Question Router Help

Discussion in 'Networking & NAS' started by zad, Sep 10, 2017.

Tags:
  1. zad

    zad
    Well-known Member

    Joined:
    Jan 3, 2003
    Messages:
    1,614
    Products Owned:
    0
    Products Wanted:
    1
    Trophy Points:
    83
    Location:
    Wigan
    Ratings:
    +259
    We are relatively new foster carers and need to set access timers etc to wifi for the 2 teen lads we are looking after. The super hub 2 I have will only allow a certain amount of MAC filtering options and because I have set up guest accounts for them won't allow them to access plex on my network.

    So can I get some recommendations for a decent AC router that will give me better control and one ideally I can still allow access to the file server even in guest mode :)

    Thanks.
     
  2. mickevh

    mickevh
    Well-known Member

    Joined:
    Apr 30, 2007
    Messages:
    7,225
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    133
    Location:
    West London
    Ratings:
    +1,738
    A US based web site called SmallNetBuilder reviews and tests a good selection of SOHO equipment and tabulates the results by various performance metrics - you could do worse than look there. If you are in the UK, just bear in mind he's US based, so specs. and price may differ a bit, (mostly it's about the PSU supplied, ISP compatibility and Wi-Fi transmit power. which is higher in the US.)

    With regard to control of access to your file server, you would be better off to not rely on your router to police this and instead use a "proper" credentials regime on your file server such as we do in businesses. Create separate accounts for everyone and use them to control access rights (some systems will let you create an anonymous "guest" account - you could use that for general universal content and use other credentials for the more privileged stuff.)

    Some OS's will even let you police access using a timer if you want to ensure they are not up watching Teletubies until the wee small hours, though it's usually a fairly blunt instrument in that it controls the times the accounts can/can't login rather than asserting which files are available at which times.
     
  3. limegreenzx

    limegreenzx
    Banned

    Joined:
    Feb 9, 2006
    Messages:
    2,018
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    86
    Ratings:
    +337
    I can recommend the Asus routers, especially with AsusWRT-Merlin firmware. I use an RT-AC66U with a VM SH1.
    It supports MAC filtering and schedules. It also supports DNS filtering which IMO is more important than schedules.
    If you have Plex Pass you can setup PIN control. The Asus firmware also supports VLANs, but it is not easy to setup compared to your normal managed switch.
     
    Last edited: Sep 10, 2017
  4. zad

    zad
    Well-known Member

    Joined:
    Jan 3, 2003
    Messages:
    1,614
    Products Owned:
    0
    Products Wanted:
    1
    Trophy Points:
    83
    Location:
    Wigan
    Ratings:
    +259
    Its mainly the wifi access at bed time or when needed as a punishment we are more bothered about, I have set user accounts on the NAS already but have also bought plex pass so have better access over content of movies etc that way.
     
  5. ChuckMountain

    ChuckMountain
    Well-known Member

    Joined:
    Oct 5, 2003
    Messages:
    6,320
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    136
    Ratings:
    +1,278
    How about a UniFi AC Lite or Pro Wireless Access Point? That would give you better wireless than the SuperHub2 but give you very good control over what you want.
     
  6. mickevh

    mickevh
    Well-known Member

    Joined:
    Apr 30, 2007
    Messages:
    7,225
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    133
    Location:
    West London
    Ratings:
    +1,738
    A shared PSK is just about the worst form of "security" there is - it's better than nothing, but not much. The inherent weakness is that the "key" is shared by everyone. If it's ever compromised and/or ever you have to change it, it hits all users, (imagine that in a business with hundreds/thousands of users!) And of course, that means you cannot turn individual users on/off easily without getting into MAC Address filtering and so forth.

    A far better security paradigm is to ascribe everyone their own individual credentials. Thence you can turn on/off any given individuals access and the "flick (click) of a switch" (or on a timed basis) and everyone else is unaffected. However, this sort of feature is really rare in basic SOHO kit and so we're stuck with Pre-Shared Keys (PSK.) Indeed, many people - even amongst IT Pro's - are so "used" to PSK that it doesn't occur to them that there's any "other" way to do Wi-Fi security and what's know as "Admission Control" (deciding who to let on, when and where.)

    AeroHive used to offer a feature called "Private PSK" (PPSK) whereby users were still given a "Wi-Fi Key," but the key was generated on a "per user" basis rather than one (common) key "per SSID." That way users have the familiarity of their beloved "Wi-Fi Keys" and use the same SSID and we can leave them along to set things up themselves, but system managers gain the advantage of "per user" credentials (for both access and auditing.)

    PPSK is such a great idea, I'll be surprised if it doesn't catch on with other vendors (unless AeroHive have gone and patented or something.) I used to work in higher education and of course we had a hugely transient user base and PPSK was a godsend for us.

    I don't recall whether AeroHive gave us the ability to to restrict access by "time," but given that their kit gave you controls over pretty much everything you could ever imagine, it wouldn't surprise me.

    On another matter, you say you are fostering, one wonders whether you might have more stringent "duty of care" responsibilities to your charges and need to police what they can/can't get to on the Internet more assiduously as would be the case for schools and colleges. You might care to have a word with "the authorities" or take some professional advice and see if you are "on the hook" more than biological parents would be. My last job was in children's schools and this is the sort of thing that kept us awake a night.!
     
    Last edited: Sep 10, 2017
  7. maf1970

    maf1970
    Well-known Member

    Joined:
    May 2, 2006
    Messages:
    2,146
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    86
    Location:
    Aberdeen
    Ratings:
    +314
    I must echo mickevh's point. Definately check with who you work for regarding rules/regs/guidelines you are expected to follow. I would say there is almost certainly going to be some requirement for internet content filtering, availability and monitoring/logging what they do.

    Look at Draytek for a possible all-encompassing solution. They provide routers with comprehensive facilites, wireless access points and software to allow this. However their kit can be expensive so to cut costs it would be worthwhile trawling Ebay for cheap 2nd hand kit.

    DrayTek Vigor - ADSL Routers Firewalls UTM VoIP IP PBX and Networking Products
    User Management & Access Control
    Web Content Filtering
    Hotspot Web Portal
     
  8. zad

    zad
    Well-known Member

    Joined:
    Jan 3, 2003
    Messages:
    1,614
    Products Owned:
    0
    Products Wanted:
    1
    Trophy Points:
    83
    Location:
    Wigan
    Ratings:
    +259
    I have set filters etc... bit of a pain for me having to go and allow websites for myself!! even Drone reviews on UAV were blocked :)

    Will probably get one of the Asus routers that seems to fit the bill.
     

Share This Page

Loading...