Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Coworking space - optimising and (remote) managing a Voom Gig1 business broadband with static IP

namecaps
On our wavelength

on ‎12-03-2023 16:01

Hi All,

I've recently signed up for a Voom Gig1 business broadband service with a static IP.

I've been supplied the latest Hitron Chita modem.

This service is being used to supply free wi-fi to a number of small businesses in their own offices, plus a coworking space.

I'm very keen to discuss good/best practices regarding how best to provide and secure this service for multiple small businesses and individuals.

What I've learnt/done so far:

1. I've immediately invested in a 3-pack TP-Link Deco X50 AX3000 Whole Home Mesh WiFi 6 System. I've set this up (at speed), and it appears to be working well. I expect to be having to invest in more of these, in the Deco range, in order to reach all the parts of the premises that I need to, using both wires and wireless to connect my mesh devices together.

2. For (technical) reasons I don't fully understand, it's not possible to put the Hitron Chita into modem only mode ("RG Function") when you have a static IP (see: https://community.virginmedia.com/t5/Networking-and-WiFi/Hitron-No-option-for-modem-mode-RG-function...). I don't know if this going to cause problems or not?

3. When I setup the X50 pods using the TP-Link Deco app, it asked me to choose whether my IP is static or dynamic. I chose Static, and am 99% sure I entered all the correct (IP address, subnet, DNS, etc.), but I couldn't get an internet connection. So I ran the setup again, this time I chose the Dynamic IP option, and this time I COULD get an Internet connection. So it's great that it's all working, but I don't know if I should have persevered with the Static IP setup option.

4. I really want to be able to manage/monitor my network (i.e. the router) remotely. I was hoping that I'd be able to do it with the X50 that is plugged into the Hitron Chita modem. I can see instructions for enabling remote management with TP-Link devices here: https://www.tp-link.com/us/support/faq/1553/ - but this option is NOT available in the web dashboard settings for the X50. So it looks as if I'll have to invest in a compatible tp-link router to achieve this.

5. When all of the above is settled down, I want to ensure that the entire network is secured and optimised to (effectively) public use. In other words, on the one hand it should be a great, easy experience for our tenants to make use of it. On the other hand, it needs to be sufficiently secure, locked down, etc. so that neither internal or external actors can easily abuse the network and/or the devices attached to it.

OK, so quite a lot to process there!

I'm keen to compare notes with anyone else with the challenge of setting up a static IP Virgin business broadband service for multi-tenant usage.

Thanks!


0 Kudos
3 REPLIES 3

legacy1
Alessandro Volta

‎12-03-2023 16:24 - edited ‎12-03-2023 16:26

Using consumer equipment is going to limit you in ways of securely by a flat LAN setup where everyone is on the same subnet without VLAN's SSID's so your trusting everyone behind the router.
Look get Zyxel stuff and AP
https://www.zyxel.com/uk/en-gb/products/vpn-firewall
https://www.zyxel.com/uk/en-gb/products/next-gen-firewall

Static IP on business can change but is said not to and is done by GRE tunnel which VM will not tell any one how to do with their own router as for modem only mode you can only get a Dynamic IP that does not change for months/years and you can track it by DDNS if needed.

---------------------------------------------------------------

BQM, Test for outgoing ports and SSL/L2TP VPN test

namecaps
On our wavelength
In response to legacy1

on ‎12-03-2023 17:30

Thanks for your feedback Alessandro .

Yes, I totally understand your point about the trust issue with everyone on the same subnet.

BUT... the challenge here is that we're running quite a low-medium budget operation, i.e. with low-medium budget clients.

My observation is that once we go from consumer to business equipment, then the price jumps considerably, which will probably be out of our reach, i.e. our clients aren't paying us enough for us to be able to invest in business-grade products and services.

Therefore my objective is to

1. Do the very best we can with consumer-grade equipment.
2. Give clear and honest guidance to our users about the security risks they may be exposing themselves to by making use of this (free) service.

So any advice we can get about consumer-grade solutions for a coworking space will be much appreciated!

0 Kudos

Tudor
Very Insightful Person
Very Insightful Person
In response to namecaps

on ‎12-03-2023 18:31

Take a look at the Ubiquiti UniFi range of equipment, it’s high end pro-consumer.


Tudor
There are 10 types of people: those who understand binary and those who don't and F people out of 10 who do not understand hexadecimal c1a2a285948293859940d9a49385a2
0 Kudos
Top