WLAN for guests without computer object in the UCS


As per the default, I have configured all the network devices in the UCS as a machine object. Then the clients get an IP from the UCS DHCP and can use the network.

For guests who want to use the WLAN and only need Internet access, this is inconvenient.

What is the best way to configure a guest WLAN? I need an additional WLAN AP. However, when I connect this to the LAN, they do not get an IP from the UCS.

Is it better to hang the new AP in the DMZ and let the pfSense assign an IP to the clients in the DMZ?

How did you do that?

with best

it’s simple…
add a new SSID into your wifi infrastructure, if it is good WIFI kit , it will allow you to assign a different vlan per SSID.

NEVER put a guest wifi on your corporate network subnet, even with VLANS.
I have seen masses of compromised mobile devices running probes against infrastructure, plus it bridges the service providers WAN to your local LAN around your firewalls & security.
PLEASE remember on a compromised device… they can easily bind other VLANS at the device end to probe Vlaned networks…

so basically give all your WIFI hardware kit a subnet NOT on your corporate network.(for management)
Set multiple SSID on your wifi kit with their own VLANS.
route each VLAN over the WIFI kits subnet

route each VLAN as you see fit ,
but ideally your guest NW should not be pulling info (DHCP/DNS) from your AD directly even over a vlan…, incase of zerodays against the DHCP & DNS infrastructure.


You could intercept it all at your switch before the FW & provide DHCP & DNS services & re-directors on the switch for that specific vlan, before it even hits your corporate stuff., then get it out of your network… directly to your firewall. where you would un-vlan it…

Ok, thanks for the info. I will test the solution like this. Yes, I know about the problem with compromised devices and that’s why I asked the question.

The devices from “guests” are not under my control and therefore should not come into contact with the internal LAN infrastructure.