As the title alludes, I have two devices that I would like to connect to my LAN (a TC - wired; and a phone - wireless), but I would want them to be connected to a separate subnet, so they wouldn’t communicate with the rest of my LAN.
Currently I have those two wirelessly connected via my router through a guest network, which automatically assigns them on a different subnet, but the router (provided by my ISP) is pretty crap, and the wifi networks either drop, or have bandwidth issues quite frequently. Unfortunately, due to the router not being the best, it doesn’t allow me to assign IPs for those two devices that are outside the LAN subnet.
I would like to be able to connect the TC via ethernet instead, to guarantee the best connection, and perhaps link the phone with a separate wifi network, or perhaps just use data connection, thus taking it out of the LAN completely.
To achieve this I was thinking of getting a second router (second hand perhaps), flash OpenWRT on it, and use it to connect just those two devices.
Another option I’ve heard of would be to use a managed switch which allows me to set it up to connect devices on another IP class.
Could anyone let me know what would be the best and affordable option for this purpose?
Thank you in advance!
I’m not quite sure what you mean with “IP Class”. What you seem to want is a different subnet for those two devices. The simplest way to do that is to just manually assign each one an IP in a different subnet than your router DHCP normally gives out.
If you want more isolation you would need to get a switch that supports creating VLANs.
And if you want remote access you’ll would need to set up a VPN on the phone and your router. Or do some port forwarding on the router.
My bad, I forgot to mention that the ISP provided router does not allow me to assign the devices IPs that are outside the current subnet. Edited the post for clarity. Are you aware of any routers that would allow me to do that? Preferably with OpenWRT support?
I think getting a better router to replace the crap one from my ISP might be a better move.
No need to touch the router. The IP Configuration would be done on each device.
What are you trying to do anyway by having the devices not in your normal network?
I'm not able to set the IP manually on those two devices, I don't have that option. Those two devices are what I use for work, and I would like to keep them separate from the rest of my home network.
Do you need secrecy on the communications from other devices or just don’t want it to be accessible from other devices? I’m having trouble understanding what you actually need. You could potentially use a point to point vpn like wireguard or tailscale if you need privacy, if you just want to segment the traffic, vlan or another subnet could achieve that but are somewhat complicated to set up properly. Another option could be another wireless router that only those two devices are on and its WAN is connected to the ISP’s router. But then access to other devices is not as straightforward. Some wireless routers support vlans, guest networks, etc. what about a wireless AP on the “TC”?
Both, I would like the two devices to not talk with and see anything in my personal network. I have a VLAN option on my router, but not sure if it is advanced enough for me to be able to achieve what I want. I can't set up subnets on the router panel.
Assigning different vlans for devices should enable network separation. "Stuff" from different vlans should not talk to each other.
IP classes are a very old terminology that is no longer applicable.
Everything is now IP subnets, and most things use CIDR notation.
So 192.168.0.1/24 has a subnet mask of 255.255.255.0 and a possible 255 devices (24 out of the 32 bits of the address are masked, leaving 8 bits for clients in the subnet).
https://www.techtarget.com/searchnetworking/definition/CIDRI think what you are looking for are VLANs, a router capable of VLANs, WiFi access points that support multiple WLANs (IE multiple SSIDs as different networks), and some smart switches.
https://www.computernetworkingnotes.com/ccna-study-guide/vlan-basic-concepts-explained-with-examples.htmlThe cheapest is going to be TP Link Omada.
They have fairly decent controller/gateway devices, and all the switches and WiFi APs are easily managed through a central web based UI (I think there is an app as well, and also cloud configuration stuff).TP Link Omada is TP Link's answer to Ubiquity Unifi. Unifi was the only consumer-accessible (ie no subscriptions, and reasonably priced gear) for a long time. It's well established and very popular. The gear is more expensive than Omada, there is better community support for Unifi, although Ubiquity has had a rocky reputation the past few years.
If you want to do it all yourself (steep learning curve), I like Mikrotik. It's very competitively priced, and extremely powerful and flexible. However, it's very easy to tie yourself in knots. But it is 1 brand that will do everything.
If you don't mind mixing brands, I like OPNsense as a firewall/gateway. It's like openWRT on steroids. It's essentially a battle tested implementation of FreeBSD as a router. It's open source and can be installed on modest hardware that has a sensible network port. You can then mix in whatever switches and APs you want (I'd suggest unifi or omada for wireless, if you have multiple access points).Omada and Unifi are powerful, but sometimes have some odd limitations (functionality that isn't implemented). I doubt you would run into any of them however.
The great thing about Omada and Unifi is you plug everything in, adopt all the switches/devices so the controller knows about them, then define some networks and where you want them to appear. And it manages all that.
If you run mixed brands of switches and APs, then you have different UIs for each and it can be easy to tie yourself in knots with regards to which VLANs go where.
Mikrotik would sit in the middle, IMO. It's the same interface for each switch, however you have to configure each switch yourself. It's also very easy to get confused how to do things, because mikrotik will let you configure things in ridiculous ways that will grind your network to a halt, and there has been some advances in recent years that means older tutorials incorrectly recommend doing (now) inefficient things.