Networking with VLANs

If your home has more than a handful of devices, treating the network as “one flat subnet” quickly leads to problems. Bandwidth-hungry media boxes compete with your video calls, IoT devices talk to the internet with no isolation, and suddenly your smart fridge can see your work laptop. VLANs (Virtual LANs) are the simplest way to regain control and UniFi gear makes them accessible without having to be a CCNP.

On my UniFi setup, I use VLANs to separate four logical domains:

• Work devices (laptops, phones) → prioritized for low latency.
• Streaming & gaming (Apple TV, consoles) → stable bandwidth, but not allowed to flood my work VLAN.
• IoT devices (cameras, plugs, sensors) → completely isolated, internet-only, no east-west traffic.
• Guest Wi-Fi → time-limited, internet-only.

Setting this up in the UniFi Controller is straightforward:

# Example: Create VLAN-only network
Settings → Networks → Create New Network
Type: VLAN-only
VLAN ID: 30 (IoT)
Name: "IoT Network"

Then on the switch port or SSID, tag traffic with VLAN 30. I keep my IoT VLAN denied from the LAN in the firewall rules, but allow it out to WAN:

# Example UniFi firewall rule
Action: Drop
From: IoT (VLAN 30)
To: LAN (Any)

The performance gains are real: Apple TV streaming no longer spikes latency on Zoom calls, because traffic is prioritized per VLAN. Security also improves, because IoT gadgets are isolated from my laptops entirely — they can talk to the internet, but not laterally.

Trade-offs: VLANs introduce complexity. DNS can get tricky if you want devices across VLANs to resolve each other. Some consumer ISPs still don’t support VLAN-tagged WAN connections. And you’ll need to plan your IP addressing upfront (for example, 192.168.10.x for Work, 192.168.20.x for IoT) to avoid collisions.

Still, for a home or small-office network, VLANs are the most cost-effective way to make things feel enterprise-grade. With UniFi, the UI abstracts most of the pain — you get near-professional segmentation without managing a CLI router.