I work for a small business (~20 employees) that needs Wi-Fi coverage across two large shop buildings and the adjoining offices, as well as the loading areas outside the buildings. I installed 6 Ubiquiti access points (3 unify 6 Pro's, 2 unify 6+, one unify 6 mesh) which checked all those boxes. All have been wired for ethernet backhaul / POE and I get decent signal strength and throughput in all the areas we require.
My question pertains to how I can separate the APs from the company LAN/domain to keep Wi-Fi clients separate from the main 192.168.1.x subnet.
The backstory: we had an IT guy (friend of a friend type) that installed a Netgear Orbi Wifi-6 system. He started with a router and two satellites, the latter in a mesh configuration (no ethernet). Signal was poor / non-existent in many areas and his solution was to keep adding satellites. He finally decided to wire some with ethernet but it never worked right. Anytime the ethernet cable was plugged into one, the whole Wi-Fi system went down. He spent literally months trying to troubleshoot with Netgear, threw in the towel, and just installed various Wi-Fi routers in different locations with the same SSID and gave up on the Orbi satellites. The challenge with this is the clients didn't transition well-- they'd hold onto a low signal far too long where the device was essentially dead to Wi-Fi and not move onto the closer one, rendering nearly our entire loading area void of Wi-Fi.
Management engaged me to set up an Ubiquiti system, which I recommended and used plenty in the past. But I need to get security ironed out. The Wi-Fi clients (tablets) need to access internet, but also some server resources (databases) on the LAN. I'd like to keep them separate from the 192.168.1.x subnet, however. I noticed the previous IT fella had his Orbi equipment assigning clients a 192.168.20.x IP address, yet it still played nice with the server and fetched stuff off the web.
Obviously the Ubiquti access points I've installed are just that, so they find the DHCP server and get assigned a 192.168.1.x address, as do all the clients. Right now I'm just using the Windows-based controller which lets me monitor and configure the APs. I'm assuming I need to have some additional hardware to get this right. I've plenty of experience with home networking, less so in a business environment where security isn't just a consideration. I don't think I'm over my head or anything, but realize I need some help setting this up properly. Any pointers / advise / suggestions on how to get this system setup right? If there's anything I left out, just ask and I'll reply promptly.
My question pertains to how I can separate the APs from the company LAN/domain to keep Wi-Fi clients separate from the main 192.168.1.x subnet.
The backstory: we had an IT guy (friend of a friend type) that installed a Netgear Orbi Wifi-6 system. He started with a router and two satellites, the latter in a mesh configuration (no ethernet). Signal was poor / non-existent in many areas and his solution was to keep adding satellites. He finally decided to wire some with ethernet but it never worked right. Anytime the ethernet cable was plugged into one, the whole Wi-Fi system went down. He spent literally months trying to troubleshoot with Netgear, threw in the towel, and just installed various Wi-Fi routers in different locations with the same SSID and gave up on the Orbi satellites. The challenge with this is the clients didn't transition well-- they'd hold onto a low signal far too long where the device was essentially dead to Wi-Fi and not move onto the closer one, rendering nearly our entire loading area void of Wi-Fi.
Management engaged me to set up an Ubiquiti system, which I recommended and used plenty in the past. But I need to get security ironed out. The Wi-Fi clients (tablets) need to access internet, but also some server resources (databases) on the LAN. I'd like to keep them separate from the 192.168.1.x subnet, however. I noticed the previous IT fella had his Orbi equipment assigning clients a 192.168.20.x IP address, yet it still played nice with the server and fetched stuff off the web.
Obviously the Ubiquti access points I've installed are just that, so they find the DHCP server and get assigned a 192.168.1.x address, as do all the clients. Right now I'm just using the Windows-based controller which lets me monitor and configure the APs. I'm assuming I need to have some additional hardware to get this right. I've plenty of experience with home networking, less so in a business environment where security isn't just a consideration. I don't think I'm over my head or anything, but realize I need some help setting this up properly. Any pointers / advise / suggestions on how to get this system setup right? If there's anything I left out, just ask and I'll reply promptly.