I think ther eis going to be an issue with #2 some companies require
there equipment be used for Wifi. Its common even in the instance of
franchised businesses.
On 11/4/25 12:15 PM, Steve Jones wrote:
Unifi is perfect for these locations, this isnt business class tenant
for the most part. Other than the healthcare component in the Physical
therapies, its tattoo shops, coffee shops, health gurus, etc. These
are straight VLAN isolations port-Vlan-Essid and a handoff to a third
party router if they want.
Some of the physical therapies may create a pickle if they hospital
based, one of those requires their Cisco APs. Thats actually one
thats pushed this whole deal. They put those in with rogue AP
mitigation gone wild and way more power than they needed to be inside
the big open area metal building on all the channels because they can.
If this were substantial MDU with business class clients, We would
probably go with fortigate or ruckus.
On Tue, Nov 4, 2025 at 10:21 AM Adam Moffett <[email protected]
<mailto:[email protected]>> wrote:
I think you'll want 802.1x authentication. They are prompted for
a username and password when they try to connect to WiFi. It
needs a AAA server, which might be RADIUS, LDAP, or Windows AD.
Or maybe some combination like a RADIUS server for highest
compatibility with APs, but the RADIUS server is looking at AD.
The AAA server can assign them to a VLAN based on their username.
You could provide one username per tenant and all of their staff
can use the same username, or you can make it per individual user
if you want to manage that. Provide a guest SSID with client
isolation and no access to anyone else's LAN. Those camera and
POS devices can use the guest SSID if they're cloud thingies or
they can use the tenant's 802.1x credentials if they need to be on
the tenant's LAN.
Since you won't be making much, the cost is a factor I know. If it
has to be a unified system those are expensive unless they're
UniFi, and I cannot recommend UniFi in good conscience.
Otherwise, a Linux RADIUS server and look for AP's supporting
802.1X + RADIUS. Netgear APs do it, and so do lots of others.
You can have a heterogenous blend of equipment vendors, and maybe
even incorporate existing hardware, depending on what junk they
bought. This can save you labor in the long run as long as you
have something for the user management that doesn't burn lots of
time. Preconfigure 20 tenant VLANs on the network at each
building. When there's turnover you don't have to change the
network configuration, you just create a new user and assign it to
a VLAN that isn't already assigned to someone else in the
building. You get the call and you're done in 5 minutes unless
they want special stuff, and presumably you're charging something
for the special stuff.
<disclaimer> I've done it in a corporate environment, but not in
an MDU. I don't see why it wouldn't work though.</disclaimer>
-Adam
------------------------------------------------------------------------
*From:* AF <[email protected]
<mailto:[email protected]>> on behalf of Steve Jones
<[email protected] <mailto:[email protected]>>
*Sent:* Monday, November 3, 2025 7:33 PM
*To:* AnimalFarm Microwave Users Group <[email protected]
<mailto:[email protected]>>
*Subject:* Re: [AFMUG] Managed facilities wifi
Yeah, thats where number 3 or 4 come in to play. They can manage
their own ip space.
On Mon, Nov 3, 2025, 6:28 PM Chris Fabien <[email protected]
<mailto:[email protected]>> wrote:
One thing we have run into is needing to somehow provide
support to every vendor someone brings in (cameras, Point of
sale, lottery, etc) that expects to have a dumb tech plug in a
pre-configured wifi system to run their stuff. The worst case
we had was a restaurant POS system that needed its own wifi
router and all the tablets, printers etc were set to static
IPs so there was really no way to use the managed wifi. We
ended up just letting them use it cause the support burden
would have been nuts if we forced them to change.
On Mon, Nov 3, 2025, 12:01 PM Steve Jones
<[email protected] <mailto:[email protected]>>
wrote:
We are going to be taking over some facilities wifi
solutions at some locations. These are mostly gyms that
have various tenants spaces who have had multiple
providers and tenant wireless systems installed in super
close proximity. Not really a new solution or scenario. We
will be installing a unified wireless platform throughout
and a single network drop to each tenant space and provide
3U rackspace dedicated per tenant. In this case the
landlord wants to provide a shared connection for
everybody as part of the lease agreement. But they need
the option for their own service.
This is the boilerplate lease addendum we are looking to
provide. You guys doing this, any other verbage youve
added? We wont be making much on these, probably will
never ROI on the sites where the tenants dont take their
own services.
**LEASE ADDENDUM – MANAGED INTERNET & WI-FI SERVICE**
**Effective Date:** [Insert Date]
**Premises:** [Insert Property Address]
**Landlord:** [Insert Landlord Name]
**Tenant:** [Insert Tenant Name]
In consideration of the mutual covenants herein and to
promote a reliable, interference-free wireless environment
throughout the Premises, Landlord and Tenant agree to
amend the Lease as follows:
1. **Unified Internet & Wi-Fi Solution.** Landlord shall
provide, at Landlord’s sole expense and as an included
amenity within Base Rent, a professionally managed,
single-provider Internet service with:
- One (1) wired Ethernet drop per rental suite
delivering shared broadband capacity; and
- Facility-wide Wi-Fi coverage, including a secure
network for Tenant’s suite and a separate public guest
network.
2. **Prohibition on Tenant-Operated Wi-Fi.** To prevent
radio-frequency interference, signal degradation, and
security conflicts with the managed system, Tenant shall
not install, operate, or maintain any wireless router,
access point, extender, or other Wi-Fi broadcasting device
within the Premises. Any existing Tenant Wi-Fi equipment
must be permanently disabled and removed within ten (10)
days of the Effective Date.
3. **Public Wi-Fi Access.** A shared public Wi-Fi network
is available throughout the entire facility, including
Tenant’s suite, for use by Tenant’s employees, clients,
and guests. This service is provided “as-is” and is
subject to Landlord’s Acceptable Use Policy posted at the
Premises.
4. **No Additional Charge.** The managed Internet and
Wi-Fi services described in Paragraph 1 are furnished free
of charge and are deemed part of the Base Rent. Landlord
reserves the right to modify speed, capacity, or
configuration as technology or demand reasonably requires,
provided equivalent or better service levels are maintained.
5. **Compliance & Enforcement.** Violation of Paragraph 2
shall constitute a material default under the Lease,
subject to all remedies therein, including but not limited
to Landlord’s right to disable non-compliant equipment at
Tenant’s expense.
6. **Entire Agreement.** This Addendum supplements and
forms part of the Lease. All other terms remain in full
force and effect.
---
**OPTIONAL SERVICE ADDENDUM – PREMIUM WI-FI & INTERNET
UPGRADES**
*(Tenant may elect one or more options below by
initialing; fees billed directly by Professional Wi-Fi
Management Company)*
| Option | Description | Tenant Initial |
|--------|-------------|----------------|
| **1** | **Vanity Wireless Network Name** – Custom ESSID
of Tenant’s choice. Wirelessly isolated from other
networks; physical Ethernet port in suite isolated from
facility ports. Bandwidth remains shared. | ______ |
| **2** | **Static Public IP Address** – Dedicated static
IPv4 address assigned to Tenant’s suite via the shared
Internet connection. | ______ |
| **3** | **Independent Internet Connection** – Dedicated
bandwidth circuit purchased by Tenant through Professional
Management Service; delivered via single wired port and
single isolated wireless ESSID. | ______ |
| **4** | **3rd-Party Internet Service** – Tenant-arranged
ISP terminated in building network closet; bridged by
Professional Management Service to Tenant’s isolated
wireless network and in-suite port. | ______ |
| **5** | **Secure Captive Portal Splash Page** –
Custom-branded login page with Tenant-specific Internet
Access Policy, terms acceptance, and optional user
authentication. Applies to Tenant’s isolated network. |
______ |
**Addendum Note 1:** Any new facility-wide wiring or
service drop requires prior written approval from Landlord
and Professional Service Provider.
**Addendum Note 2:** For base service (no paid options
selected), report connectivity issues to Landlord. For any
elected paid option, direct service/support requests to
Professional Service Provider.
IN WITNESS WHEREOF, the parties execute this Addendum as
of the Effective Date.
**LANDLORD:**
_______________________________
[Name & Title]
Date: ________________
**TENANT:**
_______________________________
[Name & Title]
Date: ________________
--
AF mailing list
[email protected] <mailto:[email protected]>
http://af.afmug.com/mailman/listinfo/af_af.afmug.com
--
AF mailing list
[email protected] <mailto:[email protected]>
http://af.afmug.com/mailman/listinfo/af_af.afmug.com
--
AF mailing list
[email protected] <mailto:[email protected]>
http://af.afmug.com/mailman/listinfo/af_af.afmug.com
--
AF mailing list
[email protected]
http://af.afmug.com/mailman/listinfo/af_af.afmug.com
