Is there any way to use the guest mode on my soho router?
-
I got an NG-1100 because I'm running a local server at home with some private files, and I figured getting a hardware firewall in addition to my router could be more secure.
The router I use (Netgear R6700) has a feature for guest-mode on the wifi network. I'm guessing this keeps devices on the guest network from accessing personal devices on the regular network.
Now, most of the netgate guides I've looked at for configuring a router behind the firewall suggest using the router in AP mode. My router does have an AP mode, but the guest-mode feature gets disabled then.
I only have some hobbyist-level knowledge about networking, so I'm trying to figure out if there is some way I can still keep the guest devices separated even with the guest-mode disabled in AP mode.
My original idea was leaving the router as-is, and putting it on a different subnet than the firewall. Then connecting a LAN port on the router to the OPT port on the firewall. Then set a static IP for the router. I assumed since keeping the router in "router" mode lets the router keep the guest mode enabled that this could work, but to be honest I don't even really know what that does exactly, so I figured I would ask here.
The other thing that might help is that the 2.4 GHz and 5 GHz modes can be put on a different VLAN, so I could use one for private and one for guest things, but I don't exactly know how VLANs work on this router or on an AP.
Thanks for any advice.
-
I assume that router is intended to be connected directly to the modem, and not pass through another router. What you need is a VLAN for the guest WiFi, which proper access points support, but not routers. I have an AP with guest WiFi and VLAN here.
-
@shjfliejfasel said in Is there any way to use the guest mode on my soho router?:
I'm guessing this keeps devices on the guest network from accessing personal devices on the regular network.
You need to know what it actually does before we can answer that.
Since it is removed in AP mode, which probably turns it into a pure layer 2 device, it probably does something at layer 3. Like passing traffic only for external IPs. In which case you can replicate that with rules in pfSense instead.
Steve