In my example above, I have very restrictive firewall rules on the firewall that is routing the different VLANs and subnets. In my case, I make all the subnets routable so that the UniFi controller is available no matter what subnet and/or VLAN your on. Keep in mind that you must make the controller available on both the untagged “provisioning” VLAN 1, as well as the new custom management VLAN as well. Once the device is provisioned and attached to the UniFi controller, you can configure it to use a different VLAN as it’s management VLAN. This is because when you purchase or deploy new UniFi equipment, it will always try to obtain an IP on untagged VLAN 1, and try to contact the controller using this network.īy having a functioning “provisioning” network and subnet on VLAN 1, the devices can obtain their configuration, and provision from there. When you choose to change the default management VLAN, typically you need to maintain a network/subnet on untagged VLAN1. This can be for a number of reasons such as reducing the security vulnerability footprint, customizing for specific customers or environments, or we just like to change it from the default VLAN. Some users (myself included) like to avoid using the default management VLAN of 1. Please note that I’m focusing on the theory and understanding as to how communication is handled, instead of providing step by step instructions which is what readers are usually accustomed to on this blog. In this post, I’m going to go over how to do this, as well as troubleshoot if something should go wrong.
When deploying a new UniFi network using Ubiquiti UniFi hardware and the controller, you may wish to change the management VLAN, and/or the VLAN that the hardware uses to communicate with the UniFi Controller.
0 kommentar(er)
