WAP Configuration in retail environment?

[goheels]

I need to set up guest wifi in a retail environment on a university campus. The university supplies our internet connection through a firewall. We have a separate Netgear ProSafe firewall for our Point-of-Sale system.

To maintain security for point-of-sale, I need to connect the wifi to the internet between the university firewall and our point-of-sale firewall. I purchased a NetGear Pro-Safe Plus 5-port gigabit switch and a Ubiquiti UniFi Access Point. I thought I would be able to route the internet into the switch, then out to 1) the point-of-sale firewall; 2) a video streaming device; and 3) the Wireless Access Point. I was thinking that the switch acted essentially like a router but have now learned that's not the case. The WAP requires DHCP, which the switch does not provide. I wanted to use the switch because I could set priorities by port, with a high priority for our point-of-sale, a lesser priority for the video streaming device (for streaming live events on screen) and the lowest priority for the wireless access point, which is for guests.

At this point I assume that I need a router, but I don't know what configuration I need, nor what kind of router to provide. My objectives are:

1. Maintain PCI (point-of-sale security) compliance by connecting the wireless access point between the university firewall and our NetGear ProSafe firewall
2. Be able to set priorities, so that point-of-sale system can be the highest priority and the video streaming device can be a higher priority than the WAP. It's especially important that the wifi use of our guests does not cause degradation of our video streaming.
3. Use the Ubuiquiti UniFi AP so that I can take advantage of its features such as password, controls, landing page, etc.
4. Keep costs reasonable.

Should I be looking at adding a wired router? I don't see many of them listed for sale. Can the same thing be accomplished with a multi-port firewall? If I add a wired router, do I skip the switch, and will I still be able to set priorities? Or do I just have the switch connect to the wired router and otherwise use the switch the way I originally intended? I'd appreciate any guidance.

 

[Mushkins]

Literally all you need here is a good SoHo router. Higher end models like the ASUS RT-N66U can do quality of service to prioritize traffic from the PoS devices/streaming device. Turn off the wireless on the router itself, plug the Ubiquity into one of its ports, and configure it as a secure guest network with the Ubiquity software on a PC locked up in the back somewhere. If you have more devices than can plug into the router directly, plug the switch into the router and the devices into the switch. In this case you would not use any of the quality of service features on the switch, let the router handle it. I just picked up an N66U from amazon for like $130 bucks. You've already got the rest of the hardware.

 

[goheels]

Mushkins, thanks very much for the help. I'm ordering the ASUS router, as you suggested.

 

[hoboville]

Agreed, make sure the ASUS router has QoS features or traffic shaping capabilities. If you want guest WiFi users to only have access to the internet and not the LAN ports on the router, then be sure to enable wireless isolation. This should keep your wired devices secure from malicious wireless users.