Table of Contents
- Understanding VLANs and Their Benefits
- Setting Up VLANs in the UniFi Controller
- Configuring Advanced Networking Features
- Testing and Managing VLANs
- Conclusion
Understanding VLANs and Their Benefits
A VLAN divides a physical network into multiple, isolated networks, allowing specific devices to communicate within set boundaries. Key benefits of VLANs include:
- Enhanced Security: By isolating network segments, VLANs reduce unauthorised access.
- Traffic Management: VLANs allow administrators to manage traffic flow, improving bandwidth efficiency.
- Organised Network Layout: VLANs enable logical grouping of devices, such as separating staff and guest networks in a workplace.
Setting Up VLANs in the UniFi Controller
To set up VLANs on a Ubiquiti UniFi network, you'll need access to the UniFi Controller:
- Log into the UniFi Controller: Open your UniFi Controller dashboard and navigate to Settings.
-
Create a New Network:
- Go to Networks and click Create New Network.
- Name your VLAN (e.g., ‘Staff VLAN’ or ‘Guest VLAN’).
- Set VLAN ID: Enter a unique VLAN ID (a number between 2-4094) to identify this VLAN.
- Assign Subnet and IP Range: Choose a subnet and define the IP range for this VLAN. This will determine how devices in the VLAN are assigned IP addresses.
-
Choose Network Purpose:
- Corporate: Allows full network access.
- Guest: Limits access for security purposes, often used for guest Wi-Fi networks.
- Save: Once the VLAN is configured, save your settings.
Your VLAN will now be set up and can be assigned to different UniFi devices, such as switches and access points.
Configuring Advanced Networking Features
Ubiquiti offers additional advanced networking features to improve control and security:
1. Firewall Rules
VLANs can be secured with custom firewall rules:
- Go to Settings > Firewall & Security in the UniFi Controller.
- Set up rules to control traffic between VLANs or between VLANs and the internet. For instance, you might block certain VLANs from accessing internal networks.
2. Traffic Management with QoS
Quality of Service (QoS) prioritises certain types of network traffic:
- Go to Settings > Internet > Traffic Shaping.
- Define traffic rules for applications or devices that need priority, such as VoIP or streaming.
3. Enable Bandwidth Limiting
Limit bandwidth per device to prevent network congestion:
- Go to the specific VLAN settings in the Networks tab.
- Set bandwidth limits to control upload and download speeds, which is particularly useful in guest or IoT networks.
4. LAN-to-WAN and Inter-VLAN Routing
UniFi’s advanced routing options allow specific traffic paths:
- In Settings > Routing & Firewall, create static routes if needed.
- Enable Inter-VLAN Routing if certain VLANs require communication, such as allowing IoT devices to interact with specific internal services.
Testing and Managing VLANs
Once VLANs and advanced features are configured, it’s essential to test them:
- Connect Devices to VLANs: Assign devices to the new VLAN by connecting them to a configured port on a UniFi switch or by selecting the appropriate VLAN ID in Wi-Fi settings.
- Verify IP Assignment: Check if devices receive IP addresses within the correct VLAN subnet.
- Test Access Rules: Ensure firewall rules are functioning as expected by attempting to access restricted VLANs from different devices.
- Monitor Traffic: Use the UniFi Controller dashboard to monitor bandwidth usage and traffic patterns within each VLAN.
Conclusion
Setting up VLANs and leveraging advanced networking features on Ubiquiti UniFi enables secure, efficient, and manageable network structures. By following these steps, you can segment your network, implement traffic management, and ensure greater control over data flow within your network, improving overall performance and security.
