Time controlled security for my Wifi

[WolfgangV]

Hi,

has anyone of you a good idea how I can comfortably set up a schedule- driven wifi access for my kids ?

I am using an Asus RT- N66U and configured a 2.4 and a 5 GHz network. Unfortunately, the built-in child safety lock seems to have reliability problems.

I have now converted the 2.4 GHz network to WPA2-Enterprise and built a small RADIUS server on a Raspberry Pi. It controls different users with individual login times. This works great, but:
While most of the devices (laptops , smartphones, tablets) run as desired, unfortunately there are a few devices that refuse to connect to a WPA2- Enterprise. So far I have noticed
- Google Chromecast
- Amazon Kindle
To switch the 5 GHz network over to WPA2-Enterprise and to re-establish WPA2-Personal for the 2.4 GHz network would not work, as one of my two kids owns a smartphone that only works on 2.4 GHz. And maybe this is not the only device.
A third Wifi network (2.4 GHz with WPA2-Personal for the devices mentioned above) sounds a bit exaggerated for a 4 person household, right?

I tried to find alternatives for the RADIUS server solution but could not find any time controlled services (like DHCP) within the network/security chain.

Can anyone give me hint?

Wolfgang

 

[stevech]

Many routers and access points have a time schedule for service on/off.
For your situation:
Change password for WiFi (WPA) to something you do not tell the kids and do not put into their WiFi devices.
Buy/install a device that can be an access point (AP). Such as teh $35 ASUS RT-N12 (I have one). Set that to AP mode (easy). Connect that to a LAN port on the router. Direct by cat5 cable or distance away by longer cat5 or Powerline IP in lieu of cat5, so that the AP is were the kids habituate.
Set the AP's WPA password for the kids' devices.
Configure the time schedule in the AP.
tell the kids the schedule and regardless of the new password, use the Bill Cosby reprimand!

 

[WolfgangV]

Many routers and access points have a time schedule for service on/off.
For your situation:
Change password for WiFi (WPA) to something you do not tell the kids and do not put into their WiFi devices.
Buy/install a device that can be an access point (AP). Such as teh $35 ASUS RT-N12 (I have one). Set that to AP mode (easy). Connect that to a LAN port on the router. Direct by cat5 cable or distance away by longer cat5 or Powerline IP in lieu of cat5, so that the AP is were the kids habituate.
Set the AP's WPA password for the kids' devices.
Configure the time schedule in the AP.
tell the kids the schedule and regardless of the new password, use the Bill Cosby reprimand!

Hi,
thanks for your quick reply!
One more reason for using the RADIUS server is to easily provide network access to guests. I don't like the Asus "guest network" feature, as these networks do not use any security at all.
So I can add a user/password combination to RADIUS for my guests and I can simply change the password any time I like.
Thanks for the comment about the Bill Cosby reprimand. ;-)

 

[WolfgangV]

I don't like the Asus "guest network" feature, as these networks do not use any security at all.

OMG: Did I miss something in the past or did the feature change? I checked the guest network feature with the current firmeare (asuswrt-merlin) and I can edit the security options for guest networks!?

 

[sinshiva]

heya, this solution is by no means perfect, but for using guest networks, check this thread out;

http://forums.smallnetbuilder.com/showthread.php?t=14764

[edit/] actually, disregard this, you don't need it. all you are wanting is to features to block the kiddies. sorry about that

 

[WolfgangV]

heya, this solution is by no means perfect, but for using guest networks, check this thread out;

http://forums.smallnetbuilder.com/showthread.php?t=14764

[edit/] actually, disregard this, you don't need it. all you are wanting is to features to block the kiddies. sorry about that

Now the solution is easy. I keep my current configuration

• WPA2-Enterprise 2.4 GHz with users for all purposes (kids, guests, etc.)
• WPA2-Personal 5 GHz (my "private" network access for my laptop and NAS for backups, etc.)

and add a

• WPA2-Personal 2.4 GHz "guest network" for all devices that cannot access the WPA2-Enterprise secured network.

Thank you all for listening. The solution really wasn't too far away.

 

[stevech]

Issue I found was that the time of day schedule for service affected all SSIDs, guest and not.

 

[WolfgangV]

Issue I found was that the time of day schedule for service affected all SSIDs, guest and not.

This is one reason why I like the solution with the RADIUS server (installed on a Raspberry Pi). I can define the login times and - together with a short DHCP lease time - can control the access to the network quite accurately.