Landlord on these locations said he won't allow 3rd party wifi, hes got that right. But when the revenue passes by he might change. I may look at a channel carveout to the Lease update for him to add.
Worst comes to worst, we pull our bandwidth and access points, it's not like this is a cash cow. On Tue, Nov 4, 2025, 5:02 PM Trey Scarborough <[email protected]> wrote: > I think ther eis going to be an issue with #2 some companies require there > equipment be used for Wifi. Its common even in the instance of franchised > businesses. > On 11/4/25 12:15 PM, Steve Jones wrote: > > Unifi is perfect for these locations, this isnt business class tenant for > the most part. Other than the healthcare component in the Physical > therapies, its tattoo shops, coffee shops, health gurus, etc. These are > straight VLAN isolations port-Vlan-Essid and a handoff to a third party > router if they want. > > Some of the physical therapies may create a pickle if they hospital based, > one of those requires their Cisco APs. Thats actually one thats pushed this > whole deal. They put those in with rogue AP mitigation gone wild and way > more power than they needed to be inside the big open area metal building > on all the channels because they can. > > If this were substantial MDU with business class clients, We would > probably go with fortigate or ruckus. > > On Tue, Nov 4, 2025 at 10:21 AM Adam Moffett <[email protected]> wrote: > >> I think you'll want 802.1x authentication. They are prompted for a >> username and password when they try to connect to WiFi. It needs a AAA >> server, which might be RADIUS, LDAP, or Windows AD. Or maybe some >> combination like a RADIUS server for highest compatibility with APs, but >> the RADIUS server is looking at AD. The AAA server can assign them to a >> VLAN based on their username. You could provide one username per tenant >> and all of their staff can use the same username, or you can make it per >> individual user if you want to manage that. Provide a guest SSID with >> client isolation and no access to anyone else's LAN. Those camera and POS >> devices can use the guest SSID if they're cloud thingies or they can use >> the tenant's 802.1x credentials if they need to be on the tenant's LAN. >> >> Since you won't be making much, the cost is a factor I know. If it has >> to be a unified system those are expensive unless they're UniFi, and I >> cannot recommend UniFi in good conscience. >> >> Otherwise, a Linux RADIUS server and look for AP's supporting 802.1X + >> RADIUS. Netgear APs do it, and so do lots of others. You can have a >> heterogenous blend of equipment vendors, and maybe even incorporate >> existing hardware, depending on what junk they bought. This can save you >> labor in the long run as long as you have something for the user management >> that doesn't burn lots of time. Preconfigure 20 tenant VLANs on the >> network at each building. When there's turnover you don't have to change >> the network configuration, you just create a new user and assign it to a >> VLAN that isn't already assigned to someone else in the building. You get >> the call and you're done in 5 minutes unless they want special stuff, and >> presumably you're charging something for the special stuff. >> >> <disclaimer> I've done it in a corporate environment, but not in an MDU. >> I don't see why it wouldn't work though.</disclaimer> >> >> -Adam >> >> >> >> >> ------------------------------ >> *From:* AF <[email protected]> on behalf of Steve Jones < >> [email protected]> >> *Sent:* Monday, November 3, 2025 7:33 PM >> *To:* AnimalFarm Microwave Users Group <[email protected]> >> *Subject:* Re: [AFMUG] Managed facilities wifi >> >> Yeah, thats where number 3 or 4 come in to play. They can manage their >> own ip space. >> >> >> On Mon, Nov 3, 2025, 6:28 PM Chris Fabien <[email protected]> wrote: >> >> One thing we have run into is needing to somehow provide support to every >> vendor someone brings in (cameras, Point of sale, lottery, etc) that >> expects to have a dumb tech plug in a pre-configured wifi system to run >> their stuff. The worst case we had was a restaurant POS system that needed >> its own wifi router and all the tablets, printers etc were set to static >> IPs so there was really no way to use the managed wifi. We ended up just >> letting them use it cause the support burden would have been nuts if we >> forced them to change. >> >> On Mon, Nov 3, 2025, 12:01 PM Steve Jones <[email protected]> >> wrote: >> >> We are going to be taking over some facilities wifi solutions at some >> locations. These are mostly gyms that have various tenants spaces who have >> had multiple providers and tenant wireless systems installed in super close >> proximity. Not really a new solution or scenario. We will be installing a >> unified wireless platform throughout and a single network drop to each >> tenant space and provide 3U rackspace dedicated per tenant. In this case >> the landlord wants to provide a shared connection for everybody as part of >> the lease agreement. But they need the option for their own service. >> This is the boilerplate lease addendum we are looking to provide. You >> guys doing this, any other verbage youve added? We wont be making much on >> these, probably will never ROI on the sites where the tenants dont take >> their own services. >> >> **LEASE ADDENDUM – MANAGED INTERNET & WI-FI SERVICE** >> >> **Effective Date:** [Insert Date] >> **Premises:** [Insert Property Address] >> **Landlord:** [Insert Landlord Name] >> **Tenant:** [Insert Tenant Name] >> >> In consideration of the mutual covenants herein and to promote a >> reliable, interference-free wireless environment throughout the Premises, >> Landlord and Tenant agree to amend the Lease as follows: >> >> 1. **Unified Internet & Wi-Fi Solution.** Landlord shall provide, at >> Landlord’s sole expense and as an included amenity within Base Rent, a >> professionally managed, single-provider Internet service with: >> - One (1) wired Ethernet drop per rental suite delivering shared >> broadband capacity; and >> - Facility-wide Wi-Fi coverage, including a secure network for >> Tenant’s suite and a separate public guest network. >> >> 2. **Prohibition on Tenant-Operated Wi-Fi.** To prevent radio-frequency >> interference, signal degradation, and security conflicts with the managed >> system, Tenant shall not install, operate, or maintain any wireless router, >> access point, extender, or other Wi-Fi broadcasting device within the >> Premises. Any existing Tenant Wi-Fi equipment must be permanently disabled >> and removed within ten (10) days of the Effective Date. >> >> 3. **Public Wi-Fi Access.** A shared public Wi-Fi network is available >> throughout the entire facility, including Tenant’s suite, for use by >> Tenant’s employees, clients, and guests. This service is provided “as-is” >> and is subject to Landlord’s Acceptable Use Policy posted at the Premises. >> >> 4. **No Additional Charge.** The managed Internet and Wi-Fi services >> described in Paragraph 1 are furnished free of charge and are deemed part >> of the Base Rent. Landlord reserves the right to modify speed, capacity, or >> configuration as technology or demand reasonably requires, provided >> equivalent or better service levels are maintained. >> >> 5. **Compliance & Enforcement.** Violation of Paragraph 2 shall >> constitute a material default under the Lease, subject to all remedies >> therein, including but not limited to Landlord’s right to disable >> non-compliant equipment at Tenant’s expense. >> >> 6. **Entire Agreement.** This Addendum supplements and forms part of the >> Lease. All other terms remain in full force and effect. >> >> --- >> >> **OPTIONAL SERVICE ADDENDUM – PREMIUM WI-FI & INTERNET UPGRADES** >> *(Tenant may elect one or more options below by initialing; fees billed >> directly by Professional Wi-Fi Management Company)* >> >> | Option | Description | Tenant Initial | >> |--------|-------------|----------------| >> | **1** | **Vanity Wireless Network Name** – Custom ESSID of Tenant’s >> choice. Wirelessly isolated from other networks; physical Ethernet port in >> suite isolated from facility ports. Bandwidth remains shared. | ______ | >> | **2** | **Static Public IP Address** – Dedicated static IPv4 address >> assigned to Tenant’s suite via the shared Internet connection. | ______ | >> | **3** | **Independent Internet Connection** – Dedicated bandwidth >> circuit purchased by Tenant through Professional Management Service; >> delivered via single wired port and single isolated wireless ESSID. | >> ______ | >> | **4** | **3rd-Party Internet Service** – Tenant-arranged ISP terminated >> in building network closet; bridged by Professional Management Service to >> Tenant’s isolated wireless network and in-suite port. | ______ | >> | **5** | **Secure Captive Portal Splash Page** – Custom-branded login >> page with Tenant-specific Internet Access Policy, terms acceptance, and >> optional user authentication. Applies to Tenant’s isolated network. | >> ______ | >> >> **Addendum Note 1:** Any new facility-wide wiring or service drop >> requires prior written approval from Landlord and Professional Service >> Provider. >> **Addendum Note 2:** For base service (no paid options selected), report >> connectivity issues to Landlord. For any elected paid option, direct >> service/support requests to Professional Service Provider. >> >> IN WITNESS WHEREOF, the parties execute this Addendum as of the Effective >> Date. >> >> **LANDLORD:** >> _______________________________ >> [Name & Title] >> Date: ________________ >> >> **TENANT:** >> _______________________________ >> [Name & Title] >> Date: ________________ >> -- >> AF mailing list >> [email protected] >> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >> >> -- >> AF mailing list >> [email protected] >> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >> >> -- >> AF mailing list >> [email protected] >> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >> > > -- > AF mailing list > [email protected] > http://af.afmug.com/mailman/listinfo/af_af.afmug.com >
-- AF mailing list [email protected] http://af.afmug.com/mailman/listinfo/af_af.afmug.com
