Need wireless setup for hotel

[Gravity]

A friend of mine has a holiday inn and wants to get wireless. Local cable company wants 10k plus 8 bux per room per month.

I told him that he should go wireless and that I'd do it (grin).

What kind of hardware should I suggest? He's got a commercial cable connection into the hotel but only in the office. Can I set up a wap and some repeaters and be good to go?

He has 89 rooms total, two buildings, two floors. Buildings are pretty close to one another.

Thanks,

 

[Garion]

Wireless is exceedingly difficult for a hotel. By definition, you've got a bunch of different people with different wireless cards coming into the place. It's hard to setup standards, WEP encryption, etc. The big catch is, how do you tell the difference between a guy in room 304 or a guy in the parking lot? You can't, anymore, not care about that - If YOU provide the connection, you become liable for it's use, unless you can prove who did it. If John Q. Hacker in the parking lot tries to break into the CIA, you're in big trouble.

In reality, providing the access (either wired or wireless) isn't the hard part. The difficult part is providing an effective and reliable bill-back system so that you can charge for the access to make it pay for itself. It's definitely NOT something that you want to try to roll on your own - The access control, security systems and billing systems are very sophisticated and probably not something you want to mess with. I wouldn't go with the local telco, however - Look for a company that provides this kind of service commercially. A lot of hotels have Ethernet in the rooms or you could go with some kind of pay-as-you-go wireless system like you see in airports or coffee houses nowadays.

- G

 

[Gravity]

Thanks for the response. This guy isn't interested in billing customers, he just wants to give them access. Also, he's already contacted one of thos hotel vendors and they want 10k per month plus setup. The wired peeps want $8 per room and another 5kmonthly so he wants a cheaper deal. I was looking at lynksys for a router and at least one repeater to make the wireless connect through both buildings.

I don't think he's concerned about having the connection "out there" or encrypted. I'm not aware that other hotels that offer free access are either. I've seen their server rooms and the wiring is a rats nest. The riaa would have a heck of a time finding out what person in what room connected through dhcp to get what ip addy.

Anyways, thanks for your reply.

 

[JackMDS]

Well it seems that you know it all.

What we can do for you?

 

[Garion]

I think you missed my point - If YOu provide Internet access, you are directly responsable for what's done through your connection. If someone is running Kazaa in the office next door on your wireless connection, the RIAA is going to go after YOU. Not him. Your circuit=your responsability.

- G

 

[Gravity]

I'm not sure he realizes that or wants to consider the consequences. He's a bit of a bubba.

What I'm looking for is an idea for what kind (brand/model) of router, repeater to use and how perhaps to best go about setting up this arrangement.

I'm sorry if I gave the impression "I know it all", I know very little on the topic, hence, my humble request to the community here. I used the configurator on the Dlink website and it says I can do it for under $200. I'm not sure that this configuration will be sufficient.

Again, thanks in advance.

 

[wjsulliv]

Your safest and most customer friendly bet is to go wired to each room. Just setup a router and hubs and connect those rooms. Wired will actually service more customers as more people have wired cards then wireless ones.

If you have to go wireless, a router with a series of access points should do it for you. Figure that each access point has less than 300 feet of circular coverage (given the nature of hotel structures I would use a number more like 100 ft) and calculate how many access points you need. Then just configure and wire them into the router.

The safest way to do wireless based on what you are talking about would be to setup a specific SSID fo rthe network, turn off the broadcasting of the SSID, enable 64-bit (sometime referred to as 40-bit) WEP, rotate the WEP key ever 2-4 weeks and ofcourse sercure the passwords and access to the routers and access points. Otherwise your friend is asking for serious trouble... Heck if I knew where this was I'd sit in the parking lot and take over the network for my own personal use, totally shutting out all his customers

 

[Gravity]

Originally posted by: wjsulliv
Heck if I knew where this was I'd sit in the parking lot and take over the network for my own personal use, totally shutting out all his customers

I thought of putting a warchalk tag on the hotel so peeps could get access.

Question, if we do the encryption thingy, we would have to allow the guests to sign on. That would mean telling them how to access the network, right?

He wants them to get easy, immediate access with little to no hassle. BTW, there are a number of hotels where I stay that have unsecure wireless nets for customers. You could pull up outside the lobby and do exactly as you describe. It's not that fast so not sure it's worth your time. These nets exist all over and they are not secure.

Thanks for the info!!

 

[gunrunnerjohn]

Personally, I'd just run a wire to each room and have wired access. It's really much easier and more reliable than wiring a large area like a motel. Obviously, with your own network, you wouldn't be paying extra for every connection...

 

[JackMDS]

Repeater is not a solution since it cuts the Bandwidth into half, and you can not use more than one repeater. I.e. low cost Repeaters do not daisy chain.

There are few good ways to go with Wireless solution for such a setting.

However most of them would be expensive, and thus will not compete with the Cable company offer.

The best Wireless solution is totally dependent on the envioroment (which is not known to us).

I would install CAT5 cable to spots in the building-s and install Access Points at the one end of the Cable, plugging it to a central switch to the Internet source.

It is impossible to decide how many APs spots you need, and where to install them without surveying the Site.

 

[samuraijake]

Let's call the building with the cable internet access building A. The other building we'll call building B. The wireless implementation really does depend heavily on the layout of the site, so we'll have to assume some things.

We'll assume 45 rooms per building, and about 23 rooms per floor. You could place access points on/in the ceiling in each hallway. Depending on the length of the hallways, you will certainly need more than one AP, probably more like thre, this to ensure a good signal in each of the rooms. If you use Power over Ethernet to power the APs, you can eliminate the hassle of finding an AC power source for each AP.

Let's assume there are three APs per hallway so we have six APs in building A and six in building B. All APs in the hallways will run in gateway mode. All six APs in building B would have to be wired into a network switch residing in building B. Also connected to the switch in building B would be an AP running in bridged mode with a high gain directional antenna.

This bridged mode AP in building B will associate with another bridged mode AP in building A [also with a high gain directional antenna]. The bridged mode AP in building A will be connected to the LAN in building A which includes all six APs in gateway mode plus the cable internet connection.

The quality of antenna will depend on the location of the bridged mode APs. The more building walls, trees, etc you need to go through, the higher the gain rating must be. An 8 dBi antenna should be sufficient [they are rated around 6 miles line of sight]. You'll need one at both ends.

Security options are up to you, as are security violations your responsibility.

This solution is purely speculative and I have never tried anything like this. Comments on the feasability of such an application are welcome.

 

[Goosemaster]

1. I would not recommend wireless as from what I have read, you do not have the knowledge and backround to effectively create a network that will provide easy access to only YOUR clients and keep adaquate logs for the hotels protection. Neither do I....with wired yes...I have still a lot to learn about wireless.

2. If You DO go with wireless, I recommend you get some higher-grade equipment than linksys. At LEAST get an Orinoco AP 500 or 1000. It is a higher-grade AP that allows for multi-AP management and MUCH BETTER LOGGING.


3. Also consider what server you will be using at what permissiions and conforgurations you will be using. You need to get a nice firewall or program or device, and filter out all crap such as default Kazaa, edonkey win mx etc ports etc.

4. Finally, I would imagine that bandwidth limiting will be necessary. YOu want peopel to access pages, e-mail..not download from Kazaa @ 150KB/s. I would leave port 80 and 21[ open from Lan to wan ONLY].


I would recommend you have someone else set it up, but not RUN it.
Get them to wire everything, and then setup a nice server running something easy to administer such as win2k server or server 2003. Then use ISA firewall or whatever.


Just remember, it would suck for your friend to be suid by the RIAA because he truted you.


The first rule of offering an alternative to a more expensive offer:

Even though you are doing it for cheap, do it right or leave it to the pros.

 

[tallman45]

First recommendation is consult with an attorney to go over what you and your friend can be held liable for.

Each user or guest would need the Wap code. Once they have it they could access to the network, and worse anyone else who is on that network. Thinking about skipping encryption, then sit outside the hotel with a wireless sniffer and get all kinds of data from your guests.

It can be done, I believe Starbucks has a free low bandwidth service availabe. There is also a service available (802.11b and bluetooth ?) in Foley Square (NYC) that is a pay as you use service. It will be a more administrative after turn up than anything.

 

[Gravity]

Originally posted by: Goosemaster


Just remember, it would suck for your friend to be suid by the RIAA because he truted you.


The first rule of offering an alternative to a more expensive offer:

Even though you are doing it for cheap, do it right or leave it to the pros.

Goosemaster, thanks so much for your information. I have found your post and the others above very informative and most helpful. I wonder about the other hotel nets that I have used in the last year. They don't filter anything that I can tell, in fact, even my vpn's work through their net. I'm still unclear about the liability the hotels might incur based on folks using p2p nets and the like.

I'm leary of WAP and WEP since I know that the whole purpose to the service is to give his customers free, easy access for their business purposes. Most users that I've seen barely know how to turn on the machine and plug in the wireless card let alone configure a password the for the net. However, I do understand the value of that process and the security of the network.

Essentially, he's not concerned about the guy in the parking lot sniffing or the neighbors that might log in to use the net, he wants to provide the service to the hotel guests. I'll caution him about these concerns and guage his reaction. Perhaps then he'll understand the much higher cost of providing this access to his customers through the "pros" as you call them. The quotes he's gotten so far are very, very high and for his small business I think he'd rather do without.

Again, thank you all for your information. I love this community!!

 

[tallman45]

He should be very concerned by the hacker in the parking lot who may 'acquire" say a customer database or access into some other secured site. Remember that it will be the hotels IP address that will be identified.

Some sort of account logging will likely be necessary so that you will be able to track back the events of a particular user. Just out of curiosity, what hardware/software,etc was proposed by the vendor who offered to do this for $10k.

 

[Goosemaster]

Originally posted by: tallman45
He should be very concerned by the hacker in the parking lot who may 'acquire" say a customer database or access into some other secured site. Remember that it will be the hotels IP address that will be identified.

Some sort of account logging will likely be necessary so that you will be able to track back the events of a particular user. Just out of curiosity, what hardware/software,etc was proposed by the vendor who offered to do this for $10k.

Exactly. Just because your uncle doesn't find intruders dangerous does not mean he will not have to deal with the liability of his connection. Just because he is in charge does not immediately make him an expert on what he thinks he "needs." He wants "internet acess," but whomever is responsible for the work should install, and charge for applicable security equipment/software.

Do NOT be "leary" of WEP(WPA is too new so support is lacking from I have seen..don't trust me on that)
Encrytion ensures your customers that they can use your connection with turst. I would not want 10 angry customers banging at my door because some parking lot theif just cleaned out their bank accounts after sniffing their packets.




1. Do NOT use wireless overall. The more inofrmation you give us, the more we fear for the customers safety.

2. I would recommed have a sort of "hotspot" perhaps in a courtyard or something, but configured AS RESTRICTIVELY AS ALL HELL. We are talking letting in port 80 ONLY and Massive and detailed logging too.

3. Use WIRED to the rooms. It's cheaper and easier to manage securely.

4. Use bandwidth limiting. Once again, this is so they can surf or do work online...not download @ 150KB/s


I'm sorry for being an annoying bastard, but you must understand that the overzealousness of intallers has left many networks very vulernable. I am pestering you i nthe hopes that you not follow that path.

Do it well, or don't do it at all


Wired to rooms...wireless in a courtyard :beer:

 

[treetop]

here's one recommendation that might make it easier on you and your friend to block out unwanted bandwidth hoggers, but would require some work and effort on your part.

some AP does MAC address filtering, so what you can do is ask each customer for their wireless NIC MAC address, and manually update it to the AP. granted it's not convient, but it does offer a cheap alternative and also log tracking, in case you ever needed.

 

[Goosemaster]

Originally posted by: treetop
here's one recommendation that might make it easier on you and your friend to block out unwanted bandwidth hoggers, but would require some work and effort on your part.

some AP does MAC address filtering, so what you can do is ask each customer for their wireless NIC MAC address, and manually update it to the AP. granted it's not convient, but it does offer a cheap alternative and also log tracking, in case you ever needed.

Remember that MAC addresses can be spoofed.