Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1410
Views
0
Helpful
3
Replies

Recommended VLAN strategy for wired/wireless users

aacable79
Level 1
Level 1

‎01-06-2023 01:24 AM

Greetings,

Currently we are using default vlan-1 for all users desktop/laptops, servers, switches wireless etc.
To avoid broadcast related issues & to break network into smaller segments,  We are now in process of adding vlans on per department basis, Example 

  • IT> VLAN10 - 192.168.10.0/24
  • HR > VLAN 11 - 192.168.11.0/24
  • FINANCE > VLAN 12 - 192.168.12.0/24

& so on.

We have around 40+ Unifi access points (with single SSID with vlan1 at the moment) in different departments. for wired users we can simply tag the users access port in particular VLAN. but what should be the recommended strategy for users who have dual connectivity (wired/wifi, as every laptop user have wired+wifi , wifi connectivity is required because many users roams across the company or many only uses WiFi)

Should I create separate SSID like MYCOMP-CORP-WIFI & tag it with single vlan like vlan 1x (via UniFi controller) for wireless users? BUT this way dual connectivity users will have two VLAN network ips in there laptop (one via wired, other via wifi). is it ok to have this scenario?

OR

Should I assign each Dept. access points tag with that dept. vlan ? (SSID should remain same for roaming purposes)
Example:

  • IT DEPT UniFi SSID > MYCOMP > SSID tag with VALN10
  • HR DEPT UniFi SSID > MYCOMP > SSID tag with VALN11

This way at whatever dept. they will roam around, they will get that dept. assigned vlan IP. roaming will be transparent as SSID will remain same but vlan will be hanged based on AP group (in UniFi controller)

Which is better for design?

Labels:
0 Helpful
3 Replies 3

Karsten Iwen
VIP
VIP

‎01-06-2023 02:09 AM

There are still a lot of "it depends" here. In general you can go with one SSID for your corporate users but still give them individual VLANs. These are typically assigned by the RADIUS server. Having the same or different VLANs for wired and wireless has different pros and cons. With different VLANs, inserting and removing the notebook from the docking station can break connectivity as the VLAN changes. But you have better separation and control. Personally I like to have different VLANs because there is no extra work needed to keep the LAN broadcasts from the wireless network.

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to Karsten Iwen

‎01-06-2023 02:51 AM

@Karsten Iwen, this is schoolwork. 

0 Helpful

aacable79
Level 1
Level 1

‎01-09-2023 12:07 AM

From scalability perspective, (as company is growing & departments are being adding up) , it is better to have separate VLAN for all regular Wifi users (corporate users only) to connect via single SSID with separate single VLAN. This way all wifi users (corporate only) will be in single wifi broadcast domain & there would be no issue of connecting different devices like chromecast, discovery etc.

0 Helpful
Customers Also Viewed These Support Documents