I have asked a question similar to this one, but at the time was more interested in doing this at the switch level. At this point I am looking to do this on a simple to configure router that is fully encapsulated.
A client of mine has an apartment complex with approximately 100 units that are all hard-wired. He is going to provide free internet to them being fed from a single 20/20 Comcast business connection. Because of the limited bandwidth & the shared network archicture, we are looking for a router/firewall that can do several things without an external server etc:
1) Limit Bandwidth per connection - We want to make sure that one person cannot eat up all of the bandwidth. The ideal scenario would be that each person can have a MAX of bandwidth & that max is lowered if the available bandwidth goes down.
2) The ability to report on bandwidth usage (this may not be possible & may actually be reportable through Comcast...however, the idea would be to know when & if we are at capacity.
3) Client Isolation - because this is an open network architecture, I want to make sure that each client is fully isolated from the others for security purposes. (liability)
4) Walled Garden - I am looking to create a basic walled garden that will bring up a simple splash page on a daily basis that will remind them that this internet is free & is not to be abused. It also will remind them of some of the other policies etc. It needs to have the capacity for several paragraphs.
5) Automatic restart - I know that with large amounts of traffic, lots of these routers get clogged up. I would like to have a setting (similar to what DD-WRT has) to automatically reboot the router on a nightly basis.
6) Capacity - I need to make sure that the router can handle the capacity of up to 200-300 clients. Although this may be higher than needed, it is what I would like. We are going to give each apartment the option of putting in their own wireless router, so that should reduce the number of IP's needed from the main router. (by the way - will that throw off all of the other security if they have their own router/gateway?)
Thanks for your feedback!