Unrouted Wireless Network setup
-
I have a site potentially wanting to add Tablets.
I'm trying to figure out a game plan based on them wanting to have Tablets, in a bar, that would have to cover a large area. The site is asking for an idea on what setup will take for them, in case they can do it themselves.
They haven't decided to move forward yet, but in case they do:
What would be the best way to setup the network on the back end?my Initial thought is: Have the site purchase a switch (or supply a switch) plug all AP's into that switch and plug that switch into the Unrouted switch for the POS
Or, Upgrade their switch entirely to a bigger switch, with more ports to add the AP's to it directly without the need to jumper the 2 switches together.
the number of tablets/AP's needed are currently unknown, But that will be a later question based on the floor plan of the establishment.
Think of any other ideas that would make it easier to explain to the customer, when we get to that point?
-
What's the reason for wanting to be unrouted? I assume that this actually means "no Internet access". Without Internet access, how will they patch their systems? I can only guess that they want to do this for security reasons, but I'm not sure being offline to the Internet, but without live standard patching, will be better because they will be being attacked from the LAN anyway.
-
@WrCombs said in Unrouted Wireless Network setup:
my Initial thought is: Have the site purchase a switch (or supply a switch) plug all AP's into that switch and plug that switch into the Unrouted switch for the POS
Even if the VLAN isn't routed, the switch should be, for management, support, and patching.
-
@WrCombs said in Unrouted Wireless Network setup:
Or, Upgrade their switch entirely to a bigger switch, with more ports to add the AP's to it directly without the need to jumper the 2 switches together.
This mostly depends on traffic patterns and budget. Adding a switch is cheaper, but slower, than replacing with a bigger switch. But rarely does it matter.
-
@scottalanmiller said in Unrouted Wireless Network setup:
What's the reason for wanting to be unrouted? I assume that this actually means "no Internet access". Without Internet access, how will they patch their systems? I can only guess that they want to do this for security reasons, but I'm not sure being offline to the Internet, but without live standard patching, will be better because they will be being attacked from the LAN anyway.
the main reason for unrouted is because the AP's will be running Tablets as terminals on the POS side of the networ, which we have setup as unrouted through a second NIC on the Server.
We don't want tablets to have internet access , the same way the terminals can't get to the internet. -
@scottalanmiller said in Unrouted Wireless Network setup:
@WrCombs said in Unrouted Wireless Network setup:
my Initial thought is: Have the site purchase a switch (or supply a switch) plug all AP's into that switch and plug that switch into the Unrouted switch for the POS
Even if the VLAN isn't routed, the switch should be, for management, support, and patching.
That would have to be setup differently.
Because we aren't using VLAN's. We use Dumb Plug-N-Play Switches, for convenience sake. -
@WrCombs said in Unrouted Wireless Network setup:
@scottalanmiller said in Unrouted Wireless Network setup:
What's the reason for wanting to be unrouted? I assume that this actually means "no Internet access". Without Internet access, how will they patch their systems? I can only guess that they want to do this for security reasons, but I'm not sure being offline to the Internet, but without live standard patching, will be better because they will be being attacked from the LAN anyway.
the main reason for unrouted is because the AP's will be running Tablets as terminals on the POS side of the networ, which we have setup as unrouted through a second NIC on the Server.
We don't want tablets to have internet access , the same way the terminals can't get to the internet.What's the security process to keep them patched and PCI compliant? Tablets generally require Internet access to be viable.
-
@WrCombs said in Unrouted Wireless Network setup:
@scottalanmiller said in Unrouted Wireless Network setup:
@WrCombs said in Unrouted Wireless Network setup:
my Initial thought is: Have the site purchase a switch (or supply a switch) plug all AP's into that switch and plug that switch into the Unrouted switch for the POS
Even if the VLAN isn't routed, the switch should be, for management, support, and patching.
That would have to be setup differently.
Because we aren't using VLAN's. We use Dumb Plug-N-Play Switches, for convenience sake.So no management at all? That seems very risky for an unpatched network. While it's not impossible to do, does this mean that you have no monitoring, and that the APs, as well as the tablets, are unpatched but exposed to anyone who walks nearby?
-
@scottalanmiller said in Unrouted Wireless Network setup:
@WrCombs said in Unrouted Wireless Network setup:
@scottalanmiller said in Unrouted Wireless Network setup:
What's the reason for wanting to be unrouted? I assume that this actually means "no Internet access". Without Internet access, how will they patch their systems? I can only guess that they want to do this for security reasons, but I'm not sure being offline to the Internet, but without live standard patching, will be better because they will be being attacked from the LAN anyway.
the main reason for unrouted is because the AP's will be running Tablets as terminals on the POS side of the networ, which we have setup as unrouted through a second NIC on the Server.
We don't want tablets to have internet access , the same way the terminals can't get to the internet.What's the security process to keep them patched and PCI compliant? Tablets generally require Internet access to be viable.
I'm confused...
The tablets are terminals, Just more compact.
So what would a windows 10 tablet need internet for if it acts just like it's windows 10 cousin the terminal? -
@scottalanmiller said in Unrouted Wireless Network setup:
@WrCombs said in Unrouted Wireless Network setup:
@scottalanmiller said in Unrouted Wireless Network setup:
@WrCombs said in Unrouted Wireless Network setup:
my Initial thought is: Have the site purchase a switch (or supply a switch) plug all AP's into that switch and plug that switch into the Unrouted switch for the POS
Even if the VLAN isn't routed, the switch should be, for management, support, and patching.
That would have to be setup differently.
Because we aren't using VLAN's. We use Dumb Plug-N-Play Switches, for convenience sake.So no management at all? That seems very risky for an unpatched network. While it's not impossible to do, does this mean that you have no monitoring, and that the APs, as well as the tablets, are unpatched but exposed to anyone who walks nearby?
The AP's are typically locked down by MAC address or IP filtering,
What do you mean "management" ? like are we updating firmware/aps?
No because we Don't support AP's, We are not in Networking, We are in Point of Sale.
The AP's go through someone completely different.My customer asked me to look into what will be needed, and here i am, trying to give my customer the best answer as to what it will take for their system to be able to run tablets.
-
@WrCombs said in Unrouted Wireless Network setup:
The AP's are typically locked down by MAC address or IP filtering,
That's not really locked down. That's classified as "no security" because anyone can just sniff the working MACs and use them. To someone honestly trying to get in, it's like having a screen door in front of your main door, with no lock on the screen. Even a good wind will open it.
-
@WrCombs said in Unrouted Wireless Network setup:
What do you mean "management" ? like are we updating firmware/aps?
That, but also watch for bad traffic or deal with networking issues. How can you tell which AP is doing what it should if you cant look at them?
-
@WrCombs said in Unrouted Wireless Network setup:
My customer asked me to look into what will be needed, and here i am, trying to give my customer the best answer as to what it will take for their system to be able to run tablets.
That's what I'm trying to answer. I think that they should step back and consider the need for PCI, security, and management. It'll lower costs while providing better results.
-
@scottalanmiller said in Unrouted Wireless Network setup:
@WrCombs said in Unrouted Wireless Network setup:
What do you mean "management" ? like are we updating firmware/aps?
That, but also watch for bad traffic or deal with networking issues. How can you tell which AP is doing what it should if you cant look at them?
The AP's working/security/management is on whoever the customer decides they want to bring in to set up their network to add the tablets.
-
@WrCombs said in Unrouted Wireless Network setup:
@scottalanmiller said in Unrouted Wireless Network setup:
@WrCombs said in Unrouted Wireless Network setup:
What do you mean "management" ? like are we updating firmware/aps?
That, but also watch for bad traffic or deal with networking issues. How can you tell which AP is doing what it should if you cant look at them?
The AP's working/security/management is on whoever the customer decides they want to bring in to set up their network to add the tablets.
Okay, but that'll make for one hefty contract because they'll need them to engineer solutions for security in that environment. It's doable, but not something you'd ever expect a hospitality business to be willing (or able) to afford. Because this means taking something that is simple and almost free to be secure normally, and making it into something extremely complex and niche.
I'm not saying it can't be done. I'm saying that it's not reasonable for situation and it's a total guarantee that once they realize what it takes, will refuse to do it. Dollars to donuts not one restaurant, bar, or hotel in America does this today.
-
@scottalanmiller said in Unrouted Wireless Network setup:
@WrCombs said in Unrouted Wireless Network setup:
Or, Upgrade their switch entirely to a bigger switch, with more ports to add the AP's to it directly without the need to jumper the 2 switches together.
This mostly depends on traffic patterns and budget. Adding a switch is cheaper, but slower, than replacing with a bigger switch. But rarely does it matter.
how is it slower? because you have to configure it? You'd have to configure a replacement switch too, so I would think it would be a wash.
-
@Dashrender said in Unrouted Wireless Network setup:
@scottalanmiller said in Unrouted Wireless Network setup:
@WrCombs said in Unrouted Wireless Network setup:
Or, Upgrade their switch entirely to a bigger switch, with more ports to add the AP's to it directly without the need to jumper the 2 switches together.
This mostly depends on traffic patterns and budget. Adding a switch is cheaper, but slower, than replacing with a bigger switch. But rarely does it matter.
how is it slower? because you have to configure it? You'd have to configure a replacement switch too, so I would think it would be a wash.
No, slower because it introduces additional bottlenecks.
-
@WrCombs said in Unrouted Wireless Network setup:
My customer asked me to look into what will be needed, and here i am, trying to give my customer the best answer as to what it will take for their system to be able to run tablets.
It sounds like you're doing something your company specifically does NOT want you doing - anything to do with networking. You shouldn't be giving them any answer, since some other company handles all of the networking. If you engineer it wrong, you'll be blamed, but if you do it right, you have no benefit - and don't say he'll like you more because of it, because the bar owner shouldn't give two shits about you - he only cares about function and cost of your solution, and will bail on you in a second if a better solution comes along.
-
@scottalanmiller said in Unrouted Wireless Network setup:
@Dashrender said in Unrouted Wireless Network setup:
@scottalanmiller said in Unrouted Wireless Network setup:
@WrCombs said in Unrouted Wireless Network setup:
Or, Upgrade their switch entirely to a bigger switch, with more ports to add the AP's to it directly without the need to jumper the 2 switches together.
This mostly depends on traffic patterns and budget. Adding a switch is cheaper, but slower, than replacing with a bigger switch. But rarely does it matter.
how is it slower? because you have to configure it? You'd have to configure a replacement switch too, so I would think it would be a wash.
No, slower because it introduces additional bottlenecks.
Ok, that's true, but likely not a real issue in this situation.
-
@Dashrender said in Unrouted Wireless Network setup:
@WrCombs said in Unrouted Wireless Network setup:
My customer asked me to look into what will be needed, and here i am, trying to give my customer the best answer as to what it will take for their system to be able to run tablets.
It sounds like you're doing something your company specifically does NOT want you doing - anything to do with networking. You shouldn't be giving them any answer, since some other company handles all of the networking. If you engineer it wrong, you'll be blamed, but if you do it right, you have no benefit - and don't say he'll like you more because of it, because the bar owner shouldn't give two shits about you - he only cares about function and cost of your solution, and will bail on you in a second if a better solution comes along.
This is for the sake of learning to think like i'm in an IT job, atleast that was the goal.
My answer to them was "that will be on the company you pick to do the AP's"
I just didn't put that part in, and now I'm being told more and more about how I don't know shit.
