- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Best Option with equipment in hand to build a network that isolates the iOT devices. RBR50
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Best Option with equipment in hand to build a network that isolates the iOT devices. RBR50
My setup is working well but it is not secure enough to support using it for a home business. My existing equipment is the RBK 53 setup in AP mode hooked to a Pace 5286 AC Router/Modem that brings in ATT Uverse. I have a wired network in the home with an unmanaged gigabit switch which is currently being used to provide a wired backhaul for the satellites.
The plan that I have come up with may require only one new device... another Orbi router. In short I use the Orbi and statellies I have to create a wireless network for my iOT devices using wireless backhaul. A second Orbi router hooked to my gigabit switch is used to create a second network of mostly or possibly only wired connections. The attached file shows a diagram. This set up is not as elegant as some suggestions I have gotten that involve managed switches, vlans, multi-leg devices... none of which I have in hand and none that I have any experience with.
I would like input on whether this setup shown on my diagram is workable and if so where I might find information on the settings I would need to get it going. In particular setting up the top level network made up of the 5286 AC Pace modem/router. I recognise I might need to take that part of my questions over to the ATT forums.
Questions
What are the settings needed on the 5286 AC?
What are the settings needed on the Orbi Router (iOT)?
What are the settings needed on the Orbi Router (business)?
Is there a better option than an Orbi Router for the business network?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Best Option with equipment in hand to build a network that isolates the iOT devices. RBR50
You may run into NAT problems in that configuration:
https://kb.netgear.com/30186/What-is-Double-NAT
http://computer.howstuffworks.com/nat.htm
http://www.practicallynetworked.com/networking/fixing_double_nat.htm
http://www.dslreports.com/shownews/Networking-101-The-DMZ-137550
Also having that many wifi sources running near by may make wireless surroundings noise and be problematic sometimes. If you can keep channesl far appart between two systems, this can work. I.e Orbi system 1 would need to be on channel 1 on 2.4Ghz and 36 on 5ghz. Orbi system #2 would need to be on channel 11 on 2.4ghz and 48 on 5Ghz.
Placement will be key as well. 30 feet is recommended in between RBR and RBS to begin with depending upon building materials when wirelessly connected.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Best Option with equipment in hand to build a network that isolates the iOT devices. RBR50
I was aware of NAT behind NAT issues for some setups but had gotten steered in this direction by a post that you can see at this link DSLReports . The thing that was different in this NAT behind NAT from what I have seen before is that there are 3 networks.
The first network is created by the modem/router 192.168.1.xx
to which each Orbi 1 occupies 192.168.1.100 and Orbi 2 occupies 192.168.1.101. Nothing else connects to 192.168.1.xx.
Orbi 1 is connected to the modem/router with cable to it's WAN port... same with Orbi 2. The Orbi 1 in turn creates a new network with the range of 192.168.2.xx and the Orbi 2 creates 192.168.3.xx. There is no overlap of IP addresses being issued by the routers... three totally separate networks.
The post that recommends this setup is widely referenced in the forum and no challenge to the NAT behind NAT approach is mentioned at DSLReports. That does not make it right but it looked credible enough for me to give the idea more consideration. I may head back over there and ask for a little more detail on how the setup avoids the NAT behind NAT issue.
Interference issues with the setup are helped by:
1). Orbi sats are much more than 30' from each other and more than 30' from the Orbi routers. The sats are not on the same floors of the building with the routers which would be located in the attic.
2). The two Orbi bases (routers) potentially are close to each other and close to the Pace modem router. The plan here would be that the Pace modem/router would have wifi turned off and the connection to the Orbi routers would be cat 6.
3). My diagram shows setting one Orbi router to Chan 1 and the other Orbi router to Chan 11. Thank you for adding in the 2.4 GH channel suggestions 36 and 48. If a problem showed up due to proximity of the two Orbi routers the plan will be to simply turn off the wifi on the second Orbi. A wifi connecton on the business network is nice but not necessary. In this setup, I could probably save some money and just use a router that has no wifi.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Best Option with equipment in hand to build a network that isolates the iOT devices. RBR50
Whoops! A closer look at the last page of the DSLReports article does get into issues with the setup.
"... the tradeoff in this setup is the difficulty in handling Internet services where requests originate from machines someplace else on the internet. Allowing inbound traffic means opening holes in two firewalls."
I am not at all sure if we need requests coming from outside our LAN. I am not webserving or gaming. What needs this?
I am starting to think I need ATT to add a second line to the house and just have two entirely separate setups. It sure seems like there is a problem here in need of a solution which does not look like subscription to a security service based in Romania or Russia or the Ukraine.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Best Option with equipment in hand to build a network that isolates the iOT devices. RBR50
The NAT problem would be with both Orbi routers behind the ISP modem/router. There is NAT on the modem and NAT on each of the Orbi routers. 1 router you can help avoid NAT issues by using the modems DMZ for 1 of the Orbi routers. Unfortunately DMZ only allows for 1 device to be connected in the DMZ.
I would keep the base Orbi's far appart from each other as possible. I would recommend 20 feet or more if possible. You can have longer running LAN cables from the modem out to each Orbi base router.
Another option to help avoid double NAT on one of the systems, Say Orbi system 1, Use that system in AP mode. Then use the Modems router as the main router for that wifi system. Then Orbi system 2, use in router mode and put that in the modems DMZ. Just a suggestion.
• Introducing NETGEAR WiFi 7 Orbi 770 Series and Nighthawk RS300
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more