If it wasn't for the ability to prioritise traffic then everything else you want would be relatively simple (assuming you want to protect your devices from the kids and not the other way around). But traffic prioritisation requires a different level of device.

Yup, that's the exact one I have. I don't currently use any of the VLAN features on it though as the setup I've gone with uses (VLAN tagging)* instead, but definitely a good option for the OP and will do exactly what is required.

* The VLAN tagging is a feature of the Edimax wireless access points I mentioned earlier - the exact models I have are these:

http://www.edimax.com/edimax/merchandise/merchandise...

I note that these are now an "End-of-Life Product" on the Edimax site, which is a shame, because I think they're very good units. There's probably a new version which has more features now (worth some investigation). In any case, each unit allows for up to 3 additional SSIDs to be configured with custom VLAN tag per SSID, meaning that it is possible to run 3 distinct wireless networks from just a single unit, with the traffic from each entering onto your Ethernet segment with a specific VLAN tag. In order to make use of this, you also have to have a broadband router that supports creating Ethernet interfaces with VLAN tags, but thankfully Linux does this out the box, so that's how I've done things. I have a guest network running on 192.168.10.0/24 with VLAN tag 10 and have configured my broadband router (Linux) with an eth0.10 interface which can then service traffic with VLAN tag 10, and acts as the default gateway allowing guest clients to reach the rest of the Internet, but locked down so they cannot route to any other local area (192.168.0.0/16) IP network. And because all their traffic is tagged, they can't see anything else on network segment, even though everything goes through the same switch. I was going to suggest this to the OP but it's quite advanced and probably way beyond what is required. Besides, this does not address the "PC seeing both networks" requirement, in which case a basic VLAN segmented network is the best option, as I've already described.

Overnight remembered that the Asus RT-N66U supports 3x2.4GHz and 3x5GHz guest networks that are isolated from Intranet and the Traffic Manager QoS system will do limiting for specific IP addresses and you can do IP address reservation via MAC.

Are you going to lock the routers and modems in a cupboard?

Otherwise they could just press the WPS button to join the other network? Or possibly plug a network cable in?!

Another option that hasn't been mentioned yet, a dedicated firewall router, such as Smoothwall.

You'll need an (oldish) PC that can take a minimum of 3 network cards to meet your current needs, you can add a 4th card later if required. A KB, mouse and monitor is only required for the initial setup, Intel Pentium or it's AMD equivalent with about 2GB of ram is more than enough.

You'll have 3 separate networks, one for you, one for the kids and the wan interface. The biggest advantage is customisation, it can do QoS out of the box, you can setup various controls for timed access for the kids and most important for me, filtering options for the kids PCs.

SW can do PPPOE so you only need the VDSL modem on the wan side, then wireless APs for the 2 networks. You can setup rules to control access from one network to the other.

Disadvantages: Steep learning curve and the dedicated PC will need to be on when internet access is required.

You can get RJ45 blockers and WPS button can usually be disabled in firmware

Hi folks, my apologies for not checking back in sooner, been pretty hectic here over the past month. Thanks to all of you for the great advice given, quite a lot to take in. The project remains on hold for the moment due to various commitments, but I think I might take the "old pc" option, mainly due to the fact that I have an old pc sitting doing nothing, and a box of old components including network cards. Does anybody have a preference over which software to use? I am leaning towards pfsense, which by all accounts should allow me to achieve what I am looking for, assuming that I can get my head around the various config settings.

Just a quick update on this.

I have finally got a system up and running.

I went for the "old pc" option with 3 network interfaces (1 for wan and 2 for separate lans, I installed pfsense and configured it so that the lan nics were independent of each other, and then configured the 2 wireless routers to run on different subnets and to transmit different SSIDs..........

........and it all works perfectly, I now have the 2 separate networks that I needed and as yet haven't had to apply traffic shaping, because at the moment there have been no problems, even the fibre speed seems to be more stable now, i'm getting higher speeds than I was prior to using this set up, and the speeds are more consistent throughout the day.

My advice to anybody wanting to achieve something like this, is, go for it! Admittedly, I was lucky, my set up has not cost me a penny due to having all of the required hardware to hand, and pfsense firewall/router is freeware, but I can't imagine that it would cost a huge amount even if you had to buy all the hardware. You only need a fairly basic old pc and second hand wireless routers are in abundance.