NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

stevefxp's avatar
stevefxp
Apprentice
Nov 28, 2019

Separate Subnets for Wifi

Is there a way to subnet the main WiFi network from the guest WiFi network? I would like to do this since I can then shape the traffic in/out to the guest WiFi, to provide general access for web brow...
stevefxp's avatar
stevefxp
Apprentice
Nov 28, 2019

So my RBR50 is in AP mode and just servicing WiFi only. As to the awkward conversations....too freaking bad. I am a technology/security specialist and the security of my home network is paramount over anything else. In fact I have a dual firewall setup, with the first firewall as my active FW(OPNsense on a DIY device). Behind it is my DMZ and then a second firewall that sits in transparent mode. The OPNsense firewall runs Suricata IDS/IPS. I run all logs and data to my Elasticsearch stack, that lets me visualize the data, so I can understand who is attacking me.

 

Yes its alot of work...but worth it!

CrimpOn's avatar
CrimpOn
Guru - Experienced User
Nov 28, 2019

Sounds like separating "permanent devices" and "transient devices" into separate subnets would work.  To get on the network, a person has to enter a valid WiFi password.  DHCP will give all the permanent devices an IP in one subnet and all of the unassigned devices an IP in a different subnet (no matter which WiFi group they log into, primary or guest). Maybe a sneaky person could connect to the Guest WiFi and then set up a static IP into the permanent subnet.  Would not work with the new AX product (I guess).

 

Depending on what capabilities the router has, the different subnets could have differences in addition to QoS, such as different DNS entries (a Brutal Pi-Hole for Guests, for example).

  • stevefxp's avatar
    stevefxp
    Apprentice
    Nov 28, 2019
    Exactly!!! So the question is can the Orbi use separate subnets for guest va perm? If yes how would I do it?
    • CrimpOn's avatar
      CrimpOn
      Guru - Experienced User
      Nov 28, 2019

      If the Orbi was acting as a router, then my original concept would work:

      • Change the subnet mask from 255.255.255.0 to 255.2555.254.0
      • Use the LAN setup table to assign IP's in one subnet to all of the permanent devices,
        for example 192.168.1.x.  When they boot up, they get IP's in this subnet through DHCP.
      • Define the DHCP range to be 192.168.2.x (whatever portion you want, such as 1-100, 50-60, whatever).
        When unassigned devices connect, they will get an IP in subnet 192.168.2.x through DHCP

      Since the Orbi is an Access Point (AP) and is not providing DHCP, then the router that is providing DHCP would have to do something similar.  If it's a Netgear router, there is probably a similar mechanism for defining (a) device IP's and (b) the DHCP range.