November 2022
Note. This article is aimed at people who have some computer and network skills / knowledge but it can help people who want to further their knowledge.
A “Home” LAN is where you create a separate LAN from the one created by the ISP supplied router. “Home” is just a word and can be substituted by “office”, “my” or any other meaningful word.
The ISP provided router a.k.a. an Internet Gateway usually has 2 or 4 LAN ports (sockets) and this enables you to connect 2 or 4 devices using Ethernet cables, fitted with RJ45 plugs. In most cases the router has a built-in WAP (Wireless Access Point) that (theoretically) enables up to 200+ devices to connect to it using WiFi. All devices connected to the router using Ethernet or WiFi all become part of a LAN (Local Area Network) and can “talk” to each other. This enables File and Print sharing – depending on your set up.
For most people, who have maybe one or two “network devices” e.g. a desktop PC and a laptop or tablet, the ISP provided router can provide an adequate facility to access the Internet and basically all devices that connect to the “Gateway” (Including Mobile devices that use WiFi) will be a “member” of the (router created) LAN and will be able to share info and maybe printers. The addition of the “Guest WiFi” helps to provide “Internet Access only” to “Guests” and they would not have access to other devices on the LAN.
The main problem with this set up is the “security” of the “Gateway Router” supplied by the ISP. The main feature of ISP provided routers is the “plug n play” aspect where the customer is assumed to have very little technical knowledge and it is usually a case of connect the cables and / or connect to the WAP (Wireless Access Point) and you’re good to go. Security is often very basic.
NOTE. Currently the ISP provided router is an Internet Gateway that provides access to the Internet and usually has a built-in WAP (Wireless Access Point) to enable devices to connect to the router using WiFi. They now also include a “phone socket” to plug your landline phone into because landlines are being phased out, so your voice calls will now go through the router. See Future of Voice.
There can be many reasons that you want to create a separate LAN that is different to the LAN created by the ISP router. For households and SOHO users with several network devices, creating a separate “Home” LAN helps keep things tidy and quite often can increase the network security see “Layered Defense“.
To create a “Home” LAN all you need is an extra router that sits between the ISP router and usually a network switch. All of your devices on your “Home” LAN will (ideally) be connected to a “Network Switch” (which in turn connects to the extra router) but you can make use of the LAN ports on the new router instead of using a switch. Have a look at “Lets Network“, there are few diagrams that show a few options.
Choice of (extra) router. Basically you can use something similar to the one provided by your ISP, that has a built-in WAP but has more security features e.g. better firewall. Or you can use a router without a built-in WAP and then connect a “stand alone” WAP for devices that need to use WiFi to connect.
I recommend using a router without a built-in WAP, the TP-Link TL-R470T+ is a good choice although it does have a lot more features that most home users need. It does have very good security features, it is only pocket size and the cost is minimal, about £30. A stand alone WAP will be a similar cost, something like the TP-Link ARCHER A5 AC1200 used as an access point only would be good.
Whatever router you choose, it must be able to be used as a DHCP server. Check the Firewall capabilities, it needs to be more than basic. The DNS server aspect will still likely be provided by the ISP router but the “extra” router would ideally have provision to enter the DNS servers of choice. It seems that (in the UK) Virgin and BT routers make it difficult to use DNS servers of choice.
NOTE. The current (gateway) routers provided by ISPs (Virgin and BT or its agents e.g Sky etc) insist on using the old “Class C” 192.168.0. for the (IPv4) LAN network address but they do allow you to amend the third octet e.g 192.168.0 could be 192.168.1 – 254 (the third octet can be anything between 1 and 254)
Your “extra” router would ideally be connected to the ISP Router using Ethernet and would connect to a LAN port of the ISP router.
The WAN IP address of the extra router would ideally be “Static” but a “dynamic” IP address obtained from the ISP Router, Ideally with a “reserved IP Address” will be fine
e.g. The ISP router will have a LAN IP Address of either 192.168.0.1 or 192.168.1.1. and will use a “Subnet Mask” of / 24 so the first 3 octets are the “Network Address” and the 4th octet will be the “Host Address” To use your extra router, it needs to get a WAN IP address (using DHCP) from the ISP router. In this case, your “extra” router would get a WAN IP address of 192.168.0.x or 192.168.1.x. In most cases you can change the 3rd Octet to whatever you want e.g. 192.168.100.x, 192.168.6.x. The third octet can be any number between 1 and 254 (255 is usually reserved as a broadcast address!)
The LAN IP Address of your extra router can then use one of the reserved “private network addresses” e.g. 10.10.0 or 172.16.0 but you can still use the 192.168.0 network address provided that is differnt to the third octet of the LAN address of your ISP provided router.
e.g. ISP provided router LAN address could be amended from 192.168.0.x to 192.168.50.x. The third octet can be anything from 0 to 254. In this case the SubNet Mask is 24 so the first 3 octets are the “Network Address” and the 4th octet is the “Host Address” (actual device). In this case the LAN IP of your extra router would be 192.168.1-254.1 or 192.168.not 50.1
Note. “Network Classes” e.g. A, B and C are no longer used and CIDR (Classless Inter-Domain Routing) has been used for several years. In principle CIDR amends the SubNet Mask and this is known as “Super netting“. The Subnet mask controls the number of network hosts for a given network. For most SOHO and home users, a SNM of /24 (255.255.255.0) will be fine as this will give up to 250+ hosts. A very useful site IP Subnet Calculator is worth visit.
Note. the above IP Addressing is using the “old” IPv4 system, the new system uses IPv6, fortunately IPv4 is still supported.
To Clarify things a little:-
The ISP Router will have a “Dynamically” assigned WAN IP Address (unless you pay for a Static IP). This Dynamic WAN IP Address can sometimes change but Virgin seem to keep the same WAN IP Address unless you power off the Router, Sky BB also seem to maintain the WAN IP but rebooting the router will often change it. The change in WAN IP Address doesn’t have any effect on the LAN IP Address.
Your “extra” router would (ideally) have an Ethernet cable connected between the WAN port (of the extra router) and the a LAN port of the ISP Router. The “extra” router would then receive a “dynamic” WAN IP address of 192.168.0.x or whatever the 3rd octet of the ISP Router LAN is set to.
To make life easier, your “extra” router LAN IP address could be 172.16.0.x or 10.0.0.x as this removes the possible conflict of using the 192.168.0.x or 192.168.1.x IP addressing, used by Virgin and Sky BB (BT). You can still use the 192.168.?.x address for your own kit but you would need to amend the 3rd octet of the LAN IP on the ISP Router or just amend the LAN IP of your extra router so the 3rd octet is different to the 3rd octet on the ISP Router LAN IP.
192.168.0.1 and 192.168.1.1 are on different networks and can be routed.
In principle, setting up a “Home” LAN is simple and easy. It allows you to have a LAN that is (usually) more secure. Your “Home” LAN can consist of many (network) devices such as a “Samba Server” or “NAS”, more than one printer or MFC. The ISP provided router is only used as an Internet Gateway but also serves as Internet Gateway for Guests (usually via WiFi) who will not have access to the “Home” LAN.
In my case I have quite a few “network devices” because I can -)
My “Home LAN” consists of a (Linux) “Samba File server” where I store my music, photos and household stuff. It is also where I store my backups. Some people would use something like a NAS (Network Attached Storage). I also have a couple of printers and a “Print server” so that all “Network Devices” on my “Home LAN” can access the printers.
My “Home LAN” also has a (stand alone) “WAP” to enable devices to access the LAN using WiFi.
My “home” LAN uses the 172.16.0.0 /24 IP addressing so having the “limitations” of having to use the 192.168.0.x and 192.168.1.x IP addressing on the ISP gateway LAN is no problem.
The choice of DNS servers can be a problem because it seems that Virgin and BT / Sky want you to use their DNS Servers by default and make it very difficult to amend the DNS Services. However “Home” LAN users will have an extra router and this often provides a facility to use the DNS servers of choice e.g Cloudflare and Open DNS etc.
There isn’t any “technical” reason for not using the default ISP DNS servers but there are some “privacy” concerns. The ISPs can “monitor” the websites that you visit (so can Cloudflare and Open DNS) and this could be a privacy issue.
To conclude, setting up a “Home” LAN is quite easy and has many advantages, if you have more than say 4 devices that need Internet access.