@JSchnee21 This is a private marina but similar to a yacht club in configuration. Difference is there are a number of transient I'llboaters, not members.

 

Ths ISP is Comcast business, so no cap as far as I know. I'll need to ask the marina management about restrictions placed on the service,. I like the idea that two of you have given me about SSID limits. Seems the easiest way. I'll give it a try..

 

As I told R1D2, my career was not in tech.  My background is in natural resource management.  All my tech knowledge comes from self-study. Would have been much better if I grew up with this, but...

 

Still leaning with help from you and others willing to spend the time!  Much thanks.

OK, SSID is now limited to 10240 We'll see how that works. Will eliminate the need to constantly monitor users .

So a few additional things to think about. 

 

1) In today's age, it's not really "abuse" to think of users wanting to stream music and video all long day on the network.  Unfortunately, that's what everyone wants to do these days (myself included).  I have Roku's on all of my TV's and we stream most of our TV content -- most are hardwired or MOCA, but my one son's Roku is Wifi.  He streams 10's of GB per day over Wifi watching shows.  As the network operator you need to set your policies and constrain what users are permitted to do by implementing throttles, capacity caps, and blocking access to sites based on your perspective of "fair use" all while keeping your employer and their customers happy

 

2) Is the Marina Boat (customer) network separate from the Marina Offcie (aka business) network?  Do you have two separate Comcast Business ISP links for this?  While one could share the same ISP uplink.  You'll need to think about and manage these two important points:

 

A) You'll want to isolate your customer traffic/access from your business traffic for security reasons to ensure that customers cannot "hack into" your business network traffic and PC's.  Similarly, you don't want rogue employee's "hacking into" the PC's of your afluent yachting customers.  There are a number networking approaches to run isolated networks on the same hardware (Firewalls, VLAN's, custom routing tables, etc.) but many of these can be somewhat complex to setup and administer.  

 

B) You'll want to isolate/limit your customer traffic from your business traffic for ISP capacity reasons to ensure that heavy customer use does not impact the performance / reliability of your business/office network.  That is to say, if you have 10-20 customers all downloading to their hearts content (even with SSID bandwidth throttles), will the office staff still be able to use the internet for business work?

 

While there are many possibe approaches to solve these problems, the simplest to implement and maintain, especially for a small business, is to have two completely separate networks, each with their own, separate ISP uplink and router.  This way the networks are completely isolated.  Given the small size of the networks, there would be very little added hardware (capex) cost for this approach.  But the monthly operating cost (opex) will be higher b/c you need to subscrbe to two lines of service.

 

Alternatively you'll need to implement VLAN's and potentially firewalls to isolate each of the groups of users and throttle the aggregate bandwidth available to the boating customers.  Given your potential physical layout, it still probaby make sense to have two separate sets of equipment (OC200, Switches, AP's) for your outdoor (customer) and indoor (office) equipment.

 

Unless there is no real office staff, per se.

 

-Jonathan

@JSchnee21, you make some good points. I have not told the group the network topology, but perhaps I should.

 

There is one ISP account--a Comcast business account, but I don't know if they limit bandwidth.

The marina has one full time employee. She works on a VPN with the server being in another city perhaps 40 miles from the marina.

There is a local "office" guest wifi network in the office, but I really don't think it's used very much. Different subnet than the marina wifi.

There is another SSID for the actual marina. AFAIK, it's on the same subnet as the admin computer in the office. I need to check that out. I don't think the Comcast modem/router is capable of supporting 2 different subnets. That bears checking out. Hadn't really though about that before. I suppose the powers that be wouldn't object to installing another router to separate the networks. I think that would be easiest. There would then be 3 subnets, none talking to the others.

 

Sheesh! Once you get into this, all sorts of possible issues crop up.

 

As for the marina residents' usage, doesn't matter what they use it for, as mostly it is as you say--streaming music, watching Netflix, etc. A couple of connections are for Ring devices. I suppose that could be remote monitoring of their boat. One guy (ex-Microsoftie) heavily into tech stuff uses it to monitor all his boat's systems when he is not aboard.

 

We have gotten compliments on the quality of the wifi. So much better than the previous setup. They had 2 Engenius CPEs for the entire marina. Line of sight was not all that good. Darn boats. Especially those annoying sailboats with tall metal wifi-interfering masts!

 

 

@R1D2 When I told the marina manager that she was the one to set wireless use policy I got a deer-in-the-headlights stare. She said that she would accept my recommendation.

 

As you and others have mentioned, our world is evolving and demands for bandwidth that we never dreamed of are popping up.

I've gone the SSID limit of 10Mbps as suggested. Looking at the usage stats, no one is using that much. Guess we'll monitor the use.

 

There are some whiners in the marina wondering why, when they live in a steel boat, do they not get a signal. I'll just help them set up a better antenna or range extender so they can get signal belowdecks. More clients for me!

 

I need to look up the airtime fairness you mentioned. Don't believe I've seen any mention of that, but there are so many docs to read through.....

@R1D2 When I was 16, no one had heard of computers, I don't think!  Many moons ago, I'm afraid.

But what the heck, old farts can still learn. I'm living proof!

I've not had much luck with airtime fairness. When I enabled it at my home it seemed my Nest Doorbell had issues getting/staying connected to the AP. But that was several months ago. I haven't tried it recently. It seems like it would be helpful for me as I have ~40 clients spread across two AP's. But many of these are IoT devices on the 2.4GHz network with low bandwidth requirements (but potentially chatty).

If the office Wifi is only for guests, it could potentially be combined with the Marina network. But not if you office worker is using it for her work. Or is she using a hardwired admin PC? I couldn't say if the normal Comcast business routers support multiple subnets, but I agree they may not. You could just place a small firewall appliance (e.g. Sonicwall) in between your Comcast router and the office PC's/Wifi. Just having thinks on separate subnets is not really sufficient. Assuming there is no routing between subnets its generally enough keep honest people honest, but that's it. At the very least you would want to use a "Smart Switch" in between your router and te downstream networks that can segment frames by VLAN and then setup separate VLAN's for Marina, Office, Admin, etc. so they cannot see each other's packets. For your own benefit, I think it would be worthwhile to get more details of the Comcast business plan they have (Bandwidth Mbit/s DL & UL and any potential monthly usage caps / penalties). I've found most office managers will just hand me the bill and let me call them. If this is DOCSIS then your DL and UL bandwidth may be very different. Definitely run some speed tests when you are onsite next looking at DL and UL speeds wired and wireless. Make yourself a special admin SSID that's uncapped. They sell really nice survey software you can use form your laptop, too, to survey wifi performance as you walk around the marina. For example: https://shop.metageek.com/

@JSchnee21 I do have a couple of speedtest apps on my phone that I use.

I'll ask why they have a guest network in the office and not combined with the network to the docks.

Also need to find out more about their Comcast service.