CPE510s to share internet only, not LAN
CPE510s to share internet only, not LAN
I would like to share an internet connection from my house (house 1) to another house (house 2) that is in line of sight, about 50 metres away. I want house 2 to have internet access only but no access to the LAN in house 1. My intention was to plug one CPE510 into the LAN in house 1, and to plug the second CEP510 into a new router in house 2.
Modem - Router - Switch - CPE510 (house 1) ------------ (house 2) CPE510 - Router
Is there a set of settings I can use that will enforce this or do I need additional equipment?
Many thanks for any help.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
DanAir wrote
Just a dumb switch. I could get a small managed switch to allow me to create separate VLANs. Overkill?
No overkill, but the solution for your guest network.
With a managed switch you can use an asymmetric VLAN to split your LAN into two isolated VLAN segments and share a common resource such as an Internet router. But note that this is kind of a »poor man's guest network« since both LAN segments (VLANs) still use the same broadcast domain of the LAN, which means the router will send broadcasts to both LAN segments. However, access to devices in a different LAN segment from within another LAN segment is not possible.
Setup of a managed switch (e.g. a TL-SG108E):
- VLAN 1: the shared resource (Internet router) connected to switch port #1.
- VLAN 2: your guest LAN segment in house 2, that's the CPE in house 1 connected to switch port #2.
- VLAN 3: your private LAN segment in house 1, PCs, laptop etc. connected to switch port #3 (and ports #4 to #8 if needed).
Port settings:
- Set port #1 (router) as untagged member of VLANs 1, 2 and 3, PVID=1.
- Set port #2 (guest LAN via CPE link) as untagged member of VLANs 1 and 2, PVID=2.
- Set port #3 (private LAN) as untagged member of VLANs 1 and 3, PVID=3. Likewise with ports 4 to 8.
Effects:
- Traffic from guest LAN to private LAN or vice versa is not possible.
- Traffic from guest LAN gets tagged with VLAN ID 2 and reaches the router which is a member of VLAN 2.
- Traffic from private LAN gets tagged with VLAN ID 3 and reaches the router which is also a member of VLAN 3.
- Traffic from the router back to the clients gets tagged with VLAN ID 1 and reaches the client in guest or private LAN which are also members of VLAN 1.
Note that you must not use the router's built-in switch in such a topology (except for the uplink of the managed switch and other shared devices such as network printers etc.).
- Copy Link
- Report Inappropriate Content
@DanAir Hi Dan! I would verify if this is legal with your ISP??? It is not here at all. You just need 1 router in house 1 and just use the radios to create a wireless beam and plug into a switch in house 2. You wlll need AP's in both houses for wifi. I would create a VLAN to separate both networks if that is what you want to accomplish.
- Copy Link
- Report Inappropriate Content
@Doc2485 Fair point, I imagine this would breach the ISP's T&Cs, so for the purpose of this discussion, let's imagine house 2 is at the back of my garden.
How do I create a VLAN? Wouldn't that require additional equipment?
If I set the CPE510 in house 1 to AP router mode, would that achieve the same thing?
- Copy Link
- Report Inappropriate Content
@DanAir This may help you if you want it:
https://www.youtube.com/watch?v=TgUWAJCpHNE
No... use 2 CPE510 radios and create the wireless beam... that is what they are made for...NOT wifi
PS: Radios need clear line of sight... no trees, buildings, etc.
- Copy Link
- Report Inappropriate Content
@Doc2485 Ok, but this is starting to sound beyond my abilities.
I get the need to have line of sight and the only purpose of the CPE510s is to create the "wireless beam" as you put it. I'm just wondering if there's a simpler way to prevent LAN users in house 2 being able to access the LAN in house 1 (apart from the internet connection).
- Copy Link
- Report Inappropriate Content
@DanAir You could do this and enable Guest network to do that....but you still need a ethernet, fiber or radio connection to house 2 to share your internet from house 1.
- Copy Link
- Report Inappropriate Content
@Doc2485 That really is what I was proposing in the following topology:
Modem - Router - Switch - CPE510 (house 1) ------------ (house 2) CPE510 - Router
I can set a guest network on the router in house 2, but this wouldn't stop someone plugging in their own router directly to the CPE510 in house 2, providing access to the LAN in house 1. The question is how do I assign the CPE510 in house 1 to the equivalent of a wireless guest network? My router doesn't allow guest network on wired connections, only wireless ones.
- Copy Link
- Report Inappropriate Content
@DanAir You do not want 2 routers on same network...... modem>>router >>> CPE510 >>>CPE510>>> switch and AP (some routers can be put into access point mode...but I do not do it.... I only use only AP's. )
- Copy Link
- Report Inappropriate Content
@Doc2485 OK so this (which is what I meant actually - my mistake):
Modem - Router - Switch - CPE510 (house 1) ------------ (house 2) CPE510 - AP
But back to my question - is there any way to put the CPE510 in house 2 on the equivalent of a wireless guest network?
- Copy Link
- Report Inappropriate Content
@DanAir No, that will not work the best way that a AP will.
If you need consulting work on all of this..PM me on here and we can discuss options.
- Copy Link
- Report Inappropriate Content
DanAir wrote
But back to my question - is there any way to put the CPE510 in house 2 on the equivalent of a wireless guest network?
No. Your router in house 1 probably has or has not a guest network setting separating a single LAN port from the rest of the LAN.
What switch do you use? A managed one or a dumb switch?
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 2933
Replies: 15
Voters 0
No one has voted for it yet.