Free Hotspot for our Employees

So due to shitty cellphone signal in our building my boss decided we should create a free hotspot for our employees.
Appart from buiding basic firewall rules what bandwith should i configure per client? First come first served? Or a fair even share between all?
I thought about 3Mbit/s max per Client so 720p Youtube would be possible
Any other suggestion?

I’d say that or just throttle known data hogs

block porn sites and any traffic matching the tracker announce protocol so you don’t need to have weird conversations with HR about weird behavior or MPAA letters later


Throttle that shit down to 480p, most people use youtube for music and that’s fine, but don’t let people watch their stuff at work. They shouldn’t anyway so now they don’t even get tempted. Also saves bandwith.

absolutely correct! it’s a workspace and therefore only SFW-content should be allowed and even then as little as possible. It’s work after all.


Lol. I love how places actually have to block porn at work. Amazes me how people will actually look at porn in the middle of the day. Especially in an office.

Coming from somebody who watches porn too… lmao

broken people need jobs too


Do the employees have any reason to be on their phones during work?

How much total bandwidth are you willing to allocate to this hotspot?

I’d be tempted to expand the blocklist past just porn and torrents to include Social Media (get that facebook botnet out of here) and file sharing sites like Mega and so on…

Its just a nice thing to do. All of our employees work 9 to 5 for 5 days a week. We can not expcect them to work 100% all the time. If it makes to much impact on the work we simply kill the wifi. Since we are buying a seperate connection from a provider we are hoppfully looking at 300-400Mbit/s down and about 50 Mbit/s up for about 400-500 devices.


Good place to work, it sounds like.


At my workplace the only things blocked are Facebook and Instagram. The other social medias are wide open, YouTube is open, Netflix is open, even porn is open. I don’t even think it’s logged either.

1 Like

I’m not trying to make a case against it, just determining if there are hard bandwidth requirements for them to do their work.

Damn, you’re really taking care of your people.

You should look into cellular booster systems that can mounted in building. it basically is a mini cell tower for inside large buildings.

1 Like

We allready got one of those installed. But due to the way our building and offices are constructed you could have LTE in one room and in the next nothing… Thx to some guys from our building department who tought it would be a good idea to hang up 5x5 ft metal plates in order to mount stuff with magnets to them… yes… we have a lot of wireless APs here…

Depends how much bandwidth you have and how many clients you have?

If it’s a “nice to have” convenience thing I’d make it open but with QoS to prioritise things like VOIP so wifi calling works (and as above, block known bandwidth hogs) and leave it at that.

Once you start trying to get too complicated you’ll just end up chasing your tail to try and ensure a service level on a “free” service which is intended to be a best effort nice to have thing…

Essentially what is most important is ensuring that business-ey type things that may be “required” but don’t work over cellular actually work on your WIFI. Rate limits based on user aren’t really the way to do that as if your number of users or network conditions change, your data rate limit per user doesn’t get you what you want.

You want to prioritise based on application. Something like:

  • VOIP/other realtime sensitive applications: realtime priority (say 10-15% of your uplink in total for all users, assuming your uplink is 10 meg or better)
  • Non-streaming Web/mail: bulk priority
  • torrents, other shitware: drop

Maybe have another priority in there for non-realitime “important” stuff, above web/mail.

Don’t make it any more complicated than it has to be. The temptation is there with QoS to try and classify and give commit rates to everything, but try and resist that, it doesn’t need to be that hard.

It is what it is. Some people are thoughtless. If someone is exposed to porn in the workplace it’s a lawsuit waiting to happen.

If you haven’t taken precautions as an employer to at least attempt to provide a safe work environment, you’re liable.

IF something gets through but you can demonstrate you actually tried, you’re a lot better off legally than if you just didn’t bother.

1 Like

Depending on the new connection we are getting 300-400 Mbit/s down and 50 Mbit/s up for 400-500 Clients.

Since we got a seperate WLAN for company owned smartphones with QoS Settings for various RTA I dont care for QoS in our free hotspot.

I think that’s probably not the best way to look at it. You can be more lax about it, but whenever you have a potential 400 clients on a single connection, even if a single client could only take up 1% of the bandwidth, you’ll need a little bit of QoS to make it all run smoothly.

Prioritize voice (sip should be first priority) and video over app store downloads or emails, for example.


If you don’t care about quality of service, then your work is already done; don’t put any limits on anything (what you are proposing with bandwidth limits per user is QoS). However…

That’s about all i’d do as a minimum.

Otherwise you’ll be fielding (more) calls that voice doesn’t work because your enterprise users hopped onto the free hotspot and forgot to hop on the corporate one before making a call or whatever. Or their phone automatically connected to the wrong one, etc.

if you truly want to do it user based, don’t forget that to COMMIT bandwidth you need to make sure it is available. i.e., 400 megabit divided by 400 users = 1 megabit commit each, burst to whatever. Maybe siphon off 10% of it as reserved bandwidth for administrative purposes, etc.

1 Like