Hi. jmjones gave you good advice. However, we’ve recently done that very thing and our experience has been just a bit different.
Here’s what we did to set up a B20 to work with 4 UniFi APs controlled by a CloudKey (abandoned the Ubiquity java controller running on a PC – really bad memories.) In this network no UniFi Security Gateway is used – that’s the B20’s job and it does it well. (Using v 5.4.11 of the CloudKey controller and v 188.8.131.5201 on the APs.)
Maybe someone has a better idea or can see some “holes” in our approach, but here’s what seems to be working…
On the UniFi controller:
- Set up a guest WLAN and assign a VLAN.to that network. Mark it as a guest network.
- In User Groups set bandwidth limits for guests if desired.
On the B20:
- In LAN | Network | LAN define the guest network with a different subnet than the untagged LAN. Be certain to specify the same VLAN as set with the UniFi controller. Do NOT check inter-VAN routing.
- In Network | Port Settings, set the LAN port(s) to which the AP(s) are connected to the default – access and untagged VLANs. (I’d expect this to be a trunked port, but it seems to work as access/untagged. Maybe jmjones or others have comments here …)
- This may not apply to you, but we also restricted the guest subnet from accessing certain other subnets of interest – Firewall | Access Rules | Internal Network Firewall Rules.
Here’s how we tested: We used Multi-Ping to check (say, every 5 seconds or so) responses from the guest LAN to various addresses on the owner’s (untagged) LAN, the gateway, various well-known WAN addresses, other addresses on the guest LAN, etc. The untagged LAN is not seen from the guest VLAN.
Notes: I understand you always have users on your LAN. Every time you upload a new config to the Ubiquity AP(s) you are going to bounce your users off as the AP(s) reset. Unavoidable. You might consider setting a different/new AP for test purposes if you can’t escape the “production” environment in which you find yourself.
Also, we do not permit UPNP.
Finally … My opinion? If I had a choice between “All Ubiquity” or “all Pepwave/Peplink” – I’d go with the latter – “no brainer.” We’ve been down that road. Ubiquity dumped us in the mud many times. We can always find our way out of the woods with Peplink. Now that the B20’s can act as an AP controller (that was not always the case), the integration between Pep products is better than ever – much tighter and easier to manage. (Side note: The AC Mini AP is really reasonably priced and works well!)
You should be able to get help from the folks from whom you bought the B20. There are also a number of super-competent Partners and consultants here.