How to Make UniFi Default and Guest Networks Share the Same VLAN
Published onby Iron
Managing networks with UniFi is a smooth experience, but things get a little more interesting when you want to make the default and guest networks share the same VLAN. While it’s common to separate guest networks for security reasons, there are practical cases where keeping them on the same VLAN is beneficial.
Let's dive in!

Table of Contents
- Why Use the Same VLAN for Default and Guest Networks?
- What You’ll Need
- Step 1: Create a VLAN
- Step 2: Create a Wi-Fi Network for Guests
- Step 3: Configure the Default Wi-Fi Network to Use the VLAN
- Step 4: Secure the Shared VLAN
- Step 5: Create Custom Firewall Rules
- Step 6: Limit Bandwidth for Guest Users (Optional)
- Common Problems & Solutions
- Benefits of Merging Networks on One VLAN
- Risks of Sharing VLANs
- Pro Tips
- Final Thoughts
Why Use the Same VLAN for Default and Guest Networks?
Typically, guest networks are isolated for security. But here’s why you might want to combine them:
- Simpler Network Design: Maintaining one VLAN instead of multiple makes your network easier to manage.
- Device Compatibility: Some older or IoT devices may struggle with VLAN tagging.
- Fewer Configuration Hassles: With one VLAN, you avoid having to configure VLANs on each connected device.
- Uniform Policies: You can set uniform bandwidth control and firewall rules for both guests and internal users.
But before you jump in, you should understand the trade-off. If your guests and internal devices are on the same VLAN, you must create security rules to protect internal resources from guest traffic.
What You’ll Need
- UniFi Controller Access: Log in to your UniFi Controller via the web or UniFi mobile app.
- A Working VLAN: If you haven’t created a VLAN, don’t worry — we’ll cover that.
- A Little Patience: Network changes may take a few moments to propagate.
Step 1: Create a VLAN
A VLAN (Virtual Local Area Network) allows you to separate traffic logically, even on the same physical hardware. In this case, we’ll create a single VLAN that will be used for both the guest and default Wi-Fi networks.
How to create a VLAN in UniFi
- Log in to your UniFi Controller (locally or via UniHosted).
- Go to Settings (gear icon) in the bottom-left.
- Click “Networks” from the sidebar.
- Click "Create New Network".
-
Configure the following:
- Name: "Shared VLAN"
- Purpose: Corporate
- VLAN ID: Enter an unused VLAN ID (like 20, 30, or 50)
- Gateway/Subnet: Enter a subnet like 192.168.50.1/24
- DHCP Server: Enable DHCP for this VLAN to assign IP addresses to devices.
- Click Apply to save.
🎉 You’ve created your VLAN!
Step 2: Create a Wi-Fi Network for Guests
Next, we’ll create a guest Wi-Fi network and link it to the shared VLAN.
How to create a guest Wi-Fi network
- Go to Settings (gear icon) in your UniFi Controller.
- Click “Wi-Fi” in the sidebar.
- Click "Create New Wi-Fi Network".
-
Enter these details:
- SSID (Network Name): “Guest Wi-Fi”
- Security: WPA2 or WPA3 (for better security)
- Password: Add a password for guest access.
- Use VLAN: Select the shared VLAN you created earlier.
- Enable Guest Control: This feature isolates guests from local resources.
- Enable Client Isolation: This prevents guests from seeing each other.
- Bandwidth Profile (optional): If you want to limit download/upload speeds, configure it here.
- Click Apply.
Your guest network is live! Now let’s configure your default network.
Step 3: Configure the Default Wi-Fi Network to Use the VLAN
This step links your primary (default) Wi-Fi network to the shared VLAN.
- Go to Settings.
- Click Wi-Fi.
- Edit your main/default Wi-Fi network.
- Scroll down to the Network section.
- Select the shared VLAN you created earlier.
- Click Apply.
Both Wi-Fi networks (guest and default) are now linked to the same VLAN.
Step 4: Secure the Shared VLAN
Since the default network and guest network share a VLAN, we need to prevent guests from accessing internal resources. Here’s how to keep things secure.
Enable Layer 2 Isolation
- Edit the Guest Wi-Fi from the Wi-Fi menu.
- Enable Layer 2 Isolation.
- Click Apply.
With this option enabled, devices connected to the guest network won’t see or interact with each other.
Step 5: Create Custom Firewall Rules
To prevent guest traffic from accessing internal devices, set up custom firewall rules.
How to create firewall rules for guests
- Go to Settings.
- Click “Firewall & Security”.
- Click Create New Rule.
-
Set the following:
- Rule Name: Block Guests from LAN
- Action: Block
- Direction: In
- Source: VLAN (choose the shared VLAN from the list)
- Destination: LAN
- Click Apply.
This rule blocks guest devices from accessing internal resources while still allowing them access to the internet.
Step 6: Limit Bandwidth for Guest Users (Optional)
If you don’t want your guests hogging all the bandwidth, you can limit their speed.
How to limit bandwidth for guests
- Go to Settings.
- Click “Profiles”.
- Create New Profile.
-
Set the following:
- Name: “Guest Bandwidth Limit”
- Upload Limit: 2 Mbps (example)
- Download Limit: 10 Mbps (example)
- Apply the bandwidth profile to the Guest Wi-Fi.
This step ensures your guests get access but not at the expense of your own internet speeds.
Common Problems & Solutions
Wi-Fi doesn’t connect
- Check if VLAN tagging is enabled on switches connected to access points.
- Ensure the VLAN ID is properly assigned to both Wi-Fi networks.
Guests can see other devices
- Re-check Layer 2 Isolation. This prevents devices on the same VLAN from communicating with each other.
- Ensure the “Block Guests from LAN” rule is active.
IP conflicts
- Ensure DHCP is enabled for the VLAN to properly assign IP addresses to guest devices.
Bandwidth limits not working
- Make sure the bandwidth profile is correctly applied to the guest network.
Benefits of Merging Networks on One VLAN
While it’s often recommended to separate guest and internal networks, there are several cases where sharing a VLAN works better. Here’s why:
- Easier Management: Managing a single VLAN instead of multiple reduces complexity.
- Faster Roaming: If users switch from default to guest Wi-Fi, the network switch happens faster since it’s the same VLAN.
- Saves IP Addresses: With one subnet, you avoid wasting IPs across multiple VLANs.
- Better for IoT Devices: Some IoT devices can’t handle VLANs well, so this method keeps them connected.
Risks of Sharing VLANs
While merging networks is convenient, it can create security risks. Here’s what to watch for:
- Guest Devices Accessing LAN: If you don’t configure firewall rules, guest devices might access printers, shared drives, or other network resources.
- IP Spoofing: Guest devices might try to impersonate local devices. This is rare, but possible.
- Bandwidth Hogging: Without limits, guest devices might use all your bandwidth. Apply guest bandwidth limits to avoid this.
Pro Tips
- Isolate IoT Devices: If you use smart home devices, consider creating a separate VLAN for IoT devices.
- Use Private Pre-Shared Key (PPSK): With PPSK, each user or device gets a unique password for connecting. Check the UniHosted Guide on PPSK for details.
- Regularly Review Firewall Rules: As you add more devices, check that your rules still make sense.
Final Thoughts
Combining the default and guest networks on the same VLAN is useful, but only if done right. Follow these key steps:
- Create a shared VLAN.
- Link the VLAN to both default and guest Wi-Fi.
- Set isolation rules to keep guests from accessing LAN devices.
- Apply bandwidth limits to control guest usage.
By following this guide, you’ll have a smart, simple, and secure network. If managing UniFi controllers sounds overwhelming, try UniHosted. We provide cloud-based UniFi controllers with automatic updates, 24/7 support, and backups — so you can focus on your network, not the admin work. If you would like me to personally walk you through UniHosted, you can schedule a call with me here.
We host UniFi Controllers in the Cloud
Are you ready to take your UniFi Network to the next level? Deploy a UniFi Cloud Controller in minutes and manage your network from anywhere.
Free tier available
Get the best support
Join 1660+ customers
No credit card required