Yes, it is possible to set up two separate networks using two different routers.
Yes, it is possible to set up two separate networks using two different routers.
Yes, it is feasible to set up two separate networks using a single WAN connection. You can configure one network for your primary devices with advanced security features like WPA3 Wi-Fi 6, while the other network can be dedicated to IoT devices with less stringent protections. Your main router handles the secure connections, and the secondary router operates independently for IoT use.
Sure, I understand. Setting up two routers with separate networks and Wi-Fi is definitely possible. The first router can be configured with the strongest security features, while the second can accommodate less secure devices such as IoT gadgets. Regarding the guest network, it does have some limitations in customization and firewall rules compared to the main network.
I explained it clearly. With just one WAN connection, you must link your routers in a chain. Set up a DMZ port on your main router, making it accessible to the Internet but isolated from the rest of your network. Then attach the second router’s WAN port to that DMZ LAN port on the first router. Customize the firewall settings as needed. Your IoT gadgets will connect through the second router. For added security, place a more secure router behind a less secure one, but be aware this might block certain gaming services due to double NAT.
DMZ seems to be the opposite of what they aim for, since it sends all ports directly to their destination, blocking any port forwarding on the main network. In this configuration, IoT gadgets should reside on the primary router, which acts as a tighter network. This is why I dislike consumer routers—they lack sufficient fine-grained control. It’s like trying to enforce strict firewall rules; you need a solid router OS (such as pfSense) that lets you set up multiple LANs with distinct policies and blocklists.
I might have used some vague words again. I believed it meant sending all unsolicited traffic to this device without caring about firewall rules and keeping it separate. I think the second router’s firewall handles everything. Probably needs its own VLAN for this to work... It could be a while since I worked with consumer routers.
Consumer routers aren't built for this scenario. Adding another NAT layer on top only blocks devices on the first router from reaching those on the second, not vice versa. Malware on the second router can still reach all devices on the main router because it views it as the open Internet. If someone thinks they've set up double NAT mistakenly, the main router would need to act as the IoT network to keep clients on the second router isolated from your main LAN. You'd then place the second router in the DMZ of the main router's setup, allowing uPNP to forward traffic for games, though this may still lead to issues with double-NAT. There are also drawbacks if certain apps need to see IoT devices on the same network as your phone.
When standard routers lack the ability to form separate LAN segments, using three routers might offer better security. This guide outlines how such an arrangement functions and highlights its limitations. It's worth noting that basic routers often just set up a guest Wi-Fi network without proper segmentation.