Reply
Highlighted
New Member
Posts: 2
Registered: ‎10-17-2017
Accepted Solution

Guest Network Setup

Hi, we currently have two Toughswitch Pro PoE 8-port switches powering 11 Unifi AP-LR and one AP.  They are currently on a single address space.  Guest access is enabled and my company network address spaces are excluded from access.  What I would like to do, if possible, is separate the guest access completely and run that directly to two ports on our firewall (basically in an untrusted zone).  Can I do this via defining VLANs on the Toughswitch and APs?  For example, define my Guest network as VLAN 20 (I assume that I would need to tag that), say, and assign a port on the Toughswitch to that, then connect that directly to the untrusted/guest port on our firewall?  Would I need to tag my "main" network also?  The firewall would handle DHCP for the guests and they would have Internet access only.  I've been digging around on the forums but the advice seems a little unclear.  Any advice appreciated.


Accepted Solutions
Veteran Member
Posts: 4,140
Registered: ‎03-02-2015
Kudos: 754
Solutions: 180

Re: Guest Network Setup

[ Edited ]

Tag your guest SSID as VLAN 20 in UniFi and keep your default/management SSID with VLAN1 untagged (default) and assign a TS port where guests traffic is leaving/ connected to your router and get untagged again. Same for management traffic and a different port.
btw: probably you need to create a trunk between both TOUGHSwitches with VLAN 1 and 20.
or untagged and VLAN20. ( it's been a while i had a TOUGHSwitch here) ... but you mentioned that you want to connect them separately to your firewall, so never mind.

and also provide correct Network settings in UniFi for guests and company subnets.
e.g. isolation of wifi guests and guest multicast , access to other subnets etc.

UniFi forum is better for such questions

===================================================
We all work for KUDOs here.
Thx

View solution in original post


All Replies
Veteran Member
Posts: 4,140
Registered: ‎03-02-2015
Kudos: 754
Solutions: 180

Re: Guest Network Setup

[ Edited ]

Tag your guest SSID as VLAN 20 in UniFi and keep your default/management SSID with VLAN1 untagged (default) and assign a TS port where guests traffic is leaving/ connected to your router and get untagged again. Same for management traffic and a different port.
btw: probably you need to create a trunk between both TOUGHSwitches with VLAN 1 and 20.
or untagged and VLAN20. ( it's been a while i had a TOUGHSwitch here) ... but you mentioned that you want to connect them separately to your firewall, so never mind.

and also provide correct Network settings in UniFi for guests and company subnets.
e.g. isolation of wifi guests and guest multicast , access to other subnets etc.

UniFi forum is better for such questions

===================================================
We all work for KUDOs here.
Thx
New Member
Posts: 2
Registered: ‎10-17-2017

Re: Guest Network Setup

Hi Skipper - thanks very much; I've pretty much got it nailed now.  You're probably right about asking in the Unifi forum, but I've got my VLAN up and running, DHCP working on it from our firewall and so forth.  Next step will be sorting the settings on the Unifi controller, and then we should be golden!  Thanks again for your help.

Reply