• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Setting up Wifi for public at business

ChiSox

ChiSox

Joined
Jan 14, 2009
Messages
457 (0.08/day)
Location
On The Green
System Specs
System Name B450+2700x
Processor Ryzen 2700x
Motherboard MSI B450 Tomahawk
Memory Ballistix Sport LT - BLS2K8G4D30BESBK
Video Card(s) EVGA GeForce GTX 1650 XC 4GB DDR5
Storage PNY SSD
Display(s) 2x LG 27" IPS
Case NZKT H510
Power Supply CORSAIR - RMx Series 850
So the restaurant at the golf course I work at wants wifi setup...

Internet is through cable modem then through gigabit switch connects to our server then out to about 20 computers...

My main concern is security...what would be the best way to prevent any network access from public computers
 
ktr

ktr

Joined
Apr 7, 2006
Messages
7,404 (1.12/day)
Probably an access point on a separate subnet.

edit: meant to say separate vlan. (thanks Munki)
 
Last edited:
Munki

Munki

Joined
Sep 13, 2008
Messages
1,230 (0.22/day)
Location
Metro Atlanta
System Specs
Processor AMD Ryzen 1700
Motherboard Gigabyte AB350 GAMING 3
Memory 16GB (2x8) 3200MHz
Display(s) Acer 24" LCD
Software Windows 10 Pro
separate subnets a "hacker" can figure out if he really wanted too via static IP, im not saying this is easy. If you do it this way don't turn on/off one bit. Make it clever. Is said switch manageable? Model?

EDIT: Your best bet is to setup a public vlan. If the switch supports it, of course.
 
C

caleb

Joined
Sep 15, 2004
Messages
1,583 (0.22/day)
Location
Poland,Slask
System Specs
System Name HAL
Processor Core i5 2500K
Motherboard Asus P8P67 Pro Rev3.1
Cooling stock
Memory 2x4GB Kingston 1600Mhz Blu
Video Card(s) Asus 560Ti DirectCuII TOP
Storage Kingston 120 3K SSD,WD Black WD1502FAEX
Display(s) LG 1440x900
Case Chieftec Mesh Midi
Audio Device(s) onboard
Power Supply Corsair TX750V2
Software w8
If it doesn't you can do it another way around. Put your whole private network behind another router so that his LAN is on the WAN side of your router.
 
Bot

Bot

Joined
Apr 14, 2009
Messages
594 (0.11/day)
System Specs
System Name BoTBlue
Processor Intel i7-3770
Motherboard Intel DQ77MK
Cooling Corsair H80
Memory Samsung 4x4Gb
Video Card(s) ASUS GTX 470
Storage OCZ Vertex LE
Display(s) Acer
Case AthenaTech
Power Supply Corsair 850w
Software Win 7 Pro x64
the netgear wndr3700 lets you create 2 wlan's and 2 guest wlan's
you can configure if they can see and/or access the local lan.

i am not sure whats the tech behind it, so i can not speak on if it is security or not but it's worth taking a look at it. i have yet to find anything related to a security flaw in this.
 
Last edited:
Kreij

Kreij

Senior Monkey Moderator
Joined
Feb 6, 2007
Messages
13,817 (2.20/day)
Location
Cheeseland (Wisconsin, USA)
I needed to do something similar at work (not public access, but "guest" access), but I am not sure what your security requirements entail.

Here's what I did.
My internet comes in (dsl modem) and next hits a router(firewall) that translates it to our internal non-routable (private) IPs and then hits (unmanaged) gigabit switches. I hooked up another router to the switches, who's WAN side was in my internal LAN IP range and who's private LAN side was a completely different non-routable (private) IP, then set the default gateway to point to the first router's IP address only, so anything that hits the guest router goes out the main router to the dark underbelly of the internet and never to the LAN.
Due to the fact that my LAN is all non-routable addresses, I can't even access the WAN side of the router from my internal LAN network to configure it. lol

Works fine, but may not be what you are looking for.
 
You must log in or register to reply here.
Top