Sharing a single internet connection among two routers?

[Chippy]

Hi,

I've got an Airport Extreme that provides Internet connectivity to my entire house. So, I've started a small Home business which consists of employees using my wifi too but I'm not too fond of them being on the same network.

I'd like to attach an Airport Time capsule to the network so that it could share pull internet from the Airport extreme and provide wifi to my employees. I want both the networks to be separate, i.e. computers on either network shouldn't be able to see computers on the other network.

Can someone please help me out with examples?

Thanks a lot!

 

[System Error Message]

You dont use 2 routers, you use 1 router with segmentation.

Essentially it is like this, 1 router supports vlans and has multiple LANs defined. Switch uses vlans too and AP uses guest network (or multiple SSIDs) with vlans.

When you segment your network you cant share things between them like printers and NAS.

In order to prevent people from messing about you use hotspot/radius to implement user segmentation. So users will only know their own login to the network which can be defined for which segment so they cant login and use the network on the wrong segment.

 

[CaptainSTX]

By double NATing two routers you can accomplish what you want.

Put your business network on router 1 connect it with a cable running from a LAN port to the WAN port of router 2. Reversing the home business will not be as secure

Disable remote access/ access over the internet to router 2 and you will have your home and business networks separated.

I have run in a double NAT setup and the hit on performance is minimal. If you need port forwarding then a double NAT setup may not work. You also will not be able to setup a VPN server on router 2 or other advanced setups.

If you want to accomplish what you are talking about, the elegant way get a router that will let you set up VLANs. Other posters on this site can help you accomplish this.

 

[sfx2000]

There's a lot of different ways to do what OP is asking for...

One approach would be to break out things as VLAN's, separating the broadcast domains - so one has the home LAN and one has the work LAN.

Airports facilitate "Guest" networks in this fashion - VLAN1003 is what they use as the "Guest" network, so it can be used separate from the primary LAN, and no resources cross the streams there.

Knowing that it's VLAN1003 - for shared resources link printers, one can use a managed switch and bind a printer across both VLAN's - and some printers do support this functionality (check with the vendor, but most HP business oriented printers can do this).

Nice thing about Airports - once knowing the "guest" SSID is VLAN1003, this is also supported across multiple Airports, and again, with a managed switch, wired devices can also be part of that VLAN.

There's a lot of nifty stuff inside those Apple devices that Apple doesn't really expose or discuss, but it's there, and it works quite nicely - some of those benefits are basically due to the NetBSD based board support package... and much of this functionality goes all the way down into the Airport Express devices - which is interesting, because one will look hard to try and find a $100 AP that support SSID to VLAN binding, as this is normally the domain of enterprise class AP's costing much more...

 

[Samir]

So a super simple and bulletproof way to accomplish this (that surprisingly no one has mentioned) is to just get another IP address from your ISP if they don't already provide one. You connect a switch in between your ISPs equipment (if it doesn't already have a built-in switch) and connect both routers to it. Each router gets its own IP address and serves its own network--complete network separation without complicated vlans or any other configuration.

 

[sfx2000]

So a super simple and bulletproof way to accomplish this (that surprisingly no one has mentioned) is to just get another IP address from your ISP if they don't already provide one. You connect a switch in between your ISPs equipment (if it doesn't already have a built-in switch) and connect both routers to it. Each router gets its own IP address and serves its own network--complete network separation without complicated vlans or any other configuration.

This is probably the best approach - either get a second IP from the ISP (some will do this, some won't) or get another broadband connection (and account) for the business - this way you don't run the risk of crossing the streams (personal and business), and you have accounting backup for the second broadband account for tax purposes.

 

[Samir]

This is probably the best approach - either get a second IP from the ISP (some will do this, some won't) or get another broadband connection (and account) for the business - this way you don't run the risk of crossing the streams (personal and business), and you have accounting backup for the second broadband account for tax purposes.

And if the ISP won't give a second IP, you can just use another router connected to the ISP connection to give two IPs to the two routers for the home/work networks.

 

[sfx2000]

And if the ISP won't give a second IP, you can just use another router connected to the ISP connection to give two IPs to the two routers for the home/work networks.

Huh - there's a contradiction to your statement - if the ISP won't grant an additional AP, then the second half of that statement doesn't happen..

One approach I've seen, esp. with folks that work from home doing things like medical billing at the like, is setting up the second ISP connection - e.g. if the primary is Cable, then set up a DSL connection with it's own Router/AP just for the business work... which goes back to my comment above about crossing the streams between personal and business, along with the tax breaks on the second connection.

 

[Samir]

Huh - there's a contradiction to your statement - if the ISP won't grant an additional AP, then the second half of that statement doesn't happen..

One approach I've seen, esp. with folks that work from home doing things like medical billing at the like, is setting up the second ISP connection - e.g. if the primary is Cable, then set up a DSL connection with it's own Router/AP just for the business work... which goes back to my comment above about crossing the streams between personal and business, along with the tax breaks on the second connection.

I think you misunderstood.

What I was talking about was using a third router to just basically be a NAT and DHCP server to the other two routers. By doing this, you now have two IPs, one for each network, without any additional IPs from the ISP.

This would still give you complete separate just like having two ISP connections--just without two bills.

 

[TonyH]

And if the ISP won't give a second IP, you can just use another router connected to the ISP connection to give two IPs to the two routers for the home/work networks.

Having two IP from a same ISP won't provide redundancy in case the ISP goes down.

 

[sfx2000]

I think you misunderstood.

What I was talking about was using a third router to just basically be a NAT and DHCP server to the other two routers. By doing this, you now have two IPs, one for each network, without any additional IPs from the ISP.

This would still give you complete separate just like having two ISP connections--just without two bills.

OP is running two networks in his house - one personal, one business - better to have two separate bills for accounting purposes.

(I did an 18 month stint as an independent consultant, and trust me, it's better to keep things separate from an accounting perspective)

 

[Samir]

OP is running two networks in his house - one personal, one business - better to have two separate bills for accounting purposes.

(I did an 18 month stint as an independent consultant, and trust me, it's better to keep things separate from an accounting perspective)

I actually handle accounting for about 20 companies, many with mixed interests like this.

And while I agree with you that from an accounting perspective two bills are better, from a cashflow perspective, a smaller bill is better.

Every solution depends on the requirements. I think the OP's requirements was to just get both networks online with the single ISP and with the type of separation that he wants. Luckily, there's several approaches to this, all with various pros and cons. If there's any additional requirements or a 'wish list', that would definitely help narrow down the available solutions.

 

[Samir]

Having two IP from a same ISP won't provide redundancy in case the ISP goes down.

True, but I didn't see where redundancy was part of the OP's requirements?

 

[sfx2000]

And while I agree with you that from an accounting perspective two bills are better, from a cashflow perspective, a smaller bill is better.

Actually it makes total sense from a business perspective as far as cash-flow, it's part of the cost of doing business, and again, keeps things contained within the business.

My wife is a retired CPA, so when we set up the consultancy, we did it the right way - establishing the company, bank accounts, and books... so we always kept things separate - makes accounting easier, and it removes liability if this business runs into trouble (we didn't) - imagine being a small home-based business and getting sued for something - discovery will require all info - and if one mixes the network, well, that's a problem, eh?

One of the big problems with folks starting up something out of the home - commingling of accounts - which makes things a terrible mess - new folks run into this problem, usually one time... either at end of year, or the first tax audit...

Two sets of books - that way one doesn't have to pro-rate out the split - and from an accounting perspective, most accountants don't like this when they have to certify end-of-year reports (esp. for S and C corps, and LLC can be problematic as well - sole proprietor, maybe, but they're always at risk, and no small business should operate like that).

When I was consulting - dedicated computers, dedicated network, and I dedicated one of the rooms in my house solely for the business - end of day, the door was closed - not just for sanity purposes, but for legal and financial purposes...

OP wants to share a network, and network resources across the personal and business - and this is the crux of my argument - just don't...

Buy another printer, get another connection - make sure to keep good accounting info - whether by hand or a tool like QuickBook or an online solution - a business is a standalone entity on to itself..

Don't cross the streams...

 

[Samir]

Actually it makes total sense from a business perspective as far as cash-flow, it's part of the cost of doing business, and again, keeps things contained within the business.

My wife is a retired CPA, so when we set up the consultancy, we did it the right way - establishing the company, bank accounts, and books... so we always kept things separate - makes accounting easier, and it removes liability if this business runs into trouble (we didn't) - imagine being a small home-based business and getting sued for something - discovery will require all info - and if one mixes the network, well, that's a problem, eh?

One of the big problems with folks starting up something out of the home - commingling of accounts - which makes things a terrible mess - new folks run into this problem, usually one time... either at end of year, or the first tax audit...

Two sets of books - that way one doesn't have to pro-rate out the split - and from an accounting perspective, most accountants don't like this when they have to certify end-of-year reports (esp. for S and C corps, and LLC can be problematic as well - sole proprietor, maybe, but they're always at risk, and no small business should operate like that).

When I was consulting - dedicated computers, dedicated network, and I dedicated one of the rooms in my house solely for the business - end of day, the door was closed - not just for sanity purposes, but for legal and financial purposes...

OP wants to share a network, and network resources across the personal and business - and this is the crux of my argument - just don't...

Buy another printer, get another connection - make sure to keep good accounting info - whether by hand or a tool like QuickBook or an online solution - a business is a standalone entity on to itself..

Don't cross the streams...

I hear what you're saying, and in an ideal world, everyone can do this.

But the reality is that most businesses start as sole proprietors and people invest their personal assets as well as some cash as their initial capital. Even in cases where people do create a single member LLC, the IRS still disregards it so you're back to being treated like a sole proprietor. But as long as you account for everything along the way, the accounting stays pretty straight.

The entries are a little more complicated and may be scrutinized a little more strongly during an audit, but just error in the favor of the IRS and you'll be fine. For example, in the OP's case if the ISP charges for an extra IP, I'd only expense the extra IP on the business and keep the rest of the connection as a personal expense. Even though the business is actually using it and it should technically be expensed, during an audit it would be determined that maybe not enough was expensed vs too much.