What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Best configuration for failover router and separate home network

A

Abcuz5

New Around Here
I currently have a home network running off of a tp link router with the internet provided through my cable modem.

I want to add a few computers on a separate network and have those computers connected to a 2 WAN failover router. I want one wan connection to be the cable modem connection supplying my home network. I want the other wan connection to be a DSL modem that is normally sitting idle and had been used as a manual backup in the past.

I want to be able to remotely manage the failover router and the computers connected to the failover router.

I don't want the failover router or computers connected to the failover to be able to see the data or traffic on my home network computers.

What would be the best way to set this up?

Thanks!
 
what you want is dual WAN with layer 2 and 3 segmentation. That means vlans, subnet and a configurable router. You will also need a smart switch too and at least wifi with guest mode as that uses vlans too.
Segmentation with openwrt is actually very clear so i suggest giving it a try.
 
Thanks for the helpful reply.

If I just plug the WAN port of the failover router (192.168.1.1) into the LAN port of the home network router (192.168.0.1) and plug the other WAN port of the failover router into the DSL modem then what would be my drawbacks? Could the failover router or computers connected to the failover router see the traffic and data on my home network?

I will look in to dual WAN with layer 2 and 3 segmentation but I'm trying to see if a simpler solution would be workable in the meantime.

Thanks again!
 
Last edited:
double NAT isnt recommended. Doing what you're doing isnt failover either, its 1 internet being shared by 2 networks but with the other network behind a router.

segmentation is better especially with a configurable router as you can decide whether or not the 2 networks can communicate.

openwrt is free, see if your router supports it.
 
Thanks again for the helpful reply.

I don't need failover for the home network, only for the office computers connected to the failover router. That's why the DSL modem is connected to the failover router in WAN port2 and the cable connection is being shared from the home network.

I may eventually be able to install openWRT but I currently cannot modify either router so I'm trying to figure out ways to work around the issue until I can put a more permanent solution into place.

What about if I put a third router after the cable modem and then plug the home network wan port into that router and also plug the failover router WAN port1 into that router? Would that be an ugly way to achieve segmentation?

I know what I'm asking is not best practice by any means but I'm trying to figure out if it will work or what issues I might run into if I try to run it like that for a little while.

Thanks again!
 
more unnecessary devices means more power use and also more problems that could happen.
What you're doing isnt segmentation, its just double NAT which is really bad.

If you have 2 WANs, than all you need is 4 ports + a semi managed switch. It is preferable if the semi managed switch is also layer 3 but layer 2 is fine as well. Essentially this lets you use 1 switch for every device but still have them on different networks. i suggest openwrt because very likely your router can run it. It can do dual WAN and segmentation even for wifi too and it uses visual cues in administration to show you your network/zones. Its a good way for someone less knowledgeable like yourself to get working rather than going for ubiquiti/mikrotik/pfsense, all of which require new hardware.
 
If you want to keep the office segmented from the home network, you'll need to have the office network 'ahead' of the home router in the double-nat.

In the scenario you described with the office router behind the home one and the wan of the office router connected to the lan of the home router, the office router can see the systems on the home router--unless that home router has a way of segmenting that port via something like a vlan or even just a different subnet--keeping in mind that a different subnet still isn't segmenting the lan, but just making it harder to find the other devices on the lan.

Otherwise, I'd use your office router, connect both wans, create two vlans, one for your office and one for your home and then either connect your home router to one of the vlans or your home network. By putting the router, it will make it impossible for anyone to see your home network (as long as you have no ports open, etc), even if they get past vlan separation somehow.
 
You must log in or register to reply here.

Similar threads

FoxBazo
Dual-Wan issue on Merlin 3006.102.4 - do I need to waith for newt update or do I need to try the alternative Failover script (amtm)
Replies
5
Views
462
Weblee2407
W
R
WANFailover WAN Failover v2.2.0 Release
2
Replies
27
Views
2K
Weblee2407
W
O
Low Speed of USB 4G dongle on AC68U
Replies
3
Views
577
Offler2
O
D
DUAL WAN Failover version v2.1.2 and router RT-AX88U_PRO
Replies
0
Views
495
dexu
D
C
Router for setting separate VLAN for IoT devices
Replies
0
Views
688
cysio528
C

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 667 (members: 21, guests: 646)
Back
Top