Option 1: If you have two public IP’s from your service provider you can simply install a
switch between the router and the modem, connect as per the diagram below, and
then configure each separately as if it were two different businesses in different buildings. Router 1 and 2 can be wired or wireless.
—————————————————————————————————————————————————-
Option 2: If you only have one public IP available from the service provider you need to use 3
routers. Router1 would normally be a wired only, and Routers 2 and 3 can be wired or wireless depending on your needs. This configuration completely isolates the 192.168.200.0/24 network from the 192.168.300.0/24 network. No users are to be connected wired or wirelessly to Router1.
Note: If you want to connect clients to Router1 or make it wireless and allow clients to connect, keep in mind users of the .200 and .300 networks will be able to see the devices connected to Router1 (thus no privacy other than their personal firewalls), however users of Router1 will not be able to see devices on the .100 and .200 networks. They are protected because they are on the LAN (private) side of the router/firewall.
In this case each router is configured as it would normally be except you need to adjust the IP configurations for LAN and WAN of each router as shown in the diagram below.
Note: Keep in mind if you have incoming services such as Remote desktop, you will need to port forward the appropriate ports, such as 3389, from Router1 to Router2, and then from Router2 to the appropriate
server/PC/device.
Warning: This method does not work for incoming VPN connections. Generally VPN’s will not work with multiple NAT devices (routers).
—————————————————————————————————————————————————-
Option 3: If you want to configure a guest network, which protects the corporate network, but it is not necessary to protect the guest network from the corporate network, you can do so with only 2 routers. In this case the guests, connected to Router1, are exposed to the corporate network, similar to that of an Internet café, but the corporate network is completely protected from the guest network because it is behind the firewall/Router2. Router 1 and 2 can be wired or wireless.
In this case each router is configured as it would normally be except you need to adjust the IP configurations for LAN and WAN of each router as shown in the diagram below.
Note: Keep in mind if you have incoming services such as Remote desktop, you will need to port forward the appropriate ports, such as 3389, from Router1 to Router2, and then From Router2 to the appropriate server/PC/device.
Warning: This method does not work for incoming VPN connections. Generally VPN’s will not work with multiple NAT devices (routers).
LAN-Tech Network Management 
Comments on: "Create an isolated network using one ISP connection and modem" (5)
hi
I wonder, can we assign ip .300 as mentioned above on Option 2
IP addresses bust be between or include .1 and .254 The examples are just random, they can be something like .10, .20, .30, or anything you like.
what type of cable is used to connect from the WAN port of router 2 to the LAN port on router 1? Straight or crossover?
What type of cables are used to connect Router 2 WAN port to Router 1 LAN? Straight or crossover?
Any device made in the last 10 years or more supports auto-negotiation, so a standard straight though cable is fine, though a cross over would work as well. However, if it is an older device that doesn’t support auto-negotiation you would use a crossover cable.