I have a Westell D90-327W15-06 DSL Router that is currently running WPA for my wireless network w/ a shared secret, which offers me an acceptable level of wireless security.
However my son's Nintendo DS does not support WPA, it only supports WEP.
Currently I have the following configuraiton:
- IP Segment 192.168.1.0/24
- Wireless Encryption: WPA
I would like to
- Create a 2nd segment, 192.168.100.0/24
- Only allow this segment to route to the internet, and NOT route to 192.168.1.0/24
- Put this segment on eth0/4 of the Westell
- Plug in another wireless router into eth0/4 of the Westell that runs WEP
I believe the above would allow my son to connect his Nintendo DS to the Internet on 192.168.100.0/24 network without compromising the 192.168.1.0/24.
In short I need to run both WEP & WPA on the router on seperate network segments that cannot route to each other.
I would appreciate any recommendations/suggestions.
Two possibilities come to mind ...
1. Using your proposed approach, make sure that the router that you plan to get has outbound address filtering. This can not simply be "port" filtering. A quick spin thru Linksys, Belkin, and Netgear sites for a couple of routers all showed only "port" filtering, so I'm not certain what make/model to suggest -- perhaps someone here can suggest one. With "address" filtering, simply block as a destination all addresses on your 192.168.1.x segment except for the router. I'm not you'll find a cheap solution here since most residential routers are all based on pretty much the same underlying software.
2. Perhaps simpler, reverse your idea. Make the router closest to the Internet the WEP network and put the DS and any "guests" on it. Make the new router the WPA router.
Now, you can reach the network where the DS is located from your "private" network behind the new router, but the DS can't reach back into your network. Since the Westell is a "switch", the DS or anyone who gets on that network wouldn't be able to see your traffic.
A third idea just came to mind ... get a new router which supports a "guest" network concept (my Belkin Wireless N router does this). Put both your networks behind this router -- yours on the primary network running WPA, and the DS on the guest network running WEP.