• May 15, 2025, 11:44:21 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Two DIR-655 to segment and isolate lan from renters  (Read 3034 times)

dopeselecta

  • Level 1 Member
  • *
  • Posts: 2
Two DIR-655 to segment and isolate lan from renters
« on: October 07, 2010, 02:22:48 PM »
Aloha,
I'm trying to set up a home network with two DIR-655 routers.  Because of renters, I'd like to segment the network so that the renters cannot see the computers on my lan.  They just need to get internet.  The "guest" access is okay for wireless, but I have switches with structured wiring to provide physical connectivity.  The layout is as such:

[Cable Modem]-->#1[DIR-655](192.168.1.1)-->[My Switch]-->#2[DIR-655](xxx.xxx.x.x)-->[renters switch]

Can I configure the second DIR-655 with DHCP server to block access to my lan but still provide internet? Can I wire [My switch] to the WAN port of second DIR-655?  I'd really appreciate any input from those with more experience.
Logged

jimsander

  • Level 1 Member
  • *
  • Posts: 2
Re: Two DIR-655 to segment and isolate lan from renters
« Reply #1 on: October 10, 2010, 02:54:55 PM »
Caveat - it's been a while since I've done any "real" networking, so I'm rusty. Also, you're not saying precisely where the devices hook in there, whether they're wired or wireless, etc. But I'm assuming this...

[Cable Modem] --> #1[DIR-655] -> [My Switch]       ==>   #2[DIR-655] --> [Renters' Switch]
                                   |                     |                                |                      |
                              Your WiFi          Your Enet                    Renter Wifi         Renter Enet
                                                     (IPs from #1)                                      (IPs from #2)

I've indicated '==>' where I think you want the network segmented.

If it turns out you need the devices on [Renters' Switch] to also access *your* LAN, then I think what you want is nearly impossible without hooking [Renters' Switch] directly to [My Switch] (that probably means running two cables)

Now, assuming you do NOT need that... you'll still possibly run into issues with "double NAT." But with some "fiddling" I think it would work, at least for casual protection. It won't stop a determined attacker who, for instance, might unplug the #2 DIR-655 and replace it with their laptop - and spoofs its MAC. Even if you glue the connector in they might cut the cable and crimp their own RJ-45 on. ;)

Really, I think the ideal way to solve this robustly would be if [My Switch] supported port-based access controls. (VLANs, or whatever) But unless things have changed, I wouldn't expect that in consumer-level switches.

Other opinions might differ, and YMMV. But hope this helps some.
Logged