Perfect. I need this now I'm setting up surveillance.

Thank you, thank you! I left a comment about this exact topic in your last video Managed/Unmanaged switches. It's like you were reading my mind ;) I know its coincidence really though because this logically follows that video. So thank you for all the videos you do Tom. You've help me with my home network more than I could ever repay. I'll just have to smash the thumbs-up on all your videos and hope that helps!

LMAO in my finest "Jen" voice - "It's the Internet? Where are all the wires?" Moss - "Jen, it's wireless!"

Thank you, going to try and setup a staff and guest wifi system with vlans, have built it with 2 routers to isolate 2 different networks as I was afraid of Vlans!

Have you planned any tutorial about setting Pfsense and Vlans in a DD-WRT router?

Ahhh you can create multiple SSID's on the UAP, that's awesome. You UniFi guys get all the nice features. Thinking of switching from Edgemax. :/ You can actually re-purpose your old dlink, asus, tplink wireless routers but they will rely on a managed switch port set as untagged, just like you would do for a PC vlan port. As you very accurately stated "those devices can only live within 1 subnet", unlike a UAP which can live on multiple VLAN's with multiple SSID's. UAP makes an Aircube look basic. I could have gone UniFi and used 1 UAP to do the job of 2 Aircubes. Good video. :)

For some reason this video seemed kind of incomplete to me. There was nothing technically incorrect with the video but it didn't touch about creating the VLAN network on the router and setting it up with a DHCP server. You couldn't magically define "VLAN 69" on the wireless device and expect to get a DHCP address without the backend in place.

At 8:35 you mentioned that VLANs don't need to be defined in the switch, just the AP and the Router. If there is a switch in between, can it be an unmanaged switch then or would an unmanaged switch strip off the VLAN tags?

Thanks for the information. You explained it perfectly!

Fab video, helped me when I made some mistakes :)

Hi, Thanks for your good video's. I would like to mention, that if you only have a UNIFI AP and no other UNIFI equipment, then you will need to keep the AP on the same L2 LAN as the controller, as they talk via L2. If you do that then you can add 2nd a VLAN based SSID if your switch can be configured to deal with id. I have just done this on using a HP Procurve switch, which requires the port to setup with the "main" (Controller and AP) LAN(VLAN) to use PVID, and the "tagged" VLAN for the second SSID on the same port. (This is properly specific HP switches)

I was pondering this exact subject when I came across your new videos.

Whoever is reading this. IF YOU DON T have an unify switch, just unify ap-s, you need to setup your switch, using 802.1q the port on which the ap is connected it must be a trunk, because as Lawrence sad, the ap is vlan aware.

anyone knows what is the name of the application Tom is using for the network diagrams? thanks!

Is it possible to use the secondary eth interface on the AC-PRO to pass out another vlan to a different device? Or only for LACP?

VLANS always give me a headache. But Lawrence is my Panadol/ Aspirin.

Nice video! Question: I know it is possible to assign VLANs dynamically via radius server. That means, you can use multiple VLANS with a single SSID. Do you do this in practice? If yes, what is your use case? Thanks

very nice explanation, thanks!

Left field question, Note: All gear is ubiquiti other than a simple unmanged netgear switch. PtMP omni rocket linked to nanostation 5AC. This 5AC creates the link from unmanaged switch to Omni- Rocket. How do I lock traffic to always be on a specific VLan (i.e. 20) ?

U can transfer different vlan traffic lanes on old router by physical Ethernet set from vlan router to wan of old router

Need some advice. Currently I am using a Netgear Orbi Mesh system consisting of 1 router and 2 satellites, our ISP is Virgin Media (I'm in the UK). Our current setup is quite straightforward, fibre to the home, coax (DOCSIS 3 cable) to the ISP modem, a 0.3M ethernet cable from modem to Netgear Obi RBR50 router, which then wirelessly broadcasts on a tri-band 5GHZ network (one 5G backhaul and 2 for general transmission). This setup is fine ordinarily, however we recently acquired some Ring devices, including one doorbell, and 4 Spotlight cameras, 1 camera mounted above the rear door to the garden, 1 at the side passage, and two at the front, and 1 doorbell at the front door of course. The router and modem are situated in the lounge nearer the garden camera. This setup works fine for the most part, however quite often one of the Satellites will lose connection and drop, when this happens the WiFi coverage to the front cameras and the doorbell becomes very poor and the images from said cameras are very pixelated, or not viewable at all as the camera goes "offline". We live in a weird style of house, the house is very narrow (thin) but goes back a LONG way. From front of the house to the very end of the rear garden is probably about 50 metres give or take, yet the house is only about 10 metres in width at its widest point. I am looking at moving to a Ubiquiti Unify system with either a Dream router or Dream machine, and at least two access points, either the AP Lite or AP Pro LR, as I understand the HD variants are a bit overkill. The property in question is a bungalow (no stairs, all on one level) and was built in the 1930's so is NOT modern with modern wiring (and having tried power line adapters in the past these do not work very well). We are currently on a Virgin Media VIVID 350 service, and get 350Mbps down and about 35 up. I've just done a speedtest and on a wireless device, connected to a Mesh Satellite in my room, on a 2020 MacBook Pro I am receiving 382 Mbps down and about 36 Mbps up. The question really is this. Is it possible to create an IoT VLAN for the Ring devices via Wireless? As these ring devices all connect wirelessly to the network at present. Ideally I want an internal network for devices such as laptops, phones, computers, printers, UDM, etc. And on a separate VLAN the Ring devices on a IoT Network. However from what I've seen of Unify you can only create a VLAN and have to assign it to a switch port, to send all traffic on that VLAN though that particular port. Of course these IoT devices won't be connected to a switch via ethernet as they are wireless, and thus their traffic cannot be sent down a particular port on the VLAN. I could setup another AP specifically for those devices, but then realistically where the AP would be mounted, other mobile devices such as sister's android phone and her tablet would likely connect to that AP as it would be closer, and at that point it defeats the point of an IoT VLAN if other devices are connecting to the same AP the VLAN traffic passes through. I am not entirely familiar with VLAN's, is it possible to create a VLAN and connect specific devices to this wirelessly? Thanks in advance.

Great content. I hope to see a video on Freeradius for authentication and accounting with VLANs on wifi

Nice video, thanks for sharing!!! This is the one AP I was looking for that can create muli VLANs on it. But it would be easier to have wireless connection back to router or switch, do they have any one likes that? Thanks

Quick question for you smart people out there if i have all the layer three switches and unifi ap. when i create a vlan just for guests will guests be able to see everything else in my network ie (Servers, Nas', and other devices) or will they only be able to reach the internet and other devices specifically on that vlan

I learnt about the program called dia thanks to this video, do u have a video on the softwares and browser plugins you use? Would be a good idea to do a video on that!

Can you do the same set-up explained using wlc?

Hi, Really nice video! How will you do if you had a Business Hotel with let's say 20 VLAN's and want a specific device get a specific VLAN tag? Let's say you got 10 rooms with different client's that needs to be separate, like room 1 gets VLAN 10 in the CAT6-Jack and you also wan't that clients laptop an smartphone or even printer get the same VLAN 10 but wireless. Is all this possible without setting up client certificates ?

How does the switch knows about tagging those 3 vlans? Is the switch port connecting to wireless AP already tagged by default?

How is it my unifi controller doesn't have any selection for vlan in the wireless networks settings? I see there's a VLAN field when you list the wireless networks, but there's nowhere to set it.

I have a doubt whether the wire coming from the AP to the switch port is a trunk port?

connected switch port need to configure as trunk port ?

I only have an Unifi Wifi U6-Pro. Is this possible to create a Wifi VLAN for guests and IoTs for example? Thanks.

Good afternoon, can you give me tutorial for setting vlan in unifi cloudkey gen 2 + without unifi security gateway? Thanks

Is there an updated video to this for the latest Network OS? Trying to do this on Network 7.1.61 and can't seem to find VLAN in my settings.

What other Wifi Brands support multi vlan for Wireless AP's?

Hi Tom, thanks for one more great video. While I don't want to avoid VLAN creation on my AC-PRO access points, I do wonder if I just can't assign MAC addresses to VLAN's. I mean, I know very well which devices are IOT (and there MAC), which are my laptops, my camera's and my admin mobile device + admin laptop. Can't we make a combo MAC/VLAN in an easy way ?

is the AP with multiple VLAN-SSID connected to Access port or Trunk Port

What of the UNIFI AP is facing a pfsense firewall port? Should I just set that port with all of the VLANS that I'm using? This should work right?

Typo in the title in the word unifi

Quick Question so can I have it setup up as pfsense to unmanaged switch from there To vlan ap would that work or do i need to use a vlan capable managed switch in place Of the unmanaged

can I mesh two of these unifi AP and transfer the vlan stuff to the extended mesh ap

Did you pay the 'elders of the internet' a royalty for using a photo of 'the internet'! LOL

@lawrence Systemas Hola oye como puedo hacer que un puerto tenga la vlan nativa, pero que ese puerto tambien pueda ver a las demas vlans la idea es que una computadora pueda ver otro segmento donde tengo servidores

You didn't mention where will be the DHCP pools on?

Can I use a WIfi Router , VLAN aware, and just turn off the routing If im using pfsense/opnsense firewall?

Thank you for this video, so in the switch the port where the AP plugged must be also tagged with VLAN 69? So all clients connectes with SSID "...sixty nine" can connect to all devices in VLAN 69?

what app are you doing your network diagrams in ?

is this applicable for CISCO sg350-28p switch, because this is my problem and i have five ssid in my access point ubiquity

You hold that AP like a burger 🍔😂

Is managment of UNIFI's works only on VLAN or can be changed to sth else ? Thank You

What IP is the AP getting? How is that decided?

Thanks for great video Is it possible to have a UniFi controller + 2 UniFi AP running on a Cisco network? Native VLAN 990 Management VLAN 10 and WiFI(internet trafic) VLAN120. How do I implement VLAN10 on Unifi AP6? Using UniFi controller software on a Ubuntu Server 20.04LTS. What VLAN does the controller and AP have to be on? PS, im new to UniFi :-) Does it give meaning to have a management ip on AP, when using the UniFi controller? BR And Thanks OFH Denmark

Do you have to defind an ip address to each vlan in the AP

Sending ALL to all Switches and Wireless AP makes it very unsecure. I would make a specific Trunk / VLAN Group to transport the VLANs needed

Hi, Can i still implement/deploy 2 units of nanoHD without cloud key just with the default ISP router and still configure it to have vlans , my idea is to separate the smart devices on one network and phones/pc etc on another one

Hello Lawrence! I just have one query can we set up 1 SSID with multiple VLAN? .(IP resolve using mac binding )

Can i specify a particular vlan for a mobile device connecting to an AP with multiple vlans setup. Say I want ipads to connect to a specific vlan over wifi... Regards.

Is it possible to have 1 SSID and use a L3 switch to tag wireless clients into different vlans? I want to use the unifi usw-pro-24 to do this. I don't think it's possible with any other of their switches basically as they seem to have a very limited L3 switch selection. Thank you!

Hmm. Every time I've delt with VLANs you have to define the vlan tag(s) on all switches down the line to the AP. Is this something new or a Unifi Switch feature?

Perfect video training, And what is program name??

what is that software you are using for network diagram and network simulation?

Sw: VLAN2, port 6 and port 2. Both tagged. AP: SSID2 with VLAN-ID 2. SSID not working. Why?

Hello Brother, Can we do VLAN on UniFi AC Pro? Bec We use different network devices, such as Mikrotik Router, SW Cisco220 50 Gigabit, UniFi AC Pro. Thanks ur comments

hasta el reculo tu video.

BIGGBY !!!

He's saying you don't have to touch any vlan settings in the switch? The AP vlan tags get passed right through the switch and make it to the router? Is this true of other brands of managed switches?

i'm running pfense, unifi switch 8 60w, and unifi nanohd ap, influenced by your many great videos. i'm having trouble with vlan. when i set it up per this video (along with getting the vlan setup in pfsense), a laptop connected to the newly setup vlan does not receive a proper IP. i have to go to Unifi controller > Settings > Local networks(NOT wifi network) > Create new network > name it and tag it the vlan number (disabling dhcp), then that newly created wifi vlan will work. however, when i ping from my new vlan to the original lan, there doesn't seem to be a connect, although my pfsense firewall rules are fully opened/any'ed... any help?

Can I have a single Pfsense firewall/router and a bunch of dumb unmanaged switches and WiFi access points and control/configure things like Vlans and access points from within Pfsense instead of having a separate managed switch (or several managed switches)?

Hey, I'm a little bit confused as to the access points switch port configuration. I have a edge router 12 on its way to me with a ac LR access point too. So the edge12 has switch ports do I simple drop the port into the vlan? Would the edge router not need a SVI in order to route? But then the DG. 1 is on the access point not the edge? The dhcp pool would also be sitting on the edge I assume or would it sit on the AP?

👍🏼

Hi Tom. Where the DHCP server for (main) VLAN1 is on a Win server, can the DHCP server for VLAN69 be on pfsense, or will that constitute a conflict?

Videos like these should start with barebones, skeleton, and network architecture, and not three switches with eight different VLANs. Why not just have 5 APs and a single Switch/Firewall and describe VLANs? Lawrence is super sharp and describes things well. I don't think he needs to complicate things to show his experience and intelligence. KISS!

Hey Tom, what shell is it that you're using at kzbin.info/www/bejne/bKjGk557aLl5acU and do you have available the config files for how to set it up?

1337 shoulda been 420

Hello Tom. Probably best to not throw up such a complex diagram if you want to talk vlans and wifi to new folks. Some of us understand but new folks don't.

Will having multiple vlans on a single ap reduce its performance?