<div dir="ltr"><div>Quick update:<br><br>Turns out the current "router", which is a multi-homed machine, had an available port on it (it's a rack server with two dual-port NICs in it, I put those in ages ago ... phew!) So I went that route, configured the available port as a different subnet, configured DHCPd and iptables to isolate it from everything, connected the guest AP to that, adopted, configured, et voila. I can see and mange it from the regular internal network that we're all on, without needing to move my system onto the guest subnet. For the time being, crisis resolved.<br><br></div>Thanks everyone for your wise comments and suggestions!<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Apr 25, 2016 at 10:35 AM, Ashley M. Kirchner <span dir="ltr"><<a href="mailto:kirash4@gmail.com" target="_blank">kirash4@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><br><div class="gmail_quote"><span class="">On Mon, Apr 25, 2016 at 10:21 AM, Simon Hobson <span dir="ltr"><<a href="mailto:dhcp1@thehobsons.co.uk" target="_blank">dhcp1@thehobsons.co.uk</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
> ... the APs are also Ubiquity UniFi APs.<br>
<br>
Good choice IMO - I've put a lot of those in.<br></blockquote><div><br></div></span><div>I love those things. I have one at my house, paired with an EdgeRouter Pro. Ultimately the goal is to do a similar thing here, but it's further down the list unfortunately and dealing with limited IT funds is tricky. It will happen, it just takes time, and this wrench is causing problems at the moment.<br></div><div> </div><br></div><span class=""><span>Gregory Sloop <<a href="mailto:gregs@sloop.net" target="_blank">gregs@sloop.net</a>> wrote:<br>
<br>
> Again, I don't know your situation, but if your job is asking you
to sacrifice security and can't cough up, say, $500 to fix this problem
right, then, IMO, I would be looking for another job.</span><br><br></span></div><div class="gmail_extra">Yeah, that's not it. It's dealing with a limited budget and having to prioritize things. This specific wrench was not on the list to be done when the budget was approved. I already tapped into next quarter's budget by getting this third AP (granted, they're not a whole lot of money, but a budget is a budget, and we're asked to adhere to it.) And yes, I could probably just get a managed switch, but someone will be asking questions when later I end up getting the actual EdgeRouter that's going to replace the current multi-homed machine. Like "Why are you getting another one? Why is this more expensive? Why ... why ... why ..." I could also push it up on the list and get the EdgeRouter now, but that will mess up the schedule of other things that need to happen BEFORE the switch over. Having a procedure list is great ... until something or someone messes with it.<br></div><div class="gmail_extra"><br></div></div>
</blockquote></div><br></div>