Home network segmentation: Cascading Routers

22/2/2021 Internet is ‘Vodafone Ultra Hub’

  • 2.4G & 5G Wifi are enabled

Background:

  • We have multiple devices connected both wired and wifi to the above router
  • Connected devices in these category:
    1. Computers, Printers, Servers
    2. Personal Phones & tablets
    3. Guest phones
    4. IOT connected devices:
      • Samsung Smart TV x 4
      • Meural The Frame 2 x 3
      • Canvia Frame x 1
      • Robo vacuum Cleaner

Problem: All devices are on the same network. Phones & internet connected devices in particular are a vector for security vulnerabilities


Solution: Segment the network via Cascading Routers

  • Vodafone Ultra Hub will provide the ‘unsecured’ network
    • Wifi 2.4G only enabled
    • Provides connections to:
      • Guest phones
      • All IOT connected devices, some may need fixed IP addresses
    • 1 Android table will be dedicated to running any apps for control of these devices. It will not be used for any other functions e.g. banking etc
    • Conected devices will not be able to access the cascaded router (secured) network below
  • A second router will connect via Lan to Wan and will provide the ‘secured’ network
    • Both 2.4G and 5G enabled
    • Will ‘Bonjour’ type searches work outside this network? I suspect not but I do expect I can see the devices on the unsecured network if IP addresses are fixed/known
    • Synology DS216SE IP set to: 192.168.2.2
    • Synology DS212J IP set to: 192.168.2.3
    • Synology DS207Plus IP set to 192.168.2.4