Unifi AP and VLANs

[Big Jim]

I don't have a great amount of experience using VLANs my own current shop config is all untagged.
If I wanted to add a single Unifi AP to handle WiFi for multiple VLANs I am assuming I need to do this with tagging.
the controller software can be installed on a VM on my server

As I understand Unifi don't allow you to use VLAN1 as a tagged VLAN, but am I right in thinking that you still need VLAN1 for management of the AP and therefore I will need an additional VLAN just for the management of the AP, which would mean an additional DHCP server to issue it with an IP so that it can be contacted.

My router is a draytek 2850 so It would be easy enough to setup another DHCP controlled VLAN on it.
My switch is a HP 1810

I have been playing around with my switch at home with an AP but haven't gotten it to work as of yet, although at home I only have my main router and a spare one, giving me 2 total DHCP servers and if my above assumptions are correct I am going to need another to get this working.


If the above is correct would the correct config for the port the Ap is connected to be as below
VLAN1 - untagged (for management)
VLAN2 - tagged
VLAN3 - tagged

I prefer to manage all of my equipment directly from the LAN I am using, will this no longer be possible ?

 

[Sky-Knight]

VLAN1 is the default VLAN and where all the untagged stuff lives yes.

As for the WAP, all you're doing is making an SSID on it that has a VLAN tag. That's ALL you have to do to tag a specific wireless network into a VLAN.

Now... your WAP is going to be on your switch... and that has to be configured to accept tagged and untagged packets from the WAP. And it has to be configured to push tagged and untagged packets to the router. Then the router needs configured to accept tagged and untagged traffic to do what it does.

Because you aren't using a stack, you get to do all of this manually on each and every device.

Each VLAN is a layer 2 division, you're going to slap an IP Subnet on top of it, that's a layer 3 division.

Your ROUTER will connect the layer 3 networks to each other because that's what routers do, and management or not will be based on the ACLs you configure there.

 

[Big Jim]

If I want to connect to the router and configure it I have to do it on VLAN1 right ?
Unifi have decided that VLAN1 is reserved for this purpose and don't allow you to set a tagged VLAN on VLAN1

So I can create 2 x SSID and add VLAN tags to them but neither of them can be on VLAN1, so am I right in assuming that I cannot manage the Unifi controller from the same VLAN as any of the tagged wireless traffic ? (if so that sucks)

switch seems to work if I mark the port as untagged for VLAN 1 and tagged for the other 2, although i can't fuilly test this as I don't have a VLAN capable router at home that would allow all 3 networks to access the internet.

beyond that I am unsure of how I should be configuring each port.

as of right now, lets say for arguments sake
port 1 on router and ports 1-12 on switch are VLAN1 untagged
and port 2 on router and ports 13-24 on switch are VLAN2 untagged
and AP will be plugged in to port 2 on switch