I posted earlier about this, and now that we have a deployment plan (thanks to his group), there is one more issue I have concerns about, that others seem not to have?
Secured or unsecured. This is a large hotel, resort, and both the client and my partner agree that a secured network means that the hotel would have to "baby" clients through setups. Sometimes that means, walking to the farthest end of the hotel to set up the wireless...
I, on the other hand, think you have to have some type of WEP. I dont think its that hard, give the customers a key when they check in, if they cant figure it out, then have them bring the laptop to the front desk?
I just think its so unproffesional when a client connects to a network, and they get this big warning that the network is unsecure. I wouldnt want to connect to it, although I probably would though, but I could see where some customers would get really paranoid, and with reason...
Welcome to the modern way of dealing with technology. A friends new Toyota Prius demands that the driver agree to the legal terms of operation before it will start the vehicle. Get used to it.
The light at the end of the tunnel is a fire.
Don't use WEP. It's too big an administrative nightmare. I certainly would not want employees diving into the access point setups to change the WEP key at regular intervals.
You're worrying about the wrong things. The big headache is client isolation or how you keep the clients for attacking each other. Most access points and routers have ways of seperating the clients. However, the hotel staff probably wants to use the wireless for everything from remote video distribution for conference presentations to paging. For those, they might need to go from client to client. Be prepared for some debates over client isolation.
There'a also abuse management. The first guest that arrives with an active worm or spam spewing trojan horse will give you a feel for the problem. How are you going to identify the culprit? How are you doing to block their traffic? Are you going to bang on their door at
3AM informing them that they have a compromised laptop? Your nightmares may vary.
Traffic management is another issue. You cannot run a wireless system wide open, where one file sharing or BitTorrent user can successfully monopolize all the bandwidth. You need to throttle users down to a reasonable level, block inefficient protocols, provide QoS for VoIP users, and generally optimize the system.
Monitoring is another issue. I use MRTG and RRDTool to display graphs of traffic, user count, type of traffic, and usage patterns. You need these because the graphs define what constitutes "normal" operation. When something changes, it will be instantly obvious with a change in patterns.
Lot of other considerations you'll need to deal with on a large system. I suggest you look into system managment software offered by your unspecified equipment vendor. (You won't like the price.)
Don't worry about the guests, worry about the employees. Do you think you can adequately train all of them? Do you think that the hotel will put up with that additional level of talent that would now be required of the employees? Embassy Suites in Denver can't even get the cleaning crew to plug the cable modems back in after they vacuum the room
And stand in line in their jammies? I think not.
In one hotel, I was faced with a splash screen and asked whether I wanted a tightly firewalled connection, or an open connection to the internet. The suggestion was to use the protected connection unless I was using VPN.
I've never been in a public place with working WEP. Every one of them has required a splash screen login. Most are innocuous and could be filled out by anyone. Some are tied to room billing, although I can't remember what the certification was. Some have a "key" that was dispensed as a label on the sleeve for the room key, but that was a splash screen, not WEP.
The only place I've visited with WEP was in the guest area of a business who had a wireless access point with an SSID of the "companyname"-customer, WEP locked. Nobody knew who set up the network, nor what the wireless password might be. Nobody seems to use wireless there. One guy knew where the router was.
They did have an unoccupied desk with a cat 5 cable where they let me connect while I wait.
I didn't get a splash screen. No explanation that I needed a key that was available at the desk. No invitation to log in with my credit card. Nothing.
I don't recall the exact wording but I'll post it next time I have the opertunity. As I recall it didn't give any option other than "approve" or something similar. I guess the choice is to either approve the wholesale repudiation of liability and responsibility, or just sit there and stare at the screen. I don't think there's any way to bypass the screen without hitting "approve".
Incidentally, I spent quite a bit of time trying to get the marginally compatible Bluetooth in the vehicle to pair with the Treo 650 phone. Eventually, I found a workaround on a mailing list, but it still doesn't work right. Verizon says call Palm. Palm says call Toyota. Toyota says call Verizon. Sigh.