Free internet to hotel guests - design help needed - please shoot !! 3

[Sophoman]

Greetings forum,

I want to create a free internet service for a very small hotel by sharing a DSL-line over ethernet and an nice new-made CAT5e distribution system in the hotel. Feel free to shoot at it with tips & advice. I need specific help to choose the right equipment for the job, Cisco preferred if the budget lets me.

Scenerio:
16 guestrooms
3 hotel admin PC's
2 conference rooms

I want to use a 24 port 10/100 VLAN switch (2950) to give all guestrooms their own VLAN to seperate them at layer-2 from the hotel admin. Probably the conference rooms could be equipped with wireless access points.

I would like to create a structure as simple as possible (I hope) with security measures in mind. I need a DHCP service as well with laptops of the guests and would like a router behind the DSL-modem to perform that.

The idea is to connect the switch with 1 of the 2 100 Mb uplinks to the router and the router will be hooked in the DSL-modem

My questions are :
1. Is there a sort of blueprint to make a model like this ?
2. Is it necessary to trunk the uplink to the router ?
(interVLAN is not neccessary yet)
3. Which router is suitable for this scenerio ?
(DHCP, firewall)
4. Does the router have to be configured with subint's, isl routing, subnets to use acl's for this scenerio ?
4. How can I configure DHCP to perform a nice job referring to the different VLAN's ?

Please shoot & thanks in advance
Sophoman

 

[jimmyzz]

Sophoman,
To answer your questions:
1. Your design follows the standard blueprint, ie Internet connection -> Internet router/FW -> Internal Network. You just have a few additional "requirements".
2. If you VLAN your switch, then the router interface to the switch needs to carry the VLAN information via trunking.
3. Your router can act as both DHCP server and FW. You'll need the appropriate IOS. A cisco 2651 should do the trick.
4. This relates to Q2, so yes your router needs sub-interfaces into each VLAN. You can use 802.1Q as ISL is not supported on all cisco routers and switches. Your ACLs will form part of your security/FW strategy.
5. If you are going to have different VLANs as a "security" requirement within the internal hotel LAN, then each VLAN should have it's own separate IP subnetwork. That means you'll have to create a DHCP scope for each VLAN. Not sure if this is possible on a single cisco router. You could do this on an Windows server, but the server would need a NIC in each VLAN. A little overkill really for the sake security within the Hotel LAN environment, but if its a requirement then you'll have to outlay for the infrastructure.

Some other points.. If you are not going to use a Proxy server, then you'll need to have to allocate a public address to each client, or NAT them to a public address to internet access.

JimmyZ

 

[webnetwiz]

You can definitely do it with a 2950 and a cisco router, a 2651 or a 2621XM should do. Here's what you do:

A. Create VLANs on the 2950 (the 2950 only supports 802.1Q)
B. Run a trunk to the router, so that it can route between the VLANs
C. The VLANs should have different subnets.
D. Create an Admin VLAN, where you would place your Windows DHCP and possibly internal DNS server (could be the same box)
E. Use IP Helper on the Hotel Guest VLAN to point to the DHCP server on the Admin VLAN, that way you don't need a multi-homed DHCP server.
F. Use Access Lists on the router to secure inter-vlan communications, and you're set.

 

[jimmyzz]

webnetwiz,
Will the cisco router be able to have multiple DHCP scopes, ie. one for each VLAN. Without a multihome DHCP server, how does each VLAN get assigned a seperate DHCP address range? Thats what I was unsure off.

JimmyZ

 

[webnetwiz]

That where IP Helper comes in. Since you have to give every VLAN interface an IP address to make a Layer 3 interface (although virtual), the router takes a look at where the DHCPREQ packet came from. You have to create scopes on the DHCP server to correspond to the different subnets. The DHCP server than gives the IP address that corresponds with the network that the packet came from. I've set this up before, it works like a charm. the only thing is that if this is a MS Windows domain, you'll need to make sure that you' not forwarding netbios datagrams.

 

[Sophoman]

Thank you Jimmyzz & Webnetwiz for your responses to help me out on this "router on a stick" model.

The reason I wanted to help out the owner was that there were some people around him that said it is "easy". After recently studying and passing CCNA I suggested to make a more reliable and secure model. Just achieving connectivity won't do it in my opinion.

The CCNA study is great and lots of pieces fall in its place (telecom background) and gaining practical knowledge is the next step. I am not too proud to ask for it <g>.

Thank you guys
You deserve your stars

 

[IllegalOperation]

It all depends on how much money you are willing to spend. I noticed that a lot of people giving out advice here tend to throw money around like it was their birthday. I can probably help you because a)Ive done scenarios like this before, b)I am used to working on a budget of almost $0.

If you want something that is cost effective, and will give you a quick return on revenue, there are many simple solutions out there.

The problem isnt the logical configuration, as something can always be worked out with Cisco. The problem will be your choice of physical distribution. You want to wire up the entire hotel with CAT V UTP? That is obviously fine if the cable is already there, but most of the time it isnt. Furthermore, your only limited to 328 feet, which could cause havoc to a hotel style complex.

My suggestion, if you are looking for a cost effective solution, is to use pre-existing cable in the complex. What is already in a hotel that you can take advantage of, you may ask? Phone lines. There are plenty of different HPNA style equipment out there to suit your needs for this specific scenario. A popular choice that I recommend is a company called TUT Systems, although they tend to be a tad bit pricy. If your looking for something less expensive, I personally use a company called Netronix. They offer a 16 port, managed HPNA switch for around $600. Now if you want every suite &quot;ready to go&quot;, you could stack these switches in a chasis they have. This switch will handle everything from VLAN configuration to bandwidth throttling. A nice feature this product has (that was specifically designed for hotels) is a new hotel guest can open up his web browser for the first time - and it will ask him which package he would like to purchase, as he will be automatically redirected to a predetermined site. You can charge a customer by the amount of time he uses the internet, or by the amount of bandwidth he wants, among other options. The CPE device he plugs into would be a simple &quot;two pair - ethernet&quot; media converter/adapter, that runs around $40.

Now if your only using a DSL line for your transport, a 1721 could do the trick (I guess depending on how many users there will be), if you want to stick with the concept of this solution. Hell, a company like SBC will give you a free router and 6 IPs with their business package. That could probably even work. So basically with this solution, your potential initial investment (if you only anticipate 16 users at a time) could only be around $600 plus around $40 per user, and the price of the DSL line. No wiring costs, and hardly any construction time (you can set it up end to end in less than a day). That investment can be made up in a matter of a month or two. Not too shabby. Of course, I would recommend some sort of UPS system if this hotel doesnt have one for you to use.

Now if you want to take advantage of a hotel's CATV plant (CATV as in CABLE TV), I am your man. Cisco offers an excellent product line for this solution, called the uBR series. The best thing that I like with Cisco's uBRs (that most competitors dont have), is that their CMTS system COMES WITH a digital upconverter. The other nice thing is that you can use the CMTS as a DIA router also (you most likely would need to purchase a seperate router if you went with a different company). I can get into greater details, but I do not know if you are considering to use ethernet over coax.

Of course, I am wasting my breath if this hotel is prewired with CAT V. If not, then I strongly recommend other solutions of distribution - like the ones I just suggested. Ive been quoted as high as $30,000 by contractors to have CAT V ran throughout complexes before.

 

[IllegalOperation]

Sorry, I need to follow up on a few things....

I just noticed that you said your hotel has 16 guestrooms. Looks like I was right on target with my 16 port switch, eh? Of course, something would be needed with your other five connections. As far as simplicity, the HPNA solution is as easy as it gets, from design to support. The solution itself even handles a form of AAA for you, including billing. Customers can pay right then and there with a credit card if you want to take it that far. I believe you would need to purchase a software package from the company, and set up a server. That &quot;centralized&quot; server can have everything from RADIUS, to billing/accounting, to SNMP management.


Regarding the ethernet over coax solution, you would obviously need to have the hotel own the cable system....unless perhaps the cable company is willing to let you use it (which wont happen unless perhaps the company is a small, privately owned company). Whatever the case, you would need permission to use the cable. The FCC is very strict.

 

[Sophoman]

IllegalOperation,

Thank you for your time to respond. I also like the cost effective approach very much for being a Dutchie <g>. I believe in making a design that suits the company. I don't know much people who do groceries in a Rolls Royce.

Let me tell something about the hotel :
- The hotel is an old spanish colonial building located on a hotspot in Old San Juan (Puerto Rico) and is being renovated into a hotel without any existing wiring.
- No room will be the same and tubes/boxes are already prepared in the plaster work, also done by some Dutchies !!
- I had the opportunity to make 2 brand new physical cabling networks with 2xCAT5e + 1xRG6 per room which I think will give us some flexibility and fortunately I had the skills to do it.
- The cable routes will not be accessible later so we made enough drops in the entire building, this is the best time to do it being under construction.
- In this scenerio we can provide a phone, a TV and an internet connection in each room on seperate outlets. I like UTP because we can be flexible with the CAT5e outlets being used for either voice or data.
- We now have 2 seperate wiring closets for CAT5e and CATV.
- Total wiring costs : $8500,= for 72 CAT5e drops and 20 RG6 drops. Longest drop is about 55 mtrs (165 ft).

Unfortunately Puerto Rico doesn't have all the benefits you might have being on US mainland when to choose a good provider, so we stick with the national telco Puerto Rico Telephone Company (Verizon) for our DSL connection.

The free internet service is a nice slogan for the hotel and doesn't want to bill seperate for the internet service. There might be added a small amount in the room price and avoid the internet billing software.

The thing I want to achieve is to make a flexible infrastructure so many proven technologies can be used. And last but not least : We want to purchase the active equipment smart to protect the investment for future changes/possibilities.

Thanks again
Sophoman

 

[cimeron]

IllegalOperation

I was intrigued by this HPNA switch you had quoted in your post. So I looked up the Netronix site and was curious of a few things. I too am looking to hook up Internet for a friend's small motel and was wondering about this 16-port switch. Do you know where I can get it here in the US? Seems like a Taiwanese co. and I don't see a link to a distributor in the US. Which is the exact model number on their site? Also is there a differnce between HPNA and VDSL?? I would assume from your second post that a RADIUS/AAA/whatever you want for billing server would be necessary if you would want a setup where you would like to charge people by time connected. Do you know of any of these software products off hand? Thanks for any help.