Cheapest isolated office WIFI solution needed

[PsyWulf]

Let me elaborate before another network genius crops up and makes a joke of himself

We have the greater internet 0.0.0.0 route<> Router1 WAN -> Router1 LAN 192.168.1.x
Now if we add router2 as suggested: 0.0.0.0 route <> Router1 WAN -> Router1 LAN 192.168.1.x <-> Router2 WAN (192.168.1.x) <-> Router2 LAN (10.0.0.x)

So let's run through some examples here

Device in LAN1 tries to access internet -> Router1 LAN (10.0.0.x) -> Router1 WAN -> 0.0.0.0 -> Destination
Device in LAN2 tries to access 10.0.0.92(LAN2) -> Router2 LAN (10.0.0.x) -> Destination (10.0.0.92)
Device in LAN2 tries to access 192.168.1.35(LAN1) -> Router2 LAN (10.0.0.x)-> Router2 WAN (192.168.1.x) -> Router1 LAN (192.168.1.x) -> Destination (192.168.1.35)
Device in LAN2 tries to access internet -> Router2 LAN -> Router2 WAN -> Router1 LAN -> Router1 WAN -> 0.0.0.0 -> Destination

So what's happening here?
Surprisingly,when the Routers can't route traffic for the destination IP over its LAN interface (It's outside my range/subnet?) the basic rule of thumb is Forward to WAN
Since WAN2 sits in LAN1 it'll happily accept and forward traffic between those networks,and it's a stateful connection,Router1 will see the request is within it's subnet/range and not pass it to the default internet route and pass it over LAN1

What does this mean for me as an IP layman?
If I were to target an IP on 192.168.1.x range from LAN2,all I need to do is request it by IP and the traffic will be passed normally

Now does this mean the proposed idea won't work? It'll work,but it won't isolate the traffic the way the OP requested (UNLESS you can enable port/guest isolation for the port used from WAN2 -> LAN1 which I don't see being mentioned)
There are other technical solutions but for intents and purposes those are also not options as they fall outside the scope of this farcical suggestion

 

[WalkWithMe]

MikroTik hAP lite

Takealot.com: Online Shopping | SA's leading online store

South Africa's leading online store. Fast, reliable delivery to your door. Many ways to pay. Shop anything you can imagine: TVs, laptops, cellphones, kitchen appliances, toys, books, beauty & more. Shop the mobile app anytime, anywhere.

www.takealot.com

OP is asking for AC Wifi which is 5Ghz, you need hAC unit. The hAP lite is for a couple of users with only 2ghz wifi, not powerful enough

 

[SauRoNZA]

Does the Huawei not have a Guest Network option?

Or a simple WiFi Client Isolation option for the existing WiFi?

Either would do the job.

 

[access]

gees guys, why such complicatednessismationalistical

Need advice for the cheapest way to get this implemented. I currently have a Huawei B525 LTE router handling all wifi and internet at the office. It is connected into our LAN which also has our server and workstations etc. Several staff have wifi access for their cellphones to use this internet over WIFI.

Now I want to get those private cellphones away from accessing the LAN portion of the network and thereby protect the server and data.

Is there a reasonable WIFI AP that I can buy that will give me AC WIFI and isolate the smartphones from the LAN, only giving them internet access from the B525 Router?

Takealot.com: Online Shopping | SA's leading online store

South Africa's leading online store. Fast, reliable delivery to your door. Many ways to pay. Shop anything you can imagine: TVs, laptops, cellphones, kitchen appliances, toys, books, beauty & more. Shop the mobile app anytime, anywhere.

www.takealot.com

AC6V1.0-How to setup guest network-Tenda US

AC6V1.0-How to setup guest network

www.tendacn.com

disable wifi on the huawei

plug the huawei lan into the tenda wan.

create wifi on tenda for lan and guests.

bobs your uncle.

edit: if you have a cabled network, plug that into the tenda as well..