Affordable Enterprise WLAN with Ubiquiti Unifi (Part 1)

The “WLAN problem” still exists in many companies. How can I cost-effectively set up a campus WLAN? You will often find solutions from Cisco or Aruba (HPE) – but a Cisco access point costs over 500€ – and only one! In addition then the controller, licenses etc.It looks exactly the same with the new market companions from the UTM market.

But there are alternatives! Of course you have to make a few compromises – that’s clear. A 150€ device cannot offer all functions of a 500€ device, but all in all Ubiquiti has brought a good alternative with its Unifi series on the market. At one of our customers we are currently setting up a company-wide WLAN over the entire factory site – and this will be described in this series.

Target position

The aim is to cover the entire site with WLAN in order to relieve the data tariffs of company mobile phones, to provide an area-wide guest WLAN and to enable hand scanners in production to book directly in the ERP system. Three very different applications, but with the Ubiquiti Accesspoints we can map all this.

Depending on the WLAN network, authentication is to be carried out using RADIUS authentication, voucher codes or certificates. The certificates are distributed to the devices via the Mobile Device Management (MDM) system or Windows Group Policies.

The surroundings

The network consists of a Sophos XG Firewall, HP Switches and Ubiquiti Access Points (UAP-AC-PRO). In this case, the hotspot portal of the guest WLAN is provided via the Sophos XG and not the Unifi Software.

The Consept

Three VLANs responsible for the WLAN SSIDs are stretched over the existing Network:

VLAN IDBezeichnung (SSID)Beschreibung
100mobileaccessWLAN für Handys und Tablets
101guestaccessWLAN für Gäste
102productionaccessProduktionsnetz für WLAN Handscanner

The three SSIDs broadcast from all access points, so that “zero-handoff” roamings allow you to switch between access points without losing connection. So even Skype calls should survive roaming – we will definitely test that. The VLANs separate the network traffic cleanly from each other and can be terminated and filtered at the firewall. This ensures that access to the internal network is only possible via VPN – there is no direct connection from the WLAN. If required, a certificate-based SSL VPN is automatically established in the background on the hand scanners.

In the next parts, detailed planning and technical implementation will follow with the help of Unifi software and Ubiquiti access points.

Enterprise WLAN Part 1 – The Introduction
Enterprise WLAN Part 2 – The network structure
Enterprise WLAN Part 3 – The Setup of Unifi Software

Mobile Device Management // SOTI MobiControl
SOTI MobiControl is a mobile device management system that can be used to manage Android, iOS, Windows Phone and Windows Desktop devices. All device-specific settings can be configured and controlled.
- Soliton MobiControl provides you with a sophisticated Mobile Device and Mobile Application Management System, with which you can manage all your devices.
- Supports Android, iOS or Windows Phone/Mobile devices
- Integration with Apple DEP and VPP
- Locate, lock and erase devices in the blink of an eye
Further information on the

Share this post

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email