Next up, if both guest and staff subnets are to share the same physical wires, then the routers and switches have to have VLAN capability on the wired ports to keep them all separate. Otherwise security is non-existent trickier to achieve.
If VLAN capability isn't there, or isn't supported well enough, then separate physical cabling is likely to be needed for the two networks. That's how I do it here at home --> totally separate outside of the wifi access point.
I suppose it ought to be possible to put guest users on a VPN in lieu of VLANs, but that's likely to be difficult to set up, and most probably the wifi boxes lack that capability in the factory firmware.
Previous Topic
Index
