@johnpoz thank you again for the OpenWRT recommendation. It is amazing, I have it running on an Archer C7. Never going back to the stock firmware it is amazing. I am perplexed at how they got that to run on such a small set of code. Just wow!! (I still love my pfSense never leaving it) but I got to tell you OpenWRT can hold its own with the 7000+ packages even my favorite Squid is on it.

@elspoon Yes!
I now have my RT-AC86U running in AP mode, and just have an Ethernet cable running right into its WAN port.
In pfsense DHCP settings (https://192.168.50.1/status_dhcp_leases.php) it shows up as 192.168.50.4 (I have it statically mapped) and so going to http://192.168.50.4 gets me to the web interface for the Asus.
Hope this answers your questions!

First, configure mvneta1 interface with an IP address in a MGMT network that you choose (not vlan). And use this same network in the switch and AP for management purposes.

Checking your screenshots, everything seems to be correct at the pfSense side.
Check your netgear, make sure the MGMT network is correct (untagged) and in the same network as mvneta1 in pfsense, check if this same port is configured to receive vlan20 and vlan30 tagged, and the downlink has the same configuration.

The port connecting pfSense to Netgear switch should be like this:
VLAN 1 Untagged (MGMT of the switch)
VLAN 20 Tagged
VLAN 30 Tagged

Netgear Switch to AP:
VLAN 1 Untagged (MGMT of the AP)
VLAN 20 Tagged
VLAN 30 tagged

Then, assign the wifi networks to use VLAN 20 and VLAN 30 respectively.

@Jarhead
Thank you man!
I wasted a lot of time without trying the most banal thing.

Thank you again!

I know what your thinking, Big deal, I got logs in pfSense,

But here the issue is, most often you will be running your AP in bridge mode and having pfSense hand out the DHCP addresses, and if your in bridge mode not much info on whats connecting to the NAS internally behind the firewall is ever seen on the firewall logs. This gives you a level of visibility not normally seen within pfSense unless it is configured. Again if you can do it with one AP you can do it with an alias for many APs on a bigger network. This gives you more information into possibile mac spoofing and unauthorized access. If you use remote access and Dynamic DNS for your network, you can see the firewall logs and the AP logs as well.

Exactly. To do it with one card you would need to find a card that had two complete sets of hardware on it. I'm not sure such a card exists but if it does it's probably far far more expensive. Hence my '100x' guess. Regular single radio cards can be had for <$5.

@iversa None of the Netgate devices have Wireless built in and there is a wireless function in pfSense but it is not well supported by FreeBSD and you should look at any other dedicated Wireless AP option instead.

As a company we do not have a specific recommendation of any particular product.

@zipping8761 haha - I warned you, but it a good learning experience ;)

Problem fixed by forcing the gateway on the AP to PfSense's LAN IP. I had it set up through /etc/network/interfaces but turns out I had to set it up via

route add default gw 192.168.1.1 wlan0

@firerobin said in pfSense VM latency and WAP performance issues:

@bmeeks Thanks again for the info. I'll ask around in neighborhood forums to see if anyone else is having issues with their xfinity connection. Hopefully I can find someone as knowledgeable as the folks in this forum, but then they'd probably already be on top of the issue 😬

Would this problem be as noticeable if they have a higher bandwidth service plan?

If you have issues with the node you are served from, a higher speed tier is not likely to help. An overloaded or malfunctioning node would be expected to affect all speed tiers. The one exception might be if they moved you to another node for a higher tier, but that is extremely unlikely as the node serving you is usually fixed due to the realities of coax cable routing on the poles.

To test and make sure a saturated uplink is not your issue, play your game at a time when you are 100% certain nobody else is using your Internet connection but you and your gaming machine. No streaming or anything else going on. If you have problems then, it is likely to be an upstream ISP problem. If you have no issues, then somebody really loading up on downloads can hurt your gaming and ping times as all the ACKs from the busy downloads can eat up the upload bandwidth.

@jafr said in DHCP failing when moving between AP's:

HP 2530

Quick look shows that that switch can do dhcp snooping since I see in the manual dhcp snooping events for snmp.. So you need to look at the configuration of that switch or the port your AP is connected to.

If pfsense does not see the discover for dhcp then no it would never offer an IP..