Unifi wifi setup with guest access.

By StrikedOut
in Smart Home, Network & Security

 Share

Recommended Posts

Mentor

StrikedOut

Posted
Posted (edited)

Very soon we will be replacing our old Cisco switches with new Unifi USW-Pro-48 and the new Cloud key Gen2. We also have 2 access gateways, one is our FortiGate which is our main 200/200Mbps fiber connection, the other is a Draytek to our 40/20 FTTC used as a backup and guest internet. We want to create 2 wifi networks, one connects company hardware to the main LAN, the other to connect and isolate guests using unifi's guest profile to the internet only through the Draytek. 

 

I have created 2 networks, Main for the corporate network and Guest for visitors and associated them to their respective wifi networks. Both have DHCP set to relay with the IP address of the DHCP server, yet in testing on the guest network, the device I connect doesnt get an IP address and using a static IP doesnt allow me to ping anything on the subnet.

 

I am hoping that @BudMan has played enough witht he unifi networks to advise, ideally we want to avoid VLANs as we want to reduce the complexity or our network (there is only around 40 people in this building) and from what I can tell, it is very possible but struggling to get DHCP to relay from the Draytek.

 

Any thoughts?

Link to comment
https://www.neowin.net/forum/topic/1421837-unifi-wifi-setup-with-guest-access/
Share on other sites
Grand Master

+BudMan MVC

Posted
  • MVC
Posted
On 27/09/2022 at 06:08, StrikedOut said:

ideally we want to avoid VLANs

This would be done with vlans.  Its not complex, setup a vlan for your guest network.  Set that up in the unifi AP to put the vlan ID on the ssid your guests will use.

 

I have zero play/testing with unifi guest feature, but I can you for sure the proper way to do this would be with vlans.  Guest network is normally setup when everything is on the same network and you just limit your guest from talking to other devices, on that same network.  Guest network in soho routers and even unifi is for home users that do not have the ability to setup vlans to be honest.

Mentor

StrikedOut

Posted
  • Author
Posted

Thanks @BudMan, although I wanted to avoid VLANs as I have limited experience plus there are only 40 people in htis office but it is inevitable and have started making the change but still having issues.

 

New setttings for the Guest Network are;

Network -> Guest profile. VLAN-only network on ID 99

WiFi -Guest WiFi profile. Double checked the network showed the correct network. Wifi type is standard.

Profiles -> Switch Ports. Created a new profile, left native network as default and added the guest network as a tagged network, left everything else on auto.

On the switch, selected the 2 ports being used for testing and changed the port profile to the new profile created above.

 

I am getting an IP address but no internet access and on a network scan, I see no other devices where there should be several.

 

What am I missing?

Grand Master

+BudMan MVC

Posted
  • MVC
Posted
On 27/09/2022 at 11:19, StrikedOut said:

Network -> Guest profile. VLAN-only network on ID 99

Did you auth to the portal?  I could enable guest services I guess  on unifi and play with it..

 

What gateway are you getting?  Can you ping that IP?  This is your other router right?

Mentor

StrikedOut

Posted
  • Author
Posted
On 27/09/2022 at 21:16, BudMan said:

Did you auth to the portal?  I could enable guest services I guess  on unifi and play with it..

 

What gateway are you getting?  Can you ping that IP?  This is your other router right?

'Did you auth to the portal?' - Gonna sound stupid but can you carify what you mean?

 

I can connect to the guest wifi and get a valid IP address and the correct gateway and DNS IP addresses but am unable to ping anything on this subnet, the router is the DHCP server and I can see my device in its ARP and DHCP lease tables.

If I change the network the wifi profile is using to default (no VLAN), it works as expected.

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

Did you enable auth to a portal when you setup your guest network..

 

guest.jpg.76034de00074c4f8a31b2be0af29496e.jpg

 

This isn't difficult - you want a "guest" network that is not connected to your normal network.  This is a simple ssid on a vlan.. Turn off all that guest stuff...

Mentor

StrikedOut

Posted
  • Author
Posted (edited)

Guest Landing page is definately off.

 

image.png.a5341c85b20ec7b9461d0acf6f686eda.png

 

The Wifi is also set to be a standard type, not guest.

 

image.png.e20eb77abd8b7a2629b446e80d01ef7c.png

 

And the network is set to VLAN-only mode.

 

image.png.7428c08915b03f16fb76098941f1fc3c.png

 

The profile for the switch ports are set as default for the native network and the guest network is tagged.

 

image.png.f4511a211d30989285f9f756759e3db8.png

 

And this profile is set on the ports I am testing with, I believe I have set it all correctly so taking a closer look at the router to see if there is something set on there I haddnt seen previously. It has been in use for some time and I have seen some settings that I wouldnt have set in other systems.

Edited by StrikedOut
  • 1 month later...
Mentor

StrikedOut

Posted
  • Author
Posted

Quick update.

Completed this last weekend and what stumped me was the term for the trunk ports, UNifi just use an 'All' profile. So now have 5, USW-Pro-48-PoE Plus a could of Flex switches in areas not originally designed to be networked and the original nano AP, all using 3 VLANs for main, guest and CCTV.

These are the finished results for our comms cabinet.

image.png.3c26475b61c27d403487ab93f28198d1.png

So satisfying the get this finilly finished with a much needed shove from @BudMan.

Mentor

StrikedOut

Posted
  • Author
Posted
On 11/11/2022 at 00:46, BudMan said:

What an improvement - sweet!

 

But that is not how you mount an AP hehehehe

But mounting it that way makes the wi-fi stronger in the vertical right?? 😉 

That was a temp so the cable was used, it now screwed to the wall. Still got a couple of changes to go, The fiber needs to be routed under those cables and secured, got new fiber to swap out but not had a day off this month so it can wait a little while!

Grand Master

+BudMan MVC

Posted
  • MVC
Posted
On 11/11/2022 at 03:25, StrikedOut said:

way makes the wi-fi stronger in the vertical right?? 😉 

Yeah sure, and the metal cabinet also amplifies the signal - hehehe rofl

Grand Master

Matthew S.

Posted
Posted
On 11/11/2022 at 10:08, BudMan said:

Yeah sure, and the metal cabinet also amplifies the signal - hehehe rofl

At least it's not inside a mesh cabinet... seen that before at a DC...

Mentor

StrikedOut

Posted
  • Author
Posted
On 11/11/2022 at 23:21, Matthew S. said:

At least it's not inside a mesh cabinet... seen that before at a DC...

To be honest, I am finding the APs in 'less that ideal' positions at this office. In cupboards, behind printers etc. Not a priority as the signal is strong enough to work but its on my todo when the more important tasks are complete.

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

That is odd, since most offices have drop ceilings - which makes it very simple to correctly place and install APs

Does this office not have a drop ceiling? Getting a ethernet into a cupboard seems odd for sure.

 

Mentor

StrikedOut

Posted
  • Author
Posted
On 13/11/2022 at 13:23, BudMan said:

That is odd, since most offices have drop ceilings - which makes it very simple to correctly place and install APs

Does this office not have a drop ceiling? Getting a ethernet into a cupboard seems odd for sure.

 

Has drop ceilings and raised floors, was just a lazy approach to the instal. Those that did get put into the ceiling were placed on top of the tiles. Shame, it only takes a couple minutes to install properly. This place is going to be a work in progress for a while but the company are good and seem ready to back the choices being made. We have an £18k budget to replace our storage with a high speed device, currently using 2 small SOHO NAS, one QNAP, the other Synology 1U, 4 bay storage and there are 3 USB attached storage devices connected to servers. Also have agreed a second high capacity NAS for archive, CCTV and other non critical storage. On top of the other quility of work life improvements, going to be a fun year.

Grand Master

+BudMan MVC

Posted
  • MVC
Posted
On 13/11/2022 at 16:57, StrikedOut said:

are 3 USB attached storage devices connected to servers

Well seems you have some real lowing hanging fruit to pick..  WTF so they had no it before, the the guy was just clueless??

Grand Master

+BudMan MVC

Posted
  • MVC
Posted
On 14/11/2022 at 07:18, StrikedOut said:

turn it off and back on/have you Googled it.

Which are valid IT troubleshooting methods ;) heheh ROFL..  Just ask anybody that has a home router - they will tell you how to fix anything. Just have to reboot it and let it sit for 30 seconds then plug it back in.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Posts

    • Nvidia 610.62 driver lands with big bug fixes and Empulse support

      By LoneWolfSL · Posted

      Nvidia 610.62 driver lands with big bug fixes and Empulse support by Pulasthi Ariyasinghe There is a new driver available for Nvidia GeForce hardware owners, and it's carrying a whole lot of bug fixes. The WHQL-certified 610.62 Game Ready driver is also adding support for Empulse. Empulse lands from 1047 Games. That may be familiar to first-person shooter fans, as this is the studio that has been behind Splitgate and the Splitgate: Arena Reloaded sequel. This latest FPS entry will land into early access on June 24, and it will have support for DLSS 4.5 with dynamic multi-frame generation and Nvidia Reflex on day one. FIXED World of Warcraft: Gaming stability improvements [5563205] FIXED Apex Legends: Occasional visual corruption after extended gameplay [6239327] FIXED Users may observe DLSS settings being grayed out in certain games after updating to display driver 610.47 [6262805] FIXED Improved gaming stability in multi-monitor configurations when using V-SYNC with DLSS Frame Generation [6158481] FIXED Resolved an issue that could cause jittering or ghosting in some DirectX 11 games when Smooth Motion is enabled [5937897] FIXED Resolved an issue that could cause some games to crash when launched with Smooth Motion enabled [5466398] FIXED [Ada] Resolves a frame pacing issue on certain monitors when G-SYNC is enabled [6226972] FIXED Resolved an issue that prevented the EDID from being read on certain monitors causing them to be identified as "NVIDIA NV-Failsafe” [6005508] FIXED Resolved an issue where certain monitors would not wake from sleep mode [5806798/5635230] FIXED General stability improvements when the system fails to create a new allocation [5449920] Nvidia has only listed a single open issue for this release: “Prefer Maximum Performance” Power Management Mode may not be applied correctly [6007998] The NVIDIA 610.62 driver is now available for download from the NVIDIA app. For those who want to download it directly, standalone links are here. Here are the official release notes (PDF).
    • Meet the browser: Firefox Next

      By _neutrino · Posted

      You could do that in the last 2 updates as well.
    • Bose Ultra Open Earbuds are once again selling at their lowest price

      By Fiza Ali · Posted

      Bose Ultra Open Earbuds are once again selling at their lowest price by Fiza Ali Amazon is once again offering the Bose Ultra Open Earbuds at their lowest price ever with a limited-time 33 percent discount on their original MSRP, ahead of Father's Day. So, you may want to check it out if you are looking for a gift or if you have been wanting to upgrade your device. The earbuds feature an open-ear design and Bose's OpenAudio technology that should deliver high-quality sound while helping keep audio private. The earbuds also support Bose Immersive Audio, which creates a spatialised listening experience designed to place sound around the listener for a more engaging experience. In terms of wireless connectivity, the earbuds features Bluetooth, Bluetooth Low Energy (BLE), A2DP audio streaming, HFP, AAC, and SBC support. Furthermore, they are compatible with Bose SimpleSync technology, allowing pairing with compatible Bose smart soundbars and speakers. They are also compatible with the Bose App for setup, customisation, and software updates. Moreover, they offer an IPX4 water-resistance rating that should provide protection against sweat and light splashes. When it comes to the battery performance, the Bose Ultra Open Earbuds should provide up to seven hours of battery life on a single charge while a full recharge should take approximately one hour. Specifications Detail Fit type Open-ear Noise cancelling No Microphone Built-in Wireless Bluetooth (A2DP, HFP, AAC, SBC, BLE) Multipoint Yes; 2 devices simultaneously Charging interface USB-C Earbud size 0.73"x0.67" x 1.07" (0.014lb) Case size 1.65"x2.56" x 1.04" (0.097 lb) Materials PC-ABS plastic, metal, silicone, gold plating App support Bose app; adjustable EQ, SimpleSync Audio tech OpenAudio, immersive/spatialized sound Bose Ultra Open Earbuds: $199 (Amazon US) - 33% off Good to know This Amazon deal is U.S. specific, and not available in other regions unless specified. We only use first-party seller links (at the time of article publishing); ensure that you purchase from a first-party seller link only. Check out Today's Deals on Amazon | or our recent tech deals. Become a Prime member (for Students or SNAP) via Neowin Get Prime Access - Prime for half price (for qualifying Medicaid, EBT, SNAP) Subscribe to Prime Video, Audible Plus, Music Unlimited or Kindle Unlimited via Neowin As an Amazon Associate, we earn from qualifying purchases.
    • Mozilla highlights Firefox Nova 2026 redesign and more upcoming features with new roadmap

      By Gus. · Posted

      After enabling it in about:config, customize, density, compact; the toolbar/address bar gets smaller vertically. I enabled Nova, I notice the tab bar/title bar is a bit larger vertically now? Everything always becomes a waste of space.
    • Microsoft's Copilot Cowork now generally available with usage-based billing

      By pradeepviswav · Posted

      Microsoft's Copilot Cowork now generally available with usage-based billing by Pradeep Viswanathan Back in March, Microsoft first revealed Copilot Cowork, a new agentic AI experience in Microsoft 365 Copilot through which users can assign tasks to AI to complete in the background. After testing the service with a limited set of customers in Research Preview for a few weeks, Microsoft announced the general availability of Copilot Cowork to customers in the Frontier program on March 30. Today, Microsoft announced the general availability of Copilot Cowork worldwide for Microsoft 365 Copilot customers. The company also highlighted that Cowork became the fastest-growing feature in the history of its Frontier program. Unlike regular Copilot Chat, Copilot Cowork can run complex, long-running, multi-tool tasks from start to finish in the cloud by using organizational context through Work IQ. When compared to Claude Cowork, Microsoft claims that Copilot Cowork will be 30% to 40% cheaper on average with its Microsoft 365 connector. For now, Copilot Cowork runs on Anthropic models, including Opus 4.8 and Sonnet 4.6. However, Frontier customers can now use GPT-5.5. Microsoft also announced Cowork 1, a secure fine-tuned model coming in the next few weeks, which is designed to handle everyday Copilot tasks at a lower cost. To access Copilot Cowork, a Microsoft 365 Copilot user subscription is required. Usage is billed separately through Copilot Credits, based on model use, context retrieval, tool calls, and runtime. Pay-as-you-go pricing is set at $0.01 per Copilot Credit. To offer IT teams full control over usage costs, Microsoft provides spending limits, usage alerts, user-level controls, reporting, and prepaid usage plans for organizations. Usage-based billing begins today. However, Frontier customers who used Cowork between March 30 and June 16 will not be billed until July 1, 2026. The Microsoft 365 Copilot app now includes a toggle to enter the full Cowork experience. Microsoft is also adding partner plugins, with Enosix, Harvey, LSEG, Miro, monday.com, Moody’s, Morningstar, S&P Global Energy, and TeamsMaestro available now. Adobe, Atlassian, Box, Canva, Databricks, and others are coming soon.

  • Recent Achievements

    • One Year In
      Console General earned a badge
      One Year In
    • One Year In
      Twozo Technologies earned a badge
      One Year In
    • One Month Later
      Twozo Technologies earned a badge
      One Month Later
    • Week One Done
      Twozo Technologies earned a badge
      Week One Done
    • Veteran
      branfont went up a rank
      Veteran

  • Popular Contributors

    1. 1
      +primortal
      511
    2. 2
      +Edouard
      190
    3. 3
      PsYcHoKiLLa
      109
    4. 4
      Steven P.
      89
    5. 5
      Nick H.
      71
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!