Wi-Fi Bridging with Separate Network

I am currently living in a shared house with shared wifi but want a private network for my devices and my new Google Home. I have a TP-Link Archer C50 router. This device currently provides me with a private network but without internet access. What I would like to do is somehow connect the C50 to the house wifi for internet access while keeping my devices on a separate network behind my router.

How can I best do this? WDS seemed like it would put all the devices on the same network. Apologies if this question has been asked already but I was struggling to find precisely the information I needed.

Alex

Posted 2017-11-24T13:12:13.740

Reputation: 121

WDS is not the answer - it won't solve the problem you are trying to solve. (In fact, WDS is never the answer to any question except I want an insecure network) – davidgo – 2017-11-25T05:13:01.800

Answers

Doing this is not possible with the Archer C50 using the standard firmware (at least not from what I could see in the manual).

The problem you are running in to is that you need to run the router as an AP Client (and indeed this has other issues as well). Depending on which model of the C50 you have, you may be able to install DD-WRT on this and get AP Client functionality - but it will come at a cost - specifically you won't be able to use that WIFI band in your LAN.

The ideal solution is to run a cable from the LAN Interface on the upstream router to the WAN interface on your C50 router. You don't need to modify the settings on the C50 as stated by @BM.Teddy - you can simply change the network on the C50 to not overlap with the main router, and use DHCP on the WAN port to get the IP address - which is probably the default anyway.

If this is not an option, I would get another basic WIFI device which I could configure as an AP Client, and then connect the LAN Interface on that to the WAN Interface on the C50, as per the "ideal solution" above - you are effectively using the AP client as a WIFI to Ethernet converter.

davidgo

Posted 2017-11-24T13:12:13.740

Reputation: 49 152

Unfortunately I don't have access to the main router. I have settled on what you suggest and am getting a cheap WiFi range extender with a single ethernet port. Am I correct that if I connect the WAN port of the C50 to the ethernet port on the range extender then everything behind the C50 will be hidden by NAT and protected the C50's firewall exactly as they would be protected from the wider internet if had I plugged the cable from an ISP into the WAN port as normal? – Alex – 2017-11-25T14:42:34.853

Unfortunately I can't find any range extenders which have been patched following KRACK. Any recommendations? – Alex – 2017-11-25T15:41:44.193

If you are worried about KRAK get a router which supports the latest dd-wrt and flash it. Don't use a repeater - they waste bandwidth and should be banned from a network. As far as KRAK goes, of course it's a good idea to patch against it, but realise that this is on the WAN side of your lan, and you can't trust this traffic anyway - there is nothing to say your shared house lan is secure, and your ISP and so on... – davidgo – 2017-11-25T17:55:52.123

I planned to disable the AP/repeating function of the repeater and just have it provide an ethernet port connected to the main WiFi. I assume in this case it won't waste bandwidth.

Fair point about KRACK. I figured it is more likely my repeater is compromised than my ISP but as you say I can't really rely on either. – Alex – 2017-11-26T19:11:11.110

Assuming that you have access to the house WiFi's router configuration, you could create a subnet for your devices.

Assign a static IP for your C50 within the house's main router, and then specify this satic IP as the WAN IP in the C50's configuration. This creates a link from the main router to your C50, like an attached device on the network.

Then, chose an IP range of your choice for all consequent deveices that are to connect to your C50. This range has to be on a different subnet than the main router.

For example, if devices that connect to your house's main router are 192.168.0.x with a subnet mask of 255.255.255.0, then your IP range for devices connecting to your C50 could be 192.168.1.x, also with a subnet mask of 255.255.255.0.

Ideally, you should have an ethernet connection from one of the main routers ethernet ports going into the WAN / Internet port of your C50.

This article helped me to brush up on subnetting and IP addresses.

This is one approach, but you could also look at a VLAN.

BM.Teddy

Posted 2017-11-24T13:12:13.740

Reputation: 33

This will only work if you can connect the devices via Ethernet - not WIFI – davidgo – 2017-11-25T05:11:36.870

Thanks for the answer. Unfortunately I don't have access to the main router, but will do as @davidgo suggests and use a second wifi device as a "wifi-ethernet adapter" to simulate connecting the C50 WAN port to the main router by ethernet. – Alex – 2017-11-25T14:44:14.893