1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

I want to connect 2 Wi-Fi routers to create 2 separate networks

By NeilM ยท 17 replies
Aug 27, 2010
Post New Reply
  1. I have a Linksys WR54GS router as my main router attached to the internet. I run a Bed & Breakfast and I give my guests free access to the internet via WiFi. My problem is, I also use that network for my business and personal computers and I am afraid that a tech savvy guest could hack into my files. I thought that if I connect a second WiFi router, I could set up a second network which my guests could use to access the web thru my main router.

    Does anyone have a clue if this is possible?
     
  2. raybay

    raybay TS Evangelist Posts: 7,241   +10

    It mostly depends on the company that is your internet provider... With their sayso, you can do it easily... just be sure the channels are widely different, and that you can control them through your client setups so the customer understands what and where.
     
  3. jobeard

    jobeard TS Ambassador Posts: 9,939   +738

    protected subnets

    yes it's possible ...

    Basically the subnet router#1 for shared usage is attached to the modem and the protected subnet router#2 attaches to router#1

    Each router has one default route and no static routes which then forces all outbound traffic on router#1
    to the modem and away from router#2. Without a route, subnet#1 can not access subnet#2


    Code:
    modem====(wan)router[B]#1[/B](lan#1)-----(wan)router[B]#2[/B](lan ports) - - - private systems
                |       192.168.1.1                192.168.2.1
                V
               shared access systems
    
    You can use WiFi on either or both routers; just set different SSID, Channels, and encryption codes

    When setting the config's (both of them), be sure to set a new password which will disallow Internet access to the settings!

    Get router#1 running first and test Internet access, then move on to router#2

    *Caution* Always change router configurations using ONLY a wired connection!

    On router #1
    • set the router address specifically to 192.168.1.1
      which serves as a note as to which router you're connected to
    • set the DHCP range to 2-10
    • save the settings
    • now setup any wifi changes as applicable
    • and change the admin password
    • when you save this time, the router will restart and you WILL loose the connection

    On router #2
    • set the router address specifically to 192.168.2.1
    • set the DHCP range again to 2-10
    • set the WAN side address to 192.168.1.100 (notice it's above router#1 item (b)
    • set the MASK to 255.255.255.0
    • set the gateway to 192.168.1.100
    • set the DNS to 192.168.1.100
    • save the settings (which likely will drop your connection due to the router address change)
      just reconnect and continue
    • setup the WiFi settings
    • change the admin password and save again

    Test router#2 connections with the browser. Good results prove you're getting proper routing through router#1 AND that any DNS requests are being resolve.

    Now test isolation; connect one system to both routers
    from a system connected to router#2
    ping 192.168.2.1 (must succeed)
    ping 192.168.1.1 (should succeed)
    ping 192.168.1.2 (should fail)​
    from a system connected to router#1
    ping 192.168.1.1 (must succeed)
    ping 192.168.1.2 (should succeed)
    ping 192.168.2.1 (should fail)
    ping 192.168.2.2 (should fail)​
    We can enhance the protection on all systems attached to router#2 with firewall rules, but let's deal with that latter...
     
  4. SynthMan

    SynthMan TS Rookie


    Hey Jobeard,

    I joined this site just to be able to ask you a few questions to this post of yours. I printed it out and went to Bestbuy computer geeks today to collaborate regarding this post, but I still have a couple questions.

    Like the guy who originally wrote about his Bed & Breakfast, I simply want to put my WiFi cameras onto the general shared router, and add a 2nd router to keep my own banking affairs private from the Chinese company (YI Technology) that provides the WiFi cameras which required my giving up the SSID and PW to my main router in order for me to be able to access the cameras on my smart phone. I've order an identical 2nd router (Asus rt-n66u) that I will receive in a couple days.

    I follow most of the logic in your post, but can you answer these?:

    1) Regarding router #2, you wrote: set the router address specifically to 192.168.2.1. Does this mean I am setting a static IP for this 2nd router, and I do so under the LAN tab?

    2) Regarding the WAN, Gateway, and DNS of router #2, why is the last number "100" rather than just the single digit "1"?

    3) When pinging, what is the difference between "must succeed" and "should succeed"?

    4) On my system today (only 1 router presently), I pinged 192.168.1.1 and it succeeded, I believe, by this result:
    Packets: Sent = 4, Received = 4, Lost = 0.

    But when I pinged 192.168.1.2, I obtained:

    Reply from 192.168.1.146: Destination host unreachable. (4 times), and
    Packets: Sent = 4, Received = 4, Lost = 0.

    So in this 2nd situation, no packets were lost, but it said Destination host unreachable.

    What's the meaning of that?

    Lastly, when I pinged 192.168.2.1, it failed as expected by the following response:

    Request timed out.

    Am I interpreting this 3rd ping correctly?
     
  5. jobeard

    jobeard TS Ambassador Posts: 9,939   +738

    Not quite. It's the general router setup, same page where you set Provide DHCP service
    this is the Static address on #2 where #1 will ALWAYS find router number 2. Notice lanslot on #1 -> WAN slot on #2; this makes router#2 visible to #1
    I never worry on this, take the default
    it means everything on #2 is hidden from #1; aka a private subnet which can send out, but not receive unsolicited inputs from #1 and therefore not the internet either.

    If you don't want router#2 to be private, the we need a Persistent Route to be added to router#1 to see all of router#2's devices
     
  6. SynthMan

    SynthMan TS Rookie

    It seems to me you did not answer my question #2. I'm specifically asking why the number 100 is used rather than 1.

    If the 2nd router's WAN, Gateway, and DNS ended in 1 (rather than 100), then both routers would have identical addresses and be able to communicate.

    But you have the last numbers on the WAN, Gateway, and DNS as 100 (99 greater than 1).

    That's what I do not understand. Why 100?


    Also, I just got told by a person I was discussing this with that I need to call my ISP and see if they allow a 2nd router to be connected. Does this sound like something that a cable internet company would prevent?
     
  7. jobeard

    jobeard TS Ambassador Posts: 9,939   +738

    They can't tell it exists
    yes it did answer.
    Inside router#1, x.100 is just a device on the same subnet as router number 1. From inside router#2, the gateway address x.x.2.1 connects to the x.100 on the other router. Chose 100 to be sure it didn't conflict with any DHCP assignments starting from 2--up
     
  8. SynthMan

    SynthMan TS Rookie


    Forgive me, I'm really an amateur with routers. Just to be clear, the address 192.168.1.100 is not codified anywhere inside router #1, right? It's just that router #1 will be able to see that specific device address in router #2 due to the way these things work given the respective codes you wrote initially. Yes? 192.168.1.1 is not equal to 192.168.1.100, but the router #1 will be able to see 192.168.1.100. Right? lol

    Thanks so much for all your time. I'm getting excited about setting this up tomorrow evening after the 2nd router arrives. :)
     
    Last edited: Dec 28, 2016
  9. jobeard

    jobeard TS Ambassador Posts: 9,939   +738

    Correct. There are other choices, but start here and we'll deal with your needs as we go.
     
  10. SynthMan

    SynthMan TS Rookie

    Working! Thanks Jobeard.

    I left the automatic DHCP numbers as router #2 selected which were from 2 to 254, rather than 2 to 10. It seems to be working fine with those numbers.

    And the 2nd router objected to my setting the WAN IP to be 192.168.1.100, but I chose an option to ignore that display page, and forced an accept. When I did all the pinging on both machines, I got the results you said they should be.

    So both routers and their WiFi's are working and the 2nd is now hidden from the 1st. I've now reconnected & reassigned (everything with all new passwords) the WiFi cameras I bought for router #1 and they are working just fine, too.

    Thanks again.
     
    Last edited: Dec 29, 2016
  11. jobeard

    jobeard TS Ambassador Posts: 9,939   +738

    You should be able to ping router#2 but NOTHING attached to it - - that's what makes it PRIVATE.

    If in router #1 you access Attached Devices, you can use the MAC of router#2 to create an Address Reservation for the x.100 address. WHY? you may which to Port Forward from the Internet->Router#1->router#2->something attached there
     
  12. SynthMan

    SynthMan TS Rookie

    Couple follow-up questions:

    1) IF we wanted to, could we have chosen any type of number for the 3rd set, so rather than "2" we might have used a "3", I.e. 192.168.3.1, or even 192.168.250.1? In fact, could we just make up a number for the whole thing? Does it have to start with 192 for the IP of the 2nd router?

    2) It was suggested to me to turn off the radio broadcast for greater security, and when I did that the router did become hidden but the devices that were hooked up via WiFI stopped working. I experimented with reconnecting them to the "hidden" network, but they still did not function. Message "Out of range" was displayed.

    Is it possible to turn off the radio but still maintain connection with devices that use that WiFi? Seems like a silly feature if by turning off the radio nothing works any longer.
     
  13. jobeard

    jobeard TS Ambassador Posts: 9,939   +738

    Yes, you can have several down stream routers attached to router#1 as long as there are slots for the connection.
    All LAN addresses must be within one of these:

    • 192.168.0.1 - 192.168.255.255
    • 172.16.0.1 - 172.31.255.255
    • 10.0.0.1 - 10.255.255.255
    hmm; THAT SHOULD HAVE WORKED - - suggesting you need to update the router firmware.
    1) Make sure you are disabling BROADCASTING and not disabling wifi altogether.
    2) Personally, I let it broadcast so I don't have to manually reconnect all devices every time. Just be sure to use a good passphrase as your wifi key and DO NOT use WEP.
     
  14. SynthMan

    SynthMan TS Rookie

    Thanks for all the info and help. :)
     
  15. SynthMan

    SynthMan TS Rookie

    Jobeard,

    I was mistaken. Things were not setup the way you told me. When I reexamined router #2 tonight, the WAN IP information reverted back to "Automatic IP".

    In order to set the WAN IP with the values you suggested, from the dropdown box I selected "Static IP", which then produced the following fields (and I typed the values you had told me):
    IP address: 192.168.1.100
    Subnet Mask: 255.255.255.0
    Default Gateway: 192.168.1.100
    and
    DNS Server1: 192.168.1.100
    DNS Server2: (left blank)

    Those fields disappear when "Automatic IP" is selected from the dropdown box for WAN.

    The router would not allow the Gateway to have the same value as the WAN IP address (the error message stated that), so it kept reverting back to Automatic IP.

    When I incremented the Default Gateway by 1 to 192.168.1.101, well then the router would allow me to save my settings, but then I lost internet access. I put it back to "Automatic IP" for the WAN, and regained internet access.

    When I pinged the system yesterday, it was using the Automatic IP on router #2 (for the WAN), and getting the results we were looking for.

    The LAN IP remains 192.168.2.1

    So what's going on now using WAN Automatic IP on the 2nd router?
     
    Last edited: Dec 31, 2016
  16. SynthMan

    SynthMan TS Rookie

  17. jobeard

    jobeard TS Ambassador Posts: 9,939   +738

    Use whatever pleases you.
    The RIGHT way to connect #1->#2 is
    1) find the MAC address of the #2 WAN
    2) in #1, use address reservation on that MAC to set 192.168.1.100
    3) remove any manual settings in #2
    4) set the #2 router address to 192.168.2.1
     
  18. jobeard

    jobeard TS Ambassador Posts: 9,939   +738

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...