This article discusses how to use VLANs with UniFi Network switching products. Find a link to an introductory article on VLANs in the Related Articles below, as well as how to use VLANs on UniFi wireless and routing devices.
Table of Contents
UniFi Device Management
Begin by adopting the UniFi wireless device over the native, or untagged, VLAN. This will be the continued requirement. That being said, L3 management is supported, so the UniFi Network Controller can remote. See more about that in the UniFi - Device Adoption Methods for Remote UniFi Controllers article.
As of Controller software version 5.8, access points and switches can be set to tagged VLANs. After the device is adopted over the untagged VLAN, define a tagged management VLAN to use. This is found under the device Properties window (from the Devices page click on the device to reveal the Properties Panel). Select Config (gear icon) > Services > Management VLAN.
How to Configure VLANs on UniFi Switches
VLANs can be used with UniFi Switches. By default, ports are set to All, so it'll have an untagged VLAN 1, and then the rest will be tagged. VLANs need to be defined in the UniFi Network Controller under Settings > Networks. To simply set up a VLAN, set a network as VLAN only.
To change the profile on a port, or port group, click on the Switch in the Devices tab to reveal the Properties Panel, then go to Ports, and either choose the edit button on the right or select the desired ports and click "edit selected" on the bottom. In editing mode, choose the profile for the port(s). The Networks/VLANs profile on a port can be used to define the untagged and tagged networks on the selected port(s).
Create port profiles in the controller's Settings > Profiles > Switch ports > Add new Profile. Currently, it is possible to tag VLAN 1 on a port with UniFi switches.
The UniFi switch is currently the only device where VLAN 1 can be tagged if needed. The default LAN network in the controller is VLAN 1. So to tag it, you would create a custom profile and tag it. VLAN 1 is the default LAN network in Settings > Networks in a fresh controller.
RADIUS controlled VLANs are also supported. To begin, first enable 802.1x control and choose a RADIUS profile. This is found under the switch Properties Panel (exposed by clicking on the switch on the Devices page) > Config (gear icon) > Services. Here, either create a new RADIUS profile, with RADIUS VLAN enabled for the switch, or make sure it's enabled on an existing profile.
You may also need to configure the switch port profile for 802.1x in Settings > Profiles > Switch Ports > "Add New Port Profile" or edit existing. 802.1x Settings can be found under "Advanced Settings".
RADIUS profiles are managed from Settings > Profiles.