Reply
New Member
Posts: 1
Registered: ‎01-04-2018
Accepted Solution

Guest Access Restrictions

I just set up an AC PRO and enabled a guest network.  I'd like for it to block guest access to other items on the LAN (like the NAS), and allow only internet access.  I configured the guest network to Apply Guest Policies and did NOT check Enable Guest Portal (since I do not have UniFi Controller running all of the time).  Now when I test the set-up by using a device on the guest wi-fi network, I can still access everything else on the LAN.

 

My set-up is Verizon FIOS modem -> TP-Link router (with wi-fi turned off) -> AC PRO.

 

Am I missing something?

 

Thanks for any assistance!

-Will


Accepted Solutions
Regular Member
Posts: 464
Registered: ‎11-30-2016
Kudos: 217
Solutions: 27

Re: Guest Access Restrictions

The guest policies on the APs only isolates the wireless clients from each other. Once the packet is passed to the wired side the TP-Link router will forward it to its destination - locally or on the Internet.

 

To achieve what you want you would need an UniFi Security Gateway. With an USG you can create a guest virtual network with its own IP address space. When you assign that VLAN ID to the guest wireless network, all those packets are passed to the guest VLAN. The firewall rules in the USG will only allow those packets out to the Internet.

If I helped you, please don't clutter the forum with a Thank You post. Give Kudos or Mark as a Solution instead. I'll appreciate it.

View solution in original post


All Replies
Regular Member
Posts: 464
Registered: ‎11-30-2016
Kudos: 217
Solutions: 27

Re: Guest Access Restrictions

The guest policies on the APs only isolates the wireless clients from each other. Once the packet is passed to the wired side the TP-Link router will forward it to its destination - locally or on the Internet.

 

To achieve what you want you would need an UniFi Security Gateway. With an USG you can create a guest virtual network with its own IP address space. When you assign that VLAN ID to the guest wireless network, all those packets are passed to the guest VLAN. The firewall rules in the USG will only allow those packets out to the Internet.

If I helped you, please don't clutter the forum with a Thank You post. Give Kudos or Mark as a Solution instead. I'll appreciate it.
New Member
Posts: 1
Registered: ‎12-06-2017
Kudos: 1

Re: Guest Access Restrictions

[ Edited ]

I'll mention this in case it helps any other Unifi newbies ...

 

I ran into a very simple problem that seems obvious in hindsight, but it stymied me for an hour:  after turning on the guest restrictions, you need to restart the APs for the restrictions to work.  Before the restart I found that a guest login could access my NAS and printers (and other internal locations), a restart fixed this.

 

Note: I'm just using 3 Unifi APs, with the FIOS Actiontec router (wifi turned off), NOT using any Unifi switches/routers/gateways/etc., and NOT using VLAN tagging or any other fancy config.  Guest restriction still seems to work just fine, contrary to what another post said.

Reply