Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unifi AP LITEs in mesh, VLANs, and pfSense - can't seem to "unify"

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 3 Posters 888 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      ChrisEOlive
      last edited by

      Almost a direct cross post from posting in the Unifi community forums. Hoping someone here can solve this for me. pfSense is a definite on my network. I do NOT want to have to buy into a whole ecosystem to get an AP to work. I'm impressed with Unifi in terms of what looks like a unified ecosystem, but not impressed that seems to be the only way to do it.

      Here's my story/what I want. Not sure what I'm missing. Hoping someone here can help.

      --
      I did a lot of reading before stepping into this and buying 3 Unifi AP LITEs to run in a mesh configuration and have wireless VLANs. The articles I read seemed pretty straight forward, but there is a big disconnect somewhere after actual purchase of these LITEs, and I just can't find it. I suspect I need additional Unifi equipment (a switch) to make this work.

      Here goes:

      What I have: a pfSense firewall with four interfaces [WAN] [LAN] [OPT1] [OPT2]

      LAN: This port is plugged into the uplink port of a 24-port gigabit Netgear switch. Hard wired servers in the basement leverage this network as well as a vast network of VMs on VMware and ProxMox using either static IPs or DHCP. GW: 192.168.0.1/24

      OPT1: This port is plugged into the uplink port of a Netgear Orbi Router set to run as an AP. GW: 192.168.1.1/24, static IP 192.168.1.2 on the Orbi Router/AP (in AP mode). The Orbi AP is meshed to four other APs throughout the house. THE GOAL IS TO COMPLETELY REPLACE THE ORBI MESH AND GET WIRELESS CLIENTS ONTO WIRELESS VLANs using these Unifi LITE APs, separating IoT from other devices as well as running a Guest wireless on it's own VLAN. All controlled by rules on the pfSense firewall. All VLANs on the pfSense firewall end up being interfaces just like LAN, OPT1 and OPT2. Concept (eg. What I want/thought I could do): First Unifi LITE AP replaces the 192.168.1.2 existing Orbi Router and the other 2 LITE APs mesh to the first LITE AP at 192.168.1.2. (The existing meshed Orbis just pull DHCP addresses in the 192.168.1.x/24 network. Fine. Don't care.)

      OPT2: This port is plugged into the uplink of a totally different AP in an apartment for a tenant. No access to LAN or OPT1 is allowed except port 53 for DHCP leases as pfSense handles DHCP.

      Again, what I WANT is for these Unifi AP LITEs to essentially replace the Orbi mesh. Seemed like the Unifi APs would mesh together, but it "seems" all configurations are controlled by the Unifi Network Controller which just runs on a client somewhere. I installed the Unifi Network Controller on an LXC container on ProxMox (192.168.0.12).

      I'm using POE injectors that came with the LITE kits (nice), and for now, just plugged my first into the back on the Orbi AP upstairs (which has four ports on the back of it) and the LITE comes up with a DHCP address (as expected): 192.168.1.194.

      From here, there's a huge disconnect. Unifi Network Controller doesn't see this LITE AP. I can see it on my iOS app as standalone. But as standalone, it appears I have no configuration options to mesh or run VLANs. It's just an AP. Period.

      I see articles creating VLANs in pfSense and marrying those to configurations in Unifi Network Controller, but I see no articles that start from getting the initial AP into the Controller to begin with. I'm wondering that neither the UniFi AP Lite nor Network Controller can sense or span across the 192.168.0.1 (LAN) and 192.168.1.1 (OPT1) networks.

      What am I missing?

      C noplanN 2 Replies Last reply Reply Quote 0
      • C
        ChrisEOlive @ChrisEOlive
        last edited by

        @chriseolive Slight correction -- immaterial other than correcting something incorrect. On the APT interface I said port 53 was open for DHCP leases. 67 for DHCP and 53 for DNS. The APT interface is immaterial to the problem presented however.

        1 Reply Last reply Reply Quote 0
        • noplanN
          noplan @ChrisEOlive
          last edited by

          @chriseolive

          To get it easy quick n dirty fixed
          Controller and APs in same network
          Than firewall on pfS to Wan \ LAN

          Done

          Other thing is L3 adopt controller to AP

          Should working this way

          1 Reply Last reply Reply Quote 0
          • A
            akuma1x
            last edited by

            I do this on my work network: pfsense SG-8860, a combination of Netgear and Cisco managed switches, and finally 6 UniFi AP's and 1 onsite UniFi controller.

            The network is setup with 2 networks - LAN and GUEST. The AP's are setup to run 1 VLAN, the GUEST VLAN. The LAN network is also on these access points, but not VLAN'ed. Both of these networks run on the same physical port on pfsense. It took some reading and research, but I got it all working just fine. Firewall rules keep both of these networks from talking to each other.

            If you want to do something similar, and from reading your post it looks like you are pretty close, you're gonna need a smart/managed switch. Some 5 to 8 port switch models run about $40 to $45 USD, check out Amazon. The OPT network that runs over to the tenant's apartment is fine on it's own pfsense port, run it directly into there and give it the proper settings. It doesn't need to go thru any of your switches. The other stuff that's "in your own place" should run thru the smart/managed switch, then into a single pfsense port, with VLAN's.

            Jeff

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.