Guest network access does not work with when mac filter enabled

[L&LD]

Double NAT is simply using one router behind another router and both being in default 'router' mode.

No extra setup necessary.

 

[CaptainSTX]

how do you setup Double NAT? im straight using the Zywall now as the secuirty gateway and the ASUS as just an Access point? what would be the process to go thru to set this up. I would really like to use mac filtering on the ASUS for the wireless but for the guest wireless cant it be seperated if not then what is the best option to do. thanks

DESIGN CONSIDERATIONS:

You can not have both MAC filtering setup and and the same time allow guests not included in the MAC table sign onto your guest network using the same router.

If you enable guest networking a guest that knows/guesses the private IPs will have some limited access to other resources on the network. You also are limited in blocking web sites, streaming video, etc. when you are running both your primary network and guest network on the same router. Not saying it can't be done, but it will be complicated. Same for limiting Internet access.

Thanks to Merlin's posts last week, it was explained that in a double NAT situation because the primary router connects using a LAN port to the WAN port of the second router a connection from a device the second router's LAN is seen as coming over a LAN port on the primary network, devices on the second network can access devices on the primary network. Devices on the primary network/LAN can not access or see devices on the second LAN because they are seen as WAN connections and blocked unless some custom routing is programmed.

Therefore for the most secure guest network you would want to have it running off the primary network's router on its own subnet on a separate router. In your case for the most secure setup would need to add another router to your network, connect it double NATed behind your Zywall. The ASUS could or would continue to be used as an AP with or without a MAC filtering

To specifically answer your question on double NATing a router assuming the following:

1. Your primary router's LAN IP is 192.168.1.1 DHCP range 192.168.1.100-19

2. Set the router you want to double NAT as follows:

Setup the router to be a router (Not an AP, media bridge, etc.)

For the WAN connection type pick static and set the WAN IP to 192.168.1.10 (could be anything in primary router's DHCP range.)

Set the LAN IP to a private range different than the primary router. 192.168. 2.1 would work and set the DHCP range to 192.168.2.100-19.

Save the settings

Run a cable from a LAN port on the primary router to a WAN port on the second router.

Power cycle both routers and you should be good to go. Just be sure that if you are using WiFi on both routers it is on different non over lapping channels.