Cannot Get IP ON Guest Network If VLAN Enabled

Our network setup consists of a NetGate PFsense hardware firewall, UniFi Swith, and UniFi APs. We have a domain controller providing active directory, dns, dhcp on our main network. We have the Guest network enabled for wireless devices with the PFSense providing dhcp & dns on the guest network.

The IP scheme of the main network is The IP scheme of the guest network is

I created a VLAN for the guest network traffic however if its enabled and I add the VLAN ID to the guest wireless network in UniFi none of the devices on the guest network can get an IP.

I have other similar setups working just fine when the PFSense is doing everything even on the main network but haven’t done one like this with domain controller doing the main.

My switch ports are set to all. The DHCP server appears to be enabled for the VLAN network.

Any ideas what might be wrong with my setup or what to check to resolve this issue?

Thanks for your help in advance.

Do you have the UniFi port set to “ALL” where it connects to the pfsense?

My switch ports are set to all. Is that what you’re referring to or is this some other location I need to look?

If I understand it right… You have pfSense set up for the VLANs, and the AP set up for VLANs, and have the Switch set to ALL on All the Ports.

If that’s correct, your issue is in the switch. The only ports that should be set to ALL is the Trunk Port, and any port you want to have on the same trunk port network.

Maybe I am not explaining it correct. The AP has multiple networks: A main wireless network and a Guest network (VLAN tag). They are both running through the same AP.

You need to VLAN them both with different tag numbers, then run those tags on the switch, and manage with pfSense.

These are both running on same switch. I have a similar setup working just fine with pfsense and unifi switch + ap. For some reason though I can’t figure out what’s different since this one does have a windows domain controller involved.

I use this setup with pfSense and my domain controller is also the DHCP server. Have you enabled and configured the DHCP Relay in pfSense? If those Guests are going to use DNS on your domain controller, then you have to create a pfSense rule between the VLANs to allow DNS traffic. If you don’t want them using your domain controller at all, then make sure your DHCP server supplys DNS servers such as or

I had it configured to not use the domain controller dns for the vlan using instead and with the pfsense dns server.