Separate Business Network shared space

We are moving to a shared space and there is internet already there that has public wifi and I assume a standard ISP router/switch.

When we move in I would hope we would be able to use existing internet connection but have our own subnetwork.

I am thinking we could take an ethernet connection from existing ISP router and connect to a separate switch/Unifi AP we already have.

However I want our network to be totally separate / secure and not be accessible by other people on the ISP router.

I don't want to install servers/or managed switches but something I can setup/manage myself. Is there a simple appliance switch - like Meraki or something where i can do this?

TLDR - want to use existing internet connection to supply a separate network that is closed off from current internet router..

Hope this makes sense.. and thanks

TLDR - want to use existing internet connection to supply a separate network that is closed off from current internet router..

Provide / manage your own router + firewall.

Thanks, I am trying to avoid having to bring in a new phone line as it will complicate things?

If there's a standard ISP-supplied router then it's unlikely you will be able to have your own segregated LAN. Even if the shared space has an IT provider and a managed firewall and will give you your own LAN that doesn't accept inbound connections from other tenants in the same building, you would need to be able to trust them that they are not going to make changes to the configuration and expose your network in the future.

If you want assurances and control you will need to put your own router/firewall (whatever you want to call it) in and connect the existing network to its WAN port. This means you will be behind two layers of NAT, whether that is going to cause a problem depends on what you're doing.

Replace the ISP router with a router that can do VLANs and that will solve all your problems.

Thanks Dan

In reply to a post by jpm:

If there's a standard ISP-supplied router then it's unlikely you will be able to have your own segregated LAN. Even if the shared space has an IT provider and a managed firewall and will give you your own LAN that doesn't accept inbound connections from other tenants in the same building, you would need to be able to trust them that they are not going to make changes to the configuration and expose your network in the future.

If you want assurances and control you will need to put your own router/firewall (whatever you want to call it) in and connect the existing network to its WAN port. This means you will be behind two layers of NAT, whether that is going to cause a problem depends on what you're doing.

The ISP supplying building, could supply multiple IP addresses, one of which could be passed though to the OPs router, so you'd just have NAT there.

In practice though I think many spaces wouldn't want to get involved, you get the free WiFii, if you need more you need to do it yourself or maybe have own office space. I suspect its a case of where do they draw the line, maybe a connection through their NAT is ok, but maybe you need no NAT (to avoid double NAT), maybe you need multiple public Ip, maybe you need dedicated bandwidth or will consume a lot of bandwidth, maybe an SLA etc. Its all going to depend on the capabilities of the IT team and how much cost they can pass on, but most will have limits as they generally aren't ISPs with teams of experts