Putting Guests on Different Subnets [or IP Range]

[Ryois]

So I have the Netgear Nighthawk R7000 and I want to be able to put guests on a different subnet or IP range than my main network. My main network is 10.0.0.2-10.0.0.254 with a subnet of 255.0.0.0. I would like to be able to put guests on 10.0.2.2-10.0.2.254 or different subnet. Being able to communicate between networks would be ok but this would make it easier to manage devices.

https://i.imgur.com/IZsebgt.png here is a picture of my LAN setup.

[Lurick]

Best I can tell, you cannot split the SSIDs and assign them to different subnets as it looks like the router doesn't support that feature  

(Also 10.0.0.0 with a 255.0.0.0 gives you 16,777,214 hosts or 10.0.0.0-10.255.255.254 )

[Radium_Angel]

Not certain you are asking a question....are you asking if this cane be done at all, or just with your existing router?

[Ryois]

Just now, Lurick said:

Best I can tell, you cannot split the SSIDs and assign them to different subnets. Looks like the router doesn't support that feature  

(Also 10.0.0.0 with a 255.0.0.0 gives you 16,777,214 hosts or 10.0.0.0-10.255.255.254 )

Ok and yes I know that 10.0.0.0 with 255.0.0.0 can do that..

[Lurick]

Just now, Ryois said:

Ok and yes I know that 10.0.0.0 with 255.0.0.0 can do that..

I figured you did, I just wanted to point it out  

[Ryois]

5 minutes ago, Radium_Angel said:

Not certain you are asking a question....are you asking if this cane be done at all, or just with your existing router?

Im asking a question. can it be done with my router or will it have to be a ap?

 

[Just.Oblivious]

Just now, Ryois said:

Im asking a question. can it be done with my router or will it have to be a ap?

 

Not with the default firmware (guest SSID is isolated by default).

 

With alternative firmware you might be able do it.

[Ryois]

Just now, Just.Oblivious said:

Not with the default firmware (guest SSID is isolated by default).

 

With alternative firmware you might be able do it.

I cant seem to find a DDWRT or an alternative firmware... 

[brwainer]

14 minutes ago, Ryois said:

My main network is 10.0.0.2-10.0.0.254 with a subnet of 255.0.0.0.

10.0.0.2-10.0.0.254 would equal a subnet mask of 255.255.255.0, aka 10.0.0.0/24
the subnet mask of 255.0.0.0. would be 10.0.0.0-10.255.255.255, aka 10.0.0.0/8

Just because the 10.0.0.0-10.255.255.255 is a /8, doesn't mean you have to use that subnet mask in your router. You can use any smaller mask - in fact you have to in order to have more than one subnet in that range.

[Ryois]

Just now, brwainer said:

10.0.0.2-10.0.0.254 would equal a subnet mask of 255.255.255.0, aka 10.0.0.0/24
the subnet mask of 255.0.0.0. would be 10.0.0.0-10.255.255.255, aka 10.0.0.0/8

Just because the 10.0.0.0-10.255.255.255 is a /8, doesn't mean you have to use that subnet mask in your router. You can use any smaller mask - in fact you have to in order to have more than one subnet in that range.

I manually set it to be maxed at 254.

[brwainer]

3 minutes ago, Ryois said:

I cant seem to find a DDWRT or an alternative firmware... 

It seems to be supported by Tomato:
https://advancedtomato.com/downloads/router/r7000

[brwainer]

Just now, Ryois said:

I manually set it to be maxed at 254.

You mean you told the DHCP server to only give out IPs up to 10.0.0.254 - but as long as the subnet mask being given out and used is 255.0.0.0, the computers with those IPs will happily talk to the entire 10.0.0.0/8 range.

[Ryois]

1 minute ago, brwainer said:

You mean you told the DHCP server to only give out IPs up to 10.0.0.254 - but as long as the subnet mask being given out and used is 255.0.0.0, the computers with those IPs will happily talk to the entire 10.0.0.0/8 range.

yes I set the max to 254 plus on Netgear once when you set the first 3 parts the DHCP servers settings can only change the 4th part it's stupid but it's consumer hardware.

[Unhelpful]

45 minutes ago, Ryois said:

yes I set the max to 254 plus on Netgear once when you set the first 3 parts the DHCP servers settings can only change the 4th part it's stupid but it's consumer hardware.

Just to clarify, by part are you referring to octet?

 

I mean... Your network has no reason whatsoever to be a /8. That's just kinda excessive and pointless. Yeah it's consumer hardware, but I can't think of anybody using a consumer router / ap where they need more than 253 hosts.

 

I'm all for doing stupid shit for the hell of it though, that's something I can get behind  

[Ryois]

16 minutes ago, JoeyDM said:

Just to clarify, by part are you referring to octet?

 

I mean... Your network has no reason whatsoever to be a /8. That's just kinda excessive and pointless. Yeah it's consumer hardware, but I can't think of anybody using a consumer router / ap where they need more than 253 hosts.

 

I'm all for doing stupid shit for the hell of it though, that's something I can get behind  

Just incase I ever get 253 pcs or run that many vms with different ips on the network level lol.

[Unhelpful]

Just now, Ryois said:

Just incase I ever get 253 pcs or run that many vms with different ips on the network level lol.

Well that subnet has 16,777,214 usable IP's. I suspect you won't be using that many  

 

If you're getting into learning about this, I'd recommend segmenting your network entirely for your lab stuff. Not for actual function, but more for the sake of the practice.

[bcguru9384]

1 hour ago, Ryois said:

So I have the Netgear Nighthawk R7000 and I want to be able to put guests on a different subnet or IP range than my main network. My main network is 10.0.0.2-10.0.0.254 with a subnet of 255.0.0.0. I would like to be able to put guests on 10.0.2.2-10.0.2.254 or different subnet. Being able to communicate between networks would be ok but this would make it easier to manage devices.

https://i.imgur.com/IZsebgt.png here is a picture of my LAN setup.

easiest way to isolate with that router will be firewall rules

subnetting more about switching than isolation

[Lurick]

6 minutes ago, bcguru9384 said:

easiest way to isolate with that router will be firewall rules

subnetting more about switching than isolation

Subnetting and switching have nothing to do with each other and subnetting is all about segmentation on a large scale.

IP addresses are L3 and switching is L2. 

If you put two hosts in different subnets without a router they CANNOT talk to each other.

[Ryois]

4 hours ago, brwainer said:

It seems to be supported by Tomato:
https://advancedtomato.com/downloads/router/r7000

flashed with tomato created a virtual wireless, and a separate lan for the guest network now setting up a captive portal.

[Levisallanon]

You have this one router which goes straight to the internet?
I don't know the nighthawk line but are you able to set a specific dhcp range for a specific wireless network?
If so you just want to make sure your normal network is in 10.0.0.0/24 (255.255.255.0)
And your guest network is in 10.0.2.0/24 (255.255.255.0) probably your router will make sure static routes are set up to go outside, but you would need to check your routing table that there isn't a route connecting 10.0.0.0/24 to 10.0.2.0/24.
But this will only work if your router allows for different dhcp servers for different networks.
If that doesn't work it would still be possible but your router would need to allow for vlan tagging and you need to have a server which has a nic which allows for subinterfaces on different vlans.
You could then setup a dhcp server for the different vlans on this server while routing them all to your gateway to go be natted there and going outside.

[Ryois]

8 minutes ago, Levisallanon said:

You have this one router which goes straight to the internet?
I don't know the nighthawk line but are you able to set a specific dhcp range for a specific wireless network?
If so you just want to make sure your normal network is in 10.0.0.0/24 (255.255.255.0)
And your guest network is in 10.0.2.0/24 (255.255.255.0) probably your router will make sure static routes are set up to go outside, but you would need to check your routing table that there isn't a route connecting 10.0.0.0/24 to 10.0.2.0/24.
But this will only work if your router allows for different dhcp servers for different networks.
If that doesn't work it would still be possible but your router would need to allow for vlan tagging and you need to have a server which has a nic which allows for subinterfaces on different vlans.
You could then setup a dhcp server for the different vlans on this server while routing them all to your gateway to go be natted there and going outside.

Yes one router, no you cannot. But with a custom firmware you can which is what ik usong now.