Three separate networks on one router

Started by Skyzoomer, January 19, 2017, 03:44:02 AM

Previous topic - Next topic

Skyzoomer

A friend asked me setup a network for his large 2 story home.  My proposed setup follows:



The family wants 3 separate networks where each cannot see the other networks. 

I already have the daughter's wireless as a guest network.  Will this isolate her from the others where she cannot see what the other networks are doing and vice versa?  She does get strong wireless signals from 2.4 and 5 GHz and works well with either.

Since the 2.4 wireless will not work reliably to the son's bedroom, I installed powerline adapters and a N300 router set up as an access point.  (LAN port of R7000 to LAN port of N300, turned off DHCP)  It works well this way.  But I'm thinking that will not isolate him from the networks on the primary R7000 router.  So I believe that if I connect his N300 router from the LAN port of the R7000 to  the "WAN" port of the N300 (as shown in the picture), and use the N300 as a regular router (DHCP on), that will put him on a separate network from the R7000 networks.  He won't be able to see what the others are doing and vice versa.  Is this correct?

dlots

If you care the A/C power line adapters are 1/2 duplex, so you will some some speed issues there.
You'll need 3 diffrent SSIDs one for each with different passwords to get in.  For wired you'll need 3 different vlans.

deanwebb

Moved to "Home and Small Office Networking"

You have three networks there... the question is, how is the router set up? If it allows routing between the networks, then they are not secured as you seem to desire.

And, yes, speed is an issue for whoever is sharing a line with the son, especially if he has a Steam account. :matrix:

Is it possible to use a wireless range extender? It is placed where it has a moderately strong signal from the base point, but offers an SSID that feeds into that base point's SSID at extended range.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

Skyzoomer

Quote from: dlots on January 19, 2017, 10:20:16 AM
If you care the A/C power line adapters are 1/2 duplex, so you will some some speed issues there.
So far, the son feels the speed is fast enough for what he does.  Not a gamer type.

QuoteYou'll need 3 diffrent SSIDs one for each with different passwords to get in.
Yes, there are different SSIDs for everyone with unique passwords for each.

QuoteFor wired you'll need 3 different vlans.
Just using what is shown in the image that I posted.

Thanks.

Skyzoomer

Quote from: deanwebb on January 19, 2017, 10:26:58 AM
Moved to "Home and Small Office Networking"

You have three networks there... the question is, how is the router set up? If it allows routing between the networks, then they are not secured as you seem to desire.
The primary router has its normal wireless for use of the parents with their own SSID and password.  I set up a guest wireless for the daughter on both 2.4 and 5 ghz with different SSIDs and passwords.  I'm thinking that will provide the security that they want as long as they don't know each other's passwords.

I'll discuss the son's setup below.

QuoteAnd, yes, speed is an issue for whoever is sharing a line with the son, especially if he has a Steam account. :matrix:
The son has a desktop and a laptop.  He's the only one using the N300 router.

QuoteIs it possible to use a wireless range extender? It is placed where it has a moderately strong signal from the base point, but offers an SSID that feeds into that base point's SSID at extended range.
Actually, I had setup a wireless range extender for the son as my first try.  It was working OK but the range extender died.

The family already had the N300 router, the wireless range extender, and the pair of powerline adapters when they were trying to get reliable service to everyone.  it wasn't working right so they asked me to help them.  The N300 was in the parent's home office in a back room downstairs.

I bought the Nighthawk R7000 router and relocated the cable modem to the downstairs kitchen and mounted the R7000 on a wall.  That brought it close to the daughter's upstairs bedroom so the R7000 serviced the parents and the daughter via wireless nicely with strong signals for both.

I used the wireless range extender that they already had to service the son in the far upstairs bedroom.  The range extender died a week ago so I used their existing powerline adapters and N300 to service the son.

My question is if I connect the son's N300 router as a LAN to WAN connection with DHCP enabled, will that provide the security between him and everyone else that he wants?  I think so but need confirmation from you guys.  I believe that setting up the N300 router as an access point (the way it is now) will not provide the security.  Please confirm.

Thanks!

Dieselboy

Quote from: dlots on January 19, 2017, 10:20:16 AM
If you care the A/C power line adapters are 1/2 duplex, so you will some some speed issues there.
You'll need 3 diffrent SSIDs one for each with different passwords to get in.  For wired you'll need 3 different vlans.

I've seen gigabit powerline, is that still half duplex?

dlots

I have never seen one that's not 1/2 duplex, I haven't looked at them for years though so I could be wrong now.

deanwebb

Probably as a LAN to WAN is the best way to go, as an AP is a headless device, so you're correct with that.

I'm not familiar with the N300 itself, but my guess is that you are right in assuming the LAN to WAN mode is going to be your best chance of getting security where networks can be kept isolated from each other. There should be options to toggle for those settings. I know I had the same options on several home routers that I've used in the past.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

Skyzoomer

Quote from: deanwebb on January 20, 2017, 09:37:26 AM
Probably as a LAN to WAN is the best way to go, as an AP is a headless device, so you're correct with that.

I'm not familiar with the N300 itself, but my guess is that you are right in assuming the LAN to WAN mode is going to be your best chance of getting security where networks can be kept isolated from each other. There should be options to toggle for those settings. I know I had the same options on several home routers that I've used in the past.
deanwebb,

Thank you for your confirmations.  I'm going to change the son's N300 router from the current LAN to LAN connection to a LAN to WAN connection.

If anyone sees a flaw in the configuration picture that I posted that will compromise security between the parents, son and daughter, please let me know.

Thanks all,
skyzoomer