What's new
  • Please do not post any links until you have 3 posts as they will automatically be rejected to prevent SPAM. Many words are also blocked due to being used in SPAM Messages. Thanks!

what cost effective / simple to manage gear would you recommend for this scenario?

lcdguy

Well-known member
Folding Team
Joined
Mar 17, 2007
Messages
2,210
Location
An undisclosed location
vlans are likely overkill unless you want to logically separate the networks out. In my own network i run a total of 3 vlans.

One for the normal LAN that most stuff ends up on.
One for my work devices (laptop, cellphone, etc)
One for the guest WiFi.

Honestly the you probably aren't going to find any other gear at the same level of the unifi gear that is any easier to configure.

But if i were you i would sit down and think about what it is you try to accomplish with vlan's at a high level (ie: Separating traffic types, locking out guest networks from your main lan, etc) then decide if it's worth the time investment to configure it on unifi or just live with one network.
 

Mr. Friendly

Well-known member
Joined
Nov 21, 2007
Messages
5,147
Location
British Columbia
my only concern is keeping my work network separate from everything...which is why I bought the Unifi equipment in the first place.

I'd like to make two WiFi networks as well...one for my wife n I and another for the step daughter and her family. I'd like to have it named for them, so they feel it's theirs, rather than just connecting to 'guest'. I want to be considerate and give them the psychological peace that provides.
 

lcdguy

Well-known member
Folding Team
Joined
Mar 17, 2007
Messages
2,210
Location
An undisclosed location
you should be able to do that using vlans.

You will need a controller (either a cloud key, software on computer you can leave on 24/7, etc) and i am going to assume all of the unifi gear has already been adopted successfully into the controller, as everything else is going to pretty much happen on the controller.

you will need to make 2 wifi networks, in unifi you make wifi networks under the wifi profiles, which can then be assigned to the radios on the AP's. Since most ap's these days are multiband (2.4, 5g) you could create wifi networks for each band, or make the 2 wifi networks and enable band steering to favour 5g when it's applicable up to you.

you will need to decided which networks will go on the default vlan (1). for each additional wireless network there is a section where you can set a vlan ID enter in any number between 2-4096, i like to go up in multiples of 10. Ie: 10, 20, etc)

once you have the wifi networks created we need to create the vlan networks and ip ranges for each vlan.

Under networks there should be a default of WAN and LAN networks. The lan likely already has a subnet, dhcp, etc configured.

You are going to want to create a new network for each vlan you wanted to use on the ap. For the dhcp server i like to use the lan id (if it's under 254) for part of the addressing to make it simple. ie: vlan 10, would be something like 192.168.10.0/24 (255.255.255.0).

Then you would set the dhcp range, specify a dns servers, etc. Set the gateway to match your usg but use the subnet you are setting. ie: 192.168.10.1.

Repeat for the remaining subnets.

if you want to lock down vlan access for certain ports on your switch, you will need to either set the port to a specific network or create a switch profile, and assign the profile to the switch port you want to only have access to a specific vlan OR configure a vlan ID on the device connecting to it. (i believe the unifi default is to basically put the port in trunk mode (all vlans) untag vlan 1 (default LAN).

I know these seems like a lot, but it's way easier in unifi then with stand alone devices.

If you want some help i would be open to give you some assistance, in getting this setup.

As an example here is what i had setup when my unifi gear was in production (USG, 2 unifi switches, 3 AP's)

Primary LAN (Default VLAN) (192.168.1.0/24)
Work LAN (vlan ID 10) (192.168.10.0/24)
Guest LAN (vlan ID 20) (192.168.20.0/24)
Work Wifi (2 SSIDS, VLAN 10)
Primary LAN Wifi (2SSIDS, Default VLAN)
Guest WiFi (2SSIDS, VLAN 20)

Guest wifi, and work LAN were blocked from the primary lan, only had internet access.
 

Mr. Friendly

Well-known member
Joined
Nov 21, 2007
Messages
5,147
Location
British Columbia
you know...I may just get someone local to come and set this up for me. the numbers are very difficult because of my dyscalculia. :(

also, the Unifi gear gets BLOODY HOT!
 

lcdguy

Well-known member
Folding Team
Joined
Mar 17, 2007
Messages
2,210
Location
An undisclosed location
you know...I may just get someone local to come and set this up for me. the numbers are very difficult because of my dyscalculia. :(

also, the Unifi gear gets BLOODY HOT!
Fair enough, and yes unifi gear does run a bit on the toasty side, but that mostly because thier gear is either passively cooled, or cycles the cooling fans once the temps reach a certain threshold.
 

Latest posts

Twitter

Top