Edgerouter 4 VLAN for Unifi switch and WiFi

Hello everyone,

So for context I have three Unifi Access Points, I have a Main network, a restricted network, an IOT network, and a guest network.

My main router at the moment is an Edge Router 4 and I just got a Unifi USW-16-POE that I am trying to setup VLANs per WiFi network. I was trying to setup for the restricted network because its for the children in the house so that they can’t be on bad sites (using openDNS family shield as a DNS level firewall) and so far its not working I have the network profile, Switch, and router profile setup with a DHCP server but so far it is not working maybe someone can guide me through this.

Also I am hoping to have the Restricted, IOT and Main network still be able to communicate with things like printers so maybe someone could also help guide me through firewall rules for that if everyone of the Vlans are on their own DHCP server ranging from 10.0.0.x - 10.0.50.x

Where were your wireless ap connected prior to the usw switch? Plugging that switch in should not break anything initially.

I would then configure one port on the switch and test with one access point. You will need to pass all vlans to the Wi-Fi ap. I believ you would call it a trunk port.

Once you get one port functioning the rest is step and repeat.

I dont have a Unifi switch so I cant tell you how to do it.

But make sure that the port connected to your ER4 is a trunk port. And then also check that the ports connected to your access points are trunk ports for your wifi vlans.

Also have you configured the DHCP server to use the openDNS servers and are you getting assigned thoes servers when you connect to the restricted access point?

Did you set up the other subnets and create a DHCP server for each one? Do your clients get an IP address when they connect to that SSID?

Yes generally if you have extra subnets you will need a dhcp server for each subnet. This server can be the router or something else but generally it is the router. Or you need a dhcp server that dishes out addresses depending on subnet that is requesting.