Reply
New Member
Posts: 23
Registered: ‎08-21-2017
Kudos: 3
Solutions: 1

Setting up networks/vlans: How am I doing?

I am setting up a UniFi network for a church which has about 500-700 people on Sunday morning over two services.  The network consists of a USG-Pro-4 connected to a UniFi 24 POE-250W in each of 4 buildings (Sanctuary, Children, Youth, Offices [all close together]).  Access Points are UAP-AC-Pros (about three in each location).  I am trying to separate the networks out for security/organization, and the following is what I have so far:

 

Networks Example.PNG

 

I have not run any new cable yet, as the cable has just arrived, so I am kind of working in theory at this point.  Is this how I should have this set up?  I plan to set the appropriate ports to the appropriate vlans on the switches of course.

 

A question I do have as well:  If I have a printer on the Data network, but I want guests to be able to print to that printer, how do I go about allowing the guest network (with all guest restrictions), to print to that printer on the different subnet?  Again, I am working theoretically at this point, so I cannot test it, but I am under the impression that Enabling Mulitcast DNS will allow this jump to occur.  Am I correct in that assumption?

 

Another question: I get about 450down/20up, and I have the guest network throttled at 2down/1up.  Is this fair?

 

Below is how I have the associated wireless networks configured:

 

Wireless Network Example.PNG

 

 

The Administrator group is a non broadcast network that I am using right now for connecting to the network for testing purposes.

 

Any and all constructive criticism/suggestions/questions welcome!

New Member
Posts: 23
Registered: ‎08-21-2017
Kudos: 3
Solutions: 1

Re: Setting up networks/vlans: How am I doing?

Could I get some criticism, positive or negative?  Am I on the right track?

Regular Member
Posts: 394
Registered: ‎08-07-2016
Kudos: 201
Solutions: 27

Re: Setting up networks/vlans: How am I doing?

[ Edited ]

Note: All those “corporate” type networks will be able to talk to each other by default. If that is not the intention you will have to put up firewall rules.

Ironically, guest is too strong the other way. You’ll be working against the grain to punch a hole for that printer. Not only punching a hole in the firewall rules but also isolation policies. Give it a go and know that at worst you make it type corporate and firewall around it while keeping the printer open.

I can’t get the picture out of my head of a congregation member printing stuff from the pews during a particularly boring sermon.

Emerging Member
Posts: 292
Registered: ‎09-23-2018
Kudos: 34
Solutions: 14

Re: Setting up networks/vlans: How am I doing?

You can add printer access to your guest by adding it to your Pre-Authorized devices in your GUEST CONTROLS

 

image.png

Emerging Member
Posts: 292
Registered: ‎09-23-2018
Kudos: 34
Solutions: 14

Re: Setting up networks/vlans: How am I doing?

In regards to the guest speeds, that's entirely up to you. 2MB/1MB sounds fair to me for casual browsing. If you want users to be able to watch videos in at least 720p, then 5MB should be fine (based on the Netflix recommendation)

New Member
Posts: 23
Registered: ‎08-21-2017
Kudos: 3
Solutions: 1

Re: Setting up networks/vlans: How am I doing?


@jsookram wrote:

You can add printer access to your guest by adding it to your Pre-Authorized devices in your GUEST CONTROLS

 

image.png


Ah, thank you for this.  This is very helpful!

New Member
Posts: 23
Registered: ‎08-21-2017
Kudos: 3
Solutions: 1

Re: Setting up networks/vlans: How am I doing?


@dlow wrote:

Note: All those “corporate” type networks will be able to talk to each other by default. If that is not the intention you will have to put up firewall rules.

Ironically, guest is too strong the other way. You’ll be working against the grain to punch a hole for that printer. Not only punching a hole in the firewall rules but also isolation policies. Give it a go and know that at worst you make it type corporate and firewall around it while keeping the printer open.


Could you give me an example of how you would set the firewall rule for a corporate network as you suggest?

 


@dlow wrote:

I can’t get the picture out of my head of a congregation member printing stuff from the pews during a particularly boring sermon.


Lol, I'm sure people do worse!  The printing is actually for people who work in the children's building.  Apparently, they print things for children to do from their phones sometimes, so they would need access, and I prefer not to give them the staff information.

New Member
Posts: 23
Registered: ‎08-21-2017
Kudos: 3
Solutions: 1

Re: Setting up networks/vlans: How am I doing?


@jsookram wrote:

In regards to the guest speeds, that's entirely up to you. 2MB/1MB sounds fair to me for casual browsing. If you want users to be able to watch videos in at least 720p, then 5MB should be fine (based on the Netflix recommendation)


I was wavering between 2-5, so I may change it to 5.  I wish there was a way to delineate a certain percentage of the overall bandwidth to a the guest network as apposed to a set per user limit.

Emerging Member
Posts: 292
Registered: ‎09-23-2018
Kudos: 34
Solutions: 14

Re: Setting up networks/vlans: How am I doing?


@joebturner wrote:

Could you give me an example of how you would set the firewall rule for a corporate network as you suggest?

 

 https://help.ubnt.com/hc/en-us/articles/115010254227-UniFi-USG-Firewall-How-to-Disable-InterVLAN-Rou...

 

check out this link to see how to set up rules to allow/block between vlans

New Member
Posts: 23
Registered: ‎08-21-2017
Kudos: 3
Solutions: 1

Re: Setting up networks/vlans: How am I doing?


@jsookram wrote:

@joebturner wrote:

Could you give me an example of how you would set the firewall rule for a corporate network as you suggest?

 

 https://help.ubnt.com/hc/en-us/articles/115010254227-UniFi-USG-Firewall-How-to-Disable-InterVLAN-Rou...

 

check out this link to see how to set up rules to allow/block between vlans


Very helpful.  Thank you!

Reply