Please excuse my crude diagram. I need to separate 3 groups of users, and also preferably still allow wireless devices from 192.168.2.0/24 group to connect to the wireless access points while still keeping all three groups separated.
Hardware is ubiqiti edgerouter x and two ubiqiti unifi APs.
I have fiddled about with it, trying to assign each ethX port own subnet like shown, and created DHCP servers for each address space, and turned off eth3 and eth4 from switch0. Internet went down for eth3 and eth4. I also tried VLAN configuration, in dashboard tab, for eth3 and eth4 I created eth3.33 and eth4.44 and tried to assign these vlan tags to the ssids on the APs but then the two APs also stopped working.
It works when there is no attempt to separate the networks, but it can’t be like that forever.
I just want it so that the each groups devices, like network connected printers, chromecast etc are not available to any other groups. For both security and privacy reasons. It’s a building with an office on one floor and 2 apartments on the upper floors.
I’m totally green on this, I have something like this configured on a dd-wrt router but that was really easy using the gui, with different subnets not vlans… I’m not sure what to do here with ubiqiti
You will want your Ubiquiti AP on the Lan and then use VLANS to separate groups for them there.
I have not worked much with the edgerouter stuff but I say get away from different subnets for each port and go all VLANS.
I have the VLANs programmed into pfSense, and then I used the ubiquiti controller software to forward those VLANs over wifi with different SSID’s.
That way when I hook up an IOT device, I connect it to my SSID-IOT network. After that I usually statically assign it in pfSense to make sure it stays put.
