cancel
Showing results for 
would you rather see results for 
Did you mean: 
Need help?

How do I set up wired-only isolated guest access?

Reply
5 REPLIES 5
Elinor__
Chatterbox

Hi all!

 

I posted this yesterday in the Broadband section, but after exploring the forums more, perhaps it belongs here instead!

 

I have searched on the forum and found useful information about setting up a guest wireless access point, but I need a wired guest access point, but isolated.

 

Current set-up: Huawei HG523a router and one home laptop (dual-boot Windows and Ubuntu), wireless access originally set up with the out-of-the-box instructions from TalkTalk.  (I can see the LAN1 and LAN2 sockets on the back of the router but I've never used them.)

 

New situation: I want to be able to connect a guest laptop to permit internet access only, using a wired connection only for the guest, and with the home laptop and the guest laptop isolated from each other, so neither can see the other.

 

I've been looking round on the internet and it looks like I'll need to get a second router.  This post from 2014 which is about a similar issue, says "Alternatively you can pick up another HG533 and give it a different IP address and DHCP pool and connect the WAN port to a LAN connection off your main HG533 and connect your guest/xbmc to this router. This effectively segments your guest/xbmc from the main network."

 

Would that be sufficient for my situation?  Or should I be getting a better router and setting up a VLAN?

KeithFrench
Community Star

Yes a second router might help, that would then be on a different IP network. However, because these are routers their primary function is to route IP packets between different IP networks. So your PC & the guest would still not be isolated one bit.

 

You would need to explore Access Lists or Access Control Lists (ACLs) depending on the router manufacturer. This area is not always well implemented and may or not function as you want.  If for example, your PC was 192.168.1.10 and the guest 192.168.2.10, you would need to set this up like this (the first address is the source & the second the destination:-

 

192.168.1.0   192.168.2.0   Deny

192.168.1.0    0.0.0.0          Allow

 

192.168.2.0   192.168.1.0   Deny

192.168.2.0    0.0.0.0          Allow

 

0.0.0.0 just means any IP address.

 

The HG523a does support ACLs to some degree, but I haven't had one for some time & therefore am unable to test it. You will find them from router login at:-

 

Advanced > Advanced > Firewall > ACLacl.png

The HG533 has a very similar set of options.

 

Keith
I am not employed by TalkTalk, I'm just a customer. If my post has fixed the issue, please mark it as the Best Answer.
OCE's and Community Stars - Who are they? 

Elinor__
Chatterbox

Hi Keith

 

Thank you, that's super-useful information!  I only own the Huawei 523a, so I will need to buy another router anyway.  Do you have any recommendations? Would the currently-available TalkTalk Super Router be a good choice? Is there a list of TalkTalk compatible routers anywhere?

 

KeithFrench
Community Star

No, the new Wi-Fi hub does not have those options. To be quite honest I haven't seen anything in any consumer routers that I have looked at, but that does not mean some others do not support it. You can certainly do it on Cisco Systems commercial routers, but that would not be financially viable.

Keith
I am not employed by TalkTalk, I'm just a customer. If my post has fixed the issue, please mark it as the Best Answer.
OCE's and Community Stars - Who are they? 

Elinor__
Chatterbox

Hm. The Netgear D7000 has Access Control lists mentioned in its manual.  Maybe that could work?

KeithFrench
Community Star

Yes that is what you would be looking for, but it would depend on how flexible iris. Maybe you could pose the question on any support forum Netgear ha?

Keith
I am not employed by TalkTalk, I'm just a customer. If my post has fixed the issue, please mark it as the Best Answer.
OCE's and Community Stars - Who are they?