First off, there's no reason for you to be using mixed mode in this scenario. Switch to G only on both devices.
Secondly, you'll need to start looking at your SNR ratios on your WAPs. What does the remote one say? What does the local one say? In wireless SNR is really what matters.
Thirdly, I'm not certain why you are using a repeater here. That could explain your poor performance. Sounds like you want a bridge but have configured a basic repeater. All a repeater does is retransmit packets so you will suffer a delay, a big bandwidth hit, and potentially signal loss. You should read up on the difference between a repeater and a bridge.
Lastly, wireless will never be as fast or reliable as wired. So you'll always see some packet loss and extra latency. 10% is pretty high but with the proper setup you may be able to get it below 5% or so. I'd also consider switching to channel 1 or 6. Your little wifi analyzer is blind to a significant amount of noise out there. You may want to move up to enterprise grade WAPs while you're at it. Those Cisco branded Linksys things are really toys. Nice cost savings if they work for you but I would have a spare or two lying around along with exported settings somewhere safe.
No, it is unlikely that device will help.
This is a fairly heavyweight requirement. Fulfilling it involves a combination of techniques, such as physical inspection, network and computer automated/enforced policies, and tools/products such as a wireless ids/ips.
A couple of ids/ips examples:
http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/secwlandg20/wireless_ips.html
http://www.bluesocket.com/media/Bluesecure_IDS.pdf
Reviewing the actual text of the requirement, this can be challenging because an "access point" may be a wireless card (which can function as an AP), a phone, or some other USB connected device.
One possible interpretation is an auditor could conceivably test this by connecting a USB device or phone to a pc, and see if they can get access to your network, and it that is detected and an appropriate response is generated. Some organizations may fail one or more of these tests, so there would need to be "compensating controls" to mitigate the risk.
PCI DSS Requirements
11.1 Test for the presence of wireless access points and detect unauthorized wireless access points on a quarterly basis.
Note: Methods that may be used in the process include but are not limited to wireless network scans, physical/logical inspections of system components and
infrastructure, network access control (NAC), or wireless IDS/IPS.
Whichever methods are used, they must be sufficient to detect and identify any unauthorized devices.
Testing Procedures
11.1.a Verify that the entity has a documented process to detect and identify wireless access points on a quarterly basis.
11.1.b Verify that the methodology is adequate to detect and identify any unauthorized wireless access points, including at least the following:
- WLAN cards inserted into system components
- Portable wireless devices connected to system components (for example, by USB, etc.)
- Wireless devices attached to a network port or network device
11.1.c Verify that the documented process to identify unauthorized wireless access points is performed at least quarterly for all system components and facilities.
11.1.d If automated monitoring is utilized (for example, wireless IDS/IPS, NAC, etc.), verify the configuration will generate alerts to personnel.
11.1.e Verify the organizations incident response plan (Requirement 12.9) includes a response in the event unauthorized wireless devices are detected.
Best Answer
Most routers already support a 'guest' wifi network that is isolated both from the main network and also isolated connected clients from each other.
Certainly a higher end router designed for commercial use will have this ability.
You could 'double NAT' by installing a second wifi router with its upstream port connected to your company network in the location where your guests need wifi access. Configured correctly that provides a high degree of isolation between guests and your company network.