Technical Discussion
  >> Home Networking, Internet Connection Sharing, etc.


Register (or login) on our website and you will not see this ad.


  Print Thread
Standard User smiffy12
(experienced) Thu 02-Feb-17 16:28:46
Print Post

Wireless Access Point Help Please


[link to this post]
 
I've been asked by my friend who runs a B&B to put in a wireless access point for his guests to use. He and his family stay on the top floor with NAS, tablets, mobiles, TV, etc. He wants me to put in an access point for his guests to use. It needs to be such that whilst they get access to the 'net, they won't get access to his NAS or any of his home network. This is where I come unstuck and need some help I'm afraid.

I can get a CAT 6 cable run from the router to a point downstairs for the access point no problem. I've a couple of questions though and this is where I could do with help.

Is there such a thing as an access point that will automatically change IP addresses for guest users (who will still get an SSID and password to log on) away from the IP range of the home network and that it will only allow net access, no network access at all.

Also, the current router has gigabit networking ports. If I used POE for powering an access point, am I right that it would only offer 100Mbps network speed for users?

The broadband coming into the property is fibre and 78Mbps.

I do hope for some advice and keep my fingers crossed. This will actually be useful for me too as I'd like something like this to split children net access and home network, etc smile

Thank you for any and all help
Administrator MrSaffron
(staff) Thu 02-Feb-17 17:45:09
Print Post

Re: Wireless Access Point Help Please


[re: smiffy12] [link to this post]
 
You want an access point that supports guest networks.

If its an up to 76 Mbps , then 100 Mbps ports are no real problem.

Guest networks are fairly common, but given one assumes the family don't want their access impacting too adversely by guests they may want to employ rate limiting on the guest network, and thus it may be worth looking at routers that support DD-WRT firmware as this can often give you many options beyond the standard firmware.

A set of the command lines to do this on AsusWRT is at https://nwgat.ninja/limit-bandwith-for-ssid-on-asusw...

The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
Standard User legume
(experienced) Thu 02-Feb-17 18:32:25
Print Post

Re: Wireless Access Point Help Please


[re: MrSaffron] [link to this post]
 
In reply to a post by MrSaffron:
A set of the command lines to do this on AsusWRT is at https://nwgat.ninja/limit-bandwith-for-ssid-on-asusw...


That example is flawed, and looking at the other example on his site - he really doesn't have a clue how to use tc.
It has a pointless nested structure and worse uses htb default. It may "work" by luck, but could cause loss of connection in extremis (depends on the qlen of wl0.1 and how much traffic hits it and if it carries arp) - being lazy and using htb default means you may end up delaying/dropping arp - which is not good!

Though the point stands that DD-WRT and open routers in general give you the chance to do complex setups, but also to shoot your self in the foot smile


Register (or login) on our website and you will not see this ad.

Standard User Rhydszz
(newbie) Thu 02-Feb-17 18:36:22
Print Post

Re: Wireless Access Point Help Please


[re: legume] [link to this post]
 
Have a look at https://fon.com/The Fon router puts out two signals, the Fon members' wi-fi and onw for the owner to use. Both of these, I believe, use an IP address independent of the hme network. Most quality wi-fi access points should also have the ability to re-define the ip address range used for the wi-fi.

Alternatively, if the router already installed has a guest network capability, then it could be used, optionally with the addition of a wi-fi extender.

However, your friend also needs to consider the legal issues involved. I am not an expert on this but there is an easy to read description here http://www.premitel.uk/consultancy/expert-advice/how...
Standard User WWWombat
(knowledge is power) Thu 02-Feb-17 19:13:34
Print Post

Re: Wireless Access Point Help Please


[re: smiffy12] [link to this post]
 
You might attain some separation by having different IP addresses, though your router would need to know about the two ranges and, for example, have DHCP keep separation. That's not standard for routers, though @MrSaffron's suggestion might help.

However, keeping IP ranges separate doesn't stop devices being visible at the MAC level.

Another way would be by having a switch that treated the separate (wired) segments as separate VLANs, so traffic from one wouldn't meet the other, except when going to the router. You generally need a switch that is a step up from the minimum.

For example, the plain Netgear GS108, 208 or 308 models wouldn't do this, but the GS108E model would do. A GS108PE could be used to add PoE power if you want to minimise box counts.

Is a single AP going to be enough to cover all the public parts? If not, you might need to contemplate a wireless AP that adds some more commercial/enterprise capabilities (such as roaming) so multiple APs can use the same SSID.

Is the AP going to support 2.4GHz and 5GHz radios? For a simple, home-based, setup, I'd recommend separate SSIDs for each radio. However, for something used by the public, you might want to err back to a single SSID, but have those enterprise capabilities that keeps devices on one radio or the other.

In these kind of "slightly complex" AP scenarios, I'd probably steer you at the Ubiquiti Unifi AC range (lite or LR models). It might need you to run a "controller" to coordinate enterprise features across multiple APs, but not for single APs.

Some reasoning:
https://arstechnica.co.uk/gadgets/2016/05/ubiquiti-u...

Ubiquiti has a forum for questions of setup, which you might find helpful. I found this example thread...
https://community.ubnt.com/t5/UniFi-Wireless/Separat...
but it is for a more complex case than you want.

I currently use an Xclaim Xi-2, which is also in the "simple, entry-enterprise" category. However, price changes over the last year have favoured the Ubiquiti now.

I'd probably look at a switch that coped with VLANs, a Ubiquiti Unifi AC Lite (or LR if more distance needed). A PoE switch (with the style of PoE matching the AP) would simplify things. Then I'd connect everything into the switch, so the router only had a single port in use, connecting it to the switch.

PoE should work with gigabit, providing care is taken to match the style.
Standard User legume
(experienced) Thu 02-Feb-17 19:39:24
Print Post

Re: Wireless Access Point Help Please


[re: Rhydszz] [link to this post]
 
I don't know what the legal considerations are - seems a bit unclear, but for the OPs friend, there is a section in this pdf.

On solwise site
Standard User caffn8me
(knowledge is power) Sat 04-Feb-17 05:59:13
Print Post

Re: Wireless Access Point Help Please


[re: smiffy12] [link to this post]
 
In reply to a post by smiffy12:
I've been asked by my friend who runs a B&B to put in a wireless access point for his guests to use.
OK, my recommendation would also be for a Unifi access point - specifically the UAP-AC-LR (about £110). Try a single unit and you'll be surprised how good the coverage is. A single unit comes with a PoE power adapter and has gigabit ethernet. Note that the UAP-AC-Lite and UAP-AC-LR use passive 24V PoE and not 802.3af. If you wanted to run three Unifi access points a three pack comes without power adapters so I'd recommend the Ubiquiti (Unifi) 5 port PoE Toughswitch for about £80.

If you didn't want to set up a controller yourself, you could use Broadbandbuyer's hosted cloud controller service which is free for the first three years when you buy an access point from them and I think it's £10 a year after that. The access point arrives preconfigured and all you do is plug it in. You can then log into the cloud controller web interface to manage it as required.

Although you can run without a controller, it does allow for easy firmware upgrades, regular password changes, and monitoring, which I'd strongly recommend for this application. It's useful to see if someone nearby has got hold of the wifi password and is using the wifi for free without being a legitimate guest. It can also be used to see if staff are spending all their time playing on their phones rather than working. You can even view individual devices to see which is the heaviest user.

The controller is also used for hotspot management and can present guests with a splash page for terms and conditions to agree before they get access to the web. After agreeing to terms and conditions you can redirect them to a web page of your choice or simply let them get straight to the URL they entered.

You can even use the controller to generate voucher codes for time-limited or download limited access.

On the router side I'd suggest running the access point through a Draytek 2760 with the web content filtering service enabled. There is a small annual subscription for this but it does mean that you can help reduce the likelihood of abuse, and if there is a problem, you can show that you have taken reasonable precautions. I do know one business which didn't have content filtering and received legal threats from one of the film studios because pirated copies of films were being downloaded through their connection - by people who lived in an adjacent property. There are, of course, far worse things that people could be doing with the wifi service.

The Draytek supports separate VLANs and you can set bandwidth limits for each VLAN individually so that guest wifi use doesn't make the office network become unusably slow. You can also have web content filtering on just the guest VLAN.

The Draytek 2760n will provide reasonable 2.4GHz wifi for the top floor by itself. If you wanted 5GHz wireless n or ac you could either use a Draytek 2860ac or use a second Unifi access point, which would work out less expensive. Both the 2760 and 2860 routers are BT approved VDSL2 modem routers.

You could also use the 2760 without wifi connecting its WAN port to an ethernet port on the existing router. This would be the cheapest option and you can use either its firewall or the Unifi guest network feature to ensure that customers can't see your office LAN.

Sarah

--
If I can't drink my bowl of coffee three times daily, then in my torment, I will shrivel up like a piece of roast goat

Spiders on coffee - Badass spiders on drugs

Edited by caffn8me (Sat 04-Feb-17 06:20:09)

Standard User Towerman
(newbie) Sat 04-Feb-17 11:28:27
Print Post

Re: Wireless Access Point Help Please


[re: smiffy12] [link to this post]
 
This is what I have done in the past to achieve the same thing

http://forums.thinkbroadband.com/multiuser/t/4392203...
  Print Thread

Jump to