Networking

Why Your Network Needs VLANs

Cadena Labs · January 20, 2026

What Is a VLAN?

A VLAN (Virtual Local Area Network) is a way to divide a single physical network into multiple isolated segments. Devices on one VLAN can't communicate with devices on another without explicit firewall rules allowing it.

Think of it like separate floors in an office building — each floor has its own access card, and you can only reach another floor if you're specifically authorized.

Why It Matters

Most networks run everything on a single flat segment. The printer, someone's laptop, the guest Wi-Fi, and the security cameras all share the same network. This creates two problems:

Security risk: If any single device is compromised, the attacker has access to everything else on the network. A compromised IoT camera can be used to reach your file server.

Performance issues: Broadcast traffic from chatty devices (printers, IoT sensors) affects every device on the network. VLANs contain broadcast domains, keeping your primary devices fast and responsive.

A Practical VLAN Setup

Here's a common configuration we deploy for offices and homes:

# VLAN 10 - Corporate (trusted devices)
#   Subnet: 192.168.10.0/24
#   Access: Full internet, inter-VLAN to servers only
 
# VLAN 20 - Guest Wi-Fi
#   Subnet: 192.168.20.0/24
#   Access: Internet only, no inter-VLAN
 
# VLAN 30 - IoT / Printers
#   Subnet: 192.168.30.0/24
#   Access: Limited, print services only to VLAN 10
 
# VLAN 40 - Security Cameras
#   Subnet: 192.168.40.0/24
#   Access: NVR only, no internet

Firewall Rules

The key is your inter-VLAN firewall rules. By default, block all traffic between VLANs, then create specific allow rules only for what's needed:

# Allow VLAN 10 -> VLAN 30 on port 9100 (printing)
# Allow VLAN 10 -> VLAN 40 on port 443  (camera dashboard)
# Block  VLAN 20 -> all other VLANs      (guest isolation)
# Block  VLAN 30 -> VLAN 10              (IoT can't reach corporate)

Getting Started

If you're running a UniFi network, VLAN configuration is built right into the Network Application. Create your networks, assign them to switch ports and Wi-Fi SSIDs, and set up your firewall rules — all from a single interface.

The initial setup takes about an hour for a typical setup, and the security and performance benefits are immediate. It's one of the highest-impact improvements you can make to your network.

More from the Blog

UniFi Setup Guides

Getting Started with UniFi

A practical guide to deploying Ubiquiti UniFi networking equipment — from planning to go-live.

Read More
Cybersecurity

5 Network Security Tips Everyone Should Know

Simple, actionable steps to harden your network against modern threats — no enterprise budget required.

Read More