If you take out an internet subscription, the provider will often send you a router. However, you may end up not being completely satisfied with your internet connection. In that case, it may be worth buying an extra router yourself. In this article we discuss various router-behind-router scenarios.
Tip 01: Why?
The idea of deploying multiple routers in a home network may initially seem nonsensical or excessive to many users. However, we can think of a few good reasons why such an arrangement can be useful - especially if you still have an old router in the closet.
For example, it often happens that the wireless router of the provider is in a somewhat unfortunate location, for example in the meter cupboard, which makes the wireless signal very bad. Or that the provider's router is a stripped-down model, without support for useful functions such as a guest network, external USB port, VPN, fast ac-wifi, simultaneous dual band, etc. In both cases, an extra router comes in handy.
An extra router can also be useful if you want to divide your network into subnets, so that users of one subnet cannot reach the devices of the other. Such a protected subnet is suitable, for example, for your children or your visitors, or if you are running a server that you want to separate from the rest of your network. You notice: plenty of reasons.
Keep in mind that you cannot contact the helpdesk of your provider for the configuration of such an extra router. So you will have to do it yourself, with the help of this article.
Tip 02: Basic Configurations
Deploying two or more routers means that they end up in a 'cascade', where one router is placed behind the other. Good to know is that there are actually two ways to do that.
On the one hand, you can connect a lan port of the first router (which is sometimes connected to the modem via the wan port, if it is not a modem router combination) to a lan port of the second via a UTP network cable. This means that both routers are (or can be) located in the same subnet and can be reached by all devices in your network. This configuration is especially useful when you want to be able to share files and other resources, such as printers, across your entire network.
On the other hand, there is also a somewhat more complex setup where you connect a LAN port of the first router to the WAN port of your second router. As a result, both routers get different IP segments, so that devices from one subnet cannot just access devices from the other. The reverse direction is still possible. If you want to effectively ensure that neither subnet can access the other, you should consider a setup with three routers (see tip 9).
Tip 03: Address router 1
Let's start with the simplest setup: a connection between the LAN ports of two routers. A setup that is suitable, for example, when you need extra LAN ports or if it turns out that the WiFi range of router 1 is insufficient. Although you can solve the latter with an additional wireless access point, a powerline set or with a repeater, these solutions also cost money. For the repeaters, the speed of your wireless connection is halved. A second router is therefore a great solution, especially if you still have it somewhere.
We assume that if router 1 does not have an integrated modem, it is at least connected to a modem. Also make sure that a computer is connected to a LAN port on that router. It is important to first find some information about your router: go to the command prompt of your PC and run the command ipconfig from. Write down the IP address you read under the heading Ethernet adapter Ethernet, Bee Default Gateway (Default Gateway). This is normally the internal (lan) IP address of your router. Also note the IP address behind Subnet Mask: the latter is usually 255.255.255.0.
An extra router can also be useful to achieve a better wireless connection Tip 04: Address router 2
Disconnect your first router and now connect your PC to a lan port of router 2. The intention is that you tune your browser to the address of this last router. You must then know the IP address as well as the login ID of this router. Read the box 'Standard login details' if you do not know this information (anymore).
As soon as you are logged in to the web interface of router 2 with your browser, you can get started. First of all, make sure that router 2 gets an IP address within the same segment or subnet of router 1 (see tip 3). In our example, router 1 has the address 192.168.0.254. Now make sure that router 2 gets an address where only the last number is different, for example 192.168.0.253. The subnet mask must be the same (usually 255.255.255.0). Please note that the address you give to router 2 is not yet in use within your current network and that it does not fall within the dhcp range of router 1.
Default login details
If you have forgotten the default IP address or login details of your router, you can reset the router if necessary, so that those values fall back to the default setting. You can normally perform such a reset with the 30-30-30 rule: hold down the reset button of the router with a pointed object for thirty seconds, then switch off the router, after which you switch it on again after thirty seconds. Keep the reset button still pressed for the last thirty seconds.
You will undoubtedly find the default address and associated login details in the accompanying manual or by googling something like 'default ip' and 'default login' followed by the brand name and model number of your router.
Tip 05: Router configuration 2
Since a dhcp service is most likely already active on router 1 and only one dhcp service within your network (subnet) should be enabled, you must first disable this service on router 2 if necessary.
If you work with wireless routers, you will undoubtedly want to be able to 'roam' between them smoothly. The most common scenario for this is that you give both routers the same SSID. If your router supports both 2.4 and 5 GHz, provide a different SSID for each of the two 'bands'. It is best to set the same WiFi and encryption standard on both routers, with the same password. Please note, for the 2.4 GHz band, it is best to choose a channel on router 2 that differs at least five numbers from that of router 1: for example channels 1 and 6 or channels 6 and 11. Position both routers as optimally as possible in your home. Software like the free NetSpot can help you with this positioning thanks to the built-in site survey function.
You may now connect your PC again to a lan port on router 1, after which you also connect a lan port on router 2 to a lan port on router 1. You should now be able to reach both the web interface of router 1 and router 2 with your browser, via the respective IP addresses (see tips 3 and 4).
Bridge mode
With luck, router 2 will support bridge or repeater mode. In this case, it's even easier to set it up as a second access point within your existing network. Go to router 2's web interface and activate the Bridge Mode or the Repeater Mode: you can usually find it in a section like Wireless Mode, Connection Type or Network Mode. Also in this case, your router 2 provides an IP address within the same subnet as router 1, with the same subnet mask (see tip 4). Is router 2 set to Bridge Mode, then it acts as an access point after you connect the WAN port of this router with (a LAN port) of your network. In Repeater Mode the router will act as a wireless repeater: it is best to place router 2 in a location where you still receive at least fifty percent of the signal strength of router 1.
Tip 06: Wan
In tip 1 we gave you some reasons why it can be useful to set up a network with two separate subnets. You can configure your network so that the computers connected to router 1 cannot reach the devices connected to router 2. You can then use the subnet of router 1 as a (wireless) network for your children or visitors, or you can safely run one or more servers within this subnet. Such a setup requires that you connect the WAN port of router 2 to a LAN port of router 1.
Make a note of the IP address and subnet mask of router 1 (see also tip 3) and make sure that the dhcp service of this router is active. Switch to router 2, which you connect to your computer via the LAN port. Open the web interface of this router in your browser (see also tip 4) and set the router's internet settings to automatic configuration via dhcp. This will ensure that the wan-ip address of router 2 is assigned by the dhcp service of router 1. To make sure that this assigned ip address remains the same, you can include this address in the list with dhcp reservations or 'static leases' from router 1.
Separated subnets provide a more secure network Tip 07: Lan
Time to set up the local network part (lan) of router 2 correctly. It is important that you give this router an address that is in a different IP segment (subnet) than that of router 1. For example, router 1 has 192.168 as internal IP address.0.254, then your router would have 2 as address 192.168.1.254: in most cases this means that the penultimate number must be different.
We can imagine that the devices that are connected to router 2 should automatically receive an IP address from router 2, just like the devices that are connected to router 1. This means that you also have to activate the DHCP service on router 2, albeit within a different IP segment.
If you have set everything up correctly, connect a lan port of router 1 via a network cable to the wan port of router 2. In this scenario you give router 1 and 2 a different ssid and you also set both to such a different possible wifi channel. You also give both routers a different WiFi password.
Tip 08: DNS
When you ping from a computer that is connected to router 1 to the IP address of a PC that is connected to router 2, that will not work. To test this: open the command prompt and run the command ping IPADDRESS from. The reverse, on the other hand, is possible. A logical scenario therefore seems to us that you work with computers that are connected to router 2, while you let visitors or children connect to router 1, via cable or via WiFi.
For example, it is now also possible to set up different DNS servers on each router. Then set up the usual DNS servers on router 2, perhaps those of your internet provider or those of Google (8.8.8.8 and 8.8.4.4). While on router 1, you can set up DNS servers with integrated web filtering, such as those of OpenDNS (208.67.220.220 and 208.67.222.222), if you wish. This web filtering ensures that unwanted categories of content, such as pornographic or phishing sites, are no longer (should be) accessible. More feedback on this can be found here.
You can even set up different DNS servers for each subnet Port forwarding
If you have opted for an arrangement with separate subnets (lan-wan scenario) and internal servers run within the subnet of router 2, such as a NAS or IP camera, then they cannot simply be accessed from the internet. To solve that, you can work with port forwarding, on both router 1 and router 2.
Suppose you have a service running on a device with IP address 192.168.1.100 on port 8080. Then set up a port forwarding rule on router 1 that forwards requests from outside on port 8080 to the IP address of router 2 (in our example: 192.168.1.253). On this router you set another port forwarding rule in such a way that all requests on port 8080 are forwarded to ip address 192.168.1.100.
By the way, here you will find port forwarding instructions for many router models.
Tip 09: Three routers
If you want to divide your network into isolated subnets that cannot reach each other, you actually need three routers. Routers 2 and 3 are always given an address that is within the same subnet as router 1 as the WAN IP address. This procedure is described in tip 6. Then you give routers 2 and 3 an internal LAN IP address within an IP segment that not only differs from that of router 1, but also from each other. For router 2, that would be 192.168.2.254 and for router 3, for example, 192.168.3.254. Make sure the dhcp service is activated on the three routers. Then connect the WAN ports of router 2 and 3 to a lan port of router 1. This setup ensures that all connected computers can access the internet. Any computer can reach the other PCs as long as they are on the same subnet (ie connected to the same router). Computers within a different subnet are not easily accessible. Note that if you have servers running on your subnet(s), you may also have to set the necessary port forwarding rules in this case (see box 'Port forwarding').
Using router as switch
If you don't have enough network connections, you can also use an extra router as a switch. Connect the router as we explain in tip 7 (lan). Once you've completed these steps, make sure to disable the second router's WiFi access point. In this way it becomes possible to use this router as a normal switch. Are you using an old router? Please note that it may not be equipped with gigabit connections.
You can also opt for a managed switch, which allows you to customize your network even more. For example, you can work with VLANs, set traffic priorities such as voip, or bundle ports for extra bandwidth – useful for a NAS. You can read more about it in this article.
