Help Center Help Articles Community Design Center Tech Specs Large Project Assistance Professional Phone Support Contact Support
Store
User
Sign Up UniFi Site Manager
User User
Sign Up UniFi Site Manager
Help Center Help Articles Community Design Center Tech Specs Large Project Assistance Professional Phone Support Contact Support ui.com
Store

Links

UISP Help Articles UISP Carrier Platform

Social

Facebook Twitter Youtube Instagram

Company

Careers Contact Us Investors

Training

Courses Calendar Trainers Become a Trainer

Tools

WiFiman UISP Design Center
Back to Top
  1. Ubiquiti Support and Help Center
  2. UniFi
  3. Network
  4. Features & Configuration

UniFi Network - Creating Virtual Networks (VLANs)

UniFi makes it easy to create and implement virtual networks (VLANs).

If you are looking to troubleshoot your VLAN, visit this article.

Creating a VLAN

UniFi Gateway or Cloud Gateway

Third-Party Gateway

  1. Navigate to Settings > Networks to create a new virtual network.
  2. Name the network.
  3. (OPTIONAL) Advanced users can configure their preferred VLAN ID, subnet range, DNS, DHCP server, and DHCP options.
  4. By default, UniFi Gateways allow communication between different VLANs. See Traffic Rules to learn about implementing restrictions.

Although a UniFi Gateway or UniFi Cloud Gateway is recommended for the most integrated experience, it is possible to bridge networks/VLANs from a third-party gateway so that they can be assigned to UniFi Access Points (APs) and switch ports.

  1. Configure your network’s subnet, VLAN ID, DNS, and DHCP server on your third-party gateway.
  2. In UniFi, navigate to Settings > Networks to create a new virtual network.
  3. Although not required, we recommend giving it the same name used in your third-party gateway, for consistency.
  4. Enter the same VLAN ID that is configured on your third-party gateway.
  5. By default, most third-party gateways block routing between separate VLANs. Make any desired changes on the gateway, not within UniFi.

Applying a VLAN to a WiFi Instance

Client devices that join a particular WiFi will be assigned to the corresponding VLAN associated with that WiFi instance. To configure this VLAN:

  1. Navigate to Settings > WiFi to create a new WiFi.
  2. When creating or modifying a WiFi, click the Network dropdown.
  3. Select the desired network. 
  4. Ensure all ports between your AP and gateway are configured to allow the specified network’s VLAN ID. Failure to do so will result in clients being unable to join the WiFi.
    1. UniFi Switches enable all traffic by default, but any third-party switch will need to be manually configured. See VLAN Connectivity to learn more.

Applying a VLAN to a Switch Port

Primary Network

The Primary Network (also known as the “Native” network) is the network that devices will join when physically connected to that switch port. It is also referred to as the "Untagged VLAN" because traffic without a VLAN tag (e.g., the VLAN ID is set to 1) is assumed to be a member of this network.

Tagged Networks and Trunk Ports

Ports can be configured to allow traffic from other networks. Allowing specific networks/VLANs is referred to as “tagging” them on the switch port.

Ports that have been tagged to allow traffic from multiple VLANs are referred to as “trunk” ports. By default, all ports on UniFi Switches are trunked to allow all VLANs. 

Configuring UniFi Switch Ports

To configure the VLANs associated with a switch port:

  1. Navigate to the UniFi Devices tab.
  2. Select a switch and click the Port Manager button.
  3. Select the desired port.
  4. Set a Primary Network, if desired.
    Note: If an AP is connected to a switch port, the Primary Network should never be the same as the network being broadcast by that AP (except when VLAN 1 is used). This will break connectivity and clients will not be able to join.
  5. By default, UniFi Switches tag all VLANs. To modify this, enable Traffic Restriction. The port will be tagged with all “Allowed” networks, or all networks that are not explicitly “Blocked.”
  6. If you set any restrictions, ensure that they will not break connectivity for devices elsewhere. See here to learn more.
  7. Apply the changes.

Your UniFi Device’s Management Network

The Management Network is the network that your UniFi device uses to communicate with your Network Application (i.e., to download an update). By default, a UniFi device’s Management Network will be assigned according to the Primary (Native) Network configured on the switch port it is connected to. To change a device's Management Network, follow these steps:

  1. Determine what network (VLAN) you would like to assign as the device's Management Network.
  2. Ensure that the desired VLAN is tagged on all relevant switch ports between the UniFi device and your network’s gateway. 
    1. Note: Do not assign this VLAN as the Primary Network for the switch port the UniFi device is directly connected to. This will break connectivity.
  3. Navigate to the UniFi Devices tab and select the target UniFi device.
  4. Enable Network Override in its settings.
  5. Select the desired network/VLAN.
  6. Apply the changes.
  7. Confirm that the changes take effect. 
    1. If your device went "Offline," then you likely made a mistake during step (2). See here to learn more.
Was this article helpful?
242 out of 518 found this helpful