Return to FAQ List
FAQ 126: Best practices for public networksCategory: Troubleshooting
When providing Internet access to the public (wired and/or wireless connections) here's a few things to keep in mind...
1) DNS Redirector only manipulates DNS, and intentionally no other traffic; if you want to create a fair usage scenario invest in a hardware
firewall/router that allows for QoS rules (to limit/guarantee minimum bandwidth per-client) and packet inspection (to limit P2P/file-sharing
and other bandwidth intensive applications) for example...
Cisco ASA 55xx series
Cisco Small Business RV1x, RV2x, or RV3x series (do not pick the older RV0x series)
Peplink Balance series
ZyXEL ZyWALL USG series
2) Don't overload your access points; an access point is like a hub and your average AP with a 10/100 Ethernet port can sustain around 24
clients depending on bandwidth usage.
3) Use only non-overlapping channels 1, 6, and 11. Other channels, including those used by neighboring networks that you cannot control,
may interferer with the performance of your network.
4) Keep your internal/office network completely separate from the guest network to prevent hacking, see
5) Are you legally allowed to resell or distribute Internet provided by your ISP? Check your SLA or TOS first.
6) Are you required to retain the MAC address and IP of clients who connect? This may be used (or in some jurisdictions required) by law
enforcement to determine abuse or violation of network policies, see FAQ 62.
FAQ 65 Best practices for speedy DNS resolution