At the moment, I have the following situation: the ISP fiber router is connecting this network to the Internet, providing the gateway and DHCP server. A single LAN cable goes to the main switch (Netgear JGS524PE), which then distributes the network to different rooms, one LAN cable per room. In each room, there is a wifi router set up in bridge mode, acting as an access point. The local network has just one address space, and looks somewhat like on this image:
However, the problem is the ISP fiber router is locked down and doesn't offer full admin. Therefore, I would like to separate the local network from this ISP router, so it does not see the network inside, but still provides Internet access. I would like one of the wifi routers inside the network to act as the DHCP server. I imagine this somewhat like that:
I imagine one can do it with a correctly configured VLANs, but so far my attempts failed. How can I do it using the existing devices and LAN cables?
Best Answer
VLANs won't solve that problem. VLANs allow you to separate subnets, requiring a router to communicate. The router still sees them all, so if you're using the ISP router you've gained nothing. If you set up an additional router, you're coming closer but the router needs to do filtering.
You'll need a firewall controlling traffic between your network and the ISP router. Set up DHCP behind it and let the firewall decide what to forward. In essence, you'll want outbound connections only, no inbound.