I am going to replace my trusty Rb951G-2Hnd with a RB3011UIAS-RM (waiting for it to arrive) as my 951 can't cope with the full bandwidth of my internet-connection (400/400 Mbit). In the process I plan to add a Ubiquiti UniFi UAP-AC-LITE to the setup, both for use as a private- and guest- access point (where I want to prevent the guests having any access to my internal/private network). I'm a fairly new to vlan's but guess that will be the way to go?

Physically I plan to use ether1 as my WAN-port (connected directly to the ethernet port on the ISP-supported fiber-router), ether2 as my LAN-port (connected to an unmangaged switch), and ether3 directly connected to my Ubiquiti AP (lets for argument sake say I want to use ether3, but in reality I might want to use ether10 with PoE in stead). As I want to allow my local network and the local "part" of Ubiquiti to communicate I guess both of these will use the same vlan (ID1). However as I don't want to let the guest network to have access to my local network (cabled and wifi) it should use vlan ID2.

Correct me if I am wrong. In this setup ether2 (LAN) should be untagged (vlan ID1) as my switch is unmanaged (all my cabled equipment is connected to this switch). The interface ether3 (Ubiquiti) is going to handle both private and guest-traffic so it should be setup tagged for both vlan ID1 and ID2 (naturally ID1 on both ether2 and ether3 needs to be able to communicate with each other).

Again correct me if I am wrong, this is how to set it up?
Would like to know if the above is correct, and/or if there is anything else I need to do?

Pelle

Your basic setup should be fine. You will need to setup some routing and IP filtering so that vlanGuest devices will have internet access but not access to vlanLocal.

Your basic setup should be fine. You will need to setup some routing and IP filtering so that vlanGuest devices will have internet access but not access to vlanLocal.

I also feel he need to set up some IP filtering. The setup he mentioned is mostly fine. By the way, if you find difficulty in setting up your device than contact any nearest IT Solutions Company.