Hospitality businesses have IT requirements that are different to other businesses. Hotels, motels and resorts require two WiFi networks, one for staff and one for guests. Staff has an encrypted network that connects to the back office computers and Property Management System (PMS) for tasks such as housekeeping. Guests connect to a non-encrypted WiFi network that has a login screen and connects to the Internet. Guests and staff networks are isolated and guest access to the back office computers is blocked.
Guests and staff can connect to one WiFi network, while maintaining the criteria for access. The benefit is that the installation expense of the WiFi network is reduced to half. This may save a big hotel over $50,000 with the WiFi installation cost.
The following description explains how one WiFi network can connect guests and staff.
This example illustrates the configuration using the Guest Internet gateway however a Cisco or Mikrotik #router could be used. The difference between the two alternatives is that the Guest Internet gateway is configured in 2 minutes with a few mouse clicks, whereas the router requires scripts to be prepared to program the router. This may take a few days by a person who is trained to program routers (e.g. CCNA certified). The router will also require an external RADIUS server for authentication whereas the Guest Internet gateway includes the authentication server with the product software.
Wireless access points are installed around the property. Each wireless access point must be configured for two SSID’s. One SSID, SSID1, is not encrypted and provides the guest WiFi access. The wireless access point LAN port has no VLAN configuration for SSID1. The second SSID, SSID2, is encrypted (WPA2) and the wireless access point LAN port is configured for a VLAN, the VLAN tag number chosen must correspond with the VLAN number configured on the gateway.
The default configuration of the Guest Internet #gateway is a DHCP server with a captive portal that displays the login page. The guest who connects to SSID1 will open a browser, open a new browser tab and see the login page. The guest will then provide the login code that the hotel provided.
The Guest Internet gateway is configured to have the wireless access point VLAN number to correspond to the WAN1 port. A staff member who connects to SSID2 will have a data connection with the VLAN number chosen. The Guest Internet gateway recognizes the VLAN number and bridges the connection to the corresponding WAN port, in this case WAN1. The staff computer is then connected to the back office network. When the staff computer makes a DHCP request the Guest Internet gateway passes the request to the back office DHCP server, which responds with an IP address for the back office network.
The Guest Internet gateway has a firewall that isolates the guest and staff connections. Guests cannot access the back office network as the #firewall blocks this access. Guests have no access to the staff data traffic as it is encoded with the VLAN number.
The diagram illustrates the hotel WiFi installation using the Guest Internet gateway. This is a popular installation with many hotels around the world and is much easier to implement than with a router.
Another advantage of the Guest Internet gateway is that it is provided with free #cloud #management. A hotel can outsource the WiFi management to a managed service provider using the free cloud service. A hotel chain IT department can manage the WiFi for many properties using the free cloud management service.
Readers are invited to share this information with others. If any reader has a question regarding this information please contact us via our contact page.