Would greatly appreciate advice from you experts over this.
I had the cg3000 for years without problems but I couldnt get the USB to work AT ALL so after wasting countless hours getting nowhere with optus support I demanded a new modem with a working usb (they sent me "sagemcom 3864V3 -white" - 1 band and it did work .. when it felt like it)
Not long after i had a tenant move in (so sharing internet with them).
Needed a guest network so they couldnt access my computor network, optus support as useless as usual.
Tried using one of my old optus modems (CG814WG -NETGEAR) for tenant use to connect via ethernet cable into the newly supplied "sagemcom 3864V3 -white". Couldnt get the connection to work after trying a lot of things that I read on yescrowd.
LOW & BEHOLD the USB on the recently supplied "sagemcom 3864V3 -white" BASICALLY DIED SO i again complained to OPTUS who then they supplied me with another "sagemcom 3864V3 - black" (dual band) and had the USB working again.
with help from you guys i was advised to keep the "sagemcom 3864V3 -black as master (ntwk-ray1 - 192.168.0.1 - & run an ethernet cable (which I had to do because of distance) from lan2)" into the tenants unit into the previously supplied "sagemcom 3864V3 -white" (ntwk-rayT - 192.168.2.1 - lan1).
Thanks to you guys this worked for about 2 months before it started to drop out, intermittently at first until it just died. Why I dont know. I reset it quite a few timers and the same sequence occurred.
I was having problems with the newly supplied to me "sagemcom 3864V3 - black". The USB was again playing up & coverage chopping in & out.
I again got onto optus & they sent me a CM500V-1STAUS (cable connection) & Sagemcom 5366TN. No problems with it as yet (touch wood).
The tenant has had no internet for a while now & they are a bit peeved (rightly so).
Since trying 2 different wifi routers (CG814WG -NETGEAR & sagemcom 3864V3 -white - BOTH cable connection) in the tenants unit (both wifi connection problems)
I am now trying to connect my old CG300V-2STAUS.
I have setup as follows:-
me (pc) = Sagemcom 5366TN - ntwk-ray1 - 192.168.0.1 (lan2) DHCP on
tenant (laptop) = CG300V-2STAUS - ntwk-rayT - 192.168.2.1 (lan1) DHCP on
(ethernet cable between routers - lan2 --> lan1)
Ive bench tested connections between routers using a temporary 1mtr ethernet cable (pc-lan2 --> laptop-lan1).
Can access tenant router admin via wifi OK (with no ethernet cable connected)
inside admin I changed to:- Advanced/BroadBand Settings/Always use ethernet WAN connection (since other selection is:- "always use cable connection")
* When I connect ethernet cable to "tenant router lan1"
then restart router
= internet wifi connection indicated on the laptop! can access net
= no access to router admin
* When I connect ethernet cable to "tenant router WAN"
then restart router
= internet wifi connection indicated on the laptop! can access net
= can access to router admin
I am seeking advice from you experts as to the safest way to setup a guest network for my tenant so they have no access to my network.
Is connection to tenant lan1 the correct way to keep both networks private from each other?
Thanks heaps in advance.
Ive always had trouble getting my head around WAN/LAN
p.s. You'd think optus would AT LEAST activate the guest function (since just about every modem I know) has this feature. The amount of time it would save everybody!
Hi - just a rule of thumb for network configurations that may assist here.
When you connect two modems together that use different IP address range, in your case 192.168.0.1[ Your LAN2] and 192.168.2.1 [Tenant LAN1] - the connection needs to be from the WAN port on Tenant Modem to LAN port on your modem. Tenant will have internet access and they will be able to have admin access to your modem only if they know the default or your custom password.
If you attempt to access the Tenant LAN 1 admin screens from your LAN 2 connected PC, you will be blocked by the Tenant Modem's Firewall. You would need to be connected directly to the Tenant modem to access its admin screens.
If you connect both modems via a LAN-LAN configuration, you would need to change the IP address of Tenant Modem to fit inside the range of the Your LAN 2 modem and allocate a static IP address to it and reboot modem and PC. In that mode, the Tenant has Internet Access and they can access your F@ST 5366 admin screen only if they know your custom password.
Some parents have found that their children can bypass the custom assigned password by Factory Defaulting the modem and using printed on label password to avoid parental blocking rules.
You appear to be a power-user in regards to your business computer hardware arrangements, not a general home user like me and may be able to arrange the appropraite security measures yourself using Microsoft or Apple network passwords. To ensure network integrity, it may be advisable for you to further research that area or seek advice from a support person who is knowledgeable about security matters so that your tenant has no possible way of accessing your data.
Some modems and routers have a VLAN function which allows you to partition users within a LAN switch so that virtual separation is provided between clients connected to LAN ports. In this case, it would generally be used to provide isolation between the incoming F@ST5366TN-A LAN port from the tenant modem port and your other LAN ports.
I can't see VLAN as a separate programable function of F@ST5366TN-A I have, firmware ending in 031. Unaware if it would be ever released in future versions - the feature is usually found in business or high end consumer modems/routers. Guest Networking is implemented in modems with this feature but can, in some modems, be hidden from customer view.
Never done it, But could a programmable switch be used to divide a network? Plug your internet into port 1 and then mandate that port 2 and 3 can access port one but can't send information between themselves?
Peter - yes, that is essentially what the VLAN function does on a Managed Switch. Used extensively in business applications with policy determining who can access Group Drives complimented by a higher level of Folder and File Access Restrictions. Some of the high end consumer routers and modems support that feature on their LAN ports as well.
Unfortunately, we live in a world where Phishing and associated Malware can penetrate a PC client on a network or network segment , wreak havoc to the network data without the owner of the network being aware of it until its too late. Hence my cautionary advice about the security issues involved with tenant access.
This is what really pi$$es me off because if optus just activated the guest network (on any of their sagemcrap modems)
Agree, I just loathe how much they cripple their routers. What really dumbfounds me is the fact that they give you the routers main username password on a fridge magnet expecting people to treat the whole device like a guest device. They just have no clue.
Having said that, I don't think having a guest network on the sagemcom/old cg3000 will prevent the need to purchase some new hardware of some description because:
1) The tenants unit is ~45 meters, so would have to wonder if the guest wifi signal from your house's sagemcom would be good enough (reach and/or speed) to service the tenant unit.
2) If the cg3000 (or any other device) is placed in the tenant unit to provide the guest wifi it can not be secured, a simple factory reset will get you in. So security has to be handled from the device in your house which is under your control.
Malware is real issue to be considered especially if you have your business network connected via ethernet to a third party (i.e. your tenant). My home computers are password protected, but I also have other devices on the network, any of which could be targeted/vulnerable to malware, but I would never allow a guest to use my internet without a guest network, no matter how much I trusted them, let alone plugging their device directly into any LAN port (in your case that would be the via ~45 meter cable).
While VLANs (managed somewhere in your home) are the solution, you may have been able to use a half-decent (?) workaround by setting a static route in the sagemcom, but alas, that feature isn't working yet (the UI implies that you should be able to set a static route).
[ @Mkrtich , if you are on v31 firmware you might want to consider forcing an update (just reboot the router via the maintenance menu) as v31 has known issues forgetting settings, essentially factory resetting itself. ]