Yeah, they need to monitor that you stood in front of the pimple cream display and send a digital coupon to your phone for pimple cream. Or on a less negative note, if I sign in to the WiFi at a McDonalds, chances are I will automatically connect to the WiFi at every other McDonalds. Eventually every franchise chain I visit whether fast food or big box store or tire shop, I will automatically have WiFi because my phone has been to one of their stores. Not sure if doctors and lawyers and nail salons care about that.
From: AF <[email protected]> On Behalf Of Trey Scarborough Sent: Tuesday, November 4, 2025 6:02 PM To: [email protected] Subject: Re: [AFMUG] Managed facilities wifi I think ther eis going to be an issue with #2 some companies require there equipment be used for Wifi. Its common even in the instance of franchised businesses. On 11/4/25 12:15 PM, Steve Jones wrote: Unifi is perfect for these locations, this isnt business class tenant for the most part. Other than the healthcare component in the Physical therapies, its tattoo shops, coffee shops, health gurus, etc. These are straight VLAN isolations port-Vlan-Essid and a handoff to a third party router if they want. Some of the physical therapies may create a pickle if they hospital based, one of those requires their Cisco APs. Thats actually one thats pushed this whole deal. They put those in with rogue AP mitigation gone wild and way more power than they needed to be inside the big open area metal building on all the channels because they can. If this were substantial MDU with business class clients, We would probably go with fortigate or ruckus. On Tue, Nov 4, 2025 at 10:21 AM Adam Moffett <[email protected] <mailto:[email protected]> > wrote: I think you'll want 802.1x authentication. They are prompted for a username and password when they try to connect to WiFi. It needs a AAA server, which might be RADIUS, LDAP, or Windows AD. Or maybe some combination like a RADIUS server for highest compatibility with APs, but the RADIUS server is looking at AD. The AAA server can assign them to a VLAN based on their username. You could provide one username per tenant and all of their staff can use the same username, or you can make it per individual user if you want to manage that. Provide a guest SSID with client isolation and no access to anyone else's LAN. Those camera and POS devices can use the guest SSID if they're cloud thingies or they can use the tenant's 802.1x credentials if they need to be on the tenant's LAN. Since you won't be making much, the cost is a factor I know. If it has to be a unified system those are expensive unless they're UniFi, and I cannot recommend UniFi in good conscience. Otherwise, a Linux RADIUS server and look for AP's supporting 802.1X + RADIUS. Netgear APs do it, and so do lots of others. You can have a heterogenous blend of equipment vendors, and maybe even incorporate existing hardware, depending on what junk they bought. This can save you labor in the long run as long as you have something for the user management that doesn't burn lots of time. Preconfigure 20 tenant VLANs on the network at each building. When there's turnover you don't have to change the network configuration, you just create a new user and assign it to a VLAN that isn't already assigned to someone else in the building. You get the call and you're done in 5 minutes unless they want special stuff, and presumably you're charging something for the special stuff. <disclaimer> I've done it in a corporate environment, but not in an MDU. I don't see why it wouldn't work though.</disclaimer> -Adam _____ From: AF <[email protected] <mailto:[email protected]> > on behalf of Steve Jones <[email protected] <mailto:[email protected]> > Sent: Monday, November 3, 2025 7:33 PM To: AnimalFarm Microwave Users Group <[email protected] <mailto:[email protected]> > Subject: Re: [AFMUG] Managed facilities wifi Yeah, thats where number 3 or 4 come in to play. They can manage their own ip space. On Mon, Nov 3, 2025, 6:28 PM Chris Fabien <[email protected] <mailto:[email protected]> > wrote: One thing we have run into is needing to somehow provide support to every vendor someone brings in (cameras, Point of sale, lottery, etc) that expects to have a dumb tech plug in a pre-configured wifi system to run their stuff. The worst case we had was a restaurant POS system that needed its own wifi router and all the tablets, printers etc were set to static IPs so there was really no way to use the managed wifi. We ended up just letting them use it cause the support burden would have been nuts if we forced them to change. On Mon, Nov 3, 2025, 12:01 PM Steve Jones <[email protected] <mailto:[email protected]> > wrote: We are going to be taking over some facilities wifi solutions at some locations. These are mostly gyms that have various tenants spaces who have had multiple providers and tenant wireless systems installed in super close proximity. Not really a new solution or scenario. We will be installing a unified wireless platform throughout and a single network drop to each tenant space and provide 3U rackspace dedicated per tenant. In this case the landlord wants to provide a shared connection for everybody as part of the lease agreement. But they need the option for their own service. This is the boilerplate lease addendum we are looking to provide. You guys doing this, any other verbage youve added? We wont be making much on these, probably will never ROI on the sites where the tenants dont take their own services. **LEASE ADDENDUM – MANAGED INTERNET & WI-FI SERVICE** **Effective Date:** [Insert Date] **Premises:** [Insert Property Address] **Landlord:** [Insert Landlord Name] **Tenant:** [Insert Tenant Name] In consideration of the mutual covenants herein and to promote a reliable, interference-free wireless environment throughout the Premises, Landlord and Tenant agree to amend the Lease as follows: 1. **Unified Internet & Wi-Fi Solution.** Landlord shall provide, at Landlord’s sole expense and as an included amenity within Base Rent, a professionally managed, single-provider Internet service with: - One (1) wired Ethernet drop per rental suite delivering shared broadband capacity; and - Facility-wide Wi-Fi coverage, including a secure network for Tenant’s suite and a separate public guest network. 2. **Prohibition on Tenant-Operated Wi-Fi.** To prevent radio-frequency interference, signal degradation, and security conflicts with the managed system, Tenant shall not install, operate, or maintain any wireless router, access point, extender, or other Wi-Fi broadcasting device within the Premises. Any existing Tenant Wi-Fi equipment must be permanently disabled and removed within ten (10) days of the Effective Date. 3. **Public Wi-Fi Access.** A shared public Wi-Fi network is available throughout the entire facility, including Tenant’s suite, for use by Tenant’s employees, clients, and guests. This service is provided “as-is” and is subject to Landlord’s Acceptable Use Policy posted at the Premises. 4. **No Additional Charge.** The managed Internet and Wi-Fi services described in Paragraph 1 are furnished free of charge and are deemed part of the Base Rent. Landlord reserves the right to modify speed, capacity, or configuration as technology or demand reasonably requires, provided equivalent or better service levels are maintained. 5. **Compliance & Enforcement.** Violation of Paragraph 2 shall constitute a material default under the Lease, subject to all remedies therein, including but not limited to Landlord’s right to disable non-compliant equipment at Tenant’s expense. 6. **Entire Agreement.** This Addendum supplements and forms part of the Lease. All other terms remain in full force and effect. --- **OPTIONAL SERVICE ADDENDUM – PREMIUM WI-FI & INTERNET UPGRADES** *(Tenant may elect one or more options below by initialing; fees billed directly by Professional Wi-Fi Management Company)* | Option | Description | Tenant Initial | |--------|-------------|----------------| | **1** | **Vanity Wireless Network Name** – Custom ESSID of Tenant’s choice. Wirelessly isolated from other networks; physical Ethernet port in suite isolated from facility ports. Bandwidth remains shared. | ______ | | **2** | **Static Public IP Address** – Dedicated static IPv4 address assigned to Tenant’s suite via the shared Internet connection. | ______ | | **3** | **Independent Internet Connection** – Dedicated bandwidth circuit purchased by Tenant through Professional Management Service; delivered via single wired port and single isolated wireless ESSID. | ______ | | **4** | **3rd-Party Internet Service** – Tenant-arranged ISP terminated in building network closet; bridged by Professional Management Service to Tenant’s isolated wireless network and in-suite port. | ______ | | **5** | **Secure Captive Portal Splash Page** – Custom-branded login page with Tenant-specific Internet Access Policy, terms acceptance, and optional user authentication. Applies to Tenant’s isolated network. | ______ | **Addendum Note 1:** Any new facility-wide wiring or service drop requires prior written approval from Landlord and Professional Service Provider. **Addendum Note 2:** For base service (no paid options selected), report connectivity issues to Landlord. For any elected paid option, direct service/support requests to Professional Service Provider. IN WITNESS WHEREOF, the parties execute this Addendum as of the Effective Date. **LANDLORD:** _______________________________ [Name & Title] Date: ________________ **TENANT:** _______________________________ [Name & Title] Date: ________________ -- AF mailing list [email protected] <mailto:[email protected]> http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list [email protected] <mailto:[email protected]> http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list [email protected] <mailto:[email protected]> http://af.afmug.com/mailman/listinfo/af_af.afmug.com
-- AF mailing list [email protected] http://af.afmug.com/mailman/listinfo/af_af.afmug.com
