Typical house with a basement, there are about 4-5 renters.
There is a Cat6 line going from my main router to downstairs, which is then connected to a signal booster to give them all wifi.
I’d like to keep the renters completely seperated from my main house home network.
How do I seperate the signal booster/renters from seeing any devices on my main house router?
Should I connect a switch or router in between my main router and the signal booster?
Your best option is use VLANS your consumer router may not do it. So may require setting up an open router and run like OpnSense etc
As u/Mannus01 mentioned, using the guest network, with client isolation is the easiest way, as it is only a few clicks in your router settings.
However, that might also limit what your renters can do with their network. For example, if they have a WiFi printer, they wouldn’t be able to use it, since the clients are fully isolated from each other.
Using two routers would isolate ONE of the two networks. . . but in order for them not to be able to see your stuff, they’d have to be the first router – the one connected to your ISP. Your router would need to be connected to theirs. . . which could cause some connectivity issues for your stuff. (Gaming, etc.)
Without getting their own ISP, the only way to give your renters the same networking experience that you currently enjoy would be to use a more advanced router that supports VLANs. Then you can keep your stuff on one VLAN, and theirs can exist on the other, with each one having access to the internet, but fully isolated from one-another.
If I were in your shoes, I’d remove the Cat6 cable and make them get their own internet connection, if for no other reason than to limit liability for anything illegal they might do while connected to your internet connection…
Easiest fix is to replace the WiFi extender in the basement with another router. The tenants would connect to that one (whether physically or via WiFi) and the network provided by that router will be mostly separate from your own. If none of them are tech-y this should work fine but otherwise still allows them to connect into your network if they know what they’re doing and make an effort to do so. Think of it like a cheap lock—keeps honest people honest but someone with sufficient motivation can still break in.
There are more secure ways but they would involve replacing pretty much all of your networking gear with more capable equipment as you will need VLANs and a competent firewall.