ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Hotel and wifi isolation question

    Scheduled Pinned Locked Moved IT Discussion
    18 Posts 6 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      biggen @scottalanmiller
      last edited by biggen

      @scottalanmiller I'm not sure I understand your last post. Are you saying that on a Unifi setup with L2 isolation activated that clients can or can't talk to other clients on different APs even on the same SSID?

      Edit: So just playing with a spare Unifi AP, enabling "guest network" for a SSID fully isolates clients not only connected to the AP, but also all clients in the subnet even if those clients are plugged into a physical port on the switch. So the AP must drop all unicast destined frames which is nice.

      So my brainstorming becomes a rather trivial setup of placing all the APs onto one VLAN and make sure all APs are broadcasting the same SSID with guest network checked in the controller (for Unifi). Then downstream at the router, prevent the wifi guest VLAN from accessing any other VLAN internally.

      Next time I check into a hotel I'm going to fire up nmap and see how locked down they are.

      scottalanmillerS 2 Replies Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller @biggen
        last edited by

        @biggen said in Hotel and wifi isolation question:

        I'm not sure I understand your last post. Are you saying that on a Unifi setup with L2 isolation activated that clients can or can't talk to other clients on different APs even on the same SSID?

        I'm saying that the default private isolation let's them talk to the gateway and nothing on the LAN whatsoever.

        1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller @biggen
          last edited by

          @biggen said in Hotel and wifi isolation question:

          So my brainstorming becomes a rather trivial setup of placing all the APs onto one VLAN and make sure all APs are broadcasting the same SSID with guest network checked in the controller (for Unifi). Then downstream at the router, prevent the wifi guest VLAN from accessing any other VLAN internally.

          The point of the system is to remove the need for VLANs.

          B 1 Reply Last reply Reply Quote 0
          • B
            biggen @scottalanmiller
            last edited by biggen

            @scottalanmiller said in Hotel and wifi isolation question:

            @biggen said in Hotel and wifi isolation question:

            So my brainstorming becomes a rather trivial setup of placing all the APs onto one VLAN and make sure all APs are broadcasting the same SSID with guest network checked in the controller (for Unifi). Then downstream at the router, prevent the wifi guest VLAN from accessing any other VLAN internally.

            The point of the system is to remove the need for VLANs.

            Iโ€™d still like a separate network for guest wifi and separate network for corporate trusted wifi. So, no, a vlan isnโ€™t needed I suppose. The two networks just need different subnets.

            scottalanmillerS 1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller @biggen
              last edited by

              @biggen said in Hotel and wifi isolation question:

              @scottalanmiller said in Hotel and wifi isolation question:

              @biggen said in Hotel and wifi isolation question:

              So my brainstorming becomes a rather trivial setup of placing all the APs onto one VLAN and make sure all APs are broadcasting the same SSID with guest network checked in the controller (for Unifi). Then downstream at the router, prevent the wifi guest VLAN from accessing any other VLAN internally.

              The point of the system is to remove the need for VLANs.

              Iโ€™d still like a separate network for guest wifi and separate network for corporate trusted wifi. So, no, a vlan isnโ€™t needed I suppose. The two networks just need different subnets.

              The guest traffic, in this case, is never on the network at all. It is end to end isolated to the firewall. Or you can think of it as automatic VLANs. But you don't need to deal with VLANs whatsoever if you don't want to.

              B 1 Reply Last reply Reply Quote 1
              • B
                biggen @scottalanmiller
                last edited by biggen

                @scottalanmiller Yup I understand. But my brain would have a hard to dumping wifi guests and corporate services all in the same subnet even if it knew the guests were already isolated. Personally, I'd rather do two VLANs in this case. Would be easy to remember that wifi guests are on 10.100.100.0/24 and corporate is on 10.200.200.0/24. ๐Ÿ™‚

                DashrenderD 1 Reply Last reply Reply Quote 0
                • DashrenderD
                  Dashrender @biggen
                  last edited by

                  @biggen said in Hotel and wifi isolation question:

                  @scottalanmiller Yup I understand. But my brain would have a hard to dumping wifi guests and corporate services all in the same subnet even if it knew the guests were already isolated. Personally, I'd rather do two VLANs in this case. Would be easy to remember that wifi guests are on 10.100.100.0/24 and corporate is on 10.200.200.0/24. ๐Ÿ™‚

                  Personally, I'd do a /23 or /22, it's just not worth the headache of growth in the future...

                  scottalanmillerS 1 Reply Last reply Reply Quote 2
                  • scottalanmillerS
                    scottalanmiller @Dashrender
                    last edited by

                    @dashrender said in Hotel and wifi isolation question:

                    @biggen said in Hotel and wifi isolation question:

                    @scottalanmiller Yup I understand. But my brain would have a hard to dumping wifi guests and corporate services all in the same subnet even if it knew the guests were already isolated. Personally, I'd rather do two VLANs in this case. Would be easy to remember that wifi guests are on 10.100.100.0/24 and corporate is on 10.200.200.0/24. ๐Ÿ™‚

                    Personally, I'd do a /23 or /22, it's just not worth the headache of growth in the future...

                    Especially on the guest network. That can get a lot of devices really quickly. Any given guest room could easily hook up eight devices!

                    dafyreD 1 Reply Last reply Reply Quote 0
                    • dafyreD
                      dafyre @scottalanmiller
                      last edited by

                      @scottalanmiller Or more if @scottalanmiller's family visits.

                      scottalanmillerS 1 Reply Last reply Reply Quote 0
                      • scottalanmillerS
                        scottalanmiller @dafyre
                        last edited by

                        @dafyre said in Hotel and wifi isolation question:

                        @scottalanmiller Or more if @scottalanmiller's family visits.

                        Fo sho!

                        My kids each hook up a laptop, phone, Nintendo Switch, Amazon Tablet, iPad, and possibly more like instantly.

                        DustinB3403D 1 Reply Last reply Reply Quote 0
                        • DustinB3403D
                          DustinB3403 @scottalanmiller
                          last edited by

                          @scottalanmiller said in Hotel and wifi isolation question:

                          @dafyre said in Hotel and wifi isolation question:

                          @scottalanmiller Or more if @scottalanmiller's family visits.

                          Fo sho!

                          My kids each hook up a laptop, phone, Nintendo Switch, Amazon Tablet, iPad, and possibly more like instantly.

                          Well I mean the iPads are going bye-bye with this recent announcement from Apple, no?

                          scottalanmillerS 1 Reply Last reply Reply Quote 0
                          • scottalanmillerS
                            scottalanmiller @DustinB3403
                            last edited by

                            @dustinb3403 said in Hotel and wifi isolation question:

                            @scottalanmiller said in Hotel and wifi isolation question:

                            @dafyre said in Hotel and wifi isolation question:

                            @scottalanmiller Or more if @scottalanmiller's family visits.

                            Fo sho!

                            My kids each hook up a laptop, phone, Nintendo Switch, Amazon Tablet, iPad, and possibly more like instantly.

                            Well I mean the iPads are going bye-bye with this recent announcement from Apple, no?

                            Yup. Xiaomi has a new tablet being announced THIS WEEK. I'm pretty excited. I hope that it is available quickly as I was about to buy an iPad for myself and this looks like a way better option. However, rumor is that no "mini" size is coming in the announcement this week ๐Ÿ˜ž

                            1 Reply Last reply Reply Quote 0
                            • 1 / 1
                            • First post
                              Last post