Network Configuration
The network design section established the addressing scheme and VLAN structure for all three sites. This page implements that design on Prevernal, the primary site gateway. The same steps apply to Vernal and Estival, substituting the appropriate address ranges for each site.
All configuration in this page is done via the UniFi Network application at https://10.1.0.1 after completing the initial configuration steps.
Understanding UniFi networks
In UniFi terminology, a network is a combination of a VLAN and a subnet. Creating a network in UniFi simultaneously creates:
- The VLAN tag
- The gateway interface with an IP address
- A DHCP server for the subnet (if enabled)
- The routing table entry
Deleting a network removes all of these at once. This is the correct model: VLANs and subnets are not configured independently.
The default network
The setup wizard creates a default network called Default on VLAN 1 at 192.168.1.0/24. This should be replaced with the Core network from the network design before any devices are connected to it.
Navigate to Settings > Networks. The default network appears here. Edit it rather than deleting it to avoid losing management connectivity during the transition.
Edit the Default network:
| Field | Value |
|---|---|
| Name | Core |
| Purpose | Corporate |
| VLAN ID | 14 |
| Gateway IP / Subnet | 10.1.0.1/24 |
| DHCP | Enabled |
| DHCP Range | 10.1.0.100 to 10.1.0.250 |
| DHCP Name Server | 10.1.0.1 (update to internal resolver once available) |
| DHCP NTP Server | 10.1.0.1 |
| Domain Name | yourdomain.net |
Save and apply. The gateway address changes from 192.168.1.1 to 10.1.0.1. Reconnect the management computer on the new subnet before continuing.
Creating the remaining networks
Navigate to Settings > Networks > Add Network for each additional network in the design.
Prevernal site networks (10.1.x.x)
Create each network with the following settings. The Purpose should be set to Corporate for internal VLANs and Guest for the Visitor VLAN. Leave DHCP enabled for all VLANs unless there is a specific reason to manage addresses statically.
| Name | VLAN | Gateway | DHCP Range |
|---|---|---|---|
| Core | 14 | 10.1.0.1/24 | 10.1.0.100-250 |
| Fury | 15 | 10.1.10.1/24 | 10.1.10.100-250 |
| Apex | 16 | 10.1.20.1/24 | 10.1.20.100-250 |
| Collision | 17 | 10.1.30.1/24 | 10.1.30.100-250 |
| Skyforth | 18 | 10.1.40.1/24 | 10.1.40.100-250 |
| Twilight | 19 | 10.1.50.1/24 | 10.1.50.100-250 |
| Flow | 20 | 10.1.60.1/24 | 10.1.60.100-250 |
| Earth | 21 | 10.1.70.1/24 | 10.1.70.100-250 |
| Glide | 22 | 10.1.80.1/24 | 10.1.80.100-250 |
| Visitor | 23 | 10.1.90.1/24 | 10.1.90.100-250 |
| Testnet | 25 | 10.1.200.1/24 | 10.1.200.100-250 |
| Divided | 26 | 192.168.1.1/24 | 192.168.1.100-250 |
For the Visitor network, set Purpose to Guest and enable Client Device Isolation. This prevents devices on the Visitor VLAN from communicating with each other or with any other VLAN. They receive internet access only.
For the Testnet network, consider whether you want DHCP enabled or whether you will manage test addresses manually. DHCP is fine for most testing scenarios.
For the Divided network, this is the ISP-facing segment. Configure it to match whatever the ISP provides rather than using the address above.
Advanced DHCP options
For networks where devices need specific DHCP options beyond the basics, expand the Advanced DHCP Options section when creating or editing a network.
DHCP option 43 (vendor specific)
Useful for some IoT devices and VoIP equipment that need additional configuration delivered via DHCP.
DHCP option 66/67 (TFTP)
Used for network booting. Relevant once the server section is complete and PXE boot for homelab machines is configured.
DHCP lease time
The default DHCP lease time is appropriate for most VLANs. Consider shorter leases for the Visitor VLAN (where devices come and go frequently) and longer leases or static assignments for infrastructure VLANs where address stability matters.
Static DHCP assignments
For devices that should always receive the same IP address, create static DHCP assignments rather than configuring static addresses on the devices themselves. This centralises address management on the gateway.
Navigate to Settings > Networks > DHCP, or find the device in UniFi Devices and assign a fixed IP from the device detail view.
Key static assignments to create early:
| Device | Network | Address |
|---|---|---|
| Homelab server (February) | Core | 10.1.0.10 |
| NAS | Core | 10.1.0.20 |
| Internal DNS resolver | Core | 10.1.0.1 (gateway itself) |
Add further static assignments as devices are added to the network.
Network propagation to switches and access points
Once networks are created on Prevernal, they need to be propagated to any downstream UniFi switches and access points.
Switches
Navigate to UniFi Devices, select the switch, and go to Port Configuration. For each port, assign the native VLAN (the untagged VLAN for the device connected to that port) and the tagged VLANs (trunk VLANs passed through to another switch or access point).
For a trunk port connecting Prevernal to a downstream switch, tag all VLANs that devices behind that switch need access to.
Access points
Navigate to WiFi in the Network application. Each WiFi network maps to a VLAN. When a device connects to a specific SSID, it is placed on the corresponding VLAN.
The access point must be on a port that carries (tags) all VLANs mapped to WiFi networks. UniFi handles this automatically when access points are adopted and WiFi networks are configured.
Vernal and Estival network configuration
The same process applies to the secondary site gateways, substituting the correct address ranges:
Vernal (Site 2, 10.2.x.x):
| Name | VLAN | Gateway |
|---|---|---|
| Core | 27 | 10.2.0.1/24 |
| Vicetone | 28 | 10.2.10.1/24 |
| Gryffin | 29 | 10.2.20.1/24 |
| Monody | 30 | 10.2.30.1/24 |
| Halsey | 31 | 10.2.40.1/24 |
| Shovel | 32 | 10.2.50.1/24 |
| Regular | 33 | 10.2.60.1/24 |
| Sabai | 34 | 10.2.70.1/24 |
| Kastra | 35 | 10.2.80.1/24 |
| Walker | 36 | 10.2.90.1/24 |
| Tobu | 37 | 10.2.100.1/24 |
| Testnet | 38 | 10.2.200.1/24 |
| Divided | 39 | 192.168.3.1/24 |
Estival (Site 3, 10.3.x.x):
| Name | VLAN | Gateway |
|---|---|---|
| Core | 40 | 10.3.0.1/24 |
| Aurum | 41 | 10.3.10.1/24 |
| Arnyd | 42 | 10.3.20.1/24 |
| Skyline | 43 | 10.3.30.1/24 |
| Lazarus | 44 | 10.3.40.1/24 |
| Nikita | 45 | 10.3.50.1/24 |
| Etsu | 46 | 10.3.60.1/24 |
| Ecepta | 47 | 10.3.70.1/24 |
| Rtik | 48 | 10.3.80.1/24 |
| Guest | 49 | 10.3.90.1/24 |
| Divided | 50 | 10.3.100.1/24 |
| Testnet | 51 | 10.3.200.1/24 |
Verifying the configuration
After creating all networks, verify from the desktop:
# Confirm routing to all three sites (once inter-site VPN is configured)
ping -c3 10.1.0.1 # Prevernal Core
ping -c3 10.2.0.1 # Vernal Core
ping -c3 10.3.0.1 # Estival Core
# Confirm DHCP is working on the Core VLAN
ip address show # Desktop should have a 10.1.0.x address
# Confirm DNS is resolving
resolvectl query prevernal.yourdomain.net
Check the UniFi Client list (UniFi Devices > Clients) to verify devices are appearing on the correct VLANs. A device on the wrong VLAN is usually a port configuration issue on the switch.
IPv6
UniFi supports IPv6 on all networks. If your ISP provides IPv6 (which most UK ISPs now do), configure the WAN IPv6 connection first and then enable IPv6 on each VLAN.
Navigate to Settings > Internet and configure the WAN IPv6 connection type. Then for each network, expand the IPv6 section and enable it with the appropriate prefix delegation size.
IPv6 configuration is covered in depth in the firewall section, since the IPv6 firewall rules require careful attention to avoid accidentally exposing internal services to the internet.
Creating networks in UniFi is non-destructive: new networks do not affect existing ones. However, editing the Core network (formerly the default) to change its VLAN and gateway address will briefly disconnect any management session. Do this when you can afford a short interruption and have a plan for reconnecting on the new address.
Roll Your Own Network / Router. Next: Wireless Configuration.