Help please with new router with specific needs £130 budget.

[Chorltonpotter]

Hi

We have Utility W/house fibre broadband with their standard router.

We can't get a signal downstairs and on top of that we need a second wireless network that will be timed (on during office hours) the first wireless network will be on full stop.

Fully on all time will be for 4 ring cameras, office hours will be for 4-6 people general interest access with minor streaming.

What recommendations do people have for a budget of £130 ish? Maximum distance, 2 wireless networks, we are not to worried on maximum/increased WiFi speed.

Blessings.

 

[mickevh]

Are you intending on a "forklift" replacement of your existing router that ticks all the necessary boxes, or are you intending on adding a second devices to extend the coverage footprint..?

 

[Chorltonpotter]

Would prefer a one box solution but open to suggestions either way.

 

[Deleted member 24354]

I think that you have 2 different issues here.
1.You want a router with some advanced routing features, such as separate networks with timed on/off
2. You want better wifi coverage with 2 separate wireless networks.
The best way to achieve this is probably using multiple access points around your property, wired back to the router.
Given all of the above I think that you may need to reconsider your current budget as it is on the low side considering the functionality that you require

 

[Chorltonpotter]

Thank you for your reply, what would you suggest for the items and cost?

 

[Deleted member 24354]

Can I ask why you want to turn WiFi off at night?

 

[Deleted member 24354]

Ubiquiti will allow you to place time based restrictions on networks. So I would probably err towards a Dream Machine (UDM) and a second Access Point. So around £300 for UDM and £100 for a second access point. Budget around £400 plus cabling. You would need to use your existing router in bridge mode as a modem.

 

[Chorltonpotter]

Can I ask why you want to turn WiFi off at night?

We want to limit the access to the internet while no staff are not on the property.

 

[mickevh]

Mushii has nailed it, but to tease out one additional aspect that might inform what is required:

By "second network" do you mean simply an additional (Wi-Fi) coverage area or do you mean two separate networks whereby the devices on the "blue" network cannot see or in any way interact with the devices on the "green" network (irrespective of whether they are wired/Wi-Fi and/or which Wi-Fi hotspot they are participating in.) I've used colour names to differentiate the two networks for the purposes of debate, but there is no significance in my choice of names - they could have been anything. Thusly, both networks are logically "separate" from each other but each can access the Internet.

We sometimes see this is SOHO gear as a "main" and "guest" networks usually provisioned over Wi-Fi with different SSID's. If you wanted to extend that to multiple Wi-Fi hotspots and/or wired ethernet ports, it could increase the complexity (and cost) of the solution required as you might need equipment that can implement, interlink and route ("route" means something specific in the realm of data networking) something called VLAN's to keep the traffic from both networks separated. IIRC some of the higher end SOHO gear and some (but not all) of the so-called "mesh" systems can do this.

Mushii can probably give us a steer as to whether UDM can this, I've never used it myself. Most of the really cheap SOHO kit cannot do this sort of thing.

As well as equipment with the right capabilities, such a regime is going to require some "setting up" - don't expect it to "just work" out of the box, you're going to need to take the time to understand how it all hangs together and spend some time "configuring" it. It's not hugely difficult, but there's some new concepts to understand and some work required to get it all working s desired.

Then on top of all that, is an added layer of complexity in that you want "timed" access control. Again, do-able with suitable kit and the requisite configuration work, but may cost more.

 

[jamieu]

Mushi has given the perfect response and a good recommendation re. Ubiquiti kit, the UDM and one or two access points will cover your needs perfectly.

But just to add, if you're using this to run a proper business you really don't want to be scraping by with a cheap consumer router to save a few pennies. Think about it in terms of what a day or two with flakey, or worse no internet would cost you. Ditto. having a decent firewall / IDS on your router if you have machines connected 24/7 to your network with company/client/personal details on them.

Buy Cheap, Buy Twice as my Dad would say ;-)

 

[Deleted member 24354]

Ubiquiti APs will allow you to assign upto 4 separate SSIDs per AP and each one of those can be assigned to a separate subnet or V-Lan which is one route.
They also allow you configure a separate Guest network on their APs with its own landing and log-in page and if necessary can also use a radius server, that requires users to acquire or pay for tokens to access the network (this can also be time limited access) The guest traffic on Guest Networks is automatically separated onto its own subnet and by default has no access to the principal network making it useful just for internet browsing.

All of this is easily configurable in the Unifi Controller built into the UDM. The UDM is designed and guilt for SOHO solutions exactly as you describe.

There are other providers such as Microtik who have their own solutions, but I am not familiar with their products. Or you could go the whole hog and look at a solution from Cisco or Juniper but then you will probably need to add a zero to that budget.

I think for what you describe The Guest Network will meet your needs nicely and would still give you the ability to set-up a separate network just for your CCTV that you could then add QoS to to ensure the best possible network availability for your cameras and a separate SSID and subnet for secure network access for you other needs.

The downside of this is it will require substantially more than your original budget but it will give you a Professional Grade solution (almost) in one box.

 

[Chorltonpotter]

Thanks for the replies,
The exact detail is, we run a couple of supported housing for people coming off the streets (homeless / rough sleeping) they have 4 bedrooms per house.
We want to split the internet so one network is on
24 hours a day for the Ring cameras/CCTV and start to connect when needed to.

Then the second network will be timed 12-5pm on, rest of the time off. The house is a Victorian well built house with fire doors, the original router that came with the internet will not hit downstairs at all.

I have ordered a Nighthawk X6 8000 hoping this will be sufficient, using the guest side for the timed WiFi.
Also hoping the signal will reach downstairs.

Was this a mistake?

 

[Deleted member 24354]

Unfortunately you cannot change the laws of physics. Most wireless routers are defaulted to the maximum power that they are legally allowed to use to transmit by law and going from one manufacturer to a second, seldom makes much difference. The radiation patterns may differ due to aerial configuration but that really wont push the wifi radio signals much further or help them penetrate solid walls any better.

The Nighthawk is a great router for domestic use and gaming, but is not something that I would look to use in a SOHO environment. Ubiquiti APs and Routers are designed to handle multiple streams of traffic efficiently as they are designed for a more commercial environment.

 

[psychopomp1]

The Netgear R8000 should be fine, though you should have gone for the newer R8000P as its slightly more powerful (higher spec CPU). But the R8000 is still a great router, you should have no issues.

 

[mickevh]

Something else you may want to consider if providing Internet services to third parties is the legal liabilities.

A typical "domestic" Internet service provision contract usually constrains usage to a single premises and some explicitly forbid using it for other purposes. If you are facilitating a "home in multiple occupancy" or "boarding house" and/or provision on a "business" basis you may need to seek a different package. Some "SOHO" type packages explicitly forbid such usage. Of course, they would have to "catch" you but technically you could be in breach of contract.

Also, anything "nasty" or illegal that your guests might do using your Internet service is at least vicariously going to be your liability. The excuse of "it wasn't me guv, it was my guests/students/employees/etc." just doesn't fly legally - if it's your name on the contract, you're the one that's liable.

This sort of thing gives professional network managers sleepless nights. This is one of the many reason that we insists that everyone in some way "logs in" or is otherwise identified, we track everything they do and keep the records for X years and insist everyone signs up to some T&C's. All the stuff you never read before clicking "I agree" is there to cover many ar$es - it isn't there for the fun of it. And of course all that monitoring costs money.

When I managed a University, which included the dormitories, I decide to avoid all this and instead get in a managed service from a third party (we chose "The Cloud" at the time - for eduction there's now some specialist providers I believe) and absolve my organisation of the liability. I've advised a few clubs, societies and landlords to do the same for all these reason rather than take the risk onto themselves.

You may also want to consider whether you might have "duty of care" responsibilities to employees and guests which may need you to put in some form of content filtering/censorship.

 

[Deleted member 24354]

The nice thing about the UDM is that you can set up mandatory log-ins, splash screens with TOS that users have to accept before getting access to the service and although not a Get Out Of Jail Free Card, they will go some way to demonstrating due diligence on your behalf. It is also easy to create firewall rules, whitelists and blacklists and undertake DPI to look at what kind of sites traffic is coming from and if necessary adjust your firewall rules. It also has some pretty robust logging as well.

I am not sure how important this is to you, but as @mickevh states, becoming a re-provider also potentially opens you up to certain obligations and liabilities that fall on you, as you are the one with contract with your ISP.

Having logs maybe important if your Internet provision is used for any nefarious or illegal activity to prove that the sites or material accessed were not from your internal network but from your guest network, as all the ISP will see is your WAN address and will have no idea what your network looks like behind it and how it is being used.

We are not trying to scare you, but it is something you may need to consider or take some advice on.

 

[Chorltonpotter]

Thanks for the help guys,
Will the R8000 allow me to create log ins?

Can I use the 'guest wan' for my cctv and then use the full wan on timed for other people to use would you know?

The idea of limiting the hours available on the wan (thus internet we provide) is to help due diligence and to hopefully help stop illegal and dangerous activity being used on our network.

 

[psychopomp1]

Yes, you can schedule the wifi signals by time, Have a look at page 134 at 'Set up a wireless schedule' in the R8000 manual:

https://www.downloads.netgear.com/files/GDC/R8000/R8000_UM_EN.pdf

The R8000 also offers a guest wifi SSD but you may not need this as the router already offers 3 wifi bands - 1 x 2.4ghz and 2 x 5ghz. I suggest switching off 'smart connect' in the settings (p75) so that you have 3 unique SSDs for each band which means you are in full control of what connects to which band. I recommend naming the 2.4ghz band something like ANYNAME_2G, the 5ghz-1 band ANYNAME_5G1 and the 5ghz-2 band ANYNAME_5G2. This is how I have the SSDs setup on my Netgear RAX200 and it works a treat.

 

[Chorltonpotter]

Thank you.

Would you know if the 'guest' network is 2.4ghz? I would want the timed wan to be 2.4ghz (for older mobile phones)

Plus I need an always on for 2.4ghz for Ring door bells/CCTV/ printer.

 

[psychopomp1]

Yeah, you can have a guest network on the 2.4ghz band and/or on the 5ghz band, its totally up to you:

https://kb.netgear.com/24097/How-do-I-set-up-a-guest-network-on-my-Nighthawk-router

However.... i might be wrong but I think on the Netgear routers when switching off wifi bands by schedule, it switches off all radios. In order words, its either all radios on or all radios off. But you want to keep certain radios on at all times 24/7?

 

[Deleted member 24354]

You could get around this by adding a wireless access point, which would be on all of the time. You could use the WAP for your CCTV and internal wireless access and then use the timed facility for guest access.

 

[Chorltonpotter]

Ok thank you.
Everything is installed and working, however I can't find an option to schedule the wan on/off unless I download and pay for the circle app. Am I missing something?

 

[ChuckMountain]

Does the signal now reach the downstairs adequately?

 

[mickevh]

For a quick bit of 101 - "network" and "SSID's" and "wavebands" are all different things and can be configured in various permutations to achieve the sort of results required.

It is possible to have multiple SSID's served out of each AP in each waveband and/or the same SSID served out of both wavebands and multiples AP's. A lot of SOHO gear can only serve one SSID, or one SSID per waveband, but that is because it is cheap low spec. equipment, not because there's some fundamental restriction on how Wi-Fi and data network function.

The traffic within a group of devices all participating in the same SSID is kept separate from the traffic of any other SSID "over the air" - albeit that they all have to compete for the same "air time." In order to maintain that separation onward from the AP over the wired network, we'd use a technology called virtual LAN (VLAN) until it eventually reaches some thing that can "IP route" and router configuration and access control lists would determine where the traffic goes after that.

Technically, there's no reason why the traffic from multiple SSID's in the same AP cannot all be forwarded on over the same wired LAN, though it rather defeats the point of having multiple SSID's in the first place. (Though I've done it to avail multiple authentication paradigms - e.g. a .1X, captive web portal, PSK all "landing" on the same VLAN.)

We've been doing this sort of thing in businesses for decades.

For timed access control to the Internet, one could either control it at the router or the AP's. Either shut down the access to the Internet on a timed basis for a particular VLAN, but that would leave the SSID's and the "local" network still functioning. Or we could look for AP's that have a way to shut down particular SSID's (or at least prevent them accepting connections) on a timed basis.

Which waveband said SSID's are being advertised over doesn't really matter in terms of access control - the two are unrelated.

However, I doubt you're going to find this sort of functionality in really cheap SOHO equipment. You'd be looking for something akin to the UDM solution. A single cheap "network in a box" SOHO router might do it via a "guest" and "main" network, but I doubt such a box would avail multiple SSID's on the same waveband beyond that - SOHO kit is cheap for a reason. Extending that paradigm to multiple physical AP's (hotspots) is even less likely.