I am in a building where wired internet is provided in a number of rooms, giving you a local IP address when connected to. I now want to add WiFi routers across a number of rooms acting as a single logical network (same SSID).
The best way to do this appears to be running 2 (or more) WiFi routers in bridge mode, delegating DHCP, NAT etc to the building network.
However, I would additionally like the WiFi routers to provide a guest network, isolated from my building network, i.e. with DHCP provided by the WiFi router, and firewall rules set up to prevent the guest network accessing internal IPs (while still allowing access to the Internet).
Is there a better way of accomplishing the above? If not, what routers support such a configuration?
Best Answer
Pretty much every commercial grade (or "commercial like") AP will do multiple SSIDs, with separate credentials, and pushed down separate tagged VLANs. The AP I happened to buy for my house, even, supports (from memory) five SSIDs/VLANs, and it wasn't particularly expensive (I got it for its purported, but unnoticeable, "high power"; I'm not making use of any of its multi-SSID features).
Once you've got all the SSIDs and VLANs sorted, it's trivial to setup the central router to partition off the networks, giving them both Internet access (NATed to different public IPs, even), separate DHCP ranges, and zero ability to interact with each other directly.