For anyone who wants to do this themselves, we provide a brief overview below of the requirements and assume your have proper cabling available or in place (Cat 5e or better and with proper crimps in T568B format). We focus on three categories of how to tackle this project: i) hardware, ii) software and support, and iii) security.

Hardware Requirements

We recommend combining a local WiFi gateway controller — what is known as the “brains behind the network” — with reliable commercial grade access points (APs) that provide strong signal strength. For most cafes, we recommend the Ubiquiti UniFi UAP AC Long Range AP, which is around $100. Regardless of whatever APs you choose, you want those that i) provide sufficient range (ideally, at least -60 dBm or better on 2.4 GHz everywhere you want coverage), ii) are of the 802.11ac standard that can handle both 2.4 GHz and 5 GHz frequencies (especially critical for higher density environments), and iii) are designed to handle a large number of concurrent users without hindering network performance. There are of course additional features, such as zero handoff, that would allow you to more seamlessly roam across APs, but again, these tend to be much more expensive features. Finally, a coax or cable type connection from an ISP is typically just fine, as fiber in certain parts of the country and world can still be prohibitively expensive; of course, the more speed, the better, but this also depends on the number of concurrent devices and what guests will be doing on the network (basic web browsing and email writing or streaming Netflix and YouTube in HD).

Software & Support Requirements

A good gateway controller should include constantly updated software that provides the ability to design custom splash pages, choose authentication methods, set speed and data restrictions for each device, collect real-time customer feedback and do so much more. The captive portal, where guests login, should be responsive and work with nearly any browser and operating system. An administrator dashboard should be able to be securely accessed from anywhere in the world. And it never hurts to have a toll-free 1 (800) number that is available 24/7/365 to assist with any guest support issues regarding the authentication process.

Security Requirements

Have a firewall system (through the gateway controller or another device), and if you want to be extra cautious, partition off your guest WiFi system from the internal local access network (LAN), where you might have point of sale devices, printers, IPTV cameras, etc. You should also enable client isolation (available with certain equipment), which prevents devices on the guest network from seeing other devices on the network. The entire authentication process should be done via HTTPS. Finally, you could implement unique passwords for the sign in process and turn on traffic auditing with layer 7 deep packet inspection — but that might be going overboard for the typical cafe.