Make UniFi Default and Guest Networks Same VLAN
Published onby Iron
Creating a network where both your default and guest networks share the same VLAN might seem like a strange move, but it has its purpose. It’s often done to simplify configurations or manage network traffic in a unified way. If you’re wondering how to do this in UniFi, we’ve got you covered. Here’s a fun, practical, and simple guide to making it happen.
Let's dive in!

Table of Contents
- Why would you do this?
- How UniFi Handles VLANs and Networks
- Steps to Make Default and Guest Networks Use the Same VLAN
- Common Issues and Troubleshooting
- When Should You NOT Do This?
- Example Use Case
- Bonus: UniHosted Makes it Easier!
- Final Thoughts
Why would you do this?
There are several reasons why you might want to have the default and guest networks share the same VLAN.
- Simplicity: Managing one VLAN instead of two can reduce complexity.
- Limited VLANs: Some ISPs or small business setups have a limited number of VLANs they can create.
- Easier Traffic Control: By having them on the same VLAN, you can use UniFi’s built-in firewall rules to control guest access without needing VLAN isolation.
- Guest Access without VLANs: If you don’t want to segment your network, but still want some guest network controls, this method works.
How UniFi Handles VLANs and Networks
UniFi separates "networks" from VLANs. A network can have no VLAN (for flat networks) or be tagged with a VLAN ID. Each Wi-Fi SSID can be linked to one of these "networks." By default, the default network has no VLAN (or VLAN 1) and the guest network is typically placed on its own VLAN. But, you can override this behavior.
Steps to Make Default and Guest Networks Use the Same VLAN
1. Open UniFi Controller
- Log in to your UniFi Controller via the web at "https://unifi.ui.com/" or via your UniFi mobile app.
- If you're using a UniFi controller hosted on UniHosted, log in through your UniHosted dashboard for faster access.
2. Create or Identify the VLAN
- Go to Settings > Networks.
- If you already have a VLAN you'd like to use for both networks (like VLAN 10), skip this step.
- Otherwise, click Create New Network.
- Name it something clear, like "Shared VLAN".
- Set the Purpose to Corporate (not Guest) since we want it to act as a normal internal network.
- Set the VLAN ID (for example, VLAN 10) and assign it an IP range (like "192.168.10.1/24").
- Hit Apply Changes.
3. Update Default Network to Use VLAN
- Click on the existing Default Network.
- Change the VLAN ID from None to the one you created (like VLAN 10).
- Save your changes.
Note: This may momentarily kick devices off the network, so plan for some downtime.
4. Update Guest Network to Use Same VLAN
- Go to Settings > Wi-Fi.
- Locate your existing Guest Wi-Fi Network.
- Edit the network and set the Network option to Shared VLAN (the one you created in Step 2).
- Optionally, configure your guest Wi-Fi with bandwidth restrictions, rate limits, or schedule access.
- Save your changes.
5. (Optional) Separate Traffic with Firewall Rules
Just because the networks are on the same VLAN doesn’t mean they have to talk to each other. You can separate them with firewall rules.
How to do it:
- Go to Settings > Firewall & Security.
- Add a new LAN IN firewall rule.
- Set the Action to Drop.
- Source: Choose the Guest Network.
- Destination: Choose the Default Network or use a range of IPs.
- Save the rule and ensure it’s enabled.
This ensures that even though both networks are on the same VLAN, they cannot communicate with each other.
6. Enable Guest Controls (Optional)
- Go to Settings > Wi-Fi.
- Click on the Guest Wi-Fi network.
- Turn on Guest Network.
- This activates guest isolation, which means guest devices can’t see each other.
Note: Enabling guest controls can prevent local device discovery (like Chromecasts or printers) for guest users.
7. Test Your Setup
- Connect a device to the Default Wi-Fi and check the IP address (like 192.168.10.x).
- Connect a device to the Guest Wi-Fi and check if it’s on the same subnet.
- Try pinging between devices on the Default and Guest networks. If you set up the firewall rules correctly, they shouldn’t be able to communicate.
Common Issues and Troubleshooting
1. Devices aren't getting IPs.
- If devices aren’t getting IP addresses, make sure DHCP is enabled for the network (Settings > Networks > DHCP Server).
2. Guest devices can access default devices.
- Make sure you’ve configured firewall rules to drop traffic between guests and default users.
3. Devices can't connect to the guest network.
- If guest isolation is on, and firewall rules are strict, guests might have issues connecting to certain services (like Chromecast). You may need to add some exceptions to allow certain devices to work.
When Should You NOT Do This?
While this setup works for small networks, there are times when it’s better to separate networks using VLANs.
-
Security Concerns:
- Keeping guests on the same VLAN could expose internal devices.
- Without strict firewall rules, guests may access internal resources.
-
Performance Impact:
- Having everything on the same VLAN can flood the network with broadcast traffic.
-
Device Discovery Issues:
- If guest isolation is on, users may have issues connecting to shared devices (like printers or Chromecasts) even if they are technically on the same VLAN.
Example Use Case
Let's say you run a small coffee shop. You want to provide guest Wi-Fi to customers but don't want to deal with VLANs. By using a shared VLAN, you simplify the setup while still controlling guest traffic. You can apply bandwidth limits to guest users and block access to internal devices. Easy, simple, and effective.
Bonus: UniHosted Makes it Easier!
If you want to simplify the process even further, consider using a cloud-hosted UniFi controller from UniHosted. It offers automatic backups, updates, and monitoring. With one click, you can roll back to a previous configuration if something breaks. We offer free trials, so give it a shot if you want a hassle-free experience.
Final Thoughts
To recap, making your default and guest networks share a VLAN is simple:
- Create or identify a shared VLAN.
- Set both Default and Guest networks to use this VLAN.
- Add firewall rules to separate guest and default traffic.
- Optionally, enable guest network controls.
With these steps, you can manage both networks efficiently while ensuring security and network isolation. If you need help, UniHosted makes it easier by hosting your UniFi Controller in the cloud, with support ready when you need it.
If you would like me to personally walk you through UniHosted, you can schedule a call with me here.
We host UniFi Controllers in the Cloud
Are you ready to take your UniFi Network to the next level? Deploy a UniFi Cloud Controller in minutes and manage your network from anywhere.
Free tier available
Get the best support
Join 1660+ customers
No credit card required