-2

so the setup I've got:

  • Main Router which receives the internet connection and is my primary WIFI network: 192.168.1.0/24
  • Secondary Router which I've connected via the following method to create a separate LAN: 10.3.3.0/24. Main Router's LAN port --> Secondary Router's WAN port.

I've got this setup fine and can get internet from the Secondary Router's LAN, no problem.

My question is: Is it normal behavior to be able to ping a device connected to the main router from the secondary router?

I would like to isolate devices on each LAN so that devices connected to the separate LAN's can't communicate and wondering if I'm able to achieve this using 2 consumer grade routers?

Cheers!

Secretsec
  • 25
  • 5

2 Answers2

1

This is normal behavior because the secondary router knows that IPs in the 192.168.1.0/24 subnet should be forwarded to its WAN port, so it can access hosts connected to that network. Sadly, you usually can't create 2 segregated subnets with 2 consumer-grade routers, as these only have 2 network interfaces (one for WAN and one for the built-in switch).

I also do not recommend doing this, as double NAT can have unexpected side effects. If you really want to separate devices on your local network, looking into VLANs is a better way. You can use your existing router but will need a compatible switch.

tbeni22
  • 108
  • 1
  • 4
  • 1
    Thank you for this answer. Makes sense. I've ordered a compatible switch now to be able to tinker around with VLAN's in the name of self-development :D ! – Secretsec Aug 19 '22 at 03:58
  • @Secretsec Learning a new topic or technology is always a good idea, good luck for it ;) – tbeni22 Aug 19 '22 at 09:56
1

If your routers support vlan management you should use separate vlans for both subnets. Otherwise you cant devide your networks.

Haktanc
  • 11
  • 2