Small hotel network building

[joels]

Hey everyone,

We are building a small hotel covering a large and difficult to manage area in China. I'm trying to get things organized in advanced for all the network systems required and imagined that there'd be some great advice on this forum. Here's what it looks like:

- Total size= 600sqm
- Total rooms= 12, with multiple public areas and gardens

- Each of the 12 rooms needs a gigabit connection for general use, and another one to the TV system for access to the media server

- Wifi must cover two public areas and one public rooftop, as well as all bedrooms and two main gardens

- Two fiber connections will be accessible to the hotel, about 10mbps each at least, one for public access and one separate one for hotel guests

- The hotel guest connection should be directly a DD-WRT capable router allowing stable VPN access for everyone on that network

Can't think of what else is needed. We currently have the exact same kind of setup using a mix of apple and netgear routers in a similar 10 room site. Success hasn't been great and the system isn't rock-solid enough. The fiber connection goes straight into the main wifi router, which is linked to another netgear 24+8 port switch, further split to all the rooms and additional netgear wifi routers in 8 different zones throughout the hotel.

Thanks in advance for your input!

Joel

 

[fistv]

Personally your choice of hardware is a bit on the consumer side. I'd look at a real cisco 2xxx or 3xxx series router, stand alone firewall like an ASA into a layer3 switch. Wire the rooms with cat 5e to the same place as the cable TV. I have seen desks with built in power with surge protectors and network ports, they are pretty common in most hotels. Three vlans to start, vlan 1 for the 'hotel systems', vlan 2 for the rooms, vlan 3 for the common guest public areas wireless access points. Personally I never use wireless in my room, it makes me nervous. You could forgo the ASA and get the router with the security pack which will provide a pretty good firewall. Others will offer suggestions but this is about all I can think of off the top of head.
There are probably commercial solutions out there I just don't know about them. Like Point of Sales systems, we developed our own linux based one in house for our store using Radiant commercial POS and it all ties into our corporate DB, on the other hand our Restaurant uses NCR/Aloha on it's own vlan strictly for the very specialized management suite and not having to deal with the PCI compliance issues, that's Aloha's problem.

 

[stevech]

Hey everyone,

We are building a small hotel covering a large and difficult to manage area in China. I'm trying to get things organized in advanced for all the network systems required and imagined that there'd be some great advice on this forum. Here's what it looks like:

- Total size= 600sqm
- Total rooms= 12, with multiple public areas and gardens

- Each of the 12 rooms needs a gigabit connection for general use, and another one to the TV system for access to the media server

- Wifi must cover two public areas and one public rooftop, as well as all bedrooms and two main gardens

- Two fiber connections will be accessible to the hotel, about 10mbps each at least, one for public access and one separate one for hotel guests

- The hotel guest connection should be directly a DD-WRT capable router allowing stable VPN access for everyone on that network

Can't think of what else is needed. We currently have the exact same kind of setup using a mix of apple and netgear routers in a similar 10 room site. Success hasn't been great and the system isn't rock-solid enough. The fiber connection goes straight into the main wifi router, which is linked to another netgear 24+8 port switch, further split to all the rooms and additional netgear wifi routers in 8 different zones throughout the hotel.

Thanks in advance for your input!

Joel

Pay for a design from a subject matter expert. Security and isolating guests from back office business systems is top priority.

 

[htismaqe]

Agree with both fist and stevech.

You're building a business in China. You need security first and foremost. Use better gear (Cisco, Juniper, etc.) and hire someone to secure it for you. Make sure that your consultant is familiar with regulatory issues in-country. For example, you can't just slap a VPN-capable DD-WRT router into your hotel. It could possibly violate Chinese law.

 

[joels]

Yes this is exactly what I was talking about. Definitely want to be using better hardware and isolating the guest and hotel systems properly.

I don't properly trust many of the consultants here to do what I want properly. They are used to different standards and often have a pretty poor tolerance for failure. So we would be using outside help from outside of China. As for the DD-WRT router, doesn't need to be DD-WRT. Definitely don't care about the BS about law. We need real internet. And none of these things are an issue in China.

As for the desks with cable links built in, yes they are common --- we'd be building them into antique-looking stuff, so potentially not what I had in mind but we'll see. Those are small details. Any other really cool features we could integrate?
Right now we are running plex on hacked appleTV's in each room to moderate success. Hundreds of movies always accessible! That also means that airplay works great from any airplay enabled stuff. But if you guys have other ideas on other port/cabling/equipment options I'd love to hear it. 12 rooms means most things are possible to integrate.

Interesting stuff!

 

[fistv]

Keep in mind, access points come in two flavors, managed and standalone or SAP. The managed need a controller, are faster to deploy and reconfigure the controllers are pricey, around a $1-2K. The SAP's are configured then deployed and from that point on can be configured remotely. As far as deploying TV in a hotel, out of my scope but I do know that amazon fire TV is giving apple a fit and at $99 is not out of the ballpark compared to AppleTV. The only issue I see that could be of concern is China may not let you bring in Cisco security systems that have not had a back door installed for state use.
If you are going to build a router consider a PC based router, you can add multiple physical interfaces for vlans, pick up a HP G5, G6 or G7 2 or 3U rack mounted server off of ebay, they generally come with at least 4 nics, dual power supplies, hot swap drives, etc for reliability and are linux supported from HP, in fact you can download various linux releases from HP that have all their drivers already in there. Check out pfsense, https://www.pfsense.org/, I downloaded it a while ago then bought two cisco 891W's so it got put on the back burner, I planned on installing it on a DL360 I have handy. It looked interesting.

 

[joels]

Ah very interesting

I'm currently watching the fireTV with anticipation. So far it's plex implementation doesn't look promising. However, I'm hoping for the cubox-i to be the next big thing for plex. Technically it's just a majorly beefed up raspberrypi - but now looking into it more the v2 raspberry handles everything under 20mbps streams beautifully, so this might be my new answer.

As for other networking hardware, the thought of configuring a pc-based router looks daunting for a few reasons. The main one for me is just space. Our networking closet-space is so limited that I'd love to just get something integrated and simple.

So far all the responses give me the impression that either a) I'm thinking things too small and simple or b) you guys are assuming far more complexity than is needed. So just to summarize our usage:

- during the day, there are generally 5-10 people with laptops/phones on the premises

- at morning/nights there can be as many as 30 guests on the site accessing either the media server for movies or using the net on their phones/laptops

- our staff are typically accessing the administrative side of the hotel from one single lobby computer

This make sense?

 

[stevech]

Separating your back office LAN and guest's LAN/WiFi, is NOT a WiFi product issue. It's architecture. VLANs, or better: two WAN connections- one for guests to stream porn on.

 

[joels]

Yes I understand that.

At the present location there are simply two connections coming into the building and splitting to two entirely different networks running different hardware. I agree that it could be done better this time around and split things according to function more on vlans. So I'd be interested in seeing what kind of hardware is needed for doing that easily.

I have a feeling that this time around I'd like to put door entry systems and surveillance on one level, another separate level for admin/front-desk/printing, one level for guest wifi/room-ethernet and finally another for the media server connections in all the rooms. Although, I'm not sure if separating media server access from the guests' wifi means that it will screw up airplay access to all the televisions. ??

 

[fistv]

Two routers, one for each fiber, one router dedicated for company stuff, wireless not required. Second for customers, vlan1 for rooms, vlan2 for guests in the lobby, bar, rooftop, etc. Router 1 and 2 have NO connection.
Router 1, dedicated switch, pc's, company servers, etc. Security system and video cameras on this network. No wireless devices on your internal corp network, period.
Router 2, dedicated switch, wireless access points, guest smartphones, pads, wireless laptops. Streaming to rooms on this network as well as room connectivity for guests.

 

[chadster766]

Hey everyone,

We are building a small hotel covering a large and difficult to manage area in China. I'm trying to get things organized in advanced for all the network systems required and imagined that there'd be some great advice on this forum. Here's what it looks like:

- Total size= 600sqm
- Total rooms= 12, with multiple public areas and gardens

- Each of the 12 rooms needs a gigabit connection for general use, and another one to the TV system for access to the media server

- Wifi must cover two public areas and one public rooftop, as well as all bedrooms and two main gardens

- Two fiber connections will be accessible to the hotel, about 10mbps each at least, one for public access and one separate one for hotel guests

- The hotel guest connection should be directly a DD-WRT capable router allowing stable VPN access for everyone on that network

Can't think of what else is needed. We currently have the exact same kind of setup using a mix of apple and netgear routers in a similar 10 room site. Success hasn't been great and the system isn't rock-solid enough. The fiber connection goes straight into the main wifi router, which is linked to another netgear 24+8 port switch, further split to all the rooms and additional netgear wifi routers in 8 different zones throughout the hotel.

Thanks in advance for your input!

Joel

This sounds like a production facility and may require an enterprise class router. So I don't recommend DD-WRT.

For this application I recommend at minimum a CISCO1921-SEC/K9 (includes IP SEC License) and the related SmartNet. Cisco will then implement the router's custom config as best they can. Which they have considerable expertise at.

If cost isn't an issue then you can add two EHWIC-1GE-SF for the fiber connections. Your Vendor's Cisco partner can help you will that.

Or

You can purchase Fiber to Ethernet transceivers at a lower cost.

Place AP where needed. LAPN600's are nice.

Once you decide on what your main router make and model is going to be. Then the rest of the network will continue in the same performance standard from my experience. Budget depending of course

 

[stevech]

This sounds like a production facility and may require an enterprise class router. So I don't recommend DD-WRT.

For this application I recommend at minimum a CISCO1921-SEC/K9 (includes IP SEC License) and the related SmartNet. Cisco will then implement the router's custom config as best they can. Which they have considerable expertise at.

If cost isn't an issue then you can add two EHWIC-1GE-SF for the fiber connections. Your Vendor's Cisco partner can help you will that.

Or

You can purchase Fiber to Ethernet transceivers at a lower cost.

Place AP where needed. LAPN600's are nice.

Once you decide on what your main router make and model is going to be. Then the rest of the network will continue in the same performance standard from my experience. Budget depending of course

Is it in the policy of SmallNetBuild to have a manufacturer repeatedly pitching their products to forum users?

I don't care for it.

SNB needs to avoid bias per its charter.

 

[chadster766]

Is it in the policy of SmallNetBuild to have a manufacturer repeatedly pitching their products to forum users?

I don't care for it.

SNB needs to avoid bias per its charter.

I'm here to help and advise the same the Asus rep is.

By the way Cisco is no longer involved with Linksys. Linksys is owned by Belkin now.

I recommend one Cisco product and one Linksys product.

I'm a official Linksys rep here but I'm also an independent contractor and always try to be impartial and unbiased

 

[azazel1024]

Out of curiosity, what problems are you having. Unless I missed it, you haven't shared that.

That might help us figure out what gear and setup would best serve your new setup. Is it a total number of user issue? Is it wireless congestion/throughput? router lock-ups? Access issues?

 

[joels]

Wow some great tips. Yes I feel like I need some very specific listing of parts to order, so as to simplify this whole process. Seems like so many variables of different components, although everyone generally agrees on the architecture right?

I'm not so clear on those cisco fiber cards that plug into the cisco 1921 router though. Our connections are limited to 20mbps (at the moment) and are supplied with fiber to ethernet boxes. Is there an advantage to using those cards over this?

Yes as for the problems we've had, just typical issues you normally see on large home networks. Occasionally speed problems, sometimes devices that connect frequently to one wifi signal can suddenly not connect. Also the way the wifi access is spread through the property with 6+ net gear routers doesn't seem to be terribly intuitive. Sometimes it isn't obvious which one to connect to, and frequently when users are having a problem connecting to them it is because one might have to be rebooted.

I guess I'm not exactly clear on obvious problems with the set up, which is why I've come here to lay out the landscape of the project and see what you guys think best fits it. My inclination is to do what I've done here (treat it as a large home) but this time around beef up the hardware some.

 

[stevech]

Wow some great tips. Yes I feel like I need some very specific listing of parts to order, so as to simplify this whole process. Seems like so many variables of different components, although everyone generally agrees on the architecture right?

Suggest you pay a competent pro for a security design and a capacity fairness design.

 

[joels]

Yes I'd like to do it that way. Most of the places I can buy a lot of these fancy cisco parts, they'll happily arrange the plan and configuration for me. But then I notice that their computers are all running a hacked up windows XP .. .... so -- yeah.

I'd love to just be able to do it myself, but you guys would be a good judge of whether this is over my head, assuming I've only ever worked with consumer-grade equipment before.

 

[Cloud200]

Lets start from your client infrastructure first then move on to core.

For the Access points;
a. Centrally managed. You don't want to have to spend 45 minutes logging into every single WAP just because you need to make a single change.
b. Has an outdoor product. Keeping in line with req a, you don't want different configs for your indoor and outdoor.
c. Is powered by 802.3af or 802.3at POE. Standards are good, even if you have to spend a tiny bit more to stay with them. For POE it allows you to use any POE switch off the shelf in the event of a catastrophic failure.
x. VLANS, QOS, Rate limiting, Zero Handoff, etc. Those are all something while nice, can be pushed off onto another device.

Some devices (but not everything on the market);
Open Mesh OM2P-HS
Ubiquiti Unifi line. Major caveat. You must get the instant 802.3af adapter to use the UAP, UAP-LR, UAP-Outdoor, UAP-Outdoor5 devices with a standard POE switch. All the other models work with 802.3af and 802.3at.
Zyxel NWA3000-N Series using 1 AP as a controller, NWA5000 Series or AP 5120 Series using an NXC2500 controller.
Engenius EAP series with the EZ Controller software, Neutron Series with the controller switches. Again, avoid the models that use "Proprietary PoE Design"

There are other devices and series like the Cisco WAP121 that support 802.3af and are manageable from a single point but do not have a product that is outdoor rated. Or support POE and have outdoor units but are not centrally managed. There are enough options out there that you can safely ignore them and move on.


Now that we have the WAPs narrowed down we can move on to your switches. From personal experience I suggest getting a 10/100 POE switch that has gigabit uplinks. Gigabit for guest wifi is overkill. Get something that is managed as well. Even if all you use it for is rebooting APs remotely that is more than enough of a reason to get a "Smart" switch.

Some devices that would suffice;
HP JG539A
Cisco SF200-24P
DLink DES-1210-28P
Netgear FS728TP

Whichever Switch you are getting for your WAPs you will be getting in the same series (for ease of config) but trading gigabit for POE.



Right now I have to run, but will return tonight or tomorrow with some suggestions regarding the routers and some basic wiremaps.

 

[stevech]

Yes I'd like to do it that way. Most of the places I can buy a lot of these fancy cisco parts, they'll happily arrange the plan and configuration for me. But then I notice that their computers are all running a hacked up windows XP .. .... so -- yeah.

I'd love to just be able to do it myself, but you guys would be a good judge of whether this is over my head, assuming I've only ever worked with consumer-grade equipment before.

HIRE SOMEONE. It's a business expense. Won't cost a fortune to get a design done. Don't hobby-around with business systems.
Or pick someone here or on some other site and get it done without the overdesign that can come from here.
START WITH SECURITY APPROACH.

 

[joels]

I'll get a chance to go through this all properly in a moment, but I wanted to just clear up one detail that sounds like it might needlessly add to the equipment complexity:

Pretty much all outdoor areas can be covered by their indoor areas just a few meters away. Imagine that there are two bedrooms facing each other, with a 4m-wide yard in the middle. I don't think one outdoor unit in the middle is necessary just for that 4m space. The other outdoor area to consider is the main rooftop immediately above the lobby. Also a similar situation, as I think the wifi coverage in the lobby would easily hit the rooftop just above it.

OK onto checking all your detailed help! Thanks!