I have a RB1100 and a RB411AH.
As there will be people renting 3 of my rooms, i would like to limit their network.
There is a RJ45 LAN Port in all rooms, so all of them are able to connect to wired/wireless.
I would like to:
Limit their internet bandwidth, download and upload to 512/256kbps per room.
Control the websites they visit. IE: no Porno etc.
Limit their access,
a) They should not be able to access the network the rest of my PCs are on.
b) They will need some sort of credentials to log on to surf the net. (Kinda like a hotspot portal?)
c) Time out on wired and wireless connection. IE: They need to sign in using their credentials every 1hr to access the internet again.
Currently, I’m connecting the RB1100(LAN) to a Watchguard Firewall(WAN) and then providing wired/wireless network access to the 3 rooms from the Watchguard.
This config serves nearly all my requirements but i wish to cut down on the equipment used. If possible, taking the WG out.
Is it possible to do with just the RB1100 and RB411AH?
I have never setup the hotspot but I know there is settings to do so. But I have a good recommendation for the RB1100 for the Ethernet jacks at least. I would setup a METARouter for each of there ports. I have done this with a building where we have 7 businesses in one building. In the RB1100 I setup each of them with a METARouter and they all have there own Bandwidth and unable to talk to each other. Each of them can then be programmed separately and with there own settings needed. Sorry can’t help with the hotspot part of the question but if you use METARouters and then simple ques you can easily shape there speeds and keep them off your network.
Yes what you want to do is possible with those two devices. The 1100 is a rather large amount of overkill for what you are describing. It is important that you set the 411 as an AP, bridge the Ethernet port and the wireless card together, you’re not routing their traffic with the device.
1.) For access and bandwidth control either use hotspot or PPPoE. Since you want them to sign in every hour (that is going to be rather annoying to them) hotspot is likely going to be your best solution.
2.) For content filtering, your best solution is likely going to be using openDNS as a service and redirecting all port 53 traffic to one of their servers. They can still browse via IP if they know what they are doing, but that’s a massive pain.
3.) For limiting other access, set up firewall rules to prevent them from accessing different subnets, and make sure all your internal network is on it’s own separate routed interface.
Also as a side note. I’m not aware of a way to make two users share a queue with the hotspot. This means if they have a device connect to the network with a wired port and sign in, and another computer connect over wireless, they both get a separate queue applied to them. You can set the shared user attribute to control how many people can sign in with a given account if that’s a problem.