On Tue, Jul 16, 2013 at 09:02:51PM -0400, Al Jachimiak wrote: > Ok. I guess it would be helpful to share what I'm trying to do! :-) > > Minimum goal: Make a second WLAN for a guest network (think waiting room) > that has access to the Internet, but is isolated from all resources on my > current home network. > > Secondary goal: Have the ability to throttle traffic on that secondary > network. Limiting each connection or, at the very least, the total bandwidth > would be nice so the primary network doesn't get slowed by a guest camping > out on YouTube or Netflix. > > Bonus: Have the ability to track or log sites and then maybe block or slow > traffic to those sites (perhaps even dynamically...). > > FYI - My current wireless router covers my home well with stock firmware but > guest and second a/n radio functions do not work with wpa2 for some reason. > I'm happy with current performance and I don't want to mess up a working > setup with a possibly borked dd-wrt installation. Note: I've installed it > previously, but I can't afford any downtime. > > I'm looking for most functionality with least cost and these seem to be the > best two options: > 1.)Newegg has a $20.00 d-link dir-615: > http://www.newegg.com/Product/Product.aspx?Item=N82E16833127241 > It looks like it has dd-wrt compatibility from this table: > http://www.dd-wrt.com/wiki/index.php/Supported_Devices#D-Link > > 2.) I can get a microtik RB951-2N for about $45.00: > http://routerboard.com/RB951-2n > > I'm leaning towards the d-link with dd-wrt, but does it have the bandwidth > limiting functions? > How about logging and tracking? > > If the microtik has more functionality, I am willing to pay the higher > price...
I wouldn't necessarily go for either, if it were me. The n66u is pretty great, it comes in at about $120. While it's possible to over-spend, generally the cheaper you go the crappier it gets. If it were me, I'd use vlan tagging and run a trunk to my router to split the different SSIDs into segregated networks. Doing connection tracking on an AP, especially a $20, is going to be extremely challenging, for "basically impossible" levels of "extremely". Even on a good AP, they're really not designed for that sort of thing. I'd expect to do that tracking on my router - assuming my router was a PC. For HTTP tracking you're going to have to do something like a rewriting squid proxy, and dnat all egress port 80 to allow it to rewrite and log it. You're going to almost definitely need a PC-class system to do that - you could use your router to rewrite egress 80 traffic to your squid box, then allow the squid box to directly leave the network; if you don't want to deal w/ setting up your router on PC class hardware. Right now, for my money, it's the asus n66u - and I just bought two of them. The stock firmware is pretty solid, there's also a ddwrt build and some other stuff for them. Bandwidth limiting is also something you'd do on the router, not the AP, in most situations. Wondershaper does a good job of this. BW limiting is, in general, a bit of a tricky thing; it's much easier to limit upstream than downstream. Hope that helps; -m --
signature.asc
Description: Digital signature
_______________________________________________ Mid-Hudson Valley Linux Users Group http://mhvlug.org http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug Upcoming Meetings (6pm - 8pm) Vassar College Aug 7 - Scripting Your World with Python Sep 4 - NoSQL and MongoDB Oct 2 - OpenFlow: Open Standard for Networking Hardware
