Using 2 wireless routers behind same firewall [Archive] - SpeedGuide.net Broadband Community

View Full Version : Using 2 wireless routers behind same firewall

rlamoreaux

12-05-06, 05:54 PM

A remote office of mine asked me how to do this. They want 2 wireless routers, 1 - used for employees. Would not broadcast also would not give out wep code. The other wireless router is for guests in office. It has the internet but can not see other router. They would change wep at quicker intervals. Here is what I think, Router A - firewall router connected to ISP. Router B & C are the wireless routers connected to router A.

Router A
Wan IP - Dynamic supplied by ISP
Mask - supplied by ISP
Default - supplied by ISP
Lan IP - 192.168.0.1
DHCP off

Router B Employee
Net Name - Secure
Wan IP - 192.168.0.2
mask - 255.255.255.128
Default - 192.168.0.1
Lan IP - 192.168.0.3
DHCP on
DHCP Address Range
Start - 192.168.0.10
Stop - 192.168.0.110

Router B Guest
Net Name - Guest
Wan IP - 192.168.0.129
Mask - 255.255.255.128
Default - 192.168.0.1
Lan IP - 192.168.0.130
DHCP On
DHCP Address Range
Start - 192.168.0.140
End - 192.168.0.240

What do you think???? Can both wireless routers see the internet but not see each other????

YeOldeStonecat

12-05-06, 06:12 PM

Double NAT with multiple routers is a pain, and some applications don't like it.

I'd keep things simple.

I always run access points with a router, not another router.

In quite a few setups, where I separate wireless LANs from the rest of the LAN, I have a main router that supports port based VLANs..and I uplink the APs into that...separate VLAN.

But today..many business grade access points support multiple SSIDs...and support creating VLANs for each wireless user. So your wireless users can only get to the internet..not to the rest of the network.

Your diagram above...the concept you're scratching at could work...if I had to implement that design..a few things...
*Each side of the router must be a different IP range. You can't have a WAN IP of 192.168.0.xxx and a LAN IP of also 192.168.0.xxx..the router won't know which way to go. You'd want router 1 at 192.168.0.xxx, and routers 2 and 3 at 192.168.1.xxx. You can leave DHCP enabled on the first router..just assign WAN IPs outside the DHCP pool.

ErikD

12-06-06, 09:10 AM

I would second using WAPs instead of multiple layers of routing.

How many public IPs does your ISP allow you? Another option would be two routers connected directly to the internet, if you are allowed two IPs). Then you just have the insecure on only connected to the internet, and the secure connected into your internal network. Apply whatever security levels you like to each.