User Tools

Site Tools


ubiquiti:vlan

This is an old revision of the document!


Ubiquiti - VLAN

VLANs (Virtual Local Area Networks), segregate traffic within a network. VLANs keep traffic from different networks separated from each other.

This process, also known as VLAN tagging, is invaluable to limiting broadcast network traffic, and securing network segments.


Common Terms

VLANVirtual Local Area Network, logical identifier for isolating a network.
TrunkA port enabled for VLAN tagging.
AccessA port that does not tag and only accepts a single VLAN.
EncapsulationThe process of modifying frames of data to include additional information.
802.1QThe most common encapsulation method for VLAN tagging.
Native VLANThe VLAN associated with all untagged traffic on a trunk.

  • Each VLAN is identified by a unique 802.1Q ID.
  • VLAN IDs 1 through 4094

VLAN's and IP-intefaces:

  • VLAN is a Layer 2 (L2) technology; data is sent between clients using mac-addresses.
  • VLANs limits broadcast/flooding a domain.
  • Only clients in the same VLAN and with IP-addresses in the same subnet, can send data to each other.
  • It is not possible to configure any DHCP on A VLAN, since VLAN is a L2 technology and DHCP requires an IP-interface, which is a L3 technology, so this VLAN should either be connected to an external DHCP-server or use static IP-addresses on the clients.
  • IP-interfaces is a Layer 3 (L3) technology; data is send between clients using IP-addresses.

Ubiquiti always uses VLAN 1 as the untagged native VLAN.


Trunk Port


NOTE: There are many different network types that can be created:

Any of these networks can be allocated to a VLAN.

  • Corporate is a general purpose network and by default is assigned to LAN.
    • The UniFi controller will provision not only the VLAN itself but also a matching IP subnet for this VLAN.
    • Clients associated to the VLAN uses the IP-interface as a default gateway to reach anything outside the VLAN, like other hosts on other VLAN's, the internet and so on.
    • On this VLAN it's possible to configure a DHCP-server locally on the switch to provide IP-addresses to clients.
    • IP subnets exist at Layer 3, whereas UniFi switches are purely Layer 2.
    • Therefore, if you have no USG, there's no point in creating a “Corporate” VLAN.
  • Guest will apply the Guest Control setting if you enable the Guest Portal.
  • VLAN Only will remove any subnet options and can be used to define VLANs for pure VLAN tagging purposes by Unifi switches.
    • This allows you to add/remove a VLAN tag to network packets on a switch port (for instance) connected to another, non-Unifi network device that expects/sends these.
    • It is not possible to configure any DHCP on this, since VLAN is a L2 technology and DHCP requires an IP-interface, which is a L3 technology, so this VLAN should either be connected to an external DHCP-server or use static IP-addresses on the clients.
    • This is the best choice to use for a VLAN, if not using a USG.
  • VPN Client is USG specific.
  • Site-to-Site VPN is USG specific.
  • Remote user VPN is USG specific.
ubiquiti/vlan.1607562843.txt.gz · Last modified: 2020/12/10 01:14 by peter

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki