Ubiquiti for guest network in business environment


[H]F Junkie
Jul 27, 2006

This is a learning opportunity for me.

At the present time the client has a Netgear AC1900 DD-WRT router with an HP server running DHCP, DNS, AD/DC, file server, print server, Quickbooks server functions. All the workstations connect via 5GHz Wi-Fi.

Owner has agreed to grant access to next door neighbor business and will be upgrading the internet connection plan to accommodate. However, the Wi-Fi signal is not strong enough so a solution needs to be deployed without mounting anything outdoors. The owner tried running a 60ft CAT5e cable from the server room into the attic nearest to the neighboring business and hooked it up to his personal Apple Wi-Fi router but was not able to get enough range (building has brick walls).

The UAP-AC-PRO with the UC-CK will be able to satisfy the range and features guest networking. It will allow me to disable Wi-Fi on the Netgear AC1900 DD-WRT router and move the live production Wi-Fi to the Ubiquiti WAP.

Here's the next problem: isolating live production and guest networks.

So I know with minimal experience that you can set VLAN tags on SSIDs for Ubiquiti wireless systems. What else do I need? How do I set it up?

I am guessing: perhaps I need a US‑8‑150W and a USG so that I could tag live production SSIDs as 10 and guest network SSID as 20, and then plug the Netgear AC1900 DD-WRT router and UAP-AC-PRO into the US-8-150W. Is this how it works? How would I configure the VLAN routing?
Last edited:
You can VLAN it out or the Ubiquiti's can do a dedicated Guest network isolating all of its traffic to the internet only. Depending on the Range to the neighbor needed, you might look into Open Mesh which offers a more flexible guest SSID and has Easy Mesh functionality baked in. If you are looking to kill Wifi on the Netgear, then look ar an MR1750 (High power 2.4Ghz and 5 Ghz) as the Main AP and OM5P-AC as a repeater in the neighbor's space. Otherwise, keep WiFi on the existing Netgear and use a OP2P-HS (High Power 2.4Ghz) at the main location and another in the Neighbor's space to repeat the SSID. Utilize the Guest SSID only and your golden.
I just remembered this as well: the Netgear AC1900 DD-WRT router is plugged into an AT&T modem-router (which has Wi-Fi disabled). Coincidentally this is good for this situation because then all we need to do is get a WAP that supports client isolation and guest networking --> plug the WAP into the AT&T modem-router. Even if client isolation and guest networking were disabled they would not be able to get into the live production network due to the security and firewalling of DD-WRT (and it's a different private IP class on the LAN live production network vs what the AT&T modem-router uses)).

The distance to the neighbors is about 150 feet with a 6-8" cinder/brick wall + a few non-brick and metal walls between where we would deploy a WAP and the farthest point in the neighbor's building.

EDIT: Do you know if the OM2P-HS comes with a PoE injector? And a single unit is enough to get things working as long as it is plugged into a router that has internet connectivity?
Last edited:
Open Mesh gear can act as repeaters when connecting with other Open Mesh, rather than functioning as generic repeater. So, you'd need an initial device first as close to the outside of the building as possible and then the remote unit in the other building. And, no the HS does not come with an injector, but if you have old Ubiquiti 1st gen injectors (24v), they are compatible.

Given the new information regarding distance and walls, I'd opt more for a real method of distribution via point-to-point WiFi. Maybe some Ubiquiti Nanobeam AC's between buildings to feed whatever WiFi system you want in the remote location.
So we would still be able to use the Open Mesh, just need to use a P2P to bridge the airspace between the two buildings.
Yes you can, but with the P2P bridge in place, the APs would be not be utilizing the mesh aspect. Each would be an autonomous AP.
After further research I sent the client a basic list of options in addition to how much it will cost (labor excluding) for equipment, tools, and cabling:
  • Reconsider and do not share internet, have neighbor get their own ISP subscription
  • Call local cabling company whose work I have seen at my previous workplace for our manufacturing facilities and have them quote a fiber building-to-building run + get the Open Mesh WAP to deploy in the neighbor's building
  • Get the Open Mesh OM2P-HS, mount inside in attic nearest to neighbor, and simply be accepting that it will probably not provide 100% satisfactory coverage and performance