In a classic hotel Wi-Fi network, all user devices (visitors or guests) are usually connected to the same VLAN (Virtual Private Network). In order to preserve the confidentiality, security and anonymity of the users, it is then necessary to isolate the devices from each other so that they cannot communicate directly. This is the role of the "Client Isolation" function available on most access points. Communication from the devices to the Internet is managed by a centralized access controller. This access controller is located in the LMS for our solution.
The disadvantage of this architecture appears when you want to make other devices such as Apple TVs, Chromecast keys or other connected objects accessible to users' devices. Since they cannot be on the same VLAN due to isolation (Client Isolation), it is necessary to connect them to another VLAN. To prevent all devices from connecting at the same time, it is necessary to manage the allocation of the connected objects and to authenticate the user devices. This allocation and authentication is managed by the LMS, but is a bottleneck.
The PAN, or "Private Area Network", allows access points to create several VLANs on the Wi-Fi network (one per room or one per guest), so that all the devices in the guest or room can communicate with each other but are always isolated from the devices of other users. The advantage of this architecture is the possibility to connect devices such as Apple TV, Chromecast keys or connected objects directly to the same "PAN". The devices of the PAN users can communicate directly with the latter without authentication and without allocation management, in the same way as in a domestic use. PANs can be seen as bubbles in which all devices (personal or hotel owned) associated with a room or guest are connected. In this architecture, access control to the Internet is no longer centralized but is distributed among the access points.