Question how to have 2 separate networks but 1 ISP?

luv2liv

Diamond Member
Dec 27, 2001
3,491
92
91
i will have an international student living with us soon and i dont want him and his devices on the same network as my devices. who knows if he will accidentally, or intentionally, my up my devices and their settings.
we currently have Verizon modem and that feeds internet into my Netgear Nighthawk for the whole house. is Guest Network good enough? would his devices see each other on the Guest network or he can do whatever networking as needed on his side?
 

ch33zw1z

Lifer
Nov 4, 2004
37,734
18,004
146
AFAIK, Netgear Guest networks are isolated from the main networks. You can easily verify by joining the Guest network, and trying to get to devices on the main networks.

I would say thats enough if wireless is all he needs.

If there's LAN connections involved, the SOHO Guest network may not be enough, as last I looked it couldn't be applied to wired devices.
 

sdifox

No Lifer
Sep 30, 2005
94,686
14,935
126
Lol you trust him enough to let him live in your house but not access your network? Guest mode should be good enough.
 

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,100
126
Assuming you don't want guests to see each other and there is only one guest network, make sure guest isolation feature is on.

If the student owns multiple devices/machines and need to share files among them or see each other, ask him to buy a travel router and create his own network (using WISP mode).
 
Last edited:
  • Like
Reactions: VirtualLarry

aigomorla

CPU, Cases&Cooling Mod PC Gaming Mod Elite Member
Super Moderator
Sep 28, 2005
20,839
3,174
126
You can just add a secondary router under your primary, just make sure your IP Address subnet and DHCP subnet its hosting are different from primary.
Of course doing this will cause NAT issues, but i don't think he will need it if all your homestay guy is looking for is basic internet.

The two networks would be isolated, and you can not access the other while on the other, unless you have a PC with 2 network cards both plugged in and bridged. (But this would also cause issues and will probably cause a lot of frowns on network people here.)
 

Fallen Kell

Diamond Member
Oct 9, 1999
6,009
417
126
The two networks would not be isolated with putting a second router under your existing one. The second router would have full access to the top level router without creating a separate VLAN and/or custom firewall rules. And the top level router can use techniques to probe through the NAT/firewall of the secondary router to see access the devices there as well (not as easily as the devices from within that second router seeing the ones at the top level router, but still doable).

I'm not saying this can't be done, you just have to do it correctly with customized firewall rules and/or a separate VLAN. For instance you would first want a rule to block ssh/telnet/http/https from that second router from accessing your first router's IP address to prevent it from being able to access and change your network configuration. You would also want a rule to prevent anything from that second router from accessing your anything on your internal network (except for your main router's IP address, since it needs that for DHCP, DNS, and routing to the internet).
 
Last edited:
  • Like
Reactions: mxnerd

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,100
126
If your Netgear Nighthawk is not able to create a wifi network in an IP range different from existing one, then as what @Fallen Kell has said, the two network would not be isolated.

FreshTomato firmware supports some Netgear routers, see if your Nighthawk is on the list.
https://wiki.freshtomato.org/doku.php/hardware_compatibility

 
Last edited:

Red Squirrel

No Lifer
May 24, 2003
67,201
12,029
126
www.anyf.ca
Vlans would be the way to do it. Look into pfsense and a managed switch. You can get something like a Cisco 24 port on Ebay for fairly cheap. You can also use something like Unifi if you want wireless and setup more than one SSID and assign a vlan to each one.
 
  • Like
Reactions: ch33zw1z

ch33zw1z

Lifer
Nov 4, 2004
37,734
18,004
146
Vlans would be the way to do it. Look into pfsense and a managed switch. You can get something like a Cisco 24 port on Ebay for fairly cheap. You can also use something like Unifi if you want wireless and setup more than one SSID and assign a vlan to each one.
I agree, just *feels* a bit outta reach for this guy
 

ch33zw1z

Lifer
Nov 4, 2004
37,734
18,004
146
you know me well! but im willing to learn. seems there's no baby steps guide on YT on how.... if you do have a link, i would be grateful!

tons of info about vlan's and isolation of network traffic. The biggest hurdle is the initial investment, but you can find some gear to help get it done.

I used a Ubiquiti ER-X (about $50) and a single Ubiquiti AP (model UAP-AC-LR, and still have it) for a good few years. Ran 4 vlan's, two completely isolated for IoT devices and one for Guest. Anyways, just some intro stuff.