Regular Member
Posts: 334
Registered: ‎07-17-2013
Kudos: 52
Solutions: 6
Accepted Solution

VLAN-only and Inter-VLAN routing

I'm currently using a VLAN-only network to connect a cable modem to the USG on another switch.

 

- VLAN-only network is set to only one port on each switch (cable modem port and USG WAN port).

- VLAN-only network is only used on specified ports, not on WLAN.

- LAN network is set on all other ports except the uplink / trunk ports.

- ALL is used only on the uplink / trunk ports.

 

I've read a lot about inter-VLAN routing in UniFi.  I'm now under the impression that I also need to create firewall rules to prevent the networks from seeing each other, and that all inter-VLAN traffic is routed through the USG.

 

1) Using VLAN-only and the default LAN networks and setting them to specific ports as described above, do I need to put firewall rules in place to prevent inter-VLAN routing?

 

2) As described above, does the traffic going through the trunk get routed through the USG because there are two VLANs on the trunk?  This would seem odd as normal VLAN tagging would not require a router.

 

 


Accepted Solutions
Ubiquiti Employee
Posts: 5,241
Registered: ‎08-08-2016
Kudos: 5953
Solutions: 360

Re: VLAN-only and Inter-VLAN routing

VLAN-only only defines the VLAN tags on your switches, USG does not get provisioned with those so they'll have no routing from USG.

View solution in original post


All Replies
Emerging Member
Posts: 80
Registered: ‎10-21-2015
Kudos: 65
Solutions: 2

Re: VLAN-only and Inter-VLAN routing

VLAN-only is a Layer 2 broadcast domain.  No inter-VLAN routing occurs between VLAN-only VLANs.

Ubiquiti Employee
Posts: 5,241
Registered: ‎08-08-2016
Kudos: 5953
Solutions: 360

Re: VLAN-only and Inter-VLAN routing

VLAN-only only defines the VLAN tags on your switches, USG does not get provisioned with those so they'll have no routing from USG.

Emerging Member
Posts: 93
Registered: ‎05-20-2014
Kudos: 68

Re: VLAN-only and Inter-VLAN routing

Sorry to drag up an old thread but I have an extension question in relation to this. If I put a port on a USW into (vlan only) VLAN 99 say and then attach another router to that USW port, which is DHCP enabled and has its own gateway, will that routers "network" leak into my main network or will it be only seen by other machines in the same vlan 99?