[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

LAN HotSpot router/firewall

Posted on 2009-04-17
9
Medium Priority
?
480 Views
Last Modified: 2012-05-06
I have asked a question similar to this one, but at the time was more interested in doing this at the switch level.  At this point I am looking to do this on a simple to configure router that is fully encapsulated.  

A client of mine has an apartment complex with approximately 100 units that are all hard-wired.  He is going to provide free internet to them being fed from a single 20/20 Comcast business connection.  Because of the limited bandwidth & the shared network archicture, we are looking for a router/firewall that can do several things without an external server etc:

1) Limit Bandwidth per connection - We want to make sure that one person cannot eat up all of the bandwidth.  The ideal scenario would be that each person can have a MAX of bandwidth & that max is lowered if the available bandwidth goes down.

2) The ability to report on bandwidth usage (this may not be possible & may actually be reportable through Comcast...however, the idea would be to know when & if we are at capacity.

3) Client Isolation - because this is an open network architecture, I want to make sure that each client is fully isolated from the others for security purposes.  (liability)

4) Walled Garden - I am looking to create a basic walled garden that will bring up a simple splash page on a daily basis that will remind them that this internet is free & is not to be abused.  It also will remind them of some of the other policies etc.  It needs to have the capacity for several paragraphs.

5) Automatic restart - I know that with large amounts of traffic, lots of these routers get clogged up.  I would like to have a setting (similar to what DD-WRT has) to automatically reboot the router on a nightly basis.

6) Capacity - I need to make sure that the router can handle the capacity of up to 200-300 clients.  Although this may be higher than needed, it is what I would like.  We are going to give each apartment the option of putting in their own wireless router, so that should reduce the number of IP's needed from the main router.  (by the way - will that throw off all of the other security if they have their own router/gateway?)

Thanks for your feedback!
0
Comment
Question by:rustyrpage
  • 4
  • 3
  • 2
9 Comments
 
LVL 18

Expert Comment

by:chuckyh
ID: 24169576
First of all there's no single piece of equipment that will do all that. Be prepared to spend some money. You'll need a decent switch like Cisco Catalyst 4500, and a router like a Cisco 2800 series.  You don't need to restart this caliber of routers like you are suggesting, they don't get"clogged up."
0
 
LVL 6

Author Comment

by:rustyrpage
ID: 24169669
What part of the puzzle makes it so complex?  I have done each of these things separately using free firmwares etc.

This is not for an organization, this is for a free internet connection benefit.
0
 
LVL 18

Expert Comment

by:chuckyh
ID: 24170673
Do you plan on giving each apartment their own ethernet jack? or are you planning on wireless?  How do you plan on separating the traffic between all the users from each other? You don't want users to be able to browse the network and find computer shares right? I don't think there are any consumer grade wifi routers that can handle 100 concurrent users. You'll have to look at enterprise products from Cisco or Aruba or Ruckus.
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
LVL 6

Author Comment

by:rustyrpage
ID: 24171148
As mentioned every apartment will be hard-wired.  I am asking for a method of doing client isolation (point #3) so that they cannot browse each other.

Thanks!
0
 
LVL 18

Expert Comment

by:chuckyh
ID: 24171209
For client isolation you need a switch that does Private VLANS
http://en.wikipedia.org/wiki/Private_VLAN

0
 
LVL 6

Author Comment

by:rustyrpage
ID: 24171219
So you would do that at the switch level instead of the firewall level?  Would the DHCP still come from firewall/router?

What is a cheap 48 port switch that can handle this?  Dell?  HP?  3Com?
0
 
LVL 6

Accepted Solution

by:
ajeab earned 2000 total points
ID: 24178281
I think you need L3 switch.  not cheap.
0
 
LVL 6

Author Comment

by:rustyrpage
ID: 24184750
I understand it won't necessarily be cheap, but what is a good suggestion of a cheaper switch.
0
 
LVL 6

Expert Comment

by:ajeab
ID: 24328889
it's depend on how much knowledge you have. dell, 3com, HP have switch with web interface. price cheaper than cisco.  
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question