@AndyHarrowven Will they need access to wired connection or just wireless? If only wireless, you can just provide them access to the Guest Network feature on the EAPs and the WR841N. You can even get this done with the Omada Cloud Essentials controller at no additional cost. If you have more details such as network speed/bandwidth requirements as well as expected number of clients, I can assist even further. 

  @NeilR_M 

Only need wireless connection, tried setting up guest network but it didn't work. I could still enter the IP address of the CPE and also the starlink router IP and it brings up the webpage for the device.

  @AndyHarrowven Double checking the model of the router again, it looks like that device falls under Home Networking; you might get better results in the Home Networking end of the forums. However, if you have Omada EAPs in the system (aside from the CPEs) you can configure a Guest Network for those through the Omada Controller or Omada App.

  @NeilR_M 

Ok thanks, will try asking under the other forum heading, no EAP's.

  @AndyHarrowven 

Guest mode wont work because the starlink is the WAN ip and therefore beyond the scope of guest mode blocking (which only blocks within the same vlan and gateway IP) not beyond to WAN otherwise internet wouldnt work since that traffic will be hopped by the gateway

You probably need a basic omada gateway where you can specifically block a LAN>WAN IP with gateway ACLs and then use vlan isolation on the LAN side for the guest network

  @GRL

Ok thanks, any suggestions on what would be a good gateway to go for. I believe I would also need a managed switch?

So I would put Starlink router in bypass mode and then add omada gateway and replace my existing switch?

  @AndyHarrowven 

ER7206 v2, SG2008P switch and a couple Omada access points, maybe EAP650 Outdoor would be fine for this use

When you block the starlink IP, its important to only block its GUI ports (22,80,443 would probably be sufficient) you dont want to just block the whole IP

If you envisage the network growing beyond this in the future, get yourself a controller to, otherwise a little network like this would be fine in standalone mode

  @GRL

So I would need to replace the WR481N with the EAP?

What about the CPE210s I'm using as a ptp 

 The AP is wired to the switch that the starlink is currently connected to and then the client CPE that is in a remote garage is then wired to a central box with another switch in it. 4 separate cables then run to individual lodges that I'm trying to get internet access to.

Cheers for your help so far,  I got basic network knowledge so this vlan stuff is going to be a bit of a learning curve.

  @AndyHarrowven 

Can you draw a rough sketch of what the current design layout is ?  we can advise better with that

  @GRL 

Ok will do, will draw something up tomorrow, thanks