Hotel/Apartment Building Wifi

ChadWorthman
Conversationalist

Hotel/Apartment Building Wifi

I'm looking for advise with 2 similar scenarios:

 

  • Existing building: hotel style with 1 year leases, short term stays over the summer.  65 rooms
  • Under construction: hotel style with 1 year leases, short term stays over the summer.  160 rooms

I've deployed another wifi solution in 2 retirement homes by getting a site survey, placing APs in the best locations, creating the traditional wifi network with a captive portal, voucher based authentication system.  It works ok but there are limitations.  A lot of devices like TVs, media boxes, printers, etc... don't like captive portals

 

For these 2 new buildings, I'm considering a very different approach from what I've used in the past.  The tenants will be heavy network users and will not want any restrictions on what they can connect to the wifi.

 

I'd like a unique SSID per room, either RADIUS or WPA2 authentication, and total client isolation between rooms.    I've been looking at the in wall MR30H APs, but I can't think of an ideal way to create a unique SSID and subnet per room to create isolation.  I also need 1 or 2 building wide SSIDs for door locks, security camera's and the like.  With this density I've been planning on disabling 2.4 GHz right from the start.

 

I've been thinking of using an MX84 for the main firewall, then some non-POE switches for distribution, and then putting a Z1 in every room.  I'd create a template network in the dashboard with a unique tenant SSID and a shared management SSID.  Each tenant SSID could use the same IP addressing.  I'd create unique subnets for each room for the management SSID.  Any equipment connecting to the management SSIDs would use the same WPA key for all Z1s, but get assigned a subnet range dependant on the AP it connects through.

 

Login to the dashboard and every room would be its own unique network in the drop down.  I was thinking I could even create monitor-only admin accounts for the tenants if they requested.

 

The Z1 even costs less than the MR30H.  In an ideal world I could get a Z1 in the physical form of the MR30H, including a POE power supply.

 

Any fatal flaws in this plan?  Am I crazy for deviating away from the traditional central router + many APs?

 

Thanks...

2 Replies 2
SamDaniels
Conversationalist

Hi,

Is your main concern having a SSID for each room or wireless client isolation? The Meraki switches support port isolation in Bridge mode. Not sure if that helps you......  You could also try a Z3 instead of a Z1 if you needed a POE out port for greater functionality.

 

https://documentation.meraki.com/MR/Firewall_and_Traffic_Shaping/Wireless_Client_Isolation

 

 

 

 

Uberseehandel
Kind of a big deal

I have not tried it, with this specific hardware, but I would

  • put each MR30H on its own VLAN
  • set up one unique SSID per MR30H
  • set up an SSID for all the tenants to use in the common areas. Enforce isolation on this SSID/VLAN

so each room/apartment is automatically isolated from all the others.

 

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels