How to Configure Guest Networks using a Wi-Tek Gateway #WiTekWednesday


This blog explores the new Wi-Tek AP Controller WI-AC105P

- Configuring a VLAN for wireless clients -

- Utilising to control Wi-Tek access points -

- Creating a Guest Network & Log in portal -


WI-AC105P

The controller simplifies deployment of larger WiFi networks by enabling you to configure and control everything from a central point rather than having to log into each AP individually.

It also enables you to create/control guest networks that are separated from the main staff/business network and manage their bandwidth speed.

Typical scenarios include: pubs, hotels, communal public WiFi, gyms etc.


1. Connecting to the WI-AC105P

     Connect the WAN port directly to the network router.



Connect your access point(s) starting with LAN1, either directly or with a PoE switch in the middle. All the LAN ports can be either bonded together to create a single network or configured to be individual LAN ranges and kept separate with ACL firewall and LAN Forward rules.

To access the dashboard of the AC105P, find and navigate to the WAN port IP address with port 800. In this case this it is 192.168.1.210:800.


If you are unable to locate the WAN IP, you can connect your laptop into a free LAN port and navigate to 192.168.10.1, when connecting via the LAN ports you don’t need to specify a port number as it uses the default port 80. The ports used for both the LAN & WAN can be configured under System > Remote Access.

Default Username: admin
Default Password: admin

Wi-Tek dashboard login page


2. Dashboard

Once logged into the dashboard you can see all the information for all the connected devices and clients. 


WI-AC105P Dashboard once logged in


3. Configuring the WiFi Access Points

To configure the WiFi APs first we need to ensure the controller can see the connected access points. 


Navigate to Wireless > AP List
  - From here you can see all the connected AP details.

You can rename each AP by clicking 'Device Name' and entering an appropriate name. By default the access points wont be assigned to a group, we need to assign each AP to the same or multiple groups depending on the scenario.


To configure the groups, navigate to AP Group, if you only need a single group click ‘Edit’ on the default group, if you need multiple simply click ‘ADD’ in the top right to create

From here we can configure the template that is to be assigned to all access points withing the Group. One or multiple SSIDs for both the 2.4Ghz and 5Ghz WiFi can be configured. Here I have created a staff and a guest network.

Select 2.4G and configure as required, click confirm to save then repeat for the 5G.


To ‘Isolate’ clients on the guest network we have enabled the isolation and set the VLAN Binding to 1. (We will configure the VLAN later). We can also configure the MAX number of users per SSID, the default here is 32, but this can be anything up to 512.



Under ‘Advanced’ you can enable 802.11kvr Roaming, this will enable connected clients to seamlessly roam between multiple APs based on their signal strength.

Note: If enabling roaming, ensure you enable it for both 2.4Ghz & 5Ghz


Now we have configured the WiFi template we need to bind the relevant access points to the group. To do this Navigate back to AP List, select the AP and click BIND. Select the group and click confirm.



4. Creating the VLAN for the Guest Network

First we need to ensure the Interface the access points are connected to on the WI-AC105P is set as LAN, it is not possible to create a VLAN on a BOND port.


Navigate to Network > Interface and select the relevant LAN port and ensure the Interface Type is set to LAN.

From here we can also configure the IP range we want the LAN port to be given. The default IP range for the LAN ports is 192.168.10.1, when changing from a BOND to LAN Type, you will either need to use a different range, or change all the BOND ports to a different range as the range is already in use on the other ports.

In this example we have changed this to 192.168.3.1. Anything that is now connected to LAN1 will be given an IP of 192.168.3.x.

Under the Advanced settings you can configure the DHCP settings. It is recommended to leave these at their defaults.

After changing to LAN reboot the controller to push the new IP range to the connected devices via DHCP. This can be done from System > System Maintenance, click Reboot Now.


Now to configure the VLAN for the guest network:

Navigate to Network > VLAN.
  - Click ADD in the top right.

Select the relevant main interface, in this case LAN1. Enter the same VLAN Tag as configure in the WiFi template earlier. Click ‘Random’ to generate a MAC address and enter an IP range and Netmask for the VLAN. As the main LAN is 192.168.3.x I have set the VLAN to 192.168.30.x to differentiate easily between the two.

Under ‘Advanced’ enable the DHCP Basic mode. Configure the start IP, pool size and lease time as required. Click Confirm to save.

You should now be able to connect to both networks, depending on which you are connected to you will receive a relevant IP address.


Staff Network Guest Network


The next step is to stop traffic from the guest network accessing the main network and only having internet access. We can do this in a few ways, the quickest and simplest way of doing this is to disable the LAN Forward.

To do this, navigate to Firewall > LAN Forward. Select Disallow forward and select the interfaces you do not want to be able to talk to each other. In this case we done want VLAN1 to be able to communicate with LAN1.

Alternatively, you can be more specific in the limitation and use an Access Control List (ACL Rule).


5. Configuring Guest Network Landing Page

Now we have the networks setup and isolated from each other we can now configure a landing page for anyone connecting to the guest network.


Navigate to HotSpot > Service Zone and set the VLAN interface to Local PortalClick Confirm to save.

Next navigate to Local Portal. This is where we configure the details of the landing page, upload a logo etc.

First setup the Display Configuration:

Then configure the Authentication, there is multiple methods that can be used, for simplicity we will use the ‘OneKey Auth’, this gives a simple one button Login but you could use a pre-shared password, voucher codes, SMS auth etc with further configuration.

Enter the Redirect URL so send the client to after authentication, set how long the authentication is valid for and set a flow detection interval. This will help to ensure connected clients that are not actively using the network are disconnected accordingly.

Click Confirm to save. Now anyone connecting to the Guest network will be greeted with the landed page and must authenticate themselves before being able to access the internet.



6. Enabling a bandwidth limit for the Guest Network

Now we have the guest network setup, it may be useful to configure a speed limit for the guest network, this will ensure that anyone connected on the guest network does not drastically impact the performance of the entire network by draining the full bandwidth.


Navigate to SmartQoS and select Flow Control. Select IP Based and click ADD in the top right.

Give the policy an applicable name, select the interface the rule is to apply to. As we only want this to apply to the VLAN we select LAN1_1 here. This will add the IP range in the box below.

  • Enter a guaranteed minimum speed
  • Enter a maximum speed for both UP and Down

If you wish the policy to apply all the time set Long-term to Yes, alternatively if you only wish to limit speeds between set days/times select No and configure the applicable schedule.


Staff Network Guest Network



No limit LAN Limited VLAN