Dual SSID on home network with one filtered for kids

[craynerd]

Guys, just registered here as it seemed the best place to ask this and I've been wanting to do it for ages.

I've got two young kids, 6 and 2. They both like using the iPad and android tablets we have, I like tech and I encourage it at appropriate times. I work in a school and we have two network SSIDs staff and student. The student network is much more heavily filtered than the staff and it would be amazing to have that control at home. I want a totally free no restrictions 'home' network and a restricted 'home-kids' network.

This must be possible in some way... I am prepared to buy a new router and any additional kit provided I get a stable system. I'm with sky and currently using their standard black router.

I appreciate their are other ways of restricting access by MAC address and such but they seem messy compared to this if I could get it working!

Any help appreciated

 

[sdifox]

That is enterprise level stuff, you may want to look at used commercial hardware.

essentially you need to setup binding of ssid to vlan then filter on the kids vlan.

you could do this with pfsense if you know what you are doing, but it is not point and click setup.

 

[JoeMcJoe]

You can use pfsense in combination with Ubiquti Unifi (UAP-AC-Lite etc) and by using different SSIDs on two VLANs.

 

[RadiclDreamer]

You can also serve out opendns servers to the kids while you use your ISP, it isnt bullet proof, but it does provide a decent level of protection especially for little kids that dont think to find ways around it.

 

[XavierMace]

Sophos UTM + WAP will also do it and is far more user friendly than pfsense without having to mess with vLan's. But be aware both the pfsense and Sophos routes are probably more expensive than you were expecting. The Sophos box I just built for my parents was right about $300. Add another $120 for the WAP.

I used pfsense for quite some time, but I've become a huge fan of Sophos UTM. It's a far more polished and easier to use product than pfsense although with admittedly higher system requirements.

 

[azazel1024]

Many newer routers allow you to filter just the guest network.

Just look at the features of some of the newer modestly high end routers (AC1750+) and should be able to figure it out pretty quick.

 

[sdifox]

Many newer routers allow you to filter just the guest network.

Just look at the features of some of the newer modestly high end routers (AC1750+) and should be able to figure it out pretty quick.

except that would mean no access to internal resources.

 

[azazel1024]

except that would mean no access to internal resources.

No.

You don't have to setup network isolation. Many newer routers have the option to set routing/DNS by which network is being used.

So you just set the DNS for the guest network to use OpenDNS and set the main network to ISP or Goggle's DNS as an example.

Or for that matter, almost all routers I have seen for the last 4-5 years that allow you to set any white list/black list you can do it by IP address, not simply all or nothing. So just set the kid's MAC's to be assigned a static IP address and then set those IP addresses to use a black/white list.

 

[sdifox]

No.

You don't have to setup network isolation. Many newer routers have the option to set routing/DNS by which network is being used.

So you just set the DNS for the guest network to use OpenDNS and set the main network to ISP or Goggle's DNS as an example.

Or for that matter, almost all routers I have seen for the last 4-5 years that allow you to set any white list/black list you can do it by IP address, not simply all or nothing. So just set the kid's MAC's to be assigned a static IP address and then set those IP addresses to use a black/white list.

Guest access typically provide only internet access, no LAN access at all.


edit. Just saw some guest access allow you to add LAN access to guest. Crazy people...


OP, Nighthawk AC1900 has OpenDNS based parental control, you could go with that, pretty simple. Just like azazel suggested.

 

[craynerd]

Hi guys, it's been nearly a year since I posted this. Sadly, I didn't really understand your replies. I'm fairly capable with computing but some of the things mentioned here are going over my head and don't know where to start.
My kids are a year older and I want to get this into place.

The messages contained lots of could and shoulds but I could do with more clear specifics of what I need to get this done? Has anyone got any more details on how to do this. I'm ready to spend the money once I'm convinced I have a solution that I can implement.

Cheers
Chris

 

[craynerd]

OP, Nighthawk AC1900 has OpenDNS based parental control, you could go with that, pretty simple. Just like azazel suggested.

So this is the r7000 router. Could you explain how the opendns works in this context? If I use the open DNS addresses won't that just block all my devices.

I was specifically hoping to log my kids laptops and iPads through a restricted ssid and mine and my wife's via unrestricted, you see, we want to block Facebook even and that wouldn't be good for us. These things tend to be all or nothing but if we could log to different networks, it seems a cleaner solution.

 

[sdifox]

http://kb.netgear.com/app/answers/d...ental-controls-on-my-netgear-router-using-the

That should do it. No second SSID required.

 

[Rifter]

So this is the r7000 router. Could you explain how the opendns works in this context? If I use the open DNS addresses won't that just block all my devices.

I was specifically hoping to log my kids laptops and iPads through a restricted ssid and mine and my wife's via unrestricted, you see, we want to block Facebook even and that wouldn't be good for us. These things tend to be all or nothing but if we could log to different networks, it seems a cleaner solution.

I have the same router, there are parental controls built in already, so just set them up and you should be good to go.