I got sick of typing and retyping a 26 letter WPA key every time I or a guest brought a new wireless device to the house. There must be a way to offer unsecured WiFi while protecting my home wired network. Network segmentation - or is it segregation? - seems to be the solution. Here's how I did it.
Connect your DSL or Cable modem to the router that will offer open WiFi. Set its local IP to 10.0.0.1. The two routers must be on different subnets. They can't both use 192.168.1.x addresses.
Connect the WAN port of the 2nd router to any LAN port of the 1st. Set its WAN IP address to 10.0.0.2. Obviously, the DHCP server on the 1st router should be set not to use that address. Set the gateway and DNS to 10.0.0.1.
My second router had a few port forwards. To spare duplicating those all in the 1st router, I simply set the 1st router's DMZ to 10.0.0.2, the address of the 2nd router.
If you're a network security expert, let me know of any flaws.
(Graph drawn using yEd.)
Recent Comments