Unifi is perfect for these locations, this isnt business class tenant for the most part. Other than the healthcare component in the Physical therapies, its tattoo shops, coffee shops, health gurus, etc. These are straight VLAN isolations port-Vlan-Essid and a handoff to a third party router if they want.
Some of the physical therapies may create a pickle if they hospital based, one of those requires their Cisco APs. Thats actually one thats pushed this whole deal. They put those in with rogue AP mitigation gone wild and way more power than they needed to be inside the big open area metal building on all the channels because they can. If this were substantial MDU with business class clients, We would probably go with fortigate or ruckus. On Tue, Nov 4, 2025 at 10:21 AM Adam Moffett <[email protected]> wrote: > I think you'll want 802.1x authentication. They are prompted for a > username and password when they try to connect to WiFi. It needs a AAA > server, which might be RADIUS, LDAP, or Windows AD. Or maybe some > combination like a RADIUS server for highest compatibility with APs, but > the RADIUS server is looking at AD. The AAA server can assign them to a > VLAN based on their username. You could provide one username per tenant > and all of their staff can use the same username, or you can make it per > individual user if you want to manage that. Provide a guest SSID with > client isolation and no access to anyone else's LAN. Those camera and POS > devices can use the guest SSID if they're cloud thingies or they can use > the tenant's 802.1x credentials if they need to be on the tenant's LAN. > > Since you won't be making much, the cost is a factor I know. If it has to > be a unified system those are expensive unless they're UniFi, and I cannot > recommend UniFi in good conscience. > > Otherwise, a Linux RADIUS server and look for AP's supporting 802.1X + > RADIUS. Netgear APs do it, and so do lots of others. You can have a > heterogenous blend of equipment vendors, and maybe even incorporate > existing hardware, depending on what junk they bought. This can save you > labor in the long run as long as you have something for the user management > that doesn't burn lots of time. Preconfigure 20 tenant VLANs on the > network at each building. When there's turnover you don't have to change > the network configuration, you just create a new user and assign it to a > VLAN that isn't already assigned to someone else in the building. You get > the call and you're done in 5 minutes unless they want special stuff, and > presumably you're charging something for the special stuff. > > <disclaimer> I've done it in a corporate environment, but not in an MDU. > I don't see why it wouldn't work though.</disclaimer> > > -Adam > > > > > ------------------------------ > *From:* AF <[email protected]> on behalf of Steve Jones < > [email protected]> > *Sent:* Monday, November 3, 2025 7:33 PM > *To:* AnimalFarm Microwave Users Group <[email protected]> > *Subject:* Re: [AFMUG] Managed facilities wifi > > Yeah, thats where number 3 or 4 come in to play. They can manage their own > ip space. > > > On Mon, Nov 3, 2025, 6:28 PM Chris Fabien <[email protected]> wrote: > > One thing we have run into is needing to somehow provide support to every > vendor someone brings in (cameras, Point of sale, lottery, etc) that > expects to have a dumb tech plug in a pre-configured wifi system to run > their stuff. The worst case we had was a restaurant POS system that needed > its own wifi router and all the tablets, printers etc were set to static > IPs so there was really no way to use the managed wifi. We ended up just > letting them use it cause the support burden would have been nuts if we > forced them to change. > > On Mon, Nov 3, 2025, 12:01 PM Steve Jones <[email protected]> > wrote: > > We are going to be taking over some facilities wifi solutions at some > locations. These are mostly gyms that have various tenants spaces who have > had multiple providers and tenant wireless systems installed in super close > proximity. Not really a new solution or scenario. We will be installing a > unified wireless platform throughout and a single network drop to each > tenant space and provide 3U rackspace dedicated per tenant. In this case > the landlord wants to provide a shared connection for everybody as part of > the lease agreement. But they need the option for their own service. > This is the boilerplate lease addendum we are looking to provide. You guys > doing this, any other verbage youve added? We wont be making much on these, > probably will never ROI on the sites where the tenants dont take their own > services. > > **LEASE ADDENDUM – MANAGED INTERNET & WI-FI SERVICE** > > **Effective Date:** [Insert Date] > **Premises:** [Insert Property Address] > **Landlord:** [Insert Landlord Name] > **Tenant:** [Insert Tenant Name] > > In consideration of the mutual covenants herein and to promote a reliable, > interference-free wireless environment throughout the Premises, Landlord > and Tenant agree to amend the Lease as follows: > > 1. **Unified Internet & Wi-Fi Solution.** Landlord shall provide, at > Landlord’s sole expense and as an included amenity within Base Rent, a > professionally managed, single-provider Internet service with: > - One (1) wired Ethernet drop per rental suite delivering shared > broadband capacity; and > - Facility-wide Wi-Fi coverage, including a secure network for Tenant’s > suite and a separate public guest network. > > 2. **Prohibition on Tenant-Operated Wi-Fi.** To prevent radio-frequency > interference, signal degradation, and security conflicts with the managed > system, Tenant shall not install, operate, or maintain any wireless router, > access point, extender, or other Wi-Fi broadcasting device within the > Premises. Any existing Tenant Wi-Fi equipment must be permanently disabled > and removed within ten (10) days of the Effective Date. > > 3. **Public Wi-Fi Access.** A shared public Wi-Fi network is available > throughout the entire facility, including Tenant’s suite, for use by > Tenant’s employees, clients, and guests. This service is provided “as-is” > and is subject to Landlord’s Acceptable Use Policy posted at the Premises. > > 4. **No Additional Charge.** The managed Internet and Wi-Fi services > described in Paragraph 1 are furnished free of charge and are deemed part > of the Base Rent. Landlord reserves the right to modify speed, capacity, or > configuration as technology or demand reasonably requires, provided > equivalent or better service levels are maintained. > > 5. **Compliance & Enforcement.** Violation of Paragraph 2 shall constitute > a material default under the Lease, subject to all remedies therein, > including but not limited to Landlord’s right to disable non-compliant > equipment at Tenant’s expense. > > 6. **Entire Agreement.** This Addendum supplements and forms part of the > Lease. All other terms remain in full force and effect. > > --- > > **OPTIONAL SERVICE ADDENDUM – PREMIUM WI-FI & INTERNET UPGRADES** > *(Tenant may elect one or more options below by initialing; fees billed > directly by Professional Wi-Fi Management Company)* > > | Option | Description | Tenant Initial | > |--------|-------------|----------------| > | **1** | **Vanity Wireless Network Name** – Custom ESSID of Tenant’s > choice. Wirelessly isolated from other networks; physical Ethernet port in > suite isolated from facility ports. Bandwidth remains shared. | ______ | > | **2** | **Static Public IP Address** – Dedicated static IPv4 address > assigned to Tenant’s suite via the shared Internet connection. | ______ | > | **3** | **Independent Internet Connection** – Dedicated bandwidth > circuit purchased by Tenant through Professional Management Service; > delivered via single wired port and single isolated wireless ESSID. | > ______ | > | **4** | **3rd-Party Internet Service** – Tenant-arranged ISP terminated > in building network closet; bridged by Professional Management Service to > Tenant’s isolated wireless network and in-suite port. | ______ | > | **5** | **Secure Captive Portal Splash Page** – Custom-branded login > page with Tenant-specific Internet Access Policy, terms acceptance, and > optional user authentication. Applies to Tenant’s isolated network. | > ______ | > > **Addendum Note 1:** Any new facility-wide wiring or service drop requires > prior written approval from Landlord and Professional Service Provider. > **Addendum Note 2:** For base service (no paid options selected), report > connectivity issues to Landlord. For any elected paid option, direct > service/support requests to Professional Service Provider. > > IN WITNESS WHEREOF, the parties execute this Addendum as of the Effective > Date. > > **LANDLORD:** > _______________________________ > [Name & Title] > Date: ________________ > > **TENANT:** > _______________________________ > [Name & Title] > Date: ________________ > -- > AF mailing list > [email protected] > http://af.afmug.com/mailman/listinfo/af_af.afmug.com > > -- > AF mailing list > [email protected] > http://af.afmug.com/mailman/listinfo/af_af.afmug.com > > -- > AF mailing list > [email protected] > http://af.afmug.com/mailman/listinfo/af_af.afmug.com >
-- AF mailing list [email protected] http://af.afmug.com/mailman/listinfo/af_af.afmug.com
