Hi, I'm probably overthinking this but hopefully it's something easy I'm missing.
I have about 50 IAP-305 all serving the same SSID throughout our facility. I use Instant to manage it and it all works fine.
The network these APs are serving gets DHCP from a Windows domain server. All of the devices get DNS from the Windows server and it forwards to our firewall which routes traffic to the Internet.
Now I need to set up a guest network. It will be turned on only for events so I'd like to keep it simple, using a single user ID. It only needs access to the Internet. As I'm going through the steps for the Guest network, I choose Guest, Virtual Controller Managed IP, Default VLAN, and unrestricted. This works, but of course the clients can get to all the devices on the private network. I tried restricted, denying the network range where the private network devices are located, but then I no longer have Internet access.
What do I have to do to allow Internet-only guest access on the same APs as the private network uses?
Thank you