Techno Tim Watch on YouTube

Configuring VLANs, Firewall Rules, and WiFi Networks - UniFi Network Application

4 min read 1 year ago
Published on Aug 06, 2024 This response is partially generated with the help of AI. It may contain inaccuracies.

Table of Contents

Introduction

In this tutorial, we will walk through the process of configuring VLANs (Virtual Local Area Networks) using the UniFi Network Application. We'll cover everything from creating a VLAN to setting up firewall rules and wireless networks associated with that VLAN. This guide is designed for both home users and enterprise environments, demonstrating how VLANs can enhance security, performance, and network management.

Chapter 1: Understanding VLANs

  • Definition: A VLAN is a group of devices that communicate as if they are on the same physical network, even if they are located on different segments.
  • Benefits:
    • Security: Isolates sensitive data and systems to prevent unauthorized access.
    • Performance: Reduces network congestion by segmenting traffic.
    • Management: Simplifies network management by grouping devices.
    • Flexibility: Facilitates network changes without physical adjustments.

Chapter 2: Creating a VLAN with UniFi

  1. Access the UniFi Network Controller:

    • Go to Settings.
    • Navigate to Networks.

  2. Create a New Network:

    • Click on "Create New Network".
    • Name the network (e.g., "iot").
    • Select a router (default is your UniFi device).
    • Uncheck "Auto Scale Network".
    • Set a custom IP address (e.g., 192.168.100.1 with a subnet mask of /24).

  3. Configure VLAN ID:

    • Set the VLAN ID (e.g., 100).
    • Choose "Standard" as the network type.
    • (Optional) Enable IGMP snooping and multicast DNS for IoT devices.

  4. Set Up DHCP:

    • Enable DHCP server for this network.
    • Define the DHCP range (e.g., from 192.168.100.100 to 192.168.100.200).
    • Save the new network.

Chapter 3: Creating a Wireless Network for a VLAN

  1. Create a New Wi-Fi Network:

    • Go to Wi-Fi Networks in the UniFi controller.
    • Click on "Create New Wi-Fi Network".
    • Name the Wi-Fi network (e.g., "iot better").
    • Set a password for the network.

  2. Bind the Wi-Fi to the VLAN:

    • Under Network settings, select the VLAN you just created (e.g., "iot better").
    • Save the new Wi-Fi network.

Chapter 4: Assigning a VLAN to a Switch Port

  1. Access Switch Settings:

    • Navigate to the switch you want to configure.
    • Go to Port Management.

  2. Configure the Port:

    • Select the port where your device is connected (e.g., Port 2).
    • Change the port profile from "All" to your new VLAN (e.g., "iot better").
    • Save changes.

Chapter 5: Testing Default Firewall and Security Rules for a VLAN

  1. Check Device Connectivity:

    • Ensure the device connected to the VLAN has received an IP address from the DHCP server.
    • Ping an external address (e.g., google.com) to confirm internet access.

  2. Test Inter-VLAN Communication:

    • Attempt to ping devices on other VLANs to verify isolation.
    • If connectivity occurs, ensure firewall rules are configured.

Chapter 6: Configuring Firewall Rules

  1. Access Firewall Settings:

    • Go to Settings > Firewall & Security.

  2. Create a Firewall Profile:

    • Navigate to the Profiles section.
    • Create a new profile (e.g., "iot better only") to restrict access.
    • Exclude all networks except the VLAN in question.

  3. Set Up Firewall Rules:

    • Create a new rule to block traffic from the VLAN to all other networks.
    • Select "LAN In" for the rule type and set the action to "Block".
    • Set the source to the new VLAN and the destination to the profile created.

Chapter 7: Testing Firewall Rules

  1. Conduct Connectivity Tests:
    • Test pings to the VLAN gateway and other VLANs.
    • Confirm that devices cannot communicate with other VLANs.

Chapter 8: Managing Inter-VLAN Communication

  • Allow Trusted Networks:
    • Decide which networks can communicate with each other.
    • Create rules allowing trusted networks to access the IoT VLAN if necessary.

Chapter 9: Organizing Firewall Rules

  • Rule Order:
    • Understand the processing order of firewall rules.
    • Place blocking rules at the end of the list to ensure they don't override allowing rules.

Conclusion

By following this guide, you have successfully configured VLANs within the UniFi Network Application. You learned how to create VLANs, set up wireless networks, assign ports, and enforce firewall rules to secure your network. Consider experimenting with different configurations and rules to tailor your setup to fit specific needs. For further learning, explore advanced firewall configurations or consider additional features offered by UniFi.

Table of Contents

Recent