Back to Blog Guide

How to Set Up VLANs on a Unifi Dream Machine

April 2026 · 8 min read

If every device on your network shares the same broadcast domain, you're leaving performance and security on the table. VLANs (Virtual Local Area Networks) let you split one physical network into multiple isolated segments — and the Unifi Dream Machine makes it straightforward to set up.

Whether you're separating IoT devices from your main network, isolating guest Wi-Fi, or building out a home lab, this guide walks you through the entire process.

What Is a VLAN and Why Does It Matter?

A VLAN is a way to logically divide a single physical network into separate, isolated networks. Devices on one VLAN can't communicate with devices on another VLAN unless you explicitly allow it through firewall rules.

This matters for three reasons:

Common VLAN Setups

Here are the most common segments we set up for clients:

Step 1: Create a New Network

Open your Unifi Network application and navigate to Settings → Networks. Click Create New Network.

Repeat for each VLAN you want to create.

Step 2: Create Wi-Fi Networks Per VLAN

Go to Settings → WiFi and create a new wireless network for each VLAN that needs Wi-Fi access.

Each SSID maps to a specific VLAN — so when a device connects to "Home-IoT", it lands on VLAN 20 automatically.

Step 3: Assign Switch Ports

For wired devices, you need to assign switch ports to VLANs. Go to Devices, select your switch, and click on a port.

Step 4: Set Up Firewall Rules

By default, VLANs on Unifi can still talk to each other. You'll want to create firewall rules to block inter-VLAN traffic and then allow specific exceptions.

Navigate to Settings → Firewall & Security → Firewall Rules and create a new rule:

This blocks IoT devices from reaching your trusted devices while still allowing them to access the internet. Repeat for each VLAN pair you want to isolate.

Step 5: Test and Verify

Connect a device to each VLAN and verify:

  1. It gets an IP in the correct subnet (e.g., 192.168.20.x for IoT)
  2. It can reach the internet
  3. It cannot ping or access devices on other VLANs
  4. Any intentional exceptions (like a printer shared across VLANs) work correctly

Common Mistakes to Avoid

When to Call a Professional

VLANs are powerful, but they can get complex — especially when you're dealing with inter-VLAN routing exceptions, mDNS across VLANs (for AirPlay, Chromecast, etc.), or larger environments with multiple switches and APs.

If you're not sure about your setup or want it done right the first time, that's exactly what we do.

Need help setting up VLANs?

We configure Unifi networks every day. Let us handle the setup so you can focus on everything else.

Book a free call