October 1, 2025

Guide: Setting Up VLAN with DHCP on a /24 Subnet (Zyxel Flex 100 Router, Ubiquiti UniFi Switches, and Access Points)

admin07 mins

Overview

In this updated guide, we will cover the process of setting up a VLAN with DHCP enabled on a /24 subnet. We will assign this configuration to a VLAN using a Zyxel Flex 100 Router, propagate it through Ubiquiti UniFi Switches, and assign the VLAN to a specific SSID using UniFi Access Points.

1. Setting Up the VLAN and DHCP on the Zyxel Flex 100 Router

  1. Log in to the Zyxel Flex 100 Router
    • Open your web browser and navigate to the router’s IP address (e.g., 192.168.1.1).
    • Enter your login credentials.
  2. Create a New VLAN
    • Navigate to Configuration > Network > VLAN.
    • Click Add to create a new VLAN.
    • Enter a VLAN ID (e.g., 10 for Guest VLAN).
    • Assign a name (e.g., “Guest VLAN”).
  3. Set Up IP Addressing (Including /24 Subnet)
    • Assign an IP address to the VLAN interface, for example: 192.168.10.1/24.
      • The /24 subnet gives a range of IP addresses from 192.168.10.1 to 192.168.10.254, with 192.168.10.1 being the default gateway for devices on this VLAN.
    • Make sure the subnet mask is set to 255.255.255.0.
  4. Enable DHCP for the VLAN
    • Still in the VLAN Configuration, locate the DHCP Setup section.
    • Enable DHCP for the VLAN:
      • DHCP Range: Set a range for your DHCP addresses within the VLAN’s subnet, e.g., from 192.168.10.100 to 192.168.10.200.
      • Lease Time: Set the lease time for how long devices can retain their IP address (e.g., 24 hours).
    • Configure DNS Settings (e.g., pointing to your router IP 192.168.10.1 as the DNS server or use external DNS like 8.8.8.8).
  5. Save the Configuration
    • Click Save to apply the VLAN and DHCP settings.

2. Configuring the VLAN on Ubiquiti UniFi Switches

  1. Log in to UniFi Controller
    • Navigate to your UniFi Controller and log in.
    • Go to Settings > Networks.
  2. Create a New VLAN Network
    • Click Create New Network.
    • Name the network (e.g., “Guest VLAN”).
    • Set the Network Type to VLAN Only.
    • Enter the same VLAN ID you created on the Zyxel router (e.g., VLAN ID 10).
  3. Apply VLAN to Switch Ports
    • Go to Devices and select your UniFi Switch.
    • Click on the port that connects to the Zyxel Flex 100 router (uplink port).
    • Set the Port Profile to All (to carry all VLANs including the one you created) or choose the specific VLAN ID (e.g., “Guest VLAN”) for access ports.
    • Click Apply.

3. Assigning the VLAN to an SSID on UniFi Access Points

  1. Log in to UniFi Controller
    • In the UniFi Controller dashboard, go to Settings > WiFi.
  2. Create a New SSID
    • Click Create New WiFi Network.
    • Name the SSID (e.g., “Guest WiFi”).
    • Choose WPA2 as the security type and set a password.
  3. Assign VLAN to the SSID
    • Scroll down to the Advanced Options section of the SSID configuration.
    • Toggle Use VLAN and enter the VLAN ID (e.g., VLAN ID 10).
    • This will ensure that any device connecting to this SSID will be assigned to the VLAN 10 network.
  4. Apply and Save Configuration
    • Click Save to apply the changes.

4. Testing the VLAN with DHCP Setup

  1. Verify on Zyxel Router
    • In the Zyxel Flex 100 interface, go to Configuration > Monitor > DHCP Table.
    • Check if devices connected to the VLAN via SSID are getting IP addresses in the range you set (e.g., 192.168.10.100 to 192.168.10.200).
  2. Verify on UniFi Controller
    • In the UniFi Controller, go to Devices > UniFi Switches and Access Points.
    • Check that the ports connected to the VLAN and SSID show the correct VLAN assignments.
  3. Test Devices
    • Connect a device to the “Guest WiFi” SSID.
    • Check that the device receives an IP address in the 192.168.10.x range and can access the internet or network resources as per your network policies.

5. Optional: Set Firewall Rules for VLAN Segmentation

  1. Create Firewall Rules on Zyxel Router
    • To isolate VLAN traffic or set custom security rules, go to Configuration > Security Policy.
    • Add rules such as:
      • Block traffic between the Guest VLAN (VLAN 10) and your main network (VLAN 1).
      • Allow only internet traffic for devices on VLAN 10.
    • Save and apply the rules.

Conclusion

With this setup, you have successfully created a VLAN with DHCP enabled on a /24 subnet. The VLAN is configured on the Zyxel Flex 100 router, extended across UniFi switches, and assigned to a specific SSID for Wi-Fi clients via UniFi Access Points. The setup ensures that devices connected to the “Guest WiFi” SSID will be routed to the correct VLAN and receive IP addresses within the configured range.