Our church has had broadband for probably getting on two years now. The idea was to allow people who need email/web access to be able to work from the onsite office. It also means there is now WiFi available as required.
The simple and cheap solution when the broadband went in was to use a domestic router to provide the broadband and WiFi using the inbuilt WiFi capability. This is fine as long as you are in certain areas of the building which the WiFi covers – the thick walls and rambling buildings means that only a proportion is covered.
As part of the recent refurbishment improving the WiFi coverage was on the list as the church itself was one of the poorer covered areas and thee have been a number of requests to show YouTube videos in services.
Our requirements were actually relatively simple:
– ability to have multiple points across the building reacting as one system
– simple to install and maintain
– ideally the ability to split internal networking requirements (eg church computers) from those that are only using the WiFi as a guest
– ability to display a guest welcome page including warnings about excessive usage
– points should be cabled and not repeat over WiFi only in order to maintain bandwidth
– and most importantly not too expensive!
On a tip from a colleague at work I started looking at the Ubiquiti Networks AP range. These are very well priced access points which will
work with PoE, so you only need to run a single cable to the points.
In terms of control the system has two options – a cloud control option which is about $15 per month, which is far to expensive for a church to consider, or a local controller. Since the software is web based and will run on Linux then the idea of running it on a raspberry pi came to mind. Googling around showed I wasn’t the first to have the idea and actually there was a simple to follow guide already written. So one pi later I have an access point and a controller for less than £100, with additional points being no more expensive that most other basic access points.
The biggest challenge has been attempting to work out how many points I need to cover the whole building. Since there are former external walls now within the building then this was never going to be straightforward. In the end I went down the trail route – bought a single point and tried it out. The end result is that I might scrape through with 3 points, however 4 is probably going to be required.
In terms of splitting the internal and guest networks the ideal method would be to be running separate VLANs for each and route it properly. The system will allow you to tag different vlans to separate SSIDs. Unfortunately our network is a lot more basic than that – there are only one subnet and nothing else we have supports VLANs.
The really simple answer was to setup an SSID which had guest policies applied. In the guest policy it is possible to restrict the IP address ranges available, so I blocked everything except a /30 range which included the broadband router. This means that anyone connecting to the guest access can see the gateway of the broadband router and so get internet access and one IP address below it that is unused only.
My next tasks are to finish the installation of the system. I still need to get another couple of WiFi points to cover the rest of building, but this should be fairly straightforward. I also need to look at the guest welcome page – this is supported by the software and is located on the pi, however I’ve not had time to play with it yet.
Overall I’ve been very impressed with it was a system. It offers more features than I could have asked for in the controller (usage tracking, device blocking, automatic error notifications) in a very simple cost effective way. It should make an ideal system for a medium to large church which has someone who has a basic knowledge of networking and computers to set it up.