The „WLAN problem“ still exists in many companies. How can I cost-effectively set up a campus WLAN? You will often find solutions from Cisco or Aruba (HPE) – but a Cisco access point costs over 500€ – and only one! In addition then the controller, licenses etc.It looks exactly the same with the new market companions from the UTM market.
But there are alternatives! Of course you have to make a few compromises – that’s clear. A 150€ device cannot offer all functions of a 500€ device, but all in all Ubiquiti has brought a good alternative with its Unifi series on the market. At one of our customers we are currently setting up a company-wide WLAN over the entire factory site – and this will be described in this series.
Target position
The aim is to cover the entire site with WLAN in order to relieve the data tariffs of company mobile phones, to provide an area-wide guest WLAN and to enable hand scanners in production to book directly in the ERP system. Three very different applications, but with the Ubiquiti Accesspoints we can map all this.
Depending on the WLAN network, authentication is to be carried out using RADIUS authentication, voucher codes or certificates. The certificates are distributed to the devices via the Mobile Device Management (MDM) system or Windows Group Policies.
The surroundings
The network consists of a Sophos XG Firewall, HP Switches and Ubiquiti Access Points (UAP-AC-PRO). In this case, the hotspot portal of the guest WLAN is provided via the Sophos XG and not the Unifi Software.
The Consept
Three VLANs responsible for the WLAN SSIDs are stretched over the existing Network:
[table id=5 /]
The three SSIDs broadcast from all access points, so that „zero-handoff“ roamings allow you to switch between access points without losing connection. So even Skype calls should survive roaming – we will definitely test that. The VLANs separate the network traffic cleanly from each other and can be terminated and filtered at the firewall. This ensures that access to the internal network is only possible via VPN – there is no direct connection from the WLAN. If required, a certificate-based SSL VPN is automatically established in the background on the hand scanners.
In the next parts, detailed planning and technical implementation will follow with the help of Unifi software and Ubiquiti access points.
Enterprise WLAN Part 1 – The Introduction
Enterprise WLAN Part 2 – The network structure
Enterprise WLAN Part 3 – The Setup of Unifi Software
[table id=6 /]
