Installation/Setup Modem -> PfSense Router -> Wireless Access Point

  • Hey Guys,

    I am a little overwhelmed by the options pfsense offers. I would like to achieve the following:

    Telekom 50Mbit TAE -> ALLNET ALL-BM100VDSL2 Modem -> PfSense Router (2x RJ45 via Intel EXPI9402PTBLK, 1x RJ45 via Realtek onboard) -> Ubiquiti Wireless Access Point

    Where the modem acts solely as a bridge. Right now I got it to work more or less by trial and error rather than understandig what Im am actually doing. Currently only the 2 Intel RJ45 ports seem to work. I cant get a connection from the realtek port.

    Could someone explain, how you would set things up? Where static IPs and who/what handles DHCP? What is connected to which port? What settings need to be changed from default?

    I know these are a lot of rather broad questions, but with some high level answers I can probably figure out the rest by myself.

    Thank you very much.


  • Not sure why the Realtek NIC isn't working.

    You want to assign static IPs to the internal interfaces - ie LAN and OPT1 (when the Realtek NIC starts functioning) - and let pfSense act as the DHCP and DNS server for your network. The configuration of the WAN will most likely be DHCP or PPP depending on your ISP requirements.

    pfSense defaults setup upon installation is as per By default pfSense blocks any traffic on OPT1 so LAN will be able to communicate to devices on OPT1, but OPT1 won't be able to communicate with LAN or WAN. Firewall rules will need to be added to OPT1 to enable this.

    The Unifi AP doesn't need a static IP as it will work with DHCP, however for ease of use I would assign it a static IP through DHCP as a minimum. If you have a device running the Unifi Controller software then you will need to setup the DNS CNAME "unifi" for the device to assist the AP in finding the controller (see

    Option 1 - You have a switch between pfSense and your AP
    With the Unifi AP, if you are just going to have a single WLAN SSID then it can be plugged into your switch connected to the LAN interface. If you want to have multiple WLAN SSIDs that are on separate subnets (for example a private LAN and isolated from a GUEST network) then you will need to either use a managed switch or get the Realtek NIC functioning. You will need to setup VLANs on LAN NIC and managed switch (if using a managed switch) or plug the AP into the OPT1 NIC and setup VLANs on OPT1. The WLANs will also need to be assigned a corresponding VLAN. The management VLAN for the AP will need to be untagged in both cases.

    Option 2 - You have no switch and your AP connects directly to pfSense
    You will need to have a computer connected to the AP via a wired link first to configure the WLANs and settings with the controller software. Once it is setup connect the AP directly to the LAN interface. If you have a single WLAN SSID then it should all work. If you want to have multiple WLAN SSID subnets then you will need to setup VLANs on the LAN NIC and assign VLANs on the AP WLANs. The management VLAN for the AP will need to be untagged.