Within the Unifi controller software, go to
Settings -> Wireless Networks. Create the SSID you want to be the
guest network, leave security open, and check the box labeled Guest Policy.
Don't setup any VLAN configuration because you do not need it.
Once you have done that, go to Settings ->
Guest Control. You do not need to use the guest portal option. In
the Access Control area, add the subnets you do not want guest wifi clients
touching in the Restricted Subnets area.
Once you have completed these steps, you have
just created a guest wifi that users can connect to without the need to
authenticate, and Unifi has restricted clients on that wifi network from being
able to touch your production network...all without VLANs.
And the clients on the guest network would get
an ip from your DHCP server as you would expect, and you can then filter the
web traffic by content as you desire.
And one other thing, you
need to allow dhcp Ip address on guest wifi so that guest client can get ip
from dhcp, within Settings -> Guest Control you can add your entire subnet
(i.e. 192.168.0.0/24) under Restricted Subnets and then add an allowed subnet
for just your dhcp server (i.e. 192.168.1.5/32).
Result: - User can get Ip
from dhcp but will not be able to ping any devices into the network.
