Adding a router downstream of another router

[Parasitic]

Would love some help or suggestion on my network setup if possible:

Right now we have a 802.11n router routing a cable connection in the house, however because of incompatibility with a couple of devices we have, my housemate decided to leave the network unsecured, and for obvious reasons I'm not in support of that.

I have a spare Apple airport express sitting around, and it's 802.11b/g. I was thinking about linking this downstream of the upstream router, and setting up a separate WLAN with WPA encryption. Would this work? In theory, if I were to connect to this WPA-protected router, my security should be slightly improved, and since the transmission between my wireless devices to the WPA-protected router is, well, protected, there should be a lot less risks of data snooping, right, since the traffic would be uplinked to the 802.11n router then outwards?

I know it sounds silly, but would it work? Are there better suggestions than this?

 

[Pantlegz]

I don't think this would help you, while I don't have any experience with it directly there are a few reasons I would think it wouldn't work.

First your 'routers' are switches for the most part and plugging in another router into the switch would still make the packets sniffable(?) because frames go everywhere. This includes wireless. *edit* this would really depend on the routers you're using and how their WAN interface is setup. some might actually not forward the data if the ip isn't in the routing tables but I know some that are more passive that basically let anything in. This really doesn't change the suggestion but just wanted to clarify my thoughts.

Second all the wpa does is secure the wireless data between the AP and whatever device you're using so there would be no encryption from the airport express to the 802.11n router or beyond

Basically if you have one unsecure AP on your network and you're worried about someone getting in, you've given them access.

Do these incompatible devices work on the airport when it's secured? If so, have them connect to that and secure the 802.11n router.

 

[jlazzaro]

http://www.ezlan.net/shield.html

 

[Pantlegz]

Originally posted by: jlazzaro
http://www.ezlan.net/shield.html

what? did you read the question or the article?

"Buy a second Cable/DSL Router. You can find a Wired Router or an old 802.11b Wireless Router for less than $20. If the second Router is a Wireless Router disable the Wireless part of it (if it can not be disable the wireless through the menus, take off the Antennae)."

is not what I got out of his question, they want both the wireless n router and the airport to BOTH be wireless but for some reason the wireless n with wpa has issues with some of their devices.'


from reading the article it seems like it's setting up wireless and wired networks separately so it's harder to get into the more secure wired connection. if both routers have the wireless turned on one secure and one not it's not doing anything really.

 

[Parasitic]

Originally posted by: Pantlegz1Second all the wpa does is secure the wireless data between the AP and whatever device you're using so there would be no encryption from the airport express to the 802.11n router or beyond

Basically if you have one unsecure AP on your network and you're worried about someone getting in, you've given them access.

Do these incompatible devices work on the airport when it's secured? If so, have them connect to that and secure the 802.11n router.

I'm thinking about running a direct Ethernet connection from the Airport Express to the base 802.11n router, so that part would be secure, wouldn't it? It does make more sense to run a unsecured router downstream of the secured one, but the incompatible devices are 802.11n and wouldn't that simply cripple them?

Right now I'm just securing my own connections via a VPN...I'm guessing that's probably more secure than having my connection with WPA to a router. It's just getting annoying to have to turn it off when I want to use wireless on my iPhone because I can't simultaneously connect to the VPN on two different devices.

 

[JackMDS]

I think that your upstream down steam is just adding confusion since I am not sure that network wise you know what you are referring to.

You can plug the Airport with a wire to a regular port on the current Router, configure it as an Access Point with WPA security, and use it for your systems.

Here is the Principle, http://www.ezlan.net/router_AP.html

Though you are using WPA with second Router you are still vulnerable, your system shares if not protected by passwords can be invaded through the unsecure segment of your housemate.

The other solution as mentioned by jlazzaro is a very good one too if you want to totally isolate your system from the unsecured housemate.

It is not a division to Wire and wireless, you can put a secure wireless in the second Network as well.

P.S. People tend to forget that Web pages are not written specifically for them.

Imagination and flexible thinking is needed at times to adjust given solutions to fit One's needs.

 

[Pantlegz]

But the packets could still be sniffed, right? since the ports on the router are switch ports if you're able to connect to the wireless n router and the secured airport in connected to it and all the traffic is going through it.

I guess the other way might be more secure(secured airport as the outside router), but if you're honestly worried about someone snooping leaving part of the network opened up is a huge security risk imo.

 

[JackMDS]

If the traffic from the the Airport to the Wireless N is through a wire, a Wireless client on the N can sniff the Wireless traffic to the none secure N, it can not sniff the wired traffic.

 

[Jeff7181]

Originally posted by: Pantlegz1
But the packets could still be sniffed, right? since the ports on the router are switch ports if you're able to connect to the wireless n router and the secured airport in connected to it and all the traffic is going through it.

I guess the other way might be more secure(secured airport as the outside router), but if you're honestly worried about someone snooping leaving part of the network opened up is a huge security risk imo.

You're thinking in terms of the way a hub works. A switch does NOT send all traffic on all ports, nor is the traffic "visible" on any ports besides the sender and receiver.