How to set up public Wi-Fi at your business
Offering wireless Internet access for guests can open new doors for your business. For a cafe or restaurant, customers are more likely to stay longer, purchase more items, and return knowing they can use a Wi-Fi connection. For motels and hotels, Wi-Fi is one of travelers’ deciding factors when selecting where to stay. Offering guest wireless access from an otherwise private office can be beneficial too, as it provides outside associates, contractors, and other visitors with a reliable Internet connection.
Although mobile carriers have covered much of the nation’s more-populated areas with wireless 4G Internet access, Wi-Fi connections can provide faster speeds and usually aren’t subject to usage limits. Plus Wi-Fi can be offered where 4G access isn’t available—as well as for laptops, tablets, and other mobile devices that aren’t4G- equipped.
Protecting your private network
The simplest way you might think to offer public or guest Wi-Fi access is to let people on an existing Wi-Fi network used by the business, but this isn’t secure. Allowing outsiders on the private network could open your company up to hacking and data theft.
Private wireless networks should be encrypted with WPA2-Personal security, at least, to keep others from connecting and eavesdropping on your network traffic. Businesses with more than a handful of Wi-Fi users should consider using WPA2-Enterprise security, requiring a RADIUS server or service, to better secure and manage Wi-Fi access. For more on that, here are 8 Wi-Fi security tips to protect your small business.
Using existing equipment
Businesses with existing private Wi-Fi network might be able to offer public or guest access safely without purchasing additional hardware. Some consumer and small-office wireless routers offer a guest access feature. When guest access is enabled, users will see another network name (known as an SSID) in the list of available networks on their Wi-Fi devices, and its access will be separated from the main network.
Business-class routers and access points (APs) typically offer multiple SSID and virtual LAN (VLAN) features. When these features are set up properly, multiple wireless network names (SSIDs) can be broadcasted with varying levels of security, one of which could be a guest network safely segregated from your private network.
Using hotspot equipment for better features
Purchasing or setting up wireless hardware specifically designed for offering Wi-Fi hotspot access provides some useful features that most traditional routers and APs lack. For instance, for legal purposes you may want to require users to accept Terms of Service (ToS) before accessing the Internet. When shopping around for hotspot equipment, this feature is called a captive portal. You may also want to impose time and bandwidth limits, or even charge for the Wi-Fi access. For features like these you’ll likely have to purchase or set up additional hardware specifically designed for Wi-Fi hotspots.
If you’re a do-it-yourselfer, you could upgrade a Linksys or other compatible wireless router with free third-party firmware, which replaces the router’s software to add additional features. The CoovaAP firmware includes a captive portal to require end users to accept ToS. It can also require that they log in via either self-registration or with access codes you create. CoovaAP’s firmware also offers traffic shaping controls that let you limit bandwidth for guests.
The DD-WRT firmware offers many general Wi-Fi features and customizations in addition to hotspot features. It includes a simple integrated captive portal and supports third-party servers and services for more complex hotspot setups.
However, keep in mind that neither the CoovaAP nor DD-WRT firmware offers an easy way to segregate access to your private network. So, unless you’re comfortable making customizations, you’d probably need to connect the router to a separate Internet connection, or to a guest VLAN if your existing equipment supports it.
If you want more of a quick, plug-and-play hotspot setup, consider purchasing the Fonera Simpl router from Fon. It offers simultaneous private and public Wi-Fi signals, so it’s best to replace it with any existing router you have. On the public signal, visitors are given one hour of daily Wi-Fi access. After that, revenue from additional time visitors purchase is split 50/50 between your company and Fon. However, users must sign up and log in with Fon in order to access the Internet. This could help increase the safety of your hotspot, but it can annoy visitors wanting quick, free access.
To offer public or private Wi-Fi access over a larger area that a single wireless router doesn’t cover, one economical option is Open Mesh. It’s designed to provide both private and public wireless access easily, with hotspot features including a captive portal and speed limits. Plus, it uses the wireless mesh technique, which means that not all the wireless APs have to be wired back to the router or switch, making installation easier.
Another option is to purchase and use a hotspot gateway, basically a router specifically designed for offering hotspot access. These generally include the most hotspot features and functionality, and are especially useful for large deployments like at large hotels or venues. There are many vendors to choose from, including ZyXEL,Intellinet, 4ipnet, and Handlink.
Taking the final steps
Remember, always ensure that your private network is kept separate from any public networks, and encrypted with WPA2 security. If you want to offer simple public access, check if your current wireless router or access points (APs) have a guest feature, or that they support multiple SSIDs and VLANs for business-class products.
If you’re up to the tech challenge, you could upgrade a compatible wireless router with third-party firmware to get hotspot features. If not, consider getting the Fon router. To cover a larger area, look into Open Mesh. If you’d like all the bells and whistles, shop for a hotspot gateway.
Whatever hotspot setup your company adopts, it’s a good idea to enable content filtering, as you probably don’t want visitors surfing inappropriate websites. Some routers and hotspot setups offer a content filter. If yours does not, you can enable the OpenDNS cloud security service on any router or hotspot gateway.