Greetings /r/networking
I am an undead sophomore CS student (My department is named Computer Engineering but our cirriculum is pretty much CS) who is horribly failing at school (since 2010).
After having my family support being cut after dorm/bursary/loan ending too, I ended up working in a hotel as part-time IT.
Sorry for not-so-important personal details, but I thought some background info might help you to understand my perspective & approach at our problem.
So, back to the real topic. When I came here for the first time, the business was using and old hotspot solution with outdated access points deployed on numerous locations of the building.
Due to the domestic laws, we are supposed to log activities of our customers. We had a unix-based central server that serves us as both firewall and also manages captive-portal and logging.
(I am getting to a point where I will reflect my lack of networking knowledge, but here we go...)
At some point, our managers decided to renovate our hotspot system.
We had a contract with our ISP and got their new-shiny(!) Aruba 214 APs deployed.
The problem is, idiots completely ignored the fact that we need a decent NAC solution.
You might wonder where I was when the deal was being made and you are right.
I believe I did my best with explaining how we are supposed to log the usage traffic and we need some sort of integration with our hotel management software.
Seller guy was like "count it done" and all, but once the system went online, I realized they didn't even implement some sort of CRM related verification.
Let me sort our problems in some sort of list to be more clear:
-
Anyone with a GSM number that connects to our AP can get a verification via SMS and get full access to internet connection. This causes literally anyone around our hotel to leech our internet, thus cause unwanted bandwidth usage, speed loss etc.
-
Our foreign customers (around %50 of total customers) may not have their roaming enabled or their GSM service may not have agreement with our ISP, thus no SMS code being sent. This causes them to NOT have internet access at all!
-
One of our meeting rooms is below entrance floor, thus customers trying to login there don't receive SMS for verification, they also can't use the internet.
So, I contacted the customer representative numerous times and also a lot of companies that sells hotspot services. Turns out our ISP just suck about hospitality solutions. We are on the edge about cancelling the contract because what they promised and what we have is completely different. Still, I wanted to find some solutions myself before we cancel the contract (with possible charges)
What I figured out as follows:
-
We are supposed to use some sort of Captive Portal regardless what the verification method is.
-
Our ISP seems to use Faraday Network's "Spectrum" WiFi management solution. ISP finally provided me an access to the interface, but it is lacking a lot. For example, it allows us to set polls and add more user data forms, customized captive portal design to be inserted, but it has nothing related to NAC.
-
When I confronted ISP about everyone can connect our WiFi, they -like a joke- said we can use whitelist/blacklist (and it doesn't even work, I add user GSM numbers excessive usage but it doesn't save numbers on system) which is stupid. Our reception officers can't simply manually add new customers to whitelist whatsoever.
-
So we need some sort of integration with our hotel management software (I will refer it as ModHotel from now on)
-
For logging, we need to have internet usage activity logged with timestamps and also MAC-citizenship number (for foreign guests, we have passport ID similar to citizenship number). This will allow us to provide logs to officials in case of there is a criminal-case.
-
I researched a bit and also talked to sysadmins of our department in school and read about Packet Fence.
-
I think with enough time invested, I can set Packet Fence up in our hotel using manageable PoE switch and 20 Aruba 214 APs. Still, I have a lot of doubts.
I will need to somehow extract customer data from MODHotel's database, using phone number and citizenship/passport ID to match them with their log.
However this seems to be much bigger than what I can achieve, because I will need to set-up both NAC and Captive Portal and also save logs safely.
I dunno where to start even.
Should I just cancel the contract and get our hotspot installed from scratch with other companies that already solved this hospitality-specialized WiFi?
Should I tell our ISP to go f* themselves and use our own software-side solution about authenticating/logging?
For those who will think "well as an IT, you should have known better about how the system will be deployed, no wonder you fail at school lol" well, you are right a bit, but I was really not given any sort of project or responsibility other than managing company e-mail accounts, some simple help-desk tasks etc.
In the end if I was a network specialist, I would not work in a hotel for something slightly more than min. wage per hour.
Anyway, I kind of wanna commit and solve this hotspot thing, but at the same time the reason we got this project performed by our ISP was not being dependent on "IT guy" or anyone else.
If there was a problem, ISP was supposed to be responsible etc.
How do you guys manage your hospitality-focused logging/NAC solutions?
Should I try and solve it alone? Is it worth it?
I think the personal experience would be worth a lot but at the same time I feel like I am nowhere near to be paid when it comes to "expertise and experience" it takes to solve this.
Sorry for unnecessarily long-post, let me hear what you more-experienced networking members think about this specific situation.
Thanks in advance.
(Will add a tl;dr after lunch break if post isn't dead by then.)
No comments:
Post a Comment