• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 497
  • Last Modified:

Customer Cafe Wireless Security?

Hi all Experts,
We have a Customer Cafe that we allow our customers to use if they bring in a laptop while they are waiting for the car to be repaired etc... I am looking for an idea, as it appears that either I have someone sitting in the parking sucking down my bandwidth, or I have an employee bringing in an authorized laptop and going to town with downloads. This Customer Cafe is quite a simple setup, I have a separate VLAN configured on my Cisco 3560, (I have for the most part all Cisco as my backbone) and this runs the wireless for a Linksys Wireless Access Point. Other than obtaining a completely different ISP just for the Customers or placing a WEP code in the access point I cannot think of another way to stop this from happening. This maxed out my bandwidth today at this location, and I am kind of at a loss for an idea.
Any suggestions?
  • 3
1 Solution
Jackie ManCommented:
According to the comment of Johnjces, it says:-

"If you can spend about $300 USD, look into a GuestGate.


Really neat device and protects your LAN and protects your guests from each other with a captive portal web page and more."

Source: http://www.experts-exchange.com/Networking/Wireless/WLAN/Q_23664887.html

The Features of GuestGate are as follows:

• Captive portal provides instant secure guest access to the public network
• The ideal solution for conference rooms, Internet cafés and hotels
• All-in-one wireless high-speed HotSpot for secure access to the Internet
HNP technology protects the network from unauthorized access
• Plug and Play for configuration-free client operation
Guest protection through Layer 3 Client Isolation technology
• Wireless 300 Mbps access point functionality
• Complies with 2.4 GHz IEEE 802.11n standard and is backward compatible with IEEE 802.11g/b standards
• 2T2R MIMO technology for enhanced throughput and coverage
• Integrated 10/100 Mbps LAN switch with Auto MDI/MDI-X support
• Bandwidth throttling (limit global up- and downstream bandwidth)
• Integrated password option for Internet access (global password and individual user passwords)
• Support for IEEE 802.1X RADIUS authentication allowing the deployment of GuestGate in larger networks with RADIUS-based user authentication
• Fully customizable welcome page (Captive Portal)
• Automatic redirect after login to any Web site
• Walled-Garden functionality
• Internet access time scheduler
• Black-list function for IP addresses and Internet domains
• White-list function for local network addresses (e.g., print servers or intranet servers)
• Packet filter for IP addresses, domains and TCP/IP service ports
• Trusted Ethernet addresses
• Multilanguage Web user interface
User logging function can be activated to keep track of the Internet servers visited by the guests
• Firmware upgrade through Web-based user interface
• Three-Year Warranty

I have highlighted the security features which may fit into your requirements on security.
Jackie ManCommented:
Besides, it is crucial that you have the control of the bandwidth consumed by the guest wifi as there is a feature called Bandwidth throttling (limit global up- and downstream bandwidth) in the above list.
If you want to keep track, filter and block access then you might consider a proxy server and force surfing via the proxy server (eg: squid on linux is free).  You can then just use linux accounts for user access control and logging.  

I am sure there are better systems for a cafe, this is just they way we do it.
WEP is not worth putting on for two reasons
a) If someone is in the car park, the can hack the WEP key and your back to the same problem
b) If its your staff, then they will know the WEP key and back to the same problem.

WPA/WPA2 is better then WEP, but the PSK (Pre Shared Key) the staff member will know, and if you give it to customers, then they will know.

You really need to do a per user system.  WPA2 Enterprise with a radius server will work, but if you are going to that effort for a shop, you will be better off with a proxy server.

HarleyITGuyAuthor Commented:
Thank you
Jackie ManCommented:
Glad to know that you have solved the problems. Cheers!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now