What's new

Building a guest-wifi network

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Yes. He's looking at replacing four (4) APs. Do one. Put it in the most advantageous location. Add as needed. They are guests not paying customers. Yes, I'm cheap <lol>

As your guest goes out on the porch or in a part of the house that is not supported by the guest network he is going to think you don't know what you are doing when it comes to networking.
 
Yes. He's looking at replacing four (4) APs. Do one. Put it in the most advantageous location. Add as needed. They are guests not paying customers. Yes, I'm cheap <lol>

Well, have caught up with reading in the mean time and also looked at the options proposed. It is actually 3AP's we are talking about. I am inclined to go with adding one additional AP configured as guest-wifi but there is one caveat to that. I mentioned we have a lot of visitors which are mostly friends with kids similar age to our kids and they kinda brag that our place has the best wifi of the entire circle of friends. My boy actually wines a bit when we go to friends' places as they don't have wifi same as at our place when he plays Roblox. Now, as a network hobbyist, i do find some pride in that :D

Bottom line, if i go for a guest network, it has to have same performance as our own wifi network has. My ego would be hurt if i hear one of the visitors' kids bluntly states that our wifi s*cks! o_O
 
I am trying to figure out how well does Ruckus roam with Wi-Fi calling? Do you know Klueless?
My name is "klueless" what would I know : -)
  • He's currently using a Netgear, an Asus and a Linksys. The Ruckus should roam at least as well as any of them.
  • I replaced a low end Netgear with a Ruckus access point and roaming got better.
  • At one of my sites I have two (2) Ruckuses (Ruckae?) wired to an Asus router. All three (3) devices have the same SSIDs (and passwords) defined - "work" and "guest". Roaming (as far as I can tell) has been stellar.
  • In the OP's application roaming for the "home" SSID should be fine. If "guest" is only implemented on one AP, well, you will only go so far. If "guest" were implemented on multiple APs roaming should be fine.
 
Last edited:
As your guest goes out on the porch or in a part of the house that is not supported by the guest network he is going to think you don't know what you are doing when it comes to networking.
<lol> Add/replace as needed. Guests come to visit. If there's a game room then that's where the access point goes. If you tell the guest you saved $400 by not adding access in the bathroom he's likely to think you do know what you're doing : -)
 
I am inclined to go with adding one additional AP configured as guest-wifi but there is one caveat to that.
Add or replace, your choice. Apparently three (3) do an awesome job now so why add? But are guests really scattered all over the estate? Where do they cluster? Maybe just one will do the job? Like my 2nd floor is all bedrooms. I put no extra effort in supporting "guest" up there.
 
<lol> Add/replace as needed. Guests come to visit. If there's a game room then that's where the access point goes. If you tell the guest you saved $400 by not adding access in the bathroom he's likely to think you do know what you're doing : -)

I agree on the bathroom. But if you cover the game room then he will not have any internet in his bedroom which really sucks. He won't be able to handle late night emails.
 
:D

Bottom line, if i go for a guest network, it has to have same performance as our own wifi network has. My ego would be hurt if i hear one of the visitors' kids bluntly states that our wifi s*cks! o_O

My ego couldn't take either. I have been in homes where I thought their Wi-Fi s**ked. My Wi-Fi is the best of the homes I go into.
 
I agree on the bathroom. But if you cover the game room then he will not have any internet in his bedroom which really sucks. He won't be able to handle late night emails.
He has three APs now. They all have a family SSID and he's happy. We're not changing that. We're simply talking about replacing one AP with one that will support both the family SSID and a guest SSID. "Family" will remain ubiquitous. "Guest" will only be where it's needed.
 
My ego would be hurt if i hear one of the visitors' kids bluntly states that our wifi s*cks!
I look forward to that. Maybe all the kids would go to someone else's house to play for a change <lol>
 
He has three APs now. They all have a family SSID and he's happy. We're not changing that. We're simply talking about replacing one AP with one that will support both the family SSID and a guest SSID. "Family" will remain ubiquitous. "Guest" will only be where it's needed.

To me guess wireless needs to be every where there is regular wireless otherwise I think it looks bad. This is why I run 3 Cisco wireless AP with 2 SSIDs with 1 being guess on all three APs. The roaming is exactly the same for all wireless SSIDs including guess. I went 1 step further to where any guess can also print without any access to the rest of the network.

I put the printers in the guess network and I restrict the guess network but the regular LAN has access to the printers.
 
Last edited:
To me guess wireless needs to be every where there is regular wireless otherwise I think it looks bad. This is why I run 3 Cisco wireless AP with 2 SSIDs with 1 being guess on all three APs. The roaming is exactly the same for all wireless SSIDs including guess. I went 1 step further to where any guess can also print without any access to the rest of the network.
I can't disagree. It's a personal choice. OP has three APs that can't do the job. If he replaces one it's about $200. If he replaces all three it's about $600.

If he implements VLANs he might be able to use the existing APs and get off cheaper but he's already identified a couple hurdles.

Guest printing. Awesome. Can not do that with my Asus guest. I "think" I could with Ruckus. I'll have to check it out later.
 
Last edited:
To me guess wireless needs to be every where there is regular wireless otherwise I think it looks bad. This is why I run 3 Cisco wireless AP with 2 SSIDs with 1 being guess on all three APs. The roaming is exactly the same for all wireless SSIDs including guess. I went 1 step further to where any guess can also print without any access to the rest of the network.

Same reason why i have 3 AP's, one in the living room, one centralized downstairs and one centralized upstairs. I also use one SSID/PW and this works fine including roaming despite the fact that they are different models from different brands and actually routers configured as AP. The kids will be either in the living room or the sitting corner upstairs or alternatively outside which basically means that all 3 AP's are needed to cover that area.

I have been looking at the Ruckus'es now and also at the WAP571. Both seem to be solid solutions. I think my approach will be to replace one with either a WAP or a Ruckus and see if i can get this to work properly, e.g. same coverage as the previous AP and an isolated guest wifi SSID. If i get this to work, i will probably also replace the remaining 2, which will mean i need to add 2 small unmanaged switches to secure the wired network connection of both TV's. The downside is added complexity but the upside is that i can buy 5 port switches that have POE+ so i do not need external power injectors for these 2 AP's.

If he implements VLANs he might be able to use the existing APs and get off cheaper but he's already identified a couple hurdles.
I don't get this statement. I can configure a separate guest-VLAN in my Netgear switch and tag the AP's ports on the switch but if i cannot connect an SSID with the VLAN in the AP, i don't see how that is ever going to work, right?

Just for the record: the AP i would be targetting to replace with either a Ruckus or WAP is the Asus RT-AC88u (simple reason, it hooks up directly to the switch and has nothing else attached to it), which is quite fast (AC3100) with a wide range. You think the WAP or Ruckus could come close?
 
If you are going to use VLANs then a Cisco WAP will work otherwise it sounds like the Ruckus will work without VLANs. I have not used a Ruckus so I can't help you there.

The way it works with VLANs is you assign an SSID to each VLAN. You connect the wireless AP with a trunk port from the switch which carries multiple VLANs on 1 wire. I always assign a network to each VLAN so DHCP is setup for each network which flows through the VLAN assigned in the wireless. By using a network VLAN you have separated the traffic so guest and LAN can not talk to each other. Your router is what routes between network VLANs so they can see each other. I assume you setup DHCP for each network on the router by creating VLAN1 with a network and VLAN2 with a network. I use a layer 3 switch. Your router will need to connect to your switch with a trunk port also so the network VLANs flow router to switch to AP and back. This is the way I configure my network except I do my routing on a layer 3 switch. This is what I know and there may be other ways to accomplish the same thing.

If you use a Cisco router like the RV340 router it supports ACL, access control lists, which allows you to block IP addresses or allow certain IP addresses like printers so you can share just printers. It also supports VLANs. You need to look at your equipment and see what it can do. Ask questions if I am not clear on stuff.

PS
I use all Cisco small business hardware as I know it will all work together and do what I want. It also is very reliable and supported for a long time by Cisco.
 
Last edited:
You think the ... Ruckus could come close?
Raw specs? Ruckus comes up short. Practically speaking? Probably.

What's your Internet service speeds? Mine's 400 x 20 and only one of my wired devices comes close to that (as per Internet speed tests). Most of my wired devices get about 200 to 250 as do my wireless devices whether they're on the main Asus (86U) or the Ruckus. Ruckus range seems better than my Asus.
I don't get this statement. I can configure a separate guest-VLAN in my Netgear switch and tag the AP's ports on the switch but if i cannot connect an SSID with the VLAN in the AP, i don't see how that is ever going to work, right?
Yeah, that was a pretty big hurdle : -)
 
Last edited:
Just as a side-bar do any of the Mesh (Orbi, Eros, Google Wifi, etc.) systems support "guest" in the manner we've been talking about?
 
Just as a side-bar do any of the Mesh (Orbi, Eros, Google Wifi, etc.) systems support "guest" in the manner we've been talking about?
I looked up Google Wifi. They do offer a "guest" button that isolates guests from your private network. They also offer that you can list devices that you want guests to be able to see/use such as printers or TVs (that they could Chromecast to?) and so on.

Usually on a mesh network one of the nodes acts as the router but one of my acquaintances swears you can use a third party router in a Google Wifi mesh. IF he's right it's a dirt cheap (e.g., <$300 for a three pack) possibility?
 
Last edited:
Another note about the Ruckus. You configure one as the "master", the rest as "slaves". You configure the "master". The "slaves" automatically use the "master's" config.
 
Cisco small business APs like the WAP371 support single point setup. Where you setup the first wireless AP which becomes the controller. Then all the additional APs are just joined to the wireless cluster and automatically configured.

If the controller goes down then the cluster automatically promotes a new controller. If the old controller comes back online then it will resume as the controller. It is all self supporting.

PS
Here is a link for setting up guest access on one of the newer Cisco small business wireless APs which does not seem to use VLANs. It is long and detailed like most Cisco stuff.
https://www.cisco.com/c/en/us/suppo...ss-instance-table-on-the-wap125-access-p.html
 
Last edited:
PS
Here is a link for setting up guest access on one of the newer Cisco small business wireless APs which does not seem to use VLANs. It is long and detailed like most Cisco stuff.
https://www.cisco.com/c/en/us/suppo...ss-instance-table-on-the-wap125-access-p.html
I couldn't see from that link how it separates the guest traffic from the LAN. Reading this post suggests that you still have to create VLANs. So these instructions only seem to be concerned with setting up a captive portal.
 
It runs the guest users using captive portal. If you look at the guest user in the display listed there is no VLAN shown so I think VLAN is not required and you have no network access other than internet if you do it this way. There does not seem to be any VLAN required for setup either. What I believe is the user is granted access based on port 80 and that is the only access granted.

Captive portal is very flexible. It can use RADIUS, Active Directory, web pages, and probably more.
 
Last edited:

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top