• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 484
  • Last Modified:

LAN HotSpot router/firewall

I have asked a question similar to this one, but at the time was more interested in doing this at the switch level.  At this point I am looking to do this on a simple to configure router that is fully encapsulated.  

A client of mine has an apartment complex with approximately 100 units that are all hard-wired.  He is going to provide free internet to them being fed from a single 20/20 Comcast business connection.  Because of the limited bandwidth & the shared network archicture, we are looking for a router/firewall that can do several things without an external server etc:

1) Limit Bandwidth per connection - We want to make sure that one person cannot eat up all of the bandwidth.  The ideal scenario would be that each person can have a MAX of bandwidth & that max is lowered if the available bandwidth goes down.

2) The ability to report on bandwidth usage (this may not be possible & may actually be reportable through Comcast...however, the idea would be to know when & if we are at capacity.

3) Client Isolation - because this is an open network architecture, I want to make sure that each client is fully isolated from the others for security purposes.  (liability)

4) Walled Garden - I am looking to create a basic walled garden that will bring up a simple splash page on a daily basis that will remind them that this internet is free & is not to be abused.  It also will remind them of some of the other policies etc.  It needs to have the capacity for several paragraphs.

5) Automatic restart - I know that with large amounts of traffic, lots of these routers get clogged up.  I would like to have a setting (similar to what DD-WRT has) to automatically reboot the router on a nightly basis.

6) Capacity - I need to make sure that the router can handle the capacity of up to 200-300 clients.  Although this may be higher than needed, it is what I would like.  We are going to give each apartment the option of putting in their own wireless router, so that should reduce the number of IP's needed from the main router.  (by the way - will that throw off all of the other security if they have their own router/gateway?)

Thanks for your feedback!
0
rustyrpage
Asked:
rustyrpage
  • 4
  • 3
  • 2
1 Solution
 
chuckyhCommented:
First of all there's no single piece of equipment that will do all that. Be prepared to spend some money. You'll need a decent switch like Cisco Catalyst 4500, and a router like a Cisco 2800 series.  You don't need to restart this caliber of routers like you are suggesting, they don't get"clogged up."
0
 
rustyrpageAuthor Commented:
What part of the puzzle makes it so complex?  I have done each of these things separately using free firmwares etc.

This is not for an organization, this is for a free internet connection benefit.
0
 
chuckyhCommented:
Do you plan on giving each apartment their own ethernet jack? or are you planning on wireless?  How do you plan on separating the traffic between all the users from each other? You don't want users to be able to browse the network and find computer shares right? I don't think there are any consumer grade wifi routers that can handle 100 concurrent users. You'll have to look at enterprise products from Cisco or Aruba or Ruckus.
0
Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations

 
rustyrpageAuthor Commented:
As mentioned every apartment will be hard-wired.  I am asking for a method of doing client isolation (point #3) so that they cannot browse each other.

Thanks!
0
 
chuckyhCommented:
For client isolation you need a switch that does Private VLANS
http://en.wikipedia.org/wiki/Private_VLAN

0
 
rustyrpageAuthor Commented:
So you would do that at the switch level instead of the firewall level?  Would the DHCP still come from firewall/router?

What is a cheap 48 port switch that can handle this?  Dell?  HP?  3Com?
0
 
ajeabCommented:
I think you need L3 switch.  not cheap.
0
 
rustyrpageAuthor Commented:
I understand it won't necessarily be cheap, but what is a good suggestion of a cheaper switch.
0
 
ajeabCommented:
it's depend on how much knowledge you have. dell, 3com, HP have switch with web interface. price cheaper than cisco.  
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

  • 4
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now