Can VLANs on a Cisco AP work with PFSense?

johnpoz

vlans are vlans are vlans.. Anything that supports vlans should work with any other device that supports vlans..

Its a standard.. unless you were doing something with cisco proprietary vlan stuff - say VTP then there should be any problems. Or their ISL..

bingo600

I'm running 6 SSID's of several Cisco AP's (Non CAPWAP)

/Bingo

stephenw10

Yes, this should absolutely be possible.

And in fact you will probably get much better results if you route everything over the VPN from one SSID and nothing on the other. All or nothing will break far fewer things.

Steve

Dave R2

@stephenw10 I'll give it a whirl then. Thanks everyone!

NogBadTheBad

@dave-r2

I'd be tempted to test it on an unused pfSense interface if you have one, then move the ap to the HP switch once its working, if you have a spare one and a poe injector.

JKnott

@dave-r2

Think of VLANs as physically separate interfaces and ask your question again. If the answer is yes, then it will still be yes with VLANs. All you have to do is match VLAN IDs. Incidentally, here I have pfsense connected to a Cisco switch, connected to a Unifi AP and have a guest WiFi connected via VLAN. I just made sure that they all were configured for the same VLAN ID.

BTW, if you have 2 SSIDs, you'd normally have 1 VLAN and the main LAN, unless you have specific reasons for not putting your main WiFi on the main LAN.

Dave R2

@nogbadthebad said in Can VLANs on a Cisco AP work with PFSense?:

I'd be tempted to test it on an unused pfSense interface if you have one

@nogbadthebad That's a great idea. If I run into snags which the HP switch I'll keep this in mind.

Dave R2

@jknott

@jknott said in Can VLANs on a Cisco AP work with PFSense?:

BTW, if you have 2 SSIDs, you'd normally have 1 VLAN and the main LAN,

Hmm now that makes sense. The HP switch has a "Default" VLAN which, I guess, is everything that isn't on a specific VLAN. If I create a second VLAN for the bypass SSID, I essentially have two VLANs but really it's only one since all LAN traffic is on the "Default"

Now that I'm thinking this through a little more, how does PFsense see traffic from the "bypass" VLAN? Can I use a VIP on the LAN interface, or do I need to have a PHY?

JKnott

@dave-r2

If you're using VLANs, you create one on a physical interface. For example, I created VLAN3 on my LAN interface for my guest WiFi. I then configured my switch to pass VLAN3 on the ports connected to pfsense and my AP and then configured VLAN3 and 2nd SSID on my AP.

Dave R2

@jknott

@jknott said in Can VLANs on a Cisco AP work with PFSense?:

If you're using VLANs, you create one on a physical interface.

Ok I see. When I created VLAN 200 in pfsense, it ended up assigned to my LAN interface as em1.200. I was experimenting a couple weekends ago and didn't catch it was a virtual nic. It's making more sense now, thanks.