What's new

How to build a 'V' shaped router setup

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

georgecb

Occasional Visitor
Screenshot_20210418-210827__01.jpg


Hello Network Wizards!

I'm a complete n00b trying to work out how to setup my own home network and I seek your sage counsel.

I have 3 wireless routers that I would like to connect.

1. Router 1: my primary router and modem that is connected to the internet via fibre optic broadband cable. Also a wireless access point.
2. Router 2a: a secondary router, connected to Router 1, that acts as a WiFi extender with additional ethernet ports to the second building of my property.
3. Router 2b: another secondary router, also connected to Router 1, that acts as a WiFi extender with additional ethernet ports to the guest annex of my house.

I have attached a (very) Heath Robinson diagram of what I want it to look like. Imagine it like a 'V' shape. Internet comes into the bottom of the V (router 1), where the two lines meet, and gets sent to the top left and right terminals (routers 2a and 2b).

All routers have 4x gigabit LAN ports, 1x gigabit WAN port plus WiFi and will be connected together via cat6 ethernet cable.

Routers 2a and 2b will connect to the internet through Router 1.

Router 2a and 2b are not connected.

Ideally I would like Router 1 and Router 2a to form a LAN so they can share files/printers, etc. Essentially Router 2a just works as an extender (of Wi-Fi and ethernet) for Router 1.

However, Router 2b is primarily going to be used by Airbnb-type guests staying in a guest annex. Therefore, to ensure their privacy and mine, I would like Router 2b to operate in its own separate LAN and for devices connected to Router 2b not to be able to access the LAN network of Routers1 and 2a, and vice versa.

I think what is required is for, Router 1 and Router 2a to be connected via a LAN-to-LAN connection. Whereas Router 1 and 2b will be connected via a LAN-to-WAN connection.

If this is not possible for some nuanced technical reason (or if it's significantly simpler not to), I'm happy to have all 3 routers separate and not be able to share a LAN. (I'm really not that bothered about it if it's likely to be super complicated, it's just not that important).

The trouble is I'm not quite sure how to do any of this, either wiring up the routers or using DHCP settings and all the other complicated router mumbo jumbo with IP addresses.

Router 2a will probably have the most devices connected at any one time but even that is unlikely to ever have more than 10 (absolute max), so the routers should never have trouble assigning IP addresses.

Supplementary question: I may at some point want to daisy chain another tertiary (?) router to Router 2a (let's call the new Router 3a) to give me greater WiFi/ethernet coverage throughout my house. Think of it like an 'N' shape: router 1 would be the top left join of the N, router 2b would be bottom left terminus, and Routers 2a and 3a would be the bottom right join and top right terminus of the N respectively. Router 3a would also form part of the LAN with Routers 1 and 2a. If you can advise how I might be able to build in this upgrade capacity during the setup, that would be really helpful.

I'd be greatful for any advice you could give me.

Best wishes
George
 
What are the makes/model numbers of all three routers? Different devices have different options available to them.
 
As @ColinTaylor points out, it would help to know the make and model of these routers, and whether they're using oem vs. third-party firmware. This will tell us each router's capabilities.

On the face of it (putting the "N" architecture aside for the moment, if only because it confuses me), this isn't all that complicated.

You have a primary network you want to extend w/ an additional router (2a) acting as an AP, and additional router (2b) w/ a network for guests. The only real issue is whether those guests can be denied access to the upstream private network over router 2b's WAN. And that requires the ability to add firewalls rules for that purpose. Using third-party firmware, it's trivial. Using oem firmware, probably NOT going to happen.
 
What are the makes/model numbers of all three routers? Different devices have different options available to them.
Hi Colin,

Plan is for Router 1 and 2b to be Totolink A3002RU-V2 AC1200

Router 2a will be Asus RT-AC86U

The Totolink router is the one installed by the broadband company so it will be Router 1 by default. It's fairly cheap but doesn't need to be good as the WiFi only needs short range and will be infrequently used. Gigabit ethernet is the most important.

Thought I'd double up with the same router for 2b for simplicity of setup (as it also only needs short range and will be infrequently used).

For 2a (my house) I wanted something with a bit more punch so am planning on getting the Asus as I've heard good things about range and speed.

None of these set in stone (other than the Totolink that comes with the broadband), if you have a recommendation based on the setup I want to achieve I'll take it.

Cheers,
George
 
As @ColinTaylor points out, it would help to know the make and model of these routers, and whether they're using oem vs. third-party firmware. This will tell us each router's capabilities.

On the face of it (putting the "N" architecture aside for the moment, if only because it confuses me), this isn't all that complicated.

You have a primary network you want to extend w/ an additional router (2a) acting as an AP, and additional router (2b) w/ a network for guests. The only real issue is whether those guests can be denied access to the upstream private network over router 2b's WAN. And that requires the ability to add firewalls rules for that purpose. Using third-party firmware, it's trivial. Using oem firmware, probably NOT going to happen.

Hi, thank for the response. See my response to Colin with router types.

I'd be interested to hear what you think is possible based on the routers.

Although, based on what you have said, more and more I'm thinking maybe we skip guest network/firewall stuff as my nose is already starting to bleed :D

Perhaps instead we just have it setup so routers 2a and 2b just act as APs. That's probably the most straightforward/most idiot proof, right?

Cheers
George
 
I don't know anything about the Totolink.

If routers 2a and 2b were Asus devices it would be quite simple to set up. 2a would be configured in "access point mode". That would give you your wired and WiFi coverage. 2b would be configured in "router mode" with its "network services filter" function configured so that its clients couldn't access your main LAN.

The only downside to this is the physical access to 2b. There's nothing to stop the AirBnB person from pressing the reset button and gaining access to its quick setup process. They could then reconfigure it as an access point and be directly connected to your main LAN (like 2a).
 
I don't know anything about the Totolink.

If routers 2a and 2b were Asus devices it would be quite simple to set up. 2a would be configured in "access point mode". That would give you your wired and WiFi coverage. 2b would be configured in "router mode" with its "network services filter" function configured so that its clients couldn't access your main LAN.

The only downside to this is the physical access to 2b. There's nothing to stop the AirBnB person from pressing the reset button and gaining access to its quick setup process. They could then reconfigure it as an access point and be directly connected to your main LAN (like 2a).


Excellent point re: the reset button. (Embarrassingly I hadn't thought of that). I think that's the final nail in the coffin for the 'separate LAN networks' idea.

Guests will have unrestricted access to the router anyway so absolutely nothing to stop them (in the highly unlikely event that a guest was hellbent on accessing my LAN) from resetting and getting in that way.

Definitely no point expending time and energy on a complicated solution that can never totally fix the problem, especially when the problem is unlikely to even exist in the first place!

I'll give up on that idea and go with what's easier.

Sounds like I just need to set the Asus and Totolink secondary routers as APs (or whatever the Totolink equivalent is) and connect them to the primary router. Then good to go?

The ethernet will come out of the LAN ports of Router 1. Would I connect them into the LAN or WAN ports of routers 2a and 2b?
 
Last edited:
The ethernet will come out of the LAN ports of Router 1. Would I connect them into the LAN or WAN ports of routers 2a and 2b?
With the Asus (2a) you would typically plug the cable from Router 1 into its WAN port. Just because it makes life easier if you ever decide to change it back to router mode. When configured as an access point its WAN port becomes just another LAN port so in reality it doesn't make any difference which port you use.

As for the Totolink (2b) I'd still recommend that you set it up as a "normal router" (connecting to it WAN port) rather than an access point. Yes it would be trivial for someone to bypass it if they were determined to. But for regular usage it will separate the networks. Otherwise, in AP mode they would be able to freely browse your main LAN without restriction. I can't think of any reason why you would choose AP mode over router mode. I doubt there's any difference in how difficult either is to set up.
 
Last edited:
With the Asus (2a) you would typically plug the cable from Router 1 into its WAN port. Just because it makes life easier if you ever decide to change it back to router mode. When configured as an access point its WAN port becomes just another LAN port so in reality it doesn't make any difference which port you use.

As for the Totolink (2b) I'd still recommend that you set it up as a "normal router" (connecting to it WAN port) rather than an access point. Yes it would be trivial for someone to bypass it if they were determined to. But for regular usage it will separate the networks. Otherwise, in AP mode they would be able to freely browse your main LAN without restriction. I can't think of any reason why you would choose AP mode over router mode. I doubt there's any difference in how difficult either is to set up.
OK I'll do that then. Any special DHCP settings/IP addresses I need to give the routers?
 
Not really. Just make sure the LAN address range for the primary router and router 2b are different. So if the primary is 192.168.1.1/24 use something like 192.168.2.1/24 for 2b.
 
Not really. Just make sure the LAN address range for the primary router and router 2b are different. So if the primary is 192.168.1.1/24 use something like 192.168.2.1/24 for 2b.
Hi Colin

I've done some more reading and I think this is how I'm going to try to set the network up (photo attached).

I'm hoping all the settings are right but perhaps you can correct me. Main thing I'm not sure about is whether I've setup the DHCP server right on router 2b, or whether DHCP should be set to off. I think it needs to be able to hand out up addresses because it's on a different network but I'm not 100% sure.

Cheers
George
 

Attachments

  • New Doc 7_1.jpg
    New Doc 7_1.jpg
    80 KB · Views: 151
Yes the DHCP server on 2b needs to be on. I'm assuming that when you say "DHCP: 192.168.1.10" this is the starting IP of the DHCP pool?

I would add that there's no point specifying both 192.168.0.1 and 1.1.1.1 as the WAN DNS servers. You either want clients on network #2 to be able to resolve the host names of network #1 (probably not) or you don't. Having both addresses just randomises the chance of being able to resolve network #1's host names. So I suggest you set it to two external DNS servers, e.g. 1.1.1.1 and 9.9.9.9.
 
Last edited:
Yes the DHCP server on 2b needs to be on. I'm assuming that when you say "DHCP: 192.168.1.10" this is the starting IP of the DHCP pool?

I would add that there's no point specifying both 192.168.0.1 and 1.1.1.1 as the WAN DNS servers. You either want clients on network #2 to be able to resolve the host names of network #1 (probably not) or you don't. Having both addresses just randomises the chance of being able to resolve network #1's host names. So I suggest you set it to two external DNS servers, e.g. 1.1.1.1 and 9.9.9.9.
Thanks so much for this.

Correct, DHCPs 192.168.0.10 (router 1) and 192.168.1.10 (router 2b) are both starting IPs of the DHCP pool.

Glad most of it's correct.

If I've understood your suggestion, I'd be better off making the primary and secondary WAN DNS servers for router 2b 1.1.1.1 and 9.9.9.9, respectively?

If so I'll do that.

I confess you're going way over my head when you mention 'resolving host names', so I'm afraid I don't really grasp why the DNS server not being the same as router 1 is important (but then again I also don't understand what a DNS server is or what it does, or why I was told to make it the same as router 1's IP in the first place!). Feel free to explain it like you're talking to a complete moron (I literally am when it comes to this stuff!). It's impossible to patronise me! :D

Or don't worry about it, if it works it's good enough for me! :)

Cheers
George
 
If I've understood your suggestion, I'd be better off making the primary and secondary WAN DNS servers for router 2b 1.1.1.1 and 9.9.9.9, respectively?
Correct.

Or don't worry about it, if it works it's good enough for me! :)
To be honest these different DNS settings are nit picking. Just go with the settings above and you'll be good.
 
Great stuff.

And just to check... Would I also need to change the primary and secondary DNS servers in the DHCP settings to mirror those in the WAN settings? I.e. 1.1.1.1 and 9.9.9.9?

Or are the WAN DNS settings the only ones that matter?
 
And just to check... Would I also need to change the primary and secondary DNS servers in the DHCP settings to mirror those in the WAN settings? I.e. 1.1.1.1 and 9.9.9.9?
I have not been able to find any useful documentation for the Totolink router so I don't know what DHCP settings you're looking at. But generally speaking you would not change any settings there and just let the DHCP clients pick up the router (2b) as their DNS server.
 
Last edited:
All working well so far. Thanks everyone!

Quick question. I've turned off the firewalls on all routers except router 1 (the Totolink router connected to the internet).

Reason being I was worried the firewalls might start conflicting with each other on the internal network. Wondered if this was the right thing to do? Or if it even matters?

Routers as follows:

Router 1: Totolink A3002RU-V2 AC1200
Router 2a: TP-Link Archer AX20 AX1800
Router 2b: Huawei B315s-22
Router 3a: TP-LINK Archer C6
 
Don't ever turn off firewalls unless you have a specific reason to do so. Do you, is something not working with them enabled?

As routers 2a and 3a are configured as access points rather than routers their firewall settings are not relevant anyway in that mode.

Router 2b is your untrusted network so you definitely want that firewall left on.
 
Don't ever turn off firewalls unless you have a specific reason to do so. Do you, is something not working with them enabled?

As routers 2a and 3a are configured as access points rather than routers their firewall settings are not relevant anyway in that mode.

Router 2b is your untrusted network so you definitely want that firewall left on.
Whoops! Let me just go and turn those back on then.

I mainly turned them off because 2b (untrusted network) was running slow. I could only get about 4Mbps download speed over WiFi , but upload speed was normal (around 30 Mb). Only seemed to affect WiFi; if I connected to the router with ethernet everything was fine. Naively turned the firewalls off (except router 1) wondering if there was a conflict causing it to run slow.

Didn't make any difference at the time but eventually wifi download speed on router 2b went back to normal by itself after a few days (around 40 Mbps). Still no idea what was wrong.

Was just going to leave the firewalls off anyway because I figured the internet firewall is handled by router 1 anyway so surely not needed. Obviously that was wrong!
 
The problem with firewalls on home routers is that often they aren't "just firewalls". So while you might not need the security of the firewall, disabling them can sometimes alter other functions of the router. So it's simpler to just leave the firewall enabled unless you find you need to change it.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top