I would like to prevent devices PC4, PC5, Smart1…(LAN2) from accessing devices PC1, PC2, PC3…(LAN1). I can not set VLAN on the ISP provided router(These settings are not accessible). I also can not put the router into a bridge mode and replace it with my own router. Considering these limitations, can I use the Wireless wire Cube 60G Kit to achieve LAN separation? Or is there any better way to do it?
I made a schema of my setup. The Wireless Wire Cube 60Ghz Kit is in default settings linking (300m distance) LAN1 devices to Router R1.
As you can see, I am a beginner so any help is appreciated. Thanks.
You can put another router like hex refresh between ISP router and first 60HZ device.
I read, that in case of another router, there can be problems with “double NAT” and that some services may not work (like Xbox, Skype and stuff…). I don’t know how severe the double NAT problems actually are, but if I could avoid it, that would be the best.
Multiple NAT tends not to be problematic these days, certainly Skype and other video calling / VoIP services are fine. Various gaming protocols are problematic with any sort of NAT, not much you can do about it.
The CPU in the Cube is reasonably powerful so using one of the pair to provide router functionality rather than having an additional router would work. A firewall rule only permitting traffic via the ISP gateway address would prevent the LAN1 devices accessing the LAN2 devices.
If you wish to avoid double NAT it would require a Mikrotik set up as a switch with port isolation or bridge horizon, devices would be on the same subnet but unable to communicate with each other. You would have to connect all of the LAN2 devices via this switch, there wouldn’t be any way to isolate LAN1 devices accessing anything connected to the ISP router WiFi.
The thing is, that if I add a switch to LAN2 place, then the switch could easily be bypassed by just connecting straight to the router. I will not be able to physically prevent that as I will not have easy access to the place. I will manage the system from LAN1 place, where I could add devices if necessary. The devices on LAN1 should be protected from devices on LAN2.
The firewall idea is interesting, I also thought about that. Are there any potential issues with that solution?
Why is double NAT spoken about as if it were a zombie about to eat your brains? It is a routine configuration where needed, gaming aside.
I don’t know, but that’s exactly why I am scared. The gaming issues would be a major problem, though.
Proper gaming sites will work just fine such as Steam. If you were running your own gaming site, then yes it would be problematic, but doing so is foolish as it just invites hacking and eventually getting shut down by your ISP. There is a reason why such gaming sites are mainstream and large entitities.