Professional Documents
Culture Documents
1.1 Preface
Because of the introduction of a new LAN standard by the Accor Group in 2018, the document
briefly outlines the essence of the standard in terms of providing the Internet access service for hotel
guests and offers options for arrangement of this service.
Thе document does not replace the networking standard and structured cabling standard
(CSA). In case of discrepancies between the information presented in this document and the
requirements of the above standards, data from the standards should be used.
Prior to the introduction of the current networking standard, it was assumed that the
networking infrastructure of hotels has two network segments:
• Administrative segment - for the operation of systems related to PMS, the management
system for restaurants and bars, the accounting system and other supplemented services which
the guest directly does not interact with.
• Guest segment - to serve the needs of guests - Internet corner, WiFi, wired Internet in
rooms, TV broadcasting system, equipment in conference areas and so on.
The current networking standard does not imply the division of the Local Area Network (LAN)
into physical segments, but the division at the logical level must be performed, which allows using
the guest segment for the needs of the staff, subject to certain conditions.
In the case of arranging in the hotel a service with network interaction between the guest
segment and the administrative segment such as "WiFi-Staff" service (see below), it is supposed
that in this case the entire Internet access infrastructure for guests (that is the whole "guest
segment") is subject to full compliance with the PCI DSS standard for administration and provision
of services. Other words WIFI provider must be PCI DSS compliant as a network services provider.
It is recommended that
connection of the hotel to the Internet
should use two Internet service providers
(ISP1 and ISP2) which can work both in
the "active-active" mode with load
balancing and in the "active-standby"
mode. The whole Internet traffic of the hotel passes through the cluster of ForcePoint firewalls. These
firewalls let the whole guest traffic pass through them using IDS / IPS system, and also provide
access for administration and monitoring of guest services, for example, the equipment for the guest
Internet.
Each hotel floor has switching centers (FSCs - floor switching centres) with access-layer switches to
connect Wi-Fi access points, as well as Ethernet sockets of the rooms, if required by the brand
standard. Room services of the hotel can also be connected to these switches (for example, IP DECT
base stations, etc.). The switches may be integrated into one stack within the same switching center.
Its accepted to forward guest network traffic directly using ISP equipment, however link between
authorization system and PMS must be done only using firewall’s routing.
AccorHotels strongly recommends to have two Internet service providers, however, the hotel
has the right to take the risk of using the services from a single provider.
fiber-optic cable entry to the hotel building (to the central server room of the hotel);
Gigabit converter to the twisted pair (the hotel receives the final service via twisted
pair);
Subnetwork / 28 public IPv4 addresses (the hotel must have 14 IP addresses);
Service Level Agreement (SLA) shall specify QoS of at least 99.85%.
The minimum speed of the Internet channel for guest rooms is calculated using the following formula:
For example, for the IBIS hotel with 180 rooms, the minimum channel throughput for guest rooms is
108 Mbps.
If there are conference halls and banquet areas in the hotel, additional channel throughput of at least
4 Mbps per every 100 sq. meters of such area is required.
The number and location of access points should be chosen based on 100% coverage of the
hotel area (with the required signal level), including utility and office rooms, parking, etc.
Access points should be hidden in special niches (for example, behind the ceiling) with
unobstructed access to them, if necessary.
An access point location shall be equipped with Ethernet socket and connected to the socket
by a patch cord of the minimum length.
For more information, see Wireless Network Design Requirements section (section 4 of this
Guide).
The equipment of the central server room shall be located in the locked server rack separately
from the rest of the equipment. The equipment consists of at least a core switch, a router, and
wireless LAN controller(s) and AAA server, if needed.
Development of a solution for wireless access to the network (Wi-Fi) shall be carried out in 2
steps.
At the first step, network coverage areas are modeled based on architectural drawings.
During the modeling, the following coverage requirements should be applied throughout the hotel
premises (including parking area):
Each commercial offer should include an annex with a report on the Wi-Fi network coverage
modeling for 2.4 GHz and 5 GHz. The report should show the locations of access points and signal
coverage map (see Annex 2).
Project plan, which includes a complete list of equipment planned for use and network layout, is
subject to approval by the project manager.
When all the partitions and doors are installed, the project model should be reviewed according to
the results of selective in-place signal measurements.
The following software tools are allowed for radio signal measurements:
The system integrator shall provide, if requested, the information on the software licenses. Use of
demonstration or illegal copies of the software is not allowed.
Regardless of the results of radio signal measurements, network planning should take into account
the following minimum number of access points per room, depending on the hotel category:
Ruckus
HPe Aruba
Other vendors to be agreed by the project manager.
Regardless of the vendor selected, the wireless access point equipment shall:
Access points for outdoor use shall be compatible with IP67 standard and shall operate in the
temperature range from -45 to +65 C°.
The project should provide for the delivery of at least 5% access points as spare units.
HPe Aruba
Cisco
Other vendors to be agreed by the project manager.
Regardless of the vendor selected, the wired data network equipment shall meet the following
requirements:
The router shall have at least two GigabitEthernet ports, support basic routing protocols such
as RIP, STP, NAT, be able to act as DHCP and DNS servers; support switching networks with VLANs
and 802.11q standard, MAC address filtering, broadcast storm control; support of safety functions
such as system management using Secure Shell (SSH) protocol, port forwarding, Access Control
Llists (ACLs), DES / GOST hardware encryption; quality of service and traffic prioritization (QoS)
functions at least in the form of setting maximum Rx / Tx speed to the logical port. The router should
also be chosen based on its maximum channel throughput (see List of general requirements for
ISPs).
In addition to the above requirements, wired data network equipment shall meet the
requirements of the CSA standard.
When configuring wireless Internet access service, at least the following requirements should
be taken into account.
The speed of network access per device shall have the upper limit and be at least:
In all hotel areas, a network with a SSID similar to the hotel brand name in the uppercase
(for example, IBIS, MERCURE, NOVOTEL) shall be broadcasted in both frequency bands openly.
For combo hotels, it is necessary to provide an appropriate number of SSIDs.
General VLAN configuration and IP addressing:
1) VLAN IDs 102 and 103, and 192.168.46.0/24 address should not be used, because they
are used only for WiFi-Staff service.
2) Router interface for the organization of the address translation service to the Internet shall
be configured as follows (there are configurations for three combo hotels):
Hotel 1: VLAN 117; tagging; IP address 192.168.53.1; network mask / 24; gateway
192.168.53.254
Hotel 2: VLAN 217; tagging; IP address 192.168.153.1; network mask / 24; gateway
192.168.153.254
Hotel 3: VLAN 317; tagging; IP address 192.168.211.1; network mask / 24; gateway
192.168.211.254.
The router organizes NAT on the IP address assigned to it in the network and forwards it to
the 192.168.x.254 address assigned to the ForcePoint cluster.
3) Provide a dedicated VLAN (ID> 800, subnet mask / 24, any addressing in subnet
10.0.0.0/8) to control the equipment. The administrator interface shall be accessible only from this
VLAN. This VLAN shall be available through one of the ports of the guest segment root router (the
copper wire port with the last number is selected).
4) WiFi network with the hotel brand name shall have VLAN ID> 800, subnet mask / 22, any
addressing in the subnet 10.0.0.0/8, DHCP server in the guest segment router, the ISP's DNS
servers, Google public DNS and / or internal DNS server of the hotel. This VLAN shall have client
isolation function (a client will see only itself and a default gateway in the network). It is mandatory
to implement the seamless roaming functionality for clients without the need to reconnect to the
network manually or authorize.
5) For each conference hall, a WiFi network with a separate SSID, corresponding to the hotel
brand name and a hall name, shall be configured using English uppercase (for example,
PULLMAN_CAMELIA) with VLAN ID> 800, subnet mask / 22, any addressing in the subnet
10.0.0.0/8, dedicated external IP address, DHCP server in the guest segment router, ISP's DNS
servers, Google public DNS or the internal DNS server of the hotel.
6) The start page for any user (that is, the page that is opened by default in the browser, if
the hotel does not use authorization, or the page opened immediately after successful authorization,
should be webpage https://wifihotel.accorhotels.com/<RIDCode>/. The start page address is unique
for each hotel, where <RIDCode> is the unique code of the hotel. This code can be obtained from
AccorHotels does not allow blocking of any Internet services, unless it is expressly prohibited
by the laws of the host country. For example, it is not allowed to block services such as VPN,
streaming video, p2p networks.
Service company should equip the infrastructure with a monitoring and control system.
Zabbix;
Nagios.
Service company should ensure a 24/7 control for the operation of entire network equipment,
including at least the following load parameters: number of connected devices, number of sessions,
and Internet channel utilization. In case of changes in the standard operation mode of the equipment,
it should inform the IT service of the hotel and IT department of the managing company about
potential points of failure.
Service company shall have at least one standby unit available in-place for each type of the
floor equipment.
Service company shall have enough on-the-shelf equipment for the central segment and be
able to start its deployment as soon as possible in case of failure of the primary equipment.
Each hotel shall by itself and according to the applicable law decide whether the quest
authorization service is required. Should the service be decided to arrange, each hotel have to
implement this functionality according to the following mandatory requirements.
Minimum requirements:
Unified graphic and text design of the authorization portal according to the current
brand standards with a possibility of its update, if required. Accor can provide all initial texts and
graphics through the project manager (see an example of the current graphical design in Annex
3.)
Implementation of the authorization interface at least in two languages: English and
an official language of the host country. In case of several official languages, text options of the
authorization portal shall be provided in all official languages. It is advisable that automatic
language definition support be provided using the locale of the user device.
Adequate support for the operation of mobile devices;
Hotel guests shall enjoy an option for the authorization by entering their room number
and name as authorization data;
All guests (including hotel visitors) shall enjoy an option to authorize via SMS or
voucher provided at the hotel reception desk;
Device authorization shall be valid for at least 24 hours;
One set of authorization data shall be able to authorize at least three devices;
Support for interface tunneling and access encapsulation.
In any case authorization system must be aligned with local regulations of the country hotel’s
located.
For Russia, Ukraine, Georgia, CIS companies Connectum, Beeline, Hoist, PWV can provide
WIFI as a service. For Israel recommended suppliers are Hoist and Swisscom, for Turkey
Intertouch and GuestTek.
Paid internet access (i.e. premium package) could be provided only for Upscale segments,
for Midscale this should be approved by Operation Director, for Eco hotels this option should
unavailable.
For ECO hotel with no more than 200 rooms, the following equipment is recommended:
1) Ruckus R310 or Aruba AP-303 access points for guest floors and all areas, excluding
conference halls and banquet rooms
2) Ruckus R510 or Aruba AP-345 access points for conference halls and banquet rooms
3) ZoneDirector 1250 / 3000 / SmartZone 100 or Aruba 7030 controller with mandatory vendor
support
4) HP 2530 access layer switches
5) HP 5406 core switch with two power supply units in the set
6) Cisco ISR 4331 router or similar with SmartNet support.
For MID and LUX hotels with no more than 200 rooms, the following equipment is
recommended:
1) Ruckus R510 or Aruba AP-305 access points for guest floors and all areas, excluding
conference halls and banquet rooms
2) Ruckus R710 or Aruba AP-345 access points for conference halls and banquet rooms
3) ZoneDirector 3000 / SmartZone 100 or Aruba 7030 controller with mandatory support
4) HP 2530 access layer switches
5) HP 5406 core switch with two power supply units in the set
6) Cisco 4351 router or similar with SmartNet support.
For hotels with more than 200 rooms, two controllers in a cluster are recommended as well
as two routers or SmartNet support with Next Business Day (NBD) service.
The radio signal measuring report shall include at least the following:
2) Superimposed signal coverage for 2,4 and 5 GHz with signal strength indication:
Online example could be found at https://accor.wifirst.net/. Sources (graphics, fonts, scripts, etc)
could be requested from IT coordinator (for existing hotels all sources availables on the internal FTP
server at ftp://s-eu-mow01nws02/Other/WIFI%20Auth%20Page/).
To make sure the network is designed according to the standards, at least the following should be
checked:
1) Recommended equipment vendor (HPe Aruba/Ruckus) is selected, the equipment meets the
standard (supports 802.11ac, operates in both frequency ranges)
2) Radio planning is performed based on the required signal strength (attenuation is not below
-65 dB at 5 Ghz)
3) Speed of the Internet channel provided by ISP(s) is sufficient and not below the
recommended one:
4) After installation of the partitions and doors, the project of signal measurements is reviewed
5) WiFi equipment project includes necessary spare units (at least 5% of the total number of
WiFi access points), or a contract with a service company is already signed for a local stock
of spare units
6) Before the infrastructure is ready for commissioning, the following is required:
А) get a final project of radio signal measurements
B) verify correctness of WiFi network names (name of the brand in the uppercase)
C) verify correctness of design and operation of the authorization page (if available)
D) make sure that WIFIHotel portal, which is unique for each hotel, is a default page after
connection and authorization (if available, address https://wifihotel.accorhotels.com/);)
E) make sure that WiFi connection speed is not less than the brand-recommended (check
any 2 or 3 hotel points):
This is mandatory for the new openings that WIFI will be supported, recommended suppliers
are Connectum, Beeline, Hoist, PWV, GuestTek, Intertouch, Swisscom.