Challenges & Considerations
- No limitations of usage – guests able to abuse the connection if they wish
- Protection for staff and guests – filtering out illegal/explicit content, etc.
- Large halls including café and offices – wide reach of wireless required
- Separation of guests from staff on separate wireless networks required throughout all of the buildings
- Budget driven to some extent, cost is a consideration as this is a charity
The Problem
- To use wireless repeaters - drawbacks: relies on accurate positioning of kit, if one repeater is turned off or stops working it means the chain is broken
- To buy separate wireless kit for the guest network and the staff network
- To set up passwords on both networks
- Unreliable wifi for guests in the café (open to public)
- No security on the wifi network (no password/encryption)
- No separation of devices (guests were joining same network as office computers)
- No bandwidth management
- Kids from school directly next door able to connect if close enough
The Solution
We purchased Ubiquiti Unifi Wireless Access Points which are capable of handling multiple wireless networks. We created one network for the office staff devices and computers and one for the café guests. By setting up a tagged VLAN on the Draytek router we were able ensure separation of guest devices from the office network. The access points were evenly spaced out within the buildings, all connecting back to the main switch via power over Ethernet, also reducing the number of cables and ensuring a tidy finish.
The access points can intelligently hand over connected devices to each other to ensure each device is connected to the closest/strongest signal/access point. So as users walk around the building they stay connected and always to the nearest access point.
The access points came with 3 year cloud controllers as part of the extremely reasonable price which includes a haven of additional features for guests including use of token. This means that guests can be given a token with their cup of coffee that allows them access for a specific number of hours or days. We set up alerting so that we are notified if any of the access points go offline to prevent any ongoing, irritating glitches.
Furthermore, we forced all traffic for staff and guests to use OpenDNS Family Shield to filter out any known, blacklisted sites. This prevents access to illegal, illicit or adult sites, protecting all users.