I want to upgrade my home from Wifi 6 (AX) to latest 7 with 6 GHz band pretty much dedicated for VR gaming. Also reason for upgrade is to streamline device connectivity so that there's no dead spot for smart home devices and no dead spot for regular home devices. I currently have 2 VLAN set up via VLAN port assignment of a Netgear 16 port router. One for smart home devices the other for wired computers. Proxmox box sits across the 2. The ISP provided router doing AP for smart devices from side of the house (study, used to be garage), whilst regular home Wifi is an Asus RT-AX86 doing all the gateway stuff at centre of the house in the living room. My phone has poor regular home Wifi signal when in the study and robo vacuum has poor reception at other side of house. What I would like to do is to have 2 PoE AP's and a gateway. So that the gateway and PoE switch can be powered by the single UPS also powering the Proxmox box. One AP mounted on top of study doorway for faultless living room and study coverage. The other mounted centrally on 1st floor landing. But how would VLAN work if I go with Unifi U7's and Gateway? Can I continue to use the Netgear "smart" switch? Is this what 802.1Q for? But it's still port based assignments. How do I find all the info about TPlink Omada range? There's lots of similar ones, product segmentation doesn't seem clear. I see Home Assistant also have Omada addon to run it offline?
I'm guessing this is where I select VLAN identifiers: What is the difference between tag, untag and nothing? So in Unifi AP, can I select the VLAN tag (let's say VLAN identifier 05) for IOT devices WIFI? Then if I use same VLAN identifier number here and unselect ports that go to NAS, it would mean those IOT devices wouldn't go to my NAS with a different VLAN identifier, correct?
How does VLAN work for unmanaged switches (looking at a 2.5 and 10G switch in marketplace). If the unmanaged switch is connected to a VLAN aware gateway (eg. Unifi cloud gateway ultra), would I be able to mask it from IOT devices VLAN?
Unmanaged switches tend to ignore vlan's, if you're lucky it'll just put all devices on ewhatever vlan the upluink is on, if you're unlucky it'll try and put everything on vlan 1. For the other ones. Usually: Untag means default (if you plug a device in then it goes on this vlan). Tagged means it's allowed (if you plug in a vlan aware device you can send data on this vlan)
Thanks so much for direct answers. Currently all VLAN are set by ports on the smart managed Netgear switch. Seems like I've been lucky where the unmanaged POE switch for cameras are happy to be divided into a different VLAN compared to my PC and NAS. The ISP provided router is also happy to be on that VLAN as AP for IOT devices. Now I'm trying to envision how would this work with Unifi AP's. I suppose in the Unifi software, I will be able to set a second WIFI SSID for IOT devices, get it to be on a different VLAN to home network. But how do I set Netgear switch? May be best to keep everything simple, I need to have 2 switches and use Unifi gateway ports to split them? Is that possible from within Unifi software? One for home network and NAS; the other IOT devices? (not keen to buy Unifi switches, they seems super expensive) (planning to buy a Cloud Gateway ultra and 2x AP's)
Step 1: List all the zones/areas you need. These will be your VLANs. Once you've got this list then you can plan how you're going to build your trunks/ports. As an example here's how I do it at home. VLAN 1: Management (I know VLAN 1 really shouldn't be used but Unifi can get the hump if it's not there). VLAN: 10: Servers VLAN 20: Data (wired clients) VLAN 30: Wifi (home devices) VLAN 40: Voice VLAN 99: Guest I then map these to my address scheme: 10.Site.VLAN.Host. E.G> 10.100.10.1 is the gateway for the server VLAN, 10.10.10.10 is a server). Once you've got all that sorted then you can work out what you're putting on a single VLAN port and what you need to make trunks for (the AP's will need trunks, as will other managed switches). In my example trunks have VLAN 1 as native (Untagged) then the other VLAN's tagged.
Ok, let me try to do that: VLAN 1: Unifi management VLAN 10: servers VLAN 20: normal devices VLAN 50: IOT devices VLAN 99: Guest So 10 and 20 are normally connected together, just following your lead, I originally thought I only need 3 VLAN's. Home Assistant will reside across 10, 20 and 50. Key I wanted is to separate IOT devices and guests from servers and normal devices. So the 16 port smart managed Netgear router will need to be trunk connected with all VLAN from the gateway, then use 802.1Q configuration and set appropriate tags for combination of VLAN I need. Same as you've said, seems like the U AP's can even be connected from none Unifi switches as long as all VLAN are passed across. https://community.ui.com/questions/USG-802-1Q-VLAN-how-to/2e53af19-8020-4fc3-a2a5-d7449009914f I thought VLAN are one layer below IP's. I don't understand why you are mapping VLAN to your address scheme, is address scheme something else?
A VLAN is a subnet. There should be a 1 to 1 mapping of VLAN's to subnets. You cannot use the same address space on more than 1 subnet. Therefore if I use the third octet to identify what VLAN it it, I can quickly see what VLAN a device is on by its IP address (same for sites). If you're happy with servers & devices on the same supbet VLAN then that's all good, I just keep them seperate as that's what I do at work (enables me to add ACL's from clients to servers etc)
That IP explanation just raises more questions in my primitive brain....... Let's say: - 10.0.10.6 for Home Assistant - 10.0.20.2 for PC - 10.0.50.3 for an IOT device Would I also need to set subnet masks for device differently in order for it to be able to see and talk to other devices? Or same subnet for all devices? Eg. 255.255.0.0? But I think I now understand VLAN configuration relationship between 3rd party switch and U AP, thank you so much.
Use /24's for all of them (255.255.255.0), they will go through your gateway/firewall to talk between VLAN's.
