In my business organization, we use a good number of TP-link routers on multiple locations to offer wireless internet facility to allover the office. We have to make passwords public and very often outsiders connect to the routers and fully occupy the bandwidth. Now we want to develop an online server/system through which we can automically control our routers so that users whose mac addresses are not listed on our sever can not connect to the routers even if they have the passwords. Besides, we want to monitor the internet use, control internet speed, and completely operate the router through the online server/system.
Now my query is whether it is possible to develop such online server/system and whether it requires to customize the router firmware.
Routers we use are: TP-Link TL-WR840N, Tp-link TL-WR850N, TP-Link TL-WR841N, TP-Link WR845N.
A lot of consumer routers offer MAC filtering and role based VPN Support. a MAC is like a serial number attached to each network device. You could also set up QOS and limit their badnwidth. But for fat connections, QOS has a tendency to lower total throughput on consumer grade (even if it ensures your devices get first priority)
You can also get something like a
FING box to control bandwidth usage. But these are cheap low grade solutions and I would not recommend them if you needs lots of bandwidth. Another way to do it is assign specific MACs to specific IP's and turn off DHCP. What this means is the attaching computer wouldn't get an IP. No IP, no real access.
But I'll be honest with you, if your business has reached this level where clients need access, you need professional grade stuff and the people to go with it. You don't have to invest a full time person. But you might want to consider hiring out an IT firm to maintain such a network. It's money well invested in the long term. (It's a lot like anti-virus or health insurance: It seems expensive till it saves your tail.)
So the question becomes WHY do vendors need VPN access to your network? Is it network shares? Documents? Programs? Ordering systems?
The most ideal solution would be to create a web portal they can log into for Sharepoint, or WebAPI (RESTful services) using a server that's put in the DMZ. This protects not only your data, but isolates customers from accessing areas they shouldn't, or using your network for more nefarious activities. At this point you need to contact an appropriate IT person who has experience in these areas who can take a holistic approach of how your business operates and then start to make recommendations.