Suggestions on Restaurant Setup

Discussion in 'Tomato Firmware' started by ladysman, Oct 30, 2010.

  1. ladysman

    ladysman Network Guru Member

    So I do a lot of side work but have never encountered this. Unless i'm completely forgetting something. :biggrin:

    A local restaurant just switch ISP's so now they have comcast. Of course, there is a lot of stuff on the network. At least 12 PC's all the time then another access point in the bar area for patrons that they give the password too. Music System, POS system, etc.

    Setup is as follows today.

    Comcast Business modem with an E2000 router. 2 networks setup, a guest with no encryption but a password. and of course WPA2 setup for the workers.

    The E2000 isn't working very well. Some wireless clients won't connect to it at all and it keeps dropping connections. Firmware is the latest too. They just bought it so they are going to take it back. They asked me to setup something that works.

    Thus i'm leaning towards 2 RT-N16's. 1 that will do all the routing and have the WPA2 AES encryption for the workers. The other will just be an access point in the bar area with no encryption at all.

    My question is, first, I assume I can setup the second access point different from the first? I've never done that as i've always set them up to repeat the signal.

    Second, is there a way to setup with a password and no encryption.....i.e. a login page? (That is how the E2000 does it.)

    I should note that the 2nd RT-N16 in the bar area has an ethernet jack to use. :)

    Thanks guys! I want to order the RT's this weekend so any help is appreciated. :)
  2. jsmiddleton4

    jsmiddleton4 Network Guru Member

    If you want a log on page you need to look at something with a hotspot build in. Sorry but then you are looking at one of the DDWRT flavors and not Tomato.
  3. onehomelist

    onehomelist Addicted to LI Member

  4. Toastman

    Toastman Super Moderator Staff Member Member

    I have some business/coffee shop installations so thought I'd tell you how we did it, ideas are always useful to kick around.

    The coffee shop sits on a separate vlan with it's own subnet, to keep people away from the business. The main router is an RT-N16 in the business area. The wireless is also enabled for laptops, visiting guests - access is by using WPA2 Personal+AES encryption. Most of the business machines are wired to a 24 way gigabyte switch. User access controls for the business machines are done with static dhcp assignment, and by an Access Restrictions rule using MAC addresses.

    The coffee shop vlan uses RT-N16 or WRT54GL AP('s) wired to the extra vlan port on the main router - it uses a separate SSID and is isolated from the business setup entirely, it can use any or no encryption - up to you. You don't really need a splash page. The main RT-N16 router assigns IP's by DHCP to both vlans. QOS works on both networks. You can use the QOS to restrict the speed or whatever for the coffee shop users.

    Hope this helps you choose.

    The setup scripts for creating and routing the extra vlan is here:

    This will work right away if you just key it into the appropriate boxes.

    Oh, I forgot. Something you might like to know about. Linksys make a gadget for coffee shops and the like for user access and billing. It has a little ticket printer, and is essentially a router bodged to use ARP spoofing to allow access to users whatever their machines are or how they are configured, whatever the IP it may have. I forget what it's called but it might be of interest. In practice you would just put it on the coffee shop's vlan - sitting near your cashier I guess. You own it, and you don't have to pay anyone on the far side of the world with an auth. server to screw up your business for you. Personally, unless a coffee shop has free wifi - you won't see me anywhere near it though. :biggrin:
  5. ringer004

    ringer004 LI Guru Member

    Maybe I'm not sure if the 'hotspot' concept provides different benefits as opposed to a normal access point.

    What I mean is this. If you want to force the customer to use a "password", why not just have a second WPA2-AES access point with a simple password for the guests (like TGIFRIDAYS).

    Maybe the original solution used the login page because that is what the E2000 provided. Don't let the original implementation dictate the new implementation - let the requirements dictate the final solution.

    And I would use two separate SSIDs and far apart channels (like 1-11, 1-6, 6-11, etc)

    Good luck.
  6. ladysman

    ladysman Network Guru Member

    Thanks for all the suggestions. What you just posted was my thought as well. some like the hotspot because of the "Terms of service" you agree too but there was no such thing here thus i also never saw the point.

    I have setup many "repeater" setups in different locations including my own so I assume the implementation is the same with the exception I have a different SSID and password?

    router 1 (main) DHCP enabled
    Router 2 Static address DHCP disabled

    This is how i've setup repeater setups with good results.

    Am i making sense? :biggrin:
  7. ringer004

    ringer004 LI Guru Member

    I think so. But a 'repeater' as far as I know just extends your existing wireless network (for example, to extend the signal into hard to reach areas). Maybe I misunderstood your intent - or we have a terminology mixup.

    I thought this setup (i.e., a repeater) would use the same SSID, passphrase, be on the same subnet, etc. And I think this very bad. You do *not* want your guests on the same subnet as the real business operation. You want them isolated on their own subnet.
  8. ladysman

    ladysman Network Guru Member

    Thanks. Appreciate more brains as I didn't even think about that. So I would disable DHCP since the main router would be doing that then assign an IP address to it ( for example) and assign a different subnet in this case (

    Appreciate everyones ideas and help. :)
  9. Toastman

    Toastman Super Moderator Staff Member Member

    Remember that unless you isolate your coffee shop from the business it is a big security risk. That's why I made the suggestion of the extra vlan. Once that is done, just a different password and SSID is all you need for the coffee shop. Once you have your RT-N16 you could just key in the changes above, and it will work right away.
  10. ladysman

    ladysman Network Guru Member

    Sorry Toastman, I didn't even see your post! My apologies!c :redface:

    I have a spare RT at home that i'm going to play with on my home network tonight.

    Thanks again guys.

    As far as password on the SSID, they've noted they want it open.
  11. ladysman

    ladysman Network Guru Member

    Finally got this setup done. Big thanks to Toastman for his VLAN help!

    Everything works as it should. Yay! :)

    Although it's not to say there weren't headaches. However the headaches were not what I expected. They were all wireless related. Very very odd situation.

    The setup for the main business wireless would simply NOT work at all in the bar area. There is a Cat 5e cable that runs out to the bar (actually there is Cat5e all over the place in restaurant) and I setup a second RT-N16 as a repeater. I know 100% it was setup correctly but no device would ever connect to it. (Beta 23 by the way). Then i decided to play with channels. Set it to Auto (It was on 11) no go. Set it to 6, no go. Set it to channel 1 and bingo, it was working as it should.

    Very odd. So as a test, I set the main router (which they don't use for wireless as often as the other behind the bar) to channel 11 and bam, my iphone simply would not connect to it. Changed it to 2 and it was fine.

    I should note, this was on 20mhz because not all of the clients would connect to 40 (Dell wireless cards for example).

    Something else too was I had to change the encryption from WPA2 AES to WPA2 TKIP/AES. Straight AES would work or it wouldn't let clients connect and if they got connected it would kick them off. Changing it to TKIP/AES fixed the problem. NOw I know I don't have N wireless because of it, but neither do they.

    Just wanted to pass along some findings from yesterday. Thanks again to Toastman!
  12. Toastman

    Toastman Super Moderator Staff Member Member

    That's weird with the AP access channels ... !! Are the Dells using Intel wireless ? Some manufacturers don't allow 40MHz connections on 2.4GHz as it causes interference to other channels, I believe Intel do this on some models. Others supposedly implement some scheme to detect other users and fallback to 20MHz channel prevent interference (which doesn't seem to work). There was a proposal that no 40MHz channels would be used on 2.4GHz but seems like the steering committee could not enforce it.

    Glad it's worked out.
  13. TexasFlood

    TexasFlood Network Guru Member

    Are there any microwaves running in those areas? I've read that microwave ovens generally offer interference in the upper portion of the 2.4GHz band so you may be able to minimize microwave oven interference by using, for example, channels 1 or 6 instead of 9 or 11 in those areas.
  14. ladysman

    ladysman Network Guru Member

    The Dells are the Dell 1397/1390 wireless cards.

    I use 40mhz at home without issue and I have many various devices and it works great (channel 1) most of which are Intel cards.

    There are microwaves i'm's a but not anywhere near where these routers are....that I remember at least.
  15. TexasFlood

    TexasFlood Network Guru Member

    I don't know how close the microwaves need to be to cause interference but it sure sounds like the same symptoms I saw in my home from microwave interference.
  16. Toastman

    Toastman Super Moderator Staff Member Member

    OK, you have Broadcom Corporation BCM4312 802.11b/g wireless cards, not Intel :)

    Broadcom cards are usually fine anyway.

    Microwave cookers use extremely powerful RF generators, of the order of kilowatts. They would wipe out the router's signal for a considerable distance - it is impossible to shield them well enough to prevent quite considerable leakage. It could well be that.
  17. ladysman

    ladysman Network Guru Member

  18. TexasFlood

    TexasFlood Network Guru Member

    It would be consistent with my experience. I ran my routers on channel 9 for years. It worked fine but when I ran the Microwave, my wife crawled at best but usually was just effectively dead until the microwave shut down. After reading that I should try the low end of the range, I switched to channel 1 and was able to use my network just fine while microwaving a big bowl of water as a test. My microwave is at least a room away from any of my routers or clients.
  19. Sarkelaru

    Sarkelaru Addicted to LI Member

    For a login page you need extra hardware, search for monowall or pfsense.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice