Set up new WLAN (SSID) for guest network on UniFi Controller
In many environments, it makes sense to offer a separate guest network. This allows visitors or external service providers to securely access the Internet without putting the internal company network at risk. This article explains how to create a new SSID on a UniFi Controller and assign it to an existing VLAN (e.g. VLAN for guests).
Requirements
- UniFi Controller with access to the web interface.
- Already configured VLAN (configure VLAN on Sophos Firewall and UniFi Switch).
- VLAN ID and the associated firewall rules are set up.
Create a new SSID for the guest network
Open UniFi Controller
- Log in to your UniFi Controller.
- Go to Settings in the menu on the left.
Call up WLAN settings
- Select WiFi in the left-hand area.
- You will see an overview of your existing WLAN networks (SSIDs).
Create new SSID
- Click on Create New.
- Assign a name for the network, e.g. GUEST.
- Set a password that guests should use. Make sure it is sufficiently complex.
Assign VLAN
- In the settings under Network, you can now define the previously created VLAN.
- Select the previously created VLAN for the guest network (e.g. WLAN Guest).
Advanced settings (optional)
- Under Advanced, you can configure further options, e.g. Guest Portal, Hotspot 2.0, Captive Portal or Bandwidth Limits.
- If required, activate Guest Policies to further secure the network (e.g. isolate clients from each other).
Save and apply
- Finally, click on Add WiFi Network to create the new SSID.
- After a short time, the WLAN should be visible to guests.
Checking the configuration
- Connection attempt: Connect to the new WLAN as a test and check whether you receive a correct IP address from the guest VLAN (if a DHCP Server has already been set up in the network).
- Firewall rules: Check Sophos Firewall (or your gateway firewall) to see whether the appropriate rules apply.
- Client isolation: Ensure that guests can only access the Internet and cannot reach any other VLANs or devices in the internal network.