Question:
Dedicated wifi network with extra router and cap individual's usage.?
philip
2016-07-27 14:32:21 UTC
So to sum it all up... I have two neighbors who is on my uncapped network, and they are using quite a bit of my softcap and it is frustrating me and with that, they are using it for free and that is not working for me.

So here is what I want to do...
using an extra router, create a dedicated network which they can use, but being able capping them, say, with 5gb or 10gb or so, but when it is used up their access should be stopped.
But being that there are two different people, I can not cut the entire network, so I am looking for something like a user account system, like what internet cafes use. each neighbor has his one user name and password and own amount of cap. so if one usage all his data the other one still has access as he has not used it all, also I would like to be able to show them their usage so that they can not say I am not giving them all their data.

I wish for the easiest way to do this and as I am good with a pc, I do not claim to be an expert, but I do not know much about networks, just the basics, so step by step instructions is best. And I am looking for something that is not paid for, open source preferred if software is needed.

Thank you.
Three answers:
Dave
2016-07-27 14:37:39 UTC
To accomplish this, you're going to have to drop a LOT of cash on a commercial router AND setup a RADIUS server. Like $500-$1500. Just change the password and tell them to get their own internet.
featherawr
2016-07-27 15:41:24 UTC
You could do this with pfSense and Captive Portal, but if you want to actually enforce a data cap you need RADIUS, though you could install that on pfSense as well via SSH command line. If you don't want to use RADIUS, you can enforce a bandwidth limiter (ex. limit VLAN 2 to 10Mbps), you would also be able to block BitTorrent traffic via a layer 7 firewall rule.



In terms of what to buy, well pfSense can be installed on anything so as long as you have Gigabit Ethernet ports, so you have options there, the only real concern is having a CPU that has a chip that does encryption built-in if you ever think you might want to setup a VPN on it, or else it is going to be super slow and inefficient. So you can either custom build your own machine for cheap, or Netgate also makes really nice 1U rack-mount appliances.



If you wanted to bandwidth-limit by VLAN, basically you just need a switch that supports VLAN tagging and an AP that supports VLAN tagging (or you need 3 APs, so tagging is preferable). What you would probably want to setup is three VLAN sub-interfaces on the firewall, example being 1 for Data, 20 for neighbor #1, and 30 for neighbor #2. Then you can connect your firewall to your switch (that supports VLAN tagging) and setup a VLAN trunk on your switch with the same VLANs allowed on the port connected to the firewall and AP. Then you would plug in your AP and set it up with all VLANs (1, 20, 30) to the switch, then setup your SSIDs and tie them to the correct VLAN.



If you don't have hardware that can VLAN tag, you could probably set DHCP reservations for your neighbor's devices, then bandwidth throttle them by their IP. Only downside is if they change devices.



Hope this helps.
2016-07-27 14:59:17 UTC
To do that you need to do what the Internet cafes use, a server. No router can do that. You do realise if your provider discovers you are letting neighbours use your service which is against their terms of service, they will terminate your service. The neighbours and you could be charged with theft of service as it is depriving the provider of possible contracts. And that can carry prison time.


This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.
Loading...