VLANs on Unifi AP



  • Hey, I can't somehow get the following config to work:

    Pfsense 2.4.3 on a PcEngines APU. re0 is the WAN, re2 is the LAN, connected to a dumb switch. Now I'd like to use re1 as a trunk port and have 3 VLANs set up on it: 11, 20 and 30. They should be linked to SSIDs on my Unifi AP. Now the problem is that when I plug in my AP into the re1 interface (which has all the VLANs and DHCP servers set up), the AP goes into isolated mode.
    When I plug it in into the dumb switch, it works and gets an IP and I can manage it. It gets an IP in the 192.168.10.1/24 network, which is LAN.

    Now, I have read that the management needs an untagged VLAN to work. How would I do that? Assign the parent interface re1?

    Thanks for any help!


  • Rebel Alliance Global Moderator

    Where is your controller?  Your physical interface re1 would be your untagged network.  But you would have to do L3 Adoption since how is your controller going to reside on this same L2 network that is now your re1 network?

    This is why if your going to play with vlans, you should have an actual vlan switch… Now you can put anything you want on any vlan be it tagged or untagged connected to that switch..



  • My controller is on my laptop. The laptop is connected to the LAN (actually via Wifi on the old wireless AP, but it is in the 192.168.10.1/24 network).

    I do have a VLAN-capable switch. But it somehow seems silly to me to use when I only want to use VLANs for the AP and I do have a third interface in the router.


  • Rebel Alliance Global Moderator

    Its not silly when you need to put a port on a vlan ;)

    They are suppose to be adding vlan managment - I am running latest controller 5.9.4 but have not had time to play with it yet.  Nor am I sure it easy to make work unless your using unifi switches, etc.  But its on my list to play with.

    So you have a vlan switch - where just sitting on your shelf.. That seems pretty silly when you clearly have need to use it

    Plug your managed switch into your re1, setup untagged network this is the network your AP and Controller will be on.  Use your other vlans for your wifi.  The beauty of the vlan capable switch is now you can put any device on any vlan you want connected to that switch.  Can easy add more AP, etc. etc..

    But sure you can run untagged on re1 and your vlans - and then with your controller you have to do L3 adoption to be able to mange and see your AP.



  • did you assign only the vlans as interfaces in pfsense or did you assign the re1 itself too?
    the unifi-ap uses the settings of the re1-interface for management. means you need to assign an interface to re1 and set up the dhcp for that too. after that you should be able to do a layer3 adoption



  • @Birke:

    did you assign only the vlans as interfaces in pfsense or did you assign the re1 itself too?
    the unifi-ap uses the settings of the re1-interface for management. means you need to assign an interface to re1 and set up the dhcp for that too. after that you should be able to do a layer3 adoption

    This is not necessary in the newest controller. You don't need a native vlan. You can assign management vlan in settings for AP without having to assign a native vlan to it. It takes some planning and basic vlan knowledge to configure.