Configure VLANs on Unifi Switches 

Absolutely. In businesses, I highly recommend doing that. In a home, owners choice. Good call out though.

Awesome. I am so happy to hear that.

Again, thank you for your compliments and generous tip amount.

You're very welcome! I enjoy hearing that it helped you out!

That is so great. Planning is key!!!

Thank you very much for your kind words.

I agree with you about the breezing over thing and will always try to be a bit more thorough in my videos... I get blasted for that though too and "talk too much" LOL. Thanks for your kind assessment!

Oh great. Glad you found it helpful.

What specifically with that NAS?

@@ethernetblueprint I guess so that DiskStation Manager (DSM), Synology Drive and Synology Office can be reached from the outside safely. As well as from the inside from the default VLAN.

Copy that. Thats a good video idea.

You bet!

Yes. Planning is a big part of the process.

Wow. That’s quite the setup. I plan on doing a wireguard video here soon.

@@ethernetblueprintGreat! Do one for the iPhone and Windows environment. There are a couple different methods for installing them. Take it slow and step by step. Everyone will like that

Thanks for the suggestion.

It was my pleasure...

Thanks for sharing... I'm sure the viewers really appreciate the extra info on the matter! Nice comment!

I will see what I can do. I have a triple NAT situation currently that I may need to fix before I can do many VPN instructions. It’s on my list though. Thanks for watching.

@@ethernetblueprint Thank you, looking forward to it

Yes, As long as the router is capable of VLANs, you should be add them in the controller and have it all work together. Make sure the VLAN IDs match.

I know that wasn't part of that video, but that is how I have my network now. I like having a mgmt network for my network devices to communicate on... Thumbs up all the way!

Good question. I’ll break this into two parts to try and answer you. Let me know if you’re still confused. So most switches are layer 2. And routers are layer 3. So when you have a layer 3 switch, you are talking about adding routing and creating VLANs in the switch instead of the router. Forgetting layer 3 switching for a second, if you just have a standard layer 2 switch, you can have two different kinds. Managed and unmanaged. Unmanaged means that you can’t log into the switch and make configuration changes. It just takes a single cable plugged into it and whatever that network is, then all the ports on that switch will transmit that network. A managed switch on the other hand allows you to configure it, assign VLANs, name ports, define settings, etc…. All UniFi switches are managed and can be adopted. When I mentioned that in this video, I simply meant that you can use ANY brand managed switch and use it in your UniFi network. However for your VLANs to work, you would need to log into that switch individually and configure your VLANs to match what you setup on your UniFi router. It’s much easier to just use UniFi and have that single pane of glass but many users already have switches that they want to use with UniFi so I wanted to point out that it’s possible. Hope that helps. Let me know if you need more clarification.

@@ethernetblueprint This indeed clarifies the doubts I had. Thanks a lot for the explanation!

Happy to help!

Hmmm. It worked for me. I had my trunk port setup to communicate on all VLANs and my camera setup just like that and it worked well.

Switch to switch connections need to be setup as trunk ports... No matter what model and brand of switch...

@@ethernetblueprint Thanks for the fast reply. Let me bother you a bit more with the issue I'm having. I know I'm doing something wrong as this is all new to me and kind of like learning about it on my spare time. The system is 100% Ubiquiti setup with a Unifi Next Gen Gateway Pro, USW Pro MAx 48 POE and a couple of USW Flex where cameras are all hook up....the VLAN is created and the cameras have static IP on this VLAN. Right now everything is set to trunk (allow all) and my PC on the main (native) VLAN has access to the cameras. So on the MAx 48 (main switch) I have the two ports that go to the USW Flex set to the VLAN Camera (Only Cameras are connected to the USW Flex), the ports on the FLEX I can't set them to the Camera VLAN as I loose connection, so ended up setting the ports the cameras are connected to the Native VLAN. I also left the USW FLex link port to the Max 48 on the Native VLAN. If I change any of these to the camera VLAN I lose connection from any PC on the Native....could you give me a hint on the mistake I'm making here? The idea being that a PC on the native VLAN can access the cameras but not the other way around. Thanks in advanced!

I may need a bit more information... It sounds like maybe there there is an issue with your FW rules. why don't you email me at tim@ethernetblueprint.com and we can try to figure out what is going on...

I am sorry for your troubles. In theory, you are correct. Communication is open from the default to the other VLANs and not visa-versa. The actual issue here may be difficult to answer in the comment section. I'd be happy to try and help offline if you like. Send me an email to tim@ethernetblueprint.com and we can dive in a little easier.

I haven’t tested layer3 on UniFi switches. I’m sorry, I can’t answer that for you.

I will see what I can do. With all of those items being fairly interconnected, especially from a FW standpoint, I may be forced to still cross into each of the categories a bit... but I will still see what I can do...

@@ethernetblueprint (Sorry) This RU-vid is so awesome, it would be so much better if it was in small sections\parts (Part 1 blah (different 5min video), Part 2 (different 5min video, etc)). But it is missing the Firewall Rules.... Note: The reason I mention smaller videos is because it allows us to revisit that one and only video that will help us get to where we want faster, then attempting to find what we need at the moment we need it, sorry if this sounds selfish, it is just a thought :) Again, Sorry: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-yWlvuwq5AXE.html

I just watched the video you linked. I do like how the content that was presented and, however, i wouldn't setup a home network (or small business for that matter) like that... you have to have FW rules. Just my opinion.. which are all over YT... LOL

Yes, you can use a 10.10.20.0 255.255.255.0 as one VLAN and 10.10.10.0 255.255.255.0 as a different VLAN and be just fine.

Hey man. Thanks for the comment. The camera VLAN is setup exactly like the IOT network in my “Let’s make some VLANs” Video. Exactly the same. But there isn’t a video that shows how to set it up.

@@ethernetblueprint Great thank you. Your first VLAN video worked for me on Wifi devices (Hue lights work perfectly) but I can't seem to bugger how to get wired devices that have smartphone/tablet controllers like hifi audio streamers to work with the same rules/profiles.

That sounds more like a multicast issue. Make sure mDNS is enabled on the VLANs that you want to control like that.

OK - I got it. It was on the device introduction side and not on your VLAN implementation. I now have smart lights and an audio streamer on the VLAN from your tutorial. Thank you!

I agree with you. There are definitely some challenges there. With Sonos specifically, I almost always put it on my main/default devices network - which is less secure but makes it work better. I haven’t worked with HomeKit much yet but am in the process of implementing that and home assistant in my home. So more to come on that.

I believe it is because I am setup for early access releases since this is my testing unit.

Pro and Cons to that. I don't do that and like my APs to be on different channel to help combat interference. If you have them all on the same channel and there is interference on that channel, it affects your whole network. Many Mesh system struggle with this... To date, I haven't had this happen with my APs on different channels.