Questions about Unifi for a bar

Hi Everyone

I'm new to the site and have a few questions about Ubiquiti Unifi which i hope can be answered.

I was looking at the Troy Hunt videos last night and i was impressed with what i saw however i'm just a little confused about a few things that i'd need unifi to meet for a friend's bar business:

1. Scheduling the Wifi - I'd need to set schedules for the customer's wifi as i've been told the residents above the bar are using the bar's wifi. Obviously this cannot be stopped fully when the wifi is online but when the bar is shut, it would be nice to turn the customer wifi off.

2. Guest Wifi / VLANS - need to keep customers off the business network. I guess this is done by the SWG?

3. Is it possible to have a custom login screen so that customers almost have to do a click passthrough or enter their social details (facebook, google) to logon to the wireless

4. Rate limiting - I'd like to be able to rate limit the guest wifi as this business only has 20mb connection. I'd like to offer maybe 10 - 12 mb for guests and the rest would be enough for card payments etc.

5. Can the unifi system do port forwarding as the business has CCTV which is remotely accessible.

6. Does it support DDNS?

7. At the moment, they have a basic router. I'm planning on installing a draytek 2830 for now with no wireless and configure it so that the router they have at the moment is used as a dumb AP away from the main network. Does the SWG do this or should i keep the draytek there if and when the unifi goes in.

8. What firewall settings can be configured

9. Is there a database of sites say gambling, adult, etc that can be blocked

Equipment:

I guess i will need:
- AP-AC-Pro - maybe 2 of these for the bar
- Cloud Key for remote access to the network
- 8 /16 /24 port PoE switch from ubiquiti
- Security Gateway
- Draytek Vigor 130 for the incoming ADSL connection which will be connected to the Security gateway

I think that is it.

I was going to put in a draytek 2860n router and 2 APs as the draytek will pretty much do everything i want it to do but i thought i'd look at the unifi range.

I'd be grateful on your comments on the above questions and if you have any comments or suggestions, please let me know.

Thanks

Just to explain to folk that Tim is a colleague of mine who rang me up about Unifi - I suggested he come here as you guys have more Unify than I do; I've only got one AP.

I'd be grateful for any help you can give...

Peter

I only have a UniFi AP, but I'll answer what I can.

1. Scheduling the Wifi - I'd need to set schedules for the customer's wifi as i've been told the residents above the bar are using the bar's wifi. Obviously this cannot be stopped fully when the wifi is online but when the bar is shut, it would be nice to turn the customer wifi off.

Is this such a bandwidth hog that it's even worth doing? Aren't you in danger of pissing off what could be your best customers?

2. Guest Wifi / VLANS - need to keep customers off the business network. I guess this is done by the SWG?

The AP itself can be (and probably has to be) set up with guest wifi. It supports at least 2 different SSIDs, and either or both can have login portals.

3. Is it possible to have a custom login screen so that customers almost have to do a click passthrough or enter their social details (facebook, google) to logon to the wireless

Yes, at least the custom login screen but really, truly, this is A TERRIBLE, INVASIVE, AWFUL IDEA that your patrons will HATE. Or at least they should. I would never come back to your bar if you did this "social details" capture stuff. Your bar owner needs to stop thinking of wifi as a potential profit source. It's a competitive advantage--unless they set it up as they're considering, in which case it becomes a disadvantage.

4. Rate limiting - I'd like to be able to rate limit the guest wifi as this business only has 20mb connection. I'd like to offer maybe 10 - 12 mb for guests and the rest would be enough for card payments etc.

Pretty sure you can't do this with just the AP, and that's all I have. I think the gateway can do this.

5. Can the unifi system do port forwarding as the business has CCTV which is remotely accessible.

Yes.

6. Does it support DDNS?

Pretty sure it will support any DNS you use, but again, I have just the AP behind a DSL router. By support, do you mean does it have built in clients for various DDNS companies??

7. At the moment, they have a basic router. I'm planning on installing a draytek 2830 for now with no wireless and configure it so that the router they have at the moment is used as a dumb AP away from the main network. Does the SWG do this or should i keep the draytek there if and when the unifi goes in.

I would go 100% Unifi equipment to ease integration.

8. What firewall settings can be configured

9. Is there a database of sites say gambling, adult, etc that can be blocked[/quote] Another terrible idea from a customer service standpoint unless this bar is more of a kid's place.

Equipment:

I guess i will need:
- AP-AC-Pro - maybe 2 of these for the bar[/quote]
Is the place that huge??? I have a 3100 square foot home that's quite long and 1 covers all of it and a lot of the yard.

- Cloud Key for remote access to the network
- 8 /16 /24 port PoE switch from ubiquiti
- Security Gateway
- Draytek Vigor 130 for the incoming ADSL connection which will be connected to the Security gateway

I think that is it.

I was going to put in a draytek 2860n router and 2 APs as the draytek will pretty much do everything i want it to do but i thought i'd look at the unifi range.

I'd be grateful on your comments on the above questions and if you have any comments or suggestions, please let me know.

Thanks

I have a full UniFi system at home, currently with a USG, a POE switch, and 3 APs. Adding two more switches this week to replace some other brands.

1. Scheduling the Wifi - I'd need to set schedules for the customer's wifi as i've been told the residents above the bar are using the bar's wifi. Obviously this cannot be stopped fully when the wifi is online but when the bar is shut, it would be nice to turn the customer wifi off.

One, bad idea. Two, no capability for scheduling things like this in the native UI. You could probably figure out a way to do it with cron jobs using the CLI, but I wouldn't do it.

2. Guest Wifi / VLANS - need to keep customers off the business network. I guess this is done by the SWG?

You can do a OK job just with the APs, but to do it right you need a router and switches that support VLANs.

3. Is it possible to have a custom login screen so that customers almost have to do a click passthrough or enter their social details (facebook, google) to logon to the wireless

Yes, you can force connections to go through a portal page to get access. A simple terms page a button is fine for a bar. Don't be asking for social media info. Really bad idea.

4. Rate limiting - I'd like to be able to rate limit the guest wifi as this business only has 20mb connection. I'd like to offer maybe 10 - 12 mb for guests and the rest would be enough for card payments etc.

Easy to do with the full setup (including USG). Not sure if you can do it with only APs.

5. Can the unifi system do port forwarding as the business has CCTV which is remotely accessible.

Yes.

6. Does it support DDNS?

Yes. There's like eight different DDNS providers directly supported, or any others that use the same protocol.

7. At the moment, they have a basic router. I'm planning on installing a draytek 2830 for now with no wireless and configure it so that the router they have at the moment is used as a dumb AP away from the main network. Does the SWG do this or should i keep the draytek there if and when the unifi goes in.

If you can, get a pure ADSL modem or something that can be configured in bridge mode. Then add the USG as soon as you can. It's only about $100.

8. What firewall settings can be configured

Pretty much anything you can think up can be added as a firewall rule.

9. Is there a database of sites say gambling, adult, etc that can be blocked

It can be done, but that's a non-trivial setup.

Equipment:

I guess i will need:
- AP-AC-Pro - maybe 2 of these for the bar
- Cloud Key for remote access to the network
- 8 /16 /24 port PoE switch from ubiquiti
- Security Gateway
- Draytek Vigor 130 for the incoming ADSL connection which will be connected to the Security gateway

I think that is it.

I was going to put in a draytek 2860n router and 2 APs as the draytek will pretty much do everything i want it to do but i thought i'd look at the unifi range.

I'd be grateful on your comments on the above questions and if you have any comments or suggestions, please let me know.

Thanks

I am using a Draytek Vigor 130-K ADSL modem with my uniFi setup: USG 3P, 2 x Switch 8 POE-150W, AP-AC-Pro.

1. Scheduling the Wifi - I'd need to set schedules for the customer's wifi as i've been told the residents above the bar are using the bar's wifi. Obviously this cannot be stopped fully when the wifi is online but when the bar is shut, it would be nice to turn the customer wifi off.

A guest network can be scheduled Mon-Sun in 15 minute intervals

2. Guest Wifi / VLANS - need to keep customers off the business network. I guess this is done by the SWG?

All done by UniFi

3. Is it possible to have a custom login screen so that customers almost have to do a click passthrough or enter their social details (facebook, google) to logon to the wireless

You could but the minute I hit one of those I don't bother which defeats the point but you do have a few choices from open network to Facebook login.

4. Rate limiting - I'd like to be able to rate limit the guest wifi as this business only has 20mb connection. I'd like to offer maybe 10 - 12 mb for guests and the rest would be enough for card payments etc.

Yes

5. Can the unifi system do port forwarding as the business has CCTV which is remotely accessible.

Yes

6. Does it support DDNS?

A few DDNS are supported

7. At the moment, they have a basic router. I'm planning on installing a draytek 2830 for now with no wireless and configure it so that the router they have at the moment is used as a dumb AP away from the main network. Does the SWG do this or should i keep the draytek there if and when the unifi goes in.

I use a £25 BT Openreach Huawei HG612 3B VDSL/FTTC Fibre Modem from eBay, the rest is Unifi from the USG>24Port POE Switch>3 x ac Pro's controlled by the CloudKey

8. What firewall settings can be configured

You name it, it can be configured

9. Is there a database of sites say gambling, adult, etc that can be blocked

Take a look at Open DNS https://signup.opendns.com/homefree/

Websites will load faster, and with OpenDNS' 100% up-time, you won't have to worry about unreachable websites and DNS outages from your ISP.
With over 50 customizable filtering categories, OpenDNS Web content filtering keeps parents in control of what websites children visit at home.
OpenDNS blocks phishing websites that try to steal your identity and login information by pretending to be a legitimate website. Surf the Web with confidence.
Over 30,000,000 homes, schools, and businesses of all sizes rely on OpenDNS for a better Internet.

To get the full picture of what UniFi can do have a read of this https://dl.ubnt.com/guides/UniFi/UniFi_Controller_V5_UG.pdf

AP-AC-Pro - maybe 2 of these for the bar

You will likely want more than one of these to balance the number of clients out... the practical limit on clients is far below the listed maximum, plus will give you some limited amount of redundancy in case one goes down. I've heard of people putting 3 in a small space due to number of clients, but turning down the power so that there is less contention amongst the AP radios.

Is there a database of sites say gambling, adult, etc that can be blocked

I'd second using the OpenDNS route for filtering; users will always find a way around blocks if they really want, so OpenDNS is a non-hassle way (for you) to make it just more difficult enough of a hassle that it may be more trouble than it is worth for the average user.

Also FYI, I know this is slightly off-topic, but you could opt for Cisco Meraki, which can do all of this and more - with the bonus that the kit is free for the first 3 years!
I've got it at home, and have recently replaced 2x MR33's and 2x MR30H's with 5x Unifi AC Pro's (due to cost of expanding a Meraki system!).

The Unifi is an amazing piece of kit and amazing value for money.
I still prefer Cisco. Their dashboard completely beasts Unifi, and you don't have to buy or install a central monitoring machine / USB thing.
But the Unifi is awesome for less than half the cost of Meraki.

You'd still need a modem to bridge over to the Router, but the Meraki has a decent amount of features over the Unifi.

You can get a free:

Router + 3Yr License (Around £350 for the router and £350 for the 3 year license)
https://meraki.cisco.com/webinars/signu ... ef=1nVGK7g
8-Port PoE Switch (About £300 and £80 I think for the 3Yr License)
https://meraki.cisco.com/webinars/signu ... ef=1nVGK7g
Wireless Access Point (Again, £350 and about £60 for a 3Yr License)
https://meraki.cisco.com/webinars/signu ... ef=1nVGK7g

Scheduling wifi is possible in Unifi 5.6.x per SSID.
If your concerned about flats above using wifi then you can let them use it for a bit, figure out what their mac addresses are and then blacklist them. Not fool proof but will stump casual users.
You could also lower the signal so that only patrons in the bar will get signal (same room as the router) but the flats above would be less likely to "hear" the signals from your AP's. You may need more AP's if you go down this route to ensure full bar coverage.

For the web filtering you could go with open source firewall such as pfSense or Smothwall etc. as they would likley support web filtering dbs. Commercial solutions are available but can be pricy such as Sophos UTM which i use for home use (Home use free) or McAfee Web Gateway which is infinitely configurable but may be overkill for what you need and a steep learning curve.
You could have this box inline as a transparent proxy or router etc before you actual DSL router.

I Use Vlans at home for Apple Devices, IoT devices and Other Devices that do not need internet or access to the other 2 vlans. This is supported on the Unifi console and with the AP's alone i think . I have a USG also for NAT rules etc so not sure if the USG is getting involved with firewall rules between vlans or not.
In Unifi 5.6.x firewall rules and NAT rules are in the same section.

It is posible to have custom login screen yes.

Rate limiting is possible as other have said, but might be worth looking at the airtime fairness options too. Not so much to implement QOS as you want but to prevent one device dominating the channel.

Just my 2 cents. Have a look at the 5.6 release as it has some nice new GUI controlled features with out having to delve into iptables and what not.