Unifi wifi setup with guest access.

By StrikedOut
in Smart Home, Network & Security

 Share

Recommended Posts

Mentor

StrikedOut

Posted
Posted (edited)

Very soon we will be replacing our old Cisco switches with new Unifi USW-Pro-48 and the new Cloud key Gen2. We also have 2 access gateways, one is our FortiGate which is our main 200/200Mbps fiber connection, the other is a Draytek to our 40/20 FTTC used as a backup and guest internet. We want to create 2 wifi networks, one connects company hardware to the main LAN, the other to connect and isolate guests using unifi's guest profile to the internet only through the Draytek. 

 

I have created 2 networks, Main for the corporate network and Guest for visitors and associated them to their respective wifi networks. Both have DHCP set to relay with the IP address of the DHCP server, yet in testing on the guest network, the device I connect doesnt get an IP address and using a static IP doesnt allow me to ping anything on the subnet.

 

I am hoping that @BudMan has played enough witht he unifi networks to advise, ideally we want to avoid VLANs as we want to reduce the complexity or our network (there is only around 40 people in this building) and from what I can tell, it is very possible but struggling to get DHCP to relay from the Draytek.

 

Any thoughts?

Link to comment
https://www.neowin.net/forum/topic/1421837-unifi-wifi-setup-with-guest-access/
Share on other sites
Grand Master

+BudMan MVC

Posted
  • MVC
Posted
  On 27/09/2022 at 11:08, StrikedOut said:

ideally we want to avoid VLANs

Expand  

This would be done with vlans.  Its not complex, setup a vlan for your guest network.  Set that up in the unifi AP to put the vlan ID on the ssid your guests will use.

 

I have zero play/testing with unifi guest feature, but I can you for sure the proper way to do this would be with vlans.  Guest network is normally setup when everything is on the same network and you just limit your guest from talking to other devices, on that same network.  Guest network in soho routers and even unifi is for home users that do not have the ability to setup vlans to be honest.

Mentor

StrikedOut

Posted
  • Author
Posted

Thanks @BudMan, although I wanted to avoid VLANs as I have limited experience plus there are only 40 people in htis office but it is inevitable and have started making the change but still having issues.

 

New setttings for the Guest Network are;

Network -> Guest profile. VLAN-only network on ID 99

WiFi -Guest WiFi profile. Double checked the network showed the correct network. Wifi type is standard.

Profiles -> Switch Ports. Created a new profile, left native network as default and added the guest network as a tagged network, left everything else on auto.

On the switch, selected the 2 ports being used for testing and changed the port profile to the new profile created above.

 

I am getting an IP address but no internet access and on a network scan, I see no other devices where there should be several.

 

What am I missing?

Grand Master

+BudMan MVC

Posted
  • MVC
Posted
  On 27/09/2022 at 16:19, StrikedOut said:

Network -> Guest profile. VLAN-only network on ID 99

Expand  

Did you auth to the portal?  I could enable guest services I guess  on unifi and play with it..

 

What gateway are you getting?  Can you ping that IP?  This is your other router right?

Mentor

StrikedOut

Posted
  • Author
Posted
  On 27/09/2022 at 20:16, BudMan said:

Did you auth to the portal?  I could enable guest services I guess  on unifi and play with it..

 

What gateway are you getting?  Can you ping that IP?  This is your other router right?

Expand  

'Did you auth to the portal?' - Gonna sound stupid but can you carify what you mean?

 

I can connect to the guest wifi and get a valid IP address and the correct gateway and DNS IP addresses but am unable to ping anything on this subnet, the router is the DHCP server and I can see my device in its ARP and DHCP lease tables.

If I change the network the wifi profile is using to default (no VLAN), it works as expected.

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

Did you enable auth to a portal when you setup your guest network..

 

guest.jpg.76034de00074c4f8a31b2be0af29496e.jpg

 

This isn't difficult - you want a "guest" network that is not connected to your normal network.  This is a simple ssid on a vlan.. Turn off all that guest stuff...

Mentor

StrikedOut

Posted
  • Author
Posted (edited)

Guest Landing page is definately off.

 

image.png.a5341c85b20ec7b9461d0acf6f686eda.png

 

The Wifi is also set to be a standard type, not guest.

 

image.png.e20eb77abd8b7a2629b446e80d01ef7c.png

 

And the network is set to VLAN-only mode.

 

image.png.7428c08915b03f16fb76098941f1fc3c.png

 

The profile for the switch ports are set as default for the native network and the guest network is tagged.

 

image.png.f4511a211d30989285f9f756759e3db8.png

 

And this profile is set on the ports I am testing with, I believe I have set it all correctly so taking a closer look at the router to see if there is something set on there I haddnt seen previously. It has been in use for some time and I have seen some settings that I wouldnt have set in other systems.

Edited by StrikedOut
  • 1 month later...
Mentor

StrikedOut

Posted
  • Author
Posted

Quick update.

Completed this last weekend and what stumped me was the term for the trunk ports, UNifi just use an 'All' profile. So now have 5, USW-Pro-48-PoE Plus a could of Flex switches in areas not originally designed to be networked and the original nano AP, all using 3 VLANs for main, guest and CCTV.

These are the finished results for our comms cabinet.

image.png.3c26475b61c27d403487ab93f28198d1.png

So satisfying the get this finilly finished with a much needed shove from @BudMan.

Mentor

StrikedOut

Posted
  • Author
Posted
  On 11/11/2022 at 00:46, BudMan said:

What an improvement - sweet!

 

But that is not how you mount an AP hehehehe

Expand  

But mounting it that way makes the wi-fi stronger in the vertical right?? 😉 

That was a temp so the cable was used, it now screwed to the wall. Still got a couple of changes to go, The fiber needs to be routed under those cables and secured, got new fiber to swap out but not had a day off this month so it can wait a little while!

Grand Master

+BudMan MVC

Posted
  • MVC
Posted
  On 11/11/2022 at 09:25, StrikedOut said:

way makes the wi-fi stronger in the vertical right?? 😉 

Expand  

Yeah sure, and the metal cabinet also amplifies the signal - hehehe rofl

Grand Master

Matthew S.

Posted
Posted
  On 11/11/2022 at 15:08, BudMan said:

Yeah sure, and the metal cabinet also amplifies the signal - hehehe rofl

Expand  

At least it's not inside a mesh cabinet... seen that before at a DC...

Mentor

StrikedOut

Posted
  • Author
Posted
  On 11/11/2022 at 23:21, Matthew S. said:

At least it's not inside a mesh cabinet... seen that before at a DC...

Expand  

To be honest, I am finding the APs in 'less that ideal' positions at this office. In cupboards, behind printers etc. Not a priority as the signal is strong enough to work but its on my todo when the more important tasks are complete.

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

That is odd, since most offices have drop ceilings - which makes it very simple to correctly place and install APs

Does this office not have a drop ceiling? Getting a ethernet into a cupboard seems odd for sure.

 

Mentor

StrikedOut

Posted
  • Author
Posted
  On 13/11/2022 at 13:23, BudMan said:

That is odd, since most offices have drop ceilings - which makes it very simple to correctly place and install APs

Does this office not have a drop ceiling? Getting a ethernet into a cupboard seems odd for sure.

 

Expand  

Has drop ceilings and raised floors, was just a lazy approach to the instal. Those that did get put into the ceiling were placed on top of the tiles. Shame, it only takes a couple minutes to install properly. This place is going to be a work in progress for a while but the company are good and seem ready to back the choices being made. We have an £18k budget to replace our storage with a high speed device, currently using 2 small SOHO NAS, one QNAP, the other Synology 1U, 4 bay storage and there are 3 USB attached storage devices connected to servers. Also have agreed a second high capacity NAS for archive, CCTV and other non critical storage. On top of the other quility of work life improvements, going to be a fun year.

Grand Master

+BudMan MVC

Posted
  • MVC
Posted
  On 13/11/2022 at 22:57, StrikedOut said:

are 3 USB attached storage devices connected to servers

Expand  

Well seems you have some real lowing hanging fruit to pick..  WTF so they had no it before, the the guy was just clueless??

Grand Master

+BudMan MVC

Posted
  • MVC
Posted
  On 14/11/2022 at 13:18, StrikedOut said:

turn it off and back on/have you Googled it.

Expand  

Which are valid IT troubleshooting methods ;) heheh ROFL..  Just ask anybody that has a home router - they will tell you how to fix anything. Just have to reboot it and let it sit for 30 seconds then plug it back in.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Posts

    • Helium Converter 3.3.70.0

      By Copernic · Posted

      Helium Converter 3.3.70.0 by Razvan Serea Helium Converter is a free Windows utility for converting audio files between formats such as MP3, FLAC, AAC, WMA, OGG, and WAV. It supports batch conversion, preserves or updates tag information, and offers features like volume normalization. With a simple interface, it's ideal for users who need to convert large music libraries quickly and efficiently while retaining metadata. Helium Converter key features: Supports file formats: MP3, MP4, FLAC, AAC, M4A, WMA, WAV, OGG, OPUS, APE.... Batch conversion for large music libraries Preserves and edits metadata (ID3, Vorbis Comments, etc.) Volume normalization to equalize loudness Album art extraction and embedding Drag-and-drop interface for quick file selection Adjustable encoding parameters (bitrate, sample rate, channels) Uses internal codecs for consistent performance Supports CUE sheets for split track conversion File renaming based on tags during export Unicode support for international file and tag names Logging of conversion processes for troubleshooting Multi-core CPU support for faster conversions Download: Helium Converter 3.3.70.0 | 39.8 MB (Freeware) Links: Helium Converter Home Page | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • JetBrains is increasing YouTrack prices starting this October

      By David Uzondu · Posted

      JetBrains is increasing YouTrack prices starting this October by David Uzondu YouTrack, the project management and issue tracking tool by JetBrains, is set for its first price increase since 2020. The company announced that new pricing tiers for both its cloud and self-hosted products will take effect on October 1, 2025. The reason, according to JetBrains, is that its pricing has not kept up with the features it has added over the last few years. The platform has expanded to include a full-blown Knowledge Base, integrated Helpdesk tools, and AI assistance features without altering the cost for its customers. Here is a quick breakdown of the primary changes: The standard YouTrack Cloud plan will start at $5.40 per user per month on a monthly subscription. An annual plan will bring that down to $4.50 per user per month. The Helpdesk add-on for cloud users, while still free for up to three agents, will now cost $6 per agent per month for larger support teams. For the self-hosted YouTrack Server, the Helpdesk functionality for teams larger than three agents will be priced at $72 per agent per year. For YouTrack Cloud users, the free plan for up to 10 people is safe and is not changing. If you are on a modern per-user plan, you will see the new prices reflected after the cutoff date. For long-time customers on older legacy user-pack subscriptions, this marks the end of the road. You can renew one final time under your old plan before October 1, 2025. After that, you will be moved to the new per-user model, which offers more flexibility and bumps up storage to 3GB per user. On the other side of the fence is the self-hosted YouTrack Server, which has always been the choice for organizations wanting total control over their data and infrastructure. Your existing perpetual licenses are, well, perpetual; they will not stop working. The price change affects the subscription for updates and support. You can renew this subscription at the current price until the 2025 deadline. After that, all renewals will use the new pricing structure. JetBrains is keeping its user pack tiers, but if your team is larger than 2,000 people, you will need to contact the company for a custom quote. JetBrains says that all subscriptions, new or old, will continue to include the full feature set, including AI assistance and support, without extra fees. Discounts for non-profits, open-source projects, and educational institutions are also sticking around. More details can be found in the official announcement blog post.
    • Ex-Microsoft executive: Xbox strategy is chaotic and company's console business is dead

      By Mrwhatever85 · Posted

      my grandma who gifted me an Xbox 360 15 years ago, giving her expert advice on a device she has never really used .....
    • Notepad++ 8.8.2

      By Copernic · Posted

      Notepad++ 8.8.2 by Razvan Serea Notepad++ is a free (as in "free speech" and also as in "free beer") source code editor and Notepad replacement that supports several languages. Running in the MS Windows environment, its use is governed by GPL License. Based on the powerful editing component Scintilla, Notepad++ is written in C++ and uses pure Win32 API and STL which ensures a higher execution speed and smaller program size. By optimizing as many routines as possible without losing user friendliness, Notepad++ is trying to reduce the world carbon dioxide emissions. When using less CPU power, the PC can throttle down and reduce power consumption, resulting in a greener environment. Notepad++ v8.8.2 changelog: Fix regression of folding state not being remembered through sessions. (Fix #16597, #16670) Fix “Go To Settings” links in Style Configurator regression (from v8.8). (Fix #16592) Fix small regression of tab background (hovered) highlighting issue after drag&drop. (Fix #16559) Fix an unresponsive (hang) issue due to hide lines. (Fix #16316) Fix installer security issue by using the absolute path instead of an unspecified path (CVE-2025-49144). (commit, fix report on GitHub, fix #16744) Installer component “WinGUp”: update cURL to 8.13.0 for fixing cURL’s security issue CVE-2025-0167. (Fix #16531, #16515) Update to scintilla 5.5.7 & Lexilla 5.4.5. (Implement #16649) Add feature to update Notepad++ on exit. (Fix #16601, #13749, #10317, #8495, #8457, #3755) Add “/relaunchNppAfterSilentInstall” command argument for installer. (Fix #issue) Add feature to set read-only attribute on file so user can toggle (set/remove) read-only attribute of a file. (Fix #326, #4594, #6216, #7841, #12520, #15571, #16603) Add new plugin API: NPPM_GETTOOLBARICONSETMODE & NPPN_TOOLBARICONSETCHANGED to get toolbar icon set choice. (Fix #16547, #16646) Deprecate 3 APIs: Deprecate NPPM_GETOPENFILENAMES, NPPM_GETOPENFILENAMESPRIMARY & NPPM_GETOPENFILENAMESSECOND. (Fix #15997) Add new feature of using first line of untitled document for its tab name. (Fix #3994, #16584) Enhance NPPM_DARKMODESUBCLASSANDTHEME: Enable darkmode progress bar for plugins. (Fix #16675) Various dark mode enhancements. (Fix #16668, #16674, #16560, #16537, #issue) Fix right click on caption bar unhidding main menu. (Fix #16652) Fix rename tab error message when tab name is unchanged. (Fix #16661) Fix Python FunctionList absorbing next function issue if space after colon. (Fix #16636) Remove .log from errorlist lexer’s default extensions. (Fix #16627) Make raw string syntax highlighting work for Golang. (Fix #16609) Fix Notepad++ tray icon lost after Windows Taskbar crashing & being relaunched. (Fix #16588) Fix changing toolbar icon set not updating to matching panel icon set. (Fix #16595) Fix Windows dialog file list not react with keystroke (character match). (Fix #2239) Add “*” mark on modified file entries in “Windows” dropdown menu. (Fix #16542) Download: Notepad++ 64-bit | Portable 64-bit | ~4.0 MB (Open Source) Download: Notepad++ 32-bit | Portable 32-bit View: Notepad++ Home page | Other Operating Systems | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Everyone seems powerless against Oracle's ownership of the JavaScript trademark

      By pmrd · Posted

      Your worst thumbnail was better than this AI crap.

  • Recent Achievements

    • Week One Done
      dennis Nebeker earned a badge
      Week One Done
    • One Year In
      timothytoots earned a badge
      One Year In
    • One Month Later
      CHUNWEI earned a badge
      One Month Later
    • Week One Done
      TIGOSS earned a badge
      Week One Done
    • First Post
      henryj earned a badge
      First Post

  • Popular Contributors

    1. 1
      +primortal
      468
    2. 2
      +FloatingFatMan
      194
    3. 3
      ATLien_0
      163
    4. 4
      Xenon
      78
    5. 5
      Som
      75
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!