Meraki

Community

Guest Network using Unifi AP and Meraki Z3

djmaquet
New here
‎Dec 4 2019 7:00 AM
‎Dec 4 2019 7:00 AM

Guest Network using Unifi AP and Meraki Z3

I have a restaurant with a network consisting of a Meraki Z3 and 5 Unifi PRO AP's.  This is hardware that was provided by my POS company, of which I have taken over network support.  I have a guest network SSID created on the APs through the Unifi cloud controller.  The Wireless networks are non-existent in the Meraki dashboard.  I want to create a different subnet so customers can't access my LAN, and so I don't run out of available IP addresses.  I have over 100 reserved for my POS system, printers, Smart TVs, etc.

 

I can't set up a Meraki Guest network on an SSID because it currently shows no active SSIDs.  If I do it on the Unifi controller, I'm pretty sure it won't work since the Meraki is handling all of the IP addresses.  

 

Does anyone have any suggestions on the best way to set this up?  Maybe a VLAN (but on the Meraki or on the Unifi controller?).

 

 

0 Kudos
12 Replies 12
NolanHerring
Kind of a big deal
‎Dec 4 2019 7:08 AM
‎Dec 4 2019 7:08 AM

I'm not sure the Z3 is the right product for your situation, but I've never messed with one so maybe someone else knows something I don't.

You'd be better off getting an MX for the location to handle all dhcp/routing/vlans/dns etc., and the Unifi APs just doing AP stuff, getting dropped off onto a VLAN for management, and the SSID for CORP and SSID for GUEST being different. The connection for the AP's to the switch should be trunk mode. What switch do you have in the mix?
Nolan Herring | nolanwifi.com
TwitterLinkedIn
In response to NolanHerring
djmaquet
New here
‎Dec 4 2019 7:21 AM
‎Dec 4 2019 7:21 AM

The meraki is just plugged into a Netgear ProSafe GS728TP PoE switch..nothing special.  I'm not a network guy, just wondering if there was something simple I could do with what I have.  If I go another route, I will likely switch over to Ubiquiti.

0 Kudos
In response to djmaquet
kYutobi
Kind of a big deal
‎Dec 4 2019 7:28 AM
‎Dec 4 2019 7:28 AM

As @NolanHerring said the Z3 might not be what you need. Unless you're gonna split SSID's by VLAN which I know you said you're not a network guy and I'm not too sure about what that Netgear is capable of but try not to overcomplicate it by doing anything over the top as far as configs.

Enthusiast
In response to kYutobi
djmaquet
New here
‎Dec 4 2019 7:42 AM
‎Dec 4 2019 7:42 AM

Thanks...the Z3 has the capability I believe. Just not sure how to set it up since the APs are really only broadcasting the SSID. But they don't show up in the wireless network settings on the Meraki.
0 Kudos
In response to djmaquet
NolanHerring
Kind of a big deal
‎Dec 4 2019 7:44 AM
‎Dec 4 2019 7:44 AM

Yeah the Ubiquiti access points won't show up on Meraki dashboard at all since its a different vendor etc. You might see client data on the Z3 once they hit it but that is about it. All wireless configs you'll need to do on the unifi controller
Nolan Herring | nolanwifi.com
TwitterLinkedIn
0 Kudos
SoCalRacer
Kind of a big deal
‎Dec 4 2019 7:42 AM
‎Dec 4 2019 7:42 AM

I have done this with a MX and Unifi, but it should work similar with a Z3

 

You need to create a Guest VLAN in the Z3. I use VLAN 10 and then 10.10.10.0/24 typically (DHCP is auto on)

Then go into Unifi controller, go under settings, then networks. Create a new network (VLAN)

Below are the settings I use most of the time. 10.10.10.1 is the MX/Z3 IP for the VLAN you created

 

SoCalRacer_0-1575474032060.png

 

In response to SoCalRacer
djmaquet
New here
‎Dec 4 2019 7:46 AM
‎Dec 4 2019 7:46 AM

Can you show me the VLAN settings in your Merkaki? is 10.10.10.0/24 the subnet or the MX IP?
0 Kudos
In response to SoCalRacer
djmaquet
New here
‎Dec 4 2019 8:05 AM
‎Dec 4 2019 8:05 AM

I set it up like that, rebooted and nothing would connect to my Guest Network. Did you have guest policies enabled or do you have a Guest Group created to limit bandwidth?
0 Kudos
In response to djmaquet
SoCalRacer
Kind of a big deal
‎Dec 4 2019 8:16 AM
‎Dec 4 2019 8:16 AM

SoCalRacer_0-1575476117714.png

 

No but in this situation there is a dumb switch between the AP and the MX, so you may need to tag the port the AP is using on your smart switch 

0 Kudos
In response to djmaquet
Nash
Kind of a big deal
‎Dec 4 2019 8:17 AM
‎Dec 4 2019 8:17 AM

It sounds like you go Z3 -> Netgear switch -> APs. Is that correct?

 

If so, did you run vlans on your Netgear switch as well as on the Z3? Netgear has some okay instructions, and iirc that model ought to support vlans if you can log into the switch to manage it.

 

If you don't have creds for the switch, try the default. If that fails you, there's always factory reset and rebuild. If you're not comfortable with networking, you maybe don't want to do that.

Windows 10 Client VPN scripts: Makes life better!
In response to djmaquet
Uberseehandel
Kind of a big deal
‎Dec 5 2019 3:53 AM
‎Dec 5 2019 3:53 AM

It is a good idea not to mix the sheep with the goats.

 

I have a heterogenic network stack made up of a melange of Meraki and UniFi kit.

There are 3 security appliances (1 x MX, 1 x Z3C, 1 x UniFi USG).

 

The network schema is analagous to an onion with differing layers (onion skins) wrapped around each other.

Each security appliance controls its own switches and WiFi APs. Each security appliance has its own autonomous WiFi subsystem with separate secure and Guest SSIDs. Guest SSIDs are configured as isolated and pass guest originated traffic through to the internet whilst preventing guest users from accessing any local networks and devices, or other guest users.

 

This sounds more complicated than it is, it is solid and survives month in, month out, without maintenance. Which isn't to say that I don't weed out abusive guest users from time to time.

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
0 Kudos
MerakiGeoff
Meraki Employee
Meraki Employee
‎Dec 10 2019 12:12 AM
‎Dec 10 2019 12:12 AM

Hi there,

 

The Z3 is really meant to be used as a teleworker gateway device at home or when traveling so you can connect to it and have a VPN tunnel back to a VPN head-end at a datacenter and access company resources. It is meant for up to 5 clients - your phone, laptop, maybe a tablet. It's not meant to be an edge device or firewall for a substantial network. Depending on how many client devices you're needing to support on the network, you'd be better off with an MX64/65/67/68 (up to 50 clients) or MX84 (up to 200 clients) if you're planning for growth. The MXs are more expensive than the Z3, but are 100% better suited to be an edge firewall. It sounds like you have over 100 devices so an MX84 should be the ticket.

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.