Add second internet option (simply) to existing LAN?

[Heynonny]

In an existing home LAN oriented around a Cable modem feeding an Asus router in turn feeding it's own Wifi and ethernet hookups (a 192.168.2.1+ subnet), I would like to add a WiFi hotspot, with a totally different ISP, and allow that ISP to be a choice for each computer on the LAN while maintaining all other resources on the LAN (servers, printers and such). Reasons are too complicated to get into. But ...

... Can I just install the WiFi hotspot device (happens to be a Coolpad Surf) with its own ip address outside the DHCP range of the existing LAN (range is .100-.200 so at 192.168.2.233), turn off the DHCP allocation feature of the hotspot, then allow individual computers on the LAN (with manual ip setup) to connect to the hotspot but use 192.168.2.1 as the ethernet service router address and 192.168.2.233 as the DNS search address [EDIT: and, of course, as the Wifi service router, I should have stated that overtly]?

I mean, I know I _can_ because I am, and I'm on the hotspot and its ISP now, with apparently all access to my normal LAN still intact. But am I crossing the streams and will this eventually end the word as I know it or am I courting any kind of trouble in the future?

I did search, couldn't find this quite exactly on point enough to give me peace of mind. Thanks!

 

[pldelisle]

I would really not recommend doing that.

Anyway, if you set the router IP of this AP to 192.168.2.1, you will always use the ISP connected to this router, which is ISP1. You can only have one gateway per ISP on this kind of setup and traffic will always be forwarded to your Asus which is the only gateway set on the AP. You need to have two SSIDs, one per ISP, and both APs have distinct gateway IP address and distinct subnet. You then need to manually configure a route on ISP2 router to access the Asus network (ISP1 network). So, for example, on ISP2 router, you need a route :

ip route 192.168.2.0 255.255.255.0 GigabitEthernet0/1 if Asus router is plugged into Ethernet 1 port.

If you need ISP failover, there are a lot more robust solutions for doing so, but requires a lot more money. Even Ubiquiti, a Prosumer networking hardware company, doesn't support it on their newest hardware. You'll need to tap onto Cisco Meraki, Fortinet, or build your own PFsene/OpnSense router using x86-64 hardware.

If it's not for failover, I don't know why you would need that for any legal use case...

 

[Heynonny]

Thanks very much. As I said, it's working fine. A computer that has selected the hotspot (prioritized at the top, ahead of the Asus ethernet connection) uses the hotspot for internet but uses ethernet over the Asus router for all other internal LAN business.

I was just wondering what specific harm I might be doing, but I appreciate your advice that you would really not recommend it. I'm sure I would eventually run into some abnormalities in this configuration.

 

[pldelisle]

That's a freaking weird configuration, without any doubt.

 

[2984839]

If I understand this correctly you're using 192.168.2.1 as the router but 192.168.2.233 as the DNS search address? If so, all you are doing is sending DNS queries to the hotspot and all other traffic through the Asus router. If you run

route show

on a Linux/Mac/BSD system connected to this network, you should see that the default route is 192.168.2.1.

 

[Heynonny]

If I understand this correctly you're using 192.168.2.1 as the router but 192.168.2.233 as the DNS search address? If so, all you are doing is sending DNS queries to the hotspot and all other traffic through the Asus router.

No. The selected router for the computer using the hotspot is 192.168.2.233 for the WiFi service and 192.168.2.1 for ethernet service. [EDIT: I thought I had made it clear but I had not] Both the Wifi and the ethernet connection have a green button and the WiFi service is listed first. This took a little work to get it to work right but I'm trying to reduce it to a script eventually so any device on the LAN can switch to this configuration with one click. There's no question it's working, my question is whether I'm doing any harm, risking corrupt or collided traffic, whatever.

I'm seeing no signs of problems but I am accepting it as fact that this is a BAD THING since people here and everywhere else I've checked tell me it's both a BAD THING and will not work.

 

[pldelisle]

It’s really a non-standard configuration. I strongly not recommend working and wasting time on this. If you really need a dual ISP setup, get real hardware and invest time in learning on this concept and real tools instead of wasting time on scripting this weird thing.

 

[Heynonny]

get real hardware and invest time in learning on this concept and real tools instead of wasting time

Absolutely. Everyone has told me that. It will not work.

I'd much rather spend a lot of money and get involved in something complicated. It pisses me off that something this simple seems to work, so I am hopeful still of finding why it's a really stupid idea.

I'm on my fourth day of running auto-tests, no degradation. For the first time, about an hour ago, internet speed went down to close to zero and I had to reboot the Mac, at which point everything came back to normal. Probably some evidence that you are all correct.

 

[pldelisle]

Absolutely. Everyone has told me that. It will not work.

I'd much rather spend a lot of money and get involved in something complicated. It pisses me off that something this simple seems to work, so I am hopeful still of finding why it's a really stupid idea.

I'm on my fourth day of running auto-tests, no degradation. For the first time, about an hour ago, internet speed went down to close to zero and I had to reboot the Mac, at which point everything came back to normal. Probably some evidence that you are all correct.

But I don’t see clearly why you need a second ISP.

network appliance running pfsense doesn’t cost an arm and a leg. Configuring it isn’t that much difficult either.

 

[hobowankenobi]

As mentioned, typically dual WAN is for failover, or possibly load balanced, but not a choice for devices.

They don't have to be crazy expensive...but the market is mostly for robust enterprise routers and firewalls, not home use.

But hey, there are choices out there.

 

[Heynonny]

typically dual WAN is for failover, or possibly load balanced, but not a choice for devices.

Thanks. I was looking for something simple; and though everybody tells me not to do it simple, there are no specifics as to why not. Since it continues to work fine, after two weeks of some pretty demanding testing, I'm satisfied with my solution. If the world internet collapses as a result of what I'm doing, I apologize in advance.

 

[hobowankenobi]

Hey...if it works. Folks are telling you what best practices are. You don't have to follow best practices. But if things get weird...one-off network hacks and silly human tricks make for messy troubleshooting.

Also keep in mind, networking is taught in a way that is scalable and consistent for large, enterprise setups. Stability, performance and security drive the bus, not quick and dirty workarounds. Something as mundane as an OS update could break your hack. Unlikely...but be aware.