July
Hey,
I'm not very techy, and am a little stuck. My research has got me to the point where I can ask the question somewhat clearly... we'll see whether I can understand the answers 🙂
Any help greatly appreciated!!
Our wi-fi setup:
We have TELUS PureFibre 250.
We have a "modem" (Network Access Hub, Arcadyan NH20A)
We also have 3 Boost Wi-Fi 6's (Arcadyan Boost 2.1)
Our problem:
We would like to use our basement suite for short-term rentals. We would like to have as much security for our home internet as possible as a lot of different people would visit. We therefore do not want to share our wi-fi with the suite, and we want the wi-fi solution we use to be one that cannot be worked around by tech-savvy folk to access our own wi-fi.
Question 1: Could I just use the Telus Guest network feature? Is this secure? Is there a better option?
Question 2: I have read I can use bridge mode on our Network Access Hub, and then attach a different wireless route to that port. A good idea? How does this compare to the Telus Guest network?
Question 3: I wondered if it is possible somehow to divide the internet at "source" with some sort of physical switch, and then attach our current setup to one port, and the guest wireless router to another. Is that possible/advisable? (I suspect this is a dumb question... be kind :D)
Finally, a big thanks to anyone who can help remove my fog of ignorance!
Solved! Go to Solution.
August
If you only have Fibre 250, then any decent gigabit ethernet switch will work. You can get a lower end 5 port gigabit switch for about $15. And a better one for about $22. You'll just need a couple Cat6 ethernet cables to connect everything. Keep in mind anything connected to the switch has a direct outside connection and you'll only be able to connect two devices as residential accounts are only offered 2 IP addresses. Doing this means you won't have to fiddle with bridge mode. The guest network will have an entirely separate connection on the separate router you connect to the switch for it.
Essentially you take the ethernet connection that runs from the garage and plug the end of it from the NAH 10G port into one of the ports on the gigabit switch. Run an ethernet cable between the switch and the NAH 10G port. Run another cable from the switch to the separate router to be used for the guest wifi network. Your original Telus router will work fine and should not need any configuration changes.
August
No worries, your questions are very clear! Let's go through each one to help you set up a secure and separate Wi-Fi network for your basement suite.
Is this secure? Is there a better option?
The Telus Guest Network feature is designed to provide a separate network for guests, which can help keep your main network more secure. However, while it does provide a level of separation, very tech-savvy individuals might still find ways to access the main network. A more robust solution might be preferable if you want to ensure maximum security and separation.
How does this compare to the Telus Guest Network?
Using bridge mode on your Network Access Hub and attaching a separate wireless router is a good idea for achieving stronger separation between your main and guest networks. When you set up bridge mode, your Telus modem essentially acts as a pass-through device, and the new router handles all network management. This can offer better security and more advanced settings compared to the built-in guest network feature.
Is it possible/advisable to divide the internet at the "source" with a physical switch and then attach different routers to different ports?
This is not a dumb question at all! It is possible and advisable for maximum security. Here’s how you can do it:
Install a Network Switch: Connect a network switch to your Network Access Hub. This switch will allow you to split your internet connection into multiple outputs.
Connect Separate Routers: Attach your main router to one port of the switch and a separate guest router to another port. This way, you can have completely isolated networks for your main home use and your basement suite.
Configuration:
Use a Network Switch:
Connect Separate Routers:
Configure Both Routers:
This setup ensures that your main network and the guest network are completely isolated from each other, providing the highest level of security for your home internet.
Good luck with your setup!
August
For question 3, that will only apply if they have a separate ONT. The gigabit switch would be connected to the ONT and the two routers after that. If the fibre is connected directly to the NH20A, then bridge mode would be the only option.
August
@TELUS_Support Thanks so much for the info! When I read this at work I think I understood what to do for the bridging and that it was a viable option. From what @Nighthawk mentioned the switch option might not be possible in any event.
One other issue did crop up (maybe a non-issue I hope, fingers crossed)... I went to check my modem this evening and see what they did when they installed it. I can see no fibre cable - see photo at the end of the message.
After some detective work I think they seem to have used a CAT from the garage (where the fibre enters the house) to the modem (in basement) and plugged it into the 10G port. If I unplug the 10G port, youtube streaming on my phone stops working and the red light comes on, on the router.
So my understanding is the internet enters into the 10G port of the NAH, then it is routed out to the Boost wi-fi 6's in ports 1-3.
I'd be super grateful if I could explore with you in a bit more detail the bridging mode, and possibly the switch, given the above info.
Bridge mode:
If I decided to do the bridge mode, given I have the internet coming in on a port (10G), will setting the router to bridge mode, say to port 4, still work? Will it still be secure?
If yes, is it as simple as setting bridge mode, attaching the CAT cable for the suite to port 4, and buy a new wireless router for the suite and attach it to the wall in the suite, and done? (making sure wifi address/password are different to the main network.) There is nothing else to do?
Switch:
I worry this might be beyond my ability to comprehend the answer but here goes. Given the internet is coming in on CAT cable, can I plug that directly into a switch, say port 1 of switch, and then attach my Telus NAH (to port 2 of that switch) and the suite CAT cable (to port 3 of that switch)? I would then attach the wireless router to the wall in the suite, which would then get the signal from port 3 of the switch, which in turn gets internet from port 1 of the switch. I hope that makes sense...
If this is viable, what switch should I use? I have used one type before (see the photo below for an example of a switch I already have in the house to run multiple devises in a room). Maybe I should get a fancier switch or it that OK?
Thanks so much for taking the time - super super appreciated. I might be clueless, but this is actually super interesting!
Picture showing no fibre cable in my house.
Switch I have in the house already for another purpose:
August
If you only have Fibre 250, then any decent gigabit ethernet switch will work. You can get a lower end 5 port gigabit switch for about $15. And a better one for about $22. You'll just need a couple Cat6 ethernet cables to connect everything. Keep in mind anything connected to the switch has a direct outside connection and you'll only be able to connect two devices as residential accounts are only offered 2 IP addresses. Doing this means you won't have to fiddle with bridge mode. The guest network will have an entirely separate connection on the separate router you connect to the switch for it.
Essentially you take the ethernet connection that runs from the garage and plug the end of it from the NAH 10G port into one of the ports on the gigabit switch. Run an ethernet cable between the switch and the NAH 10G port. Run another cable from the switch to the separate router to be used for the guest wifi network. Your original Telus router will work fine and should not need any configuration changes.
August
Thanks so much for this - I feel like I'm ready to make the leap - I'll try and get this done this weekend and hopefully report success!
I have to say I didn't find this clarity when I was searching online - I hope this post can be useful for others! With that in mind, I've put a diagram of what you have suggested at the end of this message and summarised the instructions. I'm sure I'm not the only one with this query in mind, and with their internet coming into their 10G port!
Does it look about right?
Also, I wonder if you could also answer a few of follow-up queries?
Query 1: You said "keep in mind anything connected to the switch has a direct outside connection". I wondered if there was some risk/issue to worry about here that you were thinking of?
Query 2: Is there a "risk" to having the walled connection in the suite "live" running directly to the switch?
Query 3: Similarly, if the new wireless router itself is in the suite, is this more risky as guests have physical access? I'm not sure I have a choice, but if there was a wall connection in the main house close to the suite that I could use, instead of placing the wireless router directly in the suite, is that something to consider? (this way they cannot plug directly into the router and mess with settings for e.g.) Or this this me just being over-the-top?
Query 4: Would you be able to explain in simple terms why the switch might be more secure than the bridging?
Query 5: What would happen if I had faster internet that Fibre 250? (I have Fibre 250, but others might have faster, and I am also curious - as I say this is super interesting!)
STEPS AS I UNDERSTAND THEM:
-Unplug the Cat6 cable from the 10G port onNAH (that cable brings the internet into the house) and plug instead into the Switch.
-Plug a new Cat 6 cable from switch to the now vacant 10G port [House internet is now up and running]
- Plug existing Cat6 cable (that goes to the wall of the suite) into the switch
-Put wireless Router in suite, attaching to the wall connection that is now attached to the switch [Separate guest network now up and running].
Again, thanks a million for engaging with me on this! It has been SO helpful!
August - last edited August
Query 1: You said "keep in mind anything connected to the switch has a direct outside connection". I wondered if there was some risk/issue to worry about here that you were thinking of?
Only connect a router to the switch. You don't want individual devices connected to it for security reasons. Additionally since your connection is only alotted 2 IP addresses, if you start connecting additional devices, they will fail to connect. Bridging would still use a second IP but it wouldn't allow additional ones unless you change the router or device connected to the bridged port.
Query 2: Is there a "risk" to having the walled connection in the suite "live" running directly to the switch?
I'd stick to just offering them wifi. You can configure many routers to only allow access to log in to them over ethernet connections. That way if the users are on wifi, they won't be able to try log in to the router and mess with things. There are some third party routers that you can get that specifically have settings for guest suites / networks. If you did put an ethernet jack into the rental space, you could still have the router outside of the rental space and just have the ethernet jack connected to it instead. Direct physical access to the router would be a bad thing. I would not put the router inside the rental space.
Query 3: Similarly, if the new wireless router itself is in the suite, is this more risky as guests have physical access? I'm not sure I have a choice, but if there was a wall connection in the main house close to the suite that I could use, instead of placing the wireless router directly in the suite, is that something to consider? (this way they cannot plug directly into the router and mess with settings for e.g.) Or this this me just being over-the-top?
Direct physical access to the router would be a bad thing.
Query 4: Would you be able to explain in simple terms why the switch might be more secure than the bridging?
Because the switch would be two physically separated devices / networks. People have had isssues with bridging in the past under certain conditions so a switch and separate router would likely minimize issues. You could always start with bridging to see if you have any issues. If you don't, then you could leave it as is. If you do, then get a switch and go that direction instead.
Query 5: What would happen if I had faster internet that Fibre 250? (I have Fibre 250, but others might have faster, and I am also curious - as I say this is super interesting!)
With a gigabit switch before the Telus router, the max speed you could get is gigabit. If you ever wanted faster than gigabit, then you'd have to look at a 2.5gbit or 10gbit switch, which are more expensive. Though the more likely scenario is the NAH with the 10G port would likely have to move to where the fibre itself is since that's the device used for connections faster than gigabit. Unless Telus has a newer ONT capable of faster. The ONT I have only supports gigabit. The ONT is the device that converts fibre to ethernet.
August
Thanks so much for all your help!
I got it done! Following your advice I now have two separate networks.
My check that it works:
- on my home network my iphone can cast to my TV. On the new guest suite network I cannot see the TV. Excellent!
- Both networks access internet.
Just for a resource for others, here is the switch and wireless router I used:
Nothing fancy, but it seems to be working.