How to separate open wifi from wired network.
October 9, 2009 5:37 AM   Subscribe

How can I offer guests in my home or business wifi that is separate from my home or business network?

I'd like to be able to easily offer guests in my home or business free, unsecured wireless access, but at the same time not allow them access to my other wired or secured wireless network.

How would I do that?

Thank you!
posted by Jackie_Treehorn to Computers & Internet (13 answers total) 2 users marked this as a favorite
Best answer: The simplest way to do this is to have two routers, and connect them in the following manner:

Internet ----- "Public" access router ----- "Private" router

Guests connect to the public access router. They can get out to the Internet from there, but they can't get farther in to your network past the private router. You connect all your stuff to the private router, and you can get out to the Internet from there via the public router.

Either or both routers can have a wireless access point built in, and of course you secure the wireless access on the private router so only you can use that.
posted by FishBike at 5:41 AM on October 9, 2009

You could check out Fon. Plus you'd have the benefit of using other Fon-spots around the world.
posted by malaprohibita at 5:53 AM on October 9, 2009

I use an Apple Airport Extreme, which can have two separate WiFi networks from one device, with different passwords.
posted by baggers at 6:16 AM on October 9, 2009

My old router (Siemens Speedstream 2624) allows you to specify WiFi access by MAC id such that the machine may connect to the LAN or the Internet or both; and you can make the default (machines OTHER than the following MACs) any of those options. These routers come up on surplus sites from time to time. They didn't do well in reviews, but I'm delighted with mine.
posted by jet_silver at 6:46 AM on October 9, 2009

Airport Extremes come with this built-in. It's very nice.
posted by Setec Astronomy at 8:23 AM on October 9, 2009 [1 favorite]

Nthing baggers - more modern wireless routers will come with "dual-band" technology that will allow you two separate networks, that allow you a secure connection and a guest connection. I know Apple has them in various products, as does Cisco, others might be coming out with it too. Very simple when it's built right into the device.
posted by GJSchaller at 8:24 AM on October 9, 2009

I agree with the suggestions of purchasing a router which allows for creation of multiple networks.

A few people have mentioned Airport Extreme. The Airport Extreme is pretty slick and setup is easy, but, as an FYI, there are much cheaper options our there that do the same thing.

Full Disclosure: I use an Airport Extreme to do just what you're asking.
posted by ASM at 10:14 AM on October 9, 2009

Belkin routers do this, just like the Airport Extreme but cheaper. It's even cleverly called "hotel guest view" (or something like that)
posted by randomstriker at 11:08 AM on October 9, 2009

Response by poster: FishBike -

I like this solution as I do happen to have two wireless routers. One is just sitting around. Do you see any problem with just simply attaching the public router to the existing private (wan port of public to lan port of private) router? Basically it is the reverse of what you are suggesting. I'm only asking for the sake of simplicity considering my current set up.
posted by Jackie_Treehorn at 11:33 AM on October 9, 2009

Do you see any problem with just simply attaching the public router to the existing private (wan port of public to lan port of private) router?

If you hook them up that way around, people connected to the public network will be allowed to connect to things on the private network.

It might help to imagine the routers as one-way valves that allow connections from "inside" (LAN ports/wireless) to "outside" (WAN port) and block connections in the opposite direction. So you want the Internet to be on the outside of everything, and the private network to be on the inside of everything. The public network is in the middle, so you can connect out to the Internet from it, but not farther in to the private network.

If your existing router gets its WAN configuration automatically from your ISP (via DHCP) then it shouldn't care if it finds itself suddenly plugged into another router rather than directly into your Internet connection. Just make sure that the "public" router is configured with a different LAN IP address range than the "private router".

Meaning, if your existing router that you are using assigns addresses like 192.168.1.x then make sure your spare one is set up to assign 192.168.2.x. Plug in the spare router to your Internet connection, and your existing router to the spare one. The spare router is now the "public" one, and your existing one remains "private". You shouldn't have to change anything on the equipment that's connected to the existing router.

Once you've done that, you can set up the wireless security settings you want on each router, and also lock down the admin passwords on both routers (since you don't want people on the public network messing with your router configurations).

The suggestions from others to get a router that includes this functionality in one box probably is a simpler solution. I thought the 2-router method was simpler because it doesn't require changing anything with your existing network, just inserting another router between it and the Internet, using only functionality present in all small routers. I admit this may be a warped definition of 'simple'.
posted by FishBike at 11:59 AM on October 9, 2009

I do this at home. I use two routers and one of them is a Linksys WRT54GL. I've flashed it with COOVA firmware. I use the internal hotspot feature and have basically a public hotspot in my house that requires a user name and password (basically family name as user name and my phone number for a password). Anybody visiting gets the sign in page when they connect to the open wireless signal and they just ask me or someone in my family for the user name and password. Access to the LAN is turned off in the firmware so they can only access the internet. I can control who has access to the router since they have to enter a user name and password to get past the login page so I don't have to worry about my neighbor sucking bandwidth, but I don't have to worry about encryption standards, etc.

The other access point is heavily encrypted and only my trusted computers connect to it and have access to the lan.
posted by rsclark at 3:41 PM on October 9, 2009

Response by poster: I hooked up the two routers as you mentioned in the first post. The only additional steps I needed to do to make this thing work for me was:

1. Reboot the modem.
2. Release/Renew WAN IP address for BOTH routers. Public one first (closest to router) then the Private one.

This will make my next party more "user friendly" for those with iphones etc. And my public router has a nice feature in the admin that will allow me to simply turn off the wireless radio when it's not needed. So I can just keep the two routers setup in my network and just enable the public hotspot when needed. Sweet.

Thanks to all for the help.
posted by Jackie_Treehorn at 2:28 PM on October 11, 2009

Response by poster: RSCLARK,

Thanks for mentioning COOVA firmware. Looks very interesting. I'll be experimenting with that in the future!
posted by Jackie_Treehorn at 2:30 PM on October 11, 2009

« Older Sore rearend.   |   how to draw complex spirals Newer »
This thread is closed to new comments.