Hi all

I had this posted on the Forum / Board Discussion & Help. No one answered there so I thought I might try this here

Hope someone here can give me some advice.
I am trying to build a network between two houses made up out of Draytek units.
What I am looking to do is to use a 2926ac in the Guest Building (lets call it that) and also have an AP910C connected to it via LAN cable via a PoE switch. Also connected to that PoE switch would be an AP918 or 920 RDP unit. The RDP unit not connects to another RDP unit on the main house. This consists of (I hope) a 2927 ax, AP1000c and a P1092 Switch.
1st question: The RDP units should be able to transmit the data from one house to the other (distance is 15m) without any problems?
2nd question: How does this all need to be set up in such a way that I have:
a) In the main house the 2927 set up with strict bind MAC address and sort of has its own network
b) The data coming from the 2926 via the RDP has a SSID called guest and it doesn't interfere with the strict bind of House one
c) The guest building has access to the internet but is absolutely unable to get into the main building network. The main internet connection to the WWW is the 2927 connected to FTTP. All date goes via this router.
I have never used DMZ nor VLAN and just not sure how to set this up to make it very safe for main building but guest building has access to the internet

Anyone's help is highly appreciated
Thx
Ian

If all you want is for the guest building to have internet access via the main house why bother using a router (the 2926) in there? You can accomplish what you need with the Access point(s) and switch.
Not sure where DMZ comes into the scheme? By "not connects" I assume you mean "connects"?
When setting up your guest VLAN just make sure that inter-lan routing is not enabled.
Whichever port on the house router you connect to the RDP link must carry at least the guest VLAN. If it carries others as well it doesn't matter as long as inter-lan routing is not enabled.

The link over 15m may work, although it depends as they say. I have an AP903-AP903 link working over about 5m, with a cavity brick wall at one end and a wooden garage door at the other. The signal strength appears to drop abysmally low at times (why it varies so much I have been unable to determine) but the connection has held up so far.

Hi Piste

Thx for your answer
So what you are saying is I could just use the AP918RDP and connect this to a PoE switch and connect the other AP's to that.
Just thought as I have the 2926 spare I could use that next door.

Thx
Ian

As I understand it yes, if that's what you're trying to do. The 918 in the guest house is linked wirelessly to whatever AP you have connected to your router in the main house. The 918 has 4 ethernet ports so you can connect other devices to it - including a switch if you need more ports, or is that just to power the 918 via POE? Devices in the guest house will have connections to whichever VLANS you decide to feed to the 918 - so be careful, since wired LAN devices will have those connections, unless you block them in some other way. For example, because the only "guests" likely to be near my garage will be connecting via wifi (e.g. on their phones), I feed the guest VLAN to the 903 and give them the guest password. However, I also feed my main house VLAN to the 903 as there is a backup server connected to it by wire, and a third VLAN for IOT devices, some of which connect wirelessly and some by wire. Anyone "could" just plug a wired device into the 903 and gain access to all the VLANS, so the easiest and safest solution for you would I guess be to feed only the guest VLAN to the 918. However, as I see it that would mean having only that VLAN on the AP which is the main house end of the wireless link, which may be a restriction (or expense for another AP) you don't want?
In that scenario even a wired device connecting in the guest house would only have access to the guest VLAN, provided you have not enabled inter-LAN routing.
If I'm tying myself up in knots maybe someone else will correct me......

Hi

Thx for you answers. I will start with 2 RDP's first not sure what the difference is between the 918 and 920 but will get a pair. The I just need to wait and see what happens with the 2927ax when this will be available. I need a 2927 to get the benefit of the fast internet connection the 2926 I have can only do on the firewall 400 Mbps. So need the 2927 and want it then straight as an ax version. Has to be seen which internal AP will be available as an ax version. The were talking about a 960

Thx
Ian

So

Ordered the 2 AP918 RDP's and a P2121 Switch. So this is the first step. Have to wait now for the AP960AX and the new 2962 router.
Let's see how it will work.
Will keep you posted

Thx
Ian