Guest network on different IP network

So your not using a USG for a router I am guessing, that’s where your network is setup. I am not aware of a way to do what you want without vlans. Honestly no benefits to having a guest network if your not going to split it out from you Corp network.

HI, thanks for the reply

Yup, correct - no USG router.

So, I was doing some reading and if we go with the VLANs should the config be something like:

Site Office1: VLANguest ( 10.1.xxx) and VLANcorp

Site Office2: VLANguest ( 10.2.xxx) and VLANcorp

Site Office3: VLANguest ( 10.3.xxx) and VLANcorp

the UniFi controller is on the Corp network

Then how the controller needs to be configured so to be able to broadcast properly:

SSID: GUEST ( 10.xxx) + CORP (xxx) ??

Thanks in advance

Yes you have the basic setup correct, but this gets complex very quick, I would strongly recommend that your company look for a pay a consultant to come in an help you out. But here are the basics:

On your router, you will need to configure the seperate networks, not knowing the topology of your full network, its difficult to be more specific. Typically your guest networks would be a virtual interfaces on your router. You would typically also put a dhcp relay command here as well to tell each network where your DHCP server(s) are, and you need to build those DHCP scopes on that server(s).

All the switches would need to be configured with the vlan information, along with ports on those switches configured to use them. You would create the guest networks on your unifi controller. Then you create the guest SSIDs in the wireless network section, and configure them to be in the proper vlan for your building guest network. This is what provisions your APs to broadcast the proper wifi networks. 

As I said, depending on the size of your network and it make up (all unifi vs a mix of vendor gear) this can be complex. And I have not even hit on firewall rule sets to make sure your guests don't get access to your corp network.

I hope this gives you a starting point, if you and your company have the time and some test gear, you can play with the configs to get it right. If not, do yourself a favor and get someone to help you and show you what they did so you can support it going forward. 

Best of luck!

Great! Thanks for the reply so fast!

So,

 
Hopefully last question:

If I got this correct:

AP must be connected to the the trunk port. 

VLAN1-Corp and VLAN2-Guest should be configed on the local network

Guest network created on the UniFi controller

SSID: Guest created under the Guest network and assigned with VLAN2-Guest

Enable all SSIDs to be broadcasted by the APs

I am going to create additional DHCP scopes on all site servers with the respective guest subnet ( 10.1.xxx ; 10.2.xxx; etc )

Where there is no local DHCP server IP helper will be configured on the router

Am I missing something ? Having in mind that the subif on the router will be configured with the respective GUEST IP for each site VLAN2 - is that going to work ? and VLAN2 will be going straight out on internet from each site...

Thanks

Hello @hegroupnz,

Welcome to the community!

Tag the VLANs to the switchports and tag the VLAN to the SSID.

Regards,

Glenn R.