I have 2 ISP supplied routers/modems at a location. I have device1-3 which has to be subnetted away from the router’s subnet and do not have to communicate with any of the other devices on the network. I have devices 4-6 which do not have to interact with devices 1-3. Devices 1&2 are connected to an unmanaged switch at one area and then a single cable runs to where the ISP modem/routers are located.
Device 3&4 are in another location away from where the ISP router/modem are located and are plugged into an unmanaged switch which has a single network cable run back to where the modems are located. This cable run is using shielded cable and was a bear to run and running another cable is iffy.
Devices 5&6 are on their own separate network cables which run up to the ISP cable modems. I had thought of adding the "router (dd-wrt) " by the ISP modem/touters to subnet off device 4-6. The problem is that this will isolate device 3 which needs to communicate with the network printer.
Any ideas how I can subnet off device 4-6 and have device 3 on the same subnet of device 1&2 and the network printer?
How far apart are the two routers? Do you really need 2 network connections?
If they are wide apart, you could use a VPN on router 1 and a VPN either on router 2 or device 3 connecting to router 1. You would need to configure the port with device 3 to have a separate sub-net and that sub-net be routed through the VPN to router 1 (easier if you just have a VPN client on device 3, probably).
The problem is the unmanaged switches and the ISP supplied routers. With a proper firewall and managed switch(es), it would be much easier to set up. What is the physical distance? Do you really need to have 2 ISP routers?
I don’t know if you have any budget or what your technical skills are like.
2 things spring to mind:
use a firewall with 2 WAN ports connected to the routers and either do load-balancing over the 2 routers or failover (although being both from the same ISP, if one line fails, the other probably will as well, apart from a locked up router or one cable being damaged).
with a firewall and a single, managed switch (a cheap HP, Zyxel business switch etc.), an 8 port would do, but leaves little room for expansion, you could set up VLANs for the different subnets and isolate them properly and set up the internal routing as needed - E.g. devices 4 - 6 also have access to the printer, but only the printer on the “main” network.
I would probably go one further, VLAN 1 for Devices 1 - 3, VLAN 2 for 4 - 6 and VLAN 3 for the printer. That way, you can give everything access to the printer, but the printer network can’t back communicate with the other networks and the other networks are isolated from one another.
If you use pfSense or a similar firewall, you can set it up with an old PC you no longer need, just slap a couple of additional network cards in it. At my previous place of work, we had 2 pfSense with 2 WAN connections (different ISPs for failover), a dedicated card for the hot failover management of the pfSense themselves and LAN network ports. That worked very well and cost us next-to-nothing, we re-purposed 2 old PCs that were going to be scrapped and stuck in 2 extra network cards in each. You can buy pre-configured pfSense boxes:
Once configured, pfSense is very reliable. You can then put in a managed switch with VLAN capabilities and cable everything through the one switch. I think I paid around 120€ for my 24 port managed switch.
At home, I have gone for the “luxury” option, I have a Unifi Secure Gateway as the firewall, a Unifi 8 port PoE switch and 2 Unifi AC Pro wireless access points, all centrally managed through the Unifi Controller software. Obviously, that is not a cheap combination, but I found the ease of management was worth the price. I also have a “cheap” Zyxel 24 port managed switch, which is fine, but needs manual configuration on top of the Unifi solution.
