I have several Unifi AC Lite APs around our building. We are provided two internet modems by our service provider: one for our private internet and one for public use. Both currently have DHCP enabled. The private network is currently on 192.168.250.x subnet and public is on 192.168.1.x subnet. Could we configure the network so that I can use the Unifi Access Points to access both networks? I.e. I would like for clients on the public network to get routed to the public internet modem, and clients on the private network to get routed to our private internet. The key being that we don't have to redeploy more access points around the building just for the public network. What hardware/configuration would be required if this is possible?
1 Answer
You'll want to use VLANs. I hope the "Lite" APs aren't limited in that regard.
You'll use three VLANs:
- VLAN 1: Public
- VLAN 2: Private
- VLAN 3: Management
We'll create isolated channels ("virtual cables") through a single cable. The AP management will be out of band with other traffic, which is good.
When setting up a wireless network in UniFi's management software, you can set which VLAN the network should connect to. You can of course also set different levels of security for them.
You'll also need something VLAN-enabled at the other end of the trunk connection. This can be a managed switch or a regular Linux PC/device. Depending on how enterprise it has to be, you could go for a cheap "smart managed" switch (only web-based management) or a router that can do OpenWrt.
The simplest solution would be as follows:
- The access point will connect to LAN1 (VLANs 1 & 2, both tagged, also VLAN 3, untagged)
- The management network is at LAN2 (VLAN 3, untagged)
- The "public" modem (router, really) goes to LAN3 (VLAN 1, untagged)
- The "private" router goes to LAN4 (VLAN 2, untagged)
- The switch's management interface also belongs to VLAN 3
First set everything up, then connect all networks. Otherwise, the DHCP services might interfere with each other.
The traffic that leaves LAN1 can be distributed using normal switches. They don't have to be VLAN-aware/enabled.
answered Oct 23, 2016 at 17:58
