vlan
How to setup vlans
Intro
How I setup vlans
Scheme
I will follow the scheme: 10.<VLAN ID>.<VLAN ID>.0/24
VLAN 10 → 10.10.10.0/24
VLAN 20 → 10.20.20.0/24
VLAN 30 → 10.30.30.0/24DHCP Range
I will also configure DHCP Range to always start on 100. Example with 24 cidr
| start | stop |
|---|---|
| 10.10.10.100 | 10.10.10.254 |
| 10.20.20.100 | 10.20.20.254 |
| 10.30.30.100 | 10.30.30.254 |
Architecture
| SSID | VLAN | Subnet | Gateway | Static Range | DHCP Range | Purpose | Color |
|---|---|---|---|---|---|---|---|
| - | 1 | 192.168.1.0/24 | 192.168.1.1 | - | - | Default (abandoned) | |
| - | 10 | 10.10.10.0/24 | 10.10.10.1 | .2 - .99 | .100 - .254 | Management | grey |
| wifi4home | 20 | 10.20.20.0/24 | 10.20.20.1 | .2 - .99 | .100 - .254 | Home | blue |
| wifi4work | 30 | 10.30.30.0/24 | 10.30.30.1 | .2 - .99 | .100 - .254 | Work | yellow |
| wifi4iot | 40 | 10.40.40.0/24 | 10.40.40.1 | .2 - .99 | .100 - .254 | IoT | teal |
| wifi4guest | 50 | 10.50.50.0/24 | 10.50.50.1 | .2 - .99 | .100 - .254 | Guest | red |
| - | 60 | 10.60.60.0/24 | 10.60.60.1 | .2 - .99 | .100 - .254 | Homelab | black |
Critical
For the Default network VLAN when blocking access to the Gateway, this will also disable the ability to adopt new unifi devices. If you need to add a new device, then you'd need to pause the block default to gateway rule temporarily and then reenable it after the device is adopted.
Management VLAN
All unifi devices like switches, APs etc should belong to the Management network. There is one special case tho, the gateway router cannot be overriden it will always display the 192.168.1.1 ip but you can verify the default network is not used/have any leased ips by going to Networks section and checking leased ips for the Default Network.
For all unifi devices navigate to UniFi Devices and for each device (except the gateway router and cameras for example) click on Settings -> IP Settings -> Network Override and select Management network under Virtual Network
Even tho the Management network does not have internet access, the gateway router will still have access to the internet. So you can still access the unifi controller from the internet using the UniFi app or ui.com and manage your devices.