My company wants me to setup an intranet

This one confuses me on so many levels.

I'm not sure if you work for a "tech support company" that was hired by this internet cafe or you work for this internet cafe. It's kinda odd in either situation. The "tech support company" should probably have someone else more versed in this work handle it. The internet cafe (if you are their employee) should outsource this to a pro.

No offense to you, but it's a job I wouldn't take and by the sounds of things I've got a little bit of a better handle on this type of networking than you do.

If they want a solution that is going to work well, and be reliable, the most critical thing is to stop thinking about getting this job done as cheaply as possible. I highly recommend against reusing the existing hardware. There is just too much new and great stuff out there that isn't all that expensive to bother with stitching together 10+ year old hardware to force it to fit the needed solution.

It's an internet cafe. How bad will it be for their business when their internet service sucks because they wanted to save every last penny they could? When you run an internet cafe, your networking gear shouldn't be a place to cut corners.

I don't see why you can't do this job but if I were you, I'd really fight them on not wanting new gear. This equipment is vital to the business model... unless somehow the internet being reliable isn't a critical part of the internet cafe making money?
 
It seems that way from your angle, but there will be a lot of wiring to do if the additional switches are not used. And by the, there are 26 devices in total, and it would have been 27 if I had not taken out one. Thanks for the input.
 
Yes, the server has to NICs. And the purpose of the setup is so that management of the guests are done with truecafe from the server, but I'm not sure about it either, but my CEO says it's possible. Here is a truecafe setup:
 

Attachments

  • wifi_setup_topology_small.gif
    wifi_setup_topology_small.gif
    31.7 KB · Views: 8
If he won't buy new equipment, I wouldn't accept the project, and I do stuff like this all the time.

I want you to keep in mind there are different types of VLAN privacy settings. There are primary, community, and isolated.

Specifically, community VLANS is what everyone thinks about in that anything within a VLAN can communicate with anything else within the same VLAN. Isolated VLANS are similar to Wireless guest networks that do not allow computers to communicate with other computers even within the same VLAN. You WANT an isolated VLAN for the Internet cafe!

The CEO, file-servers, etc. belong on a community VLAN.

The Primary VLAN can communicate with either, so the isolated VLAN can communicate with your firewall.

*******

For the firewall hands-down get a small Palo Alto PA-220. It will give you granular control over everything and application awareness.

If the Internet Cafe is for LAN gaming, too you will probably want to make another Gaming Cafe VLAN and switch the ports via 802.1x and an Active Directory group. Then with a different logon, the user could be dropped from an isolated VLAN into a community VLAN where they do have connectivity to other users within the Internet Cafe.


It depends.. you can do the setup however you like.
 
NETWizz said:
If he won't buy new equipment, I wouldn't accept the project, and I do stuff like this all the time.

I want you to keep in mind there are different types of VLAN privacy settings. There are primary, community, and isolated.

Specifically, community VLANS is what everyone thinks about in that anything within a VLAN can communicate with anything else within the same VLAN. Isolated VLANS are similar to Wireless guest networks that do not allow computers to communicate with other computers even within the same VLAN. You WANT an isolated VLAN for the Internet cafe!

The CEO, file-servers, etc. belong on a community VLAN.

The Primary VLAN can communicate with either, so the isolated VLAN can communicate with your firewall.

*******

For the firewall hands-down get a small Palo Alto PA-220. It will give you granular control over everything and application awareness.

If the Internet Cafe is for LAN gaming, too you will probably want to make another Gaming Cafe VLAN and switch the ports via 802.1x and an Active Directory group. Then with a different logon, the user could be dropped from an isolated VLAN into a community VLAN where they do have connectivity to other users within the Internet Cafe.


It depends.. you can do the setup however you like.
Click to expand...
I'm going to have to go over this more thoroghly. Thanks anyways. Did you see the I uploaded?
 
Is the true cafe server trying to act as a router?

I'm not trying to **** on your idea of 3 switches I was just wondering why if it's to reduce home runs it's fine. Just all to often I see guys toss switches all over for no reason and it becomes a nightmare

Sent from my SM-G870W using Tapatalk
 
nerd2u said:
Is the true cafe server trying to act as a router?

I'm not trying to **** on your idea of 3 switches I was just wondering why if it's to reduce home runs it's fine. Just all to often I see guys toss switches all over for no reason and it becomes a nightmare

Sent from my SM-G870W using Tapatalk
Click to expand...
Nerd2u, I was asking you guys if the
YeOldeStonecat said:
Technically it could be...but more normally the Unifi AP would just plug into the switch. In your drawing it assumes the server has a 2nd NIC and it seems the AP is plugged into that? Dunno why. Proxy? RRAS?
Click to expand...
Yes, for proxy settings, but doesn't the unifi has that feature to block certain websites?
 
The USG has deep packet inspection but it is not a web / content filter neither is the UAP.

Sent from my SM-G870W using Tapatalk
 
You can use a third party DNS service, like opendns, to help block undesirable sites.

What OS is the server running? If it's Windoze I'd not have the AP hanging off of the second port. You'd need to setup routing and I don't like doing that with any M$ OS. Besides if the server goes down you'd loose wifi.

And by endpoints I was referring to devices connected to the network.
 
Did some looking at true cafe are you trying to use it for wireless billing?

Sounds like you want a captive portal which guest enter payment then gain internet access.

For your use case the server does not need to be in the middle of things or do any routing.

You may want to take a look at the unifi controller for captive portals.

Sent from my SM-G870W using Tapatalk
 
Looking at their website it looks like the true cafe server wants to act as a secondary DHCP server and setups a double Nat with a route back to your main router.

This would mean any guest connecting should connect to a switch connected to lan2 on the server for hard wired connections and your wifi access point should be connected to the same switch.

I will draw up a network map later when I'm at my PC of how it sounds like their setup should work.

Sent from my SM-G870W using Tapatalk
 
nerd2u said:
Looking at their website it looks like the true cafe server wants to act as a secondary DHCP server and setups a double Nat with a route back to your main router.

This would mean any guest connecting should connect to a switch connected to lan2 on the server for hard wired connections and your wifi access point should be connected to the same switch.

I will draw up a network map later when I'm at my PC of how it sounds like their setup should work.

Sent from my SM-G870W using Tapatalk
Click to expand...
I would love to see it. Thanks bro. I do a more lengthy reply soon. Thanks guys.
 
OK if I understand the documentation on the True Cafe Website your setup should look something like the attached image.

I would put a firewall rule in place to make sure 192.168.1.1/24 can only access 192.168.0.1 which is the gateway and restrict the rest of the network for security.

Let me know if you have any questions
 

Attachments

  • Internet Cafe - Network Diagram.png
    Internet Cafe - Network Diagram.png
    72.5 KB · Views: 6
Hello everyone, hope all is well. Please remember that my ceo understands that I'm learniung this networking as well. So he giving me the chance to practice on setting up this network is really benefiting me. And I say because I see someone post saying they should get a more competent person. My CEO is in IT also, but he doesn't have time for it, because he's doing other businesses, and he would like to learn a little more about netweorking, but notas bad as myself. Thanks. The replies are coming in the next post.
 
nerd2u said:
OK if I understand the documentation on the True Cafe Website your setup should look something like the attached image.

I would put a firewall rule in place to make sure 192.168.1.1/24 can only access 192.168.0.1 which is the gateway and restrict the rest of the network for security.

Let me know if you have any questions
Click to expand...
Thanks man. Please forgive me for not replying sooner. Excellent job; That's exactly what he wants. I will share the current topology with you just to show how everything is connected...I think I should've done this from the start.

List of what the new network should feature...
1) Server for adding and removing staff members
2) Deploy True cafe on clients machine and let them run it from there (I personally don't think this is neccessary)
3) Provide paid wifi service
4) Block certain websites
5) Create VPN for Cafe workstations, Cashier and security and SysAdmin, phonetech, graphics designer.
6) Mgt VLAN should be able to access all VLANs, but not vise versa
7) NAS server for file storage
 

Attachments

You must log in or register to reply here.

Similar threads

thecomputerguy
Super small accounting client needs new server/workstation.
Replies
8
Views
544
YeOldeStonecat
YeOldeStonecat
LordX
'Complete' business management software for a client
Replies
5
Views
354
LordX
LordX
thecomputerguy
What are my options to prevent token theft?
Replies
5
Views
527
Sky-Knight
Sky-Knight
HCHTech
Gear View Basic and Windows 11
Replies
2
Views
298
HCHTech
HCHTech
HCHTech
LBFO vs. SET teams
Replies
15
Views
3K
britechguy
britechguy
Back
Top