Any ideas for a NON-CWP hotel guest authentication?

  • 1
  • Question
  • Updated 5 years ago
  • Answered
Hi guys,

Recently I came across to a hotel trying to sell them Aerohive. They use another WiFi solution and basically the hotel IT administrators are totally done with their captive portal authentication, I mean they don't want an open SSID for their users to connect to the network, but captive portal represents a lot of work to do in asking the customers to open a web browser just for them to gain access to the wireless network.

They are done with CWP because most of the users come to help desk asking why they cannot get access to whatsapp, Facebook ,etc. but most of the times they actually hadn't passed through the CWP authentication process.

So, basically the administrators asked me if there was a way to force devices to open a web browser automatically (just like apple devices) in order to make the users pass through the CWP auth process.

I know that would be very difficult to make, so I thought probably a change in authentication might be the solution. However, I would like to ask you if you've came across with something similar and how you managed to deal with it.

Any ideas of an authentication scheme that could fit this?
Photo of Erick Muller

Erick Muller

  • 35 Posts
  • 8 Reply Likes

Posted 5 years ago

  • 1
Photo of Crowdie

Crowdie, Champ

  • 972 Posts
  • 272 Reply Likes
I am never a fan of open authentication WLANs as thery are susceptible to man in the middle attacks. It amazes me how often I come across open authentication based guest WLANs that aren't protected by a WIPS - normally to save cost.

If the hotel staff have some technical ability then you could utilise a reoccurring Private PSK solution for guests. Otherwise, the ID Manager solution would give the hotel a more graphical interface for guest management. Again, I would utilise the Private PSK authentication method. If required, ID Manager could be run in kiosk mode on a low powered laptop or Desktop PC as it only requires web browsing functionality.

Utilising automatically generated PPSKs is covered in the post http://community.aerohive.com/aerohiv....

The terms and conditions can be printed, along with the SSID and PPSK, and given to the guests as part of the guest account creation process.

I have found that Captive Portals work OK with newer equipment but have issues with older equipment. For example, in my country the telcos are still "giving away" Andriod 2.x based mobile phones with pre-pay accounts. These phones are known to have huge issues with Captive Portals.
Photo of Erick Muller

Erick Muller

  • 35 Posts
  • 8 Reply Likes
I definitely like de ID Manager kiosk idea it will save a lot of time for guests and managers, I will propose that option
Photo of Sarah Banks

Sarah Banks

  • 75 Posts
  • 4 Reply Likes
Part of the problem that hotels (or anyone deploying Guest wifi) would have is that browsers and operating system behaviour varies. Indeed, what the hotel is asking for, where the users are forced through the CWP, such that their internet connection is then "opened" and the user can make it onto the Internet, is a common request. This request is difficult, in that the responsibility of opening the Internet connection rests on the end device; no Access Point or router can force the device to do that. I hear your pain, Erick!

ID Manager can solve this problem differently; consider, for example, one of the core use cases for ID Manager. A lobby ambassador can use ID Manager to generate a key for a guest; when the guest connects to the SSID, they enter the key, and voila, they're on the network. Once on the network, no need for a CWP if you don't want it - their Internet connection is "open" and on they go.

Finally, as Crowdie points out, PPSK is a unique advantage, in that each guest would receive a specific private PSK, enabling the timing out or disabling of a PPSK per individual; unlike PSK, which if disabled, would disable all users connected with that key, a PPSK per user allows you (as the operator of the wifi network) to assign granular control over the use of that key.

Please let us know how it goes!