trouble with multiple VLANs on TP-Link sg108E easy smart switch; Ubiquiti UAP-AC-Pro and Pfsense

detox

I do not know if this is the right place for this question. So here is goes........
My Pfsense box is configured on LAN with: (these are not actual IP's)
primary network 192.168.1.1/24 for dept A staff in building
VLAN10 (192.168.2.1/24) for dept B staff in building
VLAN20 (192.138.3.1/24 for Dept A Guests
VLAN30 (192.168.4.1/24 for Dept B Guests
PfSense has all firewall rules set correctly for access to web

I have 8 port sg108E TP-Link switch configured:

port 1 = uplink to Pfsense (VLAN1) untagged
port 2 = VLAN1 untagged (native for primary net)
port 3 = VLAN1 untagged (native for primary net)
port 4 = VLAN1 untagged (native for primary net)

VLAN10
port 1 = uplink to Pfsense (VLAN1) tagged
port 5 = VLAN10 tagged (has unifi AP)
port 6 = VLAN10 untagged
port 7 = VLAN10 untagged
port 8 = VLAN10 untagged

Unifi AP has 4 wireless networks:
dept a staff no VLAN
dept b staff VLAN10
dept a guest VLAN20
dept b guest VLAN30

The AP works fine for dept a staff (no vlan)
dept b staff (vlan10)

But, I cannot get connection for the two guest VLANS

What am I missing?

Thanks for any hints

Derelict

You don't show that you are also tagging VLANs 20 and 30 on ports 1 and 5.

JKnott

@detox

If I'm reading your description right, you've got only VLAN 10 going to the AP. You need a trunk port that carries all VLANs. Also, I don't see how you could get staff to work on the AP, as you don't seem to have a connection for the native LAN to the AP.

BTW, some TP-Link switches have problems with VLANs and I believe the fault may allow the native LAN to get through where it's not supposed to. This may be how the staff LAN is getting through.