# Added 2nd router to my main router for "kids" network.easy, and helpful



## jboydgolfer (Jan 19, 2017)

Hello TPU,

So I am certain that this is nothing groundbreaking, and further am certain it has been done by many others, many times, but since i didnt know it could be done SO easily, i thought i might create this thread, on the off chance another might be in a similar position as i was before arriving @ this soultion.

*for TLDR's I connected a 2nd router to my main router via ethernet cable, for a 2nd wireless network for only my kids ( the summary of what is written in this post, minus my personal experiences)*

For the remainder of this Post, i will refer to the Main router as "A" and the secondary router as "B" , lets carry on.

My kids enjoy playing minecraft, and all things interweb, and since they are all under 16Y/o, I have the internet they use cut off at a certain time, 11pm on school nights, and 2AM on weekends. This used to be a boring repetitive task of scheduling Each device, of which there are many. But , one day i decided to utilize an old WNDR3800 "B" router I had lying around, by doing the following....

Plugging "B" into one of the LAN ports of MY main router (Asus RT AC66W/u)"A"
then creating A single wireless network called "Kids"(on "B"), which only they connect to, for any and all of theyre internet, PC, and console related web activities. Now, when i schedule internet shutdown, i dont have to add a policy for each device, i just set the "B" router, to be cut off internet by the "A" router @ 11pm on schoolnights, and 2am on weekends, just that was worth it.

I have also, had difficulties with Them playing LAN minecraft over our "A" router, both with them connecting to eachother, as well as the traffic slowing down my main "A" router. Which now that they are all connected via the "B" router, to a "virtual LAN" so to speak, they connect perfectly each time, without me having to troubleshoot some stupid game i have never even played.

Another benefit, which I cant explain, other than the "B" router is possibly handling the additional routing of the kids devices that are connected to it, is that My main "A" router seems unencumbered now, like it is only routing for My PC, and My wives tablet, and Cell phone. I assume that the "A" router is still managing all the heavy lifting, but maybe my assumptions are right, and the "B" router IS handling the kids Devices traffic, and Aside from the A" router providing the Bandwidth, it isnt handling 9 devices, but instead 1 "B" router.

I was also surprised how easy this was, no checking which subnet mask was running, or Static ip setting, it was a matter which was no different than connecting Any other device to a router. I plugged the "B" router in, held down the factory reset button, and went through the set up process , while i was connected to it VIA ethernet, once the Wireless SSID was set up, i connected wirelessly, and Viola! I was done. Since the initial setup, it has run beautifully. No issues, less slowdowns from the kids downloading Steam games, or the likes...just good results, as of yet (knock on wood) 

So , since its been a few days, I figured it was running solid, and I would share the results, for the above mentioned reasons, So i wrote this Damn TLDR book/post, and shared my "success", I hope it helps...If even one person finds something that they can benefit from in this post, it will have been worth it..

FWIW
Im running Merlin on the AC66W, no issues.current Ver.
The WNDR 3800 is running the Current latest Firmware, stock.
both are running ONLY 2.4Ghz, i have 5Ghz devices, but see no need for it.atleast as of yet.


----------



## Kursah (Jan 19, 2017)

Make sure you setup manual DNS for the router to *OpenDNS *servers to help with content filtering for the kiddos. Makes a huge difference in prevention when they can't access certain content in the first place. Then just have the DHCP service on the kid router give out the router's IP for DNS and OpenDNS as the secondary. That way they are forced to use OpenDNS servers regardless. I know you know about OpenDNS...but it's a very valuable tool for content filtering. I force all my users on all my networks to use it. It really did help with an issue we started having with the boys getting into stuff they didn't mean to or weren't supposed to. 

Sounds like you have a good setup going for you. 

Did you place the kids router just behind the LAN of your main router or in the DMZ? Double-NAT could be an issue in the future...but depending on the issue, port forwarding or static routes can help...really though I don't expect you'll run into many issues with a simple setup for kids.

Nice work!


----------



## DeathtoGnomes (Jan 19, 2017)

Brilliant use of old hardware.


----------



## jboydgolfer (Jan 19, 2017)

Kursah said:


> Make sure you setup manual DNS for the router to *OpenDNS *servers to help with content filtering for the kiddos. Makes a huge difference in prevention when they can't access certain content in the first place. Then just have the DHCP service on the kid router give out the router's IP for DNS and OpenDNS as the secondary. That way they are forced to use OpenDNS servers regardless. I know you know about OpenDNS...but it's a very valuable tool for content filtering. I force all my users on all my networks to use it. It really did help with an issue we started having with the boys getting into stuff they didn't mean to or weren't supposed to.
> 
> Sounds like you have a good setup going for you.
> 
> ...




 Oh that's something I forgot to add dammit

So the reason I always kept this old Netgear WNDR 3800 laying around  is because it has a built-in traffic Loggings system, every single URL that visited I can view and/or block within the Netgear Genie interface. In my opinion and experience it's better than open DNS both of which I've used for close to four or so years.

  I did absolutely no software set up for the installation. No turning off services like DHCP no static IP's nothing. I simply took the ethernet cord plugged it in port four on my Asus , plug in the modem port on my net gear router ( The Internet in Port )And then I just turned it on flashed it to stock and set up the SS ID and password. That's what amazed me so much is I literally plug and played which normally doesn't work with adding a second router as I'm sure anyone with even the smallest amount experience knows


----------



## Kursah (Jan 19, 2017)

Ya it's treating your Asus subnet as it's WAN, where the double-NAT comes into play. But again it shouldn't be a big deal in this case.

I'm glad it worked out so easily for you, it's a testament to how far along these devices have come. 

Traffic logging is fine if it also filters for restriction...otherwise what's the point? I feel it would be better to prevent access than audit to prove access with kids and content. Though I use Squid and can track by IP address to see what my devices are browsing for through my PFSense router.


----------



## jboydgolfer (Jan 19, 2017)

Kursah said:


> Ya it's treating your Asus subnet as it's WAN, where the double-NAT comes into play. But again it shouldn't be a big deal in this case.
> 
> I'm glad it worked out so easily for you, it's a testament to how far along these devices have come.
> 
> Traffic logging is fine if it also filters for restriction...otherwise what's the point? I feel it would be better to prevent access than audit to prove access with kids and content. Though I use Squid and can track by IP address to see what my devices are browsing for through my PFSense router.



i used openDNS along with the Netgear, but from parenting these bolognaheads all theyre lives, i know what sites they Would visit if they could, so i block em, then I scann the logs occasionally for ones i might have missed, but it logs all of it to my Email, which it exports whenver it is full. I actually have a separate email address just for the Logs, since 100 or more can be sent in a day , but i see your point. it Does filter, both keyword, and URL, user set, and predefined 

heres my speed with the new setup, 14 devices connected, and most of which are gaming....on a 60/5 Mb/s service.also, i used testmy.net, not that BS speedtest.net trash that is hosted by the ISP, so they can placebo people into thinking they are getting what they are paying for.


----------



## Kursah (Jan 19, 2017)

If you're going to use speedtest.net, use beta.speedtest.net, the test is more in-line with the likes of testmy.net and ISP tests so you don't get the inflated results that Speedtest.net provides (still).

My tests with beta are consistently slower...sometimes even than testmy.net. It's funny to compare Speedtest.net and Beta...I do like the HTML5 site though!

And on your filtering, if that works for you, then by all means go for it! Frankly I'd use both seeing that you only need to setup the DNS to point to OpenDNS. Then use your localized reporting solution to keep reporting what they're viewing and what is getting past the DNS content filter. Double or nothin!


----------



## jboydgolfer (Jan 19, 2017)

Kursah said:


> If you're going to use speedtest.net, use beta.speedtest.net, the test is more in-line with the likes of testmy.net and ISP tests so you don't get the inflated results that Speedtest.net provides (still).
> 
> My tests with beta are consistently slower...sometimes even than testmy.net. It's funny to compare Speedtest.net and Beta...I do like the HTML5 site though!
> 
> And on your filtering, if that works for you, then by all means go for it! Frankly I'd use both seeing that you only need to setup the DNS to point to OpenDNS. Then use your localized reporting solution to keep reporting what they're viewing and what is getting past the DNS content filter. Double or nothin!


yeah, the main defence i have found that is MOST effective for my kids, and my nephews, is the fact that they KNOW i can see what they are doing if i want  You might be surprised how well that little notion works .

this is what some of the built in blocking /logging looks like











as long as you know what your looking at in the logs, its pretty easy to tell what was viewed, and by who. You can see for example, my nephews Xboxone in the logs there.i filled in the blocks for example  on the 1st pic


----------



## Sasqui (Jan 19, 2017)

Love it.  I tried a second lower tier AP with wireless "g" only, and the 2.4 Ghz band that and on my RTN66U we're having serious conflicts, even spread across the house so I scrapped it.

Currently using MAC address control for blackout times with the ASUS instead.


----------



## jboydgolfer (Jan 19, 2017)

Sasqui said:


> Love it.  I tried a second lower tier AP with wireless "g" only, and the 2.4 Ghz band that and on my RTN66U we're having serious conflicts, even spread across the house so I scrapped it.
> 
> Currently using MAC address control for blackout times with the ASUS instead.




i was worried about that as well, but havent hit that wall as of yet. 


I gotta hit the road, physical therapy for me tonight . have a good night all.


----------



## Kursah (Jan 19, 2017)

Absolutely...my boys are even more worried because I'll Teamviewer or RDP onto their computers and really freak em out. With my OpenVPN tunnel, I can RDP from almost anywhere. Between that, and their testing the boundaries of what Squid and OpenDNS filter, they've pretty much admitted that I'm omnipresent in their technological lives. The little one (going on 9) is pushing the limits again as-far-as device usage...but not with content access. 

I think you have a pretty good setup going, should be easy to maintain too.


----------



## jboydgolfer (Jan 19, 2017)

Sasqui said:


> 2.4 Ghz band that and on my RTN66U we're having serious conflicts, even spread across the house so I scrapped it.



another point i wanted to add to this issue... My routers are This close together too. I think I just got lucky that they don't conflict


----------



## Sasqui (Jan 19, 2017)

jboydgolfer said:


> My routers are This close together too. I think I just got lucky that they don't conflict



Totally, or the specific frequency or protocol is different enough between them, it's beyond my pay grade, lol.   The conflict I was having was bad, the two were about 30'-40' from eachother and I'd get poor signals and very frequent dropouts on either one.  I unplugged the second AP and everything was happy again.


----------



## Toothless (Jan 19, 2017)

Eeyyy this is something i always wanted to try. My current setup has the cheap modem/router from our ISP broadcast for just the landlord with my roommate and i sharing my router with just me on the 5ghz band. It works so far and i can't complain when I'm not paying for the service. Kinda wish my landlord understood its not her hardware though.


----------



## eidairaman1 (Jan 19, 2017)

jboydgolfer said:


> Oh that's something I forgot to add dammit
> 
> So the reason I always kept this old Netgear WNDR 3800 laying around  is because it has a built-in traffic Loggings system, every single URL that visited I can view and/or block within the Netgear Genie interface. In my opinion and experience it's better than open DNS both of which I've used for close to four or so years.
> 
> I did absolutely no software set up for the installation. No turning off services like DHCP no static IP's nothing. I simply took the ethernet cord plugged it in port four on my Asus , plug in the modem port on my net gear router ( The Internet in Port )And then I just turned it on flashed it to stock and set up the SS ID and password. That's what amazed me so much is I literally plug and played which normally doesn't work with adding a second router as I'm sure anyone with even the smallest amount experience knows




make sure anything porn related or warez or copyworld is disabled on that kids router


----------



## EarthDog (Jan 19, 2017)

I take it your router doesn't have the ability to create a guest network? That is what I did for my kids and guests.


----------



## eidairaman1 (Jan 20, 2017)

EarthDog said:


> I take it your router doesn't have the ability to create a guest network? That is what I did for my kids and guests.



DGND3700V2 has it even lol


----------



## EarthDog (Jan 20, 2017)

His router has the ability.. https://www.google.com/search?q=rt-...droid-verizon&sourceid=chrome-mobile&ie=UTF-8


----------



## Kursah (Jan 20, 2017)

Yep the Asus does have guest network ability with AsusWRT or really any firmware installed. BUT it doesn't have the filtering and reporting that he prefers for the kid's network.


----------



## jboydgolfer (Jan 20, 2017)

Kursah said:


> Yep the Asus does have guest network ability with AsusWRT or really any firmware installed. BUT it doesn't have the filtering and reporting that he prefers for the kid's network.




 I actually had a guest network for each of the boys but I found that whether it was the additional routing or traffic or whatever I don't know but it slowed every day use of the router down , and I'm cat six connected to this router the main one. Speed wise and while monitoring the CPU activity everything has improved for the main Asus router


----------



## revin (Jan 20, 2017)

I tried this by adding my Buffalo 54 DDWRT unit about 10ft away but several days later got "IP Conflict" even after I made sure neither had the same  address
but I did have to go thru a switch in the front room to do it and even disabled DCHP on "B". 
I just wanted to extend my range on the north40 but something about the NVG510 not playing nice with a switch and second router behind it


----------



## jboydgolfer (Jan 20, 2017)

revin said:


> I tried this by adding my Buffalo 54 DDWRT unit about 10ft away but several days later got "IP Conflict" even after I made sure neither had the same  address
> but I did have to go thru a switch in the front room to do it and even disabled DCHP on "B".
> I just wanted to extend my range on the north40 but something about the NVG510 not playing nice with a switch and second router behind it



Yeah it was weird because the IP's that it is assigned to the B router are a 1000% different from the ones that the A router uses.

  The a router uses 192.168.1.1 *all devices directly connected to this router use a similar Address except the B router.

The B router uses 10.0.0.1* all devices connected to the B router use similar address to its local IP. i.e. 10.0.0.4 

 So I'm assuming that I shouldn't run into any IP conflicts I've also taken the precaution of going into the merlin firmware and setting the baby router as a static IP so it should resolve any conflicts that could arise in the future.

 I'll certainly report back if I run into any issues or if any of my experiences change


----------



## EarthDog (Jan 20, 2017)

Kursah said:


> Yep the Asus does have guest network ability with AsusWRT or really any firmware installed. BUT it doesn't have the filtering and reporting that he prefers for the kid's network.


10-4.. I have an rc87 and can do all those things. Wasn't sure if it was common throughout or a more high end feature.


----------



## silkstone (Jan 20, 2017)

Good use of an old router.

It can also be done using a virtual interface if you have DD-WRT.
It's quite easy to set up filtering and blocking of different websites as well as QoS.


----------



## CAPSLOCKSTUCK (Jan 20, 2017)

I have the same simple set up as you @jboydgolfer we have strong wifi throughout our biggish house and most of my 30 metre garden.

the kids password is something like "my Dad is brilliant"...........(something memorable for their mates to type in....)


----------



## jboydgolfer (Jan 20, 2017)

CAPSLOCKSTUCK said:


> I have the same simple set up as you @jboydgolfer we have strong wifi throughout our biggish house and most of my 30 metre garden.
> 
> the kids password is something like "my Dad is brilliant"...........(something memorable for their mates to type in....)




 I've certainly had some pretty memorable wireless passwords over the years 

  The favorite ones of mine just because it was so fun to tell guests or family members

Dickizinya
Willyfistergash

 Try saying either one of those to your mother-in-law without laughing

 I still remember when 8-9out of 10 wireless networks would not have a password remember that? When you can just piggyback any signal almost all the time? Right around with AOL was a thing,  also when piggyback was still a common term


----------



## silkstone (Jan 20, 2017)

jboydgolfer said:


> I've certainly had some pretty memorable wireless passwords over the years
> 
> The favorite ones of mine just because it was so fun to tell guests or family members
> 
> ...



I'm a High School teacher and so when the Wi-Fi goes down (not as often since a recent upgrade) I set up my phone as a hotspot.
I can get pretty creative with the passwords, it's hilarious watching the kids type it in, especially as I spell out the password letter-by-letter


----------



## jboydgolfer (Feb 21, 2017)

just as an update to those who might be interested......

I have only had 2 issues since the set-up of this new "kids" network.
1- I have found it is best to set a QOS limit for the kids router to 45/4Mb/s 
2- I have had to restart the 2nd router once, due to a loss of connection, never has this happened since that one time.

All in all, everything has gone along quite well.
also have setup dynamic DNS, and no-ip services, along with DNSomatic, for monitoring ,and better DNS servers than what the ISP uses.


----------



## eidairaman1 (Feb 21, 2017)

jboydgolfer said:


> just as an update to those who might be interested......
> 
> I have only had 2 issues since the set-up of this new "kids" network.
> 1- I have found it is best to set a QOS limit on the kids router to 45/4Mb/s
> ...



Id set static IPs on the kids machines and also only allow those ips to access the router


----------

