{"id":254,"date":"2015-02-03T11:51:11","date_gmt":"2015-02-03T19:51:11","guid":{"rendered":"http:\/\/alduras.com\/wp\/?p=254"},"modified":"2018-11-04T06:32:05","modified_gmt":"2018-11-04T14:32:05","slug":"device-selection-for-a-guest-wifi-network","status":"publish","type":"post","link":"http:\/\/alduras.com\/wp\/device-selection-for-a-guest-wifi-network\/","title":{"rendered":"Guest WiFi Network – Part 1 – Device Selection"},"content":{"rendered":"\n

We run a small Bed and Breakfast out of our house - or actually a couple vacation rental Suites <\/a>since we don't offer the breakfast part of the B & B.  I'm no cook :-),  just a techno-geek who has thoroughly enjoyed meeting the friendly guests that have stayed in our home.<\/p>\n\n\n\n

When we show our guests around, 100% of them have asked 'What is the WiFi password?'  Every group of guests, of every age, has asked this question.  No kidding: 100%.  As an aside, our vacation rentals don't have phones: we rely on guest cell phones.  So far, not one comment or question about the lack of phones.  Its fair to say the world is now mobile - at all ages.<\/p>\n\n\n\n

So figuring out a way to set up a guest WiFi network is de-rigueur for a vacation rental host in today's world.<\/p>\n\n\n\n

My first attempt at setting up a guest WiFi network was easy and inexpensive.  I ran Cat5E wires to each level of the house, put an Access Point at each level, and installed a switch to feed wired Ethernet to each Access point. I plugged those into my router and had a functional house-wide Wifi network in no time.<\/p>\n\n\n\n

About This Series of Articles<\/h2>\n\n\n\n

This article is one of a multi-part series on setting up a segregated Guest Network, including a guest WiFi network, within a Home Network.  It is essentially an introduction to Virtual Local Area Networks ( VLAN), provides a simple use case for VLANs and gives a complete set of recommended hardware plus details the setup of that hardware.<\/p>\n\n\n\n

The series of Guest Network articles progresses as follows:<\/p>\n\n\n\n

  1. We select a set of low cost hardware<\/a> to meet  our criteria of creating a Guest Network, including Guest WiFi, within our Home Network.<\/li>
  2. We go into some detail why we use VLANs and a managed switch<\/a>.  Understanding VLANs is key to understanding how to build a guest network.<\/li>
  3. We set up the TPLink TL-WA801N WiFi Access points<\/a>.  This is a very simple process where configure each AP onto our Home Network and configure the AP's WiFi to operate on our separate Guest Network VLAN.<\/li>
  4. We set up our managed switch<\/a>, a Cisco Linksys SG300-10P, to send Home Network traffic to only the Home Network devices and Guest Network traffic to only the Guest Network devices.  And we show the special case of mapping the Guest Network Access Points onto both networks simultaneously.<\/li>
  5. We begin preparing our main router, a TPLink TL-WR1043ND, to create and manage the VLAN traffic for our Home Network and our Guest Network.  Since the WR1043ND does not come with 802.1q VLAN support out of the box, this article is where we install openwrt on the WR1043ND<\/a>.<\/li>
  6. Lastly, we configure openwrt on the TPLink TL-WR1043ND<\/a> to create and manage all the VLAN traffic.<\/li><\/ol>\n\n\n\n

    In this article of the series, Part 1, we identify the hardware we purchase to allow us to create a Guest Network with WiFi.<\/p>\n\n\n\n

    Problems With Having Access Points on My Home LAN<\/strong><\/h2>\n\n\n\n

    1) Security<\/strong>.  I was not keen on having guests on my internal network that feeds my PCs, laptops, phones, tablets, BluRay, ...  I wanted to ensure the guests cannot bring in a virus to affect my network computers or access information from my computers - so I wanted them on their own network.<\/p>\n\n\n\n

    Honestly, it gave me the creeps to know my taxes and personal financial information were on a network PC that was accessible by my well-intentioned guests!  Who knows what kind of nasty, unknown, undetected virus they were bringing onto my network with the devices they brought from their homes.<\/em><\/p><\/blockquote>\n\n\n\n

    2) Power<\/strong> for the remote Access Points.  When we remodeled, we ran Cat5E throughout the house, but the ideal location for each Access Point does not always have a 110VAC power plug near the Ethernet jack.<\/p>\n\n\n\n

    Technologies To Put Guests on a Private WiFi Network<\/strong><\/h2>\n\n\n\n

    1) VLAN<\/strong>.  VLans will ensure complete segregation of the guest network.  The buzzword here is 802.1q.  We will use a router and switch that fully supports 802.1q to create the separate guest network without running any new Ethernet wiring.<\/p>\n\n\n\n

    2) Power Over Ethernet<\/strong>.  A PoE<\/strong> managed Ethernet switch will allow each Access Point to be powered directly from the switch: no 110VAC needed near the Access Point.  The buzzword here is 802.3af (original low power PoE) or 802.3at (newer high power PoE).  Our switch will need to support 802.3af so we can power each Access Point remotely from the Ethernet switch.<\/p>\n\n\n\n

    Devices Purchased<\/strong><\/h2>\n\n\n\n

    The following devices were low cost, yet had excellent reviews at the time of this installation (February 2015).  The devices were selected to ensure they support the technologies needed: 802.1q VLANs and 802.3af PoE.  I spent just under $500 total with PoE.  Without PoE, the total cost is around $200<\/strong>: quite a bargain to get whole-house WiFi with a secure, separate guest network..<\/p>\n\n\n\n

    1) TPLink TL-WA801ND<\/strong> Access Points.  Quantity two.  About $52 each.  I installed one for WiFi coverage of the upper house level and the second Access Point for WiFi coverage of the ground house level.  The main level of the house receives WiFi coverage via a third device: a TPLink TL-1043ND WiFi router (my Internet-connected main router).  Now I have WiFi radios on each of the three levels of the house to assure excellent WiFi coverage everywhere.  The stock TPLink firmware of the WA801ND supports 802.1q WiFi VLANs using a feature called Multi-SSID.<\/p>\n\n\n\n

    \"Guest<\/a>
     TPLink WA801ND Access Point (with VLAN Support) and PoE Splitter<\/figcaption><\/figure><\/div>\n\n\n\n

    Update: I tried using these TL-WA801ND Access Points for about a year and made a point of upgrading the firmware whenever TpLink released new versions.  But these were NOT reliable: each of them would crash and lock up every few days to few weeks.  This was totally unacceptable for our Bed & Breakfast since these access points seemed to sense when I was out of town, not available to bring them back to life.  I needed RELIABLE hardware and these did not fit the bill. <\/em><\/p>\n\n\n\n

    I have since replaced these TL-WA801ND AP's\u00a0with multiple ZyXel NWA-1123 AP's and there is a night and day difference in reliability.\u00a0 Not one crash in over two years time with the ZyXel Access Points.\u00a0 The ZyXel AP's also easily support the VLAN configurations and (true) PoE described throughout these documents.\u00a0 <\/em>\u00a0The Zyxel AP's include both 2.4GHz and 5 GHz radios: they support 802.11 a\/b\/g\/n\/ac instead of just 2.4GHz\u00a0 b\/g\/n.\u00a0\u00a0Definitely more expensive than the TpLink AP's, around $100 each instead of $55 each ($35 for TpLink AP plus $20 for TpLink PoE Splitter), but I need equipment that works!<\/em><\/p>\n\n\n\n

    2) TPLink TL-POE10R<\/strong> PoE Splitters.  About $20 each.  Quantity two.  This device regulates the 802.3af PoE (48VDC) Ethernet from my PoE Switch to the required 9VDC of the TL-WA801ND Access Points and provides the power connector cable to operate the TL-WA801ND directly from my Ethernet wiring.  Each Access Point therefore requires no nearby AC power plug.<\/p>\n\n\n\n

    Update: Not needed with the ZyXel NWA-1123 Access Points since the ZyXel AP's support PoE directly without this somewhat kludgy adapter.<\/em><\/p>\n\n\n\n

    3) TPLink TL-WR1043ND<\/strong> Wifi Router.  About $50.  This is a dual band (2.4GHz\/5GHz) Wireless N Router with four gigabit Ethernet LAN ports and a gigabit WAN port.  By replacing the stock firmware with openwrt, this router fully supports 802.1q VLANs.  A full 802.1q<\/strong> implementation is required to make the VLANs work properly for my configuration: we'll make use of this router's ability to put untagged frames and tagged frames on the same port simultaneously.<\/p>\n\n\n\n

    \"Guest<\/a>
     V1.X TPLink WR1043ND Router With OpenWRT 802.1q Simultaneous Untagged\/Tagged VLAN Support<\/figcaption><\/figure><\/div>\n\n\n\n

    Please note: if you purchase the V2.X TPLink TL-WR1043ND, it uses a different switch chip which does NOT yet (as of Feb 2015) have a 'Stable' build of openwrt available with 802.1q support. These series of articles assume you have purchased V1.X hardware, as depicted above.  If you instead purchase V2.X hardware, you may need to build openwrt from source which is a task not covered in these articles.<\/strong><\/em><\/p>\n\n\n\n

    4) LinkSys SG300-10P<\/strong>\u00a0Gigabit managed PoE Switch. About $280: ouch. \u00a0A newer option for a gigabit managed PoE switch is the Linksys LGS308P<\/strong>: 8 ports gigabit PoE (instead of 10), but also supports the higher power 802.3at<\/strong> PoE and is available for about $140. \u00a0The SG300-10P managed switch fully supports 802.1q VLANs. \u00a0This switch is fanless: no need to listen to liftoff of the space shuttle here! Why spend so much\u00a0money on the switch? \u00a0You can spend less: see the following list of features we'll need.<\/p>\n\n\n\n

    \"GuestWiFiSG300-10P\"<\/a>
     Cisco Linksys SG300-10P 10 Port Managed Gigabit Switch with 802.3af PoE<\/figcaption><\/figure><\/div>\n\n\n\n

    Switch Features For a VLAN Segregated Network<\/h2>\n\n\n\n