Reply
Member
Posts: 141
Registered: ‎07-15-2014
Kudos: 48
Solutions: 2

Unifi Vlan noob

[ Edited ]

This is a logical drawing.  The central switch is a us-24.  The firewall is a usg-pro-4 and the two wifi points are AC Pros.  

 

Am i correct in assuming that if is etup the unifi gear as noted i'll have all of the vlans isolated from each other?  The AP's are going to be carrying two ssid's..one for the guest wifi and one for the internal wifi..i am hoping I can use vlans to isolate the traffic from each other.  If needed i can provide a physical layout drawing.

https://community.ubnt.com/t5/UniFi-Routing-Switching-Feature/Allow-port-forwarding-source-by-FQDN/idi-p/2244145
nfsdrawing103102017-page-0.jpg
nfsphysicallayout-page-0.jpg
Established Member
Posts: 1,567
Registered: ‎04-08-2014
Kudos: 490
Solutions: 79

Re: Unifi Vlan noob

Any chance you could convert the pdf to an image and import it into the post?  I'm not a fan of opening them.

 

But generally speaking, if you have a Unifi Gateway, Switch and AP, then just create a corp network and a guest network (configure this with a vlan option).  Then create your wireless networks and chose to tag your guest ssid to the same vlan number.

 

This will isolate your 2 networks.  By default, the USG will create firewall rules to separate the guest from the corporate network.  Just keep in mind that if you create 2 or more corporate networks, then by default, the USG will allow access between all the corporate networks.

Controller: 5.9.26 | Sites: 12 | Devices: 55 | Clients: ~250
USGs (4.4.28): XG8 (x1) | Pro4 (x4) | USG3 (x4)
UAPs (3.9.50): AC-Pro (x17) | AC-LR (x3) | Mesh-Pro (x2) | Mesh (x1) | Outdoor+ (x2)
USWs (3.9.50): US-16XG (x2) | US-40-500w (x3) | US-24-250w (x2)| US-8-150w (x3) | US-8-60w (x3) | US-8 (x2)
Member
Posts: 141
Registered: ‎07-15-2014
Kudos: 48
Solutions: 2

Re: Unifi Vlan noob

ok image subsituted.  I need isolation between all of these networks.  Can unifi only provide isolation between two networks?  

https://community.ubnt.com/t5/UniFi-Routing-Switching-Feature/Allow-port-forwarding-source-by-FQDN/idi-p/2244145
Established Member
Posts: 1,567
Registered: ‎04-08-2014
Kudos: 490
Solutions: 79

Re: Unifi Vlan noob

The vlans keep all the layer 2 traffic isolated from each other. At layer 3, everything will route through the USG. And no, you can have a lot more than this. My point was that by default, a network created as "corporate" with be able to route through the USG to the other "corporate" networks. Just create firewall rules to prevent the networks you don't want to communicate and you are all set.
Controller: 5.9.26 | Sites: 12 | Devices: 55 | Clients: ~250
USGs (4.4.28): XG8 (x1) | Pro4 (x4) | USG3 (x4)
UAPs (3.9.50): AC-Pro (x17) | AC-LR (x3) | Mesh-Pro (x2) | Mesh (x1) | Outdoor+ (x2)
USWs (3.9.50): US-16XG (x2) | US-40-500w (x3) | US-24-250w (x2)| US-8-150w (x3) | US-8-60w (x3) | US-8 (x2)
Member
Posts: 141
Registered: ‎07-15-2014
Kudos: 48
Solutions: 2

Re: Unifi Vlan noob

[ Edited ]

good that's what i thought..each vlan is going to be on it's own /24 then i was going to create firewall rules to keep them apart on the firewall..so my concept was sound just have to make sure i implement it correctly..Man Happy

https://community.ubnt.com/t5/UniFi-Routing-Switching-Feature/Allow-port-forwarding-source-by-FQDN/idi-p/2244145
Member
Posts: 141
Registered: ‎07-15-2014
Kudos: 48
Solutions: 2

Re: Unifi Vlan noob

[ Edited ]

how many guest networks can i create?  

 

Or i can create them all as individual corporate networks and then firewall them off from each other....

https://community.ubnt.com/t5/UniFi-Routing-Switching-Feature/Allow-port-forwarding-source-by-FQDN/idi-p/2244145
Member
Posts: 141
Registered: ‎07-15-2014
Kudos: 48
Solutions: 2

Re: Unifi Vlan noob

one more question:

 

can the usg handle dhcp duties for all vlans except 200?

 

The server is going to be handling those duties as part of it being an AD server.

https://community.ubnt.com/t5/UniFi-Routing-Switching-Feature/Allow-port-forwarding-source-by-FQDN/idi-p/2244145
Member
Posts: 183
Registered: ‎10-27-2016
Kudos: 38
Solutions: 12

Re: Unifi Vlan noob

Yes.  You just need to disable DHCP on 200.  On your controller, go to Settings -> Networks, select VLAN 200 and uncheck "Enable DHCP Server."

Highlighted
Established Member
Posts: 1,567
Registered: ‎04-08-2014
Kudos: 490
Solutions: 79

Re: Unifi Vlan noob

As many guest networks as you want, but you can only have one Guest control policy per site.
You might find it helpful to read the manual.
https://dl.ubnt.com/guides/UniFi/UniFi_Controller_V5_UG.pdf
Controller: 5.9.26 | Sites: 12 | Devices: 55 | Clients: ~250
USGs (4.4.28): XG8 (x1) | Pro4 (x4) | USG3 (x4)
UAPs (3.9.50): AC-Pro (x17) | AC-LR (x3) | Mesh-Pro (x2) | Mesh (x1) | Outdoor+ (x2)
USWs (3.9.50): US-16XG (x2) | US-40-500w (x3) | US-24-250w (x2)| US-8-150w (x3) | US-8-60w (x3) | US-8 (x2)
Reply