Menu
What's new
By:
Filters Better Search

Help separating my network into trusted and untrusted

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

J

JustinHu

New Around Here
So I'll start off by saying I'm pretty green on these subjects and have been spending many days and nights trying to catch up on terminology and technology. The past 3 years I've mastered the art of "credit" lol so anyone who is willing to lend a helping hand in this I will be more than happy to share my knowledge in helping to fix your credit.

I was going to post this 2 months ago, but after reading some of these topics I noticed I needed to understand and research some of the terminology beforehand to avoid annoying anyone. Please bare with me though, because I'm sure I will still ask a stupid question here and there. I have so many acronyms and new words in my head right now that I understand the concept(s) (NICS, VLANS, AP'S, BRIDGING, NAT, NAS, STATIC IP & DYNAMIC IP, DHCP, SUBNETS, MANY MORE, ETC..) but I need some help in tying it all together.

Here is what I want to accomplish:
I want to separate a couple "untrusted" devices on my wireless network so they will not be able to access my trusted device's content. To be more specific, I have a fire tv running kodi (I know some may not approve of p2p) and I want to secure my other device's from this device. I also want to always utilize VPN on the fire tv, and sometimes utilize VPN on my trusted devices. I already have IPvanish subscription and currently use it as a client on my laptop.

Here is the equipment I have:
- I have a Motorola modem/router supplied by my ISP
- I purchased an Asus ac3100 (4 port not ac88u)
- I also purchased Asus 1900p (1.4GHZ) because it was soo cheap on cyber monday.


Do I have everything I will need to accomplish isolating my untrusted devices (FireTV and a couple Android phones)? Or do I also need to purchase a switch of some sort? I will have to flash merlin onto my 3100 but I wanted to wait before doing anything until I had a clear picture and checklist of hardware and steps needed to get this set up.

Thank You in Advance!
 
With the lack of responses since last week, I assume I may have asked too much. Since last week I've been glued to the internet coming up with solutions and educating myself in this area of networking.

(Scenario 1) - I've found I can use 3 routers with different subnets, but I don't know if this solution is ideal since I don't really need this many connections. Plus, I keep reading different answers on which routers are able to speak to each other in this configuration.

(Scenario 2) - Cascading 2 routers with different subnets is a solution I think might work, but in this layout wouldn't 1 of the routers uplink cause that router to be able to talk to the opposite router? ( In this scenario I would turn my ISP modem/router combo into bridge mode and use the two asus routers)

(Scenario 3) - I could use 1 Router and create multiple vlans to separate into two private networks. I feel this may be my best solution and have been reading up and learning about vlans. I think I may have to buy a managed switch in this scenario, or would the Asus 3100 router work as a layer 3 switch to accomplish this?
(Would require placing ISP modem/router combo into bridge mode)

(Scenario 4) - ****OR**** Could I simply just use 1 router (the Asus 3100) and use the guest isolate wifi feature to accomplish what I want. I could place my untrusted devices on the guest wifi (still with WPA2 security). In this scenario, would the device on the guest network be able to see, talk, or ultimately compromise anything on the regular side of the router? If the guest device can't see the devices on the other side, this would eliminate me from having to create vlans to separate the untrusted devices. If this is the case and the guest network can be completely isolated from the main network, does this give you the same amount of security as creating vlans to accomplish the same thing?

These are the solutions I've came up with trying to use ONE External IP (from my ISP) to create 2 private networks. My ISP will only give me 1 IP. If anyone has a better solution please let me know, otherwise can anyone chime in and educate me on which one of these you would go with to accomplish what I want? I just want to separate my firetv from my regular network...

Thanks guys...
 
The problem with Scenario 4 is your guests use the same subnet as all the others, that bugged me, and created problems for a Windows Server I was using for DHCP and other services. The GUEST WIFI will not see the other guests or "regular" sides but it still uses the same pool as the other guests and regular side. I would use Scenario 2 because I don't think you are not going to learn enough about Layer 2 in Scenario 4 with the Asus routers to make a difference. If you had Cisco ISRs (new or old), Junipers, or Sophos UTM, I would say go for Scenario (4) because you would have more control over the Layer 2 traffic than you will with the ASUS. In my configuration, I use the ASUS RT-AC88U as my Root Wireless Bridge which connects to my Motorola Modem (weired how this is called a modem and not a Network Bridge) that is in Bridge Mode, a Cisco 1811W#1 which acts as a 5G bridge between a wired Cisco Work from Home Router provided by my employer, and Cisco 1811W which has Vlans and provides wireless for closed operating system devices except for my Xbox 1. I wanted my XBOX1 to directly connect to my AC88U for faster Wireless LAN connectivity and also can play it from my PC. 1811W#2 also provides connectivity for wired devices such as my OOMA and an old Pentium 4 PC I converted into a FreeBSD 11.0 box that I couldn't find a wireless card that would work directly to the ASUS. I use Extended ACLS on the Cisco 1811Ws to help protect the "Regular Side" network on the ASUS. As for the work router, it is always connected via DMVPN so the traffic is both encrypted and in a tunnel while it communicates through my "regular" side.
 
Last edited:
You must log in or register to reply here.

Similar threads

D
Netgear GS305EPP Port 4 Untrusted?
Replies
5
Views
265
ds5686920
D
H
Asus Network design
Replies
13
Views
820
OzarkEdge
OzarkEdge
R
Parental Controls - Help
Replies
6
Views
520
Adooni
A
J
How do I turn off LLDP on my Asus router please?
Replies
10
Views
701
jonnyc55
J
J
TUF-AX3000 V2 poor experience
Replies
6
Views
816
Tech9
Tech9
Similar threads
Thread starter Title Forum Replies Date
HeadBanger New fibre instal problems - help! ASUS Wireless 4
A Asus RT-AC5300 - ISSUE - Please help ASUS Wireless 2
L AX86Ubpro plus N66U help ASUS Wireless 32
R Parental Controls - Help ASUS Wireless 6
yayCollie Help with Troubleshooting ASUS Wireless 12
R Help with building wired/wireless network ASUS Wireless 20
L Possible to have one drive formatted as two partitions, mounting as two network drives (for backups)? ASUS Wireless 6
H Asus Network design ASUS Wireless 13
R Correct setup of network devices ASUS Wireless 12
S PCVR Asus XT8 AiMesh local network traffic path ASUS Wireless 5

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 1,111 (members: 32, guests: 1,079)
Top