Chapter 4: Solution 1: Simple Free Access Hotspot

Cisco Press

More chapters from new and classic Cisco Press books 

Rate your favorite Cisco Press books

As mentioned earlier in the book, a free access hotspot solution is simple and inexpensive, but it does not provide any real "hotspot features," such as user control and management. However, some organizations, like yours, might not need these features. Your business might simply want to provide the public with wireless Internet access without the thrills. By offering a free hotspot, you might attract more customers.

The simple free hotspot solution, as seen in Figure 4-1, is set up just like any other simple wireless network, such as those in homes. A wireless router connects to the Internet via an Internet modem.

Figure 4.1

Figure 4-1

Solution Network Layout Diagram

The hotspot users wirelessly connect to the wireless router. They are not prompted with a splash or redirection screen with this solution; therefore, the hotspot users have uncontrolled access to the Internet. Most wireless routers, however, let you set some restrictions and filters to help control users, but these functions are not as extensive as those offered by a "real hotspot gateway."

The overall steps to complete when setting up a simple free access solution are as follows:

Step 1 Gather the necessary items.

Step 2 Set up the wireless router.

Step 3 Configure additional settings.

The following sections will help you through each step.

Step 1: Gather the Necessary Items

The hardware for the simple free hotspot solution consists of a wireless router.

When looking for the equipment, it is best to stick with the recommended products. These products are used in this book when showing applicable configuration screens, so if you are new to wireless, it is highly recommended that you use this same equipment.

Tip - Most of the equipment that you need for the simple free hotspot should be available at local consumer electronics stores. You might also try searching Internet stores, such as and

No specific features are required for the wireless router; it just needs to be compliant with Wi-Fi.

Figure 4-2 shows the Linksys Wireless-G Broadband Router, which is the wireless router I recommend.

Figure 4.2

Figure 4-2

Recommended Wireless Router

The Linksys Wireless-G Broadband Router (model #WRT54G) typically costs between $25 and $70, depending on where you purchase it.

Step 2: Set Up the Wireless Router

To set up your wireless router, follow the manufacturer instructions that are included with the product. Some vendors might have written guides, and some might want you to use a CD that will help with the wireless router setup. The installation instructions will most likely have you configure some initial settings, but you will need to keep in mind several things, as discussed in the following list. Do not worry if you are not prompted during the setup to configure all these items, because you will have a chance to change all the settings later.

  • Do not use security or encryption methods.

  • Use a service set identifier (SSID—network name) that describes your business/organization or attentions. For example, a caf might use "Free Hotspot at Bob's Caf ." If the hotspot is being put in just for the local youth club, you might want to use something such as "Youth Club Hotspot."

  • Configure a channel that is not being used by other nearby wireless networks. You should also try to use the nonoverlapping channels of 1, 6, and 11. However, try to avoid channel 6, because it is the default channel that most wireless devices use; therefore, it is likely the most congested channel.

  • Use mixed mode so that users who have either B or G wireless adapters can connect to your hotspot.

Step 3: Configure Additional Settings

We will go through some additional settings that are useful in public hotspot solutions, which you probably were not prompted for during the initial setup. You might need to refer to your wireless router documentation for specific instructions on some of the settings, because all wireless routers work differently.

The following sections go into more detail on these additional settings.

Accessing the Web-Based Configuration Utility

Most wireless routers have a small built-in web server inside the box that enables you to easily access a web-based configuration utility (see Figure 4-3 for an example) to change settings. After connecting to the wireless router, you usually bring up your web browser (such as Internet Explorer) and enter the IP address of the wireless router. For example,,, and are common default IP addresses for wireless routers. Your wireless router user guide will explain which IP address to use. You then are prompted to log in. Again, the user guide tells you what username and password to use when logging into the router for the first time. After logging into the router, you should see a configuration utility screen similar to Figure 4-3.

Note - Change the default password for your wireless router configuration utility. Most setup wizards prompt you to do so; however, make sure you do it yourself to prevent unauthorized access to the utility.

Figure 4.3

Figure 4-3

Example of a Web-Based Configuration Utility

DHCP User Limit

Most wireless routers let you specify how many IP addresses to hand out through DHCP. Limiting the number of DHCP users basically limits how many users can connect to the wireless network, or hotspot, at once.

For example, suppose a hotspot owner wants to limit the number of concurrent users to 10, because he has only a basic DSL Internet connection, and he does not think it is fast enough to support many more than 10 users. Therefore, he limits the number of DHCP users to 10.

You can usually find the DHCP settings in the basic settings section of your config-uration utility or in a section named DHCP. Some wireless routers have a specific entry for the maximum number of DHCP users, as shown in Figure 4-4. Other wireless routers might not have such a clear way of setting this feature, but you can usually change the ending IP address to indicate how many IP addresses you want to give out, based on the starting IP address. For example, if the starting IP address is and you set the ending IP address to, you will be limiting access to nine DHCP users.

Figure 4.4

Figure 4-4

DHCP User Limit

AP Isolation

AP isolation, also known as Publicly Secure Packet Forwarding (PSPF), is less common than other features found in wireless routers. When enabled, it isolates each user from the other users. This gives some extra security to the hotspot users by preventing people from accessing shared files of other users.

You usually find this feature in the Advanced Wireless settings, and you usually can simply turn it on and off, as shown in Figure 4-5.

Figure 4.5

Figure 4-5

Example of the AP Isolation Setting

VPN Passthrough

This feature allows virtual private network (VPN) connections to pass through the wireless router. This feature should automatically be enabled by default, and you should have no reason to disable it. VPN connections allow users to securely connect to remote corporate networks via the Internet. They are also useful on hotspots to encrypt the user data that is passing through the public hotspot. Just to make sure, you should double-check that this feature is enabled on your wireless router. You might find this feature in the Misc. or Security section of the configuration utility, as shown in Figure 4-6.

Figure 4.6

Figure 4-6

Example of the VPN Passthrough Setting

Access Restrictions

Most wireless routers enable you to specify the days or times that you want Internet access to be available. Suppose that you want people to use the hotspot only during normal business hours. You can easily set up the wireless router to offer Internet access only Monday through Friday. Then, if the wireless router supports it, you can set it to be available only from 9 a.m. to 5 p.m. during those days.

You might find this feature in the Access Restrictions section, as shown in Figure 4-7, or with the filter settings of your wireless router admin utility.

Figure 4.7

Figure 4-7

Example of the Access Restrictions Setting

Blocked Services

Wireless routers allow you to block certain services—such as FTP, POP3, and Simple Mail Transfer Protocol (SMTP)—from passing through the router. You can do this by blocking the ports used by the application you want to prevent, such as ports 20 and 21 for FTP, port 110 for POP3, and port 25 for SMTP. You also might want to block certain services to prevent illegal activities, such as spamming, or the usage of certain file-sharing programs.

You might find this feature in the Access Restrictions section, as shown in Figure 4-8, or with the filter settings of your wireless router admin utility. All wireless routers differ in the way you set this up, however. If possible, block all ports (services) except for a few, just to be on the safe side. You might be able to edit a list of approved ports, rather than making a long list of ports to block. Allowing only the following ports might work in your situation:

  • 80 for web browsing (HTTP)

  • 443 for secure web browsing (HTTPS)

  • 110 for e-mail retrieval (POP3)

Figure 4.8

Figure 4-8

Example of the Blocked Services Setting

Remote Router Access

Your wireless router should support remote access or management. This lets you easily access the configuration utility via the Internet to check the status and change settings when you are away from the hotspot.

You can usually find this feature within the Administration section of your wireless router configuration utility, as shown in Figure 4-9. By default, this feature is disabled. If you have the option to use SSL access (HTTPS), you should. In addition, to provide more security, some wireless routers might allow you to give remote access capability to only a certain IP address.

For example, if you know that you will access the hotspot configuration utility only from home, you could input the IP address of your home Internet connection.

Note - Make sure that when you reference an IP address, it is a static IP address. If you have a dynamic IP address (which changes frequently), you can use a service such as Dynamic DNS to obtain a domain name (such as to use instead of your Internet IP address. This domain name will automatically point to the current IP address of your Internet connection or network. You can sign up for the service at Then make any required changes on your network.

Linksys wireless routers have a special section in their web-based configuration screens where you can input your DynDNS account information.

Then, only people from your home network would be able to remotely access the hotspot configuration utility. However, this feature is not crucial because someone would also need to know your wireless router password to access the utility.

Figure 4.9

Figure 4-9

Example of the Remote Router Access Setting

Web-Based Configuration Utility Access Server

Some wireless routers allow you to choose which type of server you use to access the web-based configuration utility. If you can, use an HTTPS (SSL) server. SSL encrypts the data between your computer and the internal web server of the wireless router. If you do not use SSL and you log into the configuration utility the default way (HTTP), anyone who is using the right tools can retrieve your wireless router password when you log in.

As Figure 4-10 shows, this feature might be in the Administration section of your wireless router configuration utility.

Figure 4.10

Figure 4-10

Example of the Web-Based Configuration Utility Access Server Setting

Backup Configuration

After spending all this time configuring your wireless router, save the configuration. Then, if you have problems later and need to do a hard reset, it will take less time. You could just point to the backup file and load the saved settings, rather than reconfiguring all of them.

This feature will likely be in the Administration section, as shown in Figure 4-11, or the Tools section of your wireless router configuration utility.

Figure 4.11

Figure 4-11

Example of the Backup Configuration Setting

Congratulations! You are finished!

Chapter Review

Solution 1 does not provide real "hotspot features," such as user control and management, and web page redirection or splash screens; however, this solution is inexpensive and might work when only simple Internet access is required.

Keep in mind the following:

  • Use the particular wireless router that is recommended in this chapter.

  • Refer to the tips and recommendations when setting up your wireless router.

Copyright © 2007 Pearson Education. All rights reserved.


Copyright © 2008 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022