I am trying to configure a router as a secondary WiFi access point, that provides internet access but prevents access to the local network.
The router supports both, but I cannot get it to work.
My setup is as follows:
- primary Router + Modem issued by my provider, located in the cellar (WiFi capable, but no reception outside the cellar)
- various PCs connected by LAN cable to the primary router
- secondary router (NetGear WGR614v10) connected by LAN cable to the primary router. The NetGear router should serve as a wireless access point, but wireless clients should not see the machines on the local network. To this end, the NetGear router supports "guest mode", which does exactly this: it lets WiFi clients access the internet but not other local machines.
I tried various configurations:
- NetGear connected through WAN port to the local network.
Internet works this way, but wifi machines can access other local machines.
This is logical: the local network are on the WAN side of the netgear router, so from the perspective of the router they belong to the internet, not the LAN - NetGear connected through LAN port. DHCP disabled on NetGear.
Internet works if I also allow access to the local network, but does not work with guest mode.
This is logical: the gateway to the internet has a local address, and wifi clients are not allowed to access local addresses. - NetGear connected trough LAN and WAN ports.
Does not work either, i guess because the DHCP server is still the primary router, so it will send the wrong route to the wifi clients. It might work if the wifi clients had fixed IP settings, but that is not an enforceable option for guests. - NetGear connected trough LAN and WAN ports, and DHCP re-enabled; using both routers as DHCP servers with non-overlapping IP ranges on the same subnet.
Does not work either, and I have no idea what is happening anymore.
Basically I mostly understand why the first two configurations do not work.
But I have no idea what the correct configuration could be, for something that seems like a basic feature of almost any modern router.
My replies to some of the questions below, since there were too many for comments:
Did you try connecting the WAN of NetGear to a LAN on the other router and then disabling DHCP on NetGear and enabling "Guest mode"?
I think if I do that there will be no DHCP server left on the Wifi network. The netGear router does not bridge DHCP requests between LAN and WAN, so guest machines would not work unless their IP is configured manually
The solution would be to reverse the routers, connect the WAN port of the NetGear to the modem, and connect the other router's WAN to a LAN on the NetGear. [...] Plug the both routers into the modem (if possible - if you don't have enough ports, but a switch in between).
Unfortunately the first router is the modem. I cannot exchange that one since it is configured by the provider.
Suggestion
You could try having one subnet with two DHCP servers, serving a different range.
I tried that, basic connectivity does work, but I am a bit concerned what would happen if new computers get connected to the network. as far as I understand, they will randomly choose one of the two DHCP servers to get a lease from. The major killer however is that as soon as I enable guest mode it stops working again.