WiFi for hotel with 20 floors

Guys, Hi!
Im new to your Community!
Im not a isp or pro, im a newbie.
I have some knowledge about php web programming language and i want to start a new startup in my country.

I will explain what i need and what i have for now and what i plan to do.

My first client is a hotel with 20 floors and 140+rooms. They need a WiFi for bottom to top.
1gbps rj45 is waiting on a first floor.

I want to make a whole automated system which works with this one - https://teklager.se/en/products/routers/apu4d4-open-source-router
(the router will Come with Last version of open wrt)

Ok, if I have the rj45 and the router with open wrt i Will need some other devices that will extend the connection from first AP.
I need cable less scenario and i Will buy the most effectively devices.

I dont know which devices to buy and i write here for suggestions.

The topic is here because im php programmer and i want to build a whole portal to operate with hotels/hostels/offices/hospitalities.

Php language have ssh library that can connect remotely to specific devices like the router.
I want from my portal to create users and passwords with expiration date. (which works with captive portal) with open wrt.
I talk to ruiji and ubiquiti Support but they not have this features for now.

Ok i look around and i think that open wrt have chance for this if is not already ready

As i said every of my clients will have access to their routers from my custom portal to create custom users/password with expire date to their guests.

If is possible to track internet history which generated by specific guest will be cool. (I want to post ssh command like "track guest1" and i want output all web links which guest is visited)
I can catch with php the output from the command that I send.

I want to create/delete users and set expire date.
If there is a option to track history will be cool.
Everything with Ssh!
This users and passwords is for captive portal for the guest to have internet when is connected to ssid for the hotel or other type of my clients.

Please give me advice for devices and installation scenario.

Going up 20 floors by extending wireless to wireless is a bad idea.

Use an ethernet cable, should be able to reach the 20th floor w/o repeater or switch somewhere in the middle.

140+ rooms on one mesh network sounds like a super bad idea. You're going to need as many channels as you can get to get a good coverage of the whole volume of the hotel because neighboring APs should have their channel IDs as far away from each other as possible and you can't just alternate between two channels because AP1 and AP2 might not interfere with each other but AP1 and AP3 will. And that's only for the first floor. The second floor APs need to not interfere with the first floor APs and the third floor APs.

So basically there aren't any channels left to do any meaningful meshing with.

If you can't install new Ethernet cables then maybe MoCA is an option because usually every room has a TV connection. But that's going to be expensive and I've never tested MoCA, so I don't know if it's any better than meshing in this case.

Thank you!
What about other things in first post? Does open wrt supports ssh to create/delete/set date expiration for guests like users/passwords or codes for login in captive portal?
This is very important for me and in my case (for my project) .

Can you give me a link for better switch with 1gbps rj45 slots? I use dlink before and i dont have problems... But anyway, give me advice...

No clue about the ssh thing. We're doing sort of exactly what you want but are using an outside hotspot provider. Basically in our case we're the hotel and the outside hotspot provider is what you want to do. We've got a mini pc running linux from them that creates a tunnel to their servers and they identify devices by their MAC IDs and do the login, traffic and logout that way. Only thing we did was to set up the APs that separate the clients on the AP via the "Isolate Clients" option and within the network each AP has its own VLAN and we use asymmetrical VLAN to map all of them to the port the mini pc is connected to. That way all clients are isolated from each other across all APs.

So if you're searching for a good switch then get one that supports VLANs. OpenWrt supports VLANs too, so you can even setup an SSID "Hotspot" for the guests but also an SSID "staff" and have them on completely different networks without any cross talk but also without needing any additional hardware.

Great! Thank you, your replies is very important for me.

Now im waiting for some consultations with isp working guy how to setup some things.

The ssh thing is very important and i will waiting for someone to message here (developers maybe)

I can write every thing, I will have billing system too and some other good features.
But without this feature (ssh) we will be lost.

This one (captive portal and functionality that I want) is integrated but in devices, I want to capsulated from there in my php scripts which is uploaded in my hosting company. I have domain too.

Openwrt supports opennds captive portal,

You don't want one portal per device, but a central one.

For such a setup, you usually run just Ethernet cables to every AP, the APs are powered by PoE. One AP serves a few rooms, depending on the layout of the building. Hence you need one (or several) PoE switches, ideally with VLAN support.
A management system for the APs is beneficial, there are a few such systems being under development - OpenWISP is an example.

The client authentication should be centralized and independent of the APs. The AP firmware usually just provides the networking infrastructure (i.e. an open WiFi network), the rest is centralized (DHCP, DNS, authentication). For user (client) authentication, RADIUS could be used. This can be combined with a number of captive portals.

Many thanks!
I post a request for openNDS - https://github.com/openNDS/openNDS/issues/417

I will research more, but your posts is enough i think.
I have registration on other related sites but there is a quiet...

I cant wait to test everything on side. My web scripts will be ready for 4-5 weeks.

In the town has 120 hotels, but the biggest one is this one as in title.
The other ones is "complexes" with a lot apartament like buildings. They will be easy to be obtained i think.

Thanks again!

You're overthinking this...
What's your opinion, @bluewavenet?

Indeed I think @Pok4 is overthinking this but I don't want to pour cold water on his his business idea. He is perhaps somewhat naive. I will discuss openNDS with him in detail on Github.

The captive portal is the easy bit. Getting good WiFi to 149 rooms on 20 floors is not trivial and will depend strongly on the structure of the building. My experience would suggest a Starlink terminal on the roof and ethernet down the lift shaft would be a good starting point.....

hi,
20 floors 140+ rooms = 7+rooms per floor -> that's not the scale of "hacking some cheap APs and some scripts then go" category imho. and even less if you want to run business, and it is not a hostel students doing it for themselves.

one AP per floor will be not sufficient, the required number is depending on floor map, wall type etc. you need to build the wired Ethernet cabling to each AP. you need to provide power to each AP, so you probably would go per floor POE switch and backbone between floors. if you want good service you'd go with redundant devices (two switch per floor, two backbone networks, etc) with some onsite spare.

then you have to manage all these devices: need monitoring, provisioning, alerting.

then you have to make it secure:

• physically, you don't want a rouge guest to go and replace a device or connect something uncontrolled, which requires your AP, floor switches, backbone network physically not accessible to users,
• vulnerability point of view, all the software you use should be kept up to date, which requires effort and tools,
• isolating users from operations, you don't want users to be able to access network management interface, or disrupt management plane network,
• isolating users from each other, you don't want rouge user to tamper, intercept another user's traffic.

then you have to know your regulatory requirements: collecting users browsing history under GDPR scope might be not the best idea unless you want to gather explicit consent (and maybe even that's not enough at court).

Guys, im not doing this on my own.

This is the building. Sunny beach, Bulgaria, Hotel "Kuban"

I ask questions that will be important for me.

The city (its not a city actually) have 100+hotels.
In winter season they not work and there is not connection.
Some of them have free WiFi but there is not connection when you logged.
The isp here offer poor things. In Spain i get 1gbps link for 20 eur/month and here is 150 euro...
In Sunny beach in the snow season we have 6000 active people Who lives here. Ucranians and Russians also.
I want to provide better services for small amount of money.
Star link is not good i think because supports little actively users even with business Plan.
I need to Support Minimum 400 for this hotel.
I dont know I must try and if I fail i Will quit from this. I read a lot Last days and i learn some things about this things.
My english is not good, we speak Bulgarian here and we learn english in schools.
Actually im 25 years old.

Maybe isps here get a laaaarge amount of money from hotels for poor/bad service.
I want to try this what i have in mind.

At a minimum, I would mandate:

• wired backhaul to every floor, and ideally to every AP
• roaming, via same SSID at every AP
• Something like OpenWISP to make your admin life easier. Avoid SSH.
• PoE is asking for problems - avoid if possible
• go with dumb APs that just bridge to wired backhaul: (almost) same config on every device
• have a simple (docker capable) Synology NAS running docker, which runs grafana+prometheus
• install the prometheus* plugins on each AP

You need to figure out how many APs per m2 floor area. By the looks of things, at least 3-4 per floor.

If user login to WiFi via captive portal is a must, run a RADIUS (docker) image, and assign each user a unique VLAN. Lock network access to RADIUS approval for each AP MAC, to stop anyone sneaking in, or sneaky devices getting connected. APs which have a single port should minimize attack surface from such problems.

Don't track history - you're asking for GDPR hurt, or local privacy laws.

Devices or device types don't matter - OpenWISP will abstract to whatever hardware you have. Recommend the best AX devices available, where possible, to be future proof, and bandwidth distribution where possible.

1GB bandwidth to 120 rooms when they have full house is painful if everyone opens netflix....

Get a pro or sub-contractor to wire the APs and backhaul, unless you know what you're doing. They'll help you avoid RF interference, cross-talk from power cables, and you'll avoid problems with fire standards. They'll also provide clearly marked infra, and some nice cable diagrams.

Buy a few extra APs, because a few devices will likely die, and require replacing.

Hello, neighbour.
You should split up hardware planning, and software.
But you should first decide about QoS. It is a difference, whether you want to provide WiFi free of charge for the hotel guests, as a courtesy, OR as a payed service. In case, free of charge, you might limit the bandwidth for every user, i.e. to 2 MBit/s, which even allows low res youtube, but not so fine for Netflix, I guess. As a payed-for service, you will have to provide (much) more bandwidth. User "systemcrash" provided good info regarding the hardware, although it might be a bit "overpowered", depending upon quality of walls etc. OpenWISP I consider to be too bloated; may be, because I did several commercial hotspot systems in the past, starting with mikrotik, and then switching to openwrt, because much more flexible. Docker for RADIUS is not a good idea, use private VPS for it; might be be a good idea anyway, because of running backend of Captive Portal on it, too. And some statistics package. And management tools. And ...

@Pok4 I do not think OpenWISP is bloated and is infact designed to help you do what you need to do and give you a general dashboard to see how the network is doing, how many users are connected and so on, eg:

Screenshot from 2022-12-13 16-53-091280×902 106 KB

Screenshot from 2022-12-13 16-54-131737×1038 53.8 KB

It is even possible to write some extra scripts to integrate with your booking system to automatically generate and email WiFi credentials to users after they book (if you want to use captive portal), or generate premium accounts depending on the service they buy (eg: you could have different speeds), alternatively the simples solution is to use QoS as reinerotto says and just give different plain WPA passwords to different sections or floors.

Check out the OpenWISP demo, if you need help let me know and I'll gladly give you an introduction of the system.

Installing and configuring is the hardest part, I am not going to lie about that, as well as maintaining it over time, but our cloud solution aims to help people like you to avoid having to install and maintain it (at least initially when the budget is low and doesn't justify the effort) so if after looking at the demo system you think this could work for you just get in touch with me.

What's the legality of tracking sites the guests visit and can that be made right with the access portal conditions?

What will you do with that info I wonder anyway? Just curious.

Bulgaria is part of the EU and therefore you are to follow AVG / gdpr laws. Tracking customers is not allowed.

The GDPR laws is actually on paper global for EU citizens.

Presumably can still track one way or another even if just by putting in clause in the terms and conditions that nobody ever reads to gain access? Or for crime monitoring purposes. It seems hard to believe that zero tracking whatsoever even with express agreement in terms accepted is mandated.