I can't access AP with VLANs

  • Hi,

    I have this setup:

    Pfsense port 3 ( -> AP ( -> VLAN 10 (Wifi -, VLAN 20 (Wifi Guests -

    Everything is working well, but I can't access to the AP portal (setup wireless, accounts, etc) when I'm connected to vlan10 or vlan20. What I have to do?


  • so pfsense is not involved with the vlans ? your AP is managing the vlans ?

    ==> check your AP manual on how to allow administrative access on the vlans

  • I did this:
    1. Static ip:
    2. Gateway:
    3. DHCP disabled
    4. VLAN 10 assign to SSID "Wifi". VLAN 20 assign to SSID "Wifi Guests".

    1. Interface AP (port in pfsense): DHCP disabled
    2. Interfaces > Vlans: Add vlans 10 and 20 linked with Interface AP
    3. Assign interfaces "vlan10 to Wifi" and "vlan20 to Wifi guest". Dhcp enabled ( - wifi, wifi guest).
    4. Firewall: The same rule for 3 interfaces AP, Wifi and Wifi guest -> proto: ipv4; source: interface (ap, wifi, wifi guest) net; destination, port, gateway: *

    I connect to "Wifi" network, and I get the IP and I have internet. But I want to access to the AP portal (


  • LAYER 8 Netgate

    Can pfSense ping

    From what I can tell, either the AP only allows access to the config page from or the switchport isn't properly dealing with tagged and untagged traffic mixed.

  • This is my setup:

    Modem is in bridge mode.
    PfSense has 4 interfaces: igb0 to 3.

    • WAN: PPPOE0(igb0)

    • LAN: igb1. Address: DHCP Enabled.

    • AP: igb2. Address: DHCP Disabled. Acces Point:

    • AP_WiFi: VLAN 10 on igb2 (Wifi). Address: DHCP Enabled.

    • AP_Guests: VLAN 20 on igb2 (Wifi_Guests). Address: DHCP Enabled.

    • DMZ: igb3. Address:  DHCP Enabled.

    Problem: If I'm not in subnet I can't accest to the AP portal ( What can I do?.

    I can't ping from (my laptop) to (ap portal) and I don't know why… I'm checking firewall rules.

    What do you think about the design? Is it correct?.

  • do the wireless SSID's work ? Can the wireless clients connect to lan devices ? are your firewall rules correct ?

    if all above = YES

    ==> did you fill in the gateway ip ( into the AP webgui/configuration ?

  • @heper:

    so pfsense is not involved with the vlans ? your AP is managing the vlans ?

    ==> check your AP manual on how to allow administrative access on the vlans

    Does the AP support vlans?

  • LAYER 8 Netgate

    I do not like mixing tagged and untagged traffic on a port.

    However I know Ubiquiti's can be easier to manage if you just leave the management interface untagged.  You have not mentioned what AP you are using, I don't think.

    It all looks right.  You should probably post up your firewall rules for AP and Wifi.

    If those are correct, I would look at the AP administration config to see if the AP itself is limiting access to the admin pages from other networks.

  • OK, I'm sorry guys…

    I did everything again and I found this option: "Allow remote access - Remote access allows you to manage the AP from the Internet or from a different LAN. To enable remote access, the gateway device needs to be properly configured, such as opening a port for the corresponding IP address of the AP."

    I didn't check that option the first time. Now It's running well ;)

    Thanks! At least, I checked my design with you. I hope this will be useful for other users. Now I have to focus on rules ;)

Log in to reply