Router for a 500-people pub :)

[Daaaaan]

Hey guys

I have been having issues with a lot of WiFi routers bought for the pub over the years...currently I am using Asus RT-AC68U, bought 2 years ago and same problems occur.

Basically the place gets packed 4 times a week with 500 people and since most of them use WiFi for Facebook / Instagram and other social media, uploading pictures and whatnot, the router crashes a few times every night.

Problem is, on the same router I also have a switch that links all the POS systems in the pub that waiters and bartenders use, and also a server which holds the database for those POS systems...so rebooting the router every night means 3-5 mins. of chaos since people order drinks and we cannot input the orders in the POS.

Now I know that most of you will suggest using 2 routers, one for the customers and one private - for the POS...but if I am inclined on using just one router, what specs should I be looking at in order for the router to stop crashing when 500 users start uploading their new Facebook profile photos? ) RAM? CPU? ... I suppose my problem has something to do with NAT?

 

[thiggins]

A single access point will never handle that much traffic. There is not enough airtime to go around.
You need to add at least one, if not two access points, set to different channels (1,6 and 11 on 2.4 GHz, 36-48 and 149-161 on 5 GHz.

For security purposes, you should get your POS terminals off the public network. Put a VLAN at minimum and preferably a firewall between them and public WiFi.

You are just BEGGING for more trouble than you already have from having to reboot often.

 

[System Error Message]

A single access point will never handle that much traffic. There is not enough airtime to go around.
You need to add at least one, if not two access points, set to different channels (1,6 and 11 on 2.4 GHz, 36-48 and 149-161 on 5 GHz.

For security purposes, you should get your POS terminals off the public network. Put a VLAN at minimum and preferably a firewall between them and public WiFi.

You are just BEGGING for more trouble than you already have from having to reboot often.

Course you can, mikrotik RBs have been known to handle that many without crashing, the problem is just the internet speed though.

Some advice here though, Wire what you can. If your POS and staff are all wired with only few wireless, this helps a lot.
- Have multiple APs, some meshes can distribute clients but you can use mikrotik wifi RBs to handle many though you might want a couple at least.
- You can use just 1 router (not wifi) for everything. Some routers are dependent on your speed requirements rather than number of clients (i.e. linux based x86 routers like pfsense, mikrotik).
- Follow @thiggins advice, use vlans and layer 3 segmentation. Isolate your networks on the router and switch.
- Put priority to your staff/operational network for QoS.
- If your switch cant perform segmentation, go grab yourself a managed switch
- drop routing between your segmented networks in your router (done via routes and firewall).
- have extra security on your network (if you use mikrotik which doesnt have such, add a companion server to perform anti virus, IPS, IDS)
- use a managed switch (for security but you gotta configure too. This is to avoid session hijackings and rogue DHCP to keep yourselves and customers safe)

 

[thiggins]

Course you can, mikrotik RBs have been known to handle that many without crashing, the problem is just the internet speed though.

I strongly disagree. A single access point, even simultaneous dual band, cannot provide enough airtime for 500 simultaneous sessions.
That many clients might connect, but no way they will have a satisfactory experience. Not to mention problems with DHCP with the single class C subnet consumer routers are configured with by default.

 

[System Error Message]

I strongly disagree. A single access point, even simultaneous dual band, cannot provide enough airtime for 500 simultaneous sessions.
That many clients might connect, but no way they will have a satisfactory experience. Not to mention problems with DHCP with the single class C subnet consumer routers are configured with by default.

exactly i mentioned the internet speed to be the issue. Practical wifi speed as are between 30-60& of link speed. So even 30% of 150Mb/s of wifi N is 50Mb/s which if each device had 1Mb/s would give 50 people 1Mb/s like phones get with 3G in many places.

Also network usage isnt constant, so you can fit 500 clients to a single dual band AP as long as wireless N dual channel is used and wireless AC is used but the experience wont be great but for basic web browsing and checking emails, it will function fine.

 

[Dax580]

In my opinión you only have 2 options get 2 Asus BRT-AC826 that are oriented to bussiness and claim that can stand up to 250 connections, and the other option is maybe, only maybe the new gaming oriented the Tri-Band Asus ROG Rupture GT-AC5300 again maybe can stand the 500 or at least more tan the bussiness oriented, why I think this because the ROG one have the double of RAM an a lot more powerful CPU, the only advantage of the BRT-AC826 is that this one have Dual Wan that lets for example contract 2 Internet connection of maximum speed to your internet provider and let you have the double of internet speed or a automatic backup connection if the other fails, for example if you can get a 1gbps connection the ROG Rupture could support a 500 YouTube videos between 480 and HD 720p that if CPUs can stand that huge load and that is a very improbable scenario is more probable that the mayor part is only browsing and that would mean more resources for the intense task like YouTube FullHD of who do that, the other option is do the same with the BRT but contracting between 1 and 4 1Gbps contracts (supposing you choose 2 BRT-AC826 you have 4 WANs) and that let if you have 2 1Gbps connections or above a 500 FullHD 1080p connections in terms of bandwitch and as I say is very improbable have 500 people doing the most intense task, If only one AC68 and more less can some moments stand the load, you can test if the ROG Rupture stand, and for the most common task you talk about should, even a single Dual Band BRT-AC826 maybe can even do it technically Asus even barely contempled a similar use scenario for the BRT in the website says "Whether you're a startup or an established player, in any sphere of business from the smallest restaurant to the largest retail store, BRT-AC828 can help you connect to success." but I think that whith the specs in hand of the ROG Rupture having double of processor and RAM and been Tri Band maybe can manage your pub better, but you should think on contract the máximum speed you have available if you didn't have it yet

 

[System Error Message]

In my opinión you only have 2 options get 2 Asus BRT-AC826 that are oriented to bussiness and claim that can stand up to 250 connections, and the other option is maybe, only maybe the new gaming oriented the Tri-Band Asus ROG Rupture GT-AC5300 again maybe can stand the 500 or at least more tan the bussiness oriented, why I think this because the ROG one have the double of RAM an a lot more powerful CPU, the only advantage of the BRT-AC826 is that this one have Dual Wan that lets for example contract 2 Internet connection of maximum speed to your internet provider and let you have the double of internet speed or a automatic backup connection if the other fails, for example if you can get a 1gbps connection the ROG Rupture could support a 500 YouTube videos between 480 and HD 720p that if CPUs can stand that huge load and that is a very improbable scenario is more probable that the mayor part is only browsing and that would mean more resources for the intense task like YouTube FullHD of who do that, the other option is do the same with the BRT but contracting between 1 and 4 1Gbps contracts (supposing you choose 2 BRT-AC826 you have 4 WANs) and that let if you have 2 1Gbps connections or above a 500 FullHD 1080p connections in terms of bandwitch and as I say is very improbable have 500 people doing the most intense task, If only one AC68 and more less can some moments stand the load, you can test if the ROG Rupture stand, and for the most common task you talk about should, even a single Dual Band BRT-AC826 maybe can even do it technically Asus even barely contempled a similar use scenario for the BRT in the website says "Whether you're a startup or an established player, in any sphere of business from the smallest restaurant to the largest retail store, BRT-AC828 can help you connect to success." but I think that whith the specs in hand of the ROG Rupture having double of processor and RAM and been Tri Band maybe can manage your pub better, but you should think on contract the máximum speed you have available if you didn't have it yet

Client limitations for most wifi routers have nothing to do with the CPU and RAM of that router, only whether it is the wifi chip or the OS that handles the clients. CPU and RAM only matter if it is used for bridging and for other network features that run on it. If NAT is not being used, theres no use for much ram. CPU performance can handle bridging and routing pretty fast in software too if hardware not being used as well whereas NAT however is what requires the CPU and RAM including other features that may be used.

So its all about picking an AP that uses software to handle the clients, ensuring that there is enough bandwidth as well.

 

[thiggins]

Dax: Could you please edit your post and add some paragraph breaks? Wall of text is hard to read.

 

[Daaaaan]

I am not interested in super-advanced security features and managed switches and such. I am, after all, a basic user with basic needs...I think

I was curious to see what is a standard WiFi solution for larger venues like restaurants, pubs, dance clubs and such (with 250+ users on Wifi at the same time) when it comes to connecting customers to the internet, for basic stuff like email, chat and social media.

I am also a little overwhelmed with the information I am getting, which is, by the way, GREATLY APPRECIATED!...I will ask a more geeky friend of mine to take a look at your answers and translate them )

 

[AndreiV]

I am not interested in super-advanced security features and managed switches and such. I am, after all, a basic user with basic needs...I think

I was curious to see what is a standard WiFi solution for larger venues like restaurants, pubs, dance clubs and such (with 250+ users on Wifi at the same time) when it comes to connecting customers to the internet, for basic stuff like email, chat and social media.

I am also a little overwhelmed with the information I am getting, which is, by the way, GREATLY APPRECIATED!...I will ask a more geeky friend of mine to take a look at your answers and translate them )

I would advise you to look in the phone book for a local network company, there are companies in most towns that can set you up correctly.

Your needs are not simple and security is very important. Your business can be brought to a standstill , what will you do if your POS system fails for the night?

Your business network and customers WiFi really does need to be securely separated , especially if you have card transactions on your network.

What about your ISP connection , do you have a backup / failover for that ? If your ISP connection is down what happens then?

 

[thiggins]

I am also a little overwhelmed with the information I am getting, which is, by the way, GREATLY APPRECIATED!...I will ask a more geeky friend of mine to take a look at your answers and translate them )

Bottom line is simple:

- Separate business and public networks
- Separate routing and Wi-Fi functions
- Use multiple access points

Implementation should be done by someone who knows what they are doing.

 

[MichaelCG]

Best advice so far...hire out to someone with the knowledge...your ask is not as simple as you think and you are completely underestimating the security risk you are putting your business in by sharing the same local network with your business use and your customer open WiFi.

But if you want to keep simple using off the shelf consumer hardware:

ISP Connection
-> RouterA -- No WiFi, just a router that provides the initial NAT to the Internet
---> RouterB -- Business systems, WiFi using WPA2 only for Business systems (disable if not needed)
---> RouterC -- Public WiFi

This keeps your business traffic isolated from your customer traffic. If RouterC takes a shat, RouterA and RouterB are still fully functional and business carries on. You can easily add more APs behind RouterC on different channels placed physically apart at the pub to better handle the customer load as well....if you care about their experience. This is a multi-NAT setup which is not always optimal...but it will work to better isolate your systems and services.

This is the setup I ran for my parents when they owned a gas station that had a cafe with free WiFi. They didn't need to scale to 500 users...rarely more than 5 users...but they wanted to be able to throttle the users bandwidth and keep them away from their POS systems as well. And since it was all based off of consumer devices, they could easily replace one unit from their limited local shopping options if they needed to. Otherwise they had to wait a week for me to drive down to visit.

RouterA
- this does not need WiFi Enabled
- this could be ISP provided

RouterB
- only needs WiFi if the Business systems require it
- WAN port of this router connects to a LAN port on RouterA

RouterC
- needs at a minimum to have dual-band WiFi
- WAN port of this router connects to a LAN port on RouterA
- additional APs can be connected to LAN port of RouterC to better handle the high volume of clients

 

[System Error Message]

larger establishments use non standard setups.

 

[Audio-catalyst]

Sounds to me you'd want to split things up a bit.

For that load if would use a minimum of 3, but preferably 4 unifi ac pro's.

I would hook it up to a 8 port unifi POE switch

Use a unifi USG to take care of firewalling and routing

And to round it off put in a cloudkey to manage it

You'd be done around 600 USD, and will have yourself nothing to worry about anymore.

Verstuurd vanaf mijn SM-G850F met Tapatalk