Community discussions

MikroTik App
 
EMSergio
newbie
Topic Author
Posts: 30
Joined: Thu Sep 03, 2015 11:09 am

Coexistence of two networks at home

Fri Apr 07, 2017 2:37 am

Hi there!

I would like to receive some feedback from you, as I am a little newbie here when it comes to networks.
I would like to have in my house a different WiFi to serve as a Guest's WiFi. So when anyone connects to it, they can't see my private LAN. I'm doing all this as a practice, as I want to know a little bit more by myself, discovering the power behind MikroTik! :-)

There is a little complexity added. I have two MikroTik's at home, giving the same WiFi, so I can roam between the two. Let's say it is called Guests_WiFi. I've already configured it on different frequencies and it's working great. I would like to make it so they can see each other devices in the LAN, but not my private LAN, because I have some services that I don't want others to know.

My private LAN is in the network of 10.0.0.0/24
I am thinking of giving 192.168.1.0/24 to guests, and try to route.

I've given addresses to both mikrotik, so both have 2 IP addresses. One in the private LAN range, and another in the guests' LAN range.
I've also configured the pools and the dhcp-server, so one of the mikrotiks now it's giving addresses in the range 192.168.1.0/24 and I can see other devices connected!
But I've got no Internet. And I don't know why. It must be something happening in the routes.

Maybe the problem is in my ISP's router. It is only configured as 10.0.0.1. But I don't know if is there any way to make the mikrotik redirect the packet to the ISP's router.

This is the schema of my network is attached to this post.

Thank you very much!
You do not have the required permissions to view the files attached to this post.
 
jarda
Forum Guru
Forum Guru
Posts: 7603
Joined: Mon Oct 22, 2012 4:46 pm

Re: Coexistence of two networks at home

Fri Apr 07, 2017 3:30 am

Get rid of isp router and use one of the mikrotiks instead to get the full control. For multiple WiFi networks use virtual ap function and for splitting the lans use different vlan assigned to each ssid.
 
User avatar
MTeeker
Frequent Visitor
Frequent Visitor
Posts: 92
Joined: Tue Jun 14, 2011 2:42 pm
Location: Australia

Re: Coexistence of two networks at home

Fri Apr 07, 2017 4:30 am

Your scheme of having three devices functioning like routers (based on your drawing) in a network is kinda, using a metaphor, having three traffic cops doing the traffic directing at the same junction. More confusion is likely to be the case as car drivers do not know which cop to listen to when approaching the junction.
If you are not required to use the ISP-supplied as router, get rid of it, like Jarda said.

If it operates in modem/router mode, put it in bridge mode. In this configuration, the ISP-supplied device only functions as a modem and the traffic cop's role is passed on to your router.

For Guest wifi, create a virtual wifi with a different SSID, different VLAN and different password for your guests to access the Net using this virtual wifi.
Next, using a firewall rule to block guest VLAN from accessing the rest of your home network.

Good luck.
 
EMSergio
newbie
Topic Author
Posts: 30
Joined: Thu Sep 03, 2015 11:09 am

Re: Coexistence of two networks at home

Fri Apr 07, 2017 10:37 pm

Thank you very much!

I will start bridging my ISP's router, because the type of fiber it uses is different from the one of MikroTik. Only one question: If I run into problems, would still I have access to the ISPs router somehow? Or do I have to reset it?

I live in Spain, and now I'm with an ISP called Movistar, and its modem/router (which is called HGU, but the manufacturer is Askey) has like 3 VLANs internally configured: One for Internet, VoIP and another for TV streaming. When on bridge mode, it will only affect Internet VLAN, although I've read you don't have to configure that VLAN in the MikroTIk. I think that I would only have to put the PPPoE in the MIkroTik and then creating the NAT with masquerade.. Isn't it?

Then, I will create the VLANs (I think) for both SSID. Must I configure everything inside my private LAN as VLAN1 (for example) and another VLAN2 (for example) for the Guests_WiFi? If so, how would I begin creating it? Adding an interface and assigning it to interface wlan1? I think I would need some guidance on this point..

Thank you very much. I highly appreciate all your help!
 
EMSergio
newbie
Topic Author
Posts: 30
Joined: Thu Sep 03, 2015 11:09 am

Re: Coexistence of two networks at home

Fri Apr 07, 2017 11:16 pm

I just found out someone who did what I want to do: viewtopic.php?t=118119

Appart from my doubts in VLANs... Any recommendations in firewalling?
How do I connect to my ISP's router if something wrong happens?
Do I need DNS cache?

Thank you!
 
idlemind
Forum Guru
Forum Guru
Posts: 1147
Joined: Fri Mar 24, 2017 11:15 pm
Location: USA

Re: Coexistence of two networks at home

Fri Apr 07, 2017 11:45 pm

Appart from my doubts in VLANs...
What are your doubts? Worried about VLAN hopping? If so, the risk is extremely negligible and you are far more likely to fall victim to any number of other attacks. The 2 most common VLAN hop attacks rely on you configuring your device incorrectly.

If it is simply familiarity with the technology of VLANs that you are doubtful of then well let's get you some resources to read!
 
EMSergio
newbie
Topic Author
Posts: 30
Joined: Thu Sep 03, 2015 11:09 am

Re: Coexistence of two networks at home

Sat Apr 08, 2017 2:15 am

Finally it's working! But I had to let the HGU broadcast WiFi from the 2.4GHz band to connect with the smartphone to configure it, because now I lost access and I don't know how to get access from private network.

Thank you, idlemind. I didn't even know the existence of VLAN Hopping. very interesting when I read about it. I simply need to familiarize with VLANs, but I don't find a good tutorial... I've read some tutorials about VLANs and implementations on real life but maybe I didn't get the right point... I need to do it by myself I think, but I have no one here to teach me phisically. So, that's why I want also to make this thing work in my house. What can you recommend me?

Thank you!
 
EMSergio
newbie
Topic Author
Posts: 30
Joined: Thu Sep 03, 2015 11:09 am

Re: Coexistence of two networks at home

Sat Apr 08, 2017 2:18 am

Now also the QNAP I have is complaining that "no UPnP router found on the network"
I enabled it on the MikroTik and set interface ether2-master as internal, and pppoe-out1 as external
 
idlemind
Forum Guru
Forum Guru
Posts: 1147
Joined: Fri Mar 24, 2017 11:15 pm
Location: USA

Re: Coexistence of two networks at home

Sat Apr 08, 2017 2:30 am

https://www.youtube.com/playlist?list=P ... S3mrSnFbRC

That series is a good foundation and it's free. You can pay to download a copy of the videos. I did it as a way to support the guy. VLANs come a ways into the course but I recommend burning through the whole series. It never hurts to brush up on the basics.

I know it's a Cisco course but pretty much everything at this level translates over into MikroTik. Sure the commands might be a bit different but the standards and protocols are all the same. Knowing the underlying information will really help you interpret what the MikroTik Wiki is telling you do on any number of subjects.

Now, once you've gone through that. The answer to your question has already been put in the thread. Simply have your ISP device bridge the public IP to your MikroTik. At the head-end MikroTik is where you will do all of your layer 3. You can create a VLAN for your regular network and a VLAN for your public network. You can then use Virtual AP interfaces connected to your VLAN interface or bridge on each AP to broadcast the 2 SSIDs.

Below is a Visio I tossed together on how you could do the VLAN component.
MikroTik Forums VLANs and Guest WiFi.png
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: Bing [Bot], sutrus and 76 guests