@godhead83

Start simple. Get the main LAN going first, including DHCP. Once that is done, you can do the same with the VLANs, including a DHCP server for each one. By doing things one step at a time, it's easier to resolve problems. Also, you should get handy with Wireshark, to see what's actually happening on the wire. You can also enable a column in it to display VLAN ID.

So if eventhing is 1 flat network then no pfsense has zero to do with any stun problem with AP talking to your controller.

As to vlan.. Simple enough to do yes.. Create another SSID, lets say its ssid-guest, put a vlan ID on it - lets call it 100.

Then on the switch port connected to your AP set vlan 100 as tagged. On switch port connected to pfsense also tagg vlan id 100.

On pfsense create a vlan, lets make the network 192.168.100.0/24 pfsense IP 192.168.100.1 and put this vlan on the physical port your lan is on. There you go other than creating the rules you want on this new vlan your done.