Important: Free Tier signup is temporarily disabled for new users June 7th - June 16th

How to use VLANs in UniFi

Published onby Dries (edited on by Iron)

VLANs (Virtual Local Area Networks) are one of the most powerful tools for securing and organizing your network. They let you segment traffic, isolate devices, and apply different rules for different use cases, and all without buying extra hardware.

In this article, I'll walk you through how VLANs work in UniFi, what they’re good for, and how to set them up on your UniFi gateway and controller.

Lets dive in!

🚨 Before we dive in, please don't self-host your UniFi Controller if you take care of client networks. Sooner or later this will cause issues! It's fine for home users, but definitely not recommended for IT service businesses and MSPs. If you want secure, reliable and a scalable hosting solution check out UniHosted.

Table of Contents

Rather watch a video?

Instead of reading, you can also check the explanation here by our own Fernando:

What VLANs actually do

A VLAN is a virtual subnet inside your existing network. Instead of wiring up separate routers, you create logical networks, like “Guest,” “IoT,” or “Security”, and isolate them with VLAN IDs.

VLANs operate at OSI Layer 2 (the data link layer) by tagging traffic. Switches and routers then use that tag to enforce boundaries. Devices in VLAN 20 can’t talk to VLAN 30 unless you explicitly allow it.

This gives you better control, security, and performance—especially on UniFi, where everything is centrally managed.

Why VLANs are useful

  1. Better security: Guests can’t reach your POS system. IoT cameras can’t see your laptops. VLANs stop lateral movement by default.
  2. Network efficiency: VLANs reduce broadcast noise by keeping devices in smaller groups. That cuts down on background traffic.
  3. Logical organization: You can group devices by function (not just location). Way easier to manage at scale.
  4. Scalability: Need a new network? Just add a VLAN. No need to run more cables or buy more gear.

Common VLAN examples

  • LAN (VLAN 1) – Your main network
  • IoT (VLAN 20) – Cameras, printers, smart plugs
  • Security (VLAN 30) – NVRs, access control
  • Guest (VLAN 40) – Isolated internet-only access

How to set up VLANs in UniFi

1. Create VLANs under “Networks”

Go to Settings > Networks and create a new network for each VLAN.

  • Name it clearly (“IoT” or “Guest”)
  • Choose “Virtual Network”
  • Set a unique VLAN ID (e.g., 20, 30, 40)
  • Define the subnet and DHCP settings
  • Leave the zone as “Internal” unless using the Hotspot zone for guest isolation

Repeat for each VLAN you want.

2. Create matching Wi-Fi networks (optional)

If you want each VLAN to have its own SSID:

  • Go to Settings > Wi-Fi
  • Create a new Wi-Fi network
  • Assign it to the correct VLAN in the Network dropdown
  • Set a secure password
  • Repeat for other VLANs

3. Assign VLANs to switch ports

If you’re using UniFi switches, you can bind VLANs to specific ports.

  • Go to Devices > [Switch] > Ports
  • For uplinks or APs: set the port profile to “All” (this is a trunk port that carries all VLANs)
  • For end devices: assign the port to a specific VLAN using “Native Network”

This is useful if you want, say, port 5 to always put a wired device on the IoT network.

4. Test it

Connect a device to each VLAN and make sure:

  • It gets the right IP address
  • It can access the internet
  • It cannot access devices from other VLANs (unless allowed)

Use ping or traceroute from each VLAN to verify isolation.

Quick note on VLAN IDs

Each VLAN needs a unique ID. It’s just a number, VLAN 1 is the default, then you can use 2–4094 for custom ones.

Best practice: match the VLAN ID to the third octet of the subnet, e.g.:

  • VLAN 20 → 192.168.20.0/24
  • VLAN 30 → 192.168.30.0/24

It makes troubleshooting way easier.

What about firewall rules?

By default, VLANs can talk to each other. If you want to isolate them, you’ll need to block traffic between VLANs using Firewall > Rules.

We’ll cover UniFi firewall best practices in a separate post, since it deserves its own deep dive.

Final thoughts

VLANs let you run multiple isolated networks on the same hardware. In UniFi, they’re easy to manage and give you full control over your topology, traffic, and security.

If you're an MSP or IT provider, VLANs should be part of every deployment. And if you don’t want to deal with controller hosting, we built UniHosted to do this for you: Reliable, scalable, and set up for MSPs managing multiple networks.

If you would like me to personally walk you through UniHosted, you can schedule a call with me here.

We host UniFi Controllers in the Cloud

Are you ready to take your UniFi Network to the next level? Deploy a UniFi Cloud Controller in minutes and manage your network from anywhere.

Deploy Now

Free tier available

Get the best support

Join 1660+ customers

No credit card required