Using Surf SOHO MK3 with 2nd router as Access Point


#1

Hello,
I am considering using the Surf SOHO MK3 as my primary router (connected to cable internet provider modem) & using a typical residential router (Asus, Netgear, LInksys, etc…) as an access point (this router would be connected to the Surf SOHO LAN port via cable & would be placed in Access Point mode) to expand wifi coverage in entire house.

I have two questions:

  1. Would the Surf SOHO have any problems with this setup?
  2. Would this essentially be one private network (even though the router setup in access point mode has separate SSIDs & passwords) controlled / managed by the Surf SOHO configuration?

Any help is appreciated!


#2

The SOHO will have no problems with this setup but you cannot manage or control the AP functionality of the 3rd-party device from the SOHO.


#3

It can be one private network and probably will be with the Asus (or whatever) router not doing DHCP. That said, you may not want one network, isolating devices that do not have a need to share resources makes things a bit more secure.

One downside of your scheme is the monitoring of devices attached to the Asus router. The Surf SOHO offers lots of details about devices directly attached to it and some of those details will be lost for devices attached to the Asus router.


#4

Thank you for your reply. In AP mode, would the 3rd party router just essentially be extending the wifi signal of the private LAN created by the Surf SOHO so any AP functionality I would need to manage would be related to the SSID / PW & not firewall, dhcp, port filtering, etc…? (for that I could just use the 3rd party router GUI). Or put another way, if one of the primary benefits of the Surf SOHO is the security features it provides for a private LAN would one be significantly mitigating that benefit by using a Netgear / Asus / Linksys router as an AP? If yes, would you recommend getting a second Surf SOHO & using the 2nd as an AP?


#5

Thanks, that is a good point & would be a good reason to use the Surf SOHO as the primary router, correct? Since the Surf SOHO would allow you to isolate a guest network or ioT devices using VLAN?

Would the devices connected to the Asus (or whatever) Access Point still be subject to the Surf SOHO security options (such as the firewall, port filtering, etc…)?


#6

Hi Michael234 / Tim_S
One of the things I am confused about in my proposed setup (Surf SOHO MK3 as primary router connected by LAN port to Asus router configured to AP mode) is how the AP coordinates (for lack of a better word) with the Surf SOHO. I understand all devices on both the Surf & AP SSIDs would be part of the same network but the Asus has a separate GUI.

  1. So if one reason for buying the Surf is the security options would it defeat the purpose if connecting to an AP with its own GUI that may not have the same security features?
  2. If I created VLANs using the Surf SOHO those VLANs would not be available on the AP, correct?

The issue I have is I need the AP to extend the wireless range to my entire location.


#7

You can think of your ASUS router as just an extension of the wireless network in this scenario. The fact that it has a GUI is irrelevant, lots of devices have a GUI.

You just want to configure the ASUS as a dumb AP by disabling the DHCP server and any other firewalling/networking functionality. In short, you will just assign a static LAN IP address to it from the SOHO range and then disable DHCP. Don’t forget that you need to connect one of its LAN ports to a SOHO LAN port, NOT the WAN port of the ASUS.

Thanks.


#8

So if I create a VLAN using the Surf SOHO (lets assume for guest access & assume isolated from the private LAN) & assign the VLAN to 1 of the 3 Surf SSIDs would this VLAN guest NW be extended by the Asus AP SSID (meaning would the guest network wifi range be extended by the AP)?


#9

After you create your VLAN you will also need to assign it to a physical LAN port and then plug the AP into that port.


#10

ok - one other question regarding VLANs. If I assign a VLAN to a physical LAN port (lets call that VLAN 1) & isolate that VLAN 1 from the other network (lets call it the private LAN), anytime I try to connect to the device on VLAN 1 from the private LAN, would I have to do so remotely since the private LAN would be considered to be outside the VLAN 1 network? (meaning would have to open up a port / set up port forwarding for VLAN 1 in order to be able to access from the private LAN) or is there a way to setup so a device on the private LAN can access VLAN 1 but VLAN 1 cannot access the private LAN?