Cloud Gateways Switching WiFi Camera Security Door Access Integrations Accessory Tech Identity
User
Sign Up UniFi Site Manager
Help Center Help Articles Professional Support Professional Integrators Community RMA & Warranty Downloads Tech Specs
User
Sign Up UniFi Site Manager
Help Center Help Articles Professional Phone Support Professional Integrators Community RMA & Warranty Downloads Tech Specs
Cloud Gateways Switching WiFi Camera Security Door Access Integrations Accessory Tech Identity

Social

Facebook Twitter Youtube Instagram

Company

Careers Contact Us Investors

Training

Courses Calendar Trainers Become a Trainer

Tools

WiFiman UISP Design Center
  1. Ubiquiti Help Center
  2. UniFi
  3. Network
  4. Features & Configuration

Multiple VLAN Connections on a Single Wireless Network in UniFi Network

UniFi Network’s Private Pre-Shared Keys (PPSK) and RADIUS-Assigned VLAN are two powerful features enabling dynamic network segmentation on a single WiFi SSID. Whether you're managing guest access, IoT devices, or enterprise networks, these features enhance security, segment traffic, and reduce airtime utilization.

  • With Private Pre-Shared Keys (PPSK), you connect to WiFi using just the SSID and a shared password—no individual usernames required. The password determines your VLAN assignment, making it compatible with all client types, including legacy devices and IoT devices.
  • RADIUS uses unique user profiles with custom VLANs set for each. This will only work for devices supporting WPA2 Enterprise or WPA3 Enterprise encryption.

Private Pre-Shared Keys (PPSK)

With Private Pre-Shared Keys, you can keep all users on the same SSID without requiring a unique user profile for each user. This is a simple and effective way to segment users without requiring additional authentication infrastructure. This option is WPA2 only, so it will not work on 6 GHz wireless bands.

  1. Ensure your VLANs are configured. Learn more here.
  2. Go to Settings > WiFi and add a new wireless network.
  3. Enable Private Pre-Shared Keys (PPSK) in the WiFi settings.
  4. Create a custom password for each VLAN you want users to access.
  5. Click Add WiFi Network.

Note: If a user needs to switch VLANs, they can do so by “forgetting” the network in their device’s WiFi settings and then re-connecting with a new password.

RADIUS Authentication

A RADIUS server allows you to assign VLANs dynamically based on user credentials. This method is ideal for organizations needing secure, user-specific network access.

  1. Ensure your VLANs are configured. Learn more here.
  2. Create a new RADIUS profile in UniFi. Learn how here.
  3. Configure users with unique credentials and VLAN assignments.
  4. Go to Settings > WiFi and add a new wireless network.
  5. Under Advanced Settings, set the Security Protocol to WPA2 Enterprise or WPA3 Enterprise.
  6. Select the RADIUS profile created in Step 2.
  7. Click Add WiFi Network.

Additionally, RADIUS can assign VLANs based on MAC addresses for seamless device authentication. For more information about MAC-based VLAN assignments, click here.

Was this article helpful?