Customer Cafe Wireless Security?
Hi all Experts,
We have a Customer Cafe that we allow our customers to use if they bring in a laptop while they are waiting for the car to be repaired etc... I am looking for an idea, as it appears that either I have someone sitting in the parking sucking down my bandwidth, or I have an employee bringing in an authorized laptop and going to town with downloads. This Customer Cafe is quite a simple setup, I have a separate VLAN configured on my Cisco 3560, (I have for the most part all Cisco as my backbone) and this runs the wireless for a Linksys Wireless Access Point. Other than obtaining a completely different ISP just for the Customers or placing a WEP code in the access point I cannot think of another way to stop this from happening. This maxed out my bandwidth today at this location, and I am kind of at a loss for an idea.
Any suggestions?
We have a Customer Cafe that we allow our customers to use if they bring in a laptop while they are waiting for the car to be repaired etc... I am looking for an idea, as it appears that either I have someone sitting in the parking sucking down my bandwidth, or I have an employee bringing in an authorized laptop and going to town with downloads. This Customer Cafe is quite a simple setup, I have a separate VLAN configured on my Cisco 3560, (I have for the most part all Cisco as my backbone) and this runs the wireless for a Linksys Wireless Access Point. Other than obtaining a completely different ISP just for the Customers or placing a WEP code in the access point I cannot think of another way to stop this from happening. This maxed out my bandwidth today at this location, and I am kind of at a loss for an idea.
Any suggestions?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Jackie Man
Besides, it is crucial that you have the control of the bandwidth consumed by the guest wifi as there is a feature called Bandwidth throttling (limit global up- and downstream bandwidth) in the above list.
If you want to keep track, filter and block access then you might consider a proxy server and force surfing via the proxy server (eg: squid on linux is free). You can then just use linux accounts for user access control and logging.
I am sure there are better systems for a cafe, this is just they way we do it.
WEP is not worth putting on for two reasons
a) If someone is in the car park, the can hack the WEP key and your back to the same problem
b) If its your staff, then they will know the WEP key and back to the same problem.
WPA/WPA2 is better then WEP, but the PSK (Pre Shared Key) the staff member will know, and if you give it to customers, then they will know.
You really need to do a per user system. WPA2 Enterprise with a radius server will work, but if you are going to that effort for a shop, you will be better off with a proxy server.
I am sure there are better systems for a cafe, this is just they way we do it.
WEP is not worth putting on for two reasons
a) If someone is in the car park, the can hack the WEP key and your back to the same problem
b) If its your staff, then they will know the WEP key and back to the same problem.
WPA/WPA2 is better then WEP, but the PSK (Pre Shared Key) the staff member will know, and if you give it to customers, then they will know.
You really need to do a per user system. WPA2 Enterprise with a radius server will work, but if you are going to that effort for a shop, you will be better off with a proxy server.
ASKER
Thank you
Glad to know that you have solved the problems. Cheers!