Solved Securing a subnetwork (Two routers)

August 18, 2012 at 15:27:37
Specs: Windows XP
I have a primary (Actiontec used for wired) and a secondary (Linksys wireless) router.

I want the Linksys wireless router to be as isolated as I can from my Actiontec LAN connections.

Currently I have the Linksys router set as a WAP and on a different subnet.

I can connect to it fine and connect to the internet. I'm just wondering..How secure is this? I basically want anyone connecting from the wireless to be limited to just connecting to the internet, not connecting and seeing any other computers on the network.

More Info: Actiontec MI424WR Router (Fios) Linksys WRT54GL running DD-WRT

Currently Actiontec LAN running to Linksys WAN Linksys static IP set to 192.168.5.1 instead of 192.168.1.1 putting it on different subnet.


See More: Securing a subnetwork (Two routers)

Report •

#1
August 20, 2012 at 07:28:55
I'm just wondering..How secure is this? I basically want anyone connecting from the wireless to be limited to just connecting to the internet, not connecting and seeing any other computers on the network.

Assuming your subnet mask is 255.255.255.0 in both cases then your two subnets are indeed separate. As to whether or not computers connected to the wireless can see the wired subnet it's hard to say without examing the routing table of your wireless router.

A quick way to check is try to ping a couple of devices connected to the other subnet. To do so, all you'll need to know is their IP addresses. Go to at least two computers on your wired subnet and open a command prompt window (ie: Start >> Run >> type cmd and hit Enter) and perform the following command:

ipconfig /all

Make not of their IP addresses and then go to a wireless client, open a command prompt window and try to ping both of the addresses you made note of from the other subnet.

ex.
ping 192.168.xxx.xxx

If you get no replies, then chances are the only thing they'll be able to see is LAN side of the actiontec router (try pinging it's LAN IP) and they won't be able to get into the wired.

If however your wireless clients are seeing the wired, reverse the routers. With the wireless router connected to the internet and the wired router daisychained to it, the wireless clients will not be able to see the wired.

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***


Report •

#2
August 20, 2012 at 10:11:00
✔ Best Answer
Your present configuration is NOT secure. The wifi clients can and do have access to the wired workstations.

Four ways of accomplishing this in order of best security:

1. get two static ips from the isp. Put a small switch off the modem and connect two routers to the switch assigning their wan port the static ip. This is the most secure setup.

2. Get a wifi router that has a guest wifi network and allow only guests to connect to that network. This one router would replace the present two.

3. put a vlan switch between the first and second routers. Wired pcs are on vlan1. Linksys router is on vlan2. Both vlans exist on the lan port connecting to the first router from the switch. This isolates the guest network from the wired network.

4. reverse the present order of the routers so the guest wifi router is directly connected to the internet and the wired routers is connected to it. Since the guest network has the wifi router as gateway they can't [easily] get to the upstream router or the pcs connected to it.

Answers are only as good as the information you provide.
How to properly post a question:
Sorry no tech support via PM's


Report •
Related Solutions


Ask Question