08-27-2015 09:27 AM
First I am not a LAN administrator but I have some basic concepts understood. Would someone mind giving me a general direction on how to accomplish the following scenario?
- USG (out of the box settings) default DHCP 192.168.1.1/24
- Latest Unified Controller (Mac)
- Multiple UAP-Pro's
- Unmannaged switch
- One Wireless network "Staff wireless" that uses WPA Personal
- Add a guest network to all of my UAP-Pro's. Looking to support several hundered users to connect at once diveded across many APs.
- Prevent the Guest network from communicating to computers/devices on the Staff wireless network
Are the following steps correct or am I off the mark?
1. I will need to use VLAN tagging to introduce a new DHCP network. The switch will need to be replaced with something that supports VLAN tagging (not model specific though)
2. I will need to configure the USG to add a VLAN and change it's firewall to prevent communication between the default 192.168.1.1/24 staff network and the new VLAN for guests?
3. I will need to assign the new VLAN to the guest wireless network in the Unified Controller wireless settings?
4. I will need to tag the ports with the new VLAN on the switch that runs to the APs?
08-28-2015 12:57 AM
Yup, that is all correct.
There is a simpler way too though which does not require a VLAN aware switch or VLAN configuration.
You can create a second SSID in the UniFi controller and designate it as a Guest network, and then simply block access to the local subnet. In the example, I've disabled access to the 192.168.10.0/24 network on my guest SSID.
The VLAN setup is better, but this is simpler and requires no new hardware yet, so might be a useful interim measure.
Please help the community find useful posts and solutions by hitting the "Kudos" and "Accept as Solution" buttons!