In this new series, I am emphasizing my network motto “Keep It Simple.” Simplicity has couple major benefits in my opinion.
- Easier and faster to setup
- Less troubleshooting
I personally believe minimal configuration to achieve 90% performance is superior to hours and days of tweaking to achieve 99%.
In this first of the series, l am going to start with how to set up Guest WiFi using Unifi Network controller version 6. Personally, I have UniFi Dream Machine Pro, but this should work with other UniFi Network controller so long as it is version 6.
Let’s get started.
Why do we need Guest Wi-Fi Network?
Before setting Guest WiFi, the first question you need to ask yourself is “do I need it?”
There are two main reasons why I have Guest WiFi in my home: security and performance.
Security
On our home network, I have several computers including Network Attached Storage servers. They contain many personal data including work related documents, family photos and the others. I do not want my guest to have access to these files.
Also, if my guest device has some virus, I don’t want it to be spread into my network.
Performance
One of your family member may having an important Zoom meeting. That should for sure take priority over my kid’s friend who is trying to play network connect games. So you want to restrict amount of bandwidth a guest user can use.
If one or both of the above situation seem to apply to you, Guest network is the way to go.
Setup
As for reference here is my current setup at the time of this writing.
- UniFi OS UDM Pro: V1.10.0.3686
- UniFi Network Controller (on UDM Pro): Version 6.4.54
VLAN Based Guest Network Creation
There are three basic steps.
- Create Guest VLAN (Device isolation option ON).
- [Optional] Create Guest Bandwidth Profile
- Create Guest Wi-Fi Network using Guest VLAN & Guest Bandwidth Profile created in step 1 and 2.
Create Guest VLAN
First you log into your UniFi network controller.
Setting > Networks > Add a New Network
Here you put a name of the local area network, which you should think as wired or backborn of the network. This is not your WiFi name yet. I just call “Guest LAN” myself here but you can name whatever.
VLAN stands for virtual local area network. So this is allowing you to create own network without having separate hardware like second router. This gives many additional network customization.
One of the option is content filtering. This is one way to put parental control type filtering to all devices using Guest LAN. If you want to choose Work or Family type filter, go right ahead.
Guest Network Isolation
Now expand Advanced section.
Here the key thing you need to do is turn on the Device Isolation option.
Turn Device Isolation On.
What’s New in 6.0?
[…]
Add new Device Isolation (creates guest network if turned on) and Internet Access (blocks WAN access if turned off) toggles.
UniFi Network Controller 6.0.20
Turning this option on will ensure devices connected to this network have no access to your other networks.
I have tested this myself by connecting to Guest Network WiFi when all done and try to access UniFi Network controller by typing in IP address or ping other device on my main network and nothing connects.
VLAN Creation
Now you are going to complete the rest of Guest VLAN creation.
For the minimum setting/configuration, you just need two other fields:
- VLAN ID
- Auto Scale Network “On”
Both are by default automatically filled or selected.
If you never created VLAN before, your VLAN ID may be starting with 2.
Auto Scale Network
feature automatically adjusts subnet size and DHCP range with avoiding network collision.
UniFi Network Controller 6.0.20
Auto Scale Network is setting that takes away couple additional manual settings.
With keep it simple approach, my recommendation is just leave Auto Scale Network “on” and move on.
All you need to do at this point is scroll down to the bottom and Add Network.
Now you have created a VLAN that can be used for Guest WiFi.
[Optional] Create Guest Bandwidth Profile
This is an optional step, but I surmise many users want to limit guest user network bandwidth so they won’t slow down your primary network.
For this, we will create a Bandwidth limitation rule.
Go to Setting > Advanced Features > Bandwidth Profile > Add Bandwidth Profile
Here you can specify whatever number you want for max data bandwidth the user in the Guest Network can use. I named the rule as “Guest” and set 50 Mbps down and 10 Mbps up. To save it, hit Apply Changes.
Create Guest Wi-Fi Network
Finally, we are creating a Guest Wi-Fi Network (SSID). The reason we waited this step until the last is because the other two steps ensures Guest WiFi network to be isolated by creating its own virtual local area network and the network has bandwidth limitation (Bandwidth Rule).
Now Go to Setting > WiFi > Add New WiFi Network
Name here will be the SSID of the Wi-Fi. Password will be what’s prompted on your wireless devices at the time of WiFi connection.
For the network, you want to choose “Guest VLAN” that just created on the first step.
Under the advanced setting you have various options. Keep scrolling down until you see the Bandwidth Profile. This is where you select “Guest” bandwidth profile that was created on the second step.
[Optional] Make Guest WiFi available during specific time of the day
You may want to have Guest WiFi only available specific time of the day and otherwise, keep the Guest WiFi off. If you scroll to the bottom Wi-Fi Scheduler section.
Click anywhere on the grid map or drag and drop each day and fill the grid map. The key here is you are specifying the time when the Guest WiFi is being paused.
For example, I want have Guest Network available only between 10am to 8pm each day. This is how it looks like.
After all is done, now hit apply changes.
Wrap
Congratulations, you now should see new Guest WiFi SSID. You can try pinging one of your network device from a device connected to the guest WiFi. You can also try internet speed test to confirm the bandwidth restriction if you applied it.
If something is not quite working as intended, my first suggestion is reboot the network. By this it includes your network controller unit like Dream Machine but also Access Points.