Adding a VLAN to an existing Unifi network

The switches have arrived! We can now replace our old switches and configure a new VLAN to support a new network. See here and here to read our previous issues with the network.

I chose the Ubiquiti Unifi range of switches as they’re inexpensive, easy to configure and have a central controller that covers all of the Unifi line of devices.

Step 1 – replace existing switches

We swapped out the existing switches first. However – because we are in a live working environment we did this out of hours. It meant completely removing the old switches and putting the new ones in their place.

Don’t forget the impact of what you do on your users!

Step 2 – Configure switches

As we’re adding a new MPLS line, we need to think about VLANs and how they’re set up. All Unifi switches by default will use the ‘All’ switch port configuration – this is assigned to VLAN 1. That’s fine for our existing network, but we need to add another for the MPLS or we risk network collisions.

Adding a new network

We need to fire up the Unifi controller and configure the network in there:

Go to your controller and log in. If it’s the latest version of the controller software, you’ll be presented with this:

Unifi settings page

Navigate to the correct site (top right), and go into the settings (bottom left)
Networks settings option - ready for setting up a VLAN

Select ‘Networks’
Create a new network (VLAN)
Select ‘Create New Network’
VLAN / network creation
Enter your relevant settings – for me this was:
Name: MC
Purpose: VLAN Only
VLAN: 1003

To configure the new VLAN, click on save and after a few moments it’s done.

There is also the option for DHCP guarding if needed. Setting DHCP guarding ensures that DHCP requests from clients will only be communicated to specific IP addresses on the VLAN. It’s a useful security feature if required.

Configure the ports

Next job was to configure the ports. We needed ports for the following:

  • MPLS Router
  • 1 server (a VMWare ESXi host machine)
  • 1 test machine
  • 5 new access points

To do this, select ‘Devices’ on the left, and select the switch that needs ports configuring

Then you can click on the relevant switch ports on the right, and configure as required

Testing

Once all the ports were configured, it was time to test. We plugged the router in to the designated port and tested a DHCP renew – just in case we’d done something wrong.

We plugged our test machine into its port to test, issued ‘ipconfig /renew’ to renew it’s IP address. Everything we had done worked and it had an IP on the MPLS range – bonus!

Now I need to configure the ESXi server and then we can start migrating people on to the new circuit!