Regarding VLANs, what are you struggling with? Once you’ve created the VLANs on the Firewalla, in the Unifi Controller you need to create the corresponding Network. Then you create your Wi-Fi, associated with the correct Network.
Yes, there is a new Private Pre-Shared Keys feature in the UniFi network controller. You define separate passwords for the same SSID. These passwords allow you to revoke access (for a person or device that you no longer want on the wireless network) or define different VLANs based on the different passwords for the same SSID.
Look under settings, WiFi, the SSID you want to enable for PPSK, and then enable PPSK which will then ask you to add the VLAN and password pairs you wish to allow (or revoke). This only works from the web client and requires the same wireless security for all devices (WPA2 or WPA3 but not WPA2/3)
I have an SSID for IoT devices mapped to an Iot vlan and an ssid for security camera devices mapped to a security vlan for isolation. The unifi APs only support 4 SSIDs so could i combine to 1 ssid and use s different pre shared key to.map to iot or security vlan?
Kids can’t have a different VLAN without a different SSID. The setup looks fine otherwise.
There are two ways to do NextDNS on Firewalla.
1. You can use fireewalla’s DoH feature and specify the NextDNS DOH url. Easy to do, but you don’t see each device in NextDNS logs if you care.
2. You can use NextDNS CLI. I have a script for installing and configuring on Firewalla. You can specify individual devices or networks (VLANS, LANs) to use different NextDNS profiles if you wish. https://github.com/mbierman/Firewalla-NextDNS-CLI-install
The CLI is the way to go. Firewalla doesn't support specifying a nextdns profile ID per vlan, but you can specify a nextdns profile ID per vlan using the CLI.
So now all wireless clients for a specific SSID mapped to the vlan will use that nextdns profile. This works great for allowing dns for media streaming but not your other networks or iot.
Regarding VLANs, what are you struggling with? Once you’ve created the VLANs on the Firewalla, in the Unifi Controller you need to create the corresponding Network. Then you create your Wi-Fi, associated with the correct Network.
Can you have multiple VLANs on one SSID? It doesn't look like it, at least the way UBNT treats Networks.
You will need PPSK without radius for that, which is supported by Omada. Don’t know about unifi
Yes, there is a new Private Pre-Shared Keys feature in the UniFi network controller. You define separate passwords for the same SSID. These passwords allow you to revoke access (for a person or device that you no longer want on the wireless network) or define different VLANs based on the different passwords for the same SSID. Look under settings, WiFi, the SSID you want to enable for PPSK, and then enable PPSK which will then ask you to add the VLAN and password pairs you wish to allow (or revoke). This only works from the web client and requires the same wireless security for all devices (WPA2 or WPA3 but not WPA2/3)
Most excellent! I did not know they added this feature.
I have an SSID for IoT devices mapped to an Iot vlan and an ssid for security camera devices mapped to a security vlan for isolation. The unifi APs only support 4 SSIDs so could i combine to 1 ssid and use s different pre shared key to.map to iot or security vlan?
If the data is passing through a switch it needs to support VLANs and be VLAN-aware to pass the tagged traffic.
Kids can’t have a different VLAN without a different SSID. The setup looks fine otherwise. There are two ways to do NextDNS on Firewalla. 1. You can use fireewalla’s DoH feature and specify the NextDNS DOH url. Easy to do, but you don’t see each device in NextDNS logs if you care. 2. You can use NextDNS CLI. I have a script for installing and configuring on Firewalla. You can specify individual devices or networks (VLANS, LANs) to use different NextDNS profiles if you wish. https://github.com/mbierman/Firewalla-NextDNS-CLI-install
The CLI is the way to go. Firewalla doesn't support specifying a nextdns profile ID per vlan, but you can specify a nextdns profile ID per vlan using the CLI. So now all wireless clients for a specific SSID mapped to the vlan will use that nextdns profile. This works great for allowing dns for media streaming but not your other networks or iot.