How to setup home network with two routers (or “to not waste superb WiFi router in basement”)

cable-modemcablinghome-networkingnetworkingwireless-networking

I have the crazy plan to rewire my home network. Well currently it is a rather simple set up I guess, that I'd like to complicate 🙂 to get rid of my (not very stable) powerline adapters and to provide network connected wall-mounted RJ45 ports to 4 rooms of my house.

I am a software engineer with some knowledge about networks. I know stuff about IP addresses, MAC address, switches, routers the OSI layer model but some parts not very deep.

My current setup is as followed:

• 3 story house
• In the basement there is the incoming coax/TV line from my provider, there the coax line is split to 4 (coax) cables which go into 4 rooms
• My Cable modem is in the attic (in my "office"), it is used in bridge mode, one of the coax lines goes into this modem
• I have a new and fancy Synology RT2600ac router, lets call it "master rooter", the modem is connected to this masterrouter to the WAN port
• On the master root there is stuff running like "threat prevention", DHCP, WLAN mesh start, Safe Access (devices can be assigned to profiles, which can be configured, what is allowed for each profile), port forward rules etc. etc. – the router is pretty new, I like it and I want to keep it, also it provides a great WiFi signal
• In the office there are some devices (like my PC or a NAS) directly connected to the master router's other (LAN) ports (internal switch of router) by RJ45
• One of the LAN ports of the router goes to a powerline adapter, adapter "PLA"
• One other powerline adapter "PLB" is in on the ground-floor
• On PLB is directly connected a TV and a WLAN access point (meshed with the router in the attic)
• All devices are in the same network and use the master router as gateway for internet connections
• One telephone is directly connected to the cable modem (RJ11)

As I said, I want to get rid of powerline (PLA/PLB) so the connection is more stable and maybe to also have easy access to LAN port in some rooms.

So the plan is to install RJ45 wall sockets into the 4 rooms, from those sockets 1-2 network (probably Cat. 7) will go down into the basement, where they are all connected to a patch panel.

Also I would like to install more than 1 telephone in the house, using a cable (not DECT), so I want the network sockets will most likely also have a (keystone) module for RJ11.

So the I guess the future setup will be:

• Some kind of housing/rack in the basement for the network
installation
• cable modem placed directly in the basement inside the housing, coax from provider connect to cable modem
• Cable modem no longer configured as "bridge" but in router mode, lets call it "cable modem router"
• The master router shall not be placed in the housing/basement because of the concrete walls it would not provide a WLAN signal that can be reached even at ground floor, master router stays at its current location in the attic (this is essential)
• In the housing (in the basement) is a switch connected to the cable modem router
• From this switch the patch panel is served to connect to rooms with the switch
• Telephone line from modem (RJ11) is also patched to some RJ11 ports (well I guess those things exist, but it is not very important for this scenario)
• Master router is in attic (one of the patched rooms) and is connected to a RJ45 wall socket with the patch panel, connecting this device to the patch panel and the switch, so it is connected with the other devices in the network
• Device in the office (computer, NAS) are connected either directly to the switch ports of the master router or a wall socket (RJ45) (I don't think it matters that much, where they are connected to the network)
• Devices use their former static IP address or still get their IP address by DHCP from the master router
• Master router still makes port forwarding, threat prevention, DHCP, safe access etc. etc. as before
• Master routers gateway is the cable modem router
• Cable modem router passes all traffic directly to the master router, without applying any filtering/rules etc.

Those this sound about right or is there a problem with this setup? Is this a good approach to solve the issue (fancy WLAN master router should not be in the basement)?

There is no need to change the modem to 'router' mode.

You've described this topology:

===coax=== <WAN>
cable modem
<LAN> -------[ethernet switch]-------- <WAN>
synology router
<LAN> --- etc.


In this situation, it doesn't matter whether devices connected directly to cable modem's switch will get public or private addresses, because you wouldn't want to have any devices connected there at all:

• Your main reason for using the Synology router was its protection features, and connecting devices to the cable modem's switch would completely bypass the attic router.

• From the attic router's perspective, the switch is on the "WAN" side. It is a separate network from your main LAN, it has separate addressing, and the Synology router does not serve DHCP on that interface. (Even if you statically configured the addresses to match Synology LAN, it wouldn't work as the devices would still be physically in the wrong network.)

• Devices connected to this switch wouldn't be able to access your main Synology LAN, unless you configured a hole through its firewalls and security features. (Or you could use port forwarding to get into the LAN, but a home network that relies on port-forwarding inside the network is just not good design at all.)

• Your main LAN would be able to access devices on this switch (as long as both routers use different subnet prefixes), but the Synology router would perform NAT on the connections, meaning these devices wouldn't see the real client IP addresses. This is just a minor issue (and in some routers a NAT exception can be configured), but it can be an annoyance depending on what exactly you run in the basement, and again – not great design.

If you need the switch because you must have Ethernet ports available in the basement, there's only one option: basement → attic → basement. Run one Ethernet cable from the modem directly to the router's WAN interface, and a second cable back from the router's LAN to the basement switch.

Once that's done, there is absolutely no advantage in having the modem in 'router' mode.

If you cannot run a second cable all the way, the same can be achieved using two managed switches with VLAN tagging:

1. On both switches, configure 1) one port in 'access' mode for the "WAN" vlan, 2) one port in 'trunk' or 'all VLANs tagged' mode; 3) the remaining ports in 'access' mode for the "LAN" vlan.
2. Install one switch in the basement, the other in the attic.
3. Connect the switches together using the "trunk" port.
4. On the attic switch, connect the designated "WAN" port to the router's WAN side, and one of the "LAN" ports to the router's LAN side.
5. On the basement switch, connect the designated "WAN" port to the cable modem's Ethernet output. (Use the remaining ports for whatever you like.)