Configure Unifi AP Guest/IOT VLAN

Hi, I’ve found a few guides, but they’re all about swconfig era. Now I need to do it with DSA and TurrisOS 7.1.3.

I’ve set up three networks with Unifi Network and various VLANs.

I’ve set one of the WIFI SSIDs to Guest network, so that should be all I have to do on the Unifi side, right?

Now I just need to route untagged traffic to LAN and tagged VLAN 10 to guest_turris. I’m not sure what the right way to do this is. I’ve tried creating interfaces like lan0.10, but usually ended up without connectivity to the device (it would just change it’s IP to the guest network and become unreachable).

Also, how can I stop the IOT (VLAN 20) devices from reaching the internet or each other, but still stay visible to the LAN?

Thanks in advance.

1 Like

you have to handle DHCP too. not only the interface. and you got to chose right port or bridge them together. if unifi is just for WIFI then just create right interface (for correct port) with other settings like DHCP and DNS starting with 6,IP of the GW. otherwise you would need to configure switching on your switch and connect vlans accordingly. then check ARP if VLAN is correctly propagated.

Did you figure it out?

Create firewall zones on Omnia/MOX whatever you are using and disable forwarding to WAN on IOT zone, device isolation I guess it should be done also on Unify side. And for the latter enable forwarding from LAN zone to IOT zone. And thats it.