Solved

do they make a wifi access point that will do this?

Posted on 2014-02-09
28
639 Views
Last Modified: 2014-06-17
I am the network admin for a decent sized church. We currently have a public and private wifi network. The on the private our dhcp server is our windows server and the public is on the dmz out from our sonic firewall. Right now I have 11 wifi access points through out the church to provide 90% coverage. The problem I keep encountering is that these are off the shelf consumer wifi devices so if we have a power surge or brown out then the access points go down and don't always function afterwards and I have to manually reset them. I could put a ups on every single one of them and that is an option we are looking at but it doesn't fix another issue id like to address at the same time. I really would like cloud or app managed access points that can carry both networks through the same point. Right now I can tap any ethernet line and put a private WAP on but the public ones which are part of a legacy wifi system that predates me being here by 5 years are all daisy chained together and the horrible thing is also is that I'm not even where what is in the chain. It would be nice to carry both networks down the same cable, have 2 separate wifi networks and keep the same complete separation between the 2. I am not sure if they make an access point that will do this and that can be managed like I need and how to setup 2 separate networks on the same line. The public networks don't need to have access to each other.
0
Comment
Question by:jessebruffett
28 Comments
 
LVL 34

Expert Comment

by:Dan Craciun
ID: 39845773
Most modern WIFI routers have "guest access", which is to say access only to internet for your guests.

I've configured some of these, and they appear as 2 AP, with different usernames and passwords.

For ex this: http://www.linksys.com/en-eu/products/routers/EA6900

HTH,
Dan
0
 
LVL 25

Expert Comment

by:Fred Marshall
ID: 39845776
Let's start with what you have.  A bit more information would be helpful.

I get this:

[internet access device / modem?] <> "DMZ" Guest LAN / subnet <> [Sonicwall FW] <> Private LAN / subnet

It's not clear where the APs are.  Guest / Private or both. ??

If the Sonicwall can support VLANs then that might be a way to go. i.e.:

[internet access device / modem?] <> [Sonicwall FW] <> Private LAN / subnet VLAN1
                                                                                           <> Guest LAN / subnet VLAN2

something like that....
0
 

Author Comment

by:jessebruffett
ID: 39845783
What about remote management? i really do need a routers that remote manageable via an app or cloud. are there any that are? i could go probably as high as 3-4 hundred per router is they will do everything i need.
0
 
LVL 25

Expert Comment

by:Fred Marshall
ID: 39845789
I have had recommendations from other experts to use Sugarsync.  I have no experience with it.
0
 
LVL 34

Expert Comment

by:Dan Craciun
ID: 39845799
The new line of  Linksys routers can be managed from the Cloud.

You create an account, add your routers to that and then you can manage them from any location.

The address is linksyssmartwifi.com

HTH,
Dan
0
 
LVL 24

Expert Comment

by:diverseit
ID: 39845831
Hi jessebruffett,

I'd recommend SonicPoints, they will do everything that you are looking for. You can setup as many WAPs & VLANS as you need with centralized management within the SonicWALL. This will also allow you to do much more sophisticated deployments for different purposed SSIDs (Guest w/acknowledgment of terms page like Nordstrom provides, etc.) all running through the same line (as desired). Then simply create remote access so you can manage it from anywhere (your private cloud management). Plus you can get the PoE one's and save money on the UPS systems altogether. Just make sure your ISP is grounding the line (many ISPs do if they setup everything properly) and if not you can simply get a Net Surge Protector.

SonicPoint PoE: http://www.sonicwall.com/us/en/products/SonicPoint-Ni-Dual-Band.html
This compares all SonicPoints: http://www.sonicwall.com/us/en/products/Clean-Wireless-Series.html#tab=Compare

Net Surge Protector for CAT5/6: http://www.apc.com/products/family/index.cfm?id=145
Here you'll find a number of solutions all very inexpensive. They are just in different form factors for different applications.

What model is your SonicWALL? Depending on the model we can reconfigure it to reach greater distances and potentially reduce the amount of WAPs needing to be installed.

Let me know if you have any other questions!
0
 
LVL 3

Expert Comment

by:computication
ID: 39846316
There are several solutions that can help you with this problem. As posted above Linksys and Sonicwall are two. There are also the two market leaders, Cisco and Aruba or the up and comers, Airtight and Aerohive. All have cloud based management, VLAN support and all have AP's that can be fed from a POE switch. I would recommend not going with Linksys, there's a reason why Cisco dumped the brand, but that's more personal preference. Speaking of,.. mine is Aruba. I suggest asking Aruba (or any other brand) to recommend a partner close to you and asking them for a quote. Whichever brand you chose, it will be expensive. A small Aruba AP cost about $300,- and one with the new AC standard will run you about $1500,-.
A descent Gb/s POE Switch ~ $3000,-

Hope it helps.

Kind regards,

M
0
 
LVL 24

Expert Comment

by:diverseit
ID: 39846745
I wanted to mention on the PoE side of SonicPoints...they come with PoE injectors so you wouldn't need to buy a PoE switch. And if you need to cover additional devices with PoE, you can purchase PoE Injectors for each device...they are less than $50 for 1 PoE Injector. If you need a PoE switch, HP ProCurve makes a decent managed, L2 switch for around $725: http://h17007.www1.hp.com/us/en/networking/products/switches/HP_2520_Switch_Series/index.aspx#tab=TAB3. We have used the J9299A  HP 2520-24G-PoE Switch and had no problems with them.
0
 
LVL 16

Expert Comment

by:vivigatt
ID: 39847791
If your Wifi AP/routers support an alternate firmware such as dd-wrt, you could use it, it is very powerful, supports vlans etc.
0
 

Author Comment

by:jessebruffett
ID: 39849040
I didn't even think about it until today but I have overlooked a great and cheaper option which is apple airport express. I already use a Macbook Air for my personal and work machine and we are beginning to phase out the old xp machines and replace them with mac mini's and iMacs depending of the departments needs. I know these are app manageable, support guest access, a much cheaper then the alternatives and the new ones support 802.11ac. The only downside is they don't have built in battery backups like the higher end devices such as the sonic points and such.
0
 
LVL 24

Expert Comment

by:diverseit
ID: 39851407
Here are my thoughts on framing these types of decisions. Look at it not as which is cheaper but rather from a TCO (Total Cost of Ownership) perspective. IT procurement should always be framed in 3-5 year increments with TCO in mind. Take a look at your time spent on recurring issues and how the church suffers (productivity loss, morale, loss of income/wages, corporate/brand image, etc.) Factor all of it into your final decision to determine the best long term choice.

Cheers!
0
 

Author Comment

by:jessebruffett
ID: 39851552
Diverseit I totally agree and I do my best to do that now, but I also have to fight the culture of the other staff, committees and pastors who's mentality has always been if its not broken don't fix it, we don't care how old it is or if something is better and when finally something does break just get it working and we'll fix it again when it breaks again. So its difficult for me get a cross what I feel is the best choice and realistically to business minded people looking at the long term of the church what is best as well. Convincing the ops director and the trustees committee to allow me to start getting ride of old but working xp machines in favor of apple computers has been a 2 year ordeal. I actually had to hire several security consultants to run audits of the churches network to get a hardware firewall because the trustees (who i have to go through to spend for them 2k at a time or implement and church wide hardware or equipment change) because they all assumed the windows firewall in xp was adequate for us... I would love sonic points now, but... i can get what i need done now and for the next several years with airports expresses so i really think thats the route I'm gonna go. Most of the old timers are retiring from the staff in the next year or so and the old timers on the committees will rotate off soon too so I'm hoping for fresh younger more forward thinking people to help back my vision for my area of responsibility and ministry. Thanks guys for all the input. Rest assured ill have more questions to ask on other issues. lol
0
 
LVL 24

Accepted Solution

by:
diverseit earned 500 total points
ID: 39851723
Gotcha! Corporate culture can sometimes be the mother of all vulnerabilities. :)
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 

Author Comment

by:jessebruffett
ID: 39869010
Ok, one follow up question/issue. So i was given the go ahead to buy airport expresses and an airport extreme. To do what i need, i need to setup a separate subnet for the private network on the new airport network to get the guest feature to work since the extreme has to be running as a dhcp server. Not a huge deal, but before i start breaking these bad boys out and setting them up is there a way to connect the 2 subnets so even though the private airport network will have an address range of 192.168.1.x devices on it can access resources on the 192.168.0.x network? the 192.168.0.x networks dhcp server is our windows 2011 sbs server.
0
 
LVL 24

Expert Comment

by:diverseit
ID: 39870910
Are you talking about bridging your subnets? If so, then the answer is yes you can do that. You will want to have separation on the WLAN Guest side though. If Airport provides that - it would be recommended.
0
 
LVL 24

Expert Comment

by:diverseit
ID: 39916746
Any update on this?
0
 

Author Comment

by:jessebruffett
ID: 39916748
I have deployed apple airports to good effect. they have faired better through several power outages and flickers then the net gear ones i replaced so far i am pleased for the most part. It would have been nice if i could have setup public and private networks with each access point but we are making due.
0
 
LVL 47

Expert Comment

by:dlethe
ID: 40118409
Look, you've got cheap consumer-grade toys.  Get what the pros use and go to arubanetworks.com   You can talk to an engineer there, and they'll get you in touch with a VAR or where you can buy the product after they figure out best way to do it.

I've used their products in college campuses, with tens of thousands of active connections and it works  quite well.  Granted it may not be within your budget, but at least you know what it will cost to do it right and not have any headaches.
0
 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 40118458
I know I'm jumping in the middle of all this, but I wanted to say that given all I've read here, I think you should really check out Ubiquity http://www.ubnt.com/unifi

When you need something better than consumer grade and you don't have the budget for aerohive, aruba, meraki, etc..., the Ubiquity stuff is really really solid. Access points are CHEAP and it's a free software controller. They don't have the density or extra fun load balancing and mesh networking of the meraki, but I really think it's a good fit for you.
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 40118466
Go with Meraki, get some PoE switches (power them via a UPS if you want), and manage it all in the cloud.

Job done.
0
 
LVL 24

Expert Comment

by:DMTechGrooup
ID: 40118471
I will agree with Aaron.. also you could use Mikrotik routers is a few locations to provide the POE and be able to cut the power to a particular POE if necessary.  http://www.flyteccomputers.com/details.cfm?wid=32&wb=RB750

Stay away from the home stuff..
0
 
LVL 47

Expert Comment

by:dlethe
ID: 40118487
I can't speak from personal experience on ubiquity. But i know here in north Texas we have a heck of a lot of thunderstorms and lightning hits.  Nothing will survive that, but I've seen buildings being struck that took out a great deal of equipment, and  while they lost some servers that rebooted (one died) the aruba in the  same rack stayed online (long story, but we needed one in that rack for internal use, ordinarily you wouldn't do that)
0
 
LVL 39

Expert Comment

by:noci
ID: 40119109
Be careful with cloud managed AP's... Think about it...

With cloud managed devices you tell some server on the internet to tell your devices how to behave.
What if someone else tells that server to tell your devices how to behave? Your AP's won't know the difference.

You are passing your Keys to your network to whoever owns the configuration server, that might include the NSA, or some other .GOV body, or the average hacker that manages to own the server.
Or someone that gets your credentials to your account...
0
 
LVL 4

Expert Comment

by:HostOne
ID: 40119387
Unifi ubiquiti are the best option. They are centrally managed, support multiple network and mesh automatically. I.e. They hand over as you walk through the building, so you always get passed to the closest unit, seamlessly.

Long range units support 1.5km range per station, not that a phone can talk back over that distance but a laptop can. Indoor long range units support a few hundred metres. We've managed 100mb over 40km with unifi gear.

They're much cheaper than meraki. Google them, you will hardly find anyone who doesn't love them.

They auto channel switch for interference and I've not seen any other product switch users do perfectly and seamlessly between stations.

I've got no affiliation at ask with the company.
0
 
LVL 24

Expert Comment

by:diverseit
ID: 40122521
I'm throwing in a vote for Ubiquity...they're solid - we use them when SonicPoints' abilities are not needed. You can grab some PoE injectors too - really cheap and they do the job.
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 40122773
Ubiquiti are great, but to make it sound like the APs do things that others don't is just wrong.

All of the alternatives listed here will do seamless client handover and dynamic channel allocation (it's actually a legal requirement in some 5GHz channel-bands so all kit MUST do it if it operates on those bands).

Also to state that they'll do up-to 1.5Km is not 100% correct either.  They 'can' reach that far with a directional antenna, but that's not something you'll be interested in, nor want in your environment.  Even if you want that reach, NO laptop in the world ever could reach that far using a built-in antenna.  That's a fact.

There are absolutely NO issues with security if you manage your APs in the cloud.  All management traffic is encrypted between the AP and the cloud server, and to start referring to the NSA, etc, is a bit far-fetched in my opinion.  If someone gets the credentials to your account that's just the same threat as having a local controller, etc.

Be careful if you do decide to go with Ubiquiti.  The low-end APs require a proprietary PoE injector which only delivers 24V.  These may not like power cuts (they seem to be more sensitive than standard PoE injectors).

I wouldn't consider Mikrotik APs/Routers in this scenario unless I wanted to use it purely for the Hotspot functionality.

Just my 2...
0
 
LVL 24

Expert Comment

by:diverseit
ID: 40122868
Great points Craig!
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now