Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    3100 & Unifi AP VLAN

    Scheduled Pinned Locked Moved Official Netgate® Hardware
    6 Posts 4 Posters 869 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      lightning-snail
      last edited by lightning-snail

      Is it possible with the current setup of

      WAN -> 3100 -> Unifi AP

      to offer up different guest WIFI or perhaps better different SSIDs tagged with different VLANS
      How can I deal with these to not allow specific routing inside PFSENSE

      Given that the AP will only be plugged into one port on the 3100. Cant seem to find out if I can offer essentially two or more networks that will not be able to talk to one another but still use the same AP and WAN. Trying to replace the functionality of my ASUS router which allowed a guest network.

      Thanks

      1 Reply Last reply Reply Quote 0
      • R
        RobH 0
        last edited by

        I don't fully understand your question, but I'll give it a shot.

        You send all VLANs to the Unifi AP, then in the Unifi controller you assign certain SSIDs to certain VLANs. On the pfSense firewall, you configure your VLANs, and those VLANs cannot communicate with each other unless you create firewall rules allowing it.

        L 1 Reply Last reply Reply Quote 0
        • L
          lightning-snail @RobH 0
          last edited by

          @robh-0

          yup thats what i am wanting!

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Yes, that. It's definitely possible.

            If you use the OPT port to connect the AP you can just set VLANs on it directly. If you're using the LAN ports to connect it, and don't want the VLANs available on all of them, then you need to reconfigure the switch in the 3100.

            Steve

            L 1 Reply Last reply Reply Quote 0
            • L
              lightning-snail @stephenw10
              last edited by

              @stephenw10 yup got it, needed to create a VLAN, and then a new interface and link the two. Still not sure if the traffic is being tagged will check later

              R 1 Reply Last reply Reply Quote 0
              • R
                rcoleman-netgate Netgate @lightning-snail
                last edited by

                @lightning-snail Creating the interface involves choosing the VLAN.

                Off the pf OPT port it would be untagged if you don't make the VLAN first and choose the VLAN in the association. Check the process you follow.

                Ryan
                Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
                Requesting firmware for your Netgate device? https://go.netgate.com
                Switching: Mikrotik, Netgear, Extreme
                Wireless: Aruba, Ubiquiti

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.