 Times in 20 Posts
    Rep Power
    18

    Question Separate guest wifi

    The requirements:
    • House with ajoining holiday let;
    • Currently with dial-up access but new ADSL line now going in;
    • Owners want wifi access for their two laptops in and around property in addition to wired access for one desktop;
    • Wifi access to be provided for guest use in and around property but separated from accessing owner's private network;

    In past days I have done similar by using IPCOP to separate the networks, each with their own wifi AP with different SSIDs, and have the IPCOP going out to a single router/modem. However, I'd rather stick with a single, small, appliance type solution if possible.

    They need to buy a router/modem anyway for the new ADSL line so I was looking at the Netgear DGN2000 as it has the ability to set multiple SSIDs but I'm not sure if this then separates them into VLANs - if not, I can't see the point of multiple SSIDs unless you have devices that can't use higher security methods.

    What would you do to achieve the required result?

  2. #2
    OllieC's Avatar
    Join Date
    Jun 2009
    Location
    Derby/Birmingham
    Posts
    187
    Thank Post
    17
    Thanked 16 Times in 10 Posts
    Rep Power
    14
    I'd recommend grabbing a router that can run DD-WRT (Linksys WRT54 series ftw). In the past I've had my main SSID (WPA2) and then a second with WEP for my sister's DS, this was on a different VLAN and could only access the internet and had MAC filtering.

    Take a look at this Multiple BSSIDs with DD-WRT - Interactive HowTo
    Slightly different/less comprehensive from the official DD-WRT site VLAN Detached Networks each with Wireless and Internet - DD-WRT Wiki

    It can probably be done with Tomato firmware as well although I wouldn't know where to start with that.

  3. #3

    Join Date
    Oct 2007
    Location
    Cambridgeshire, UK
    Posts
    306
    Thank Post
    58
    Thanked 23 Times in 20 Posts
    Rep Power
    18
    I've not had a good track record with Linksys equipment (probably just unlucky) but could be persuaded to look again. I would also prefer to go with a solution that had 802.11n and gigabit ports built in too.

  4. #4


    Join Date
    Feb 2007
    Location
    Northamptonshire
    Posts
    4,703
    Thank Post
    352
    Thanked 806 Times in 721 Posts
    Rep Power
    348
    I think you'll struggle finding a cheap gigabit adsl all in one router.

    My advice would be to echo the DD-WRT suggestion (recently done this myself) and if you need gigabit (why if there's only 1 hard wired PC?) put a switch in behind the router to provide this.

  5. Thanks to kmount from:

    djones (3rd June 2010)

  6. #5
    OllieC's Avatar
    Join Date
    Jun 2009
    Location
    Derby/Birmingham
    Posts
    187
    Thank Post
    17
    Thanked 16 Times in 10 Posts
    Rep Power
    14
    Linksys WRT320N Wireless-N Dual-band Gigabit Router - Ebuyer
    That'll run DD-WRT, 802.11n and gigabit. You can use any old ADSL router as the modem... the DD-WRT router will deal with the connection, as in, the connection settings will go into the router rather than the modem.

  7. 2 Thanks to OllieC:

    djones (3rd June 2010), kmount (3rd June 2010)

  8. #6

    Join Date
    Oct 2007
    Location
    Cambridgeshire, UK
    Posts
    306
    Thank Post
    58
    Thanked 23 Times in 20 Posts
    Rep Power
    18
    OK, changing the plan slightly... The areas that guests and owners will need to pick up a WiFi signal are physically separate so I will probably need to put in a separate AP for guest access. How would this change opinions? Are there any modem/routers that are able to firewall off specific LAN ports?

    Quote Originally Posted by kmount View Post
    ... if you need gigabit (why if there's only 1 hard wired PC?) ...
    One desktop PC but potentially network attached CCTV (in some guise) in the near-ish future. However, this will probably end up needing a separate switch anyway!
    Last edited by djones; 3rd June 2010 at 06:17 PM.

  9. #7

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,850
    Thank Post
    110
    Thanked 598 Times in 514 Posts
    Blog Entries
    1
    Rep Power
    227
    Anything running DD-WRT understands what VLANs are. Just do it that way.

  10. Thanks to Geoff from:

    djones (4th June 2010)

  11. #8
    OllieC's Avatar
    Join Date
    Jun 2009
    Location
    Derby/Birmingham
    Posts
    187
    Thank Post
    17
    Thanked 16 Times in 10 Posts
    Rep Power
    14
    Quote Originally Posted by Geoff View Post
    Anything running DD-WRT understands what VLANs are. Just do it that way.
    I was going to mention DD-WRT again but didn't want to sound like I was going on about it, haha. DD-WRT is the ultimate geek home networking toy. I'd hate to not have it.

  12. Thanks to OllieC from:

    djones (4th June 2010)

  13. #9

    Join Date
    Oct 2007
    Location
    Cambridgeshire, UK
    Posts
    306
    Thank Post
    58
    Thanked 23 Times in 20 Posts
    Rep Power
    18
    Ok, Ok - you've sold me on Linksys and DD-WRT! How about this then:
    ADSL -> old Netgear DG834G router (with WiFi disabled) -> WRT320N with DD-WRT (in main house for owners WiFi and wired devices) -> WAP610N (or other similar/suitable AP in holiday let for guest access). Guest access on different SSID and using DD-WRT to route, on separate VLAN, directly to the internet bypassing owner's LAN.

    How does that sound? Just another thought - if any IP cameras were plugged diretly into the LAN ports of the DG834, would they be viewable internally on the owner's LAN?

    Thanks for sticking with me on this one!

  14. #10

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,850
    Thank Post
    110
    Thanked 598 Times in 514 Posts
    Blog Entries
    1
    Rep Power
    227
    Your above plan looks sound. As for the IP Cameras, put them on a separate VLAN and IP range and use the DG834G to setup a static route between that VLAN/IP range and the Owners VLAN/IP Range. Keeps everything neat.

  15. Thanks to Geoff from:

    djones (8th June 2010)

  16. #11
    pwds's Avatar
    Join Date
    Dec 2008
    Location
    Derby
    Posts
    279
    Thank Post
    73
    Thanked 48 Times in 38 Posts
    Rep Power
    21
    I just bought a Netgear DGN3300 router with 802.11N and it does prevent traffic from the "guest" networks (you can have two- one b/g and one n) from pinging or connecting to traffic on the wired or wireless restricted networks.

    There are different DHCP servers for each SSID but I haven't actually tested if traffic is VLANed by the router or if it's the VLAN on the ProSafe switch that sits behind it that keeps them from accessing my wired equipment.

    I'll test changing the subnets on a guest and trusted wireless laptop this evening and see if I can ping or connect in either direction to see if this is VLAN security or just using different subnets.

    As far as I can tell though, the guest network heads straight out to the internet with no LAN access.

  17. Thanks to pwds from:

    djones (8th June 2010)

  18. #12

    Join Date
    Oct 2007
    Location
    Cambridgeshire, UK
    Posts
    306
    Thank Post
    58
    Thanked 23 Times in 20 Posts
    Rep Power
    18
    @pwds: Did you discover anything definitive?

  19. #13

    Join Date
    Oct 2007
    Location
    Cambridgeshire, UK
    Posts
    306
    Thank Post
    58
    Thanked 23 Times in 20 Posts
    Rep Power
    18
    Quote Originally Posted by Geoff View Post
    Your above plan looks sound. As for the IP Cameras, put them on a separate VLAN and IP range and use the DG834G to setup a static route between that VLAN/IP range and the Owners VLAN/IP Range. Keeps everything neat.
    I have setup DD-WRT on the WRT320N connected to the dg834g (in modem only mode). DD-WRT successfully passes on the login details and the DG834G connects. However, as PPPoE (which is what I have setup to pass login details) has a maximum MTU of 1492 and XP/7 use a default of 1500, I have run into issues whilst browsing some sites (usually larger domains or those using https). It had me stumped for ages! As soon as I changed the MTU in XP/7 everything worked smoothly.

    I have the guest WiFi setup correctly and clients connected to that on their own dedicated VLAN etc, etc. as intended however, they will also need to have the MTU settings changed which is not an acceptable solution in this case. Therefore, is there another way of connecting the DG834G and DD-WRT that will enable me to have the DG834G connect on its own and then route everything to DD-WRT (thus avoiding the need to alter MTU values) which will then do the necessary in terms of VLANs, DHCP, etc for the connected LAN clients?
    Last edited by djones; 27th October 2010 at 11:20 AM.

  20. #14

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,850
    Thank Post
    110
    Thanked 598 Times in 514 Posts
    Blog Entries
    1
    Rep Power
    227
    Use DHCP option 26 to inform your clients of the non-default MTU required to use your network.

  21. 2 Thanks to Geoff:

    djones (28th October 2010), SYNACK (28th October 2010)

  22. #15

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    9,994
    Thank Post
    3,539
    Thanked 1,110 Times in 1,016 Posts
    Rep Power
    374
    Will get shot down in flames no doubt for this but what about the apple airport extreme base station

    Apple - AirPort Extreme - Features - 802.11n Wi-Fi

    Not sure how it does the wireless with ref to using a VLAN or what exactly but you enable the guest account and it seperates your main wifi network from the guest one.



SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. E-portal on a separate server?
    By nicholab in forum MIS Systems
    Replies: 7
    Last Post: 27th January 2010, 06:03 PM
  2. Separate Site
    By linkazoid in forum How do you do....it?
    Replies: 7
    Last Post: 25th August 2009, 01:12 PM
  3. Separate the wireless network
    By ranj in forum Wireless Networks
    Replies: 0
    Last Post: 9th January 2009, 05:18 PM
  4. Having separate Domains and Subnets
    By gollops in forum Wireless Networks
    Replies: 16
    Last Post: 28th November 2008, 11:13 PM
  5. 3 separate Printer problems..
    By Little-Miss in forum Hardware
    Replies: 1
    Last Post: 3rd October 2008, 07:19 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •