PFSense + 2 Ubiquiti APs + VLANS + the OPT ports

mrogghe

I fear I'm getting a bit brain fuzzled thinking this through (experiments to date not working) so I've come here to see what you folks recommend.  I'll give you my goal and not what I've tried to avoid confusion (hopefully).

Current state:
PFSense box with 4 ports
1 WAN
1 LAN in from managed switch (trunk)
2 unused

Managed switch
Trunk port configured and all the necessary tag/untag settings applied per port

2 Ubiquiti APs
Plugged into managed switch
VLAN configured per SSID with appropriate settings on switch

Everything works perfectly with all sorts of testing to make sure my firewall rules are in effect and that VLANs can't see other VLANs without specific rules.  Good…

Here's my thunking:
I've got those 2 extra ports on the PFsense so... why not use them for the APs!?  This would, in my thinking, reduce the load going over that one trunk wire from the managed switch up to the PFSense.  Most devices are only going out to the internets anyway so they'll all be one step closer to where they are going and with less congestion.

Am I overthinking this or is the goal a good one that can be accomplished simply?

A caveat:  the Ubiquiti guys really want to have a DHCP server they connect to in order to get an IP and start themselves up.  Meaning the ports they are connected to should (ideally) have the same DHCP server.  Bridge?  Once they are up and running they should observe the 802.1Q standard... I think/hope... for all the clients connected to them.  All traffic coming through the APs is on SSIDs configured with VLANs.

Any thoughts, even of the "yeah just don't do that" variety are welcome :)