I currently have a Spectrum modem and router. Right now it is only used for WIFI and security cameras remote access. This is in a new restaurant that is opening soon. The owner wants to have a secure network for his Point of Sale credit card transactions. He also wants to continue to have access to the cameras and offer free WIFI to his customers. The POS system is all hardwired. What is the simplest way to accomplish this? I think the POS and the cameras/guest access should be separate networks but not really sure how to accomplish that.
-
Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.
Point of sale network help
- Thread starter ozark01
- Start date
- Joined
- Aug 16, 2005
- Messages
- 26,267 (3.80/day)
- Location
- Alabama
| System Name | Rocinante |
|---|---|
| Processor | I9 14900KS |
| Motherboard | MSI MPG Z790I Edge WiFi Gaming |
| Cooling | be quiet! Pure Loop 240mm |
| Memory | 64GB Gskill Trident Z5 DDR5 6000 |
| Video Card(s) | MSI SUPRIM Liquid X 4090 |
| Storage | 1x 500GB 980 Pro | 1x 1TB 980 Pro | 1x 8TB Corsair MP400 |
| Display(s) | Odyssey OLED G9 (G95SC) |
| Case | LANCOOL 205M MESH Snow |
| Audio Device(s) | Moondrop S8's on schitt Modi+ & Valhalla 2 |
| Power Supply | ASUS ROG Loki SFX-L 1000W |
| Mouse | Lamzu Atlantis mini (White) |
| Keyboard | Monsgeek M3 Lavender, Akko Crystal Blues |
| VR HMD | Quest 3 |
| Software | openSUSE Tumbleweed |
| Benchmark Scores | I dont have time for that. |
You need to look into an access point. This will have segregation options for guest networks, allow more flexibility for changes and provide ease of management.
you SHOULD be separating your POS/internal networks from your guest network. If you aren’t please tell me the restaurant name so I can never go there.
the answer in your case is vlans.
to accomplish this easily, you may want to look into a small stack of gear from ubiquity or aruba. A router, switch, AP combo will get you what you need for a reasonable amount and provide service without the need for frequent upgrades.
both companies provide an easy “guest portal” feature but I really would not tackle this project if you don’t have the network chops.
this is really just the beginning and I hate to say it fundamental hurdle you will need to handle. The next would be throttling the guest network so some diner doesn’t max out your connection, with the next being content filtering so you aren’t hit month after month by ISP cease and desists for torrenting and other nasty things people try to lookup on public wifi.
Those are the basics. After that we dive deeper into shortening the DHCP lease time so you don’t hold allocations for more than say an hour. Or else you will deplete your IP pool after x amount of guests connect as you start picking up business.
After that you dive into more advanced mitigations.
Blocking the guest network from accessing the gateway login on 80/443/xxxx (whatever port the control panel listens on). Then we move on to cutting multicast traffic and blocking sharing protocols so you can protect yourself, and the customers from each other. From there you can implament a firewall rule to re-route DNS traffic to only poll your router so people arent accessing bad things by bypassing you and the list goes on.
But the basics should buy you time if you can atleast handle those so you can learn more about the equipment, customer base, and the industry as a whole to make more educated decisions.
Last edited:
Thank you for the detailed response. You clarified a lot of what i was wondering about.
We were considering installing two Unifi Dream Machine routers with an access point for each. One would be for the guest and camera system and the other for the POS system. Each Dream Machine would plug into the Spectrum router. While this may not be the most cost effective way I understand this would provide two separate networks. I also think it would be easier to initially set up. Like you said....we have a lot to learn so simple is better. What do you think?
- Joined
- Aug 16, 2005
- Messages
- 26,267 (3.80/day)
- Location
- Alabama
| System Name | Rocinante |
|---|---|
| Processor | I9 14900KS |
| Motherboard | MSI MPG Z790I Edge WiFi Gaming |
| Cooling | be quiet! Pure Loop 240mm |
| Memory | 64GB Gskill Trident Z5 DDR5 6000 |
| Video Card(s) | MSI SUPRIM Liquid X 4090 |
| Storage | 1x 500GB 980 Pro | 1x 1TB 980 Pro | 1x 8TB Corsair MP400 |
| Display(s) | Odyssey OLED G9 (G95SC) |
| Case | LANCOOL 205M MESH Snow |
| Audio Device(s) | Moondrop S8's on schitt Modi+ & Valhalla 2 |
| Power Supply | ASUS ROG Loki SFX-L 1000W |
| Mouse | Lamzu Atlantis mini (White) |
| Keyboard | Monsgeek M3 Lavender, Akko Crystal Blues |
| VR HMD | Quest 3 |
| Software | openSUSE Tumbleweed |
| Benchmark Scores | I dont have time for that. |
I think that’s a terrible idea. The spectrum router should be totally removed from the equation. The modem should be put into bridge mode so it does no routing or dns and only provides a wan address. You will be double nating, the routers will assume the same default network config and you will have collision’s and issues from the second they are powered on.
It will provide a network outage. those routers can handle vlaning and guest network duties by themselves if you think you need two routers, plugged into a spectrum router. Then I think you should hire someone to do this for you.
I agree! The owner has tried to hire three people and no one has shown up. That is why I am asking for help.
- Joined
- Oct 18, 2013
- Messages
- 5,852 (1.49/day)
- Location
- In the abyss, where all I can see is...nuthin !
| System Name | The Little One |
|---|---|
| Processor | i5-11320H @4.4GHZ |
| Motherboard | AZW SEI |
| Cooling | Fan w/heat pipes + side & rear vents |
| Memory | 64GB Crucial DDR4-3200 (2x 32GB) |
| Video Card(s) | Iris XE |
| Storage | WD Black SN850X 4TB m.2, Seagate 2TB SSD + SN850 4TB x2 in an external enclosure |
| Display(s) | 2x Samsung 43" & 2x 32" |
| Case | Practically identical to a mac mini, just purrtier in slate blue, & with 3x usb ports on the front ! |
| Audio Device(s) | Yamaha ATS-1060 Bluetooth Soundbar & Subwoofer |
| Power Supply | 65w brick |
| Mouse | Logitech MX Master 2 |
| Keyboard | Logitech G613 mechanical wireless |
| Software | Windows 10 pro 64 bit, with all the unnecessary background shitzu turned OFF ! |
| Benchmark Scores | PDQ |
You need professional help, as this is NOT something that should be left the average person w/o advanced networking skills & certifications to set-up.... because even the smallest mis-configurations could seriously impact the business's security, operational efficiency, and data/transaction processing abilities...
Yes it won't be cheap, but it WILL be cheaper than having some techno-dweeb break into the network, set-up backdoors, DDOS attacks, steal all your money or any number of other bad things that could happen as a result....
Yes it won't be cheap, but it WILL be cheaper than having some techno-dweeb break into the network, set-up backdoors, DDOS attacks, steal all your money or any number of other bad things that could happen as a result....
I agree but it seems like the experts in my area are too busy to take our money. Thanks for the help!