Chances are that your router comes from your internet provider, because very often the router and modem are in one device. That may be easy, but there are also quite a few drawbacks. However, you can put an extra router in your network. Why and how? You can read it in this article.
You may still have an old (wireless) router lying around, otherwise you can probably pick one up for next to nothing. Nice, but what do you do with that? We can already think of a lot of reasons why an extra router in your network can be useful.
01 Reasons for an extra router
For example, your provider's modem router is in the meter cupboard and the wireless range is substandard. In that case, a range extender or WiFi repeater can still provide a solution, but in principle you halve the speed of your wireless connection. Another reason to include a second router in your network is that your standard router offers few extra options (and the provider does not allow you to fiddle with the firmware yourself). And often there is no USB port for an external drive, no VPN support and no guest network capability. Or perhaps the expanded Wi-Fi options disappoint: no simultaneous dual band, no ac-wifi and so on. Or the router's handful of LAN ports are already cluttered, so you need extra connection options. You can of course buy a switch, but you can usually also use an old router as a switch.
But you can also have a more "advanced" reason for such a second or even third router: you want to divide your network into subnets, for example, where users (or hackers ...) from one subnet cannot reach the devices of the other. Such a protected subnet can be useful for use by your children or guests, or if you have a server running that you want to separate from the rest of your network. Such a separate network is also useful for insecure IoT equipment.
Having your own router does mean that you are responsible for the configuration and upgrades yourself. Calling the provider for support of your second router is of course not possible. But that doesn't deter a reader of Computer!
02 Routers in tandem
There are actually two ways in which you can connect routers one after the other. With the first type, you connect a lan port of the first router via an utp cable to a lan port of your second router. This is done so that both routers are in the same lan-ip segment, so that computers and other network devices can connect to both routers. This setup is recommended if you want to be able to share files and other resources throughout your network, the second router then serves as a WiFi access point or switch in your normal network.
With the second type, things get a bit more complex: here you connect a lan port of the first router to the WAN port of your second router. Both routers then have different IP segments, so that devices from one segment cannot just access devices from the other segment. The reverse is normally still possible. If you really want two completely separate segments that cannot approach each other, you can consider a Y-arrangement with three routers. All these options are discussed explicitly in this article.
02 Lan-lan versus lan-wan: fundamentally different in design.
The first method of linking two routers, a LAN-to-LAN connection, often offers a solution if you need extra LAN ports or if the Wi-Fi range of your first router is insufficient.
03 Collect basic information
As mentioned, you can solve the lack of Wi-Fi range with a range extender, repeater or with a powerline set with multiple adapters (with or without an integrated wireless access point), but of course that costs money. An extra wireless access point is also possible, but such a device is usually more expensive than an extra router - especially if you still have one lying around.
We therefore opt for an extra router, and assume that your first router is connected to the modem – if it is not already a single modem router. Also make sure that a computer is connected to one of the LAN ports of that first router. Then open the command prompt on that PC and run the command ipconfig from. Note the IP address of the Default Gateway (Default Gateway) to your Ethernet connection, as well as the Subnet Mask. The latter is normally 255.255.255.0.
04 Router Address
Now connect your second router to the power network and for the time being only connect a computer to a LAN port of this router. We do assume that you know the IP address and login details of that router. If you have forgotten it, you can still reset the router so that it reverts to the default configuration. Such a reset can usually be done with the 30/30/30 rule: press and hold the reset button with a pointed object for 30 seconds, then switch the router off and switch it on again after 30 seconds, still holding the button for a while. a final 30 seconds. Also consult the (online) manual of the device, here you will often find the default IP address with username and password.
Then start your browser and match it to the IP address of this second router. After your registration you can get started. First of all, make sure that this IP address falls within the same IP segment (subnet) of your first router. Suppose your first router has the (lan) IP address 192.168.0.254, then you could give the second router the address 192.168.0.253 (only the last digit differs), with the same subnet mask. To avoid address conflicts, make sure that this address is not yet in use on your network and that it is not within the dhcp range of your first router. You may have to check that first in the web interface of your first router.
05 Router Configuration
The first step has been taken, but since only one dhcp server is allowed to be active within one subnet, you still have to deactivate this service on your second router, so that distributing addresses remains a prerogative of your first router. You should also pay attention to the wireless part. You probably want to be able to 'roam' between both routers and the most common scenario in that case is that you give both routers the same SSID, although preferably a different SSID for the 2.4 GHz and 5 GHz bands (if both are available). ). If possible, choose the same Wi-Fi and encryption standard on both routers, with the same password (e.g. 802.11n and wpa2-aes). For the 2.4GHz band, however, set the second router to a different channel, which is ideally at least 5 numbers different from that of your first router (for example, channels 1 and 6 or channels 6 and 11). Position your second router optimally in your home. Software like the free NetSpot can help you with this site survey, available for Windows and macOS). Now connect both routers to each other by means of a network cable that you connect to the LAN ports.
Some routers are equipped with a so-called bridge mode. This makes it even easier to set up a router as an extra access point within your existing network (segment). In bridge mode, your router acts as an access point and things like the dhcp server are automatically disabled. If your router lacks that functionality, you might be able to get it done with a firmware update or, if necessary, via a flash with the alternative firmware from DD-WRT. You perform such a flash entirely at your own risk.
We assume that your first router is configured for wireless access. Then go to the web interface of your second router and activate the Bridge Mode or an option similar to this. You may find it in a section like Network Mode, Wireless Mode or Connection Type. Give this router an IP address in the same IP segment as the other router, with the same subnet mask. If your router is set to bridge mode, you can connect the router to your network via the WAN port with a network cable, after which the device functions as an access point.
If you intend to work with two separate subnets where the computers of the outer subnet (connected to your first router) cannot reach the devices of the inner subnet (connected to your second router), then you need to use a LAN to -wan setup. Here we make the I-setup.
06 Wan section
With a LAN-to-WAN setup you can, for example, run one or more servers on the outer subnet, or use this subnet as a (wireless) network for your children or guests – possibly even in combination with DNS web filtering (see step 8) . Such an arrangement is also useful, for example, to separate insecure IoT equipment from your other network devices.
Make a note of the IP address and subnet mask of your first router. Check via the web interface whether the dhcp service is active on this router. Now connect a PC to a LAN port of your second router and go to the web interface of this device (see step 4 for a possible router reset). Go to the internet settings of this second router and set it to automatic configuration via dhcp. As a result, the wan-ip address of this router is assigned by the dhcp server of your first router. To make sure this IP address stays the same, you can set your first router to include your second router with this address in the list of DHCP reservations (aka static leases). An alternative is that you set the wan-ip address of your second router yourself, albeit outside the dhcp range of your first router. In this case, enter the lan-ip address of your first router as the default gateway of your second router.
07 Lan section
Over to the local network portion of your second router. You give it a LAN IP address that is in a different IP segment than that of your first router. For example, you could give your second router the address 192.168.1.1 as your first router as the address 192.168.0.1 has. You may also want this second router to be able to allocate IP addresses within its IP segment. Then you also have to activate the dhcp service on this router. You could assign those addresses within a range of say 192.168.1.2 to 192.168.1.50.
Once you are done with this and all settings have been made correctly, connect a LAN port of your first router via a network cable to the WAN port of your second router. Set a different ssid for each router and run the wireless signal over as diverse a channel as possible (for example 1 and 6 or 6 and 11 at 2.4 GHz, see also step 5).
As mentioned, it is not just possible for computers from the outer subnet to access devices from the inner subnet, which makes the outer subnet suitable for use by guests (via WiFi) or for users who like to experiment. You then work (if you are not tinkering) exclusively on devices in the inner subnet. If you prefer, you can also set up different DNS servers on both routers, for example. On the second router you then use the standard dns servers of your provider or those of Google (184.108.40.206 and 220.127.116.11), while on the first router you possibly set up dns servers with 'integrated web filtering', such as that of OpenDNS (18.104.22.168 and 22.214.171.124). More information about this DNS filtering can be found here.
09 Port forwarding
The fact that you are now working with separate subnets can also have unexpected drawbacks. When you place internal servers (such as a NAS, webcam or some server on a PC) in the inner subnet (of your second router), they can't just be accessed from the internet. If you want to do that anyway, you can solve this with a double port forwarding.
Suppose you run a server on a device with lan-ip address 192.168.1.148 on port 8000 and your second router has wan-ip address 192.168.0.253. Then you first set up port forwarding on your first router, where you forward requests from outside on port 8000 to the IP address 192.168.0.253. Then set up port forwarding on your second router with requests on port 8000 to IP address 192.168.1.148. Via the wan-ip address of your first router, that server on your inner subnet can now be reached from the internet again. If you are not sure how to set up port forwarding, go here, where you will find the necessary instructions for many routers to set up port forwarding.
You can make the network even more 'secure' by creating two completely isolated subnets that cannot reach each other. For that you need three routers, with the first router branching directly to the other two – hence the name Y-arrangement. Like the I-setup with two routers, this solution is also suitable for separating insecure IoT equipment from your other network devices.
10 Two subnets
To create our Y setup, we need three routers. The first is directly connected to the internet, with the second and third routers we create the separate subnets. To do this, you actually work largely in the same way on these two routers as described above in Way 2.
The wan ip address of your first router comes from your internet provider and the lan ip address has, for example, 192.168.0.254. You could then set the wan-ip address for your second router as 192.168.0.253 and for your third router 192.168.0.252. This can always be a fixed IP address, or you can place both addresses in the DHCP reservations of your first router. See step 6. You then give your second and third router a LAN IP address within an IP segment that differs from the first router as well as from each other. For example, that could be 192.168.1.x for your second router and 192.168.2.x for your third router. Make sure that the dhcp service is activated on the three routers.
This configuration gives you the following situation. All connected devices can access the internet. Each PC can access the other devices if they are on the same subnet. The PCs can also ping the three routers. If you have servers running on your subnet(s), you must set the necessary port forwarding rules, as described in step 9.
Router only as switch
If you only want to use an old router as a switch, then set up and connect the router in the way we first describe in this article (lan-lan). Then you switch off the WiFi access point of this second router. You can then use the second router as a normal switch without any problems. Note that a somewhat older router may not be equipped with gigabit connections.