Reply
New Member
Posts: 3
Registered: ‎01-10-2019
Accepted Solution

Guest network on different IP network

Hi Team

 

Currently we have UniFi controller with many APs across different offices

It is set as 1 network only as Corporate and default IP address, which I am not very sure how it works cause it show 192.168.1.1 but we dont have such subnet anywhere in the organization. May be this is the place to put that I havent desigh or build this, just inherited Man Happy

So, there are 4 Wireless Networks created one of which is Guest


I want to put Guest into different IP network - 10.xxxx lets say

 

How can I accomodate that on the UniFi controller ? Like I cant figure out when the AP1 is broadcasting SSID: Corp1 ( 192.xxx) and SSID: Guest1 ( 10.xxx ) - how they now which DHCP pool is assigned to which network ? How UniFi controller has to be configured to properly assign different IPs? 

We are not using VLANs on our network and not planning to.

DHCP will be used from the local site server

 

I hope it is not so confusing for someone

 

Thanks in advance


Accepted Solutions
Member
Posts: 146
Registered: ‎09-11-2015
Kudos: 34
Solutions: 7

Re: Guest network on different IP network


@hegroupnz wrote:

Great! Thanks for the reply so fast!

 

So,

 
Hopefully last question:

 

If I got this correct:

 

 

 

AP must be connected to the the trunk port. - Correct

VLAN1-Corp and VLAN2-Guest should be configed on the local network - Correct

Guest network created on the UniFi controller - Correct

SSID: Guest created under the Guest network and assigned with VLAN2-Guest - Correct this is created in the wireless network section

Enable all SSIDs to be broadcasted by the APs - Correct

 
I am going to create additional DHCP scopes on all site servers with the respective guest subnet ( 10.1.xxx ; 10.2.xxx; etc )

Where there is no local DHCP server IP helper will be configured on the router - Looks good

 

 

Am I missing something ? Having in mind that the subif on the router will be configured with the respective GUEST IP for each site VLAN2 - is that going to work ? and VLAN2 will be going straight out on internet from each site... - The only other piece would be rules on a firewall if you have one, or on your routers making sure guest traffic just has internet access, and blocks access to your corp network

 

Thanks


Looks good, I have some notes in your statements above.

View solution in original post


All Replies
Member
Posts: 146
Registered: ‎09-11-2015
Kudos: 34
Solutions: 7

Re: Guest network on different IP network

So your not using a USG for a router I am guessing, that’s where your network is setup. I am not aware of a way to do what you want without vlans. Honestly no benefits to having a guest network if your not going to split it out from you Corp network.

 

New Member
Posts: 3
Registered: ‎01-10-2019

Re: Guest network on different IP network

HI, thanks for the reply

 

Yup, correct - no USG router.

 

So, I was doing some reading and if we go with the VLANs should the config be something like:

 

Site Office1: VLANguest ( 10.1.xxx) and VLANcorp

Site Office2: VLANguest ( 10.2.xxx) and VLANcorp

Site Office3: VLANguest ( 10.3.xxx) and VLANcorp

 

the UniFi controller is on the Corp network

 

Then how the controller needs to be configured so to be able to broadcast properly:

 

SSID: GUEST ( 10.xxx) + CORP (xxx) ??

 

Thanks in advance

Highlighted
Member
Posts: 146
Registered: ‎09-11-2015
Kudos: 34
Solutions: 7

Re: Guest network on different IP network

Yes you have the basic setup correct, but this gets complex very quick, I would strongly recommend that your company look for a pay a consultant to come in an help you out. But here are the basics:

 

On your router, you will need to configure the seperate networks, not knowing the topology of your full network, its difficult to be more specific. Typically your guest networks would be a virtual interfaces on your router. You would typically also put a dhcp relay command here as well to tell each network where your DHCP server(s) are, and you need to build those DHCP scopes on that server(s).

All the switches would need to be configured with the vlan information, along with ports on those switches configured to use them. You would create the guest networks on your unifi controller. Then you create the guest SSIDs in the wireless network section, and configure them to be in the proper vlan for your building guest network. This is what provisions your APs to broadcast the proper wifi networks. 

 

As I said, depending on the size of your network and it make up (all unifi vs a mix of vendor gear) this can be complex. And I have not even hit on firewall rule sets to make sure your guests don't get access to your corp network.

 

I hope this gives you a starting point, if you and your company have the time and some test gear, you can play with the configs to get it right. If not, do yourself a favor and get someone to help you and show you what they did so you can support it going forward. 

 

Best of luck!

New Member
Posts: 3
Registered: ‎01-10-2019

Re: Guest network on different IP network

Great! Thanks for the reply so fast!

 

So,

 
Hopefully last question:

 

If I got this correct:

 

 

 

AP must be connected to the the trunk port. 

VLAN1-Corp and VLAN2-Guest should be configed on the local network

Guest network created on the UniFi controller

SSID: Guest created under the Guest network and assigned with VLAN2-Guest

Enable all SSIDs to be broadcasted by the APs


I am going to create additional DHCP scopes on all site servers with the respective guest subnet ( 10.1.xxx ; 10.2.xxx; etc )

Where there is no local DHCP server IP helper will be configured on the router

 

 

Am I missing something ? Having in mind that the subif on the router will be configured with the respective GUEST IP for each site VLAN2 - is that going to work ? and VLAN2 will be going straight out on internet from each site...

 

Thanks

Senior Member
Posts: 16,548
Registered: ‎08-04-2017
Kudos: 3028
Solutions: 813

Re: Guest network on different IP network

Hello @hegroupnz,

 

Welcome to the community!

 

Tag the VLANs to the switchports and tag the VLAN to the SSID.

 

 

Regards,

Glenn R.

Cloud Hosted Controllers | Glenn R. | UniFi Installation/Easy Update Scripts | UniFi-VoIP Installation Scripts
USG-4-PRO • USG
USW-48-500W • USW-24-POE-250W 2x • USW-16-POE-150W 3x • USW-24 • USW-8-150W • USW-8
UAP XG • UAP-SHD • UAP-HD • UAP-NanoHD • UAP-AC-PRO 2x • UAP-AC-LITE • UAP-AC-IW • UAP-AC-M
UCK-G2-PLUS • UCK-G2 • UCK
Member
Posts: 146
Registered: ‎09-11-2015
Kudos: 34
Solutions: 7

Re: Guest network on different IP network


@hegroupnz wrote:

Great! Thanks for the reply so fast!

 

So,

 
Hopefully last question:

 

If I got this correct:

 

 

 

AP must be connected to the the trunk port. - Correct

VLAN1-Corp and VLAN2-Guest should be configed on the local network - Correct

Guest network created on the UniFi controller - Correct

SSID: Guest created under the Guest network and assigned with VLAN2-Guest - Correct this is created in the wireless network section

Enable all SSIDs to be broadcasted by the APs - Correct

 
I am going to create additional DHCP scopes on all site servers with the respective guest subnet ( 10.1.xxx ; 10.2.xxx; etc )

Where there is no local DHCP server IP helper will be configured on the router - Looks good

 

 

Am I missing something ? Having in mind that the subif on the router will be configured with the respective GUEST IP for each site VLAN2 - is that going to work ? and VLAN2 will be going straight out on internet from each site... - The only other piece would be rules on a firewall if you have one, or on your routers making sure guest traffic just has internet access, and blocks access to your corp network

 

Thanks


Looks good, I have some notes in your statements above.

Reply