[SOLVED] Setting Up Home Network with Unique login per user

[michaelkwee]

Hi Guys, first of all, I would like to apologize if I used a wrong or unclear terminology because my understanding of IT and network are not really good.

So the situation right now is there are modem that recieve the internet from the provider. What I want to do is set a router so user will be needed to connect to the router. In addition, I would like my router to be able to do these things:

1. Login ID and Password for each user (people) in my network instead of a single password for all user
2. Pre-Set rules for each user so that each has a different downloading/uploading speed.

So what router is suitable to accommodate my needs? Also is there a need for additional software to be installed on the router?

Thank you!

 

[kanewolf]

These are generally commercial features. You need a system that supports captive portal and has an authentication system. This is usually done with a radius server. This is not trivial networking.

 

[michaelkwee]

These are generally commercial features. You need a system that supports captive portal and has an authentication system. This is usually done with a radius server. This is not trivial networking.

So it can be said that a less than US$ 500 router will not be able to provide the requirements? Do you know any particular type of router that might be able to do it?

 

[bill001g]

Your second requirement is the hard one. The unique userid I think all routers support but you still need something running as a radius server to do the userid and passwords. All you do on the router is set it enterprise mode and then configure all the parms so the router can talk to the radius server

 

[kanewolf]

As @bill001g said, it is the Radius server that handles the unique user ID processing. You would have to setup a captive portal for both wired and wireless devices. Lots of routers support captive portal on wireless, I don't know how common it is for wired. It looks like Ubiquiti UniFI router can do captive portal for wired and wireless.

Setting up a pfSense firewall with radius server might be your best option. Put that between the router and the internet. You can use a simpler router and put the money into a pfSense firewall.

 

[BFG-9000]

In case this was not obvious, while a RADIUS server can certainly authenticate wired connections too, a consumer router is going to limit the unique login and passwords to the three flavors of WPA-Enterprise, which of course only works on Wifi clients.

Most consumer routers will also only allow you to set QoS/bandwidth rules for a MAC address, not a user. If the users are unlikely to know how to change the MAC addresses and will only use the same hardware, then you could set a wireless filter too.

 

[doolittle]

It may be easier to make your primary wired/wireless network out-of-band (unroutable) then force users to VPN into the "secure" network that has the router access.

An OpenVPN server should be able to handle plenty of logins and traffic shaping as well, need a router that runs DD-WRT, OpenWRT/LEDE, Tomato, etc to do VLANs (although you could probably get away with using 2 "dumb" routers - one for the "unsecure" connection and the "secure" network uses the router from your ISP), a couple of spare PCs (or a beefy PC running a hypervisor)... Quite a bit of effort but completely doable.

 

[USAFRet]

Is this a residential or commercial situation?

What is the overall bandwidth in and out?

How many users are you working with?

 

[gggplaya]

You can buy Ubiquity wifi access points, they're not too expensive. But they need a controller to manage them, so you'll need to buy a CLOUDKEY to do that. Then for authentication, you can buy a Ubiquity USG(Security Gateway) which has a Radius server with an easy to use UI to enter in users and passwords. The USG will handle authentication.