# 2 routers, one network ... help?



## copenhagen69 (May 7, 2012)

I have a hardwired router in the house for security reasons (paranoid ). I am wanting to add a wireless router and have my current network undetectable. The wireless will just be used to email and search the web when not in my office. 

How would I go about this? add the new wireless router to DMZ on my current router or what? Looking for the best way to do this ... I looked online but could not find anything really good on this so I am coming to you 

looking at this router too ... ASUS RT-N10+ IEEE Wireless Router EZ N 802.11b/g/n... something nice and cheap ..


Thanks


----------



## Easy Rhino (May 7, 2012)

networking gurus should be a lot more helpful but you should only have to hardlink your current router to the new router using "bridged" mode. that is at least how i have all of mine setup.


----------



## brandonwh64 (May 7, 2012)

IMO I would have one wireless router (With 4 wired ports on the back) make sure you get one that is DDWRT ready and flash. I would then setup up strict firewall rules for TCP/UDP connections to circumvent any types of attacks. Two routers on one network is not needed and will cause issues in some circumstances.


----------



## Easy Rhino (May 7, 2012)

brandonwh64 said:


> IMO I would have one wireless router (With 4 wired ports on the back) make sure you get one that is DDWRT ready and flash. I would then setup up strict firewall rules for TCP/UDP connections to circumvent any types of attacks. Two routers on one network is not needed and will cause issues in some circumstances.



depends. i have 3 routers mainly so that i can have wired network access all over the house. one router has wireless g only, the other has wireless n only, and the third has wireless mode completely turned off. they are linked together in bridged mode so that the main router can assign each networked device an IP in the same subnet. that makes it easier to do things like network sharing.


----------



## copenhagen69 (May 7, 2012)

hmmm how hard are both those? This is one thing I know nothing about 

I just want my hardwired network safe and not able to be found by the wireless network. only want to find the internet with the wireless...


----------



## Easy Rhino (May 7, 2012)

copenhagen69 said:


> hmmm how hard are both those? This is one thing I know nothing about
> 
> I just want my hardwired network safe and not able to be found by the wireless network. only want to find the internet with the wireless...



this is confusing to me. if you are worried about network security then do not run wireless.


----------



## Frick (May 7, 2012)

So you basicly want two seperate networks?


----------



## copenhagen69 (May 7, 2012)

Easy Rhino said:


> this is confusing to me. if you are worried about network security then do not run wireless.



well, that is why I have the hardwired network ... 

the wireless I want for my laptop and a tablet if I ever get them ...


----------



## copenhagen69 (May 7, 2012)

Frick said:


> So you basicly want two seperate networks?



yes .. i think?


----------



## Easy Rhino (May 7, 2012)

i am going to let the networking guys handle this because i think you are approaching this from the wrong angle.


----------



## CJCerny (May 7, 2012)

Just buy a WAP, not a router with wireless. Don't know what router you have now, but you might need something with a beefier feature set if you want to strictly limit (and segment) your wired and wireless. We do this all the time with the systems we set up for our customers, but it is a $250 business class router, not a $40 cheapie.


----------



## ChristTheGreat (May 7, 2012)

copenhagen69 said:


> I have a hardwired router in the house for security reasons (paranoid ). I am wanting to add a wireless router and have my current network undetectable. The wireless will just be used to email and search the web when not in my office.
> 
> How would I go about this? add the new wireless router to DMZ on my current router or what? Looking for the best way to do this ... I looked online but could not find anything really good on this so I am coming to you
> 
> ...



What I am doing, I have my wired router as main, and I plug into one of the 4 LAN port, the wireless router (Like port 4) and I plug into port 1 to 4, disable DHCP on the wireless router, as you want the main router to assign the DHCP.

Example:

Main Router: IP 192.168.0.1
DHCP: 100 to 199
WAN plugged to Modem
LAN 1: Computer
LAN 2: Off
LAN 3: Off
LAN 4: Wireless router

Wireless Router: IP 192.168.0.2
DNS: 192.168.0.1
Gateway: 192.168.0.1
DHCP: Off
WAN: off
LAN 1: cable from main router

You can also plug computer into the wireless router with RJ45 cable (if you need more port, instead an Access point will do the job)

This is how normally I do, simple. After your wireless router, you just hide the network, and that's it..

By the way, you can also assign MAC address to wireless connection, so only your hardware will be able to connection (MAC filter coneection if I'm right).


----------



## brandonwh64 (May 7, 2012)

Easy Rhino said:


> depends. i have 3 routers mainly so that i can have wired network access all over the house. one router has wireless g only, the other has wireless n only, and the third has wireless mode completely turned off. they are linked together in bridged mode so that the main router can assign each networked device an IP in the same subnet. that makes it easier to do things like network sharing.



In this situation a dual band G/N router connected to a 24 port unmanaged switch would be a great alternative but if that setup you have is running well then might just leave it


----------



## TheMailMan78 (May 7, 2012)

Well how hard is it to crack WPA2 Personal? I have never had any issues.


----------



## Easy Rhino (May 7, 2012)

brandonwh64 said:


> In this situation a dual band G/N router connected to a 24 port unmanaged switch would be a great alternative but if that setup you have is running well then might just leave it



oh i agree, but those cost money. the three routers i have were cheapo and do just fine.


----------



## copenhagen69 (May 7, 2012)

TheMailMan78 said:


> Well how hard is it to crack WPA2 Personal? I have never had any issues.



no idea ... I just work out of the home and that is one less thing I want to worry about ...


----------



## TheMailMan78 (May 7, 2012)

copenhagen69 said:


> no idea ... I just work out of the home and that is one less thing I want to worry about ...



I work also from home. Now you got me curious. That's why I'm asking. Most companies I worked for in the past never used anything more the WPA2 Personal. Of course I live in a rual area.


----------



## brandonwh64 (May 7, 2012)

Call your ISP company and they could probably issue your account an extra IP address so you could use an 4 port unmanaged switch right at the cable modem then run one router off one IP for wireless and another for your business. I know my cable company allows it (its 5$ extra)


----------



## Completely Bonkers (May 7, 2012)

Q1. Do you want the "wireless network" to be able to access your LAN (desktop and printers and NAS etc), or do you want it completely independent so that "a friend" or "business colleague" who visits can be given internet access but NOT have access to your LAN

Q2. Do you need to use the LAN ports on your wireless router or not? (The reason I ask is that there is more than one solution to the setup, and you _could_ use the WAN port of your wireless router depending on your setup requirements

Q3. Do you have a preference WHICH router comes first... ie the wireless or the hardwired? Which  one in your opinion has the better firewall/security/port managing features?


----------



## digibucc (May 7, 2012)

well just set your 2nd, wireless router to gateway mode and not router mode. plug your existing router into the WAN port of your wireless router, then it will look at your router as a wan connection and not try to read it, access shares, etc.


----------



## copenhagen69 (May 7, 2012)

Completely Bonkers said:


> Q1. Do you want the "wireless network" to be able to access your LAN (desktop and printers and NAS etc), or do you want it completely independent so that "a friend" or "business colleague" who visits can be given internet access but NOT have access to your LAN


nope. I do not want it accessing my LAN. completely independent ...



Completely Bonkers said:


> Q2. Do you need to use the LAN ports on your wireless router or not? (The reason I ask is that there is more than one solution to the setup, and you _could_ use the WAN port of your wireless router depending on your setup requirements


nope, no LAN ports will be used. just connect wirelessly with laptops/tablets



Completely Bonkers said:


> Q3. Do you have a preference WHICH router comes first... ie the wireless or the hardwired? Which  one in your opinion has the better firewall/security/port managing features?


dont care what comes first ... whatever is easiest ...
dlink dlg 4100 is what I have now ... then my wireless would probably be the ASUS I linked up top ...


----------



## Aquinus (May 7, 2012)

You know, no matter what way you do the improvement most likely won't be measurable considering the response time between the two switches is no more than 2ms and most likely less than 1.


----------



## Dippyskoodlez (May 7, 2012)

TheMailMan78 said:


> Well how hard is it to crack WPA2 Personal? I have never had any issues.



WPA2 rainbow table is publicly available (now..).

If I understand your network needs correctly it should be like this:

INTERNET -> WIRELESS ROUTER -> WIRED ONLY ROUTER

This will make the wireless LAN open to the wired only, and the wired only router will by default block basic LAN related stuff going unto the "secure" side. Assuming you leave both of them in route mode with firewalls ON.

Leaving the wireless on unbroadcast, WPA2 protected, will give you baseline wireless security, but leaving it unbroadcast will *NEVER mean undiscoverable*.

Don't waste your time with MAC filtering. It is not security against someone that is actively trying to get into your network.

edit: Don't forget, patching to LIKE devices, requires a CROSSOVER cable, not a PATCH cable (unless they auto negotiate this). Crossover cable is EIA-568A + EIA-568B, whereas a patch is EIA-568A or B on BOTH ends.


----------



## Aquinus (May 7, 2012)

Dippyskoodlez said:


> edit: Don't forget, patching to LIKE devices, requires a CROSSOVER cable, not a PATCH cable (unless they auto negotiate this). Crossover cable is EIA-568A   EIA-568B, whereas a patch is EIA-568A or B on BOTH ends.



Patches cables should work between switches.


----------



## Dippyskoodlez (May 7, 2012)

Aquinus said:


> Patches cables should work between switches.



Switch to switch = xover
router router = xover
(home router) to PC = patch
High end router to PC = xover

All of this assumes ports do not support auto mdix, obviously.


Some home routers DO, some do NOT. I have had linksys that do and don't in the same system.


----------



## digibucc (May 7, 2012)

except most home routers, switches and current nics have auto-mdix, so to say a xover is required for switch to switch or router to router is really not true. technically of course you are right but looking at hardware on the market, that technicality really doesn't matter much anymore.


----------



## Aquinus (May 7, 2012)

Dippyskoodlez said:


> Switch to switch = xover
> router router = xover
> (home router) to PC = patch
> High end router to PC = xover
> ...



Maybe I've been lucky, but I've been able to bridge computers using patch cables and bridge switches and routers using patch cables as well, but I'm not convinced that any modern day network adapter will struggle with it.


----------



## Dippyskoodlez (May 7, 2012)

digibucc said:


> except most home routers, switches and current nics have auto-mdix, so to say a xover is required for switch to switch or router to router is really not true. technically of course you are right but looking at hardware on the market, that technicality really doesn't matter much anymore.



Really? I'm posting this through a router that does not. (This is usually devices that do not support 1000BASE-T)

To say its "not true" is not true. Its 100% true.

The devices convert the cable. (So yes you don't have to do anything, the cable is still effectively changing.)

But when someone suggests doing something like this and end up scratching their head as to why it sorta shows connectivity, but wont pass data, it can save lots of time when they learn the basics instead of assuming.


Assuming, in a network environment is bad. Because it will probably backfire and waste your time. The OP never states what router his normal wired connection is.


----------



## Completely Bonkers (May 8, 2012)

Copenhagen: thanks for your answers.

I would suggest:

1./ Use the wireless router as the main router and AP, it will be the DHCP server.  Choose a subnet x.x.x.x
2./ Set the appropriate wireless security
3./ On the wireless router there will be a setting whether or not to allow WLAN connections access to the LAN. Disable access. Wireless will therefore only get access to the WAN port (internet)
4./ Plug your current router WAN into the one of the wireless routers LAN ports
5./ Set your current router to DHCP server. Choose a subnet y.y.y.y that is NOT the same as x.x.x.x
6./ Set Internet IP Address as Get Dynamically From ISP. And Domain Name Server (DNS) Address as Get Automatically From ISP. Turn on NAT

Now your current router connects indirectly to the internet through your wireless LAN, i.e. your wireless LAN is the Gateway.  Your current router/wired LAN will run on its own subnet independent of the subnet offered to wireless clients. For example, your wireless clients could be on 10.x.x.x and your wired LAN could be on 192.168.1.x.  Due to NAT the wireless clients wouldn't see your wired devices, unless you specifically uPnP or port forwarding to let them through to a specific machine, e.g. send them to a printer as all they can see.

**Note**

You could set it up the other way round, but IMO this is the simplest way to set it up and provide the chinese walls between subnets.  I think you will also find it "educational" to set up your wireless router to be the "ISP" for your wired router. Helps you understand how it all works.

Hope I didnt miss anything!

The answer provided here:http://www.techpowerup.com/forums/showpost.php?p=2622983&postcount=12 is what you would do IF you WANTED the wireless clients TO SEE and be exposed to your wired LAN.  This is not what you wanted.


----------



## copenhagen69 (May 8, 2012)

thanks so much bonkers ... going to order the router I linked earlier tonight and so I should be back next week when it gets here and let you know how it goes ...


----------



## copenhagen69 (May 9, 2012)

I think I figured it out ...

since I have no expertise in this area one of my buddies recommended a router that is wireless and hardwired that supports a guest connection.

he says I can turn off the wireless stuff and still have this guest connection up and it can be blocked from accessing the network ...


----------



## Completely Bonkers (May 10, 2012)

Yes, you can do that with some wireless routers... or any router that can run DDWRT.  However, if you already have a fixed router, and a wireless router, using my earlier method you don't need to buy anything new, nor learn new (complicated) firmware like DDWRT

IF you are buying new hardware, I would recommend a ubiquiti product like the airrouter.

I personally have the Nanostation M2 which is a phenomenal product. Very happy with it. Their firmware is just as flexible and easier to use than DDWRT in my opinion.  They are designed for commercial wireless, so their security and power (wireless range/distance) are excellent.  With their Nanostation M2 I am able to capture a wifi signal and rebroadcast a new network on a different channel at much higher strength. Great for bridging applications.

Don't forget to think about how you run your local LAN. Most routers are not the "fastest switches" and will only offer 10/100M LAN ports. You might want to consider a fast switch 1G for your wired LAN sitting behind the router you eventually choose.


----------



## phanbuey (May 10, 2012)

TheMailMan78 said:


> Well how hard is it to crack WPA2 Personal? I have never had any issues.



All you need are some readily available tools and some time.


----------



## remixedcat (May 10, 2012)

Lots of routers have guest networks to isolate the guest PCs from the internal LAN. they are called "Guest networks" or "VLANs" or "Virtual Servers" 

From there you can have your wifi on access point mode only as well...


If you want the good range give that AMPED WIRELESS! one a try they have a new one with USB sharing and dual band now... I'm thinking of getting it...


----------

