2

I have a set of six vacation rental apartments in the same building that all share a common router in the main office that serves internet to all the apartments.

Each apartment has its own individual wireless router which is connected to the main router in the office via ethernet. Each individual router is configured as an AP and the main router in the office performs DHCP for the whole network. The system works okay with some problems:

  1. Devices connected to the same AP often can't see each other. For example AirDrop devices or internet games become unusable for my guests.

  2. Devices not connected to the same AP sometimes appear in all the apartments. For example a guest's PC appears in another guest's list of networked devices.

What I would prefer is that each apartment is "firewalled" from the other apartments so that guests cannot see one another's devices; but within each apartment, all local devices are reliably visible to each other.

The main router in the office is a Vodafone Station Revolution and the APs are little Intellinet devices.

What is the best way to configure my network to do what I want?

Edit: turns out the network is set up even stranger than I realized.

Internet arrives at the Vodafone Station Revolution. From here is connected a WNAP-6305 wireless gateway configured as a wireless AP that serves two of the apartments on two different SSIDs. From there are connected four of the Intellinet wireless APs each serving one apartment each.

I was able to resolve my privacy problem by enabling SSID isolation on all of the devices. So far this seems to solve that problem. However I still have the issue of devices often not being able to see one another within a single SSID.

Richard Lee
  • 31

3 Answers3

2

This might help for other people having similar issue:

I will refer to the office Router as RouterA, and the room Routers as RouterB, C, etc.

LAN to LAN connection (the Routers connected via ethernet to main router)

Settings for RouterA

Can be set DHCP. Also, take note of IP address of this device, as well as Subnet Mask. (there may be Internet IP Address (WAN) and Local (LAN) IP address--you want the LAN--the WAN won't matter for this). For this, I will use 192.168.0.1 as the LAN IP address of RouterA

Next, disable or uncheck the following if you have them as an option (for RouterA)--

UPnP; SSPD; DMZ; DLNA

My reasons for disabling these are at the end of this post, incase you are wondering why (see below)

Finally, if you plan on having your wifi on RouterA turned on for the office, set your radio channel to static and pick a channel different than the room routers.

Settings for RouterB, C, etc. You should also set this routers radio channel to static and pick a channel different from RouterA.

RouterB----Need to set RouterB Internet IP Adress to RouterA's LAN IP Address (192.168.0.1 in this example)

Next: Set RouterB LAN IP Address to a different subnet:

*** This is done by using RouterA LAN IP, but changing the second to last number.* In this example, for RouterB LAN IP address, it would be 192.168.1.1, or 192.168.2.1, etc. This will create a network within the network---like its own little bubble

Router C through etc--Same thing as RouterB, only use a different subnet (192.168.2.1, 192.168.3.1,etc.)

The other settings are your choice. If UPnP is enabled on routerB, it won't be shared with RouterC or RouterD because it is turned off at RouterA, meaning all other routers will be DENIED access to each other.

Explanation---You can skip this section if you want to:

UPnP If enabled, all devices on all routers can discover each other (basically), Having this off will also add an extra layer of security to protect every connected device from the outside world, and each other.

SSPD (Simple Service Discovery Protocol)- UPnP, just different name.

DMZ- Probably not enabled---DMZ can be off. Can be used to isolate but it is like opening the flood gates so everything can get through.

DLNA should be off...its kinda like UPnP but broader and old school (mediaservers, etc.)...this can cause devices to see each other, even across diff subnets

One Final Note:

** If you have option for 20hz, 40hz, 60hz for 2.4/5, having 2.4ghz use 40hz will "overlap" with other signals (even bluetooth), causing performance issues. Its best to leave it to 20hz for optimal performance-- *Technically 2.4ghz can go JUST AS FAST as 5ghz--but the overlapping interference slows it down.

Mikey
  • 21
0

For problem 1 it would help to know the exact model of the Intellinet router. As it seems that the only router made by Intellinet is the Wireless 300N Dual-Band Router, I will assume that this is the case.

You should connect the Ethernet cable to the Intellinet WAN port and enable the DHCP function on each Intellinet. See this answer of mine for understanding LAN-to-WAN.

This will make every apartment into a separate network, and all devices should be better separated and should see each other.

Unless you physically isolate the apartments, every wireless device will show up on every wireless computer within range, as this is how it works (that does not mean that it can connect).

harrymc
  • 498,455
0

It all depends on the type of routers you are using or rather the features your routers are offering. (I assume all your devices are "internet routers" for end-consumer and not "real routers").

If your main router (the one that is connected to your ISP) has VLAN capabilities you just need to configure you're the ports to the APs (your other "routers") properly so that they can talk with you're ISP but not each other.

If your "main router" doesn't have VLAN, you can't use it's DHCP function to give IP addresses to the end devices connected to the "sub routers". For this, you have to configure your sub routers as "routers" and not as "APs" and configure them as well as your main router correctly so each sub router has it's own "private network". There are several solutions for this depending on the available features of your devices.

Albin
  • 11,950