Customer Cafe Wireless Security?

Posted on 2011-03-22
Medium Priority
Last Modified: 2012-05-11
Hi all Experts,
We have a Customer Cafe that we allow our customers to use if they bring in a laptop while they are waiting for the car to be repaired etc... I am looking for an idea, as it appears that either I have someone sitting in the parking sucking down my bandwidth, or I have an employee bringing in an authorized laptop and going to town with downloads. This Customer Cafe is quite a simple setup, I have a separate VLAN configured on my Cisco 3560, (I have for the most part all Cisco as my backbone) and this runs the wireless for a Linksys Wireless Access Point. Other than obtaining a completely different ISP just for the Customers or placing a WEP code in the access point I cannot think of another way to stop this from happening. This maxed out my bandwidth today at this location, and I am kind of at a loss for an idea.
Any suggestions?
Question by:HarleyITGuy
  • 3
LVL 52

Accepted Solution

Jackie Man earned 2000 total points
ID: 35195358
According to the comment of Johnjces, it says:-

"If you can spend about $300 USD, look into a GuestGate.


Really neat device and protects your LAN and protects your guests from each other with a captive portal web page and more."

Source: http://www.experts-exchange.com/Networking/Wireless/WLAN/Q_23664887.html

The Features of GuestGate are as follows:

• Captive portal provides instant secure guest access to the public network
• The ideal solution for conference rooms, Internet cafés and hotels
• All-in-one wireless high-speed HotSpot for secure access to the Internet
HNP technology protects the network from unauthorized access
• Plug and Play for configuration-free client operation
Guest protection through Layer 3 Client Isolation technology
• Wireless 300 Mbps access point functionality
• Complies with 2.4 GHz IEEE 802.11n standard and is backward compatible with IEEE 802.11g/b standards
• 2T2R MIMO technology for enhanced throughput and coverage
• Integrated 10/100 Mbps LAN switch with Auto MDI/MDI-X support
• Bandwidth throttling (limit global up- and downstream bandwidth)
• Integrated password option for Internet access (global password and individual user passwords)
• Support for IEEE 802.1X RADIUS authentication allowing the deployment of GuestGate in larger networks with RADIUS-based user authentication
• Fully customizable welcome page (Captive Portal)
• Automatic redirect after login to any Web site
• Walled-Garden functionality
• Internet access time scheduler
• Black-list function for IP addresses and Internet domains
• White-list function for local network addresses (e.g., print servers or intranet servers)
• Packet filter for IP addresses, domains and TCP/IP service ports
• Trusted Ethernet addresses
• Multilanguage Web user interface
User logging function can be activated to keep track of the Internet servers visited by the guests
• Firmware upgrade through Web-based user interface
• Three-Year Warranty

I have highlighted the security features which may fit into your requirements on security.
LVL 52

Expert Comment

by:Jackie Man
ID: 35195371
Besides, it is crucial that you have the control of the bandwidth consumed by the guest wifi as there is a feature called Bandwidth throttling (limit global up- and downstream bandwidth) in the above list.

Expert Comment

ID: 35196061
If you want to keep track, filter and block access then you might consider a proxy server and force surfing via the proxy server (eg: squid on linux is free).  You can then just use linux accounts for user access control and logging.  

I am sure there are better systems for a cafe, this is just they way we do it.
WEP is not worth putting on for two reasons
a) If someone is in the car park, the can hack the WEP key and your back to the same problem
b) If its your staff, then they will know the WEP key and back to the same problem.

WPA/WPA2 is better then WEP, but the PSK (Pre Shared Key) the staff member will know, and if you give it to customers, then they will know.

You really need to do a per user system.  WPA2 Enterprise with a radius server will work, but if you are going to that effort for a shop, you will be better off with a proxy server.


Author Closing Comment

ID: 35340689
Thank you
LVL 52

Expert Comment

by:Jackie Man
ID: 35341170
Glad to know that you have solved the problems. Cheers!

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article I will describe how to setup a Cisco WLC 5508 to work with Apple's Bonjour protocol across VLANs.  I will also discuss using screen mirroring and Airplay on an AppleTV v3.  This article covers the wireless network only and requires m…
What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question