PfSense untagged VLAN for Unifi UAP management
I have some questions surrounding UAP AC Lite integration with my pfSense firewall.
According to the below link, the "UniFi APs are only managed via an untagged VLAN."
I have assigned two interfaces on my pfSense box to two VLANs on igb2 (the parent interface). These virtual interfaces correspond to two SSIDs on my UAP. To manage the UAP I have assigned a 'MGMT' interface on my pfSense box to the igb2 port itself (no VLAN).
Is this the only approach that will work? Is it smart/secure to have this MGMT interface assigned to the igb2 port, while the VLANs are treating it as the parent ID? How else would one create an 'untagged VLAN' on a pfSense box?
It's fine. That's how you do it.
With a managed switch you could tag all the VLANs between the switch and pfSense and tell the switch to send the management VLAN to the APs untagged along with the tagged SSID VLANs.
How you have it will work fine.
igb0 = untagged
VLAN X on igb0 (igb0_vlanX) = tagged VLAN X on igb0
Thanks Derelict. I appreciate the suggestion.
Derelict, would the switch need to be a layer 3 to unravel the management VLAN?
No. Just managed layer 2. Any "web smart" switch should do fine. As long as it properly supports 802.1q.